Re: [Samba] OpenSSH auth in SAMBA4 LDAP
Al 27/08/13 01:52, En/na Marc Muehlfeld ha escrit: Am 27.08.2013 01:19, schrieb Luca Olivetti: https://wiki.samba.org/index.php/Local_user_management_and_authentication/nslcd Yep, I only had to comment the map group uniqueMember member line, though (migrated) groups show the members fine. What didn't work when you have this line in? nslcd: /etc/nslcd.con:18: unknown attribute to map: 'uniqueMember' I have this in production (migrated) and in my test environment (new provisioned). Here without this line, id username won't show the groups the user is member: Works here: $ id aimaretti uid=1234(aimaretti) gid=513(Domain Users) grups=513(Domain Users),675(intranet),676(portal),507(devel) $ rpm -qf /usr/sbin/nslcd nss-pam-ldapd-0.8.12-3.mga3 Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] nslcd / pam_ldap HowTo (was: OpenSSH auth in SAMBA4 LDAP)
On Tue, 2013-08-27 at 01:39 +0200, Marc Muehlfeld wrote: Hello Steve, thanks for your suggestions. Am 27.08.2013 00:40, schrieb steve: 1. Nested groups work fine with nslcd. Please use the latest version: man nslcd.conf(5) I use the version Redhat ships. I haven't used that latest version and I think most will use the one shipped with their distribution, too. But of course I've changed the information in the HowTo. 2. We really should encourage users away from plain text passwords stored in files. nslcd works fine with sasl binds. The devs have worked hard to give us Kerberos out of the box. I think we should use it: http://linuxcostablanca.blogspot.com.es/p/s4bind.html I wanted to first create a very simple and basic HowTo, because during the last time we often had questions about nslcd, etc. on the list. But you are right. Kerberos should be the preferred way. I'll have a look on that the next days and switch the HowTo to Kerberos or add this as an additional way. But give me some time, because I validate everything I publish. 3. nslcd is already AD aware and this is not winbind so let's keep it simple. The following lines are not required/produce errors/ slow down lookups. filter passwd ((objectClass=user)(!(objectClass=computer))(uidNumber=*)) map passwd gecos displayName map passwd gidNumber primaryGroupID filter group ((objectClass=group)(gidNumber=*)) map group uniqueMember member Can you please give me more details here? I don't get any errors on RHEL6 here. Because the removal of this line, I'm not sure, why. I have added them deliberately out of the following reasons: If I remove the filter passwd line, then getent passwd returns nothing no domain accounts any more. If I remove the map passwd gidNumber primaryGroupID, then id username doesn't return the in AD configured primary group in the unix tab. If I remove the filter group line, then getent group doesn't return domain groups any more. If I remove the map group uniqueMember member line, then id username won't tell me, in which groups the user is. Do you have different results on your system? Hi Yes. All this changes as from version 0.8.10 Or why would you remove this lines? Current versions of nslcd do not require them. With red hat throwing some of their best coders at sssd through Fedora, it is understandable that nss-pam-ldapd maintenance will not be high priority;) Again, it is important to use the latest version. I think most users first try the version shipped with their distribution, like me. Because every self compiled program is something you have to update manually (and on every server), while everything else can be done at once via yum/apt/whatever. I think it's not important to use the latest version, except it contains something I can't live without it. But everybody has different opinions on that, I guess. ;-) It seems that the majority of users build samba4 from source. In this case it is a simple step to also build nss-pam-ldapd. As you quite rightly say, you want to keep it simple. This is all that is needed as from 0.8.10 (which most distros now have): uid nslcd gid nslcd uri ldap://your.f.q.d.n base dc=foo,dc=bar map passwd uid samAccountName map passwd homeDirectory unixHomeDirectory sasl_mech GSSAPI sasl_realm YOUR_REALM krb5_ccname /your/cache Your distro must be still using the 0.7 series. One valid point that users make is that the Samba documentation is out of date/irrelevant/written for devs by devs. With nslcd and sssd howtos you have a golden opportunity to produce something both current and which is relevant and doable by anyone If you decide to stay with the old version please make it clear by putting something like, 'This howto has been tested with x.y.z'. If you like, I'll put a 0.8.10 and newer configuration version to link to. As we recommend the latest stable version for Samba so should we recommend the latest version of all accociated kit. HTH Thanks for your patience. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] OpenSSH auth in SAMBA4 LDAP
Al 27/08/13 01:46, En/na Marc Muehlfeld ha escrit: Am 27.08.2013 01:13, schrieb Luca Olivetti: In ADUC on Win7 the tab should be there (on XP you need to install something additionally if I remember right). Ah, OK, I'm on XP and I installed the tools here: https://wiki.samba.org/index.php/Samba_AD_management_from_windows#Windows_XP_Pro No unix tab http://support.microsoft.com/kb/921913/en Thank you, I was missing idmu.exe Now I can see the unix tab, but, whenever I click accept, it tells me Unable to modify the object property values. Check your credentials. There could be a network problem. Active Directory could be down. Contact your system administrator. However, when I open the user again I can see the modified unix attributes *but* the added user still doesn't show, unsurprisingly since it's missing the posixAccount class: # prueba unix, Users, wetron.es dn: CN=prueba unix,CN=Users,DC=wetron,DC=es objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: prueba unix sn: unix givenName: prueba instanceType: 4 whenCreated: 20130827101804.0Z uSNCreated: 7219 name: prueba unix objectGUID:: Fwa13qYImEyNgXPAE0UU7g== badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 primaryGroupID: 513 objectSid:: AQUAAAUVHRf8UdaAOYEc27Xqqw8AAA== accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: pruebaunix sAMAccountType: 805306368 userPrincipalName: pruebau...@wetron.es objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=wetron,DC=es pwdLastSet: 13022072284000 userAccountControl: 512 msSFU30Name: pruebaunix uid: pruebaunix msSFU30NisDomain: wetron loginShell: /bin/sh unixHomeDirectory: /home/pruebaunix gidNumber: 492 uidNumber: 10069 displayName: pruebaunix whenChanged: 20130827103118.0Z uSNChanged: 7234 distinguishedName: CN=prueba unix,CN=Users,DC=wetron,DC=es Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] OpenSSH auth in SAMBA4 LDAP
Am 27.08.2013 10:38, schrieb Luca Olivetti: http://support.microsoft.com/kb/921913/en Thank you, I was missing idmu.exe Now I can see the unix tab, but, whenever I click accept, it tells me Unable to modify the object property values. Check your credentials. There could be a network problem. Active Directory could be down. Contact your system administrator. However, when I open the user again I can see the modified unix attributes *but* the added user still doesn't show, unsurprisingly since it's missing the posixAccount class: I only used a very short time XP together with Samba AD. But I remember, that I got a message about something there too. Do you have a chance to try it on W7? Regards Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] nslcd / pam_ldap HowTo
Am 27.08.2013 10:11, schrieb steve: Your distro must be still using the 0.7 series. Yes. RHEL ships 0.7.5. I had a short search for 0.8 and it seems that since that, some comfortable changes where done for AD. If I have time tonight, I'll compile the latest version and try to find out the differences and comment my examples accordingly. Then the users can decite to stay on their old version (if the use an enterprise distribution) of to use the new one. Thanks for that information. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] OpenSSH auth in SAMBA4 LDAP
Al 27/08/13 10:45, En/na Marc Muehlfeld ha escrit: Am 27.08.2013 10:38, schrieb Luca Olivetti: http://support.microsoft.com/kb/921913/en Thank you, I was missing idmu.exe Now I can see the unix tab, but, whenever I click accept, it tells me Unable to modify the object property values. Check your credentials. There could be a network problem. Active Directory could be down. Contact your system administrator. However, when I open the user again I can see the modified unix attributes *but* the added user still doesn't show, unsurprisingly since it's missing the posixAccount class: I only used a very short time XP together with Samba AD. But I remember, that I got a message about something there too. Do you have a chance to try it on W7? Not right now, but I'll try when I manage to setup a W7 VM. Does windows 7 ADUC add the posixAccount class? Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 - Wrong ipv6 DNS entry
Hello, i am using samba 4.0.8 with integrated DNS. Now i notice a wrong DNS entry of the PDC. ip addr (GGG for security ;-): br0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 inet6 2GGG:::G::/64 scope global inet6 fe80::225:90ff:fe77:18e4/64 scope link # ./samba-tool dns query PDC GG.GG.local PDC Password for []: Name=, Records=1, Children=0 : 2GGG:::G:0225:90ff:fe77:18e4 (flags=f0, serial=1, ttl=900) It is a combination of the link and the global address. The global address ends with 0 which is intended. May this is responsible for slow OSX-clients? Hope so. Is it a bug or just an config error? Thanks Andreas -- Andreas Grabner +43 676 840 775 101 andr...@vianova.cc Via Nova Mediendesign GMBH Augasse 24 A- 7400 oberwart +4333 52 / 32 860 www.vianova.cc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Replication issue
Any ideas on how to get replication working correctly? I'd demote/delete ncssamba2 but samba-tool fails and ADUC won't let me either. Is there some way to get a more informative message than WERR_INVALID_PARAM? Sincerely, Dave Hopkins - Original Message - I checked and the ping didn't work, but after adding and entry in /etc/hosts for all servers and verifying the ping and host are correct, I still get the same behavior. ncssamba2 reports success for replication with ncssamba1, but ncssamba1 reports failures with ncssamba2. - Original Message - On 26/08/2013 9:37 PM, dahopk...@comcast.net wrote: I have a server that is not replicating correctly, but passes all the tests listed here: https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC In particular running # host -t CNAME 976c9c86-288d-483e-baec-7043a9c4a6cd._msdcs.ncs.k12.de.us 976c9c86-288d-483e-baec-7043a9c4a6cd._msdcs.ncs.k12.de.us is an alias for ncssamba2.ncs.k12.de.us. returns correct information on all DCs. Take a look at this bug: https://bugzilla.novell.com/show_bug.cgi?id=822414 Try pinging the host entry rather than just resolving it, you may need to add an entry to the hosts file to get around this issue. Dave Hawkes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Excel cannot save modifications. No errors for user
Text: The problem occurs on any excel file that this especific user try to change. Environment: - XLS file saved on the samba server and then opened from the same server. - User Machine has windows XP and Office 2007. It happens on office 2010 too. -When the user goes clicking SAVE few times on the excel, no error mesages are shown. But when he close the file and open again, some informations are there and others no. -When we copy the file to the user machine, edits and then send back to the server it works. Carlos Valente -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] OpenSSH auth in SAMBA4 LDAP
Hi Luca, If you provisioned your domain with --use-rfc2307, then in Win7 ADUC you can see the posixAccount (UNIX Attributes) of the users. 2013/8/27 Luca Olivetti l...@wetron.es Al 27/08/13 10:45, En/na Marc Muehlfeld ha escrit: Am 27.08.2013 10:38, schrieb Luca Olivetti: http://support.microsoft.com/kb/921913/en Thank you, I was missing idmu.exe Now I can see the unix tab, but, whenever I click accept, it tells me Unable to modify the object property values. Check your credentials. There could be a network problem. Active Directory could be down. Contact your system administrator. However, when I open the user again I can see the modified unix attributes *but* the added user still doesn't show, unsurprisingly since it's missing the posixAccount class: I only used a very short time XP together with Samba AD. But I remember, that I got a message about something there too. Do you have a chance to try it on W7? Not right now, but I'll try when I manage to setup a W7 VM. Does windows 7 ADUC add the posixAccount class? Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Bruno Vane HPM Tecnologia (24) 9278-7195 / (24) 3345-0002 skype: broonu www.zamix.com.br | www.superonda.com.br -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] DNS managment error
Hello, i have an issue with existing installation of samba4 domain controller that is specific to dns managment. In the domain I have two samba4 4.0.7 and one windows 2003 server that I plug periodically to manage the dns. All fsmo roles are transfered to samba. All aspects of the domain work perfectly, except one, the samba-tool dns commands do not work. All commands when executed on samba server return ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') error. The same command pointed to windows server works fine. All commands that add hosts to window are replicated to samba instances. The domain is functioning at 2003 native level (reported by windows tool), but samba can't figure out the level. Also when i try to demote the w2k3 server i get the error that Active Directory could not find another domain controller to transfer the remaining data in the directory partition DC=DomainDnsZones,Dc=example,dc=com Could you please point me to the right resources so that i can resolve my current issues. Thanks in advance, and I wish best to all Samba community. ps If you need some kind of help, such as testing rc's in certain configuration, please contact me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] DNS managment error
Hello, i have an issue with existing installation of samba4 domain controller that is specific to dns managment. In the domain I have two samba4 4.0.7 and one windows 2003 server that I plug periodically to manage the dns. All fsmo roles are transfered to samba. All aspects of the domain work perfectly, except one, the samba-tool dns commands do not work. All commands when executed on samba server return ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') error. The same command pointed to windows server works fine. All commands that add hosts to window are replicated to samba instances. The domain is functioning at 2003 native level (reported by windows tool), but samba can't figure out the level. Also when i try to demote the w2k3 server i get the error that Active Directory could not find another domain controller to transfer the remaining data in the directory partition DC=DomainDnsZones,Dc=example,dc=com Could you please point me to the right resources so that i can resolve my current issues. Thanks in advance, and I wish best to all Samba community. ps If you need some kind of help, such as testing rc's in certain configuration, please contact me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] OpenSSH auth in SAMBA4 LDAP
Al 27/08/13 16:56, En/na Bruno Vane ha escrit: Hi Luca, If you provisioned your domain with --use-rfc2307, then in Win7 ADUC you can see the posixAccount (UNIX Attributes) of the users. I did a classicupgrade, not a provisioning, and I can see the unix attributes of the migrated users, the problem is the error message when modifying them and the fact that _new_ users don't have a class: posixAccount in the directory. Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Change default GID of users
Hi all, I'm using samba4 as DC and using ssh/nslcd/pam in some machines to lookup ldap base in samba4 to allow access for users. My question is, how can I set the default GID os users to 100, to match the GID of groupusers in my linux machines? All users I create with ADUC is getting UID 513. This machines are joined in the domain. This is my groups: root@samba:~# wbinfo -g Enterprise Read-Only Domain Controllers Domain Admins Domain Users Domain Guests Domain Computers Domain Controllers Schema Admins Enterprise Admins Group Policy Creator Owners Read-Only Domain Controllers DnsUpdateProxy This is GID's: CORPORATIVO\Domain Admins:*:308: CORPORATIVO\Domain Users:*:100: CORPORATIVO\Domain Guests:*:312: CORPORATIVO\Domain Computers:*:318: CORPORATIVO\Domain Controllers:*:319: CORPORATIVO\Schema Admins:*:307: CORPORATIVO\Enterprise Admins:*:306: CORPORATIVO\Group Policy Creator Owners:*:304: CORPORATIVO\Read-Only Domain Controllers:*:320: CORPORATIVO\DnsUpdateProxy:*:321: CORPORATIVO\InternetLiberada:*:322: -- Bruno Vane HPM Tecnologia (24) 9278-7195 / (24) 3345-0002 skype: broonu www.zamix.com.br | www.superonda.com.br -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change default GID of users
On Tue, 2013-08-27 at 12:14 -0300, Bruno Vane wrote: Hi all, I'm using samba4 as DC and using ssh/nslcd/pam in some machines to lookup ldap base in samba4 to allow access for users. My question is, how can I set the default GID os users to 100, to match the GID of groupusers in my linux machines? All users I create with ADUC is getting UID 513. This machines are joined in the domain. Hi Add the attribute: gidNumber: 100 to the DN of Domain Users. The easiest way to do that is to: ldbedit --url=/user/local/samba/private/sam.ldb cn=Domain\ Users HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS managment error
This issue has been discussed at length before with no resolution to my knowledge. If you use samba-tool drs showrepl, you will probably notice that Forest and Domain DNS is not being replicated to/from all DCs. Additionally, if you use Win2003 DNS MMC, you will not be able to detect that DNS is running on the Samba DCs nor that they are DCs at all. I have only tested this using internal Samba DNS but have found no workaround and have dropped trying to use Samba to demote/replace a Win2003 DC for now. Good luck, Garth On 08/27/2013 09:58 AM, Antun Horvat wrote: Hello, i have an issue with existing installation of samba4 domain controller that is specific to dns managment. In the domain I have two samba4 4.0.7 and one windows 2003 server that I plug periodically to manage the dns. All fsmo roles are transfered to samba. All aspects of the domain work perfectly, except one, the samba-tool dns commands do not work. All commands when executed on samba server return ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') error. The same command pointed to windows server works fine. All commands that add hosts to window are replicated to samba instances. The domain is functioning at 2003 native level (reported by windows tool), but samba can't figure out the level. Also when i try to demote the w2k3 server i get the error that Active Directory could not find another domain controller to transfer the remaining data in the directory partition DC=DomainDnsZones,Dc=example,dc=com Could you please point me to the right resources so that i can resolve my current issues. Thanks in advance, and I wish best to all Samba community. ps If you need some kind of help, such as testing rc's in certain configuration, please contact me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS managment error
Thanks for such quick reply, I have just executed samba-tool drs showrepl command and it seems that Forest and Domain LDAP DIT are being replicated successfully. But I still doubt that it can not be fixed since all RR records that are added to w2k3 server are successfully propagated and present. All name resolution queries on samba reflect the state of w2k3 DNS. Is there some way to debug RPC calls so that we can more precisely locate the error? All best, Antun On 08/27/2013 06:40 PM, Garth Keesler wrote: This issue has been discussed at length before with no resolution to my knowledge. If you use samba-tool drs showrepl, you will probably notice that Forest and Domain DNS is not being replicated to/from all DCs. Additionally, if you use Win2003 DNS MMC, you will not be able to detect that DNS is running on the Samba DCs nor that they are DCs at all. I have only tested this using internal Samba DNS but have found no workaround and have dropped trying to use Samba to demote/replace a Win2003 DC for now. Good luck, Garth On 08/27/2013 09:58 AM, Antun Horvat wrote: Hello, i have an issue with existing installation of samba4 domain controller that is specific to dns managment. In the domain I have two samba4 4.0.7 and one windows 2003 server that I plug periodically to manage the dns. All fsmo roles are transfered to samba. All aspects of the domain work perfectly, except one, the samba-tool dns commands do not work. All commands when executed on samba server return ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') error. The same command pointed to windows server works fine. All commands that add hosts to window are replicated to samba instances. The domain is functioning at 2003 native level (reported by windows tool), but samba can't figure out the level. Also when i try to demote the w2k3 server i get the error that Active Directory could not find another domain controller to transfer the remaining data in the directory partition DC=DomainDnsZones,Dc=example,dc=com Could you please point me to the right resources so that i can resolve my current issues. Thanks in advance, and I wish best to all Samba community. ps If you need some kind of help, such as testing rc's in certain configuration, please contact me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] objectClass:posixAccount missing
Hello, I start a new thread, because the other one meanwhile drifted far away from what the OP asked. :-) Am 27.08.2013 17:02, schrieb Luca Olivetti: If you provisioned your domain with --use-rfc2307, then in Win7 ADUC you can see the posixAccount (UNIX Attributes) of the users. I did a classicupgrade, not a provisioning, and I can see the unix attributes of the migrated users, the problem is the error message when modifying them and the fact that _new_ users don't have a class: posixAccount in the directory. I rechecked this. My test environment was provisioned on 4.0.5 with --use-rfc2307 (I'm sure I did, because without that option, you also doesn't have the cn=ypServ30,cn=RpcServices,cn=System,... subtree). And I can confirm that new users doesn't get the objectclass:posixAccount entry. Also new added groups doesn't have objectclass:posixGroup. The unix attributes tab in ADUC (W7) is there and works fine on users. On groups I can set values. But if I re-open this tab again, I get Unwilling to perform. Does anybody have an idea on that? Do posixAccount/posixGroup objectClasses have to be there normally? Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change default GID of users
On Tue, 2013-08-27 at 14:33 -0300, Bruno Vane wrote: Hi Steve, I did what you said, and when create the user, nothing changes: Hi Sorry, you have to add: gidNumber: 100 to the DN of each user too. Make sure that you clear the nscd cache after making any change to AD. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] objectClass:posixAccount missing
On Tue, 2013-08-27 at 20:11 +0200, Marc Muehlfeld wrote: Do posixAccount/posixGroup objectClasses have to be there normally? No. With the AD schema, you can use all of rfc2307 without the need for the objectclassed which define them. Just add the attributes. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS managment error
Interesting. Are Forest and Domain records being replicated in both directions from all DCs? It always worked from the WinDC to the S4DC but not in the other direction. Also, were you able to use the WIN DNS MMC to examine the DNS records on any of the Samba DCs? If so, you are probably close to having it working; something I never managed to do. See ya... Garth On 08/27/2013 12:07 PM, Antun Horvat wrote: Thanks for such quick reply, I have just executed samba-tool drs showrepl command and it seems that Forest and Domain LDAP DIT are being replicated successfully. But I still doubt that it can not be fixed since all RR records that are added to w2k3 server are successfully propagated and present. All name resolution queries on samba reflect the state of w2k3 DNS. Is there some way to debug RPC calls so that we can more precisely locate the error? All best, Antun On 08/27/2013 06:40 PM, Garth Keesler wrote: This issue has been discussed at length before with no resolution to my knowledge. If you use samba-tool drs showrepl, you will probably notice that Forest and Domain DNS is not being replicated to/from all DCs. Additionally, if you use Win2003 DNS MMC, you will not be able to detect that DNS is running on the Samba DCs nor that they are DCs at all. I have only tested this using internal Samba DNS but have found no workaround and have dropped trying to use Samba to demote/replace a Win2003 DC for now. Good luck, Garth On 08/27/2013 09:58 AM, Antun Horvat wrote: Hello, i have an issue with existing installation of samba4 domain controller that is specific to dns managment. In the domain I have two samba4 4.0.7 and one windows 2003 server that I plug periodically to manage the dns. All fsmo roles are transfered to samba. All aspects of the domain work perfectly, except one, the samba-tool dns commands do not work. All commands when executed on samba server return ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') error. The same command pointed to windows server works fine. All commands that add hosts to window are replicated to samba instances. The domain is functioning at 2003 native level (reported by windows tool), but samba can't figure out the level. Also when i try to demote the w2k3 server i get the error that Active Directory could not find another domain controller to transfer the remaining data in the directory partition DC=DomainDnsZones,Dc=example,dc=com Could you please point me to the right resources so that i can resolve my current issues. Thanks in advance, and I wish best to all Samba community. ps If you need some kind of help, such as testing rc's in certain configuration, please contact me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] objectClass:posixAccount missing
Al 27/08/13 20:46, En/na steve ha escrit: On Tue, 2013-08-27 at 20:11 +0200, Marc Muehlfeld wrote: Do posixAccount/posixGroup objectClasses have to be there normally? No. With the AD schema, you can use all of rfc2307 without the need for the objectclassed which define them. Just add the attributes. But then nslcd doesn't see them (and, yes, I removed the filters you talked about in your previous message, I will worry later about sasl): pagesize 1000 referrals off map passwd homeDirectory UnixHomeDirectory map passwd uid samAccountName uid nslcd gid ldap uri ldap://127.0.0.1:389 base cn=Users,dc=wetron,dc=es #also tried dc=wetron,dc=es binddn cn=nslcd-connect,cn=Users,dc=wetron,dc=es bindpw --- Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS managment error
Well that's the thing, I can only replicate DNS changes from WinDC to Samba, but not in other way. I can't even update DNS records on Samba side, only on Windows side. I managed to figure out an error on Samba caused by RPC call: dnsserver: Found DNS zone . Failed to find DNS Zones in CN=MicrosoftDNS,DC=ForestDnsZones,DC=Radio101,DC=local Now I am surfing on the web trying to find some kind of solution. All best, Antun On 08/27/2013 08:46 PM, Garth Keesler wrote: Interesting. Are Forest and Domain records being replicated in both directions from all DCs? It always worked from the WinDC to the S4DC but not in the other direction. Also, were you able to use the WIN DNS MMC to examine the DNS records on any of the Samba DCs? If so, you are probably close to having it working; something I never managed to do. See ya... Garth On 08/27/2013 12:07 PM, Antun Horvat wrote: Thanks for such quick reply, I have just executed samba-tool drs showrepl command and it seems that Forest and Domain LDAP DIT are being replicated successfully. But I still doubt that it can not be fixed since all RR records that are added to w2k3 server are successfully propagated and present. All name resolution queries on samba reflect the state of w2k3 DNS. Is there some way to debug RPC calls so that we can more precisely locate the error? All best, Antun On 08/27/2013 06:40 PM, Garth Keesler wrote: This issue has been discussed at length before with no resolution to my knowledge. If you use samba-tool drs showrepl, you will probably notice that Forest and Domain DNS is not being replicated to/from all DCs. Additionally, if you use Win2003 DNS MMC, you will not be able to detect that DNS is running on the Samba DCs nor that they are DCs at all. I have only tested this using internal Samba DNS but have found no workaround and have dropped trying to use Samba to demote/replace a Win2003 DC for now. Good luck, Garth On 08/27/2013 09:58 AM, Antun Horvat wrote: Hello, i have an issue with existing installation of samba4 domain controller that is specific to dns managment. In the domain I have two samba4 4.0.7 and one windows 2003 server that I plug periodically to manage the dns. All fsmo roles are transfered to samba. All aspects of the domain work perfectly, except one, the samba-tool dns commands do not work. All commands when executed on samba server return ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') error. The same command pointed to windows server works fine. All commands that add hosts to window are replicated to samba instances. The domain is functioning at 2003 native level (reported by windows tool), but samba can't figure out the level. Also when i try to demote the w2k3 server i get the error that Active Directory could not find another domain controller to transfer the remaining data in the directory partition DC=DomainDnsZones,Dc=example,dc=com Could you please point me to the right resources so that i can resolve my current issues. Thanks in advance, and I wish best to all Samba community. ps If you need some kind of help, such as testing rc's in certain configuration, please contact me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change default GID of users
Hi Steve, Seems that this attribute does not matter, see my user bruno.vane: primaryGroupID: 513 gidNumber: 100 If I try to change the value of primaryGroupID I get an error: Using: root@samba:~# ldbedit -e vim --url=/usr/local/samba/private/sam.ldb samaccountname=bruno.vane failed to modify CN=Bruno Vane,CN=Users,DC=corporativo,DC=mydomain,DC=net - error in module samldb: Unwilling to perform (53) root@samba:~# ldbedit -e vim --url=/usr/local/samba/private/sam.ldb samaccountname=bruno.vane # 0 adds 0 modifies 0 deletes 2013/8/27 steve st...@steve-ss.com On Tue, 2013-08-27 at 14:33 -0300, Bruno Vane wrote: Hi Steve, I did what you said, and when create the user, nothing changes: Hi Sorry, you have to add: gidNumber: 100 to the DN of each user too. Make sure that you clear the nscd cache after making any change to AD. Steve -- Bruno Vane HPM Tecnologia (24) 9278-7195 / (24) 3345-0002 skype: broonu www.zamix.com.br | www.superonda.com.br -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DNS managment error
Unfortunate since that's exactly what I saw. I've no answers but I will keep watch in hope that you have better luck solving it than I did. See ya... Garth On 08/27/2013 02:00 PM, Antun Horvat wrote: Well that's the thing, I can only replicate DNS changes from WinDC to Samba, but not in other way. I can't even update DNS records on Samba side, only on Windows side. I managed to figure out an error on Samba caused by RPC call: dnsserver: Found DNS zone . Failed to find DNS Zones in CN=MicrosoftDNS,DC=ForestDnsZones,DC=Radio101,DC=local Now I am surfing on the web trying to find some kind of solution. All best, Antun On 08/27/2013 08:46 PM, Garth Keesler wrote: Interesting. Are Forest and Domain records being replicated in both directions from all DCs? It always worked from the WinDC to the S4DC but not in the other direction. Also, were you able to use the WIN DNS MMC to examine the DNS records on any of the Samba DCs? If so, you are probably close to having it working; something I never managed to do. See ya... Garth On 08/27/2013 12:07 PM, Antun Horvat wrote: Thanks for such quick reply, I have just executed samba-tool drs showrepl command and it seems that Forest and Domain LDAP DIT are being replicated successfully. But I still doubt that it can not be fixed since all RR records that are added to w2k3 server are successfully propagated and present. All name resolution queries on samba reflect the state of w2k3 DNS. Is there some way to debug RPC calls so that we can more precisely locate the error? All best, Antun On 08/27/2013 06:40 PM, Garth Keesler wrote: This issue has been discussed at length before with no resolution to my knowledge. If you use samba-tool drs showrepl, you will probably notice that Forest and Domain DNS is not being replicated to/from all DCs. Additionally, if you use Win2003 DNS MMC, you will not be able to detect that DNS is running on the Samba DCs nor that they are DCs at all. I have only tested this using internal Samba DNS but have found no workaround and have dropped trying to use Samba to demote/replace a Win2003 DC for now. Good luck, Garth On 08/27/2013 09:58 AM, Antun Horvat wrote: Hello, i have an issue with existing installation of samba4 domain controller that is specific to dns managment. In the domain I have two samba4 4.0.7 and one windows 2003 server that I plug periodically to manage the dns. All fsmo roles are transfered to samba. All aspects of the domain work perfectly, except one, the samba-tool dns commands do not work. All commands when executed on samba server return ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') error. The same command pointed to windows server works fine. All commands that add hosts to window are replicated to samba instances. The domain is functioning at 2003 native level (reported by windows tool), but samba can't figure out the level. Also when i try to demote the w2k3 server i get the error that Active Directory could not find another domain controller to transfer the remaining data in the directory partition DC=DomainDnsZones,Dc=example,dc=com Could you please point me to the right resources so that i can resolve my current issues. Thanks in advance, and I wish best to all Samba community. ps If you need some kind of help, such as testing rc's in certain configuration, please contact me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] objectClass:posixAccount missing
On 27/08/13 19:56, Luca Olivetti wrote: Al 27/08/13 20:46, En/na steve ha escrit: On Tue, 2013-08-27 at 20:11 +0200, Marc Muehlfeld wrote: Do posixAccount/posixGroup objectClasses have to be there normally? No. With the AD schema, you can use all of rfc2307 without the need for the objectclassed which define them. Just add the attributes. But then nslcd doesn't see them (and, yes, I removed the filters you talked about in your previous message, I will worry later about sasl): If nslcd needs the posix objectclasses, then that is their bug, windows does not use them so Samba 4 doesn't either. pagesize 1000 referrals off map passwd homeDirectory UnixHomeDirectory map passwd uid samAccountName uid nslcd gid ldap uri ldap://127.0.0.1:389 base cn=Users,dc=wetron,dc=es #also tried dc=wetron,dc=es binddn cn=nslcd-connect,cn=Users,dc=wetron,dc=es bindpw --- Bye Have you tried 'uri ldap://servers FQDN:389 ? Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] objectClass:posixAccount missing
If you set it up with '--use-rfc2307', nslcd needs configured as though it is talking to an SFU 3.5 DC. The RFC 2307bis attributes never add additional classes to the AD member objects, even in an SFU environment. -- Gary L. Greene, Jr. Sr. Systems Administrator IT Operations Minerva Networks, Inc. Cell: (650) 704-6633 From: samba-boun...@lists.samba.org [samba-boun...@lists.samba.org] on behalf of Rowland Penny [rowlandpe...@googlemail.com] Sent: Tuesday, August 27, 2013 02:02 PM To: samba@lists.samba.org Subject: Re: [Samba] objectClass:posixAccount missing On 27/08/13 19:56, Luca Olivetti wrote: Al 27/08/13 20:46, En/na steve ha escrit: On Tue, 2013-08-27 at 20:11 +0200, Marc Muehlfeld wrote: Do posixAccount/posixGroup objectClasses have to be there normally? No. With the AD schema, you can use all of rfc2307 without the need for the objectclassed which define them. Just add the attributes. But then nslcd doesn't see them (and, yes, I removed the filters you talked about in your previous message, I will worry later about sasl): If nslcd needs the posix objectclasses, then that is their bug, windows does not use them so Samba 4 doesn't either. pagesize 1000 referrals off map passwd homeDirectory UnixHomeDirectory map passwd uid samAccountName uid nslcd gid ldap uri ldap://127.0.0.1:389 base cn=Users,dc=wetron,dc=es #also tried dc=wetron,dc=es binddn cn=nslcd-connect,cn=Users,dc=wetron,dc=es bindpw --- Bye Have you tried 'uri ldap://servers FQDN:389 ? Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] objectClass:posixAccount missing
Al 27/08/13 23:56, En/na Gary Greene ha escrit: If you set it up with '--use-rfc2307', nslcd needs configured as though it is talking to an SFU 3.5 DC. The RFC 2307bis attributes never add additional classes to the AD member objects, even in an SFU environment. Thank you, that gave me an hint: I added a filter passwd (objectclass=user) to /etc/nslcd.conf and that gave me the missing users. I suppose I should add also a filter group (objectclass=group) for groups. Note that those filters are also, e.g. here https://help.ubuntu.com/community/ADWin2k8KerberosLDAP but I overlooked them. Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v4-1-test updated
The branch, v4-1-test has been updated via 6b6cab7 Fix bug #10063 - source3/lib/util.c:1493 leaking memory w/ pam_winbind.so / winbind from c41ffd5 ntdbtool.8.xml: Bump version up to 4.1. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log - commit 6b6cab72c12ac1bb5fadb31d56ece0e0ef37613c Author: Jeremy Allison j...@samba.org Date: Fri Aug 2 15:03:39 2013 -0700 Fix bug #10063 - source3/lib/util.c:1493 leaking memory w/ pam_winbind.so / winbind Don't use talloc_tos() in something that can be linked to in pam_winbindd.so Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org Autobuild-User(master): Simo Sorce i...@samba.org Autobuild-Date(master): Sat Aug 24 02:28:28 CEST 2013 on sn-devel-104 (cherry picked from commit 9423d5afb71e272298f4858d82f436e19ee2b07f) Autobuild-User(v4-1-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-1-test): Tue Aug 27 11:36:39 CEST 2013 on sn-devel-104 --- Summary of changes: source3/lib/util.c |6 -- 1 files changed, 4 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/util.c b/source3/lib/util.c index 93aab3c..db46ad3 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -1487,10 +1487,12 @@ char *myhostname(void) char *myhostname_upper(void) { - char *name; static char *ret; if (ret == NULL) { - name = get_myname(talloc_tos()); + char *name = get_myname(NULL); + if (name == NULL) { + return NULL; + } ret = strupper_talloc(NULL, name); talloc_free(name); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 1787174 Fix bug #10063 - source3/lib/util.c:1493 leaking memory w/ pam_winbind.so / winbind from 16e6631 s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 17871748fbf07c545099bdead294694c976d467a Author: Jeremy Allison j...@samba.org Date: Fri Aug 2 15:03:39 2013 -0700 Fix bug #10063 - source3/lib/util.c:1493 leaking memory w/ pam_winbind.so / winbind Don't use talloc_tos() in something that can be linked to in pam_winbindd.so Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org Autobuild-User(master): Simo Sorce i...@samba.org Autobuild-Date(master): Sat Aug 24 02:28:28 CEST 2013 on sn-devel-104 (cherry picked from commit 9423d5afb71e272298f4858d82f436e19ee2b07f) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Aug 27 11:39:07 CEST 2013 on sn-devel-104 --- Summary of changes: source3/lib/util.c |6 -- 1 files changed, 4 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/util.c b/source3/lib/util.c index 5ffce58..d543c7f 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -1487,10 +1487,12 @@ char *myhostname(void) char *myhostname_upper(void) { - char *name; static char *ret; if (ret == NULL) { - name = get_myname(talloc_tos()); + char *name = get_myname(NULL); + if (name == NULL) { + return NULL; + } ret = strupper_talloc(NULL, name); talloc_free(name); } -- Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-08-27-1351/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-08-27-1351/samba3.stderr http://git.samba.org/autobuild.flakey/2013-08-27-1351/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-08-27-1351/samba.stderr http://git.samba.org/autobuild.flakey/2013-08-27-1351/samba.stdout The top commit at the time of the failure was: commit d1593a20f3a5ebf287477dfa8f5ab31dca3dd0c3 Author: Jeremy Allison j...@samba.org Date: Wed Aug 21 12:20:48 2013 -0700 Fix the UNIX extensions CHOWN calls to use FCHOWN if available, else LCHOWN. UNIX extensions calls must never deref links. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Mon Aug 26 20:19:46 CEST 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 323cccd smbd: Use #defines in smb2_getinfo_send from d1593a2 Fix the UNIX extensions CHOWN calls to use FCHOWN if available, else LCHOWN. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 323cccd35d06c7327c19dc5cb891043507624d7d Author: Volker Lendecke v...@samba.org Date: Mon Aug 26 08:36:14 2013 + smbd: Use #defines in smb2_getinfo_send Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: David Disseldorp dd...@samba.org Autobuild-User(master): David Disseldorp dd...@samba.org Autobuild-Date(master): Tue Aug 27 15:08:08 CEST 2013 on sn-devel-104 --- Summary of changes: source3/smbd/smb2_getinfo.c |8 1 files changed, 4 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb2_getinfo.c b/source3/smbd/smb2_getinfo.c index 7a41b19..4420f94 100644 --- a/source3/smbd/smb2_getinfo.c +++ b/source3/smbd/smb2_getinfo.c @@ -282,7 +282,7 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, } switch (in_info_type) { - case 0x01:/* SMB2_GETINFO_FILE */ + case SMB2_GETINFO_FILE: { uint16_t file_info_level; char *data = NULL; @@ -403,7 +403,7 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, break; } - case 0x02:/* SMB2_GETINFO_FS */ + case SMB2_GETINFO_FS: { uint16_t file_info_level; char *data = NULL; @@ -443,7 +443,7 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, break; } - case 0x03:/* SMB2_GETINFO_SEC */ + case SMB2_GETINFO_SECURITY: { uint8_t *p_marshalled_sd = NULL; size_t sd_size = 0; @@ -489,7 +489,7 @@ static struct tevent_req *smbd_smb2_getinfo_send(TALLOC_CTX *mem_ctx, break; } - case 0x04: /* SMB2_0_INFO_QUOTA */ + case SMB2_GETINFO_QUOTA: tevent_req_nterror(req, NT_STATUS_NOT_SUPPORTED); return tevent_req_post(req, ev); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 617c647 Fix valgrind errors with memmove and talloc pools. via cbfc3ef Add simple limited pool tests to test_memlimit(). via 3d0f717 Remove talloc_memlimit_update(). No longer used. via 8e2a543 Inside _talloc_realloc(), keep track of size changes over malloc/realloc/free. via 314508d Don't call talloc_memlimit_update() inside _talloc_realloc() when we're just manipulating pool members. via 0fbcfcc Fix a conditional check. (size - tc-size 0) is always true if size and tc-size are unsigned. via 4386029 In _talloc_steal_internal(), correctly decrement the memory limit in the source, and increment in the destination. via 6bc190d Inside _talloc_free_internal(), always call talloc_memlimit_update_on_free() before we free the real memory. via 4dfde7d Update memory limits when we call free() on a pool. via a4ebbe7 Change __talloc() to only call talloc_memlimit_check()/talloc_memlimit_grow() on actual malloc allocation. via 4159a78 Change _talloc_total_mem_internal() to ignore memory allocated from a pool when calculating limit size. via 7a6beae Remove magic TC_HDR_SIZE handling inside talloc_memlimit_check(). via fe790f6 Start to fix talloc memlimits with talloc pools. from 323cccd smbd: Use #defines in smb2_getinfo_send http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 617c647b8ef562ace589a11a15eb460e6db71f2a Author: Jeremy Allison j...@samba.org Date: Tue Aug 27 13:20:43 2013 -0700 Fix valgrind errors with memmove and talloc pools. bin/smbtorture //127.0.0.1 local.talloc now runs with no valgrind errors. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan (metze) Metzmacher me...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Wed Aug 28 02:44:17 CEST 2013 on sn-devel-104 commit cbfc3efbfd4a3a6f3b031ce8ef375d37f2c545f3 Author: Jeremy Allison j...@samba.org Date: Tue Aug 27 13:09:03 2013 -0700 Add simple limited pool tests to test_memlimit(). Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org commit 3d0f717d437bb24f430fad788b9eb35e8fe8e0e8 Author: Jeremy Allison j...@samba.org Date: Tue Aug 27 13:08:33 2013 -0700 Remove talloc_memlimit_update(). No longer used. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org commit 8e2a543e088cac36a5b6bbab1a6be961fa00cc4d Author: Jeremy Allison j...@samba.org Date: Tue Aug 27 13:07:04 2013 -0700 Inside _talloc_realloc(), keep track of size changes over malloc/realloc/free. Replace the last use of talloc_memlimit_update() with talloc_memlimit_grow()/ talloc_memlimit_shrink(). Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org commit 314508dd73105138d756f4ca3dfb65f1d368a9f7 Author: Jeremy Allison j...@samba.org Date: Tue Aug 27 13:03:27 2013 -0700 Don't call talloc_memlimit_update() inside _talloc_realloc() when we're just manipulating pool members. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org commit 0fbcfcc824e474874c15d7c0b2ea0df408448906 Author: Jeremy Allison j...@samba.org Date: Tue Aug 27 12:59:04 2013 -0700 Fix a conditional check. (size - tc-size 0) is always true if size and tc-size are unsigned. Replace with (size tc-size). Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org commit 43860293225d14ca2c339277b42f8705322463ab Author: Jeremy Allison j...@samba.org Date: Tue Aug 27 12:57:43 2013 -0700 In _talloc_steal_internal(), correctly decrement the memory limit in the source, and increment in the destination. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org commit 6bc190d6dd7fd0ab028c39c1463477a863f6943a Author: Jeremy Allison j...@samba.org Date: Tue Aug 27 12:54:38 2013 -0700 Inside _talloc_free_internal(), always call talloc_memlimit_update_on_free() before we free the real memory. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org commit 4dfde7d33e7ac6c94833ecc758baff487ab67e4e Author: Jeremy Allison j...@samba.org Date: Tue Aug 27 12:51:20 2013 -0700 Update memory limits when we call free() on a pool. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org commit a4ebbe73b4b8dcab4d344e693ad9796ec8997f87 Author: Jeremy Allison j...@samba.org Date: Tue Aug 27 12:49:00 2013 -0700 Change __talloc() to only call talloc_memlimit_check()/talloc_memlimit_grow() on actual malloc allocation. Don't check the memlimit if the allocation was successful from a pool. We