Re: [Samba] Samba4 consumes more CPU

[Thiago Fernandes Crepaldi]

That is funny. Now that I replaced samba 4 and libc-2.13.so with debug
symbols, the perf profile seems to be have changed a bit after the same
tests !

Events: 54K cycles
-   3.06%  smbd  [kernel.kallsyms] [k] copy_user_generic_unrolled
   - copy_user_generic_unrolled
52.63% __read_nocancel
36.20% __write_nocancel
2.70% __getdents64
2.44% __libc_readv
  + 2.00% do_fcntl
0.87% __GI___libc_read
  + 0.77% __fxstat64
-   2.02%  smbd  libc-2.13.so  [.] _int_malloc
   + _int_malloc
-   1.62%  smbd  [kernel.kallsyms] [k] kmem_cache_alloc
   + kmem_cache_alloc
-   1.22%  smbd  libtalloc.so.2.0.7[.] _talloc_free
   + _talloc_free
-   0.99%  smbd  libtalloc.so.2.0.7[.]
_talloc_free_children_internal.isra.4
   + _talloc_free_children_internal.isra.4
-   0.86%  smbd  libc-2.13.so  [.] __memcpy_ssse3
   + __memcpy_ssse3
+   0.81%  smbd  [kernel.kallsyms] [k] kmem_cache_free
+   0.81%  smbd  libc-2.13.so  [.] _int_free
+   0.79%  smbd  [kernel.kallsyms] [k] __kmalloc
+   0.66%  smbd  libtalloc.so.2.0.7[.] _talloc_zero
+   0.63%  smbd  [kernel.kallsyms] [k] link_path_walk
+   0.63%  smbd  [kernel.kallsyms] [k] ext4_htree_store_dirent
+   0.55%  smbd  libtalloc.so.2.0.7[.] talloc_alloc_pool
+   0.55%  smbd  libc-2.13.so  [.] __memset_sse2
+   0.53%  smbd  libc-2.13.so  [.] malloc
+   0.53%  smbd  [kernel.kallsyms] [k] fcntl_setlk
+   0.52%  smbd  [kernel.kallsyms] [k] get_page_from_freelist
+   0.50%  smbd  libtalloc.so.2.0.7[.] talloc_get_name
+   0.50%  smbd  [kernel.kallsyms] [k] tg3_start_xmit
+   0.48%  smbd  [kernel.kallsyms] [k] memset
+   0.47%  smbd  libc-2.13.so  [.] free
+   0.47%  smbd  [kernel.kallsyms] [k] _raw_spin_lock
+   0.45%  smbd  [kernel.kallsyms] [k] __d_lookup_rcu
+   0.45%  smbd  libc-2.13.so  [.] __GI___strcmp_ssse3
+   0.44%  smbd  libtalloc.so.2.0.7[.] _talloc_get_type_abort
+   0.43%  smbd  [kernel.kallsyms] [k] system_call_after_swapgs
+   0.43%  smbd  [kernel.kallsyms] [k] ext4_mark_iloc_dirty
+   0.42%  smbd  libtalloc.so.2.0.7[.] talloc_is_parent
+   0.41%  smbd  [kernel.kallsyms] [k] __alloc_skb
+   0.41%  smbd  [kernel.kallsyms] [k] __posix_lock_file
+   0.40%  smbd  [kernel.kallsyms] [k] __ext4_get_inode_loc
+   0.39%  smbd  libc-2.13.so  [.] __strlen_sse2
+   0.39%  smbd  [kernel.kallsyms] [k] kfree
+   0.39%  smbd  [kernel.kallsyms] [k] tcp_recvmsg
+   0.38%  smbd  libtalloc.so.2.0.7[.] talloc_named_const
+   0.37%  smbd  libtalloc.so.2.0.7[.] _talloc_array


On Mon, Sep 30, 2013 at 6:19 PM, Thiago Fernandes Crepaldi <
togn...@gmail.com> wrote:

> Agreed. For some strange reason I though perf would "follow" the new smbd
> forked and account their data too =)
>
> Unfortunately, I don't have the libc symbols (at least for today) to see
> what is going on there, but here is what I got in the child smbd process on
> the server side. The client side is a Windows 7 Virtual machine running
> NASPT
>
> Could this result mean that most of the time the performance drop I am
> experiencing is due to libc ?
> I've never worked with perf before, but I will still try to resolve those
> crazy addresses
>
> Events: 45K cycles
> -   7.37%  smbd  libc-2.13.so  [.] 0x11e465
>- 0x7ffab9f2043c
> 41.73% 0
> 5.32% 0x1b3fbe0
> 5.29% 0x2c4dab0
> 3.60% 0x1b0b130
> 3.37% 0x1b0b2a0
> 2.94% 0x1b5af80
> 2.70% 0x1b0d850
> 2.64% 0x2825fb0
> 1.86% 0x28e06d0
> 1.83% 0x2afcc80
> 1.71% 0x1b2ccb0
> 1.64% 0x2a4deb0
> 1.63% 0x1b56e00
> 1.51% 0x1b6bd00
> 1.16% 0x1b49eb0
> 1.15% 0x1b506e0
> 1.13% 0x1b4da00
> 1.07% 0x1b35100
> 0.93% 0x1af9050
> 0.92% 0x2b03680
> 0.91% 0x2ae21f0
> 0.90% 0x1b21210
> 0.89% 0x1b5de80
> 0.89% 0x1b5aa80
> 0.89% 0x1b2e0e0
> 0.88% 0x1b59be0
> 0.87% 0x1b4c600
> 0.86% 0x1b2aa20
> 0.85% 0x1b4a940
> 0.85% 0x1b45f50
> 0.84% 0x1b4a6d0
> 0.84% 0x1b23940
> 0.82% 0x1b37210
> 0.82% 0x1b2cf30
> 0.82% 0x1b33320
> 0.77% 0x2c96d50
> 0.76% 0x202f380
> 0.75% 0x2bd0bd0
> 0.66% 0x1b5e1d0
>- 0x7ffab9f27e10
> 37.72% 0x2f62696c2f3365
>   + 23.78% 0
>   + 11.24% 0x7fffc9f76d40
>   + 6.25% set_unix_security_ctx
> 3.13% 0x645f6e656b6f74
> 2.46% 0x10009
>   + 2.17% 0x11b9f22aac
> 2.16% 0x1b53000
>   + 2.12% 0x2a29850
> 2.08% 0xbe70f04c4c
> 2.01% 0x1b0af00
> 1.94% 0x1b07390
> 1.51% 0x1b49b00
> 1.41% 0x2010
>- 0x7ffab9fc6c10
>   + 18.08% 

Re: [Samba] How to tell a machine is properly joined to a domain?

[pisymbol .]

On Mon, Sep 30, 2013 at 2:59 PM, pisymbol .  wrote:

>
>
>
> On Mon, Sep 30, 2013 at 2:40 PM, Denis Cardon <
> denis.car...@tranquil-it-systems.fr> wrote:
>
>> Hi aps,
>>
>>
>>  I have been using 'net ads testjoin' but the issue is it seems to ask
>>> for a
>>> password when the box is not joined to a domain (even if I specify '-U
>>> username%pass'). This *seems* like a bug - I would expect it to pass or
>>> fail using the creds passed in.
>>>
>>> Is this by design and if so, why? Is there a better alternative? ('net
>>> ads
>>> info'?)
>>>
>>
>> I think that wbinfo -t should do it. It checks the trust relation ship.
>>
>> [root@srvfichiers.tranq ~]# wbinfo -t
>> checking the trust secret for domain TRANQUILIT via RPC calls succeeded
>>
>
> That relies on winbind though right?
>
> $ sudo wbinfo -t
> could not obtain winbind interface details!
> could not obtain winbind domain name!
> checking the trust secret for domain (null) via RPC calls failed
> Could not check secret
>
> This box I'm testing on is currently joined.
>
> 'net ads testjoin' should really just do what it does today but HONOR the
> '-U username%password' command line convention. Why is that wrong?
>

Anyone?

-aps
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4: where are ACLs stored?

[Andrew Bartlett]

On Tue, 2013-10-01 at 13:48 +0530, Partha Sarathi wrote:
> I hope you shoud use the below parameter under all share sections to
> get the NTACL working.
> 
> 
> vfs objects = acl_xattr,

Indeed, you would expect that to be needed. 

However, we put that in to the smb.conf 'by magic' whenever we see
'server role = active directory domain controller'.  Frankly I think it
should be the default, except for the fact that we didn't want to change
it for upgrading users.  We used the 'new' server role as a chance to at
least make it a default for this important use case. 

Andrew Bartlett


-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] /etc/passwd backend

[Andrew Bartlett]

On Tue, 2013-10-01 at 05:42 +, Miroslav Kolar wrote:
> Hi Andrew,
> 
> Thanks a lot for your answer!
> 
> I understand your point. This is actually the way I want to go.
> But before doing so, I need to migrate my users from /etc/passwd to LDB. I'd 
> like to do it without letting them know and a need to ask them to change 
> their password.

NO, unless you have an smbpasswd file already.

However see also tools like pam_smbpass, which can be made to work with
ldb, if you want to do a migration over time.  The different encryption
schemes used are sadly just incompatible. 

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Is there samba4 internal dns query log?

[Sense Zeng]

I'm testing the samba 4.0.9 internal dns. I need some dns query log to
debug, but I can't find the configure with internal dns. And when I use -D
10 to start samba, it's too much log with that. It's not easy the find out
the dns query log.
Does samba4 internal dns server can configure query log? Or is there any
other suggestion? Thanks.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] ID mapping not the same between servers - smb and nfs

[Taylor, Jonn]

We mount most of our share though samba but I a server that has the home 
directory mounted though nfs. The ID mappings are not the same. The 
server is joined to the domain. The domain has 2 samba4 servers and one 
win2k8r2 server. The 2 servers in question are CentOS 5.9 x86_64 and 
samba 3.6.19 from sernet.


Any ideas?

Jonn

[global]
workgroup = TAYLORTELEPHONE
realm = TAYLORTELEPHONE.COM
server string = 
interfaces = eth1, lo
security = ADS
log file = /var/log/samba/log.%m
server signing = auto
lpq cache time = 20
printcap name = /etc/printcap
wins server = 192.168.173.3, 192.168.173.4
template homedir = /home/%U
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
winbind offline logon = Yes
idmap config * : range = 500-400
idmap config TAYLORTELEPHONE:range = 500-400
idmap config TAYLORTELEPHONE:backend = rid
idmap config * : backend = tdb2
admin users = "@TAYLORTELEPHONE\Domain Admins"
inherit acls = Yes
map acl inherit = Yes
max print jobs = 100
printing = bsd
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j

[printers]
comment = All Printers
path = /clustershare/printers
guest ok = Yes
printable = Yes
print ok = Yes
browseable = No

[print$]
comment = Printer Drivers
path = /clustershare/drivers
read only = No

drwxrwx--- 14  1607 domain admins 3864 Sep 26 09:39 

/etc/fstab
shr01:/home  /home   nfs  rw,sync,hard,intr  0 0

CTDB file cluster

[global]
workgroup = TAYLORTELEPHONE
realm = TAYLORTELEPHONE.COM
netbios name = SHR01
server string = Cluster Share
interfaces = eth0, eth1, lo
security = ADS
private dir = /clusterdata/ctdb
log file = /var/log/samba/log.%m
server signing = auto
lpq cache time = 20
clustering = Yes
printcap name = /etc/printcap
wins support = Yes
template homedir = /home/%U
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
winbind offline logon = Yes
idmap config * : range = 500-400
idmap config TAYLORTELEPHONE:range = 500-400
idmap config TAYLORTELEPHONE:backend = rid
idmap config * : backend = tdb2
admin users = "@TAYLORTELEPHONE\Domain Admins"
inherit acls = Yes
map acl inherit = Yes
max print jobs = 100
printing = bsd
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j


drwxrwx--- 14   domain admins 3864 Sep 26 09:39 

/etc/exports
/clusterdata/home(sync,no_root_squash,rw)

On all servers

/etc/nsswitch.conf

passwd: files winbind
shadow: files winbind
group:  files winbind

hosts:  files dns

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks:   files
networks:   files
protocols:  files
rpc:files
services:   files

netgroup:   files

publickey:  nisplus

automount:  files
aliases:files nisplus

sudoers:  files ldap

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Update register SOA samba 4.1

[Jacó Ramos]

Hi,

How to update register SOA in samba 4.1rc4 ?

Thanks!.
Jacó Ramos

-- 

*"O homem não foi criado para ser feliz nem para vencer, mas para viver
para Deus. Quando vive para Deus é feliz e vence." Isaltino Gomes
*
*
$whoami*

   - Perito Forense Computacional
   - Pentester
   - Esp. em Segurança de Redes de Computadores com enfâse a Perícia
   Forense Computacional - FACID
   - Bacharel em Ciência da Computação - UESPI
   - Administrador de Redes de Computadores
   - CCNA Modulo II
   - Lattes: *http://lattes.cnpq.br/1591329268136905*


Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se
você não for o destinatário ou a pessoa autorizada a receber esta mensagem,
não deve usar, copiar ou divulgar as informações nela contida ou tomar
qualquer ação baseada nessas informações.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

[Rowland Penny]

On 01/10/13 12:57, Jonathan Buzzard wrote:

On Tue, 2013-10-01 at 12:44 +0100, Rowland Penny wrote:

[SNIP]


Here we go again, your logic is flawed, just because you personally know
of lots of windows 2003 & 2000 servers that have 'uidNumbers' does not
mean Samba 4 is level 2003.


No my logic is not flawed. You can *NEVER* determine the AD server level
by looking at the schema.
The logic as you wrote it, was flawed, you basically said that even if 
the server had 'uidnumber' it wouldn't be 2003R2, at no point in your 
initial post did you mention rpc calls.


I am trying to find out just what level samba 4 is, I think that it is 
not really 2003. It is not really helpful if you jump in with 'wrong' 
and then do not explain correctly. So, as you seem to know a bit about 
this, how do you find out what level a windows server is?


Rowland



The 'uidNumber' did not become a fixed part of the windows schema until
2003R2, before that it had to be added, but 'uidNumber' is a fixture of
Samba 4 therefore Samba4 cannot be level 2003

By that logic a Windows 2000 server with a uidNumber must really be
2003R2 server. Clearly that is not the case.


Also, if Samba 4 is level 2003, why does it ship with the 2008 & 2008R2
schemas and no sign of the 2003 schema?


Because it depends on the version of the wire level protocol that Samba4
supports and has nothing to do with the schema. That is, there is a set
of MS-RPC calls that you need to support to be at level 2003R2 and
presumably Samba4 does not support them all so it reports itself as a
2003 server.

You could probably import a 2008 schema into a 2003 server, but it would
not make it a 2008 server. Lets face it you can have an AD domain with a
mixture of 2003 and 2003R2 servers in it, and clearly the 2003 servers
are not 2003R2.


JAB.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

[Jonathan Buzzard]

On Tue, 2013-10-01 at 12:44 +0100, Rowland Penny wrote:

[SNIP]

> Here we go again, your logic is flawed, just because you personally know 
> of lots of windows 2003 & 2000 servers that have 'uidNumbers' does not 
> mean Samba 4 is level 2003.
> 

No my logic is not flawed. You can *NEVER* determine the AD server level
by looking at the schema.

> The 'uidNumber' did not become a fixed part of the windows schema until 
> 2003R2, before that it had to be added, but 'uidNumber' is a fixture of 
> Samba 4 therefore Samba4 cannot be level 2003

By that logic a Windows 2000 server with a uidNumber must really be
2003R2 server. Clearly that is not the case.

> Also, if Samba 4 is level 2003, why does it ship with the 2008 & 2008R2 
> schemas and no sign of the 2003 schema?
> 

Because it depends on the version of the wire level protocol that Samba4
supports and has nothing to do with the schema. That is, there is a set
of MS-RPC calls that you need to support to be at level 2003R2 and
presumably Samba4 does not support them all so it reports itself as a
2003 server.

You could probably import a 2008 schema into a 2003 server, but it would
not make it a 2008 server. Lets face it you can have an AD domain with a
mixture of 2003 and 2003R2 servers in it, and clearly the 2003 servers
are not 2003R2.


JAB.

-- 
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

[Rowland Penny]

On 01/10/13 12:34, Jonathan Buzzard wrote:

On Tue, 2013-10-01 at 11:27 +0100, Rowland Penny wrote:

[SNIP]


Wrong, the first windows server that had 'uidNumber' as standard was
2003R2 .


That is what I said. However there where lots of 2003 and even 2000
servers that had uidNumbers in their schema. What you cannot do is
conclude because your AD has a uidNumber field that it is operating at
2003R2 or later. That is fundamentally flawed logic.


So, if it was first installed 'de-facto' in 2003R2 and Samba 4 has it as
standard, then samba4 should be 'level 2003R2', but then again it seems
to be using the 2008 schema (at least that is the earliest I can find in
/usr/local/samba/share/setup/


Like I said flawed logic, because plenty of 2003 and 2000 servers had
uidNumbers in their schema. What is important is not what the schema is,
but what on the wire protocol version that your AD controller is
compatible with.

I presume that if Samba4 is reporting it is a 2003 server it is because
there was some extension of the AD controller protocol by Microsoft in
2003R2 that Samba4 does not support.


JAB.

Here we go again, your logic is flawed, just because you personally know 
of lots of windows 2003 & 2000 servers that have 'uidNumbers' does not 
mean Samba 4 is level 2003.


The 'uidNumber' did not become a fixed part of the windows schema until 
2003R2, before that it had to be added, but 'uidNumber' is a fixture of 
Samba 4 therefore Samba4 cannot be level 2003


Also, if Samba 4 is level 2003, why does it ship with the 2008 & 2008R2 
schemas and no sign of the 2003 schema?


Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

[Jonathan Buzzard]

On Tue, 2013-10-01 at 11:27 +0100, Rowland Penny wrote:

[SNIP]

> Wrong, the first windows server that had 'uidNumber' as standard was 
> 2003R2 .
> 

That is what I said. However there where lots of 2003 and even 2000
servers that had uidNumbers in their schema. What you cannot do is
conclude because your AD has a uidNumber field that it is operating at
2003R2 or later. That is fundamentally flawed logic.

> So, if it was first installed 'de-facto' in 2003R2 and Samba 4 has it as 
> standard, then samba4 should be 'level 2003R2', but then again it seems 
> to be using the 2008 schema (at least that is the earliest I can find in 
> /usr/local/samba/share/setup/
> 

Like I said flawed logic, because plenty of 2003 and 2000 servers had
uidNumbers in their schema. What is important is not what the schema is,
but what on the wire protocol version that your AD controller is
compatible with.

I presume that if Samba4 is reporting it is a 2003 server it is because
there was some extension of the AD controller protocol by Microsoft in
2003R2 that Samba4 does not support.


JAB.

-- 
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 4.1rc4 not replicating zone reverse of Windows 2003 Server

[Jacó Ramos]

Hi,

Run :

samba-tool domain join udopiaui.net.br DC -Uadministrador --realm=
udopiaui.net.br

But, when run:

samba-tool dns zonelist samba4

show 2 zones:
- udopiaui.net.br
- _msdcs.udopiaui.net.br
- reverse -  - no replicate

Any Ideas?

Grato.
Jacó Ramos
-- 

*"O homem não foi criado para ser feliz nem para vencer, mas para viver
para Deus. Quando vive para Deus é feliz e vence." Isaltino Gomes
*
*
$whoami*

   - Perito Forense Computacional
   - Pentester
   - Esp. em Segurança de Redes de Computadores com enfâse a Perícia
   Forense Computacional - FACID
   - Bacharel em Ciência da Computação - UESPI
   - Administrador de Redes de Computadores
   - CCNA Modulo II
   - Lattes: *http://lattes.cnpq.br/1591329268136905*


Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se
você não for o destinatário ou a pessoa autorizada a receber esta mensagem,
não deve usar, copiar ou divulgar as informações nela contida ou tomar
qualquer ação baseada nessas informações.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

[Rowland Penny]

On 01/10/13 11:07, Jonathan Buzzard wrote:

  A. On Sat, 2013-09-28 at 15:49 +0100, Rowland Penny wrote:

[SNIP]


If you do a google search for 'uidNumber' for instance, you will find
this webpage:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms680511%28v=vs.85%29.aspx

This plainly shows that the earliest windows server that had 'uidNumber'
was 2003R2 so as 'uidNumber' is in Samba4, samba4 function level should
be 2003R2, but Samba4 seems to be using the 2008 schema (at least that
is the only one that comes with samba 4) so should the function level be
2008?


Wrong, the uidNumber etc. where available in Server 2003 (and Server 200
for that matter) however it was an *optional* schema extension. I know I
was working somewhere at the time where the AD admins where like many AD
admins very reluctant to extend the schema.

In the upgrade to 2003R2 the schema extension was made mandatory. That
is you upgraded your domain controllers to 2003R2 and the rfc2307 schema
extension was applied to your AD whether you liked it or not.

Very useful as the biggest hurdle into getting rfc2307 working on an AD
was often getting the AD admins to agree to the schema extension. Once
it's there getting it populated was much easier.


JAB.

Wrong, the first windows server that had 'uidNumber' as standard was 
2003R2 .


So, if it was first installed 'de-facto' in 2003R2 and Samba 4 has it as 
standard, then samba4 should be 'level 2003R2', but then again it seems 
to be using the 2008 schema (at least that is the earliest I can find in 
/usr/local/samba/share/setup/


Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

[Jonathan Buzzard]

 A. On Sat, 2013-09-28 at 15:49 +0100, Rowland Penny wrote:

[SNIP]

> If you do a google search for 'uidNumber' for instance, you will find 
> this webpage: 
> http://msdn.microsoft.com/en-us/library/windows/desktop/ms680511%28v=vs.85%29.aspx
> 
> This plainly shows that the earliest windows server that had 'uidNumber' 
> was 2003R2 so as 'uidNumber' is in Samba4, samba4 function level should 
> be 2003R2, but Samba4 seems to be using the 2008 schema (at least that 
> is the only one that comes with samba 4) so should the function level be 
> 2008?
> 

Wrong, the uidNumber etc. where available in Server 2003 (and Server 200
for that matter) however it was an *optional* schema extension. I know I
was working somewhere at the time where the AD admins where like many AD
admins very reluctant to extend the schema.

In the upgrade to 2003R2 the schema extension was made mandatory. That
is you upgraded your domain controllers to 2003R2 and the rfc2307 schema
extension was applied to your AD whether you liked it or not.

Very useful as the biggest hurdle into getting rfc2307 working on an AD
was often getting the AD admins to agree to the schema extension. Once
it's there getting it populated was much easier.


JAB.

-- 
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4: where are ACLs stored?

[Klaus Hartnegg]

Am 01.10.2013 10:18, schrieb Partha Sarathi:

I hope you shoud use the below parameter under all share sections to get
the NTACL working.

vfs objects = acl_xattr,


Doesn't make a difference. Seems to be on by default, even if not in 
smb.conf. When I run testparam it shows it in global section:

vfs objects = dfs_samba4, acl_xattr

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4: where are ACLs stored?

[Partha Sarathi]

I hope you shoud use the below parameter under all share sections to get
the NTACL working.

vfs objects = acl_xattr,



On Tue, Oct 1, 2013 at 1:37 PM, Klaus Hartnegg <
klaus.hartn...@blickzentrum.de> wrote:

> On 30.09.2013 21:58, Andrew Bartlett wrote:
>
>> On Thu, 2013-09-26 at 16:12 +0200, Klaus Hartnegg wrote:
>>
>>> I tried in linux 'getfattr -d' and 'samba-tool ntacl get', but neither
>>> output changed when using windows to add individual right for a user
>>>
>>
> Meanwhile I found that 'cp -a' does transfer all rights settings. My
> conclusion is that the output of the commands 'getfattr -d' and/or
> 'samba-tool ntacl get' is incomplete.
>
>
> > Can you show me your smb.conf?
>
> Default of sernet samba:
>
> # Global parameters
> [global]
> workgroup = DC
> realm = DC.TESTDOMAIN.DE
> netbios name = ALPHA
> server role = active directory domain controller
> dns forwarder = 195.50.140.114
> dsdb:schema update allowed  = yes
>
> [netlogon]
> path = 
> /opt/samba/var/locks/sysvol/dc**.testdomain.de/scripts
> read only = No
>
> [sysvol]
> path = /opt/samba/var/locks/sysvol
> read only = No
>
> [test]
> path = /srv/samba
> read only = No
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  
> https://lists.samba.org/**mailman/options/samba
>



-- 
Thanks & Regards
-Partha
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4: where are ACLs stored?

[Klaus Hartnegg]

On 30.09.2013 21:58, Andrew Bartlett wrote:

On Thu, 2013-09-26 at 16:12 +0200, Klaus Hartnegg wrote:

I tried in linux 'getfattr -d' and 'samba-tool ntacl get', but neither
output changed when using windows to add individual right for a user


Meanwhile I found that 'cp -a' does transfer all rights settings. My 
conclusion is that the output of the commands 'getfattr -d' and/or 
'samba-tool ntacl get' is incomplete.


> Can you show me your smb.conf?

Default of sernet samba:

# Global parameters
[global]
workgroup = DC
realm = DC.TESTDOMAIN.DE
netbios name = ALPHA
server role = active directory domain controller
dns forwarder = 195.50.140.114
dsdb:schema update allowed  = yes

[netlogon]
path = /opt/samba/var/locks/sysvol/dc.testdomain.de/scripts
read only = No

[sysvol]
path = /opt/samba/var/locks/sysvol
read only = No

[test]
path = /srv/samba
read only = No

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba