Re: [Samba] Can we update idmap documentation for 3.6?

[Michael Adam]

Hi Heather,

On 2013-04-16 at 22:49 -0500, Heather Choi wrote:
> Just when I thought I had idmap changes correct for 3.6, I realize I
> have a setup that's not quite right:
> getent passwd
> ->No AD users
> getent passwd DOMAINA\\aduser
> aduser:*:1001601:1000513::/home/aduser:/bin/bash
> 
> Shouldn't "getent passwd" show both local and AD users?

This is not an idmap misconfiguration, but by design:
You only get enumeration of AD users (groups), when
you set "winbind enum users = yes" ("winbind enum groups = yes")
in your config. They are turned off by default.
Please see the corresponding entries in the smb.conf manpage.

> Samba has had such an identity crisis over the years with idmap
> documentation.  Depending, on where you look, even samba.org,
> different documentation states outdated configuration examples if
> you are using 3.6. And some of it almost even seems to contradict
> each other? Now I'm not really sure anymore what to reference for
> 3.6's latest id mapping configuration file changes..

The smb.conf manpage and the idmap_* manpages that come
with your samba 3.6 documentation. They are complete and
up to date.

Please also see my talk from sambaXP 2011:
http://www.samba.org/~obnox/presentations/sambaXP-2011/sambaxp-2011-talk-idmap-handout.pdf

> For instance, I'm not sure which one is correct anymore:
> is it:
> idmap config * : backend   = tdb
> idmap config * : range = 900-999
> 
> idmap config DOMAINA : backend = rid
> idmap config DOMAINA : range   = 100 - 199
> 
> idmap config DOMAINB : backend = rid
> idmap config DOMAINB : range   = 200 - 299

This is a valid configuration.

> or:
> idmap config * : backend   = tdb
> idmap config * : range = 100-299
> 
> idmap config DOMAINA : backend = rid
> idmap config DOMAINA : range   = 100 - 199
> 
> idmap config DOMAINB : backend = rid
> idmap config DOMAINB : range   = 200 - 299

This is syntactically correct, but it is not valid
since the default (*) range contains the other
ranges. Instead, the ranges should be mutually disjoint
(non-overlapping) as in the first example.

> Can we have a sane effort to publish updated documentation for id
> mapping that's relevant to Samba 3.6?

Firstly, I do again want to point you to the manual pages
shipped with the samba version as the authoritative source
of documentation for the release.

Secondly, I do understand the request for updated documentation
on wiki/websites, etc. I will see what I can do. Contributions
are highly welcome!

Cheers - Michael



signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [PATCH] Force python for Samba on platforms with a too old installed python (eg RHEL 5.9)

[Michael Adam]

pushed

On 2013-04-08 at 18:59 +1000, Andrew Bartlett wrote:
> Phil,
> 
> I've tried following your mails, and your trials, but got totally lost.
> 
> So what I've done is write up a patch, which should address the one
> issue I've been able to distil out of this, which is that when Samba is
> built against something other than the default python, samba-tool
> segfaults.
> 
> This happens because if we build and link against one library, but you
> run samba-tool with a different python, internal things go boom. 
> 
> This patch works for me on my Centos 5 box. 
> 
> As to all your trials building different versions of python, I can't
> really offer a solution - I've not seen those myself, and you really
> seem to have quite a mix of things going wrong here.  I would suggest
> that if you do want to build a new AD DC, you should do so on a modern
> OS, where python just works.  
> 
> While I will certainly work (as this patch will help a lot with) to have
> install_with_python work for the AD DC, the intended purpose was simply
> to get enough of python going to run our build system for simpler file
> server installations, to allow a transition from the second (autoconf)
> build system.  (And in that it has been quite successful).
> 
> Please test these patches, hopefully they will resolve your issue.
> 
> Finally, if you get odd build errors (such as the symlink error you
> got), then 'git clean -x -f -d' will blow away everything not nailed
> down in the git checkout.  This tends to fix that kind of issue (such as
> happened when I moved our python code around in master and in v4-0-test
> for 4.0.5). 
> 
> Metze (or someone else on the team),
> 
> Please review or push to master. 
> 
> Thanks,
> 
> Andrew Bartlett


pgpDtShSDA2gE.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] CTDB - deleting database entries

[Michael Adam]

Hi,

I assume that you are using Samba 3.6 (or newer)?!

In Samba 3.6, we have removed the ability to act on the id
mapping database through winbindd via wbinfo.

Instead, the "net idmap" command can be used:


$ bin/net idmap
Invalid command: net idmap 
Usage:
net idmap dumpDump the current ID mappings
net idmap restore Restore entries from stdin
net idmap setmap  Not implemented yet
net idmap delete  Delete ID mapping
net idmap secret  Set secret for specified domain
net idmap aclmapset   Set acl map
net idmap check   Check id mappings
~

For your purpose, "net idmap delete" would be the tool of choice.

Björn's hint to the general purpose dbwrap_tool is of course
also valuable.

Cheers - Michael

On 2012-12-12 at 11:16 +, Orlando Richards wrote:
> On 12/12/12 09:00, Orlando Richards wrote:
> >On 11/12/12 10:17, Bjoern Baumbach wrote:
> >>Hi Orlando!
> >>
> >>On 12/10/2012 04:01 PM, Orlando Richards wrote:
> >>>Is there any way to remove entries in a CTDB cluster once they have been
> >>>created, short of shutting down all nodes, editing each tdb manually,
> >>>then starting them back up?
> >>
> >>Yes! You can use the undocumented dbwrap_tool.
> >>
> >>USAGE: dbwrap_tool   [ [ []]]
> >>ops: fetch, store, delete, erase, listkeys, listwatchers
> >>types: int32, uint32, string, hex
> >>
> >>Example:
> >># list all the keys
> >>dbwrap_tool yourdb.tdb listkeys
> >>
> >># remove the record by key
> >>dbwrap_tool yourdb.tdb delete "name of the key"
> >>
> >>Best regards
> >>Björn
> >>
> >
> >Excellent - thanks Bjoern, I'll give that a go.
> 
> Worked perfectly - though I had to rebuild the sernet src rpm to get the 
> binaries, since they're not included in the rpm packages you guys build 
> (btw - thanks again for providing them!), but that was easy enough.
> 
> I also had slight confusion because the "listkeys" will spit out 
> "S-12345...-1234/00" and "GID 12345/00" - and it took me a while to 
> realise that I had to drop the "/00" part when calling the "delete".
> 
> Thanks again Björn - and everyone at Sernet :)
> 
> 
> -- 
> --
>Dr Orlando Richards
>   Information Services
> IT Infrastructure Division
>Unix Section
> Tel: 0131 650 4994
> 
> The University of Edinburgh is a charitable body, registered in 
> Scotland, with registration number SC005336.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


pgpuN0dkRusho.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [Announce] CTDB release 2.0 is ready for download

[Michael Adam]

Hi Amitay,

On 2012-10-31 at 19:59 +1100, Amitay Isaacs wrote:
> On Wed, Oct 31, 2012 at 7:12 PM, Michael Adam  wrote:
> > On 2012-10-31 at 16:14 +1100, Amitay Isaacs wrote:
> >> This is long overdue CTDB release. There have been numerous code
> >> enhancements and bug fixes since the last release of CTDB.
> >
> > it is really very nice, that we start over, version-wise! :-)
> >
> > Are you planning to create a ctdb-2.0 branch off the release tag
> > so that this version can stabilize?
> 
> Owing to a *very small* active group of developers of CTDB, most of
> the new commits would be bug-fixes. ;-)

Well, that is what a stable release branch is for - bugfixes...  ;)

> I didn't want to take on extra work of maintaining multiple
> development/release branches till there is significant contribution
> and new developments. I will continue to release from master till we
> need separate stable and development branches.

> >> Highlights
> >> ===
> >>
> >> * Support for readonly records 
> >> (http://ctdb.samba.org/doc/readonlyrecords.txt)
> >
> > Wasn't that alrady in the 1.2.* versions and the version stream
> > in the branch 1.13 ?
> >
> >> * Locking API to detect deadlocks between ctdb and samba
> >> * Fetch-lock optimization to rate-limit concurrent requests for same record
> >> * Support for policy routing
> >> * Modified IP allocation algorithm
> >> * Improved database vacuuming
> >
> > This is also available in the 1.2.* stream (various 1.2.X branches)
> > and even the 1.0.114.* versions (1.0.114 branch).
> >
> >> * New test infrastructure
> >
> > Sorry for pointing these out so bluntly.
> > I may have missed somethings, but I also did not
> > want to let a false impression arise that the
> > items I commented on were newly created and are
> > not available in eralier releases.
> >
> > If this is misleading or wrong, please apologize and clarify! :-)
> 
> Last time I checked, the last community released code (either in
> tarball or RPM form) was 1.0.114. Correct me if I am wrong.
> 
> If the changes I mentioned were present in 1.0.114 release, I need to
> improve my git skills significantly. :-)

Please look into the branch 1.0.114.
I did update the changelog for each 1.0.114.X release...

Well, maybe we have a different understanding of what have been
official ctdb releases. Given that there has never been a real
release process (up to now), I also counted the following events
as releases of ctdb:

- Announcements of new releases to the samba-technical mailing
  list, as e.g. Ronnies mail for "1.13" on 2012-03-01.
  There are more examples of that.

- Releae-Tags for versions, pushed to master or one of the release
  branches.
  Examples of stabilized release branches are 1.0.114
  (which I maintain and where we are at 1.0.114.5), 1.2, the
  slightly strange stream of release branches 1.2.27, 1.2.39, 1.2.40,
  and 1.13.

All that being said, it is of course great to start over
with a new release stream and with proper release process,
annoucements and source tar ball!

I just wanted to prevent the impression that all these features
are brand new and have not been available at all yet.

A note on publishing the sources:
I think it would be most useful to primarily publish the tarballs
(not the source RPMs), and to make sure that also the ctdb
compiled from tarball has a proper version number (and not only
that compiled via source RPM).

Cheers - Michael



pgpb2ougbTWe4.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [Announce] CTDB release 2.0 is ready for download

[Michael Adam]

Hi Amitay,

On 2012-10-31 at 16:14 +1100, Amitay Isaacs wrote:
> This is long overdue CTDB release. There have been numerous code
> enhancements and bug fixes since the last release of CTDB.

it is really very nice, that we start over, version-wise! :-)

Are you planning to create a ctdb-2.0 branch off the release tag
so that this version can stabilize?

> Highlights
> ===
> 
> * Support for readonly records (http://ctdb.samba.org/doc/readonlyrecords.txt)

Wasn't that alrady in the 1.2.* versions and the version stream
in the branch 1.13 ?

> * Locking API to detect deadlocks between ctdb and samba
> * Fetch-lock optimization to rate-limit concurrent requests for same record
> * Support for policy routing
> * Modified IP allocation algorithm
> * Improved database vacuuming

This is also available in the 1.2.* stream (various 1.2.X branches)
and even the 1.0.114.* versions (1.0.114 branch).

> * New test infrastructure

Sorry for pointing these out so bluntly.
I may have missed somethings, but I also did not
want to let a false impression arise that the
items I commented on were newly created and are
not available in eralier releases.

If this is misleading or wrong, please apologize and clarify! :-)

Cheers - Michael

> Reporting bugs & Development Discussion
> ===
> 
> Please discuss this release on the samba-technical mailing list or by
> joining the #ctdb IRC channel on irc.freenode.net.
> 
> All bug reports should be filed under CTDB product in the project's
> Bugzilla database (https://bugzilla.samba.org/).
> 
> 
> Download Details
> =
> 
> The source code can be downloaded from:
> 
>   http://ftp.samba.org/pub/ctdb/
> 
> Git repository
> 
>git://git.samba.org/ctdb.git
>http://git.samba.org/?p=ctdb.git;a=summary  (Git via web)
> 
> CTDB documentation
> 
> https://ctdb.samba.org/
> 
> 
> Amitay.


pgp14cBj1nslV.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] idmap_ad partially stopped working after upgrading Samba from 3.4.3 to 3.6.3

[Michael Adam]

Hi Javier,

Javier Conti wrote:
> On 15 May 2012 23:29, Michael Adam  wrote:
> > Hi Javier,
> >
> > Javier Conti wrote:
> >> Dear list,
> >>
> >> upgrading from SLES11 SP1 to SLES11 SP2, I upgraded Samba from 3.4.3
> >> to 3.6.3. I was successfully using idmap_ad to authenticate users but
> >> after the upgrade it stopped working and users are not seen by the OS.
> >> Obviously the users I want to see on the Linux server have all RFC2307
> >> attributes populated and are seen by all other SLES11 SP1 servers.
> >
> >
> >> Although I tried many changes to the config, according to some hints found
> >> on the web, this is what I was using with Samba 3.4.3:
> >>
> >>   [global]
> >>     workgroup = MYDOMAIN
> >>     realm = MYREALM
> >>     security = ADS
> >>
> >>     idmap backend = idmap_ad
> >>     idmap uid = 64000 - 64999
> >>     idmap gid = 64000 - 64999
> >>
> >>     idmap config MYDOMAIN : default = yes
> >>     idmap config MYDOMAIN : backend = ad
> >>     idmap config MYDOMAIN : range = 1000-5
> >>     idmap config MYDOMAIN : schema_mode = rfc2307
> >>
> >>     winbind use default domain = yes
> >>     winbind nss info = rfc2307
> >>     winbind offline logon = yes
> >>     winbind refresh tickets = yes
> >>     [...]
> >>
> >> Any hints on what has changed with Samba 3.6.3 and/or what to
> >> change to adapt the configuration to 3.6.3 (if necessary)?
> >
> > Some comments:
> > The above config makes no real sense for me,
> > neither for 3.4 nor for 3.6:
> >
> > * The parameter "idmap config DOMAIN : default = yes/no"
> >  has been removed in samba 3.3. It only existed from
> >  3.0.25 to 3.2.
> >  (http://www.samba.org/samba/history/samba-3.3.0.html)
> >
> > * You are using the backend "ad" (or "idmap_ad" which is
> >  a deprecated synonym) both in "idmap config MYDOMAIN : backend"
> >  and in "idmap backend". Both with different ranges.
> >  This does not seem to make sense to me.
> >
> >  It is necessary to specify a writable backend for the
> >  catch all default idmap configuration, e.g. tdb or ldap.
> >
> >  In 3.6, the "idmap backend" has been replaced by
> >  "idmap config * : backend", etc.
> >
> > A valid config for 3.4 would be:
> >
> > ~
> > [global]
> >        workgroup = MYDOMAIN
> >
> >        idmap backend = tdb
> >        idmap uid = x-y
> >        idmap gid = x-y
> >
> >        idmap config MYDOMAIN : backend = ad
> >        idmap config MYDOMAIN : range = 1000-5
> >        idmap config MYDOMAIN : schema mode = rfc2370
> > ~
> >
> > The corresponding for 3.6:
> >
> > ~
> > [global]
> >        workgroup = MYDOMAIN
> >
> >        idmap config * : backend = tdb
> >        idmap config * : range = x-y
> >
> >        idmap config MYDOMAIN : backend = ad
> >        idmap config MYDOMAIN : range = 1000-5
> >        idmap config MYDOMAIN : schema mode = rfc2370
> > ~
> 
> Hi Michael,
> 
> thanks for your input. The latter is indeed the configuration I'm
> running lately.

Ok, so you _are_ running the default domain with the "tdb" idmap
backend. -- Good.

> > Could you please check with the more low level wbinfo commands
> > the results of the commands for id mapping:
> >
> > wbinfo -S S-1-5-21-828208052-1092558876-1846952604-22794
> > ==> should give a uid
> 
> That works and gives me 10106.
> 
> > wbinfo -Y S-1-5-21-828208052-1092558876-1846952604-22794
> > ==> should fail
> 
> That fails with WBC_ERR_DOMAIN_NOT_FOUND.
> 
> > wbinfo -S S-1-5-21-828208052-1092558876-1846952604-513
> > ==> should fail
> 
> That fails with WBC_ERR_DOMAIN_NOT_FOUND.
> 
> > wbinfo -Y S-1-5-21-828208052-1092558876-1846952604-513
> > ==> should give a gid
> 
> That fails with WBC_ERR_DOMAIN_NOT_FOUND.

Ok, the error messages seem to be bogus.
But from what you have written below, the behaviour is correct.

> I don't know if it's related to that, but in the RFC2307 fields of the 10106
> user I put as primary gro

Re: [Samba] idmap_ad partially stopped working after upgrading Samba from 3.4.3 to 3.6.3

[Michael Adam]

Hi Javier,

Javier Conti wrote:
> Dear list,
> 
> upgrading from SLES11 SP1 to SLES11 SP2, I upgraded Samba from 3.4.3
> to 3.6.3. I was successfully using idmap_ad to authenticate users but
> after the upgrade it stopped working and users are not seen by the OS.
> Obviously the users I want to see on the Linux server have all RFC2307
> attributes populated and are seen by all other SLES11 SP1 servers.


> Although I tried many changes to the config, according to some hints found
> on the web, this is what I was using with Samba 3.4.3:
> 
>   [global]
> workgroup = MYDOMAIN
> realm = MYREALM
> security = ADS
> 
> idmap backend = idmap_ad
> idmap uid = 64000 - 64999
> idmap gid = 64000 - 64999
> 
> idmap config MYDOMAIN : default = yes
> idmap config MYDOMAIN : backend = ad
> idmap config MYDOMAIN : range = 1000-5
> idmap config MYDOMAIN : schema_mode = rfc2307
> 
> winbind use default domain = yes
> winbind nss info = rfc2307
> winbind offline logon = yes
> winbind refresh tickets = yes
> [...] 
> 
> Any hints on what has changed with Samba 3.6.3 and/or what to
> change to adapt the configuration to 3.6.3 (if necessary)?

Some comments:
The above config makes no real sense for me,
neither for 3.4 nor for 3.6:

* The parameter "idmap config DOMAIN : default = yes/no"
  has been removed in samba 3.3. It only existed from
  3.0.25 to 3.2.
  (http://www.samba.org/samba/history/samba-3.3.0.html)

* You are using the backend "ad" (or "idmap_ad" which is
  a deprecated synonym) both in "idmap config MYDOMAIN : backend"
  and in "idmap backend". Both with different ranges.
  This does not seem to make sense to me.

  It is necessary to specify a writable backend for the
  catch all default idmap configuration, e.g. tdb or ldap.

  In 3.6, the "idmap backend" has been replaced by
  "idmap config * : backend", etc.

A valid config for 3.4 would be:

~
[global]
workgroup = MYDOMAIN

idmap backend = tdb
idmap uid = x-y
idmap gid = x-y

idmap config MYDOMAIN : backend = ad
idmap config MYDOMAIN : range = 1000-5
idmap config MYDOMAIN : schema mode = rfc2370
~

The corresponding for 3.6:

~
[global]
workgroup = MYDOMAIN

idmap config * : backend = tdb
idmap config * : range = x-y

idmap config MYDOMAIN : backend = ad
idmap config MYDOMAIN : range = 1000-5
idmap config MYDOMAIN : schema mode = rfc2370
~

> I checked everything (I know) from the Samba point of view, and it almost
> seems ok, but "wbinfo -i" fails as follows:
> 
>   # wbinfo -i myuser
>   failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
>   Could not get info for user myuser
> 
> Using the same user, for example, I can do:
> 
>   # wbinfo -n myuser
>   S-1-5-21-828208052-1092558876-1846952604-22794 SID_USER (1)
>   # wbinfo -n "Domain Users"
>   S-1-5-21-828208052-1092558876-1846952604-513 SID_DOM_GROUP (2)
> 
>   # wbinfo -s S-1-5-21-828208052-1092558876-1846952604-22794
>   MYDOMAIN\myuser 1
>   # wbinfo -s S-1-5-21-828208052-1092558876-1846952604-513
>   MYDOMAIN\Domain Users
> 
>   # net -Uadminuser user info myuser |head
>   Enter adminuser's password:
>   domain users
>   [...]
>   # net -Uadminuser ads user  |grep myuser
>   Enter adminuser's password:
>   myuser
> 
> Obviously, id(1) and getent(1) fail. What I get is:
> 
> [2012/05/14 16:50:47.958484,  6] winbindd/winbindd.c:792(new_connection)
>   accepted socket 25
> [2012/05/14 16:50:47.958604, 10] winbindd/winbindd.c:642(process_request)
>   process_request: request fn INTERFACE_VERSION
> [2012/05/14 16:50:47.958644,  3]
> winbindd/winbindd_misc.c:384(winbindd_interface_version)
>   [ 5756]: request interface version
> [2012/05/14 16:50:47.958705, 10]
> winbindd/winbindd.c:738(winbind_client_response_written)
>   winbind_client_response_written[5756:INTERFACE_VERSION]: delivered
> response to client
> [2012/05/14 16:50:47.958771, 10] winbindd/winbindd.c:642(process_request)
>   process_request: request fn WINBINDD_PRIV_PIPE_DIR
> [2012/05/14 16:50:47.958808,  3]
> winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir)
>   [ 5756]: request location of privileged pipe
> [2012/05/14 16:50:47.958870, 10]
> winbindd/winbindd.c:738(winbind_client_response_written)
>   winbind_client_response_written[5756:WINBINDD_PRIV_PIPE_DIR]:
> delivered response to client
> [2012/05/14 16:50:47.958939,  6] winbindd/winbindd.c:792(new_connection)
>   accepted socket 26
> [2012/05/14 16:50:47.958995,  6]
> winbindd/winbindd.c:840(winbind_client_request_read)
>   closing socket 25, client exited
> [2012/05/14 16:50:47.959058, 10] winbindd/winbindd.c:615(process_request)
>   process_r

Re: [Samba] SerNet has created an open source Samba4 appliance for early testing

[Michael Adam]

Hi,

Arnold Krille wrote:
> Hi,
> 
> On 13.04.2012 12:49, Michael Adam wrote:
> >The Samba Team is working towards getting a Version 4.0 released.
> >
> >In oder to ease testing of the Active Directory features of
> >Samba4, even for people who don't want to download and compile
> >the source code, SerNet (http://www.sernet.de/) has created a
> >software appliance based on current Samba master snapshots.
> 
> By pure coincidence (and because it was announced at cebit) I downloaded 
> that appliance yesterday and took it for a first test drive.
> First problem: I can't change /etc/resolv.conf, neither as user sernet 
> nor as user root nor from a grml-cd. And as the dns resolving is wrong, 
> I can't access the appliance from anything but the (virtual) local gui. 
> And I can't install/update other packages.
> Which leaves me rather clueless with the whole package...
> 
> Any advice?

First: For such questions you should probably first ask @sernet
first, unless you are certain it is a pure samba issue.
But as this might hit several people:

The new version uploaded later yesterday offers to configure
a dns forwarde in the "dcpromo" dialogue. This should leave
your dns setup much more useful without the need to change
resolv.conf. (This feature was not available in upstream samba
for the first version of the appliance. Now it is... :-)

The reason you can't modify the resolv.conf is that the dcpromo
makes it immutable with "chattr +i", in order to prevent it from
being overwritten (by e.g. dhcp). If you need to change it, you
can use "chattr -i" to remove the immutable attribute.

Cheers - Michael

-- 
Michael Adam 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kont...@sernet.de


pgpDmKm1u09Yt.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] SerNet has created an open source Samba4 appliance for early testing

[Michael Adam]

Dear samba and samba-technical lists,

The Samba Team is working towards getting a Version 4.0 released.

In oder to ease testing of the Active Directory features of
Samba4, even for people who don't want to download and compile
the source code, SerNet (http://www.sernet.de/) has created a
software appliance based on current Samba master snapshots.

The major purpose of this is to make it very easy to experiment
with Samba4 for people who are thinking about using it in
production soon. Note that this is not intended to be used
in production.

The appliance is offered as an install cd iso image. It consists
of a basic Debian squeeze install with preeinstalled Samba 4 binaries
and a couple of system customizations. After booting, the user is
logged into a minimal graphical system and presented with an
interactive dialog to configure a new Samba4 Active Directory domain.

The iso image can be freely downloaded from

http://ftp.sernet.de/pub/samba4-appliance/

All additions and customizations are under the GPL.
The current version that has been released yesterday is based on
Samba 4.0 Alpha 19. There is a README with more details:

http://ftp.sernet.de/pub/samba4-appliance/README

New versions will be announced on SerNet's samba newsletter
(https://www.sernet.de/de/samba/newsletter/).

We hope that someone will find it useful. :-)

Cheers - Michael

-- 
Michael Adam 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kont...@sernet.de


pgpNHMuNYahIq.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] IDMAP dump and restore for second server.

[Michael Adam]

Hi,

everything is fine:

You are using the rid backend for your domains (DOMAIN1 and
DOMAIN2). This is a purely algorithmical method for doing
id mappings. These mappings are not stored in databases
but calculated each time (at least when the cache entries
expire).

The default backend "tdb" is only used for anything but
DOMAIN1 and DOMAIN2. Apparently you don't have a third
real domain around, which is why there are so few mappings
in the db and hence in the dump.

Hope this helps.

Cheers - Michael


Johan Hendriks wrote:
> Hello all.
> 
> I use Samba 3.6.3 on FreeBSD in combination with ZFS, and it all works fine.
> I use zfs send to receive my store on a backup machine and i want the users 
> id to be the same as on the master server so to say.
> Keeps my backups easy accessable with samba!
> 
> Now i know i can dump the IDMAP database using the following: net idmap dump.
> 
> I expect a whole bunch of lines,but i get the following, we around  70 users
> 
> filer01 ~ # net idmap dump
> dumping id mapping from /var/db/samba/winbindd_idmap.tdb
> GID 150004 S-1-5-11
> GID 150005 S-1-5-32-546
> USER HWM 15
> GID 150002 S-1-1-0
> GID 150003 S-1-5-2
> GROUP HWM 150006
> filer01 ~ #
> 
> Also a tdbdump /var/db/samba/winbind_idmap.tdb gives me a small amount of 
> Lines.
> 
> tdbdump /var/db/samba/winbindd_idmap.tdb
> {
> key(11) = "GID 150002\00"
> data(8) = "S-1-1-0\00"
> }
> {
> key(9) = "S-1-5-11\00"
> data(11) = "GID 150004\00"
> }
> {
> key(13) = "S-1-5-32-546\00"
> data(11) = "GID 150005\00"
> }
> {
> key(11) = "GID 150005\00"
> data(13) = "S-1-5-32-546\00"
> }
> {
> key(11) = "GID 150003\00"
> data(8) = "S-1-5-2\00"
> }
> {
> key(9) = "USER HWM\00"
> data(4) = "\F0I\02\00"
> }
> {
> key(8) = "S-1-1-0\00"
> data(11) = "GID 150002\00"
> }
> {
> key(11) = "GID 150004\00"
> data(9) = "S-1-5-11\00"
> }
> {
> key(8) = "S-1-5-2\00"
> data(11) = "GID 150003\00"
> }
> {
> key(10) = "GROUP HWM\00"
> data(4) = "\F6I\02\00"
> }
> {
> key(14) = "IDMAP_VERSION\00"
> data(4) = "\02\00\00\00"
> }
> 
> wbinfo -u and wbinfo -g as id username all works fine.
> 
> The relevant config part (as far as i know)
> 
> template homedir = /sanstorage/sambashare/home/%U
> winbind use default domain = yes
> winbind cache time = 3600
> winbind nested groups = yes
> winbind separator = |
> winbind offline logon = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind refresh tickets = yes
> allow trusted domains = yes
> 
> idmap config * : backend = tdb
> idmap config * : range = 1-8
> 
> idmap config DOMAIN1 : backend = rid
> idmap config DOMAIN1 : base_rid = 500
> idmap config DOMAIN1 : range = 1 - 2
> 
> idmap config DOMAIN2 : backend = rid
> idmap config DOMAIN2 : base_rid = 500
> idmap config DOMAIN2 : range = 3 - 4
> 
> Is there a problem , or am i missing something.
> I have been googling a lot, but could not find something related.
> 
> Thanks for your time
> 
> Regards
> Johan Hendriks
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



pgpFKws3jWOPl.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Upgrade of IDMAP_VERSION from -1 to 2 is not possible with incomplete configuration

[Michael Adam]

Hi Gregory,

I am completely ignorant of interaction with likewise.
But I assume (from the logs) that you have samba's winbindd
running. I also don't know about the lwicompat_v4 backend
that you configured.

What you should know thought is that a domain placeholder "ALL"
is not used for the default idmap configuration any more since
samba 3.3. This must be the reason why you get logs from the
idmap_tdb backend at all.

So in order to configure the lwicompat_v4 backend as the default
(catch-all) backend, you should set:

idmap backend = lwicompat_v4

And this should be it. (remove all the other idmap-options).
There is currently no global read only option to id mapping
in 3.5. And from your configuration, the range options
(idmap uid and idmap gid) are not needed for your case.
If you specify them, then you have to specify values (like
idmap uid = 10-20).

So my guess is that you should try:

~
idmap backend = lwicompat_v4
~

instead of

~
idmap config ALL:backend = lwicompat_v4
idmap config ALL:default = yes
idmap config ALL:readonly = yes
idmap backend
idmap uid
idmap gid
~

Cheers - Michael

Gregory Machin wrote:
> Thanks for the suggestion, but no joy
> 
> Below is my [global]
> 
> workgroup = endace
>realm = ad.DOMAIN.COM
>server string = %h server
>wins server = 10.0.32.2
>dns proxy = no
>panic action = /usr/share/samba/panic-action %d
>security = ADS
>encrypt passwords = true
>passdb backend = tdbsam
>obey pam restrictions = no
>unix password sync = yes
> password server = dcn01.ad.DOMAIN.COM
>passwd program = /usr/bin/passwd %u
>passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>machine password timeout = 0
>pam password change = yes
>map to guest = bad user
> force group = domain^users
> idmap config ALL:backend = lwicompat_v4
> idmap config ALL:default = yes
> idmap config ALL:readonly = yes
> idmap backend
> idmap uid
> idmap gid
> hosts allow = ALL
> 
>usershare allow guests = yes
> 
> printcap name = /etc/printcap
> 
> #Logging
> #   log file = /var/log/samba/log.%m
> max log size = 1000
> #syslog = 0
> log level = 1 vfs:1
> log file = /var/log/samba/%U.%m.log
> 
> 
> #Network
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536
> SO_SNDBUF=65536
> #
> 
> 
> Any further advice ?
> 
> Thanks
> 
> 
> On Sat, Mar 17, 2012 at 2:58 AM, Tom Noonan II  
> wrote:
> >        I saw this on CentOS 6 with winbind, not LikewiseOpen.  The problem 
> > is
> > that it expects configuration options to be present that are flagged as 
> > having
> > (sane) defaults in the smb.conf man page.  Once I added the following 
> > options
> > for winbind to my smb.conf this problem went away:
> >
> > idmap backend
> > idmap uid
> > idmap gid
> >
> > I believe it was "idmap backend," but I didn't verify that.
> >
> >
> > --
> > Tom Noonan II
> > ESL Technician - Randstad
> >
> >
> > On Fri, 16 Mar 2012 08:37:48 +
> > Gregory Machin  wrote:
> >
> >> Hi
> >>
> >> I'm running CentOS 6.2 with samba-3.5.10-114 , and LikewiseOpen 6.1 .
> >>
> >> How do I fix these errors ?
> >>
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16
> >> 20:25:43.639871,  0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db)
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]:   Upgrade of IDMAP_VERSION
> >> from -1 to 2 is not possible with incomplete configuration
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16
> >> 20:25:43.654353,  0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db)
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]:   Upgrade of IDMAP_VERSION
> >> from -1 to 2 is not possible with incomplete configuration
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16
> >> 20:25:43.655811,  0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db)
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]:   Upgrade of IDMAP_VERSION
> >> from -1 to 2 is not possible with incomplete configuration
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16
> >> 20:25:43.674267,  0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db)
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]:   Upgrade of IDMAP_VERSION
> >> from -1 to 2 is not possible with incomplete configuration
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16
> >> 20:25:43.675524,  0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db)
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]:   Upgrade of IDMAP_VERSION
> >> from -1 to 2 is not possible with incomplete configuration
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]: [2012/03/16
> >> 20:25:43.693888,  0] winbindd/idmap_tdb.c:287(idmap_tdb_open_db)
> >> Mar 16 20:25:43 nzhmlfpr05 winbindd[2556]:   Upgrade of IDMAP_VERSION
> >> from -1 to 2 is not possible with incompl

Re: [Samba] some questions about CTDB

[Michael Adam]

jintao chen wrote:
> Hello, Michael

Hi, and sorry for the delay...

> I deployed two nodes with ctdb for HA solution, and I used "smbpasswd
> -a ctdbuser01" to create a new user in node1, it was shown correctly
> in node1:
> # pdbedit -L
> ctdbuser01:501:
> 
> but it was showing something wrong through node2:
> # pdbedit -L
> ctdbuser01:4294967295:
> 
> # pdbedit -Lv
> ---
> Unix username:ctdbuser01
> NT username:
> Account Flags:[U  ]
> User SID: S-1-5-21-3030760710-2492829195-736885294-1000
> pdb_get_group_sid: Failed to find Unix account for ctdbuser01
> Primary Group SID:(NULL SID)
> 
> what can I do for this?

Well, for a samba user in passdb.tdb, you still need the unix
user underneath. For a normal (non-clustered) samba server you
can create the unix users automatically when adding the samba
user with the help of a "add user script" configured in smb.conf.

I assume that in your case you either had a unix user pre-created
or used a "add user script" - right?

In a ctdb-cluster, the passdb.tdb is automatically synchronized
in the cluster, but the unix users aren't. This is the reason
why you have the proper user on one node, and and the same user
does not exist (uid = -1) on the other node.

Now you have three options in principle to fix that:

1. use a domain and make your samba server a member.
   this removes the need of maintaining local users in the
   cluster.
   This is the most common mode by far.

2. use an external user database: ldap
   this can definitely be done. Setup is like for a
   non-clustered server.

3. establish a mechanism that keeps the unix users and
   groups in sync on the nodes. (i.e. including uids/gids).
   This needs to be done on creation time. So concurrent
   creations on different nodes don't creat conflicts.
   I have never set up something like that and I have never
   heard of such a setup either.

I hope this helps.

Cheers - Michael



pgpUfTzOTAR8D.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] CTDB + Likewise-open : What servername when joining AD?

[Michael Adam]

Hi Nicolas,

Nicolas Ecarnot wrote:
> Le 01/12/2011 09:35, Michael Adam a écrit :
> >Hi Nicolas,
> 
> Hi Michael,
> 
> >Generally, when running samba in a CTDB cluster, the principle
> >idea is that all nodes appear as one CIFS server to the outside.
> >(in Samba/winbindd you have the same config on all nodes an
> >in particular set the "netbios name" parameter to the same value
> >on all nodes).
> 
> >In particular, the AD-connector needs to join
> >the cluster just _once_ with the netbios name given to all the
> >nodes.
> 
> This is this particular point that I have to precisely understand.
> Joining to a domain with likewise is done with domainjoin-cli.
> Joining to a domain with samba is done with net ads join.
> 
> I succesfully used both.
> But, in both cases, I never specified the server name. I guess this 
> value is retreived from the system and/or the samba setting.

Yes, it is the netbios name, which can be set in samba
configuration (smb.conf) via "netbios name = ...".
If it is not set explicitly, samba sets this implicitly to the
(dns) host name. In a ctdb cluster, this needs to be set explicitly
to the common name under which all the nodes should appear as one
samba server.

I don't know how to set the netbios name with likewiese.
And I likewise don't know wheter running likewise as part
of a samba+ctdb cluster is supported or possible at all.

> The net man page says :
> "[UPN] (ADS only) set the principalname attribute during the join. The 
> default format is host/netbiosname@REALM."
> so this may help me to register this computer into the domain, but under 
> the common virtual name.
> 
> How do you usually add a virtual netbios name to a domain? Do you use 
> the net ads join createupn method mentionned above ?

You don't add such a name to a domain. The client (member)
sets its own netbios name. And this is transferred in the UPN
as part of the join and used to store the machine account on the
server.

> I'm pretty sure this is the very last big issue I have to deal with.
> 
> >Winbindd uses the secrets.tdb to store the join
> >information so that in the clustered case, this automatically
> >transferred to all nodes when a node joins.
> >
> >I could assist you with winbindd instead of likewise-open
> >running on top of ctdb as the authenticaion / AD-connection
> >piece, but I am sorry to say, that I don't know whether this
> >is at all possible with likewise.
> 
> I have discovered some "intricacy/links/constraints" between the machine 
> password stored into samba tdb and the one stored into likewise registry 
> (and I've managed to cope with it).
> As this cluster is made of only TWO nodes, I hope I'll be able to 
> correct any similar issues that may rise.

Samba's tdb (with the machine password) is distributed in the
cluster by ctdb. Likewise does not use ctdb, so you need other
means to synchronize its databases contents in the cluster.
I don't know whether distributing databases would be enough,
maybe there would be more required IPC infrastructure for
likewise to be aware of the fact that it is run on multiple
nodes but as the same identity. This problem is the same,
no matter how many nodes you have (as long as it is more than one).
But this is frankly the wrong place to ask how to make likewise
clusterable. :-)

Cheers - Michael



pgpEpw3hxxNu3.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] CTDB + Likewise-open : What servername when joining AD?

[Michael Adam]

Hi Nicolas,

I don't know for sure, but I cant imagine that likewise-open
comes with ctdb support. You need to ask likewise folks to
know whether there is a suppurted way to run likewise on top
of ctdb.

Generally, when running samba in a CTDB cluster, the principle
idea is that all nodes appear as one CIFS server to the outside.
(in Samba/winbindd you have the same config on all nodes an
in particular set the "netbios name" parameter to the same value
on all nodes). In particular, the AD-connector needs to join
the cluster just _once_ with the netbios name given to all the
nodes. Winbindd uses the secrets.tdb to store the join
information so that in the clustered case, this automatically
transferred to all nodes when a node joins.

I could assist you with winbindd instead of likewise-open
running on top of ctdb as the authenticaion / AD-connection
piece, but I am sorry to say, that I don't know whether this
is at all possible with likewise.

(Note: likewise-open was iirc originally a rebranded winbindd
with some additional gui tools, but this has long been replaced
completely.)

Cheers - Michael

Nicolas Ecarnot wrote:
> Hi,
> 
> [Context : ubuntu 11.11 64bits, cman, clvmd, gfs2, ctdb, samba, 
> likewise-open, all running fine except...]
> 
> I've setup ctdb to manage public_addresses (to manage one virtual ip 
> actually), and I've explicitely told smb.conf that
> netbios name = foobar_cluster
> 
> I've done that *after* I've manage to make samba, likewise-open and AD 
> to work nicely together.
> 
> I guess now all the setup and domain joining informations stored 
> somewhere in likewise remembers the real actual name of the server 
> (foobar01)?
> 
> So, when trying to reach a share from windows with
> \\foobar_cluster\share01   ,
> I get errors and non working config (I guess the errors are not worth 
> showing - the issue seems clear to me)
> 
> (Reaching \\foobar01\share01 does work obviously)
> 
> Anyway, with such a setup (ctdb + likewise-open), what is the 
> recommended way to setup the server name in samba and in likewise?
> 
> Places where I guess there's something to work on:
> - /etc/hosts
>   don't know exactly? Perhaps have something like
>   192.168.42.1   foobar01.f.q.d.nfoobar01
>   192.168.42.42  foobar_cluster.f.q.d.n  foobar_cluster
>   though i'm not sure this helps, as this is already correct in our DNS.
> 
> - /etc/samba/smb.conf  netbios name = foobar_cluster
> 
> - domainjoin-cli ?
>   I saw there's an option to change the server's name, but I guess it's 
> just a shortcut to make changes in the /etc setup?
> 
> - likewise-open registry?
> 
> -- 
> Nicolas Ecarnot
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


pgppgs5qo7MxF.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.6.0: unable to list Active Directoy users

[Michael Adam]

Hi David,

David Touzeau wrote:
> Le vendredi 12 août 2011 à 12:25 +0200, Michael Wood a écrit :
> > Hi
> > 
> > On 12 August 2011 10:23, David Touzeau  wrote:
> > > Dear all
> > >
> > > I have upgraded my Samba from 3.5.x to a newest 3.6.0 version.
> > > My Samba is connected to an Active Directory 2008 R2
> > >
> > >
> > > the "getent passwd" did not display any ActiveDirectoy Domains users.
> > >
> > > ...
> > >
> > > I think there is a misconfiguration in my setup but did not find any
> > > solution:
> > > Where i'm wrong ?
> > >
> > >
> > > [global]
> > >...
> > >idmap config TOUZEAU:backend = ad
> > >idmap config TOUZEAU:readonly = yes
> > >idmap config TOUZEAU:schema_mode = rfc2307
> > >idmap config * : range = 16777216-33554431
> > 
> > The way idmap works was changed with 3.6.0.  I don't know if the above
> > is wrong, but perhaps it is something to consider.
> > 
> > e.g. I don't know if "readonly" is supported.  I've seen mention of
> > "read only", but not in the idmap_ad code.  But maybe I missed it.
> > 
> > Also, the idmap_ad documentation implies that you need something like this:
> > 
> > idmap config * : backend = tdb
> > idmap config * : range = 100-199
> > 
> > idmap config TOUZEAU : backend  = ad
> > idmap config TOUZEAU : range = 1000-99
> > idmap config TOUZEAU : schema_mode = rfc2307
> > 
> > I am not sure if the above is relevant to you :) but I hope it helps.
> > 
> 
> Many thanks Michael
> 
> i have changed values but it has no effect and the issue still alive...

But the remarks by Michael were correct. You need to give the
configuration for the ad backend (domain TOUZEAU) a range,
otherwise it won't work.

The "readonly" parameter will be ignored for the ad backend.
(And for those backends that support it, the correct spelling
is "read only".)

With the above config changes, you should narrow the source of problems
down as detailed here:

https://bugzilla.samba.org/show_bug.cgi?id=8371#c5

You should then post the level 10 logs of the most specific
failing command here, so we can debug further.

Cheers - Michael

> For anybody here it is some relevant winbindd debug informations 
> 
>   Adding 0 DC's from auto lookup
> [2011/08/12 10:39:31.945022,  5]
> libads/sitename_cache.c:105(sitename_fetch)
>   sitename_fetch: Returning sitename for TOUZEAU.HOME:
> "Default-First-Site-Name"
> [2011/08/12 10:39:31.945047, 10]
> libsmb/namequery.c:1975(internal_resolve_name)
>   internal_resolve_name: looking up WIN-RSF60G6AS1L.touzeau.home#20
> (sitename Default-First-Site-Name)
> [2011/08/12 10:39:31.945076,  5] libsmb/namecache.c:165(namecache_fetch)
>   name WIN-RSF60G6AS1L.touzeau.home#20 found.
> [2011/08/12 10:39:31.945124,  9]
> libsmb/conncache.c:150(check_negative_conn_cache)
>   check_negative_conn_cache returning result 0 for domain touzeau.home
> server 192.168.1.150
> [2011/08/12 10:39:31.945151, 10]
> libsmb/namequery.c:1079(remove_duplicate_addrs2)
>   remove_duplicate_addrs2: looking for duplicate address/port pairs
> [2011/08/12 10:39:31.945172,  4] libsmb/namequery.c:2601(get_dc_list)
>   get_dc_list: returning 1 ip addresses in an ordered list
> [2011/08/12 10:39:31.945193,  4] libsmb/namequery.c:2602(get_dc_list)
>   get_dc_list: 192.168.1.150:389 
> [2011/08/12 10:39:31.945216, 10]
> libads/kerberos.c:825(get_kdc_ip_string)
>   get_kdc_ip_string: Returningkdc = 192.168.1.150
>   
> [2011/08/12 10:39:31.945304,  5]
> libads/kerberos.c:948(create_local_private_krb5_conf_for_domain)
>   create_local_private_krb5_conf_for_domain: wrote
> file /var/lib/samba/smb_krb5/krb5.conf.TOUZEAU with realm TOUZEAU.HOME
> KDC list =kdc = 192.168.1.150
>   
> [2011/08/12 10:39:31.945347,  4] libsmb/namequery_dc.c:148(ads_dc_name)
>   ads_dc_name: using server='WIN-RSF60G6AS1L.TOUZEAU.HOME'
> IP=192.168.1.150
> [2011/08/12 10:39:31.945376,  5]
> libads/sitename_cache.c:105(sitename_fetch)
>   sitename_fetch: Returning sitename for touzeau.home:
> "Default-First-Site-Name"
> [2011/08/12 10:39:31.945398,  8]
> libsmb/namequery.c:2652(get_sorted_dc_list)
>   get_sorted_dc_list: attempting lookup for name touzeau.home (sitename
> Default-First-Site-Name) using [ads]
> [2011/08/12 10:39:31.945432,  5] libsmb/namequery.c:194(saf_fetch)
>   saf_fetch: Returning "WIN-RSF60G6AS1L.touzeau.home" for "touzeau.home"
> domain
> [2011/08/12 10:39:31.945458,  3] libsmb/namequery.c:2461(get_dc_list)
>   get_dc_list: preferred server list: "WIN-RSF60G6AS1L.touzeau.home, *"
> [2011/08/12 10:39:31.945481, 10]
> libsmb/namequery.c:1975(internal_resolve_name)
>   internal_resolve_name: looking up touzeau.home#1c (sitename
> Default-First-Site-Name)
> [2011/08/12 10:39:31.945507,  5] libsmb/namecache.c:160(namecache_fetch)
>   no entry for touzeau.home#1C found.
> [2011/08/12 10:39:31.945531,  5] libsmb/namequery.c:1869(resolve_ads)
>   resolve_ads: Attempting to resolve DCs for touzeau.home using DNS
> [2011/08/12 10:39:31.945

Re: [Samba] 3.6.0 winbind issues

[Michael Adam]

Hi Chris,

can you please post your complete (global) samba configuration here?
And then please follow the instructions for narrowing it down,
which I posted to

https://bugzilla.samba.org/show_bug.cgi?id=8371#c5

Cheers, Michael


Chris Smith wrote:
> On Fri, Aug 12, 2011 at 10:25 AM, Chris Smith  wrote:
> > With the standard:
> >  idmap config * : backend = tdb
> >
> >    no results are returned by getent, and wbinfo does not always
> > work, also no winbind_idmap.tdb file is ever created.
> >
> > by changing to:
> >  idmap config * : backend = rid
> > or
> >  idmap config * : backend = hash
> >
> >    results are obtained but are the same regardless of range (or base_rid).
> 
> Turns out that sometimes (during various restarts) results will be
> obtained with:
>idmap config * : backend = tdb
> However, as previously noted, no winbind_idmap.tdb file is created and
> the results are always the same. Basically the "idmap config" settings
> seem to have no effect, regardless of type (tdb, rid, hash) or range
> the result for 'getent passwd' (when I get one) is always:
> TESTDOMAIN\root:*:322438120:322437633:root:/home/TESTDOMAIN/root:/bin/false
> TESTDOMAIN\me:*:322438122:322437633::/home/TESTDOMAIN/me:/bin/false
> TESTDOMAIN\you:*:322438123:322437633::/home/TESTDOMAIN/you:/bin/false
> TESTDOMAIN\test:*:322438126:322437633::/home/TESTDOMAIN/test:/bin/false
> 
> Chris
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


pgp85EvvyDrbO.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Proposal to change Samba contribution copyright policy.

[Michael Adam]

Hi Jeremy,

Jeremy Allison wrote:
> 
> ...
> 
> Given this, I'm proposing that we modify our policy slightly
> to allow corporate owned copyright within Samba. Note I'm
> not proposing open season on corporate (C), and we'd still
> prefer to get individual copyright, or assignment to the
> Software Freedom Conservancy (as we have done in the past).
> 
> The reason to prefer individual, or SFC owned copyright is
> for ease of relicensing components within Samba. Over time,
> we have moved certain libraries within Samba from GPL to
> LGPL, for example the tdb and talloc libraries. Re-licensing
> like this is easier if we don't have to get permission from
> a corporate legal department, but can just directly ask the
> engineers themselves, so I'd still suggest that we keep personal
> or SFC copyright for code that goes into libraries, or code that
> might be moved into a library.
> 
> But for things like build fixes for specific platforms,
> I don't think it's necessary any more to insist on
> personal copyright, which can delay or prevent engineers
> from giving us good fixes.

Honestly, to my taste, what you are proposing is very vague.
It is also not very clear. You say you want to loosen the
requirement. But keep the requirement for library code
and code that might be moved into libraries sometime in
the future (however you want to estimate this).
And prefer personal copyright anyways. I get the impression
that you also want to base the decision of whether to accept
a patch with corporate copyright on the impact that the patch
has and the broadness. The example you give is "build fixes".
This would rather be an innocuous example, compared to a
patch adding a new feature or one changing core server behaviour.
So what is the procedure you imagine for taking patches with
corporate copyright? Do you imagine that we would decide
individually whether the coprorate copyright is OK for a given
patch based on some vague and personal judgement of the nature
of the patch? It sound like that to me. But I think that this is
not really practicable. I think we need a clear rule which
we can adhere to.

It is also not clear to me what the benefit of such a change
in policy would be. If you want to basically only accept
corporate copyrighted patches when they dont exceed a certain
level of impact, then I don't see that this is necessary at all.

Maybe I don't understand the meaning of the copyright of
a patch. In Samba, to my understanding, a person holds a
copyright on a file if she/he has made contributions on that
file which exceed a certain size, so that she/he is added to the
copyright/license boilerplate comment. (I was not aware that
we track indiviual possibly tiny patches as well.) And what you
proposed seems to imply that you'd like to not use corporate
copyright on changes this big anyways. So maybe you can clarify
this, so that I can understand the point.

So modulo explanations that can clarify my confusions, I do
rather dislike this proposal, the main reason being that the
criteria for decision are so vague. But I also don't see the
benefit. Has the present policy prevented major contributions
in the past? And if so, would we accept major contributions
under corporate copyright or just the odd buildfix patch that
could also be donated to a team member or the SFC?

Cheers - Michael


> I already raised this with tridge, who told me that he
> had been meaning to raise the very same issue with me
> (just one more proof that great minds think alike :-),
> so I promised to write this email to propose it to the
> lists in general.
> 
> Please comment and let us know what you think about
> this possibility. Samba Team members get to vote, but
> we'd be really interested in hearing from all Samba
> users to understand if this is something the community
> thinks is a good idea or not.
> 
> Cheers,
> 
>   Jeremy.



pgpQ83j6TIQdr.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Where is the ctdb debuginfo rpm

[Michael Adam]

Hi,

The creation of debuginfo packages is subject to the
setup of your rpm build system. By default no debuginfo
packages are built. But if you e.g. install the package
redhat-rpm-config on a rhel system, then debuginfo
packages will be built.

Basically you need to use the %debug_package macro.
Different distributions for triggering it.
But if you build your packages yourself you can
simply insert it into the spec file.
Maybe you can even add it to the rpmbuild command line.

Hope this helps.

Cheers - Michael

Yu Liao wrote:
> Hi, All
> 
> I test with ctdb-1.2.0-18.1, and there is a corefile. I want to analyze the
> corefile, but can't find the ctdb debuginfo. Could you tell me where to find
> the ctdb debuginfo?
> 
> -- 
> Best Regards.
> Yu Liao
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



pgp0WZrLLz2mG.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Porting CTDB to Solaris

[Michael Adam]

Hi Kai,

Kai Lanz wrote:
> We wanted to try out clustered Samba on a pair of small OpenSolaris/ 
> Intel
> boxes. But after downloading the CTDB source from the Samba git  
> repository,
> I discovered that it won't build on Solaris -- the configure script  
> supports
> only Linux and AIX.
> 
> Is there a Solaris port for CTDB, or is somebody working on one? (If  
> not,
> I might take a crack at it; would it be a straightforward port?)

AFAIK, noone is working on it.
If I am not missing something, this basically consists in writing
the OS-specific part for the network routines under
common/system_xyz.c

Please check out master from git://git.samba.org/ctdb.git

I guess we should/could use the samba libreplace system to
make the network layer portable.

But there is more to it than extending the C code:
There is a set of event scripts under config/events.d which are
actually linux-only (using linux commands like "ip" ...).
To my knowledge these only work under linux, not under aix either.

So, if you want to have a go at fixing CTDB for ctdb, then
you are highly welcome! We will gladly review and help.

Out of curiosity: What file system are you planning to use on the
cluster?

Cheers - Michael



pgpUDh0v6LkGE.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] clustered samba registers all non CTDB addresses at WINS server

[Michael Adam]

Daniel Müller wrote:
> But the entry for your ctdb cluster manual in your windows2008 wins.

Sorry, somehow Im not getting this sentence... :-)

> I think ctdb would be better in a dns ads then in a netbios wins Environment.

Yes. This is where it is mostly used and best tested.

Cheers - Michael

> ---
> EDV Daniel Müller
> 
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> 
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: muel...@tropenklinik.de
> Internet: www.tropenklinik.de
> ---
> -Ursprüngliche Nachricht-
> Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
> Auftrag von Michael Adam
> Gesendet: Dienstag, 12. April 2011 22:33
> An: erik bergsma
> Cc: samba@lists.samba.org
> Betreff: Re: [Samba] clustered samba registers all non CTDB addresses at
> WINS server
> 
> Hi Erik,
> 
> erik bergsma wrote:
> > Hi all,
> > 
> > in the first step to separate my wins/netbios/nmbd and my clustered 
> > samba servers i've installed the WINS feature on a windows 2k8r2 
> > server, and set the "wins server = ip.adress.of.windows.server"
> > 
> > the weird thing is: my samba 3.5.8 do not only register the public 
> > CTDB ip addresses specified by "cluster addresses =", but also the 
> > static maintenance ip's + the internal ip address of each node (direct 
> > link between the nodes, not reachable from outside)
> > 
> > is this behaviour normal? and is this behaviour safe? or am i missing 
> > something in my smb.conf?
> > i can imagine that if a netbios request comes in for my domain name, 
> > and the returned address is 10.0.0.1 something goes wrong
> 
> nmbd and wins in the cluster setup is probably not the best tested
> scenario...
> 
> I'd say that you are right and that we should _only_ register the "cluster
> addresses" and not the other autodetected ones.
> The problem is that in the cluster setup, samba needs to listen on the
> wildcard interface and this defaults to registering all of the found
> addresses with WINS.
> 
> I would consider the behaviour you describe a bug and think we should fix it
> to only register "cluster addresses" if it is set.
> 
> Cheers - Michael
> 
> > Regards,
> > Erik


pgp5A8cH5AbVI.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [CTDB] how does LMASTER know where the record is stored?

[Michael Adam]

Hi David,

David Roid wrote:
> Greetings list,
> 
> I was looking at the wiki "samba and clustering" and a ctdb.pdf, admittedly
> both are quite old (2006 or 2007) and I don't know how things change over
> years, but I just have two questions about LMASTER:

First off, I have written a small paper on ctdb in 2009 which is still
mostly correct today:

http://samba.org/~obnox/presentations/sambaXP-2009/samba-and-ctdb.pdf

It is also linked on http://ctdb.samba.org/documentation.html .
But the details about LMASTER have been omitted. Maybe I should
write an update version. :-)

> < this is from pdf >
> LMASTER fixed
> ● LMASTER is based on record key only
> ● LMASTER knows where the record is stored
> ● new records are stored on LMASTER
> 
> Q1. From the output of "ctdb status" I can see that LMASTER is bacially
> configured as the node itself, then how does each node know where the record
> is stored? By broadcast to all nodes or any other way? And more importantly,
> when?
> 
> Q2. If new records are stored on LMASTER, do these records need to be synced
> within the cluster? And when?

Let me explain to some detail about CTDB's view of tdb records.

The trick in ctdb (that enables Samba to scale well in the cluster)
is that it does _not_ propagate record updates to all nodes in the
cluster. There are two essential roles for a node with respect to a
record in ctdb:

1. a record's data master (aka DMASTER):
   This is the node that holds the current and authoritative copy
   of the record. This is the node that has last announced its
   intention to change that record and was granted permission.
   The DMASTER role moves in the cluster as different nodes write
   to the record.
   Nodes that were DMASTER of the record previously may hold
   older copies of the record.
   The records contain a special header field "record sequence
   number" (aka RSN) which is incremented whenever the DMASTER
   role is moved from one node to another.

2. a record's location master (LMASTER):
   This is the node that knows the data master for the given
   record. The LMASTER for a record is a fixed record in the
   in the cluster (as long as the list of active nodes does not
   change). It is calculated from the record like this
   (in the simplest case):
   A 32 bit hash value is calculated from the record's key.
   This 32bit value is taken module the number of nodes to
   yield the LMASTER's node number (if the nodes are numbered
   without gap starting at 0).

   Hence it is always cheap to contact the LMASTER and the
   LMASTER knows how to find the DMASTER.

When a node wants to write to a record, it requests the DMASTER
role for that record. It does so by sending an appropriate
network request to the record's LMASTER. The lmaster knows
whether the record existed previously and if so it requests the
DMASTER got transfer the DMASTER role along with the record's
contents via the LMASTER to the requesting node. If the record
did not previously exist, the LMASTER creates and empty initial
record and transfers this to the requesting node.
This way, the LMASTER always has the previous copy of the record.


Regarding the output of "ctdb status", e.g.:

Number of nodes:4
pnn:0 10.0.0.21OK (THIS NODE)
pnn:1 10.0.0.22OK
pnn:2 10.0.0.23OK
pnn:3 10.0.0.20OK
Generation:1987363808
Size:4
hash:0 lmaster:0
hash:1 lmaster:1
hash:2 lmaster:2
hash:3 lmaster:3
Recovery mode:NORMAL (0)
Recovery master:1

Here you see a 4-node cluster with node numbers 0,1,2,3.
And you see which node number is lmaster for a given
key's hash value modulo 4(==Size). Generally, you will see
something like "hash:X lmaster:Y".
E.g. stop ctdb on node number 0 an look again at ctdb status.
You will see:

Size:3
hash:0 lmaster:1
hash:1 lmaster:2
hash:2 lmaster:3


> Excuse me if this comes off sort of rude, it's just there are not enough
> docs of CTDB on samba site.

No problem, there is also some (potentially) deprecated info on
the wiki.samba.org. But the lmaster bit might be worth explaining
in more detail anyways.

Do these explanations make things more clear for you?

Cheers - Michael

> Faithfully
> -David


pgp08CqEeWe3s.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] clustered samba registers all non CTDB addresses at WINS server

[Michael Adam]

Hi Erik,

erik bergsma wrote:
> Hi all,
> 
> in the first step to separate my wins/netbios/nmbd and my clustered samba
> servers i've installed the WINS feature on a windows 2k8r2 server, and set
> the "wins server = ip.adress.of.windows.server"
> 
> the weird thing is: my samba 3.5.8 do not only register the public CTDB ip
> addresses specified by "cluster addresses =", but also the static
> maintenance ip's + the internal ip address of each node (direct link between
> the nodes, not reachable from outside)
> 
> is this behaviour normal? and is this behaviour safe? or am i missing
> something in my smb.conf?
> i can imagine that if a netbios request comes in for my domain name, and the
> returned address is 10.0.0.1 something goes wrong

nmbd and wins in the cluster setup is probably not the best
tested scenario...

I'd say that you are right and that we should _only_ register the
"cluster addresses" and not the other autodetected ones.
The problem is that in the cluster setup, samba needs to listen
on the wildcard interface and this defaults to registering all of
the found addresses with WINS.

I would consider the behaviour you describe a bug and think we
should fix it to only register "cluster addresses" if it is set.

Cheers - Michael

> Regards,
> Erik


pgpJl9R8CIjly.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problems with Winbind Idmap and Active Directory 2008 r2

[Michael Adam]

Hi Matthew,

Matthew Choppen wrote:
> For our Linux Machines (SLES 10) we are using kerberos and LDAP to
> authenticate against Active Directory (works perfectly)
> 
> Please note that the same configuration works with Windows 2003 Server, the
> problem is with with Windows 2008 Server
> 
> However we are experiencing problems with winbind for the file share, I see
> in the "log.winbind-idmap" logfile the following errors
> 
> [2011/03/03 15:09:08.643286,  1]
> winbindd/idmap_ad.c:143(ad_idmap_cached_connection_internal)
>   ad_idmap_init: failed to connect to AD
> [2011/03/03 15:09:08.643323,  1]
> winbindd/idmap_ad.c:326(idmap_ad_unixids_to_sids)
>   ADS uninitialized: No logon servers
> The user from windows clients experiences extremely poor performance (I
> guess timeouts from winbind, and I would also guess that winbind then
> assigns some kind of default ID and not the real uid/gid from AD)
> 
> The Unix Services for windows is applied and the users have the correct UNIX
> settings (else LDAP / kerberos auth would not work)
> 
> I have also tried backend = ldap:ldap://OurADServer  which also does not
> work!!!

No, this won't work since the ldap idmap backend will search for
completely different attributes than the ad backend.

Before addressing the above connection error (which may even
be related), let's fix the configuration:

You should not configure "ad" as the default
idmap backend in smb.conf. This does not work since
a couple of releases actually.

Instead, you should configure something like this:

idmap backend = tdb
idmap uid = 100-199
idmap gid = 100-199

idmap config MYDOMAIN : backend  = ad
idmap config MYDOMAIN : range = 1000-99

Where you should make sure that the reange of the MYDOMAIN
setting covers the complete range of your IDs in AD.
(See "man idmap_ad" for more info.)

Could you change your config in the sense above and re-check?
(After restarting winbindd)

If the problems persist, we can continue to analyze the situation.

Cheers - Michael

> Here is our current configuration:
> 
> samba3-3.5.2-43.suse101.x86_64.rpm
> samba3-cifsmount-3.5.2-43.suse101.x86_64.rpm
> samba3-client-3.5.2-43.suse101.x86_64.rpm
> samba3-debuginfo-3.5.2-43.suse101.x86_64.rpm
> samba3-doc-3.5.2-43.suse101.x86_64.rpm
> samba3-utils-3.5.2-43.suse101.x86_64.rpm
> samba3-winbind-32bit-3.5.2-43.suse101.i586.rpm
> samba3-winbind-3.5.2-43.suse101.x86_64.rpm
> Samba Config
> 
> [global]
> workgroup = MYDOMAIN
> password server = OurADServer
> domain master = no
> realm =  MYDOMAIN.COM
> server string = ClearCase Server
> netbios name = OURNAME
> security = ADS
> encrypt passwords = yes
> winbind use default domain = Yes
> winbind nested groups = Yes
> client use spnego = Yes
> winbind enum users = Yes
> winbind enum groups = Yes
> template shell = /bin/bash
> template homedir = /home/%u
> log level = 2
> log file = /var/log/samba/%m
> max log size = 50
> winbind separator = +
> #idmap uid = 4-5
> #idmap gid = 4-5
> winbind offline logon = true
> winbind cache time = 5
> winbind refresh tickets = true
> map to guest = Bad User
> username map = /etc/samba/users.map
> max open files = 11000
> add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s
> /bin/false %m$
> ldap ssl = No
> socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
> idmap backend = ad
> ldap idmap suffix = dc=mydomain,dc=com
> ldap admin dn = CN=bindUserFromAD,OU=Siteroles,OU=HAM,DC=mydomain,dc=com
> ldap suffix = dc=mydomain,dc=com
> usershare allow guests = Yes
> directory security mask = 0775
> kernel oplocks = No
> create mask = 0775
> directory mask = 0775
> map archive = No
> oplocks = No
> level2 oplocks = No
> [vobs]
> comment = Vob storage directory
> path = /vobs
> valid users = @"MYDOMAIN+ccusers"
> writeable = Yes
> create mask = 0775
> force directory mode = 0775
> [vobstore]
> comment = Vob storage directory
> path = /vobstore
> valid users = @"MYDOMAIN+ccusers"
> writeable = Yes
> create mask = 0775
> force directory mode = 0775
> [ccviews]
> comment = View storage directory
> path = /ccviews
> valid users = @"MYDOMAIN+ccusers"
> writeable = Yes
> create mask = 0775
> force directory mode = 0775
> Thanks for any assistance :)
> 
> Matt
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



pgplv1LkY7PSn.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [samba] is mandatory to execute smb service before that nmb?

[Michael Adam]

Hi,

it is better to start nmbd before smbd.
Also start winbindd before smbd.

Cheers - Michael

sisu . wrote:
> 
> 
> Hi group,
> 
> Does anybody know if is mandatory to execute smb service before that nmb?  
> 
> I searched it on the samba's official doc and I didn't find anything, it just 
> to be sure.
> 
> Thanks a lot.
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



pgpURhji9dAid.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] idmap troubles with any version 3.30 or later

[Michael Adam]

Hi Jim,

Jim Stalewski wrote:
> Hello list.
> 
> The issue I have is that with the changes made to the idmap
> functionality of winbind, as regards the enumeration of rfc2307 users
> and groups using getent passwd and getent group, only those AD users
> that are not in the domains included in the "idmap config (domain)"
> statements (the ones in trusted domains that get their ID mappings
> auto-assigned by the TDB backend with id's in the idmap uid / gid
> ranges) get enumerated.  The ones that have the RFC2307 attributes
> defined within the idmap group (domain) range statements will return
> their uid/gid/homedir/shell info only if you specify "getent passwd
> (username)" but they do not enumerate with a "getent passwd."  Same with
> getent group (groupname) vs getent group.

If this is a case, then it is a bug and needs fixing.
There have been bugs with enumeration in the past and
I need to go recheck bugzilla.
Maybe such bug reappeared or there is a fix that is
not yet in the versions you tested.
Otherwise, we need to file a new bug.

Could you be more precise and send your smb.conf file
and indicate for which of the idmap configs listed, users
are not enumerated?

> I have had to create the symlinks in /usr/lib and /usr/lib64 for the
> /lib/nss_winbind.so.2, /lib/nss_wins.so.2, /lib64/nss_winbind.so.2 and
> /lib64/nss_wins.so.2 libs manually because the installer did not create
> them for me, and until I did so, getent passwd and getent group only
> displayed the local /etc/passwd and /etc/group entries.

Hm, so you compiled and installed samba manually?
This can also be considered a bug.
Usually, on linux, this is taken care of by the distribution
packagers in the RPMs /.debs and whatnot. This may be the reason
why this did not pop up prominently yet.

Could provide more info about your system?
OS, version, architecture, build system, ...

> Question - are there any other symlinks that should be created for any
> other aspect of the nss idmap functionality that may not have been
> created by the install process, that would be breaking the user / group
> enumeration functionality of nss_winbind.so, and if so, what libs need
> to be symlinked to which folders using what names?

This question is too general instead.
Usually each component providing nss backends should
take care of installing the correct libs/symlinks in its
installer itself. If you are manually installing samba, then
you might have to There should

Could you paste your /etc/nsswitch.conf ?


Best regards,

Michael


> I have tried version 3.3x, 3.4.3 and 3.5.4 all with the same lack of
> results from getent passwd and getent group but it functioned properly
> under 3.2.7, so it can't be
> 
> Thanks in advance,
> 
> Jim.
> 
> 
> 
> This email and any files transmitted with it are confidential and intended 
> solely for the use of the individual or entity to whom they are addressed. If 
> you have received this email in error please notify the sender and delete it. 
> Please note that any views or opinions presented in this email are solely 
> those of the author and do not necessarily represent those of the company. 
> No employee or agent is authorized to conclude any binding agreement on 
> behalf of?Visa Lighting with another party by email without express written 
> confirmation by?an authorized representative of the Company.
> Finally, the recipient should check this email and any attachments for the 
> presence of viruses. The company accepts no liability for any damage caused 
> by any virus transmitted by this email.
> 
> 
> 

> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


pgpVO6cyBTDh4.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [ob...@samba.org: 3.6:idmap:Q2: get rid of (all/most) idmap alloc parameters for idmap_ldap ?]

[Michael Adam]

Hi Christopher,

thank you for your comments.

I know that idmap configuration has been a pain to get and keep
right over the releases. This is a pity. One of the aims, I have
been pursuing with my latest rewrite is to make ID mapping
config slightly simpler, while staying mostly backward
compatible. I am convinced that the removal of the alloc config
will get us rid of a continuous source of grief and confusion.
And I will of course do my best do document things as good as
possible. Please bear with me and carefully check config vs.
documentation once 3.6 is out. And please report bugs if there
are inconsistencies. Also please insist if I don't react in a
timely manner. If I loose track due to being busy with other
topics, I am thankful for any reminder to fix my bugs... :-)

Cheers - Michael


Christopher Chan wrote:
> Hi Michael,
> 
> I, for one, am using config alloc because that is how things were done 
> on 3.0.xx before I migrated data to a new box that uses 3.5.4. I do not 
> care very much about the configuration changes. But I beg you that 
> documentation regarding idmap_ldap is updated including how idmap_ldap 
> works.
> 
> I had issues getting the configuration in 3.5.x to a state where I could 
> run wbinfo --set-* successfully and I still have an outstanding issue 
> where new accounts created in AD are not being automatically mapped by 
> winbind and I have to manually create these mappings.
> 
> 
> >In my idmap rewrite, I kept the alloc related parameters for the
> >LDAP idmap backend for now:
> >
> >- idmap alloc config : ldap_url
> >- idmap alloc config : ldap_base_dn
> >- idmap alloc config : ldap_user_dn
> >
> >and the related idmap alloc secret.
> >
> >I would like to get rid of these.
> 
> Be my guest. I don't care so long as these changes are documented so 
> that people will know what is going on. This will be the second time 
> that I will have had to fight with changes in idmap ldap related 
> configuration without notice.
> 
> 
> >
> >Therefore, I am asking here, if there is
> >anyone out there using these?
> >I can not imagine a reason why one would
> >want to use different server and/or user+password
> >for storing the uid/gid counter.
> 
> Right now there is nothing that actually explains to me what idmap_ldap 
> does and so I don't have a clue as to what are you talking about.
> 
> 
> >
> >The only option that I would attest a certain, though minimal,
> >right to exist is the ldap_base_dn. But usually, it should
> >imho ok to store the uid/gid counter in the same location
> >as the mappings.
> >
> >So, again: Are these options needed/used at all?
> 
> There is an awful lot of 'documentation' out there detailing the use of 
> alloc. People go nuts just figuring out how to do winbind + ldap.
> 
> 
> >Or can I remove them for 3.6.0 ?
> 
> Be my guest! Just update/provide documentation!
> 
> 
> >
> >Cheers - Michael
> >
> >
> >Note: If we need to keep any of the options, the current form
> >(idmap alloc config :  = ...) would reference
> >the default config, but my idmap rewrite would enable us
> >to set these on a per-domain basis, which would call
> >for options like this "idmap config DOMAIN : alloc_")
> >
> >
> >
> >
> >- End forwarded message -
> >
> >
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



pgppGRzQyjcQi.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] LVS and SAMBA

[Michael Adam]

Ciro Iriarte wrote:
> 2010/11/3 Volker Lendecke :
> > On Wed, Nov 03, 2010 at 11:03:20AM -0300, Ciro Iriarte wrote:
> >> Hi, would it be possible to  run two nodes with SAMBA+LDAP and a OCFS2
> >> filesystem, with LVS load balancing WITHOUT CTDB?. This would be
> >> relying only on OCFS2 file locking. The idea is to provide
> >> authentication, HA file service and load balancing.
> >
> > That would cause data corruption. As far as I know (please
> > correct me if I'm wrong) OCFS2 does not support the full
> > semantics required for share modes, oplocks and all the
> > other fancy cifs features that Samba provides. That's the
> > point of the ctdb and clustered samba combo.
> >
> > Volker
> >
> 
> Well, the new "cool" feature on OCFS2 is fcntl, apparently is not
> enough. With CTDB I see that nodes use the same netbios name. How
> would that affect domain controller feature?. I won't like to build
> other server pair just for PDC/BDC

When you think a little about it you will agree that
when serving the same folder from a cluster file system
like ocfs2, as mounted on two different nodes, as
samba shares from these nodes, then you will have to
configure the two sambas to use the same netbios name.
Not only that, but you will also have to make sure that
the windows SID --> unix ID mappings are identical.
(Unless, of course, you like data corruption. ;-)
And so on.

The typical use case for a clustered samba with ctdb
is a file server that is member in a domain, but you
can in principle also run samba as a clustered Domain
controller on the cluster. THis will just be one DC
then (since the samba's on the nodes will have to
appear as one server together), but this way you could
replace the PDC/BDC replication, failover and load
balancing mechanism of the classical PDC/BDC scheme
buy using e.g. one clustered PDC. This could even use
tdbsam then (instead of ldapsm), since replication
is done by CTDB then.

I personally have not done such a setup. But it should
not be a big problem. Be sure to use the "cluster addresses"
variable in smb.conf here to make nmbd happy.
Maybe Jim McDonough can share some of his experiences here? :-)

Cheers - Michael



pgpme7kAKgOlC.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] ctdb: Strange behaviour after upgrade

[Michael Adam]

Moin Eisofen!

eiso...@eisofen.de wrote:
> Hi,
> 
> last weekend I've updated samba and ctdb on my 2-node cluster. Samba is
> now on 3.5.6 (from 3.3.4), ctdb on 1.0.114 (from 1.0.84). Both installed
> from repo via yum and ctdb-packages.
> 
> After restarting both nodes everything was fine, we could access files on
> the cluster.
> 
> On monday I noticed that the nodes didn't had their initial adresses:
> 
> Node 1:
> hostname dscln01, public IP 10.0.0.41/8, now 10.0.0.42/8
> /etc/sysconfig/network-scripts/ifcfg-bond0:
> 
> DEVICE=bond0
> BOOTPROTO=none
> IPADDR=10.0.0.41
> NETWORK=10.0.0.0
> BROADCAST=10.0.0.255
> NETMASK=255.0.0.0
> ONBOOT=yes
> USERCTL=no
> 
> 
> 
> Node 2:
> hostname dscln02, public IP 10.0.0.42/8, now 10.0.0.41/8
> /etc/sysconfig/network-scripts/ifcfg-bond0:
> 
> DEVICE=bond0
> BOOTPROTO=none
> IPADDR=10.0.0.42
> NETWORK=10.0.0.0
> BROADCAST=10.0.0.255
> NETMASK=255.0.0.0
> ONBOOT=yes
> USERCTL=no
> 
> Yesterday it felt over so we had to reboot both nodes and the IP where
> still mixed up.

That is merely cosmetic actually.
When using public addresses with ctdb, you should not rely on a
specific node having a specific IP address.
It seems that in some release between 1.0.84 and 1.0.114
(and I do currently not know exactly when) the algorithm for
distributing ips across nodes has been reversed.
It think this has also been discussed on the #ctdb irc channel
some weeks or even months ago.

Your clients should only ever access the cluster by it's name, to
which the whole pool of public ip addresses is assigned, so it
should really not matter to which node an address is assigned.


> log.ctdb got some interesing entries after reboot:
> 
> 2010/11/17 09:48:02.613807 [ 4383]: killed 30 TCP connections to released
> IP 10.0.0.42
> 2010/11/17 09:48:02.633263 [ 4383]: re-adding secondary address
> 10.0.0.41/8 to dev bond0
> 2010/11/17 09:48:02.646140 [ 4383]: /etc/ctdb/interface_modify.sh: line
> 71: /etc/ctdb/state/interface_modify/bond0.readd.d/10.0.0.41.8/*: No such
> file or
> directory
> 2010/11/17 09:48:02.646446 [ 4383]:
> /etc/ctdb/state/interface_modify/bond0.readd.d/10.0.0.41.8/* 'bond0'
> '10.0.0.41' '8' - failed - 127
> 2010/11/17 09:48:02.646514 [ 4383]: call
> /etc/ctdb/state/interface_modify/bond0.readd.d/10.0.0.41.8/* 'bond0'
> '10.0.0.41' '8'
> 2010/11/17 09:48:02.647412 [ 4383]: Failed to del 10.0.0.42 on dev bond0
> 2010/11/17 09:48:02.649354 [ 4383]: server/ctdb_daemon.c:688 waitpid()
> returned error. errno:10

Hmmm. Did you assign the public addesses 10.0.0.41 and 10.0.0.42
to the nodes statically? This is not good. If you need static Ip
addresse on the public interfaces (e.g. for login etc), you should
use a different set of addresses.

Anyways, the above is a sign of a bug in the interface_modify.sh
script. Not sure that this is very bad though.

There is a patch in the master branch though for this and I think
It should apply to the 1.0.114 version:

http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=commit;h=e665cfde03fc9ec2264e99512ed5470872a2fd04

But we need to get clear about the pool vs. static IPs first.

> I also notice, or lets say user reports, slow performance when shutting
> down their PC. When it comes to closing time load climbs to ~70 on both
> nodes. with high CPU load on ctdbd and mmfsd. OK, 220 PC writing back their
> profiles..

Has that been slow before?
Has the workload changed or just the samba+ctdb versions?
Workload of course also changes when profiles grow...

> Could ctdb the blocking element when writing to it's persistent DB, since
> the local disks are not that super fast?

Depends on what the workload really looks right, but I guess rather not.

> Both nodes are hooked up to an infortrend SAN, connected up via FC-AL, FS
> is GPFS, running on CentOS 5.3.
> Did I do something wrong after or before upgrading?

I can't say for sure.
I'd need to look at your configs (ctdb + samba).

Cheers - Michael

> Matthias
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



pgpCj7cBCSZC6.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] winbind sometimes does not resolve sid to a name

[Michael Adam]

Hi Shirish,

Shirish Pargaonkar wrote:
> On Mon, Nov 8, 2010 at 1:47 PM, Jeremy Allison  wrote:
> > On Mon, Nov 08, 2010 at 01:21:30PM -0600, Shirish Pargaonkar wrote:
> >> Sometimes a group sid does not get resolved to its name.
> >>
> >> Is this a settings problem?  Looks like winbind deamon
> >> went dormant for a while and then woke up?
> >> I am using interface wbcLookupSid provided by the
> >> library libwbclient.so for resolving sids to names.
> >>
> >> These are the winbind related parameters in
> >> /etc/samba/smb.conf
> >
> > Not enough information for useful debugging. What
> > do the winbindd logs say ?
> >
> 
> ps -eaf | grep winbind
> root 20085 1  0 14:03 ?00:00:00 /usr/sbin/winbindd -D
> root 20086 20085  0 14:03 ?00:00:00 /usr/sbin/winbindd -D
> root 20089 20085  0 14:03 ?00:00:00 /usr/sbin/winbindd -D
> 
> Cleared /var/log/samba/winbindd.log just before issueing
> command getcifsacl which could not resolve the group SID
> 
> winbindd.log attached.

not really. :-)

Cheers - Michael



pgpmiRUIOzSAA.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] idmap trouble

[Michael Adam]

Hi Brian,

the id mapping configuration hat changed (again) between 3.2 and
3.3. The "idmap domains" setting has vanished.

Could you try and use the id mapping config from your 3.0 setup,
i.e. simply this

> > idmap backend   = rid:KPAK=500-1
> > idmap uid   = 500-1
> > idmap gid   = 500-1

instead of this:

> > idmap domains = default, domain.utah.edu
> > idmap config default: default = yes
> > idmap config domain.utah.edu: range = 500-1
> > idmap config domain.utah.edu: backend = ad
> > idmap alloc backend = tdb
> > idmap uid = 500-1
> > idmap gid = 500-1

Er, btw, can it be that "KPAK" should actually read "DOMAIN" in
the first section? ;-)

Then, for debugging, please paste the output of
"wbinfo -n DOMAIN+gregorcy"
I should list the sid of gegorcy. I expect the rid to be 2433.

What I think happened is that your 3.5 config fell back to
tdb id mapping  because the domain "DOMAIN" did not match the
domain name "domain.utah.edu" that you gave in the idmap config...

The recommended setting would be to have a tdb backend default
idmap range and explicit and disjoint ranges with rid backend vor various
domains like this:

idmap backend = tdb
idmap uid = 10-19
idmap gid = 10-19
idmap config DOMAIN : backend = rid
idmap config DOMAIN : range = 20-29

(see man idmap_rid)

But you should not change your config in that way
if you are updating a production server, since it
would change the uids/gids that users are accessing the
disk with, and so, permissions and ownerships would be broken.

Hope this helps,

Michael

gregorcy wrote:
> Hi,
> 
> I am hoping someone can point out what I am doing wrong, I am upgrading samba 
> from 3.0.37 to 3.5.6 and running into
> trouble with idmapping using ADS security.  I have multiple linux boxes 
> running 3.0.37 and when I execute getent passwd
> I get:
> 
> # getent passwd DOMAIN+gregorcy
> gregorcy:*:2933:1013:Brian Gregorcy:/home/DOMAIN/gregorcy:/bin/bash
> 
> on all the boxes running 3.0.37.
> 
> On my new box running 3.5.6 I get:
> 
> # getent passwd DOMAIN+gregorcy
> gregorcy:*:502:506::/home/DOMAIN/gregorcy:/bin/bash
> 
> 
> Which is not what I had hoped for.  Both machines are joined to my domain and 
> allow me to ssh into them using my AD
> cred, just the uid & gid are not lining up.
> 
> My 3.0.37 smb.conf
> 
> > [global]
> > workgroup   = DOMAIN
> > netbios name= harley
> > realm   = DOMAIN.UTAH.EDU
> > server string   = harley
> > security= ADS
> > preferred master= no
> > client use spnego   = yes
> > server signing  = auto
> > encrypt passwords   = yes
> > nt acl support  = yes
> > acl map full control= yes
> > socket options  = TCP_NODELAY SO_RCVBUF=8192 
> > SO_SNDBUF=8192
> > template shell  = /bin/false
> > password server = *
> > log level   = 3
> > log file= /var/log/samba/%m
> > max log size= 100
> > preferred master= No
> > dns proxy   = No
> > wins server = 192.168.1.100 192.168.1.101
> > winbind cache time  = 0
> > winbind nested groups   = yes
> > allow trusted domains   = No
> > idmap backend   = rid:KPAK=500-1
> > idmap uid   = 500-1
> > idmap gid   = 500-1
> > template shell  = /bin/bash
> > winbind use default domain  = Yes
> > winbind separator   = +
> > winbind enum users  = yes
> > winbind enum groups = yes
> > winbind use default domain  = yes
> > obey pam restrictions   = yes
> 
> 
> 
> My 3.5.6 smb.conf
> 
> 
> > [global]
> > workgroup   = DOMAIN
> > netbios name= vwww3
> > realm   = DOMAIN.UTAH.EDU
> > server string   = web3
> > security= ADS
> > preferred master= no
> > client use spnego   = yes
> > server signing  = auto
> > encrypt passwords   = yes
> > nt acl support  = yes
> > acl map full control= yes
> > wide links  = no
> > password server

[Samba] [ob...@samba.org: 3.6:idmap:Q1: add "idmap range" ?]

[Michael Adam]

Hi Samba Users,

I forgot to send this mail to the samba ML, too.

The question is whether there are serious objections
to replacing "idmap uid" and "idmap gid" by a new
option "idmap range". Details below.

Thanks - Michael

- Forwarded message from Michael Adam  -

Date: Wed, 10 Nov 2010 09:58:26 +0100
From: Michael Adam 
To: samba-techni...@lists.samba.org
Subject: 3.6:idmap:Q1: add "idmap range" ?

Hi List,

I have recently rewritten the idmap code in winbindd
to some extent.

The code has been unified under the hood. And one thing
I would really like to do would be to unify the two
configuration options "idmap uid" and "idmap gid" into
one option called "idmap range" for the sake of consistency
of the default idmap config with the explicit domain configurations
(idmap config DOMAIN : range = ...).

Currently, the uid and gid range are expected to be identical
anyways. The RID module errors out if they aren't and otherwise
the intersection of both ranges is built. So de facto we do have
one single range already.

After discussing this with Volker and Jeremy, the procedure
I have in mind is this:
For 3.6, I would like to introduce "idmap range" in addition and
mark "idmap uid" and "idmap gid" as deprecated. At the place where
now the intersection of "idmap uid" and "idmap gid" is built, I
would build the intersection of all three ranges (possibly with a
warning). This way old and new configs would work without
problems.
In 3.7 or any other future major new version, I would then drop
"idmap uid" and "idmap gid".

Does that sound ok?
Or are there any major concerns with this?

I would really love to reach a stage where we have a sane id
mapping system and configuration. :-)

Cheers - Michael

- End forwarded message -



pgphB5Puekyyj.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] [ob...@samba.org: 3.6:idmap:Q2: get rid of (all/most) idmap alloc parameters for idmap_ldap ?]

[Michael Adam]

Hi Samba Users,

I forgot to send this mail to the samba ML, too.

The question is whether anyone is using the idmap alloc
config options for idmap_ldap. I would like to remove
them for Samba 3.6. Details below.

Thanks - Michael

- Forwarded message from Michael Adam  -

Date: Wed, 10 Nov 2010 11:19:56 +0100
From: Michael Adam 
To: samba-techni...@lists.samba.org
Subject: 3.6:idmap:Q2: get rid of (all/most) idmap alloc parameters for
idmap_ldap ?

Hi,

a second question about config-visible idmap changes I propose
for samba 3.6:

In my idmap rewrite, I kept the alloc related parameters for the
LDAP idmap backend for now:

- idmap alloc config : ldap_url
- idmap alloc config : ldap_base_dn
- idmap alloc config : ldap_user_dn

and the related idmap alloc secret.

I would like to get rid of these.

Therefore, I am asking here, if there is
anyone out there using these?
I can not imagine a reason why one would
want to use different server and/or user+password
for storing the uid/gid counter.

The only option that I would attest a certain, though minimal,
right to exist is the ldap_base_dn. But usually, it should
imho ok to store the uid/gid counter in the same location
as the mappings.

So, again: Are these options needed/used at all?
Or can I remove them for 3.6.0 ?

Cheers - Michael


Note: If we need to keep any of the options, the current form
(idmap alloc config :  = ...) would reference
the default config, but my idmap rewrite would enable us
to set these on a per-domain basis, which would call
for options like this "idmap config DOMAIN : alloc_")




- End forwarded message -



pgpSmg0piPeLl.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Does anybody use idmap_adex?

[Michael Adam]

Hi Nico,

Nico De Ranter wrote:
> 
> Actually I was just about to start using it. Guess I shouldn't?
> 
> I'm looking for a solution to integrate an existing linux environment
> into a Windows AD environment.  I already added all rc2307 info on the
> AD server.  Now I need a way for the linux systems to fetch the
> username, uid, gif, shell and homedir from AD.  Using LDAP directly is
> not an option as I can't do anonymous binds so that would require a
> hardcoded AD user and password on all systems (correct me if I'm wrong)
> According to the man pages it looks like idmap_adex will do exactly what
> I want. However I haven't been able to get it to work.
> 
> Will idmap_adex disappear (if so, I won't invest anymore time in it)?
> Is there another way I can do this?

The older "ad" idmap and nss backend is there.
(man idmap_ad)
This is also maintained.
I guess this would also suit your needs.

Cheers - Michael

> Nico
> 
> 
> On Mon, 2010-06-28 at 20:31 +0200, Volker Lendecke wrote:
> > On Mon, Jun 28, 2010 at 11:00:49AM -0500, Gerald Carter wrote:
> > > Correct.  I just reused a lot of the Likewise code here.
> > > My intent was originally to minimize change between the
> > > version that we shipped in Likewise Identity 4.x and what
> > > was in Samba and to leverage the Likewise QA team on both
> > > fronts.
> > 
> > Ok, the question still remains:
> > 
> > Anybody actually using the module?
> > 
> > How many people do we offend if we remove it?
> > 
> > Volker
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
> -- 
> With kind regards
> 
> Nico De Ranter
> Senior System Administrator
> Techsoft Centre
> 
> Technology and Software Centre Europe
> The Corporate Village - Da Vincilaan 7-D1 - B-1935 Zaventem - Belgium
> 
> Phone:+32 (0)2 700 8641
> Fax:  +32 (0)2 700 8622
> E-mail:nico.deran...@eu.sony.com
> 
> A division of Sony Europe (Belgium) N.V.
> VAT BE 0413.825.160 - RPR Brussels
> Fortis - BIC GEBABEBB - IBAN BE41293037680010
> 
> 
> 
> 
> The information contained in this message or any of its attachments may be 
> confidential and is intended for the exclusive use of the addressee(s).  Any 
> disclosure, reproduction, distribution or other dissemination or use of this 
> communication is strictly prohibited without the express permission of the 
> sender.  The views expressed in this email are those of the individual and 
> not necessarily those of Sony or Sony affiliated companies.  Sony email is 
> for business use only.
> 
> This email and any response may be monitored by Sony to be in compliance with 
> Sony's global policies and standards
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


pgp82IczKP8Ne.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba.org has been revised!

[Michael Adam]

zoolook wrote:
> 2010/5/18 Karolin Seeger :
> > [1] http://samba.org/
> 
> Do you have a sans-serif version of it?

Hmm, only the headlines are in serif fonts.
All the text bodies are sans-serif.

Are you speaking of the headlines?

Cheers - Michael



pgpx4xCvt4kDW.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Questions on Samba and LDAP failover

[Michael Adam]

Gary Peck wrote:
> Hi Michael,
> 
> This option seemed to work:
> 
>  passdb backend = ldapsam:"ldap://ldap-1.example.com ldap-2.example.com"
> 
> 
> I swear I had tried that before, but I must not have.  Thanks for your 
> help.  I am that much closer to having 2000 Faculty/Staff users start using 
> the system.

Ok, good to know things are working again!

Please try to keep the list posted.

Cheers - Michael

> Thanks,
> 
> Gary
> 
> 
> 
> 
> 
> On 3/26/2010 6:15 AM, Michael Adam wrote:
> >Gary Peck wrote:
> >   
> >>I have actually tired that and could not get that to work.  At least it
> >>does not work on the version of samba that is bundled with Solaris 10
> >>(3.0.37).
> >>
> >>passdb backend = ldap:"ldap://ldap1.example.com ldap://ldap2.example.com";
> >>--- This causes a core dump
> >> 
> >oh, i mis-spelled ldap: instead of ldapsam:
> >
> >   
> >>passdb backend = ldapsam:"ldap://ldap1.example.com
> >>ldap://ldap2.example.com"; smbpasswd username fails connecting to primary
> >>ldap server and just errors out.
> >> 
> >Hmm, what ldap library are you using? reading from the smb.conf
> >manpage:
> >
> >   
> >>>>>>  -  ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an 
> >>>>>>  optional argument (defaults to
> >>>>>> ldap://localhost)
> >>>>>>
> >>>>>> LDAP connections should be secured where possible. This may be 
> >>>>>> done using either Start-TLS (see
> >>>>>> ldap ssl) or by specifying ldaps:// in the URL argument.
> >>>>>>
> >>>>>> Multiple servers may also be specified in double-quotes. Whether 
> >>>>>> multiple servers are supported
> >>>>>> or not and the exact syntax depends on the LDAP library you use.
> >>>>>>
> >>>>>>  Examples of use are:
> >>>>>>
> >>>>>> passdb backend = tdbsam:/etc/samba/private/passdb.tdb
> >>>>>>
> >>>>>> or multi server LDAP URL with OpenLDAP library:
> >>>>>>
> >>>>>> passdb backend = ldapsam:"ldap://ldap-1.example.com 
> >>>>>> ldap://ldap-2.example.com";
> >>>>>>
> >>>>>> or multi server LDAP URL with Netscape based LDAP library:
> >>>>>>
> >>>>>> passdb backend = ldapsam:"ldap://ldap-1.example.com 
> >>>>>> ldap-2.example.com"
> >>>>>> 
> >So it depends on your LDAP client library and the example I gave you is 
> >valid
> >for openLDAP, possibly not for yours, if it supports multiple servers at 
> >all.
> >You could try the second syntax ldapsam:"ldap://ldap-1.example.com 
> >ldap-2.example.com".
> >
> >The bottom line is that the string between the quotes has to be a valid 
> >string
> >accepted by the ldap init routine of your library...
> >
> >Cheers - Michael
> >
> >   
> >>It seems to be the 3.0.22 release that I remember seeing a not that ldap
> >>failover was deprecated for some reason.  The only way I have been able
> >>to get any type of failover is setting up a DNS entry to round robin
> >>between two Sun DS7 multimaster directory servers.
> >>
> >>Thanks,
> >>
> >>Gary
> >>
> >>On 3/25/2010 3:16 PM, Michael Adam wrote:
> >> 
> >>>Hi Gary,
> >>>
> >>>Gary Peck wrote:
> >>>
> >>>   
> >>>>After trying multiple options in the smb.conf file the only way I could
> >>>>get fail over to work was having two ldap servers setup in a multimaster
> >>>>replication and having a DNS entry setup that round robins between the
> >>>>two.  Everything seems to work,  I can bring down one ldap server and
> >>>>samba will still authenticate and let users in.  Anybody know of any
> >>>>issues doing it this way?
> >>>>
> >>>>Thanks,
> >>>>
> >>>>Gary
> >>>>
> >>>>
> >>>> 
> >>>>>If I have read the documentation correctly, it looks like you can not
> >>>>>have a fail over LDAP server defined in the smb.conf file for the 
> >>>>>passdb
> >>>>>backend.  It looks like this feature was taken away in an earlier
> >>>>>release.  Is this correct?  If not could somebody steer me in the right
> >>>>>direction.
> >>>>>
> >>>>>   
> >>>Is the question how to specify multiple ldap servers in smb.conf?
> >>>If so, here is the answer:
> >>>
> >>>passdb backend = ldap:"ldap://ldap1.example.com
> >>>ldap://ldap2.example.com";
> >>>
> >>>I.e. put a spaces separated list of ldap urls into quotes.
> >>>
> >>>If that was not your question, please clarify.
> >>>
> >>>Cheers - Michael
> >>>
> >>>   
> >> 
> >   
> 



pgpWzjSXPs9ci.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Questions on Samba and LDAP failover

[Michael Adam]

Gary Peck wrote:
> I have actually tired that and could not get that to work.  At least it 
> does not work on the version of samba that is bundled with Solaris 10 
> (3.0.37).
> 
> passdb backend = ldap:"ldap://ldap1.example.com ldap://ldap2.example.com";  
> --- This causes a core dump

oh, i mis-spelled ldap: instead of ldapsam:

> passdb backend = ldapsam:"ldap://ldap1.example.com 
> ldap://ldap2.example.com"; smbpasswd username fails connecting to primary 
> ldap server and just errors out.

Hmm, what ldap library are you using? reading from the smb.conf
manpage:

>>>>>  -  ldapsam - The LDAP based passdb backend. Takes an LDAP URL as an 
>>>>> optional argument (defaults to
>>>>> ldap://localhost)
>>>>>
>>>>> LDAP connections should be secured where possible. This may be done 
>>>>> using either Start-TLS (see
>>>>> ldap ssl) or by specifying ldaps:// in the URL argument.
>>>>>
>>>>> Multiple servers may also be specified in double-quotes. Whether 
>>>>> multiple servers are supported
>>>>> or not and the exact syntax depends on the LDAP library you use.
>>>>>
>>>>>  Examples of use are:
>>>>>
>>>>> passdb backend = tdbsam:/etc/samba/private/passdb.tdb
>>>>>
>>>>> or multi server LDAP URL with OpenLDAP library:
>>>>>
>>>>> passdb backend = ldapsam:"ldap://ldap-1.example.com 
>>>>> ldap://ldap-2.example.com";
>>>>>
>>>>> or multi server LDAP URL with Netscape based LDAP library:
>>>>>
>>>>> passdb backend = ldapsam:"ldap://ldap-1.example.com 
>>>>> ldap-2.example.com"

So it depends on your LDAP client library and the example I gave you is valid
for openLDAP, possibly not for yours, if it supports multiple servers at all.
You could try the second syntax ldapsam:"ldap://ldap-1.example.com 
ldap-2.example.com".

The bottom line is that the string between the quotes has to be a valid string
accepted by the ldap init routine of your library...

Cheers - Michael

> It seems to be the 3.0.22 release that I remember seeing a not that ldap 
> failover was deprecated for some reason.  The only way I have been able 
> to get any type of failover is setting up a DNS entry to round robin 
> between two Sun DS7 multimaster directory servers.
> 
> Thanks,
> 
> Gary
> 
> On 3/25/2010 3:16 PM, Michael Adam wrote:
> >Hi Gary,
> >
> >Gary Peck wrote:
> >   
> >>After trying multiple options in the smb.conf file the only way I could
> >>get fail over to work was having two ldap servers setup in a multimaster
> >>replication and having a DNS entry setup that round robins between the
> >>two.  Everything seems to work,  I can bring down one ldap server and
> >>samba will still authenticate and let users in.  Anybody know of any
> >>issues doing it this way?
> >>
> >>Thanks,
> >>
> >>Gary
> >>
> >> 
> >>>If I have read the documentation correctly, it looks like you can not
> >>>have a fail over LDAP server defined in the smb.conf file for the passdb
> >>>backend.  It looks like this feature was taken away in an earlier
> >>>release.  Is this correct?  If not could somebody steer me in the right
> >>>direction.
> >>>   
> >Is the question how to specify multiple ldap servers in smb.conf?
> >If so, here is the answer:
> >
> >passdb backend = ldap:"ldap://ldap1.example.com 
> >ldap://ldap2.example.com";
> >
> >I.e. put a spaces separated list of ldap urls into quotes.
> >
> >If that was not your question, please clarify.
> >
> >Cheers - Michael
> >   
> 



pgpDOBA6mxBxI.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Questions on Samba and LDAP failover

[Michael Adam]

Hi Gary,

Gary Peck wrote:
> After trying multiple options in the smb.conf file the only way I could 
> get fail over to work was having two ldap servers setup in a multimaster 
> replication and having a DNS entry setup that round robins between the 
> two.  Everything seems to work,  I can bring down one ldap server and 
> samba will still authenticate and let users in.  Anybody know of any 
> issues doing it this way?
> 
> Thanks,
> 
> Gary
> 
> >If I have read the documentation correctly, it looks like you can not
> >have a fail over LDAP server defined in the smb.conf file for the passdb
> >backend.  It looks like this feature was taken away in an earlier
> >release.  Is this correct?  If not could somebody steer me in the right
> >direction.

Is the question how to specify multiple ldap servers in smb.conf?
If so, here is the answer:

   passdb backend = ldap:"ldap://ldap1.example.com ldap://ldap2.example.com";

I.e. put a spaces separated list of ldap urls into quotes.

If that was not your question, please clarify.

Cheers - Michael


pgpjlMSAsSSEB.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] config backend = registry; printers not shown

[Michael Adam]

Hi Zoolook,

Oops, I just now found this little "thread".
Sorry for not having answered earlier.

This definitely looks like a bug.

The registry config backend is not an experiment, but
apparently, it was not much tested with printing.
(Since most of the time, it is used in clustererd
installations (with ctdb), where usually no printing
is done at all, and most of the time it is used in the
"include = registry" form.)

I am going to investigate this.
Would you mind filing a bug in bugzilla.samba.org for this?

Thanks for your patience and stay tuned...

Cheers - Michael

Zoolook wrote:
> Ok so in 3.4.6 it is fixed, just no the way I like: printers are show only
> if "config backend = file"
> 
> :-/
> 
> So. What is "config backend = registry" good for? or was it an experiment no
> one really cared?
> 
> 
> 2010/3/19 Zoolook 
> 
> > hi!
> >
> > no one knows?
> >
> > 2009/12/22 Zoolook :
> > > Hello,
> > >
> > > I couldn't find an answer to this small question in google/man/faq:
> > > why do I use lose my printer if I use registry backend?
> > >
> > >
> > > config backend = file (full config file below):
> > >
> > > ...
> > > [printers]
> > >comment = All Printers
> > >path = /var/spool/samba
> > >create mask = 0700
> > >printable = Yes
> > >browseable = No
> > >guest ok = yes
> > > ...
> > >
> > > $ smbclient -kL //venkman
> > > ...
> > >EPSON_Stylus_CX5900 Printer   EPSON Stylus CX5900
> > > ...
> > >
> > >
> > > config backend = files, delete everything except [printers] and
> > > include "include = registry":
> > >
> > > ...
> > > [global]
> > >include = registry
> > >
> > > [printers]
> > >comment = All Printers
> > >path = /var/spool/samba
> > >create mask = 0700
> > >printable = Yes
> > >browseable = No
> > >guest ok = yes
> > > ...
> > >
> > > $ smbclient -kL //venkman
> > > ...
> > >EPSON_Stylus_CX5900 Printer   EPSON Stylus CX5900
> > > ...
> > >
> > >
> > > **BUT** if I change to config backend = registry, I no longer see my
> > printer
> > >
> > > ...
> > > [global]
> > >   config backend = registry
> > > ...
> > >
> > > $ smbclient  -kL //venkman
> > > Domain=[BENSA] OS=[Unix] Server=[Samba 3.4.0]
> > >
> > >Sharename   Type  Comment
> > >-     ---
> > >IPC$IPC   IPC Service (venkman server (Samba,
> > Ubuntu))
> > >zoolook Disk  Home Directory
> > >print$  Disk  Printer Drivers
> > > Domain=[BENSA] OS=[Unix] Server=[Samba 3.4.0]
> > >
> > >Server   Comment
> > >----
> > >VENKMAN  venkman server (Samba, Ubuntu)
> > >
> > >WorkgroupMaster
> > >----
> > >BENSAVENKMAN
> > >
> > >
> > > Why? (and no, disabling kerberos makes no difference...)
> > >
> > > samba is 2:3.4.0-3ubuntu5.3, ubuntu karmic.
> > >
> > > Here's my net conf list
> > >
> > > $ sudo net conf list
> > > [global]
> > >workgroup = BENSA
> > >server string = %h server (Samba, Ubuntu)
> > >map to guest = Bad User
> > >obey pam restrictions = Yes
> > >passdb backend = ldapsam:ldap://localhost
> > >dedicated keytab file = /etc/samba/smb.keytab
> > >kerberos method = dedicated keytab
> > >syslog = 0
> > >log file = /var/log/samba/log.%m
> > >max log size = 1000
> > >announce version = 5.9
> > >time server = Yes
> > >add user script = /usr/sbin/smbldap-useradd -m '%u'
> > >delete user script = /usr/sbin/smbldap-userdel '%u'
> > >add group script = /usr/sbin/smbldap-groupadd '%g'
> > >delete group script = /usr/sbin/smbldap-userdel '%g'
> > >add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
> > >delete user from group script = /usr/sbin/smbldap-groupmod -x '%u'
> > '%g'
> > >set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
> > >add machine script = /usr/sbin/smbldap-useradd -t 0 -w '%u'
> > >domain logons = Yes
> > >os level = 255
> > >preferred master = Yes
> > >dns proxy = No
> > >wins support = Yes
> > >ldap admin dn = cn=admin,dc=bensa,dc=ar
> > >ldap group suffix = ou=groups
> > >ldap idmap suffix = ou=idmap
> > >ldap machine suffix = ou=machines
> > >ldap passwd sync = yes
> > >ldap suffix = dc=bensa,dc=ar
> > >ldap ssl = no
> > >ldap user suffix = ou=users
> > >usershare allow guests = Yes
> > >panic action = /usr/share/samba/panic-action %d
> > >realm = BENSA.AR
> > >
> > > [printers]
> > >comment = All Printers
> > >path = /var/spool/samba
> > >create mask = 0700
> > >printable = Yes
> > >browseable

Re: [Samba] Samba 3.4.4 document bug

[Michael Adam]

Hi,

ITPFS oota wrote:
> in pdbedit.8.xml, I found bug.
> 
> in version 3.4.4 ,add -K|--kickoff-time option, 
> 
> but, it not found in
> 
> pdbedit
> -L
> -v
> -w
> -u username
> -f fullname
> -h homedir
> -D drive
> -S script
> -p profile
>   -a
> -t, --password-from-stdin
> -m
> -r
> -x

thanks for noting this!

I filed a bug report for this:
https://bugzilla.samba.org/show_bug.cgi?id=7041

Patches for 3.4 and 3.5(pre) are attached to the bug.
It is fixed in master.

Cheers - Michael




pgpIeGnEWwKfF.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] FW: tree connect failed: NT_STATUS_BAD_NETWORK_NAME

[Michael Adam]

Volker Lendecke wrote:
> On Tue, Dec 29, 2009 at 08:10:27AM +0100, Michael Adam wrote:
> > > [2009/12/28 22:22:08, 5] smbd/uid.c:change_to_user(273)
> > >   change_to_user uid=(0,0) gid=(0,500)
> > > [2009/12/28 22:22:08, 0] smbd/service.c:make_connection_snum(1012)
> > >   '/test' does not exist or permission denied when connecting to [test]
> > > Error was Permission denied
> > 
> > This really means that you got a permission denied on the unix
> > level. -- Despite the unix perms that you listed in your last
> > mail. I don't know what made it accessible after a reboot, but
> > I guess this is about all there is to see from the samba side.
> 
> Probably selinux. The reboot might finally have deactivated
> it.

Ok, I suspected "something along these lines", but my
knowledge about selinux and friends is so embrassing
that I did not even want to mention the word actively
myself, hoping that someone would explain this... ;-)

Cheers - Michael



pgp6dxQCERCaL.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba and Rsync

[Michael Adam]

Hi,

are the unix and samba password data bases in sync on the two
servers? I.e. do the same users (name:uid) exist in /etc/passwd
and do the same users exist in Samba's password database
(compare output of "pdbedit -L").

If the answer is no, you might run into problems with just
syncing the data areas.

Note that rsync (unless called with "--numeric-ids") tries to
copy ownership of files by the owner's name. Read the section
on "--numeric-ids" in the rsync man page for mor information.

Cheers - Michael

Cameron Rangeley wrote:
> Hi Guys
> 
>  
> 
> I am running two RHEL boxes, each day I am rsyncing some data from my primary 
> server to my secondary server, the secondary server will be activated in a DR 
> situation.
> 
>  
> 
> I am rsyncing the entire /home partition.
> 
>  
> 
> On my primary server there are about 8 samba shares for data that the clients 
> can access all the samba shares point to various sub-directories within 
> /home.  My issue is that on my secondary server I cant connect to the shares 
> from a windows workstation. 
> 
>  
> 
> My smb.conf file is the same as my primary server and to test I have created 
> a test mount in /mnt/test and I can connect to that fine.  It appears that 
> the issue is all around the fact that these directories that have been 
> created with rsync.
> 
>  
> 
> My rsync command is: rsync -arzgopulv --delete /home r...@192.168.9.2:/
> 
>  
> 
> My smbd.log file says: '/home/folder/folder/folder does not exist or 
> permission denied when connecting to [folder] Error was Permission denied.
> 
>  
> 
> I can see the folder in samba I have forced the user as root and I have 
> chmodded the folder to 777.  Access from the console to these files and 
> folders works fine.
> 
>  
> 
> Has anyone got any other ideas that I can try?
> 
> 
> Thanks
> 
> 
> Cameron
> 
>  
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



pgpuNlQaY4a7F.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] FW: tree connect failed: NT_STATUS_BAD_NETWORK_NAME

[Michael Adam]

Hi Dominic,

I wanted to wait for the original mail to pop up on the list.
But somehow it did not appear yet.
So while the problem seems to be solved meanwhile, I wanted to
comment on the relevant log portion below (see inline):

Dominic Gamble wrote:
> Hi Michael,
> 
> As I mentioned, here is the full log file.
> 
> Thanks for your time.
> 
> Cheers,
> Dominic.
> 
> -Original Message-
> From: Dominic Gamble [mailto:dominic.gam...@webdynamic.com.au] 
> Sent: Monday, 28 December 2009 10:55 PM
> To: 'samba@lists.samba.org'
> Subject: RE: [Samba] tree connect failed: NT_STATUS_BAD_NETWORK_NAME
> 
> Hi Michael,
> 
> Thanks for your reply. Here are the log entries around the
> NT_STATUS_BAD_NETWORK_NAME entry which may be of interest:
> 
> [2009/12/28 22:22:08, 5] smbd/uid.c:change_to_user(273)
>   change_to_user uid=(0,0) gid=(0,500)
> [2009/12/28 22:22:08, 0] smbd/service.c:make_connection_snum(1012)
>   '/test' does not exist or permission denied when connecting to [test]
> Error was Permission denied

This really means that you got a permission denied on the unix
level. -- Despite the unix perms that you listed in your last
mail. I don't know what made it accessible after a reboot, but
I guess this is about all there is to see from the samba side.

Cheers - Michael

> [2009/12/28 22:22:08, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2009/12/28 22:22:08, 5] auth/auth_util.c:debug_nt_user_token(448)
>   NT user token: (NULL)
> [2009/12/28 22:22:08, 5] auth/auth_util.c:debug_unix_user_token(474)
>   UNIX token of user 0
>   Primary group is 0 and contains 0 supplementary groups
> [2009/12/28 22:22:08, 5] smbd/uid.c:change_to_root_user(288)
>   change_to_root_user: now uid=(0,0) gid=(0,0)
> [2009/12/28 22:22:08, 3] smbd/connection.c:yield_connection(69)
>   Yielding connection to test
> [2009/12/28 22:22:08, 3] smbd/error.c:error_packet_set(106)
>   error packet at smbd/reply.c(514) cmd=117 (SMBtconX)
> NT_STATUS_BAD_NETWORK_NAME
> 
> I can't send the full log file to the samba list as it exceeds the size
> limits but here is a large part of the last of it. I'll send the full log
> file to your direct email address.
> 


pgpmQZQ1q8aV0.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Can't create file.

[Michael Adam]

(including the samba list again in the reply)

jeff sacksteder wrote:
> Yes, in the effort to pare down the smb.conf to a more basic version,
> I inadvertently commented that line out causing this as a secondary
> issue. Must remember to use testparm in the future!

So to my understanding the issue is solved - right?

Cheers - Michael


> > Is the share read only by definition in smb.conf?
> > This is the default. You need to set "read only = no"
> > or "writeable = yes" in the share definition.



pgppURaXaGtH8.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba PDC and Windows XP clients - login timeout after 15 minutes

[Michael Adam]

Hi,

X-Dimension wrote:
> Hi!
> 
> We are using a Samba PDC with 40 Windows XP clients and have some strange  
> problems.
> When a user starts his Windows computer and don't login within the next 15  
> minutes
> (because he drinks a cup of coffee) and tried to login after that time he  
> get the message,
> that the server-profile could not be loaded and a temporary profile is  
> used instead.
> 
> There are absolutely no problems when a user starts his computer and log  
> in within the next 15 minutes,
> but after this time period he always get the error described above.
> 
> Any ideas what goes wrong?

Sorry, no idea just like that.

I'd need your smb.conf and a log file (level 10 if possible)
of such a logon process that fails to load the profile from the
server.

Cheers - Michael

> THX



pgpOauICl8Qvp.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Can't create file.

[Michael Adam]

Hi,

jeff sacksteder wrote:
> I can authenticate at the smb level, but there's something wrong at
> the posix level when I try to edit or create files. I am always denied
> access regardless of how loose the file/directory permissions are.
> This is what I am seeing in the logs -
> 
> [2009/12/20 00:57:35, 4] smbd/uid.c:change_to_user(183)
>   change_to_user: Skipping user change - already user
> [2009/12/20 00:57:35, 5] smbd/filename.c:unix_convert(147)
>   unix_convert called on file "New Text Document.txt"
> [2009/12/20 00:57:35, 5] smbd/filename.c:unix_convert(246)
>   unix_convert begin: name = New Text Document.txt, dirpath = , start
> = New Text Document.txt
> [2009/12/20 00:57:35, 5] smbd/filename.c:unix_convert(440)
>   New file New Text Document.txt
> [2009/12/20 00:57:35, 3] smbd/dosmode.c:unix_mode(142)
>   unix_mode(New Text Document.txt) returning 0744
> [2009/12/20 00:57:35, 5] smbd/files.c:file_new(123)
>   allocated file structure 9322, fnum = 13418 (1 used)
> [2009/12/20 00:57:35, 4] smbd/open.c:open_file_ntcreate(1605)
>   calling open_file with flags=0x2 flags2=0x80 mode=0744, access_mask
> = 0x2019f, open_access_mask = 0x2019f
> [2009/12/20 00:57:35, 3] smbd/open.c:open_file(237)
>   Permission denied opening New Text Document.txt
> [2009/12/20 00:57:35, 5] smbd/files.c:file_free(454)
>   freed files structure 13418 (0 used)
> [2009/12/20 00:57:35, 3] smbd/error.c:error_packet_set(106)
>   error packet at smbd/nttrans.c(805) cmd=162 (SMBntcreateX)
> NT_STATUS_ACCESS_DENIED
> 
> other than the mode of the directory, what would cause this to return
> access_denied?

Is the share read only by definition in smb.conf?
This is the default. You need to set "read only = no"
or "writeable = yes" in the share definition.

Or is there a "write list" parameter in your share
definition? If so, does it contain the connecting user?

If the share is marked writeable generally or for the
user in question in smb.conf and you still see the
access denied, then you have to check that the
user that is connecting to the share has enough
unix permissions on the folder of the share.

If this does not help, please provide your smb.conf,
the user accessing the share and output of "ls -ld"
(and possibly "getfacl") of the directory in question.

Cheers - Michael


pgpbFNMnB4TQZ.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] tree connect failed: NT_STATUS_BAD_NETWORK_NAME

[Michael Adam]

Hi Dominic,

Dominic Gamble wrote:
> Hi,
> 
> I can't get access to any shares when running "smbclient //DUCK/test -U
> Dominic". I'm getting the message:
> tree connect failed: NT_STATUS_BAD_NETWORK_NAME
> 
> I'm pretty sure it's authenticating properly as it says "session setup ok"
> in the debug output. If I enter the wrong password I get:
> "session setup failed: NT_STATUS_LOGON_FAILURE"

This is correct.

> I'm running CentOS 5.4 with the following samba packages
> 
> samba-common-3.0.33-3.15.el5_4.1
> samba-3.0.33-3.15.el5_4.1
> samba-swat-3.0.33-3.15.el5_4.1
> samba-client-3.0.33-3.15.el5_4.1
> 
> My samba setup uses LDAP for authentication. All logging seems to indicate
> that authentication and LDAP is working well.
> 
> My /etc/samba/smb.conf was generated with SWAT and has the following shares:
> 
> [tmp]
> comment = temporary files
> path = /tmp
> hosts allow =
> hosts deny =
> 
> [test]
> comment = test files
> path = /test
> hosts allow =
> hosts deny =
> 
> 
> Both shares contain a file called myfile.txt.
> 
> When I connect to the "tmp" share, I don't get the "tree connect failed:
> NT_STATUS_BAD_NETWORK_NAME", but I can't list any files:
> 
> [r...@duck cache]# smbclient //DUCK/tmp -U dominic
> Password:
> Domain=[ORANDA] OS=[Unix] Server=[Samba 3.0.33-3.15.el5_4.1]
> smb: \> ls
>   .   D0  Mon Dec 28 04:02:13 2009
>   ..  D0  Sun Dec 27 21:16:53 2009
> 
> 36224 blocks of size 8388608. 34082 blocks available
> smb: \>
> 
> When I connect to the "test" share I get the "tree connect failed:
> NT_STATUS_BAD_NETWORK_NAME":
> [r...@duck cache]# smbclient //DUCK/test -U dominic
> Password:
> Domain=[ORANDA] OS=[Unix] Server=[Samba 3.0.33-3.15.el5_4.1]
> tree connect failed: NT_STATUS_BAD_NETWORK_NAME
> 
> The permissions on the /tmp and /test folders are the same:
> 
> drwxrwxrwt 2 root root 4096 Dec 27 21:35 test
> drwxrwxrwt 4 root root 4096 Dec 28 04:02 tmp
> 
> There are no complex acls on them either:
> 
> [r...@duck /]# getfacl tmp
> # file: tmp
> # owner: root
> # group: root
> user::rwx
> group::rwx
> other::rwx
> 
> [r...@duck /]# getfacl test
> # file: test
> # owner: root
> # group: root
> user::rwx
> group::rwx
> other::rwx
> 
> I've tried getting more debug info by setting log levels to 10 in both
> smb.conf and using the -d10 parameter on the command line, but it gives me
> nothing useful in the logs or in the output.
> 
> I've been through 'The Samba Checklist'
> (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html)
> and had no other problems.
> 
> Here is the rest of my smb.conf:
> 
> [global]
> workgroup = ORANDA
> server string = Duck
> passdb backend = ldapsam:ldap://localhost/
> pam password change = Yes
> passwd program = /usr/sbin/smbldap-passwd %u
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *all*authentication*tokens*updated*
> unix password sync = Yes
> log level = 10
> log file = /var/log/samba/log.%m
> load printers = No
> printcap name = /dev/null
> disable spoolss = Yes
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> delete user script = /usr/sbin/smbldap-userdel "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
> "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
> logon script = login.cmd
> logon path = \\%N\profiles\%U
> logon drive = H:
> domain logons = Yes
> os level = 127
> wins support = Yes
> ldap admin dn = cn=admin,dc=oranda,dc=internal
> ldap delete dn = Yes
> ldap group suffix = ou=Group
> ldap idmap suffix = ou=Idmap
> ldap machine suffix = ou=Computers
> ldap passwd sync = Yes
> ldap suffix = dc=oranda,dc=internal
> ldap user suffix = ou=People
> panic action = /usr/share/samba/panic-action %d
> admin users = dominic
> hosts allow = 192.168.10., 127.
> hosts deny = ALL
> printing = bsd
> print command = lpr -r -P'%p' %s
> lpq command = lpq -P'%p'
> lprm command = lprm -P'%p' %j
> use client driver = Yes
> 
> This has had me stumped for 3 days straight now and I don't know what else I
> can try. Samba just isn't giving me any more clues.
> 
> I've found lots of other posts like mine through google with no replies to
> them. Does anyone have any ideas of what to do next?
> 
> I would greatly appreciate if someone could point me in 

Re: [Samba] CTDB+GFS2+CMAN. clean_start="0" or clean_start="1"?

[Michael Adam]

Yauheni Labko wrote:
> Thank you for the answer, Michael.
> 
> As far as I understood clean_star="1" is absolutely ok for GFS/GFS2?

Sorry, I am not an expert in GFS settings. (But read on...)

> CTDB is not going to work without Red Hat Cluster manage. CMAN starts 
> dlm_controld and gfs_controld. ccsd handles node-to-node communication.

Well GFS needs the cman processes, so CTDB needs them, too.
But CTDB only uses one lock file in the cluster file system.
Apart from that, the CTDB daemons communicate with each other
via tcp all on their own.

> I think GPFS has the similar manager like CMAN. The clean_start="1" is the 
> only 
> setting which can provide the necessary access to the GFS/GFS2 partitions as 
> CTDB required. Correct me if I'm wrong.

Sorry again. CTDB is completely ignorant with respect to GFS or
CMAN configuration options. It only needs a cluster file system
that supports POSIX fcntl() byte range locks. CTDB basicall treats
the file system as a black box.
So CTDB does not care about the value "clean_start" as such. Just make
sure you don't sure that you don't start ctdbd before the cman
stuff is up and running and the  GFS file system is mounted.

> Btw, i thought OCFS2 is not ready to use with CTDB due to the lacks of some 
> features. This was primary reason why I started  with GFS.

OCFS2 was lacking support of POSIX fcntl byte range locks (which
are required to run ctdb) until recently. But this has changed!
I have not tried it myself, but I think Jim McDonough
(j...@samba.org, I have added him to Cc) might be able to give
you some details (versions and such).

> I left manual fencing for testing only. I was going to use iLO in production.

OK.

Hope this somewhat helps... :-)

Cheers - Michael

> Yauheni Labko (Eugene Lobko)
> Junior System Administrator
> Chapdelaine & Co.
> (212)208-9150
> 
> > CTDB is pretty ignorant of CMAN as such.
> > It just relies on a cluster file system, like GFS2.
> 
> 
> > So you should only start ctdbd when the cluster is up
> > and the gfs2 file system is mounted. I think you should
> > not start ctdbd as a cluster service managed by cman,
> > since ctdbd can be considered a cluster manager for
> > certain services (like samba...) itself. Apart from
> > that, ctdb should be considered pretty much independent
> > of the red hat cluster manager.
> >
> > CTDB needs a file in the cluster file system, the
> > recovery lock file. The location of this file (or a
> > directory, in which such a file can be created) should
> > be specified in the CTDB_RECOVERY_LOCK=... setting
> > in /etc/sysconfig/ctdb.
> >
> > At a glance, your cluster.conf looks sane, but
> > I think manual fencing can be a real problem with
> > cman.
> >
> > GPFS is very well tested with ctdb.
> > I think there are many people testing ctdb with gfs2.
> > I have heard positive feedback of people using ctdb
> > with GlusterFS and lustre (and recently with ocfs2).
> >
> > You might want to join the #ctdb irc channel on freenode.
> > There are ususally some people around with more expertise
> > in gfs2 than me.
> >
> > Cheers - Michael
> >
> > Yauheni Labko wrote:
> > > Hi everybody,
> > >
> > > I have tested CTDB+GFS2+CMAN under Debian. It works good but I do not
> > > understand some points.
> > > It is possible to run the CTDB defining it under services section in
> > > cluster.conf but running it on the second node shuts down the process at
> > > the first one. My CTDB configuration implies 2 active-active nodes.
> > >
> > > Does CTDB care if the node starts with clean_start="0" or
> > > clean_start="1"? man fenced says this is a safe way especially during
> > > startup because it prevents a data corruption if a node was dead for some
> > > reason. From my understanding CTDB uses CMAN only as "module" to get
> > > access to gfs/gfs2 partitions. Or maybe it is better to look at GPFS and
> > > LustreFS?
> > >
> > > Could anybody show the working configuration of cluster.conf for
> > > CTDB+GFS2+CMAN?
> > >
> > > I used the following cluster.conf and ctd conf:
> > >
> > > 
> > > 
> > >   
> > >   
> > >   
> > >   
> > > 
> > >   
> > > 
> > > 
> > >   
> > > 
> > >   
> > > 
> > > 
> > >   
> > > 
> > > 
> > >   
> > > 
> > >   
> > > 
> > >   
> > >   
> > > 
> > > 
> > > 
> > >  > > password="foo"/> 
> > > 
> > >
> > > # Options to ctdbd. This is read by /etc/init.d/ctdb
> > > CTDB_RECOVERY_LOCK="/smb-ctdb/.ctdb_locking"
> > > CTDB_PUBLIC_INTERFACE=eth2
> > > CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses
> > > CTDB_MANAGES_SAMBA=yes
> > > CTDB_INIT_STYLE=ubuntu
> > > CTDB_NODES=/etc/ctdb/nodes
> > > CTDB_NOTIFY_SCRIPT=/etc/ctdb/notify.sh
> > > CTDB_DBDIR=/var/ctdb
> > > CTDB_DBDIR_PERSISTENT=/var/ctdb/persistent
> > > CTDB_SOCKET=/tmp/ctdb.socket
> > > CTDB_LOGFILE=/var/log/ctdb.log
> > > CTDB_DEBUGLEVEL=2
> > >
> > > Yauheni Labko (Eugene Lobko)
> > > Junior System Administrator

Re: [Samba] CTDB+GFS2+CMAN. clean_start="0" or clean_start="1"?

[Michael Adam]

Hi,

CTDB is pretty ignorant of CMAN as such.
It just relies on a cluster file system, like GFS2.

So you should only start ctdbd when the cluster is up
and the gfs2 file system is mounted. I think you should
not start ctdbd as a cluster service managed by cman,
since ctdbd can be considered a cluster manager for
certain services (like samba...) itself. Apart from
that, ctdb should be considered pretty much independent
of the red hat cluster manager.

CTDB needs a file in the cluster file system, the
recovery lock file. The location of this file (or a
directory, in which such a file can be created) should
be specified in the CTDB_RECOVERY_LOCK=... setting
in /etc/sysconfig/ctdb.

At a glance, your cluster.conf looks sane, but
I think manual fencing can be a real problem with
cman.

GPFS is very well tested with ctdb.
I think there are many people testing ctdb with gfs2.
I have heard positive feedback of people using ctdb
with GlusterFS and lustre (and recently with ocfs2).

You might want to join the #ctdb irc channel on freenode.
There are ususally some people around with more expertise
in gfs2 than me.

Cheers - Michael

Yauheni Labko wrote:
> Hi everybody,
> 
> I have tested CTDB+GFS2+CMAN under Debian. It works good but I do not 
> understand some points.
> It is possible to run the CTDB defining it under services section in 
> cluster.conf but running it on the second node shuts down the process at the 
> first one. My CTDB configuration implies 2 active-active nodes.
> 
> Does CTDB care if the node starts with clean_start="0" or clean_start="1"? 
> man 
> fenced says this is a safe way especially during startup because it prevents 
> a data corruption if a node was dead for some reason. From my understanding 
> CTDB uses CMAN only as "module" to get access to gfs/gfs2 partitions. Or 
> maybe it is better to look at GPFS and LustreFS?
> 
> Could anybody show the working configuration of cluster.conf for 
> CTDB+GFS2+CMAN? 
> 
> I used the following cluster.conf and ctd conf:
> 
> 
> 
>   
>   
>   
>   
> 
>   
> 
> 
>   
> 
>   
> 
> 
>   
> 
> 
>   
> 
>   
> 
>   
>   
> 
> 
> 
> 
>   
> 
> 
> # Options to ctdbd. This is read by /etc/init.d/ctdb
> CTDB_RECOVERY_LOCK="/smb-ctdb/.ctdb_locking"
> CTDB_PUBLIC_INTERFACE=eth2
> CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses
> CTDB_MANAGES_SAMBA=yes
> CTDB_INIT_STYLE=ubuntu
> CTDB_NODES=/etc/ctdb/nodes
> CTDB_NOTIFY_SCRIPT=/etc/ctdb/notify.sh
> CTDB_DBDIR=/var/ctdb
> CTDB_DBDIR_PERSISTENT=/var/ctdb/persistent
> CTDB_SOCKET=/tmp/ctdb.socket
> CTDB_LOGFILE=/var/log/ctdb.log
> CTDB_DEBUGLEVEL=2
> 
> Yauheni Labko (Eugene Lobko)
> Junior System Administrator
> Chapdelaine & Co.
> (212)208-9150


pgpRIIWhwBTxP.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba using Server 2k3 DC for auth and ACL permissions

[Michael Adam]

Michael Heydon wrote:
> Blotto wrote:
> >only users listed in the smb.conf file for that share
> >have access regardless of the acl permissions set
> >  
> Maybe I'm not reading this right, but I think that is how it is supposed 
> to work.
> 
> When you define which users can access a share that is checked when they 
> attempt to connect, file system ACLs will only come in to play after the 
> user has been granted access to the share.

Precisely.

If a user can't pass the smb.conf/share level acls, then
specially file system acls have no effect for this user -
samba-wise.

Cheers - Michael

> >[Admin] 
> >path = /media/Shared/ 
> >read only = no 
> >create mode = 0700 
> >directory mode = 0700 
> >nt acl support = yes 
> >acl map full control = yes 
> >admin users = @MY+fileserveradmin 
> >valid users = @"MY+Domain Users" 
> >browseable = true 
> >  
> So are you trying to grant Fred (for example) access to the files, even 
> though he isn't a member of "MY\Domain Users" (probably a bad example 
> since all users are likely to be in that group)?
> 
> *Michael Heydon - IT Administrator *
> micha...@jaswin.com.au 



pgp8QitGzr66O.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] No responses, not a one?

[Michael Adam]

rce directory mode = 777
> >>>
> >>> force create mode = 777
> >>>
> >>>  nt acl support =yes
> >>>
> >>>  
> >>>
> >>> And the 3.0.33 config file
> >>>
> >>>  
> >>>
> >>>  
> >>> workgroup = workgroup
> >>>
> >>>security = domain
> >>>
> >>>idmap uid = 16777216-33554431
> >>>
> >>>idmap gid = 16777216-33554431
> >>>
> >>>template shell = /bin/false
> >>>
> >>>winbind use default domain = false
> >>>
> >>>winbind offline logon = false
> >>>
> >>> ldap user suffix = ou=Users
> >>>
> >>> socket options = TCP_NODELAY SO_RCVBUF=8192
> >>> SO_SNDBUF=8192
> >>>
> >>> wins server = 192.168.1.1
> >>>
> >>> winbind trusted domains only = yes
> >>>
> >>> idmap backend = ldap://192.168.1.1
> >>>
> >>> encrypt passwords = yes
> >>>
> >>> passdb backend = ldapsam:ldap://System.MyGroup.com
> >>>
> >>> nt acl support = yes
> >>>
> >>> netbios name = NewSystem
> >>>
> >>> ldap machine suffix = ou=Computers
> >>>
> >>> ldap group suffix = ou=Groups
> >>>
> >>> ldap passwd sync = yes
> >>> ldap suffix = dc=MyGroup,dc=com
> >>>
> >>> local master = no
> >>>
> >>> winbind enum groups = no
> >>>
> >>> os level = 20
> >>>
> >>> ldap admin dn = cn=Manager,dc=MyGroup,dc=com
> >>>
> >>> log level = 5
> >>>
> >>>
> >>>
> >>> [NEWSHARE]
> >>>
> >>> nt acl support = yes
> >>>
> >>> guest account = administrator
> >>>
> >>> writeable = yes
> >>>
> >>> path = /raid/smb/newshare
> >>>
> >>> force directory mode = 777
> >>>
> >>> force create mode = 777
> >>>
> >>> valid users = @"Domain Users"
> >>>
> >>>  
> >>>
> >>> Any help?
> >>>
> >>>  
> >>>
> >>> Thanks!
> >>>
> >>>  
> >>>
> >>>  
> >>>
> >>>
> >>> _
> >>> Bing™ brings you maps, menus, and reviews organized in one place. Try it 
> >>> now.
> >>> http://www.bing.com/search?q=restaurants&form=MLOGEN&publ=WLHMTAG&crea=TXT_MLOGEN_Local_Local_Restaurants_1x1
> >>> -- 
> >>> To unsubscribe from this list go to the following URL and read the
> >>> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >> _
> >> Bing™ brings you maps, menus, and reviews organized in one place. Try it 
> >> now.
> >> http://www.bing.com/search?q=restaurants&form=MLOGEN&publ=WLHMTAG&crea=TXT_MLOGEN_Local_Local_Restaurants_1x1
> >> -- 
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> > 
> > _
> > Windows Live™ SkyDrive™: Store, access, and share your photos. See how.
> > http://windowslive.com/Online/SkyDrive?ocid=TXT_TAGLM_WL_CS_SD_photos_072009
> 
> 
> -- 
> John H Terpstra
> 
> "If at first you don't succeed, don't go sky-diving!"
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-- 
Michael Adam   
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgp6by6KFH9bI.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] TYPO net.8.xml

[Michael Adam]

Michael Adam wrote:
> OPC oota wrote:
> > I found typo in net.8.xml of samba-3.4.0 source.
> > 
> > Note that you also need to use standard net paramters to connect and 
> > authenticate
> > -
> > parameters
> >  to the remote machine that you want to rename in the domain. 
> > These additional parameters include: -S computer and -U user.
> > 
> 
> Thanks for the report!
> There are are actually two more places with the same typo.
> 
> I have fixed it in our master branch and will look into getting
> this into 3.4

FYI: The fix has been pushed to the 3.3 and 3.4 release branches
and will be in the next bugfix releases.

Cheers - Michael



pgpaRmiCse8I1.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] TYPO net.8.xml

[Michael Adam]

OPC oota wrote:
> I found typo in net.8.xml of samba-3.4.0 source.
> 
> Note that you also need to use standard net paramters to connect and 
> authenticate
> -
> parameters
>  to the remote machine that you want to rename in the domain. 
> These additional parameters include: -S computer and -U user.
> 

Thanks for the report!
There are are actually two more places with the same typo.

I have fixed it in our master branch and will look into getting
this into 3.4

Michael



pgppmYDlJpSDJ.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] net command in sernet -samba 3.4 for RHEL

[Michael Adam]

Hi,

Adam Cohen wrote:
> After upgrading a test machine to Sernet's 3.4 package, it looks like 
> the "net" command is gone.  This was definitely there in the 
> redhat-supplied 3.0 build and I thought it was there in sernet's 3.3 
> build too.   I installed all the rpm's - samba3-client, samba3-utils, 
> samba3-cifsmount am I missing something?

Which packages precisely did you use?

For the rhel5-packages, I find the net binary in the
samba3-client package:

$ rpm -qpl samba3-client-3.4.0-40.el5.x86_64.rpm  | grep net
/usr/bin/net
/usr/share/man/man8/net.8.gz
$ rpm -qpl samba3-client-3.4.0-40.el5.i386.rpm  | grep net
/usr/bin/net
/usr/share/man/man8/net.8.gz
$

Btw: for questions about the sernet packages,
you can please write to sa...@sernet.de directly.

Cheers - Michael

-- 
Michael Adam   
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgp6jFbkz1Nnw.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [Release Planning 3.2] Samba 3.2.8 on February 03, 2009

[Michael Adam]

one more missing piece of information:

please put the script update-pkginfo.sh into packaging/bin/

Thanks - Michael

Michael Adam wrote:
> my promised-attachement-problem again... :-)
> 
> Michael Adam wrote:
> > Hi Adam,
> > 
> > in this case it is not sufficient to just apply the patches
> > since the are applied to the template file. These are transformed
> > to the proper files (samba.spec, makerpms.sh) by the script
> > release-scripts/create-tarball.
> > 
> > Since it is no good to call create-tarball from the unpacked
> > tarball, I have attached a script for you that you should call
> > from the base dir of the unpacked tarball and that will update
> > the specfile and makerpms.sh for you.
> > 
> > I think I am going to check this into relevant branches.
> > 
> > Thanks for your feedback.
> > 
> > Cheers - Michael
> > 
> > Adam Williams wrote:
> > > Karolin Seeger wrote:
> > > >yes, three patches concerning RHEL packaging will be included.
> > > >These patches fix the problem for me. Please report if it they don't work
> > > >for you.
> > > >
> > > >Please find attached the patches.
> > > >
> > > >Karolin
> > > >  
> > > Hi Karolin, thanks for the response.  I apologize if I sounded rude in 
> > > my last message.  I applied the patches as follows:
> > > 
> > > [r...@roark samba-3.2.7]# patch 
> > > -p1<0001-packaging-RHEL-fix-build-of-u-mount.cifs.patch
> > > (Stripping trailing CRs from patch.)
> > > patching file packaging/RHEL/samba.spec.tmpl
> > > [r...@roark samba-3.2.7]# patch 
> > > -p1<0001-packaging-RHEL-Fix-syntax-error-in-samba.spec.tmpl.patch
> > > (Stripping trailing CRs from patch.)
> > > patching file packaging/RHEL/samba.spec.tmpl
> > > [r...@roark samba-3.2.7]# patch 
> > > -p1<0002-packaging-RHEL-fix-typo-in-u-mount.cifs-installat.patch
> > > (Stripping trailing CRs from patch.)
> > > patching file packaging/RHEL/samba.spec.tmpl
> > > Hunk #1 succeeded at 244 (offset -1 lines).
> > > 
> > > 
> > > but I still get the same error with makerpms.sh:
> > > 
> > > 
> > > Linking shared library bin/libnetapi.so.0
> > > make: Nothing to be done for `pam_smbpass'.
> > > Linking shared library bin/libsmbclient.so.0
> > > Linking bin/net
> > > + cd client
> > > + gcc -o mount.cifs -O2 -g -D_GNU_SOURCE -Wall -D_GNU_SOURCE 
> > > -D_LARGEFILE64_SOURCE mount.cifs.c
> > > /tmp/ccXRkvaz.o: In function `main':
> > > /root/rpmbuild/BUILD/samba-3.2.7/source/client/mount.cifs.c:1415: 
> > > undefined reference to `unlock_mtab'
> > > /root/rpmbuild/BUILD/samba-3.2.7/source/client/mount.cifs.c:1416: 
> > > undefined reference to `lock_mtab'
> > > /root/rpmbuild/BUILD/samba-3.2.7/source/client/mount.cifs.c:1462: 
> > > undefined reference to `unlock_mtab'
> > > /root/rpmbuild/BUILD/samba-3.2.7/source/client/mount.cifs.c:1424: 
> > > undefined reference to `unlock_mtab'
> > > collect2: ld returned 1 exit status
> > > error: Bad exit status from /var/tmp/rpm-tmp.vzKfgV (%build)
> > > 
> > > 
> > > RPM build errors:
> > >Bad exit status from /var/tmp/rpm-tmp.vzKfgV (%build)
> > > makerpms.sh: Done.
> > 
> > -- 
> > Michael Adam 
> > SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> > phone: +49-551-37-0, fax: +49-551-37-9
> > AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> > http://www.SerNet.DE, mailto: Info @ SerNet.DE
> 
> 
> 
> -- 
> 
> i.A. Michael Adam
> 
> -- 
> Michael Adam 
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-37-0, fax: +49-551-37-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.SerNet.DE, mailto: Info @ SerNet.DE





-- 

i.A. Michael Adam

-- 
Michael Adam 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpjCTeOQ6BEF.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [Release Planning 3.2] Samba 3.2.8 on February 03, 2009

[Michael Adam]

my promised-attachement-problem again... :-)

Michael Adam wrote:
> Hi Adam,
> 
> in this case it is not sufficient to just apply the patches
> since the are applied to the template file. These are transformed
> to the proper files (samba.spec, makerpms.sh) by the script
> release-scripts/create-tarball.
> 
> Since it is no good to call create-tarball from the unpacked
> tarball, I have attached a script for you that you should call
> from the base dir of the unpacked tarball and that will update
> the specfile and makerpms.sh for you.
> 
> I think I am going to check this into relevant branches.
> 
> Thanks for your feedback.
> 
> Cheers - Michael
> 
> Adam Williams wrote:
> > Karolin Seeger wrote:
> > >yes, three patches concerning RHEL packaging will be included.
> > >These patches fix the problem for me. Please report if it they don't work
> > >for you.
> > >
> > >Please find attached the patches.
> > >
> > >Karolin
> > >  
> > Hi Karolin, thanks for the response.  I apologize if I sounded rude in 
> > my last message.  I applied the patches as follows:
> > 
> > [r...@roark samba-3.2.7]# patch 
> > -p1<0001-packaging-RHEL-fix-build-of-u-mount.cifs.patch
> > (Stripping trailing CRs from patch.)
> > patching file packaging/RHEL/samba.spec.tmpl
> > [r...@roark samba-3.2.7]# patch 
> > -p1<0001-packaging-RHEL-Fix-syntax-error-in-samba.spec.tmpl.patch
> > (Stripping trailing CRs from patch.)
> > patching file packaging/RHEL/samba.spec.tmpl
> > [r...@roark samba-3.2.7]# patch 
> > -p1<0002-packaging-RHEL-fix-typo-in-u-mount.cifs-installat.patch
> > (Stripping trailing CRs from patch.)
> > patching file packaging/RHEL/samba.spec.tmpl
> > Hunk #1 succeeded at 244 (offset -1 lines).
> > 
> > 
> > but I still get the same error with makerpms.sh:
> > 
> > 
> > Linking shared library bin/libnetapi.so.0
> > make: Nothing to be done for `pam_smbpass'.
> > Linking shared library bin/libsmbclient.so.0
> > Linking bin/net
> > + cd client
> > + gcc -o mount.cifs -O2 -g -D_GNU_SOURCE -Wall -D_GNU_SOURCE 
> > -D_LARGEFILE64_SOURCE mount.cifs.c
> > /tmp/ccXRkvaz.o: In function `main':
> > /root/rpmbuild/BUILD/samba-3.2.7/source/client/mount.cifs.c:1415: 
> > undefined reference to `unlock_mtab'
> > /root/rpmbuild/BUILD/samba-3.2.7/source/client/mount.cifs.c:1416: 
> > undefined reference to `lock_mtab'
> > /root/rpmbuild/BUILD/samba-3.2.7/source/client/mount.cifs.c:1462: 
> > undefined reference to `unlock_mtab'
> > /root/rpmbuild/BUILD/samba-3.2.7/source/client/mount.cifs.c:1424: 
> > undefined reference to `unlock_mtab'
> > collect2: ld returned 1 exit status
> > error: Bad exit status from /var/tmp/rpm-tmp.vzKfgV (%build)
> > 
> > 
> > RPM build errors:
> >Bad exit status from /var/tmp/rpm-tmp.vzKfgV (%build)
> > makerpms.sh: Done.
> 
> -- 
> Michael Adam 
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-37-0, fax: +49-551-37-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.SerNet.DE, mailto: Info @ SerNet.DE



-- 

i.A. Michael Adam

-- 
Michael Adam 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpzDvjHCMtOA.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [Release Planning 3.2] Samba 3.2.8 on February 03, 2009

[Michael Adam]

Hi Adam,

in this case it is not sufficient to just apply the patches
since the are applied to the template file. These are transformed
to the proper files (samba.spec, makerpms.sh) by the script
release-scripts/create-tarball.

Since it is no good to call create-tarball from the unpacked
tarball, I have attached a script for you that you should call
from the base dir of the unpacked tarball and that will update
the specfile and makerpms.sh for you.

I think I am going to check this into relevant branches.

Thanks for your feedback.

Cheers - Michael

Adam Williams wrote:
> Karolin Seeger wrote:
> >yes, three patches concerning RHEL packaging will be included.
> >These patches fix the problem for me. Please report if it they don't work
> >for you.
> >
> >Please find attached the patches.
> >
> >Karolin
> >  
> Hi Karolin, thanks for the response.  I apologize if I sounded rude in 
> my last message.  I applied the patches as follows:
> 
> [r...@roark samba-3.2.7]# patch 
> -p1<0001-packaging-RHEL-fix-build-of-u-mount.cifs.patch
> (Stripping trailing CRs from patch.)
> patching file packaging/RHEL/samba.spec.tmpl
> [r...@roark samba-3.2.7]# patch 
> -p1<0001-packaging-RHEL-Fix-syntax-error-in-samba.spec.tmpl.patch
> (Stripping trailing CRs from patch.)
> patching file packaging/RHEL/samba.spec.tmpl
> [r...@roark samba-3.2.7]# patch 
> -p1<0002-packaging-RHEL-fix-typo-in-u-mount.cifs-installat.patch
> (Stripping trailing CRs from patch.)
> patching file packaging/RHEL/samba.spec.tmpl
> Hunk #1 succeeded at 244 (offset -1 lines).
> 
> 
> but I still get the same error with makerpms.sh:
> 
> 
> Linking shared library bin/libnetapi.so.0
> make: Nothing to be done for `pam_smbpass'.
> Linking shared library bin/libsmbclient.so.0
> Linking bin/net
> + cd client
> + gcc -o mount.cifs -O2 -g -D_GNU_SOURCE -Wall -D_GNU_SOURCE 
> -D_LARGEFILE64_SOURCE mount.cifs.c
> /tmp/ccXRkvaz.o: In function `main':
> /root/rpmbuild/BUILD/samba-3.2.7/source/client/mount.cifs.c:1415: 
> undefined reference to `unlock_mtab'
> /root/rpmbuild/BUILD/samba-3.2.7/source/client/mount.cifs.c:1416: 
> undefined reference to `lock_mtab'
> /root/rpmbuild/BUILD/samba-3.2.7/source/client/mount.cifs.c:1462: 
> undefined reference to `unlock_mtab'
> /root/rpmbuild/BUILD/samba-3.2.7/source/client/mount.cifs.c:1424: 
> undefined reference to `unlock_mtab'
> collect2: ld returned 1 exit status
> error: Bad exit status from /var/tmp/rpm-tmp.vzKfgV (%build)
> 
> 
> RPM build errors:
>Bad exit status from /var/tmp/rpm-tmp.vzKfgV (%build)
> makerpms.sh: Done.

-- 
Michael Adam 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpTzCPw7BZEu.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] TDB Corruption.

[Michael Adam]

Linux Addict wrote:
> Hello, I have relatively a large setup where RHEL 4 authenticating MS 
> W2K3 R2. Every often a host may not be able to authenticate due tdb 
> corruption and we had to rm the *.tdb and files and restart the winbind 
> which would  create fresh tdb files.  I guess Redhat acknowledged  the  
> issue here. http://kbase.redhat.com/faq/docs/DOC-4842My question is, 
> is this something caused by samba itself or the underlying OS. If samba, 
> are we tracking this?  I know I can use LDAP backend, but I am using RID 
> to eliminate layer of admin work by not entering UIDs for each user.
> Any hint is appreciated.

How do you tell it is tdb corruption?
Are all tdbs corrputed or just some?
(Or why do you erase all of the tdb files?...)

TDB corruption has been seen on various versions of the reiser
file system due to broken implementations of memory mapping.
If your tdb files do reside on a reiser partition you might

  1. move them to some other partition (ext3, xfs, ...) or

  2. set "use mmap = no" in the [global] section of smb.conf,
 trading speed for reliability.

Generally, it is a good idea to run "tdbbackup" regularly on the
important tdb files (secrets.tdb, passdb.tdb, winbindd_idmap.tdb, ...)

Then you can simply restore your backup with "tdbbackup -v" if
corruption occurs. Also for doing file system backups, these
tdbbackup files are useful.

Cheers - Michael

-- 
Michael Adam   
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpCsSl5innTx.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] CTDB + Samba + Winbind + ActiveDirectory

[Michael Adam]

ce /addresse
  for you and switch ips to other nodes when one node becomes
  unavailable.

  You can test connectivity with smbclient:

  smbclient //some_public_ip/global-share -UTESTDOMAIN+user%password

  This should work for all public addresses.

  If this does not work, please send me a debug level 10 output
  of the smbclient command and a level 10 log of smbd on the
  corresponding machine.

  You can also test the loopback address on each node.
  (onnode  smbclient //127.0.0.1/global-share -U...)

  Then test with windows clients, with the explorer and with
  "net use". At any point where this fails, we would need
  level 10 server logs of the failing connection.

I hope this gives you a new start in sorting out the problem.

Cheers - Michael

> [global]
> workgroup = TESTDOMAIN
> realm = TESTDOMAIN.LOCAL
> netbios name = CTDB-HEAD
> security = ADS
> auth methods = winbind, sam
> password server = 172.16.4.10
> passdb backend = tdbsam
> log level = 10 winbind:10 auth:10 passdb:10
> log file = /var/log/samba/log.%m
> max log size = 1
> smb ports = 445
> server signing = auto
> socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
> use mmap = No
> clustering = Yes
> dns proxy = No
> idmap backend = tdb2
> idmap uid = 1000-2000
> idmap gid = 1000-2000
> template homedir = /home/%D+%U
> template shell = /bin/bash
> winbind separator = +
> winbind enum users = Yes
> winbind enum groups = Yes
> nfs4:acedup = merge
> nfs4:chown = yes
> nfs4:mode = special
> gpfs:sharemodes = no
> fileid:mapping = fsname
> idmap config TESTDOMAIN:range = 10777216-57554431
> idmap config TESTDOMAIN:backend = rid
> force unknown acl user = Yes
> strict locking = Yes
> vfs objects = gpfs, fileid
> [global-share]
> comment = Global SMB NameSpace
> path = /mnt/gpfs/nfsexport
> read only = No
> inherit permissions = Yes
> inherit acls = Yes
> guest ok = Yes
> Regards,
> -Tim
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba


-- 
Michael Adam   
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpqFyS3aYfKP.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] _Truly_ disabling trusted domains?

[Michael Adam]

Jeremy Allison wrote:
> On Mon, Dec 22, 2008 at 07:41:52AM -0600, Gerald (Jerry) Carter wrote:
> > Michael Adam wrote:
> > > 
> > > Nick wrote:
> > >> Is there a way to completely disable trusted domains in samba/winbind?  
> > >> Some
> > >> of the trusted domains are inaccessible to the client machines, which 
> > >> causes
> > >> winbind not to work due to all the timeouts/errors.  I tried setting 
> > >> "allow
> > >> trusted domains = no", but when looking at the debug logs it's obvious 
> > >> that
> > >> winbind is still trying to look them up.  It appears that winbind doesn't
> > >> respect the "allow trusted domains" at all.
> > > 
> > > Hmmm, you are right: The manual page seems to promise too much
> > > in the description of "allow trusted domain". In fact looking at
> > > the code, it is a smbd-only option. It prevents smbd to perform
> > > explicit requests (like authentication) for trusted domains, but
> > > it does not prevent winbind from walking the list of trusted domains
> > > and trying to establish a connection to each of them (for instance
> > > when enumating users).
> > 
> > Thought I had fixed this.  Patch against 3.2 that should work is attached.
> 
> Pushed - thanks !

Thanks Jeremy,

I didn't have time yet to take care of it.

Cheers - Michael

-- 
Michael Adam   
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpz1umgIYw6C.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] _Truly_ disabling trusted domains?

[Michael Adam]

Hey Jerry,

I just checked, these changes are in none of the branches
master, v3-3-test, v3-2-test. Do you want to push them or
do you want me to do it? I think this definitely should be in!

Cheers - Michael

Gerald (Jerry) Carter wrote:
> Michael Adam wrote:
> > Hi Nick,
> > 
> > Nick wrote:
> >> Is there a way to completely disable trusted domains in samba/winbind?  
> >> Some
> >> of the trusted domains are inaccessible to the client machines, which 
> >> causes
> >> winbind not to work due to all the timeouts/errors.  I tried setting "allow
> >> trusted domains = no", but when looking at the debug logs it's obvious that
> >> winbind is still trying to look them up.  It appears that winbind doesn't
> >> respect the "allow trusted domains" at all.
> > 
> > Hmmm, you are right: The manual page seems to promise too much
> > in the description of "allow trusted domain". In fact looking at
> > the code, it is a smbd-only option. It prevents smbd to perform
> > explicit requests (like authentication) for trusted domains, but
> > it does not prevent winbind from walking the list of trusted domains
> > and trying to establish a connection to each of them (for instance
> > when enumating users).
> 
> Thought I had fixed this.  Patch against 3.2 that should work is attached.
> 
> 
> 
> 
> 
> 
> cheers, jerry
> - --
> =
> Samba--- http://www.samba.org
> Likewise Software  -  http://www.likewisesoftware.com
> "What man is a man who does not make the world better?"  --Balian
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFJT5kgIR7qMdg1EfYRAoZSAKDbR45MTOWwhuOcsTOJ4weMdfv9owCfUioL
> bF4kwk9p/PjerzN8+il46p8=
> =7fGD
> -END PGP SIGNATURE-

> >From 695addd1eb9324d50ef87bc8c8ed5b8eb351fb19 Mon Sep 17 00:00:00 2001
> From: Gerald (Jerry) Carter 
> Date: Mon, 22 Dec 2008 07:40:04 -0600
> Subject: [PATCH] Winbind: Honor the "allow trusted domains" option when 
> scanning or adding a trusted domain.
> 
> ---
>  source/winbindd/winbindd_util.c |   12 +++-
>  1 files changed, 11 insertions(+), 1 deletions(-)
> 
> diff --git a/source/winbindd/winbindd_util.c b/source/winbindd/winbindd_util.c
> index a2a248b..34a5188 100644
> --- a/source/winbindd/winbindd_util.c
> +++ b/source/winbindd/winbindd_util.c
> @@ -506,7 +506,12 @@ static void rescan_forest_trusts( void )
>  void rescan_trusted_domains( void )
>  {
>   time_t now = time(NULL);
> - 
> +
> + /* Check that we allow trusted domains at all */
> +
> + if (!lp_allow_trusted_domains())
> + return;
> +
>   /* see if the time has come... */
>   
>   if ((now >= last_trustdom_scan) &&
> @@ -763,6 +768,11 @@ void check_domain_trusted( const char *name, const 
> DOM_SID *user_sid )
>   DOM_SID dom_sid;
>   uint32 rid;
>   
> + /* Check if we even care */
> +
> + if (!lp_allow_trusted_domains())
> + return;
> +
>   domain = find_domain_from_name_noinit( name );
>   if ( domain )
>   return; 
> -- 
> 1.5.6.3
> 

> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
Michael Adam   
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpHpv5DugfjF.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] _Truly_ disabling trusted domains?

[Michael Adam]

Hi Nick,

Nick wrote:
> Is there a way to completely disable trusted domains in samba/winbind?  Some
> of the trusted domains are inaccessible to the client machines, which causes
> winbind not to work due to all the timeouts/errors.  I tried setting "allow
> trusted domains = no", but when looking at the debug logs it's obvious that
> winbind is still trying to look them up.  It appears that winbind doesn't
> respect the "allow trusted domains" at all.

Hmmm, you are right: The manual page seems to promise too much
in the description of "allow trusted domain". In fact looking at
the code, it is a smbd-only option. It prevents smbd to perform
explicit requests (like authentication) for trusted domains, but
it does not prevent winbind from walking the list of trusted domains
and trying to establish a connection to each of them (for instance
when enumating users).

> Does anyone know how to do this?  From my observations it appears that this
> is a bug.  I was going to file a bug report, however I wanted to make sure I
> did all my research first to see if I'm missing something.

It would be great if you could file a bug at https://bugzilla.samba.org/
Either the manpage or the code has to be fixed!

Here is the solution for your setup:

Recent versions of samba (3.2.6 for sure) have an config option

  "winbind:ignore domains = "

that effectively prevents winbindd from contacting the listed
domains. This was introduced exactly to prevent winbindd on
timing out on attempts to contact unreachable domains.

Cheers - Michael

-- 
Michael Adam   
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpkJ8A2bmMLx.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Join multiple CTDB managed Samba servers into Active Directory

[Michael Adam]

Hi Tim,

tim clusters wrote:
> Michael,
> 
> Thanks for your response.
> You had indicated that "only one" node needs to join the cluster by issuing
> "net ads join" and CTDB will take care propagating to other nodes.
> 
> Iam authenticating CTDB nodes to Active Directory(AD) via Kerberos. Do I
> need to obtain Kerberos ticket by issuing "kinit" only on one node (and CTDB
> will use this ticket for authenticating all other CTDB nodes to AD)  or do I
> need to issue "kinit" on all the CTDB nodes?

Hmm, "net ads join" and winbindd in ads mode do use kerberos.
Usually you do _not_ need to call kinit manually. The samba tools
do internally go and get tickets from the kdc and so on. All that
needs to be propagated (via secrets.tdb) is the join information
(machine account password)...

Please elaborate your point, when I misunderstood you.

Cheers - Michael

> Thanks,
> -Kums
> On Fri, Dec 19, 2008 at 2:28 AM, Michael Adam  wrote:
> 
> > Hi,
> >
> > the nodes in the cluster should appear as ONE cifs server to the
> > outside. I just has multiple IP addresses and one client request is
> > served by one node of the cluster.
> >
> > So there should also only be one name (netbios name)
> > the cluster nodes share. Then you just need to join the cluster _once_
> > (issuing "net ads join" on _one_ node) ctdb will take care of
> > storing the machine password in secrets.tdb so that join
> > information is available to all nodes.
> >
> > So you should set the same "netbios name = XYZ" on smb.conf on
> > all cluster nodes.
> >
> > In your smb.conf, you have set "private dir = /mnt/global/CTDB"
> > this is on gpfs cluster storage. This should not be set with
> > current versions of ctdb, since ctdb can now handle persistent
> > tdb databases (like secrets.tdb). So please remove that setting.
> >
> > Also extend "vfs objects" to include "fileid" to ensure coherent
> > locking across cluster nodes.
> >
> > I have updated the documentation at
> > http://wiki.samba.org/index.php/CTDB_Setup
> > to reflect these changes.
> >
> > If you want to use nfs4 als on gpfs, you should also set
> >  force unknown acl user = yes
> >  nfs4: mode = special
> >  nfs4: chown = yes
> >  nfs4: acedup = merge
> > in your share definition.
> >
> > Since samba-3.2.3-ctdb.50 uses the simplified idmap code of
> > 3.3.0, you can simply drop the options:
> >
> > > idmap alloc TESTDOMAIN:range = 10777216-57554431
> > > idmap config TESTDOMAIN:default = yes
> >
> > so that your idmap config looks like this:
> >
> > > idmap config TESTDOMAIN:range = 10777216-57554431
> > > idmap config TESTDOMAIN:backend = rid
> >
> > You might also want to set the defaults idmap config to s/th like:
> >
> >  idmap backend = tdb2
> >  idmap uid = 100-2000
> >  idmap gid = 100-2000
> >
> > Cheers - Michael
> >
> > tim clusters wrote:
> > > Hi ,
> > >
> > > I have set up a 2-node CTDB cluster serving NFS and CIFS authenticating
> > > Windows and Linux users via Active Directory.
> > >
> > > The setup works fine, except only one server in the CTDB-cluster is able
> > to
> > > join the AD domain at a given instance. If you manually add the other
> > server
> > > into AD, the already connected server gets disconnected. There is no
> > > specific error message logged in /var/log/message or
> > /var/log/samba/log.smbd
> > > or /var/log/samba/log.winbind + network snooping at Samba port(445) does
> > not
> > > provide any info.  Please find the smb.conf and CTDB details attached.
> > >
> > > Without CTDB, I can have Samba active on multiple servers joined to AD.
> > > Following is the setup + error message when you manually try to join a
> > > second CTDB node into Active Directory:
> > > 
> > >
> > > Configuration:
> > >
> > > # CTDB Up and Virtualizing two Nodes into single entity
> > > # CTDB configured to manage IP, NFS, Samba, and Winbind
> > > [r...@node-02 nfsexport]# ctdb status
> > > Number of nodes:2
> > > pnn:0 172.16.2.252 OK (THIS NODE)
> > > pnn:1 172.16.2.253 OK
> > > Generation:1529093094
> > > Size:2
> > > hash:0 lmaster:0
> > > hash:1 lmaster:1
> > > Recovery mode:NORMAL (0)
> > > Recovery master:1
> > >
> &g

Re: [Samba] CTDB Samba Deployment

[Michael Adam]

Hi Tim,

tim clusters wrote:
> Hi,
> 
> Has anybody deployed a CTDB cluster(http://ctdb.samba.org/) successfully
> with multiple nodes serving SMB simultaneously authenticating via Active
> Directory(using Winbind)? If yes, can you please share /etc/samba/smb.conf
> and /etc/sysconfig/ctdb?
> 
> Thanks in Advance,
> -Tim

See mail response to your earlier mail (Dec 05).

Cheers - Michael

-- 
Michael Adam   
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgp4jbn1kE4Cm.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Join multiple CTDB managed Samba servers into Active Directory

[Michael Adam]

27;
>   domain_sid   : *
>   domain_sid   :
> S-1-5-21-3868838012-3874256186-1289404937
>   modified_config  : 0x00 (0)
>   error_string : NULL
>   domain_is_ad : 0x01 (1)
>   result   : WERR_OK
> Using short domain name -- TESTDOMAIN
> Joined 'node-02' to realm 'testdomain.local'
> [r...@node-02 nfsexport]# net ads testjoin
> Join is OK
> #When node-02 is added into AD, node-01 gets revoked/disconnected from AD
> [r...@node-01 ~]# net ads testjoin
> [2008/12/02 16:33:45,  0] libads/kerberos.c:ads_kinit_password(361)
>   kerberos_kinit_password node-...@testdomain.local failed:
> Preauthentication failed
> [2008/12/02 16:33:45,  0] libads/kerberos.c:ads_kinit_password(361)
>   kerberos_kinit_password node-...@testdomain.local failed:
> Preauthentication failed
> Join to domain is not valid: Logon failure
> [r...@node-02 nfsexport]# net ads testjoin
> [2008/12/02 14:30:07,  0] passdb/secrets.c:secrets_init(71)
>   Failed to open /mnt/gpfs/CTDB/secrets.tdb
> Join to domain is not valid: Access denied
> 
> -
> 
> Thanks in Advance,
> -Tim

> Software version
> 
> 
> CTDB:
> ctdb-1.0-64
> ctdb-debuginfo-1.0-64
> 
> Samba:
> samba-debuginfo-3.2.3-ctdb.50
> samba-3.2.3-ctdb.50
> samba-doc-3.2.3-ctdb.50
> samba-winbind-32bit-3.2.3-ctdb.50
> samba-client-3.2.3-ctdb.50
> samba-swat-3.2.3-ctdb.50
> samba-common-3.2.3-ctdb.50
> 
> Kerberos:
> krb5-workstation-1.5-17
> krb5-libs-1.5-17
> krb5-devel-1.5-17
> krb5-auth-dialog-0.7-1
> pam_krb5-2.2.11-1
> krb5-devel-1.5-17
> krb5-libs-1.5-17
> pam_krb5-2.2.11-1
> 
> 
> smb.conf
> 
> 
> [global]
> workgroup = TESTDOMAIN
> realm = TESTDOMAIN.LOCAL
> security = ADS
> password server = 192.168.10.10
> private dir = /mnt/global/CTDB
> client NTLMv2 auth = Yes
> template homedir = /home/%D+%U
> template shell = /bin/bash
> winbind separator = +
> winbind enum users = Yes
> winbind enum groups = Yes
> smb ports = 445
> server signing = auto
> socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
> use mmap = No
>     clustering = Yes
> dns proxy = No
> gpfs:sharemodes = no
> fileid:mapping = global_GbE
> idmap alloc TESTDOMAIN:range = 10777216-57554431
> idmap config TESTDOMAIN:range = 10777216-57554431
> idmap config TESTDOMAIN:backend = rid
> idmap config TESTDOMAIN:default = yes
> force unknown acl user = Yes
> vfs objects = gpfs
> log level = 3 passdb:5 auth:10 winbind:5
> log file = /var/log/samba/log.%m
> max log size = 50
> 
> [global-share]
> comment = global NameSpace
> path = /mnt/global/nfsexport
> read only = No
> inherit permissions = Yes
> inherit acls = Yes
> 
> 
> /etc/sysconfig/ctdb
> ---
> 
> CTDB_RECOVERY_LOCK=/mnt/global/CTDB/recovery.lck
> CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses
> CTDB_MANAGES_SAMBA=yes
> CTDB_MANAGES_WINBIND=yes
> CTDB_MANAGES_NFS=yes
> CTDB_NODES=/etc/ctdb/nodes

-- 
Michael Adam   
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpafCRjgbLeM.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 3.2.6 link error

[Michael Adam]

George Sherwood wrote:
> On Wed, 17 Dec 2008 15:44:19 +0100
> Michael Adam  wrote:
> > How do you compile/link mount.cifs?
> > 
> > When doing a fresh build (autogen / configure / make everything),
> > this should correctly create you bin/mount.cifs.
> > 
> > In 3.2.6, a new object has been added to mount.cifs, namely
> > client/mtab.o. So when you compile with a individual command
> > like "gcc -o mount.cifs client/mount.cifs.c", this will fail with
> > exactly the error message as specified above.
> > 
> 
> Michael,
> Thanks for the pointer.  That was exactly the problem.  Not sure
> why, but out distro was building mount.cifs.c separately for some
> reason.  I took that part out and added the option for
> --with-cifsmount and everything seems to be working now.

We encountered the same problem when packaging.

The reason is this:

Originally, mount.cifs was not built by make all or make
everything. It did not even have a make target at some point.
That is why there was a separate compile call to build mount.cifs.

Now there has been a make target for some time.
So the separate compile call was redundant but did not harm.
But now in 3.2.6, a new object has been added to the mount.cifs
target, so the old "gcc -o mount.cifs mount.cifs.c" is simply
wrong now.

I hope this makes it clear.

Cheers - Michael

-- 
Michael Adam   
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpT6yKc2vQrv.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 3.2.6 link error

[Michael Adam]

Hi George,

George Sherwood wrote:
> No problems building samba 3.2.5, but having a link error with 3.2.6.
> Haven't been able to find a solution.
> 
> Compiling nsswitch/wins.c
> Linking nsswitch/libnss_wins.so
> /tmp/ccvWgbGU.o: In function `main':
> mount.cifs.c:(.text+0x1f29): undefined reference to `unlock_mtab'
> mount.cifs.c:(.text+0x1f33): undefined reference to `lock_mtab'
> mount.cifs.c:(.text+0x1f7a): undefined reference to `unlock_mtab'
> mount.cifs.c:(.text+0x20c8): undefined reference to `unlock_mtab'
> collect2: ld returned 1 exit status

How do you compile/link mount.cifs?

When doing a fresh build (autogen / configure / make everything),
this should correctly create you bin/mount.cifs.

In 3.2.6, a new object has been added to mount.cifs, namely
client/mtab.o. So when you compile with a individual command
like "gcc -o mount.cifs client/mount.cifs.c", this will fail with
exactly the error message as specified above.

Cheers - Michael

-- 
Michael Adam   
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpx84Z6ZhbzG.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Winbind dumps core after upgrade to 3.2.6

[Michael Adam]

Hi François,

yes, please file a bug report with this issue,
providing configuration detais and log files.


If possible, a more meaningful backtrace would be helpful:

* Be sure to compile with debugging symbols (cflag "-g").
* add 'panic action = "/bin/sleep 9"' to your smb.conf
* restart winbindd
* reproduce the panic. "ps axf" shows the sleep process as
  a child process of the panicing process
* attach gdb to the process with "gdb --pid" and do a "bt"

Cheers - Michael

François Legal wrote:
> 
> 
> Hello, 
> I was running 3.2.4 since yesterday evening, when I decided to
> upgrade to 3.2.6 
> 
> I did recompile from the sources (with the same configure options I
> used for 3.2.4) then shutdown samba, replace the binaries and libs,
> then start again. 
> 
> Everything then went fine until this morning when a user from a
> trusted domain made a connection to the DC. I took a look and saw that
> winbindd dumped core yesterday evening by the time I disconnected from
> the machine 
> 
> [2008/12/15 22:35:04,  0] lib/fault.c:fault_report(40)
>   ===
> [2008/12/15 22:35:04,  0] lib/fault.c:fault_report(41)
>   INTERNAL ERROR: Signal 11 in pid 19111 (3.2.6)
>   Please read the Trouble-Shooting section of the Samba3-HOWTO
> [2008/12/15 22:35:04,  0] lib/fault.c:fault_report(43)
>   From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
> [2008/12/15 22:35:04,  0] lib/fault.c:fault_report(44)
>  
> ===
> [2008/12/15 22:35:04,  0] lib/util.c:smb_panic(1663)
>   PANIC (pid 19111): internal error
> [2008/12/15 22:35:04,  0] lib/util.c:log_stack_trace(1767)
>   BACKTRACE: 18 stack frames:
>#0 /usr/local/samba/sbin/winbindd(log_stack_trace+0x1a)
> [0x5566fdd7]
>#1 /usr/local/samba/sbin/winbindd(smb_panic+0x5b) [0x5566fee7]
>#2 /usr/local/samba/sbin/winbindd [0x5565d24a]
>#3 /lib/libc.so.6 [0x2b1862ac6110]
>#4 /usr/local/samba/sbin/winbindd(strlower_m+0xd) [0x55666b1a]
>#5
> /usr/local/samba/sbin/winbindd(fill_domain_username_talloc+0x33)
> [0x55
> 5d3ee8]
>#6 /usr/local/samba/sbin/winbindd [0x555f06b0]
>#7 /usr/local/samba/sbin/winbindd [0x555f2985]
>#8 /usr/local/samba/sbin/winbindd [0x555dcad2]
>#9 /usr/local/samba/sbin/winbindd [0x555d0e0f]
>#10 /usr/local/samba/sbin/winbindd [0x555d3248]
>#11 /usr/local/samba/sbin/winbindd [0x555fd735]
>#12
> /usr/local/samba/sbin/winbindd [0x555f784c]
>#13 /usr/local/samba/sbin/winbindd [0x555f6e9b]
>#14 /usr/local/samba/sbin/winbindd [0x555cb566]
>#15 /usr/local/samba/sbin/winbindd(main+0xea7) [0x555cc4a4]
>#16 /lib/libc.so.6(__libc_start_main+0xda) [0x2b1862ab34ca]
>#17 /usr/local/samba/sbin/winbindd [0x555ca06a]
> [2008/12/15 22:35:04,  0] lib/fault.c:dump_core(201)
>   dumping core in /var/log/samba/cores/winbindd 
> 
> Shall I raise a bug report ? 
> François 

-- 
Michael Adam   
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpVvXDnWARru.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NFSv4 ACL Support

[Michael Adam]

Hi Nils,

Nils Goroll wrote:
> 
> I've got two bugs open because ACL inheritance does not work on NFSv4.
> 
> See https://bugzilla.samba.org/show_bug.cgi?id=5446
> (https://bugzilla.samba.org/show_bug.cgi?id=5447 pro forma for samba 3.0)
> 
> So if you need ACL inhertance, you'll probaby want to apply the simple 
> ptahces to vfs_zfsacl.c

Oops. Sorry, I did not follow the bug reports closely lately.
I'll assign the corresponding bugs to me, and I'll take a look at
your cleaned up patch. I think the issue I had originally was
with the prototypes of the disabled methods, right?...

Cheers - Michael

-- 
Michael Adam <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgppx6u4EXdPi.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NFSv4 ACL Support

[Michael Adam]

Hi David,

David Eisner wrote:
> On Thu, Nov 13, 2008 at 5:19 PM, Volker Lendecke
> <[EMAIL PROTECTED]> wrote:
> > No, that's not fully correct. Samba 3.2 has support for
> > NFSv4 ACLs on zfs using the vfs_zfsacl module. Samba 3.3 and
> 
> Cool.  Do I have to do anything special when compiling Samba 3.2.4 to
> use it?  I see there's a --with-vfs-afsacl configure option, but no
> --with-vfs-zfsacl.  Should I use --with-shared-modules=vfs_zfsacl?

Right, that is the way to trigger the build.

This will build zfsacl.so.

You use it with "vfs objects = zfsacl" in a share definition
in smb.conf.

Cheers - Michael

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpiRkWphKv3h.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.2, Samba 3.3 release planning

[Michael Adam]

Hi William, Jerry,

Gerald (Jerry) Carter wrote:
> William Jojo wrote:
> > 
> >> I love that releases are moving very quickly now. My only 
> > concern is keeping up with and determining what is appropriate
> > as I continue to maintain AIX binaries on my web page.
> > 
> >> Presently I have already dropped the 3.0 series and have 
> > 3.2.4 available with the clustering option for AIX 5.3 and 6.1.
> > 
> >> I am trying to determine how best to support a 3.2 and 3.3 
> > parallel set or if I should just drop 3.2 after 3.3.1 is
> > released or some other arbitrary schedule. :-) :-)
> > 
> >> How long after 3.3 is released to production does the Samba 
> > team anticipate supporting the 3.2 line?
> 
> That has not bee decided yet.  The 3.0.x releases are in
> maintenance mode (transitioned as soon as 3.2.0 was released).
> The 3.0.x series will reach EOL on Jul 1, 2009.
> 
> I expect that 3.2.x will be moved to maintenance mode as soon
> as 3.3.0 is released.

Yes that had been decided exactly like this.

> maintenance == "only critical bug fixes and security issues"
> 
> What we've not stated is how long it would be until v3.2.x
> reaches EOL.  Based on past data, I expect 6 - 12 months, but
> that is just a guess and not really up to me.

If I am not completely wrong, this had been decided as well
as follows: A release will reach EOL when the next release
goes into maintenance mode, i.e. when the second next release
comes out. With the aimed release cycle of 6 months, this means
that each release will go into maintenance mode after 6 months
and reach EOL anonther 6 months later. Example: 3.2 will go into
maintenance mode in december 2008, when 3.3 is scheduled for
release, and 3.2 will reach EOL around June 2009 (?) when 3.4 is
scheduled.

At least that is what Karolin had proposed and as far as I
remember at least noone had objected. (Time will tell if the
workload is manageable with such a tight release cycle.)

Please correct me if I am mistaken.

> If I were packaging Samba, I would only focus on the latest
> production release.

Exactly.

Of course it makes sense to try and package the pre-releases of
the next release to see in time whether packaging will require 
adaptions. The pre-release phase is supposed to start roughly half
way through the 6 months period.

Cheers - Michael

-- 
Michael Adam <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpZj5i7lA6C8.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba + ADS in native mode

[Michael Adam]

Hi Sergey,

Sergey Pororegnik wrote:
> Hello, friends.
> Before change Active Directory Server mode to "native mode" user 
> authentification dont' work. In native ADS mode i need use kerberos.
> 
> OS: RHEL 4 (x86)
> Samba: 3.0.10-1.4E
> Kerberos: 1.3.4-9
> Domain controller: Win 2003 ADS in native mode

> # wbinfo -a [EMAIL PROTECTED]
> plaintext password authentication failed
> error code was NT_STATUS_NO_SUCH_USER (0xc064)
> error messsage was: No such user
> Could not authenticate user [EMAIL PROTECTED] with plaintext password
> challenge/response password authentication failed
> error code was NT_STATUS_NO_SUCH_USER (0xc064)
> error messsage was: No such user
> Could not authenticate user [EMAIL PROTECTED] with challenge/response

You have set "winbind use default domain = yes", so what does
"wbinfo -a username" give you? And "wbinfo -a DOMAIN+username"
(where you use your short Domain name not the realm name).

> # wbinfo -g
> and
> # wbinfo -u
> work correct.

So I assume, you have successfully done "net ads join"?

Cheers - Michael

PS: You could also consider upgrading. 3.0.10 is quite old.
AD-Support has evolved a lot since that release.

> # more /etc/samba/smb.conf
> [global]
>workgroup = DOMAIN
>server string = FTP Server
>netbios name = SRVFTP
>log file = /var/log/samba/%m.log
>log level = 3 auth:5 passdb:5
>max log size = 500
>security = ADS
>realm = CORP.DOMAIN.COM
>encrypt passwords = yes
>socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>dns proxy = no
>winbind enum users = yes
>winbind enum groups = yes
>winbind use default domain = yes
>auth methods = winbind
>idmap uid = 1-2
>idmap gid = 1-2
>winbind separator = +
>winbind nested groups = yes
>password server = dc1.domain.local
>case sensitive = no
> 
> 
> 
> 
> # more /etc/krb5.conf
> [logging]
>  default = FILE:/var/log/krb5libs.log
>  kdc = FILE:/var/log/krb5kdc.log
>  admin_server = FILE:/var/log/kadmind.log
> 
> [libdefaults]
>  default_realm = CORP.DOMAIN.COM
>  dns_lookup_realm = true
>  dns_lookup_kdc = true
> 
> [realms]
>  CORP.DOMAIN.COM = {
>   kdc = dc1.domain.local:88
>   admin_server = dc1.domain.local:749
>   default_domain = CORP.DOMAIN.COM
>  }
> 
> [domain_realm]
>  .domain.local = CORP.DOMAIN.COM
>  domain.local = CORP.DOMAIN.COM
> 
> [kdc]
>  profile = /var/kerberos/krb5kdc/kdc.conf
> 
> [appdefaults]
>  pam = {
>debug = false
>ticket_lifetime = 36000
>renew_lifetime = 36000
>forwardable = true
>krb4_convert = false
>  }
> 
> 
> 
> 
> 
> # klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: [EMAIL PROTECTED]
> 
> Valid starting Expires    Service principal
> 10/02/08 10:20:43  10/02/08 20:20:50  krbtgt/[EMAIL PROTECTED]
> renew until 10/02/08 20:20:43
> 10/02/08 10:24:30  10/02/08 20:20:50  [EMAIL PROTECTED]
> renew until 10/02/08 20:20:43
> 
> 
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> 
> 

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpedrT580i0Q.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: samaba winwind

[Michael Adam]

Hi,

Andreas Ladanyi wrote:
> vishesh schrieb:
> >dear all
> >i am running samba 3.0.28 on two server and using winbind to get active 
> >directory users and group. the problem i facing is attach the uid 
> >assigned for same user is diffrent on samba servers.
> 
> The uid saved in the Active Directory is different from the winbind 
> Linux side ?

No, the problem is that the uids on the two samba servers are
different for the same user. This is because you are using
(the default of) "idmap backend = tdb". This assigns increasing
uids (per server) to users in the the order the access the server.

If you need the same user ids, you have (at least) the following
two options:

1. Use "idmap backend = rid". Then a user gets the the
   uid built as LOW_RANGE_UID + RID.
   Here LOW_RANGE_UID is the lower bound of the range
   "idmap uid = LOW_RANGE_UID - HIGH_RANGE_UID"
   and RID is the "relative identifyer": the user SID
   is built as follows: DOMAIN_SID-RID. i.e. the rid
   is the last block of digits of the user's sid, hence
   is unique inside one domain, and users will get the
   same uid on all samba servers using "idmap backend = rid".
   See the man paget idmap_rid(8).

2. Use "idmap backend = ad":
   When you install the SFU (Services For Unix) schema
   extensions, then you can set unix attributes for users
   and groups in actice directory. and the same uid is
   obtained for users on all samba servers using this backend.
  
Hope this helps,

Michael

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgp4tb4JCb8le.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [ANNOUNCE] Samba 3.2.2 Available for Download

[Michael Adam]

Nicholas Brealey wrote:
> Brian H. Nelson wrote:
> >Michael Adam wrote: 
> >
> >>What is more, rpath also has some bad effects (when
> >>updating libraries, e.g.), so it should not be set unconditionally.
> >
> >Could you elaborate on why/when setting rpath would cause problems? I'm 
> >having trouble coming up with an example.
> >
> I think there was an issue with RPATH in the executable taking higher 
> priority than the LD_LIBRARY_PATH environment variable and Linux 
> distributions updating libraries in a funny way (moving the old 
> libraries to a different directory).

I think that pretty much nails it down.

This for instance makes it impossible (on Linux) to make test
from a source/build directory with RPATH without doing
"make install" first.

> On Solaris LD_LIBRARY_PATH always had a higher priority than RPATH 
> although I think this broke some standard. To comply with standards, 
> RUNPATH was introduced which has a lower priority than LD_LIBRARY_PATH 
> matching the behaviour of the Solaris RPATH. The -R option on Solaris 
> now sets both RPATH and RUNPATH but RPATH is ignored when RUNPATH is 
> present.

Ah, interesting to know.

> A cannot think of any objection to using -R with $ORIGIN on Solaris.

Why not simple give it the absolute LIBDIR path from configure?

By the way, as already stated in another mail:
You can link your binaries with any RPATH you like by calling
configure this way (without modifications to samba code):

LDFLAGS="-R..." ./configure --prefix=... ...

Cheers - Michael

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgp8BcN9ajL6d.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [ANNOUNCE] Samba 3.2.2 Available for Download

[Michael Adam]

Michael Adam wrote:
> Hi folks!
> 
> Nicholas Brealey wrote:
> > James Kosin wrote:
> > >-Original Message-
> > >From: Daniel Eischen [mailto:[EMAIL PROTECTED] 
> > >
> > >>Using -rpath/-R is the norm for Solaris packages.  Samba
> > >>already is built with knowledge of where it is installed
> > >>and where its lib, data, var, etc directories reside.
> > >>
> > >>What is _not_ the norm, is having to set LD_LIBRARY_PATH in
> > >>order for your applications to work.  Take a look at all
> > >>the packages at sunfreeware.com - they are all built for
> > >>/usr/local and, at least from hundred or so packages I've
> > >>installed from there, none require LD_LIBRARY_PATH to work
> > >>when their libraries are in /usr/local/lib.
> 
> I had the plan to provide the option of linking with an
> rpath as a configure option. But it is not so easy to get
> it right for all supported platforms (Nicholas only mentioned
> solaris and Linux...). And I did not have the time yet to
> complete this in an upstream compliant manner.
> 
> Patches welcome!!

To be more concrete:

I suggest adding a configure option "--enable-rpath"
that adds the appropriate LDFLAGS when appropriate for the
build system (e.g. solaris and linux for a start) and
gives notice when the system is unsupported (for rpath).

See 

http://gitweb.samba.org/?p=samba.git;a=commit;h=3a0f781352f364ce625a35ffd78257b27d984c47

and

http://gitweb.samba.org/?p=samba.git;a=commitdiff;h=6850dc242b010bdcef5e427e51be04201f55b7f3

for what has already been in the sources and has been removed.

By the way: It is not strictly necessary to modify the sources to
create binaries linked with an rpath: By setting an appropriate
"LDFLAGS" environment variable containing an RPATH option before
calling configure, you can use an RPATH option for your install
without modifying the sources, since the configure script picks
up any externally set LDFLAGS and CFLAGS settings! ... :-)

Cheers - Michael

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpEZP5KAXBCl.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [ANNOUNCE] Samba 3.2.2 Available for Download

[Michael Adam]

Hi folks!

Nicholas Brealey wrote:
> On Solaris I think the best option for packages which have a directory 
> structure like:
> 
> package/bin
> package/lib
> 
> is to link the executables with:
> -R$ORIGIN/../lib
> 
> (In a Makefile use: LDFLAGS = -R\$$ORIGIN/../lib)
> 
> This means the package can installed anywhere and still pick up the
> correct libraries.
> 
> Using LD_LIBRARY_PATH or crle is bad practice.

Well, we had the discussion of whether to use rpath
or LD_LIBRARY_PATH (or ld.so.conf) already on this
and/or the samba-technical mailing list.
(I should look up that thread...)

> James Kosin wrote:
> >-Original Message-
> >From: Daniel Eischen [mailto:[EMAIL PROTECTED] 
> >
> >>Using -rpath/-R is the norm for Solaris packages.  Samba
> >>already is built with knowledge of where it is installed
> >>and where its lib, data, var, etc directories reside.
> >>
> >>What is _not_ the norm, is having to set LD_LIBRARY_PATH in
> >>order for your applications to work.  Take a look at all
> >>the packages at sunfreeware.com - they are all built for
> >>/usr/local and, at least from hundred or so packages I've
> >>installed from there, none require LD_LIBRARY_PATH to work
> >>when their libraries are in /usr/local/lib.

Well on the other hand, in Linux distributions, 
it is considered bad practise to link using an RPATH. 
You either put your libs into /usr/lib or /usr/local/lib
or else use a ld.so.conf file.

So there are advocates for and more significantly
against each of rpath and LD_LIBRARY_PATH.

I decided not to compile with an RPATH because
at that time most people argued that this is a bad thing.

1. easiest solution: put libs into folder searched by
   dynamic linker (e.g. /usr/lib)

2. next solution: use LD_LIBRARY_PATH when installing
   to /some/package/dir (or use an ld.so.conf file when
   available)

3. modify LDFLAGS to use an rpath.

I had the plan to provide the option of linking with an
rpath as a configure option. But it is not so easy to get
it right for all supported platforms (Nicholas only mentioned
solaris and Linux...). And I did not have the time yet to
complete this in an upstream compliant manner.

Patches welcome!!

> James Kosin wrote:
> >Actually, I'll have to check to see if Michael back-ported the configure
> >option to specify the destination directory for the libraries.  The
> >default seems to be in the %prefix/lib/samba directory with many
> >packages moving them to the %prefix/lib directory and keeping the rest
> >in the %prefix/lib/samba structure.

* creation and installation of shared libs as filename = SONAME
  and symlink .so --> .so.VERSION is fixed in samba 3.2.2.
  (Bug #5592)

* splitting of libdir into libdir (for the libs) and modulesdir
  (for shared modules and such) is done in v3-devel / v3-3-test.
  This probably won't go into 3.2.X since it is a new feature
  and not really a bug.
  This will be 3.3.0 (planned for Dec 15, 2008).
  
Thanks for your thougths and comments.
This is much appreciated.

Cheers - Michael

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpVo0Cv87h4V.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [ANNOUNCE] Samba 3.2.1 Available for Download.eml

[Michael Adam]

Hi James,

James Kosin wrote:
> Everything compiled, and installed with the proper links.

Great!

> I'm getting ready to test a RPM build to see if this works.  Will
> let everyone know in about 1-2 hours.

Thanks for the feedback.

Please re-open and comment bug #5592, should any problems
(re)occur. Thanks!

Cheers - Michael

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpWJFapSab74.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [ANNOUNCE] Samba 3.2.1 Available for Download.eml

[Michael Adam]

sorry, patch attached now...

Michael Adam wrote:
> Michael Adam wrote:
> > Hi James,
> > 
> > James Kosin wrote:
> > > I did a ./configure... then a make all and got this:
> > > [...]
> > > Linking shared library bin/[EMAIL PROTECTED]@
> > > /usr/bin/ld: cannot open linker script file 
> > > /usr/src/redhat/BUILD/samba-3.2.0/source/exports/[EMAIL PROTECTED]@: No 
> > > such file or directory
> > > collect2: ld returned 1 exit status
> > > make: *** [bin/[EMAIL PROTECTED]@] Error 1
> > > [EMAIL PROTECTED] source]#
> > > 
> > > I can only guess, configure did not get fixed fully...
> > 
> > Well, more likly my patch was not correct:
> > I produced it from the v3-2-test branch.
> > I may have forgotten an intermediate commit.
> > 
> > Did you apply the patch to the 3.2.0 sources?
> > The patch does not apply cleanly to these.
> > You should use the 3.2.1 sources (available from http://www.samba.org/).
> > 
> > If that does not help, I need to try and get the patch
> > complete for 3.2.1.
> 
> Here is an updated patch for 3.2.1.
> This one should work. I had forgotten the diff portion of m4/aclocal.m4.
> Sorry for that!
> 
> Cheers - Michael
> 
> -- 
> Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-37-0, fax: +49-551-37-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.SerNet.DE, mailto: Info @ SerNet.DE



> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 

i.A. Michael Adam

-- 
Michael Adam <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE
 source/Makefile.in |  727 ++--
 source/configure.in|  154 +-
 source/library-versions.in |   11 -
 source/m4/aclocal.m4   |   62 -
 4 files changed, 565 insertions(+), 389 deletions(-)

diff --git a/source/Makefile.in b/source/Makefile.in
index 41753c5..8df9d66 100644
--- a/source/Makefile.in
+++ b/source/Makefile.in
@@ -25,9 +25,8 @@ [EMAIL PROTECTED]@
 [EMAIL PROTECTED]@
 
 ## Dynamic shared libraries build settings
-DSO_EXPORTS_CMD=-Wl,--version-script,$(srcdir)/exports/`basename $@ | sed 's/@[EMAIL PROTECTED]/@SYMSEXT@/'`
+DSO_EXPORTS_CMD=-Wl,--version-script,$(srcdir)/exports/`basename $@ | sed 's/@[EMAIL PROTECTED](.[0-9]\{1,\}\)\{0,1\}$$/@SYMSEXT@/'`
 [EMAIL PROTECTED]@
-SONAME_VER=`grep \^$@ $(builddir)/library-versions | cut -d: -f2`
 SHLD_DSO = $(SHLD) $(LDSHFLAGS) $(DSO_EXPORTS) -o $@
 
 # The MODULE_EXPORTS variable contains the platform-specific linker flags
@@ -149,34 +148,6 @@ CODEPAGEDIR = @codepagedir@
 # the directory where pid files go
 PIDDIR = @piddir@
 
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@
-LIBTALLOC=$(LIBTALLOC_STATIC_TARGET) @LIBTALLOC_SHARED@
-LIBTALLOC_SYMS=$(srcdir)/exports/[EMAIL PROTECTED]@
-LIBTALLOC_HEADERS=$(srcdir)/@tallocdir@/talloc.h
-
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@
-LIBTDB=$(LIBTDB_STATIC_TARGET) @LIBTDB_SHARED@
-LIBTDB_SYMS=$(srcdir)/exports/[EMAIL PROTECTED]@
-LIBTDB_HEADERS=$(srcdir)/@tdbdir@/include/tdb.h
-
-LIBSMBCLIENT=bin/libsmbclient.a @LIBSMBCLIENT_SHARED@
-LIBSMBSHAREMODES=bin/libsmbsharemodes.a @LIBSMBSHAREMODES_SHARED@
-LIBADDNS=bin/libaddns.a @LIBADDNS_SHARED@
-
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@ @LIBWBCLIENT_SHARED@
-LIBWBCLIENT_SYMS=$(srcdir)/exports/[EMAIL PROTECTED]@
-LIBWBCLIENT_HEADERS=$(srcdir)/nsswitch/libwbclient/wbclient.h
-
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@
-LIBNETAPI=$(LIBNETAPI_STATIC_TARGET) @LIBNETAPI_SHARED@
-LIBNETAPI_SYMS=$(srcdir)/exports/[EMAIL PROTECTED]@
-LIBNETAPI_HEADERS=$(srcdir)/lib/netapi/netapi.h
-
 FLAGS1 = $(CFLAGS) @FLAGS1@ @SAMBA_CPPFLAGS@ $(CPPFLAGS)
 FLAGS2 =
 FLAGS3 =
@@ -234,8 +205,6 @@ EVERYTHING_PROGS = bin/[EMAIL PROTECTED]@ bin/[EMAIL PROTECTED]@ \
 	bin/[EMAIL PROTECTED]@ bin/[EMAIL PROTECTED]@ bin/[EMAIL PROTECTED]@ \
 	bin/[EMAIL PROTECTED]@ bin/[EMAIL PROTECTED]@
 
-SHLIBS = libtalloc libtdb @LIBWBCLIENT@ @LIBSMBCLIENT@ @LIBSMBSHAREMODES@ @LIBADDNS@ libnetapi
-
 PAM_MODULES = @PAM_MODULES@
 
 NSS_MODULES = @NSS_MODULES@
@@ -256,9 +225,6 @@ MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(IDMAP_MODULES) \
 # object file lists
 ##
 
-LIBTDB_OBJ0 = @TDB_OBJS@
-LIBTDB_OBJ = $(LIBTDB_OBJ0) $(LIBREPLACE_OBJ)
-
 TDB_OBJ = lib/util_tdb.o \
 	  lib/dbwrap.o lib/dbwrap_tdb.o \
 	  lib/dbwrap_tdb2.o lib/dbwrap_ctdb.o \
@@ -326,12 +292,6 @@ LIBREPLACE_OBJ = @LIBREPLACE_OBJS@
 SOCKET_WRAPPER_OB

Re: [Samba] [ANNOUNCE] Samba 3.2.1 Available for Download.eml

[Michael Adam]

Michael Adam wrote:
> Hi James,
> 
> James Kosin wrote:
> > I did a ./configure... then a make all and got this:
> > [...]
> > Linking shared library bin/[EMAIL PROTECTED]@
> > /usr/bin/ld: cannot open linker script file 
> > /usr/src/redhat/BUILD/samba-3.2.0/source/exports/[EMAIL PROTECTED]@: No 
> > such file or directory
> > collect2: ld returned 1 exit status
> > make: *** [bin/[EMAIL PROTECTED]@] Error 1
> > [EMAIL PROTECTED] source]#
> > 
> > I can only guess, configure did not get fixed fully...
> 
> Well, more likly my patch was not correct:
> I produced it from the v3-2-test branch.
> I may have forgotten an intermediate commit.
> 
> Did you apply the patch to the 3.2.0 sources?
> The patch does not apply cleanly to these.
> You should use the 3.2.1 sources (available from http://www.samba.org/).
> 
> If that does not help, I need to try and get the patch
> complete for 3.2.1.

Here is an updated patch for 3.2.1.
This one should work. I had forgotten the diff portion of m4/aclocal.m4.
Sorry for that!

Cheers - Michael

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpkKAJRmOalJ.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [ANNOUNCE] Samba 3.2.1 Available for Download.eml

[Michael Adam]

Hi James,

James Kosin wrote:
> I did a ./configure... then a make all and got this:
> [EMAIL PROTECTED] source]# make all
> Using FLAGS  =  -O -D_SAMBA_BUILD_=3  
> -I/usr/src/redhat/BUILD/samba-3.2.0/source/iniparser/src -Iinclude 
> -I./include  -I. -I. -I./lib/replace -I./lib/talloc -I./lib/tdb/include 
> -I./libaddns -I./librpc -DHAVE_CONFIG_H  -D_LARGEFILE64_SOURCE 
> -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -Iinclude -I./include -I. -I. 
> -I./lib/replace -I./lib/talloc -I./lib/tdb/include -I./libaddns -I./librpc 
> -I./popt -DLDAP_DEPRECATED   -I/include 
> -I/usr/src/redhat/BUILD/samba-3.2.0/source/lib -D_SAMBA_BUILD_=3
>   PICFLAG= -fPIC
>   LIBS   = -lcrypt -lcap -lresolv -lresolv -lnsl -ldl
>   LDFLAGS= -pie -Wl,-z,relro -L./bin
>   DYNEXP = -Wl,--export-dynamic
>   LDSHFLAGS  = -shared -Wl,-Bsymbolic -Wl,-z,relro -L./bin
>   SHLIBEXT   = so
>   SONAMEFLAG = -Wl,-soname=
> Generating smbd/build_options.c
> Building include/proto.h
> creating /usr/src/redhat/BUILD/samba-3.2.0/source/include/proto.h
> Building include/build_env.h
> creating /usr/src/redhat/BUILD/samba-3.2.0/source/winbindd/winbindd_proto.h
> creating /usr/src/redhat/BUILD/samba-3.2.0/source/web/swat_proto.h
> creating /usr/src/redhat/BUILD/samba-3.2.0/source/libnet/libnet_proto.h
> creating /usr/src/redhat/BUILD/samba-3.2.0/source/client/client_proto.h
> creating /usr/src/redhat/BUILD/samba-3.2.0/source/utils/net_proto.h
> creating /usr/src/redhat/BUILD/samba-3.2.0/source/utils/ntlm_auth_proto.h
> Compiling lib/talloc/talloc.c
> Linking non-shared library bin/libtalloc.a
> Compiling lib/replace/replace.c
> Compiling lib/replace/snprintf.c
> Compiling lib/replace/getpass.c
> creating /usr/src/redhat/BUILD/samba-3.2.0/source/exports/libtalloc.syms
> Linking shared library bin/[EMAIL PROTECTED]@
> /usr/bin/ld: cannot open linker script file 
> /usr/src/redhat/BUILD/samba-3.2.0/source/exports/[EMAIL PROTECTED]@: No such 
> file or directory
> collect2: ld returned 1 exit status
> make: *** [bin/[EMAIL PROTECTED]@] Error 1
> [EMAIL PROTECTED] source]#
> 
> I can only guess, configure did not get fixed fully...

Well, more likly my patch was not correct:
I produced it from the v3-2-test branch.
I may have forgotten an intermediate commit.

Did you apply the patch to the 3.2.0 sources?
The patch does not apply cleanly to these.
You should use the 3.2.1 sources (available from http://www.samba.org/).

If that does not help, I need to try and get the patch
complete for 3.2.1.

But you can simply try the v3-2-test branch, if you like:
Either check out the git repository, as detailed in
http://wiki.samba.org/index.php/Using_Git_for_Samba_Development
or alternatively, you can download snapshot tarballs
from the mirror at
http://repo.or.cz/w/Samba.git?a=shortlog;h=refs/heads/v3-2-test
Here is a direct link to the current head of the branch:
http://repo.or.cz/w/Samba.git?a=snapshot;h=41d440c3198752281556699cc9744b490b9b0a5e;sf=tgz

I will also check to get the proper patch on top of 3.2.1.

Cheers - Michael

-- 
Michael Adam <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpFA6X78sKJS.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [ANNOUNCE] Samba 3.2.1 Available for Download.eml

[Michael Adam]

Hi James,

attached find combined diff of my changes.
That should work agains the vanilla 3.2.1 tarball.
This is what is going to be released next week in 3.2.2.

This is the whole thing from 3-3-test.
It took me some time and effort to port it back to 3-2-test. :-)

I will of course greatly appreciate any feeback!

Thanks - Michael

James Kosin wrote:
> >Hi James,
> >
> >James Kosin wrote:
> >> Hmmm
> >> 
> >> I attempted to fix the INSTALL part; however, I'm having difficulty 
> >> getting the version numbers after the fact for the install process 
> >> when installing the libraries and rebuilding the symbolic links.
> >> I heard from someone else that this has already been fixed in the 3.3
> 
> >> branch; but there has been little or NO feedback.  Could someone
> email 
> >> me a patch file with the changes to the project to fix this in the
> 3.2 
> >> branch???  I'm willing to try out the patch and validate anything
> that 
> >> is required.
> >> 
> >> I know this seems to be a dead issue; but, the install is BROKEN for 
> >> most people compiling solely from source.  I've fixed my own
> packaging 
> >> but again this only makes the .spec file that much more difficult to 
> >> maintain.
> >
> >No, this issue is not dead. Thanks for insisting! :-) I will push the
> necessary changes to v3-2-test tomorrow, >for the 3.2.2 release.
> >
> >Cheers - Michael
> 
> Michael,
> 
> Is it possible you can send a patch against the 3.2.1 release for me to
> test?
> 
> Thanks,
> James Kosin

-- 
Michael Adam <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE
 source/Makefile.in |  727 ++--
 source/configure.in|  154 +-
 source/library-versions.in |   11 -
 3 files changed, 513 insertions(+), 379 deletions(-)

diff --git a/source/Makefile.in b/source/Makefile.in
index 41753c5..8df9d66 100644
--- a/source/Makefile.in
+++ b/source/Makefile.in
@@ -25,9 +25,8 @@ [EMAIL PROTECTED]@
 [EMAIL PROTECTED]@
 
 ## Dynamic shared libraries build settings
-DSO_EXPORTS_CMD=-Wl,--version-script,$(srcdir)/exports/`basename $@ | sed 's/@[EMAIL PROTECTED]/@SYMSEXT@/'`
+DSO_EXPORTS_CMD=-Wl,--version-script,$(srcdir)/exports/`basename $@ | sed 's/@[EMAIL PROTECTED](.[0-9]\{1,\}\)\{0,1\}$$/@SYMSEXT@/'`
 [EMAIL PROTECTED]@
-SONAME_VER=`grep \^$@ $(builddir)/library-versions | cut -d: -f2`
 SHLD_DSO = $(SHLD) $(LDSHFLAGS) $(DSO_EXPORTS) -o $@
 
 # The MODULE_EXPORTS variable contains the platform-specific linker flags
@@ -149,34 +148,6 @@ CODEPAGEDIR = @codepagedir@
 # the directory where pid files go
 PIDDIR = @piddir@
 
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@
-LIBTALLOC=$(LIBTALLOC_STATIC_TARGET) @LIBTALLOC_SHARED@
-LIBTALLOC_SYMS=$(srcdir)/exports/[EMAIL PROTECTED]@
-LIBTALLOC_HEADERS=$(srcdir)/@tallocdir@/talloc.h
-
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@
-LIBTDB=$(LIBTDB_STATIC_TARGET) @LIBTDB_SHARED@
-LIBTDB_SYMS=$(srcdir)/exports/[EMAIL PROTECTED]@
-LIBTDB_HEADERS=$(srcdir)/@tdbdir@/include/tdb.h
-
-LIBSMBCLIENT=bin/libsmbclient.a @LIBSMBCLIENT_SHARED@
-LIBSMBSHAREMODES=bin/libsmbsharemodes.a @LIBSMBSHAREMODES_SHARED@
-LIBADDNS=bin/libaddns.a @LIBADDNS_SHARED@
-
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@ @LIBWBCLIENT_SHARED@
-LIBWBCLIENT_SYMS=$(srcdir)/exports/[EMAIL PROTECTED]@
-LIBWBCLIENT_HEADERS=$(srcdir)/nsswitch/libwbclient/wbclient.h
-
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@
-LIBNETAPI=$(LIBNETAPI_STATIC_TARGET) @LIBNETAPI_SHARED@
-LIBNETAPI_SYMS=$(srcdir)/exports/[EMAIL PROTECTED]@
-LIBNETAPI_HEADERS=$(srcdir)/lib/netapi/netapi.h
-
 FLAGS1 = $(CFLAGS) @FLAGS1@ @SAMBA_CPPFLAGS@ $(CPPFLAGS)
 FLAGS2 =
 FLAGS3 =
@@ -234,8 +205,6 @@ EVERYTHING_PROGS = bin/[EMAIL PROTECTED]@ bin/[EMAIL PROTECTED]@ \
 	bin/[EMAIL PROTECTED]@ bin/[EMAIL PROTECTED]@ bin/[EMAIL PROTECTED]@ \
 	bin/[EMAIL PROTECTED]@ bin/[EMAIL PROTECTED]@
 
-SHLIBS = libtalloc libtdb @LIBWBCLIENT@ @LIBSMBCLIENT@ @LIBSMBSHAREMODES@ @LIBADDNS@ libnetapi
-
 PAM_MODULES = @PAM_MODULES@
 
 NSS_MODULES = @NSS_MODULES@
@@ -256,9 +225,6 @@ MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(IDMAP_MODULES) \
 # object file lists
 ##
 
-LIBTDB_OBJ0 = @TDB_OBJS@
-LIBTDB_OBJ = $(LIBTDB_OBJ0) $(LIBREPLACE_OBJ)
-
 TDB_OBJ = lib/util_tdb.o \
 	  lib/dbwrap.o lib/dbwrap_tdb.o \
 	  lib/dbwrap_tdb2.o lib/dbwrap_ctdb.o \
@@ -326,12 +292,6 @@ LIBREPLACE_OBJ = @LIBREPLACE_OBJS@
 SOCKET_WRAPPER_OBJ = @SOCKET_WRAPPER_OBJS@
 NSS_WRAPPER_OBJ = @NSS_WRAPPER_OBJS@
 
-TALLOC_OBJ = @TALLOC_OBJS@
-
-
-LIBTALLOC_OBJ0 = $(TALLOC_OBJ)

Re: [Samba] [ANNOUNCE] Samba 3.2.1 Available for Download

[Michael Adam]

Gerald (Jerry) Carter wrote:
> Michael Adam wrote:
> > Yeah, thanks for your feedback, folks
> > I will do it. 
> 
> Thanks Michael.  You're the best.

Jerry, thats good compensation for the pains I had
yesterday in picking and merging the changes from
3-devel to 3-2-test... :-)

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpe6BF5TZKVa.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [ANNOUNCE] Samba 3.2.1 Available for Download.eml

[Michael Adam]

Hi James,

James Kosin wrote:
> Hmmm
> 
> I attempted to fix the INSTALL part; however, I'm having difficulty
> getting the version numbers after the fact for the install process when
> installing the libraries and rebuilding the symbolic links.
> I heard from someone else that this has already been fixed in the 3.3
> branch; but there has been little or NO feedback.  Could someone email
> me a patch file with the changes to the project to fix this in the 3.2
> branch???  I'm willing to try out the patch and validate anything that
> is required.
> 
> I know this seems to be a dead issue; but, the install is BROKEN for
> most people compiling solely from source.  I've fixed my own packaging
> but again this only makes the .spec file that much more difficult to
> maintain.

No, this issue is not dead. Thanks for insisting! :-)
I will push the necessary changes to v3-2-test tomorrow,
for the 3.2.2 release.

Cheers - Michael

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpoe5IpXOXXd.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [ANNOUNCE] Samba 3.2.1 Available for Download

[Michael Adam]

George R. Kasica wrote:
> >On Wed, 06 Aug 2008 08:01:40 -0700, you wrote:
> >Michael Adam wrote:
> >
> >> That is right: the link creation in source/bin is fixed,
> >> but the installation of the links is still broken.
> >> 
> >> It _is_ fixed in the v3-3-test branch which will be used for
> >> 3.3.0 (scheduled for December). The changes to the Make file
> >> and configure were just to profound to go into 3.2.X.
> >
> >If "make install" does not work correctly, it should be patched
> >in 3.2.x I believe.  But I haven't followed the discussion thoroughly
> >so feel to disregard this if it is out of context.
> >
> 
> I'm just a lowly user/sysadmin out here with about 50-70 boxes running
> samba not a developer, but I have to agree with Jerry - PLEASE fix the
> install - we don't run off RPMS here and build/install from source
> here and right now what we have is a package that doesn't install. 
> 
> I realize that this is freeware but if it was a commercial product you
> couldn't ship it with a broken install routine I don't think.

Yeah, thanks for your feedback, folks
I will do it. 

Cheers - Michael

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgp8lCzUIDAGc.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [ANNOUNCE] Samba 3.2.1 Available for Download

[Michael Adam]

Gerald (Jerry) Carter wrote:
> Michael Adam wrote:
> 
> > That is right: the link creation in source/bin is fixed,
> > but the installation of the links is still broken.
> > 
> > It _is_ fixed in the v3-3-test branch which will be used for
> > 3.3.0 (scheduled for December). The changes to the Make file
> > and configure were just to profound to go into 3.2.X.
> 
> If "make install" does not work correctly, it should be patched
> in 3.2.x I believe.  But I haven't followed the discussion thoroughly
> so feel to disregard this if it is out of context.

As indicated above, this has been fixed in v3-3-test more than a
month ago. Here is my mail to samba-technical that explained the
changes and asked whether these should go into 3.2.X.

http://lists.samba.org/archive/samba-technical/2008-July/060074.html

There has been no reply so far. Karolin had expressed concerns about
the depth of the changes to the build system. (It were some 40 or 50
commits, see the list included in the mail.)

On concern I had myself is that the packagers have already put
their workarounds for the broken library install to their
packaging automatisms (just like they had already done before with
libsmbclient).

I, personally, am happy with fixing these things in 3.2.2, but I
did not want do decide it alone.

Btw: One more thing that would really ease the packaging would be
the configure-time separation of libdir and modules dir, so that
the libs can directly be installed into /usr/lib[64]/ while the
modules shoudl go into /usr/lib[64]/samba/. 

See bugs #5592 (https://bugzilla.samba.org/show_bug.cgi?id=5592)
and #5609 (https://bugzilla.samba.org/show_bug.cgi?id=5609).

Any opinions?

Cheers - Michael

-- 
Michael Adam <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpjlrSijZwVl.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [ANNOUNCE] Samba 3.2.1 Available for Download

[Michael Adam]

James Kosin wrote:
> Changes since 3.2.0
> - ---
> 
> 
> o   Michael Adam <[EMAIL PROTECTED]>
>* BUG 5608: Fix link creation for libtalloc.so.1 (and friends) on
>  Solaris 8.
>* BUG 5594: Fix "make test" by adding and using a new testparm
>  switch "--skip-logic-checks".
>* Fix creation of libaddns.a, libsmbclient.a and libsharemodes.a.
>* Update the section about net conf in the net(8) manpage.
>* Improve processing of registry shares.
>* Fix listing of registry shares with testparm.
>* Fix several build issues.
> 
> ---
> 
> The installation is still broken.  The symbolic links are not 
> copied/installed during the install procedure.  As a result, the user still 
> may need to create the symbolic links to the libraries.
> 
> James Kosin 

That is right: the link creation in source/bin is fixed,
but the installation of the links is still broken.

It _is_ fixed in the v3-3-test branch which will be used for
3.3.0 (scheduled for December). The changes to the Make file
and configure were just to profound to go into 3.2.X.

Another reason for not picking the changes for 3.2.X is that
packagers already have their workarounds for 3.2.0.

If people complain strongly enough, we could of course re-consider
adding them for 3.2.2... :-)

Cheers - Michael

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpwIyHrzzqGQ.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [ANNOUNCE] Samba 3.2.1 Available for Download

[Michael Adam]

FYI:

I have just yesterday taken over bug 5507 which is about that error.
I had been adapting the packaging/RHEL-CTDB/ stuff (due to my
work on that branch), but I have not taken care of the RHEL/ folder.

Cheers - Michael

Adam Williams wrote:
> thanks! :)
> 
> Gerald (Jerry) Carter wrote:
> >I'll take care of it. I need to do something productive this
> >week anyways :-)
> >  

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpnR2Hu6fQnF.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] unable to build 3.2 on HP-UX

[Michael Adam]

Ok, the ML keeps eating my attachments (and signatures)... :-(
You can find the Makfile here:
http://samba.org/~obnox/patches/Makefile.in.3.2.0-fixed

Cheers - Michael

Michael Adam wrote:
> Hi,   
>   
>   
>   
> this is a bug in Makefile.in: When not building   
>   
> shared libs there are variables expanded as empty  
> by configure like @[EMAIL PROTECTED] When these 
> stand in a line of their own (like in the bin/smbd
>   
> target just before the bin/nmbd target), this leads   
>   
> to lines consisting only of tabs + maybe spaces.  
>   
> This leads to the build errors you had.   
>   
>   
>   
> This is all fixed in the v3-2-stable tree, and the
>   
> fix will be in 3.2.1 which is going to be released
>   
> tomorrow.
> 
> I attach a fixed Makefile.in if you would like to test
> it immediately. You should only need to run
> ./config.status and then make.
> 
> Cheers - Michael
> 
> Dag Ager wrote:
> > Hi all,
> > 
> > I'm trying to build Samba 3.2 on HP-UX 11.11. I already tried different
> > settings
> > (without ldap, active directory etc, building in a different directory)
> > but without
> > success.
> > The Problem is independent from configure options - called within the
> > source tree without any options leads exactly  to the same result.
> > 
> > Here are some informations about my setup:
> > 
> > gcc (GCC) 4.2.3
> > HP-UX  B.11.11
> > samba-3.2.0
> > PA-RISC 2.0 / 64Bit
> > 
> > The following snippets are from my last attempt where i tried to build
> > in a seperate directory. When I build directly in the source directory
> > exactly the same happens.
> > 
> > ../source/configure --prefix=/opt/samba --with-ldap=no
> > 
> > 
> > warnings during configure:
> > 
> > ..
> > checking arpa/inet.h presence... yes
> > checking for arpa/inet.h... yes
> > checking netinet/ip.h usability... no
> > checking netinet/ip.h presence... yes
> > configure: WARNING: netinet/ip.h: present but cannot be compiled
> > configure: WARNING: netinet/ip.h: check for missing prerequisite
> > headers?
> > configure: WARNING: netinet/ip.h: see the Autoconf documentation
> > configure: WARNING: netinet/ip.h: section "Present But Cannot Be
> > Compiled"
> > configure: WARNING: netinet/ip.h: proceeding with the preprocessor's result
> > configure: WARNING: netinet/ip.h: in the future, the compiler will take
> > precedence
> > configure: WARNING: ##  ##
> > configure: WARNING: ## Report this to [EMAIL PROTECTED] ##
> > configure: WARNING: ##  ##
> > 
> > --> strage one, perhaps the cause for the problem
> > 
> > 
> > checking SONAMEFLAG... -Wl,+h
> > checking PICFLAG... -fPIC
> > checking NSSSONAMEVERSIONSUFFIX...
> > checking whether building shared libraries actually works... (Bundled)
> > cc: warning 422: Unknown option "b" ignored.
> > /usr/ccs/bin/ld: CODE_ONE_SYM fixup to non-code subspace in file
> > /usr/ccs/lib/crt0.o - shared library must be position independent. Use
> > +z or +Z to recompile.
> > no
> > checking used PICFLAG... -fPIE
> > checking for long long... yes
> > checking for intptr_t... (cached) yes
> > checking for LL suffix on long long integers... yes
> > 
> > checking for Active Directory and krb5 support... auto
> > configure: WARNING: Disabling Active Directory support (requires LDAP
> > support)
> > checking for nscd_flush_cache in -lnscd... no
> > 
> > checking whether to use shared libraries internally... false
> > configure: WARNING: --enable-shared-libs: no support for shared libraries
> > checking whether to build the libtalloc shared library... no shared
> > library support -- will supply static library
> > ...
> > 
> > --> no more warnings and no errors at all during configure.
> > 
> > compiler error:
> > 
> > .
> > 
> > Compiling librpc/gen_ndr/ndr_libnet_join.c
> 

[EMAIL PROTECTED]: Re: [Samba] unable to build 3.2 on HP-UX]

[Michael Adam]

hmm, the mailing list engine seems to have eaten my
attachmen (and my signature) trying again

- Forwarded message from Michael Adam <[EMAIL PROTECTED]> -

Date: Mon, 4 Aug 2008 22:43:55 +0200
From: Michael Adam <[EMAIL PROTECTED]>
To: Dag Ager <[EMAIL PROTECTED]>
Subject: Re: [Samba] unable to build 3.2 on HP-UX

Hi, 



this is a bug in Makefile.in: When not building 

shared libs there are variables expanded as empty  
by configure like @[EMAIL PROTECTED] When these 
stand in a line of their own (like in the bin/smbd  

target just before the bin/nmbd target), this leads 

to lines consisting only of tabs + maybe spaces.

This leads to the build errors you had. 



This is all fixed in the v3-2-stable tree, and the  

fix will be in 3.2.1 which is going to be released  

tomorrow.

I attach a fixed Makefile.in if you would like to test
it immediately. You should only need to run
./config.status and then make.

Cheers - Michael

Dag Ager wrote:
> Hi all,
> 
> I'm trying to build Samba 3.2 on HP-UX 11.11. I already tried different
> settings
> (without ldap, active directory etc, building in a different directory)
> but without
> success.
> The Problem is independent from configure options - called within the
> source tree without any options leads exactly  to the same result.
> 
> Here are some informations about my setup:
> 
> gcc (GCC) 4.2.3
> HP-UX  B.11.11
> samba-3.2.0
> PA-RISC 2.0 / 64Bit
> 
> The following snippets are from my last attempt where i tried to build
> in a seperate directory. When I build directly in the source directory
> exactly the same happens.
> 
> ../source/configure --prefix=/opt/samba --with-ldap=no
> 
> 
> warnings during configure:
> 
> ..
> checking arpa/inet.h presence... yes
> checking for arpa/inet.h... yes
> checking netinet/ip.h usability... no
> checking netinet/ip.h presence... yes
> configure: WARNING: netinet/ip.h: present but cannot be compiled
> configure: WARNING: netinet/ip.h: check for missing prerequisite
> headers?
> configure: WARNING: netinet/ip.h: see the Autoconf documentation
> configure: WARNING: netinet/ip.h: section "Present But Cannot Be
> Compiled"
> configure: WARNING: netinet/ip.h: proceeding with the preprocessor's result
> configure: WARNING: netinet/ip.h: in the future, the compiler will take
> precedence
> configure: WARNING: ##  ##
> configure: WARNING: ## Report this to [EMAIL PROTECTED] ##
> configure: WARNING: ##  ##
> 
> --> strage one, perhaps the cause for the problem
> 
> 
> checking SONAMEFLAG... -Wl,+h
> checking PICFLAG... -fPIC
> checking NSSSONAMEVERSIONSUFFIX...
> checking whether building shared libraries actually works... (Bundled)
> cc: warning 422: Unknown option "b" ignored.
> /usr/ccs/bin/ld: CODE_ONE_SYM fixup to non-code subspace in file
> /usr/ccs/lib/crt0.o - shared library must be position independent. Use
> +z or +Z to recompile.
> no
> checking used PICFLAG... -fPIE
> checking for long long... yes
> checking for intptr_t... (cached) yes
> checking for LL suffix on long long integers... yes
> 
> checking for Active Directory and krb5 support... auto
> configure: WARNING: Disabling Active Directory support (requires LDAP
> support)
> checking for nscd_flush_cache in -lnscd... no
> 
> checking whether to use shared libraries internally... false
> configure: WARNING: --enable-shared-libs: no support for shared libraries
> checking whether to build the libtalloc shared library... no shared
> library support -- will supply static library
> ...
> 
> --> no more warnings and no errors at all during configure.
> 
> compiler error:
> 
> .
> 
> Compiling librpc/gen_ndr/ndr_libnet_join.c
> mkdir nsswitch/libwbclient
> Compiling nsswitch/libwbclient/wbclient.c
> Compiling nsswitch/libwbclient/wbc_util.c
> Compiling nsswitch/libwbclient/wbc_pwd.c
> Compiling nsswitch/libwbclient/wbc_idmap.c
> Compiling nsswitch/libwbclient/wbc_sid.c
> Compiling nsswitch/libwbclient/wbc_pam.c
> Compiling nsswitch/wb_common.c
> Linking non-shared library bin/libwbclient.a
>

Re: [Samba] unable to build 3.2 on HP-UX

[Michael Adam]

test: created directory nmbd and restarted make:
> 
> 
> 
> 11:02 da:en6[86]
> make
> 
> /opt/build/samba-3.2.0/build
> Using FLAGS  =  -O -D_SAMBA_BUILD_=3
> -I/opt/build/samba-3.2.0/build/../source/iniparser/src -Iinclude
> -I/opt/build/samba-3.2.0/build/../source/include -I.
> -I/opt/build/samba-3.2.0/build/../source
> -I/opt/build/samba-3.2.0/build/../source/lib/replace
> -I/opt/build/samba-3.2.0/build/../source/lib/talloc
> -I/opt/build/samba-3.2.0/build/../source/lib/tdb/include
> -I/opt/build/samba-3.2.0/build/../source/libaddns
> -I/opt/build/samba-3.2.0/build/../source/librpc -DHAVE_CONFIG_H
> -Iinclude -I../source/include -I. -I../source -I../source/lib/replace
> -I../source/lib/talloc -I../source/lib/tdb/include -I../source/libaddns
> -I../source/librpc -I../source/popt   -I/include
> -I/opt/build/samba-3.2.0/build/../source/lib -D_SAMBA_BUILD_=3
>  PICFLAG= -fPIE
>  LIBS   = -lsec -lnsl -liconv
>  LDFLAGS= -pie  -L./bin
>  DYNEXP = -Wl,-E,+b/usr/local/lib:/usr/lib
>  LDSHFLAGS  = shared-libraries-disabled  -L./bin
>  SHLIBEXT   = shared_libraries_disabled
>  SONAMEFLAG = shared-libraries-disabled
> Linking non-shared library bin/libtalloc.a
> WARNING: you need to run ./config.status
> Linking non-shared library bin/libsmbclient.a
> Linking non-shared library bin/libsmbsharemodes.a
> Linking bin/smbd
> sh[7]: bin/nmbd::  not found.
> *** Error exit code 127
> 
> 
> --> not really better...
> 
> Anyone an Idea? Are there any known Problem with the version of gcc I use?
> 
> Dag
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpnkYit0CXRI.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Unstable printing w/3.2.0

[Michael Adam]

Adam Tauno Williams wrote:
> I've upgraded my print server to CentOS5 w/Samba 3.2.0.  While it
> "works" we are experiencing numerous irritating issues.  I'm curious if
> anyone else is experencing these issues.
> 
> 1.) Print jobs do not clear out of the CIFS queue.  So we now have
> printers that show they have over 1,000 jobs in the queue although the
> queue is empty.   This is a bug scheduled to be fixed in 3.2.1 (I
> believe) so at least I'm not crazy on this one.

This is a bug, and it is already fixed (for 3.2.1). You are not crazy! :-)

Cheers - Michael

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpVHKoFWJnwH.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Join Server to Domain Fails

[Michael Adam]

Bit Byte wrote:
> Hi list,
> 
> Would anyone please help me troubleshoot the following?
> 
> [EMAIL PROTECTED] ~]# service smb status
> smbd is stopped
> nmbd is stopped
> [EMAIL PROTECTED] ~]# net rpc join -S MYPDC
> Password:
> Creation of workstation account failed
> User specified does not have administrator privileges
> Unable to join domain MYDOMAIN.
> [EMAIL PROTECTED] ~]#
> 
> I'm not sure why this would happen if my user specified (root by default,
> yes?) has admin privileges.

You need to specify a domain-user that has administrative
privileges in the domain/on the PDC, e.g. (assuming it is a
windows DC):

net rpc join -U MYDOMAIN\\administrator

Cheers - Michael

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpriKx9EvmVC.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.2 RPMs

[Michael Adam]

Linux Addict wrote:
> Michael Adam wrote:
> >Hi, 
> >
> >oh, the RHEL makerpms.sh hast not been updated apparently...
> >
> >You can find RPMS for RHEL 3, 4, 5 at
> >http://www.enterprisesamba.org/
> >
> Thanks Adam... I will install them.
> 
> Do you mind sending me a copy of makerpms.sh and samba.spec.? I may have 
> to customize them.

These RPMs are not built with the makerpms.sh but directly from
the spec file that you can extract from the src.rpm with
"rpmbuild -ba".

A working version of makerpms.sh which is for producing
samba packages for use in clustered setups with ctdb can
be found the folder packaging/RHEL-CTDB/ in the source tree.
The most up to date version of this is in the v3-2-ctdb branch
to be found at http://gitweb.samba.org/?p=obnox/samba-ctdb.git

Cheers - Michael

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpx8glH3nho8.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.2 RPMs

[Michael Adam]

Hi, 

oh, the RHEL makerpms.sh hast not been updated apparently...

You can find RPMS for RHEL 3, 4, 5 at
http://www.enterprisesamba.org/

Cheers - Michael

Linux Addict wrote:
> Hi, I have been trying to make samba 3.2 RPMs for RHEL 4, but so far no 
> luck. I yummed on Fedora box which was successfull. But the RHEL 
> makerpms.sh seems to be failing on libmsrpc error. I remember working on 
> sometime back, never really resolved. Now 3.2 is officially released, 
> hope someone were able to make RPMs.
> 
> Any help is greatly appreciated.
> 
> Thanks, MK
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpU9IwuldnmY.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Correct remedy for winbindd sulking on 3.0.30?

[Michael Adam]

Hi,

This should have been fixed in the just released 3.0.31.
Please try that!
For more details regarding the fix you cite below, see
bug #5504 on bugzilla.samba.org.

Cheers - Michael

John Marshall wrote:
> Greetings,
> 
> I have recently upgraded from 3.0.28a to 3.0.30 on a couple of FreeBSD 7.0
> servers: one in a Windows 2000 Active Directory environment, and the other
> in a Windows 2003 Active Directory environment, as member servers.
> Everything works for a while and then winbindd goes into sulking mode.
> Re-starting fixes everythng for a little while.
> 
> I'm guessing I've hit the winbindd bug described here:
> http://lists.samba.org/archive/samba/2008-June/141041.html
> 
> What is the recommended resolution?
> 1. Apply the patch included in the post referenced above?
> 2. Apply a different patch?
> 3. Upgrade to version n?
> 4. Go back to 3.0.28a?
> 5. Something else?
> 
> If there is a prticular patch recommended I would like to include it in a PR
> to the FreeBSD samba port maintainer. The current FreeBSD net/samba3 port is
> 3.0.30.
> 
> Thank you for your help.
> 
> -- 
> John Marshall

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpVVxJnUspdX.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] DC outage

[Michael Adam]

Hi Urs, 

you can also set something like "password server = dc1 dc2 *" 
to specify preferred domain controllers, but keep failover
autodetection enabled. But when the join with "password server = *"
does not work, this indicates that you have a problem with
autodetection generally.

In order for dc detection to work with security = ads, you
need to have (among other things) a proper dns configuration
so that your kdc and domain controller can be found via dns
queries for srv records. Optimally, (one of your) domain
controller(s) is the dns name server. 

If problems persist, could you post your smb.conf here?

Cheers - Michael

Urs Golla wrote:
> Hi Michael
> 
> Thats what I thought after reading the manual again. is this entry
> needed for joining? as far as i remember, the join was not working
> when i had no pw server defined. hm... i will test again.
> 
> cheers
> 
> On Thu, Jul 10, 2008 at 10:05 PM, Michael Adam <[EMAIL PROTECTED]> wrote:
> > Hi Urs,
> >
> > you should not set any specific password server in the smb.conf
> > if you want DC failover to work. Instead, leave it at the default,
> > which is *, so that dns lookups of srv records is enabled.
> >
> > Cheers, Michael
> >
> > Urs Golla wrote:
> >> it is the latest stable from sernet for rhel4 32bit
> >>
> >> On Thu, Jul 10, 2008 at 6:27 PM, Jeremy Allison <[EMAIL PROTECTED]> wrote:
> >> > On Thu, Jul 10, 2008 at 05:05:48PM +0200, Urs Golla wrote:
> >> >> Hello
> >> >>
> >> >> We had an outage of one of our domain controllers today and all Linux
> >> >> servers have lost their connection to the ADS. I always thought
> >> >> winbind should switch to another DC if one is not reachable anymore.
> >> >> The windows servers in the same domain switched to a new one. do i
> >> >> have to specify more than 1 password server in smb.conf?
> >> >
> >> > No you shouldn't. What version of Samba is this ?
> >> >
> >> > Jeremy.
> >> >
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgplL4DYQ8w23.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.2.0 doesn't compile under Solaris8

[Michael Adam]

FYI: 

I have fixed that in v3-3-test in a bigger rewrite and filed
a bug for 3.2.0 (#5608).

Michael

Michael Adam wrote:
> Oops, looks like an old bin/libtalloc.so.1 is in the way.
> For now "rm bin/libtalloc.so.1" before make should be a
> workaround.
> 
> I'll have to look if this is a bug in the build system...
> 
> Cheers - Michael
> 
> Oliver Weinmann wrote:
> > Dear All,
> > 
> > Yesterday I downloaded the latest Samba release 3.2.0 and tried to compile
> > it against blastwave.org packages, as I always do. But it fails with error:
> > 
> > "/usr/include/sys/termios.h", line 38: warning: macro redefined: CTRL
> > "./librpc/gen_ndr/srvsvc.h", line 232: warning: enumerator value overflows
> > INT_M
> > AX (2147483647)
> > "./librpc/gen_ndr/srvsvc.h", line 235: warning: enumerator value overflows
> > INT_M
> > AX (2147483647)
> > "./librpc/gen_ndr/srvsvc.h", line 238: warning: enumerator value overflows
> > INT_M
> > AX (2147483647)
> > "./librpc/gen_ndr/srvsvc.h", line 242: warning: enumerator value overflows
> > INT_M
> > AX (2147483647)
> > "./librpc/gen_ndr/wkssvc.h", line 10: warning: useless declaration
> > "./librpc/gen_ndr/samr.h", line 633: warning: useless declaration
> > "./librpc/gen_ndr/nbt.h", line 496: warning: useless declaration
> > "./librpc/gen_ndr/netlogon.h", line 204: warning: useless declaration
> > "./librpc/gen_ndr/netlogon.h", line 206: warning: useless declaration
> > "./librpc/gen_ndr/libnet_join.h", line 10: warning: useless declaration
> > Linking non-shared library bin/libtalloc.a
> > Compiling lib/replace/replace.c
> > Compiling lib/replace/snprintf.c
> > Compiling lib/replace/getpass.c
> > Compiling lib/replace/strptime.c
> > Compiling lib/replace/timegm.c
> > Compiling lib/replace/inet_aton.c
> > "/usr/include/netdb.h", line 412: warning: macro redefined: MAXHOSTNAMELEN
> > Compiling lib/replace/getifaddrs.c
> > "/usr/include/netdb.h", line 412: warning: macro redefined: MAXHOSTNAMELEN
> > creating /opt/SOURCES/samba-3.2.0/source/exports/libtalloc.syms
> > Linking shared library bin/libtalloc.so
> > ln: cannot create bin/libtalloc.so.1: File exists
> > *** Error code 2
> > make: Fatal error: Command failed for target `bin/libtalloc.so'
> > Build failed!  Exiting
> > 
> > On the same build machine I'm able to compile Samba 3.0.30 without any
> > problems at all.
> > 
> > A few informations about my workstation:
> > 
> > bash-2.03# uname -a
> > SunOS ares 5.8 Generic_117350-02 sun4u sparc SUNW,Sun-Fire-480R
> > 
> > I'm using Sun Studio 11 Compiler:
> > 
> > bash-2.03# /opt/studio11/SUNWspro/bin/cc -V
> > cc: Sun C 5.8 2005/10/13
> > usage: cc [ options] files.  Use 'cc -flags' for details
> > 
> > my environment variables:
> > 
> > bash-2.03# echo $CPPFLAGS
> > -I/opt/csw/include
> > bash-2.03# echo $LD_OPTIONS
> > -R/opt/csw/lib/$ISALIST -R/opt/csw/lib -L/opt/csw/lib
> > 
> > and my configure options:
> > 
> > 
> > *./configure –with-ads –with-krb5=/opt/csw –with-pam –with-winbind
> > –with-shared-modules=idmap_ad –prefix=/opt/csw
> > –with-swatdir=/opt/csw/share/samba/swat –with-configdir=/opt/csw/etc/samba
> > –with-privatedir=/opt/csw/etc/samba/private*
> > 
> > **
> > 
> > *I also tried using gcc from blastwave.org but it fails at the same stage.*
> > 
> > **
> > 
> > *Any ideas? I couldn't find anything related on google as 3.2.0 is quite new
> > I guess.*
> > 
> > **
> > 
> > **
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgp780LYKg4UM.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Install error when trying to install ver 3.2.0

[Michael Adam]

The problem here is that ln -s -f does now work as expected
on solaris 8 (at least). Here "expected" means that it will
remove the link if it already exists, i.e. the behaviour I
experienced on linux.

I have fixed that in the v3-3-test branch (with a whole
rewrite and cleanup of the library build system).

Since the whole rewrite will probably not make it into
3.2.X bugfix releases, I will see if I can get a small
bugfix into v3-2-test... 

I have filed a new bug #5608 for this issue.

Michael

David Eisner wrote:
> On Wed, Jul 9, 2008 at 12:21 PM, William Edward Wilson
> <[EMAIL PROTECTED]> wrote:
> > ln: cannot create bin/libtalloc.so.1: File exists
> > *** Error code 2
> > make: Fatal error: Command failed for target `bin/libtalloc.so'
> >
> > What needs to be changed to get the make install to work?
> 
> William,
> 
> I haven't had a chance to figure out what in the build setup is
> responsible for this bug, but as a work-around I just delete
> bin/libtalloc.so.1 and type make again to continue the build.
> 
> -David
> 
> -- 
> David Eisner http://cradle.brokenglass.com
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpkE2bjfzmIb.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] DC outage

[Michael Adam]

Hi Urs,

you should not set any specific password server in the smb.conf
if you want DC failover to work. Instead, leave it at the default,
which is *, so that dns lookups of srv records is enabled.

Cheers, Michael

Urs Golla wrote:
> it is the latest stable from sernet for rhel4 32bit
> 
> On Thu, Jul 10, 2008 at 6:27 PM, Jeremy Allison <[EMAIL PROTECTED]> wrote:
> > On Thu, Jul 10, 2008 at 05:05:48PM +0200, Urs Golla wrote:
> >> Hello
> >>
> >> We had an outage of one of our domain controllers today and all Linux
> >> servers have lost their connection to the ADS. I always thought
> >> winbind should switch to another DC if one is not reachable anymore.
> >> The windows servers in the same domain switched to a new one. do i
> >> have to specify more than 1 password server in smb.conf?
> >
> > No you shouldn't. What version of Samba is this ?
> >
> > Jeremy.
> >
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpxFZCcKmxPy.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: RE RE [Samba] libtalloc on samba-3.2.0

[Michael Adam]

I just fixed the library build in the v3-3-test branch.
Symlinks are in the right direction, install is fixed.
And so on.
If you like you could try that!

Michael

Michael Adam wrote:
> Oops.
> 
> There are still bugs to the new internal shared libs feature
> especially related to make install. Also note that the link
> is in the wrong direction. libtalloc.so.1 should be the file
> and libtalloc.so should be the symlink to libtalloc.so.1 .
> 
> I am plan to fix that for the next bugfix releases, but for
> sure this will be gone in 3.3.0 (which we plan to release in
> roughly 6 months).
> 
> If your problem is reproducible, you could help keeping track
> of this by filing a bug at bugzilla.samba.org (and assign it
> to [EMAIL PROTECTED]).
> 
> Note that you can disable the use of shared libs internally
> by specifying "--disable-shared-libs" as an option to configure.
> (Except for libwbclient which Jerry wanted to be shared-only.)
> 
> Cheers - Michael
> 
> 
> Stéphane PURNELLE wrote:
> > Hi,
> > 
> > I confim that it's the missing symlink who cause problems.
> > copy symlink from samba source/bin to install lib resolve problem
> > 
> > 
> > Stéphane
> > 
> > ---
> > Stéphane PURNELLE [EMAIL PROTECTED]
> > Service Informatique   Corman S.A.   Tel : 00 32 087/342467
> > 
> > [EMAIL PROTECTED] a écrit sur 
> > 02/07/2008 11:26:54 :
> > 
> > > Hi,
> > > 
> > > It seems that the symlink is not correcly applyed.
> > > 
> > > /usr/local/lib/libtalloc.so.1 not exist
> > > /usr/local/lib/libtalloc.so exist.
> > > 
> > > a+
> > > 
> > > Stéphane
> > > 
> > > ---
> > > Stéphane PURNELLE [EMAIL PROTECTED]
> > > Service Informatique   Corman S.A.   Tel : 00 32 087/342467
> > > 
> > > [EMAIL PROTECTED] a écrit sur 
> > > 02/07/2008 11:01:07 :
> > > 
> > > > Hi,
> > > > 
> > > > I already read some messages with libtalloc problem and I have the 
> > same 
> > > 
> > > > problem.
> > > > Redhat enterprise linux 5 samba compiled from source. 
> > > > 
> > > > Démarrage des services SMB :/usr/local/sbin/smbd: error while loading 
> > > > shared libraries: libtalloc.so.1: cannot open shared object file: No 
> > > such 
> > > > file or directory
> > > >[FAILED]
> > > > Démarrage des services NMB :/usr/local/sbin/nmbd: error while loading 
> > > > shared libraries: libtalloc.so.1: cannot open shared object file: No 
> > > such 
> > > > file or directory
> > > >[FAILED]
> > > > 
> > > > [EMAIL PROTECTED] source]# ldd /usr/local/sbin/smbd
> > > > linux-gate.so.1 =>  (0x0011)
> > > > libldap-2.3.so.0 => /usr/local/lib/libldap-2.3.so.0 
> > (0x002ed000)
> > > > liblber-2.3.so.0 => /usr/local/lib/liblber-2.3.so.0 
> > (0x00111000)
> > > > libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 
> > (0x00265000)
> > > > libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00edc000)
> > > > libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x0011c000)
> > > > libcom_err.so.2 => /lib/libcom_err.so.2 (0x00142000)
> > > > libcups.so.2 => /usr/local/lib/libcups.so.2 (0x00145000)
> > > > libssl.so.0.9.7 => /usr/local/lib/libssl.so.0.9.7 (0x001e4000)
> > > > libcrypto.so.0.9.7 => /usr/local/lib/libcrypto.so.0.9.7 
> > > > (0x008cd000)
> > > > libz.so.1 => /usr/lib/libz.so.1 (0x00178000)
> > > > libpthread.so.0 => /lib/libpthread.so.0 (0x0018b000)
> > > > libm.so.6 => /lib/libm.so.6 (0x00ab3000)
> > > > libcrypt.so.1 => /lib/libcrypt.so.1 (0x001a2000)
> > > > libacl.so.1 => /lib/libacl.so.1 (0x001d)
> > > > libattr.so.1 => /lib/libattr.so.1 (0x001d7000)
> > > > libcap.so.1 => /lib/libcap.so.1 (0x001dc000)
> > > > libresolv.so.2 => /lib/libresolv.so.2 (0x00215000)
> > > > libnsl.so.1 => /lib/libnsl.so.1 (0x00228000)
> > > > libdl.so.2 => /lib/libdl.

Re: [Samba] How to handle multi process open smb.conf at the time

[Michael Adam]

Jeremy Allison wrote:
> On Wed, Jul 09, 2008 at 12:39:13AM +0800, chenyun_zhou wrote:
> >  Hi, everyone
> >  
> >  I am try to write a program to edit smb.conf, and the question is "
> >   If I open smb.conf for editing, but other process such as smbd , nmbd and 
> > winbind is reading the file, How to handle the this collision, and I want 
> > to open this file immediaetly ,and afte closing this file , tell these 
> > process to read it."
> 
> Do what all other unix programs do in this circumstance.
> Create a temp smb.conf file and then do an atomic rename
> into place. The next time smbd/nmbd re-read the file (or
> when you tell them to do it via a MSG_SMB_CONF_UPDATED
> message) they'll see the new contents.

Hi chenyun_zhou,

Let me draw your attention to the new registry based
configuration that is offered as a new feature in 3.2.0.

Configuration stored in samba's registry.tdb database
can be used if you activate it in a (minimal) smb.conf.
Then you can edit the configuration comfortably with
the new "net conf" command. (e.g. from scripts).
Since the tdb databases support locking, this method has
no problems with concurrent access.

To give you an idea, here is the list of subcommands of net conf:

net conf listDump the complete configuration in smb.conf like 
format.
net conf import  Import configuration from file in smb.conf format.
net conf listshares  List the share names.
net conf dropDelete the complete configuration.
net conf showshare   Show the definition of a share.
net conf addshareCreate a new share.
net conf delshareDelete a share.
net conf setparm Store a parameter.
net conf getparm Retrieve the value of a parameter.
net conf delparm Delete a parameter.
net conf getincludes Show the includes of a share definition.
net conf setincludes Set includes for a share.
net conf delincludes Delete includes from a share definition.

This is simply the output of "net conf" without further arguements.

For details, see the smb.conf(5) and net(8) manpages.
Yesterday, I have also started to write a document about this at:
http://wiki.samba.org/index.php/Registry_Configuration
But is really only started, needs to be completed...

There also is a "libsmbconf" library that proveds an
interface to the configuration, but it is not yet provided
as a shared library.

In source/lib/netapi/examples/netdomjoin-gui/ you can
find an example gui program that uses libsmbconf to edit
parts of the configuration.

Cheers - Michael

-- 
Michael Adam <[EMAIL PROTECTED]>  <[EMAIL PROTECTED]>
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info @ SerNet.DE


pgpBGY7qVDl7Y.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba