Re: [Samba] Advantages to using CUPS printing on a PDC
The only advantage I have found ist o set up a central pdf-printer with cups. So all pdfs are created in the users /home/pdf. For all other stuff you will be better with a network printer. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Michael da Silva Pereira Gesendet: Freitag, 28. Oktober 2011 07:15 An: samba@lists.samba.org Betreff: [Samba] Advantages to using CUPS printing on a PDC Hi, I'd like to know the advantages out there in the field, using CUPS to print from the PDC. To me it sounds like just adding another single point of failure in the network, perhaps I am being blinded by windows printing issues to see the advantage in running all the prints via a PDC box? How out there has implemented it and has it helped? Kind Regards, Michael da Silva Pereira -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Advantages to using CUPS printing on a PDC
I'd like to know the advantages out there in the field, using CUPS to print from the PDC. To me it sounds like just adding another single point of failure in the network, perhaps I am being blinded by windows printing issues to see the advantage in running all the prints via a PDC box? Centralized management of printers? Print job accounting? Network printing to printers without a network interface? These examples can be important in some environments. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Advantages to using CUPS printing on a PDC
On Fri, Oct 28, 2011 at 5:45 AM, Miguel Medalha miguelmeda...@sapo.pt wrote: I'd like to know the advantages out there in the field, using CUPS to print from the PDC. To me it sounds like just adding another single point of failure in the network, perhaps I am being blinded by windows printing issues to see the advantage in running all the prints via a PDC box? Centralized management of printers? Print job accounting? Network printing to printers without a network interface? These examples can be important in some environments. In particular, the ability for an admin to lock the printing to a single server, or pair of servers, on a dedicated VLAN and provide a single point of *management* for print queues. There's nothing like having to find the idiot who's been sending their 300 page print jobs to the wrong printer, and resent it 10 times because it kept not coming out, and get the jobs killed from their laptop. And no, they won't accept the bill for $1/page because it's the color printer: it's IT's problem to make this not happen, even when it's the same idiot who won't permit IT to *label the printers visibly* because it detracts from the ambience of the office used for presentations. Been there, had some idiot printing dozens of resumes for handing out to a poster printer. We got suspicious and pulled the plug on the printer when we heard it churning that long. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] winbind nsswitch resolving names issue
Hi, I manage have a mixed enviroment, which is composed by a BDC win2k3 plus fileserver linux Suse with samba ver. 3.0.22-13.16, an old one I know... :( I'm facing an odds behaviour with wbinfo querying by bash console from my linux desktop (ubuntu 11.04 smb 3.5.8, joined in domain and regularly I authenticated to). For my purpose I've written this tiny script idtest.sh : #!/bin/bash user=$1 if [ -z $user ]; then echo Usage : idtest.sh username_to_search exit 1 fi for gruppo in `id -G $user`; do if [ $gruppo -ge 1 ]; then sid=`wbinfo -G $gruppo` desc=`wbinfo -s $sid` echo $gruppo - $sid - $desc fi done exit 0 Is not clear to me why if I query my user, randomly it doesn't show mine Domain Local Group, only Global Group... I underline this happen randomly, it seems to me... Also, at some point with command id I can see all my group but at same time wbinfo -r myaccount doesn't show Local Group again... And I need be sure to retrive clearly all domain groups, local and global I tried to give a look (a bit in deep as well), to winbind wbinfo smb... at these matter, but I'm unable to find a clear response, what am I missing ? Finally I would ask some clarification about option compat in nsswich.conf, 'cause I've not find in doc and man a clear explanation. Any help would be appreciated, thx in advance... Alessio. signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Advantages to using CUPS printing on a PDC
On 10/28/2011 12:15 AM, Michael da Silva Pereira wrote: Hi, I'd like to know the advantages out there in the field, using CUPS to print from the PDC. To me it sounds like just adding another single point of failure in the network, perhaps I am being blinded by windows printing issues to see the advantage in running all the prints via a PDC box? How out there has implemented it and has it helped? Kind Regards, Michael da Silva Pereira I see no advantage to use the PDC as print server, but I guess there are many ways to get the same results and it depends on the size/needs of your place. We have a couple of BDCs in every VLAN, one of them serves as a CUPS print server to samba on the VLAN and every user in the VLAN has it's printers configured. That way, the PDC serves a single purpose (it's also our master DNS btw) and it's easy to back-up and restore while users can keep working/printing in case something happens to it, although in 4 years it has never failed. Depending on the print volume and burst-rate, you may even do without a samba print server, for a small setup, an HP/netgear printserver may work. In our case, largish queue handling and print Classes (for added redundancy) offer a better advantage over 'hardware' printservers. Greetings José -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbacked PDC and MS Exchange 5.5 still
Looking to make some changes to an old but working LAN, that has about 10 samba servers serving printers and network shares and a NT 4 PDC server with Exchange 5.5 on it. The samba servers are members of the nt4 domain, XP systems are members of the nt 4 domain also. Samba servers are ldapbacked. We use the ldap component directly to login to the Linux servers. I'd like to be able to support windows 7 clients as domain members, right now the clients are all XP. The plan I'm considering is building a new domain with the latest version of samba 3.x stable series for my RHEL6 servers, join my new windows clients to that domain and create a trust relationship to the NT 4 domain. The existing samba servers can be joined to the new domain so that only the email server will be in the old domain. The idea behind the trust relationship is so that entering email for my users can be just a click and won't have to login again. We'd want to keep the ldap backend capability too. Keeping the exchange is really a stop gap till we can move that function to the cloud. Have others done similar upgrades successfully? Does this sound reasonable? Is the trust relationship overkill and likely to cause problems? (tell users to cache the outlook login and be done) Thanks Derek Derek Werthmuller Director of Technology Innovation and Services Center for Technology in Government 518.442.3892 www.ctg.albany.edu www.ctg.albany.edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbacked PDC and MS Exchange 5.5 still
If you are getting rid of the exchange server it seems a lot of work to do the trusts thing. Having outlook remember your password isn't a major problem. Except of course then people are pretty likely to have forgotten their e-mail password if they ever use another PC. I have found Samba trusts to be fairly painful. I had a Samba 3.0.x PDC (LDAP backend) which I tried having a trust with a Windows 2003 domain.In order for trusts to work, the Samba machine uses Idmap to create a range of unix uid's and gid's for the trusted Windows users. With Samba 3.0.x, these idmap entries were created but would stop working after the cache period expired.I don't know why. When I moved to Samba 3.4.x, the expiration issue went away but then idmap entries were not automatically. We didn't have many people in the Windows 2003 domain so I can manually create idmap entries as needed. My gut feeling is that any changes you make to support Windows 7 machines will break compatibility with legacy machines (e.g. NT4) or the domain trusts- altho installing the latest NT4 SP pack (6a?) may help. Could you make migrate the PDC role from your NT server to a samba 3.4.x or 3.5.x server? I don't think Exchange 5.5 has to be on the domain controller. At my work we have a Samba domain for most of the users and computers. We also have a separate untrusted Win 2008 domain just to support our Exchange 2007 server.It would be nice if we could consolidate to a single domain (or at least a single Active Directory tree) but for the moment people have to maintain separate e-mail accounts. FYI- I had a look at the latest version of Zimbra- it looks like a pretty nice product for a small business, if you decide not to go with the hosting route.I do like Exchange 2007 but it can be a big challenge to set up and maintain, and you really have to have a background with Active Directory and Exchange.Not what I would use for a really small site. On 10/28/2011 10:34 AM, Derek Werthmuller wrote: Looking to make some changes to an old but working LAN, that has about 10 samba servers serving printers and network shares and a NT 4 PDC server with Exchange 5.5 on it. The samba servers are members of the nt4 domain, XP systems are members of the nt 4 domain also. Samba servers are ldapbacked. We use the ldap component directly to login to the Linux servers. I'd like to be able to support windows 7 clients as domain members, right now the clients are all XP. The plan I'm considering is building a new domain with the latest version of samba 3.x stable series for my RHEL6 servers, join my new windows clients to that domain and create a trust relationship to the NT 4 domain. The existing samba servers can be joined to the new domain so that only the email server will be in the old domain. The idea behind the trust relationship is so that entering email for my users can be just a click and won't have to login again. We'd want to keep the ldap backend capability too. Keeping the exchange is really a stop gap till we can move that function to the cloud. Have others done similar upgrades successfully? Does this sound reasonable? Is the trust relationship overkill and likely to cause problems? (tell users to cache the outlook login and be done) Thanks Derek Derek Werthmuller Director of Technology Innovation and Services Center for Technology in Government 518.442.3892 www.ctg.albany.eduwww.ctg.albany.edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Strange Performance Issue / concurrent clients - very very slow
Hi, recently I installed a new GBit connected iSCSI Storage to one of our fileservers. Redhat EL Linux 5.7 samba3x-3.5.4-0.83.el5, kernel 2.6.18-238.19.1.el5PAE, Dell Poweredge 1750, dual Xeon. The transfer speed is very very different, depending on the method I use. Currently I'm the only user accessing that server and there is low network traffic. I know, that there are some overheads etc. which influence the speed. My Test Client is a Macbook pro and a Mac Pro (OS X 10.6.x each, connected by GBit wired lan) I copy a couple of 30 MB files and in an other test files of 1GB. Transferspeed for ftp is about 85 MB/s, scp about 25 MB/s, samba 30 MB/s. So the 'raw' speed is o.k. for me, more that 30 MB would be nice. BUT the most confusing thing is, as soon as I copy files from two clients at the same time to my samba share, the performance drops to 5 MB/s for each client. So 10 MB/s. Transferring from two ftp clients is about 40 MB/s per client. Currently I use 'socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY' Dose anybody has an explanation for such a poor performance? Any tunig tips or hints? Everything is welcome. Thanks and best regards. Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Jürgen Walter MdL Staatssekretär im Ministerium für Wissenschaft, Forschung und Kunst Baden-Württemberg Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Strange Performance Issue / concurrent clients - very very slow
Is the new GBit iSCSI storage connected on the same collision domain as the other machines? If so, you may be hitting the limit of the switch. Try separating iSCSI from the rest of the network with another switch, or at least a separate VLAN. Greetings José On 10/28/2011 10:04 AM, Götz Reinicke wrote: Hi, recently I installed a new GBit connected iSCSI Storage to one of our fileservers. Redhat EL Linux 5.7 samba3x-3.5.4-0.83.el5, kernel 2.6.18-238.19.1.el5PAE, Dell Poweredge 1750, dual Xeon. The transfer speed is very very different, depending on the method I use. Currently I'm the only user accessing that server and there is low network traffic. I know, that there are some overheads etc. which influence the speed. My Test Client is a Macbook pro and a Mac Pro (OS X 10.6.x each, connected by GBit wired lan) I copy a couple of 30 MB files and in an other test files of 1GB. Transferspeed for ftp is about 85 MB/s, scp about 25 MB/s, samba 30 MB/s. So the 'raw' speed is o.k. for me, more that 30 MB would be nice. BUT the most confusing thing is, as soon as I copy files from two clients at the same time to my samba share, the performance drops to 5 MB/s for each client. So 10 MB/s. Transferring from two ftp clients is about 40 MB/s per client. Currently I use 'socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY' Dose anybody has an explanation for such a poor performance? Any tunig tips or hints? Everything is welcome. Thanks and best regards. Götz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Mac OS X / MS Office save issues and possible .TemporaryItems fix
I just wanted to follow up and let the list know that pre-creating the .TemporaryItems folder on our shares and forcing rwx acls for all users appears to have fixed these issues for us and we're considering this issue closed. Best, Nathan Friedl On Sat, 2011-10-15 at 15:53 +, Nathan A Friedl wrote: We have an issue where Macs that try to save MS Office files on our 3.5.11 samba servers occasionally get error messages such as There has been a network or file permission error. The network connection may be lost.” When this happens, the user often has to save the file to their local drive and then copy it over to the network share. After doing some research, we suspect the issue may be related to the .TemporaryItems folder that MS Office creates on any drive that it opens a file on (described here: http://prowiki.isc.upenn.edu/wiki/MS_Office_and_Network_Volumes ). MS Office apparently continually modifies the permissions on this folder and can occasionally prevent a user from opening a file due to wonky permissions. Yesterday we created a .TemporaryItems folder for every share and set the default acl to be rwx for all, as there's no way that Office should be able to change that. We're hoping that will solve the problem, but we've been unable to replicate these problems ourselves so we're just waiting to see if the errors appear again. Are we on the right track here, or do you suspect something else may be going on? Do you have any suggestions for other things to try? Additionally, we've been having a hard time determining a good logging level. When we up the logging, the Macs can rotate the logs quite quickly as they touch every file in a folder whenever the folder is opened. What would your suggestion be for a proper logging level to monitor these issues? Thanks for your time, gosh that's a real old problem and the solution is painful. You should be able to google the issue/resolution. The issue is that one each local Macintosh, the first user created is uid #500 and the next is #501, etc. On probably about 70% of the Mac's, the primary user is the only user and he is uid 500. Likewise, other users simultaneously open files on the server with the same uid # and Microsoft Office just plays havoc (I wonder if they fixed this problem with Office 2008?) Anyway, the only way to permanently fix this problem is to have unique UID's assigned to each user on each Macintosh (at one location, I used LDAP for authenticating users on each Mac). The user can also 'copy' existing files from the server to their desktop, make their changes and then move it back to the server when they are finished (ugh). Otherwise, you can use Libre Office which doesn't suffer from the same issues ;-) Craig Thanks for the advice Craig. I should have mentioned that we're in the process of binding our Macs to our Active Directory domain. We've got Services for UNIX installed on the domain servers and have verified that they have the correct domain uids when logged into their Macs. Oddly enough, some domain users have still had these Office problems on their home shares (which only they have access to). In addition, some of the complaints have come from Office 2011 users, so it doesn't appear that Microsoft has changed anything. We are hopeful that forcing the rwx acls for all users on the .TemporaryItems folder has resolved this (we've had no reports of these problems since before we made the change on Friday), but I wanted to check and see if anyone has any other ideas for things we could be looking at here...and suggestions for the proper logging level to help monitor this issue. Best, Nate -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Strange Performance Issue / concurrent clients - very very slow
Hi José, no, the iSCSI Storag is on a separate collision domain. The file Server has two NICs. And from the test speed you can see, that I can get about 90 MB/s form my client to ths storage through the server: Mac ---gbitlan--- switch ---gbitlan--- fileserver ---gbitlan--- iSCSI cheers . Götz Am 28.10.11 17:24, schrieb José Guzmán: Is the new GBit iSCSI storage connected on the same collision domain as the other machines? If so, you may be hitting the limit of the switch. Try separating iSCSI from the rest of the network with another switch, or at least a separate VLAN. Greetings José On 10/28/2011 10:04 AM, Götz Reinicke wrote: Hi, recently I installed a new GBit connected iSCSI Storage to one of our fileservers. Redhat EL Linux 5.7 samba3x-3.5.4-0.83.el5, kernel 2.6.18-238.19.1.el5PAE, Dell Poweredge 1750, dual Xeon. The transfer speed is very very different, depending on the method I use. Currently I'm the only user accessing that server and there is low network traffic. I know, that there are some overheads etc. which influence the speed. My Test Client is a Macbook pro and a Mac Pro (OS X 10.6.x each, connected by GBit wired lan) I copy a couple of 30 MB files and in an other test files of 1GB. Transferspeed for ftp is about 85 MB/s, scp about 25 MB/s, samba 30 MB/s. So the 'raw' speed is o.k. for me, more that 30 MB would be nice. BUT the most confusing thing is, as soon as I copy files from two clients at the same time to my samba share, the performance drops to 5 MB/s for each client. So 10 MB/s. Transferring from two ftp clients is about 40 MB/s per client. Currently I use 'socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY' Dose anybody has an explanation for such a poor performance? Any tunig tips or hints? Everything is welcome. Thanks and best regards. Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Jürgen Walter MdL Staatssekretär im Ministerium für Wissenschaft, Forschung und Kunst Baden-Württemberg Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Linux Samba Server: empty shares on (Mac) clients [solved]
Hi, after not hearing anything about this issue, I found the problem myself: It is not related to samba, but rather to the AppArmor-Profile for Samba which comes with openSuSE 11.4. The profile, located in /etc/apparmor.d/usr/sbin/smbd only permits access to the home directories on the box, that's why Samba would list the contents of those and not list the contents of any other shares. Adding directory entries defined in other Samba share to /etc/apparmor.d/usr/sbin/smbd solves the problem instantly. For testing one may simply switch off AppArmor altogether (rcapparmor stop as root). This will directly make any self-defined Samba shares fully functional. Cheers, Ray Am 13.09.2011 16:18, schrieb Ray: Hi, I run a Samba Server on openSuSE 11.4 with LDAP Authentication Backend. appears to work fine. However, only some shares work on my Mac client boxes: for instance, i can browse my home directory on the Linux box (/home/ray), whereas other shares are simply empty (r01 below) on the mac (but they are shown as connected). [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes [r01] comment = r01 path = /local/r01 valid users = ray browseable = Yes read only = Yes inherit acls = Yes I get errors like the one below when accessing the shares: [2011/09/13 12:05:55.141244, 0] smbd/dir.c:304(dptr_close) Invalid key 0 given to dptr_close I could not find anything useful googling for this. Can anyone help me out here? Cheers, Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Strange Performance Issue / concurrent clients - very very slow
On Fri, Oct 28, 2011 at 05:04:37PM +0200, Götz Reinicke wrote: Currently I use 'socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY' Remove this line. Setting socket options on a modern Linux kernel is like shaking a chicken at the machine (or SCSI termination magic). Let the kernel self-tune these variables and you'll be much happier. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Resolution for slow samba speeds on our 10.6 Macs
We recently resolved an issue with a few 10.6 Macs in our environment that were experiencing very slow network speeds (a few KB/s) when browsing or opening files on our samba servers, and I just wanted to share our solution in case anyone else sees this problem. We had to create sysctl.conf and nsmb.conf files and place them in /etc on the client Macs. After a reboot, the speeds were back to what we expected from our network. Macwindows.com has more information on this fix: http://www.macwindows.com/snowleopard-filesharing.html#091709k I've included the contents of these conf files below: Nsmb.conf -- [default] streams=no soft=yes domain=XXX notify_off=yes port445=no_netbios -- Sysctl.conf -- net.inet.tcp.delayed_ack=0 -- Nathan Friedl Systems Analyst/Programmer - Weinberg IT n...@northwestern.edumailto:n...@northwestern.edu 847-467-6845 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbacked PDC and MS Exchange 5.5 still
On Fri, Oct 28, 2011 at 10:34 AM, Derek Werthmuller dwert...@ctg.albany.edu wrote: Looking to make some changes to an old but working LAN, that has about 10 samba servers serving printers and network shares and a NT 4 PDC server with Exchange 5.5 on it. The samba servers are members of the nt4 domain, XP systems are members of the nt 4 domain also. I'd like to be able to support windows 7 clients as domain members, right now the clients are all XP. Keeping the exchange is really a stop gap till we can move that function to the cloud. Have others done similar upgrades successfully? Does this sound reasonable? I have a client in a similar situation. NT4 PDC w/Exchange 5.5 and Samba member servers. Main problem is that they're running an old custom Outlook/Exchange workflow app which locks them in until it can be replaced. As you're aware newer then XP cannot join an NT4 domain but can join a Samba domain - and they will eventually need some new desktops. So my thoughts have been running along the lines of demoting the NT4 PDC and having a Samba server take over those duties. Problem's are the NT4 PDC is not a supported task, and even if a registry hack can accomplish it (according to an old post by Minasi it should) but the effect on Exchange after this is apparently unknown. Also a test attempt to vampire the PDC did not work due to capitalization problems (if the vampire script did a lower case conversion this might have been a big start). All services except for PDC, WINS and Exchange have been moved from the NT4 box. Outside email is handled by Google Apps. DNS, NTP, file and print services, etc. all handled by Linux servers, firewall is OpenBSD/PF. Also to protect from failure of the old hardware the PDC has been virtrualized and running under VirtualBox where regular snapshots can be taken. The virtualization of the NT4 PDC also provides an opportunity to experiment with copies/snapshots so I hope to tackle this a bit more in depth when time permits. Of course any clues, hints, experience to be shared in this area are very welcome. I will gladly provide anything I find out that may be useful. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Win7pro can't authenticate dcom identity
On Wed, Oct 26, 2011 at 7:25 AM, Chris Perry outtasc...@gmail.com wrote: I have a Samba 3.4.7 PDC set up (Ubuntu 10.10/OpenLDAP) and have configured a Windows 7 Pro 64 bit workstation as a domain member. Logins and shares work without a hitch. I'm running into a problem with ArcGIS 10 Server on Windows using domain accounts for the services. ArcGIS post-install fails because it won't take the username/password combination of the domain account. I initially thought this was an ArcGIS problem, but looking at the Samba logs, I find check_ntlm_password: sam authentication for user [ArcGISSOC] FAILED with error NT_STATUS_WRONG_PASSWORD entries whenever I try to configure the service. Ok, I have fixed this problem on my site by patching Samba 3.4.7 on Ubuntu 10.04 (I incorrectly said 10.10 originally). It isn't clear to me if this is a Samba bug, a Windows bug, or a misconfiguration on either end of my systems, but the following does fix my problem. The issue appears to (my neophyte eyes) to be that login requests that fail ntlmv2 authentication are not falling through gracefully to lm auth. In Samba, the code that determines whether or not to process is an ntlmv2 request checks the length parameter of the nt field in the RPC request. If this field is greater than or equal to 24, it processes as ntlmv2. If it processes the ntlmv2 check and it fails, it returns an NT_STATUS_WRONG_PASSWORD to the client before it ever has a chance to check lm. Now I have played around with these auth settings on my Windows machine endlessly and it does not seem to have an effect on what authentication dcomcnfg uses when setting the identity of a component. My instinct on this issue is that whatever initially processes the rpc request in Samba is creating a zero-filled data element for both methods and setting the length accordingly, regardless of whether the particular method was requested or not (probably to avoid null pointer errors). The ntlmv2 check assumes that the length should be zero for the nt data element if it wasn't requested. My patch additionally checks that the nt response property is not just a zero-filled array before deciding that it is an ntlmv2 request. Again, I can't say that this is the right solution and I'm sure there are some enormous deficits in my understanding of how this is supposed to work, but this patch does work if you are willing to compile yourself. This section of code has been changed quite a bit in Samba 3.5 and up, so it may not be an issue on those new versions, but I can't say for sure. If anyone has any additional insight into this (ie., I have an obvious configuration error, I have misunderstood something, or I have created a gaping security hole with this patch) I would appreciate the feedback. Thanks, - Chris Extract from log files of failing configuration (real data replaced with 01234, ... sequences are directly from log). in.logon.network.nt and in.logon.network.lm properties of netr_LogonSamLogon struct at rpc_server/srv_pipe.c:2327(api_rpcTNP) From request generated when setting Identity property of DCOM object in DComCnfg nt: struct netr_ChallengeResponse length : 0x002c (44) size : 0x002c (44) data : * data : lm: struct netr_ChallengeResponse length : 0x0018 (24) size : 0x0018 (24) data : * data : 01234567890123456789012345678901 From domain login on the same workstation nt: struct netr_ChallengeResponse length : 0x010e (270) size : 0x010e (270) data : * data : 01234567890123456789012345 ... 01234567890123456789012345 lm: struct netr_ChallengeResponse length : 0x0018 (24) size : 0x0018 (24) data : * data : Patch to source3/libsmb/ntlm_check.c that makes this work: --- samba-3.4.7~dfsg/source3/libsmb/ntlm_check.c2011-10-28 11:05:38.0 -0400 +++ samba-3.4.7~dfsg-modified/source3/libsmb/ntlm_check.c 2011-10-28 11:41:12.0 -0400 @@ -28,6 +28,21 @@ / Core of smb password checking routine. / +static bool nt_response_empty(TALLOC_CTX *mem_ctx, + const DATA_BLOB *nt_response) +{ +if(nt_response-length == 0) +return true; + +DATA_BLOB empty_response = data_blob_talloc_zero(mem_ctx, nt_response-length); +if(memcmp(nt_response-data, empty_response.data, nt_response-length)) { +data_blob_free(empty_response); +return false; +} + +data_blob_free(empty_response); +return true; +} static bool smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response, const uchar *part_passwd, @@ -283,7 +298,7 @@
Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbac ked PDC and MS Exchange 5.5 still
I have a client in a similar situation. NT4 PDC w/Exchange 5.5 and Samba member servers. Main problem is that they're running an old custom Outlook/Exchange workflow app which locks them in until it can be replaced. Similar situation - though we've been able to replicate it fairly easily in google apps. As you're aware newer then XP cannot join an NT4 domain but can join a Samba domain - and they will eventually need some new desktops. So my thoughts have been running along the lines of demoting the NT4 PDC and having a Samba server take over those duties. Problem's are the NT4 PDC is not a supported task, and even if a registry hack can accomplish it (according to an old post by Minasi it should) but the effect on Exchange after this is apparently unknown. Also a test attempt to vampire the PDC did not work due to capitalization problems (if the vampire script did a lower case conversion this might have been a big start). I did consider this, though the issue is what do I do with the existing NT4 PDC - I can demote this to BDC but from the samba docs samba PDC and Windows BDC is not supported. And I don't think it can demote the PDC to server role. I'm also trying to be very careful not to make substantial changes to the exchange host - I need that working for a short while longer. Thanks Derek -Original Message- From: Chris Smith [mailto:smb...@chrissmith.org] Sent: Friday, October 28, 2011 12:07 PM To: Derek Werthmuller Cc: samba@lists.samba.org Subject: Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbacked PDC and MS Exchange 5.5 still On Fri, Oct 28, 2011 at 10:34 AM, Derek Werthmuller dwert...@ctg.albany.edu wrote: Looking to make some changes to an old but working LAN, that has about 10 samba servers serving printers and network shares and a NT 4 PDC server with Exchange 5.5 on it. The samba servers are members of the nt4 domain, XP systems are members of the nt 4 domain also. I'd like to be able to support windows 7 clients as domain members, right now the clients are all XP. Keeping the exchange is really a stop gap till we can move that function to the cloud. Have others done similar upgrades successfully? Does this sound reasonable? All services except for PDC, WINS and Exchange have been moved from the NT4 box. Outside email is handled by Google Apps. DNS, NTP, file and print services, etc. all handled by Linux servers, firewall is OpenBSD/PF. Also to protect from failure of the old hardware the PDC has been virtrualized and running under VirtualBox where regular snapshots can be taken. The virtualization of the NT4 PDC also provides an opportunity to experiment with copies/snapshots so I hope to tackle this a bit more in depth when time permits. Of course any clues, hints, experience to be shared in this area are very welcome. I will gladly provide anything I find out that may be useful. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbac ked PDC and MS Exchange 5.5 still
Thanks for the advice - Good to know not to go down the trust relationship path. A seperate domain does sound like a good path. Leave the existing nt/exchange setup as just an email platform. Users are likely to need to login again once we move that email/calendar/contacts funtion to the cloud anyway. Gives a nice clean migration path - here is your new win7 pc and your new login for it. Though I've also considered not making the new win7 domain members anyway. They are all going laptops and staff are somewhat mobile to highly mobile. When the domain is not avilable because of poor network link quality or no network at all laptop performance suffers. I know this to be the case with XP, I have no indication that its any different with Win7. Thanks Derek -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Gaiseric Vandal Sent: Friday, October 28, 2011 11:05 AM To: samba@lists.samba.org Subject: Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbacked PDC and MS Exchange 5.5 still If you are getting rid of the exchange server it seems a lot of work to do the trusts thing. Having outlook remember your password isn't a major problem. Except of course then people are pretty likely to have forgotten their e-mail password if they ever use another PC. I have found Samba trusts to be fairly painful. I had a Samba 3.0.x PDC (LDAP backend) which I tried having a trust with a Windows 2003 domain.In order for trusts to work, the Samba machine uses Idmap to create a range of unix uid's and gid's for the trusted Windows users. With Samba 3.0.x, these idmap entries were created but would stop working after the cache period expired.I don't know why. When I moved to Samba 3.4.x, the expiration issue went away but then idmap entries were not automatically. We didn't have many people in the Windows 2003 domain so I can manually create idmap entries as needed. My gut feeling is that any changes you make to support Windows 7 machines will break compatibility with legacy machines (e.g. NT4) or the domain trusts- altho installing the latest NT4 SP pack (6a?) may help. Could you make migrate the PDC role from your NT server to a samba 3.4.x or 3.5.x server? I don't think Exchange 5.5 has to be on the domain controller. At my work we have a Samba domain for most of the users and computers. We also have a separate untrusted Win 2008 domain just to support our Exchange 2007 server.It would be nice if we could consolidate to a single domain (or at least a single Active Directory tree) but for the moment people have to maintain separate e-mail accounts. FYI- I had a look at the latest version of Zimbra- it looks like a pretty nice product for a small business, if you decide not to go with the hosting route.I do like Exchange 2007 but it can be a big challenge to set up and maintain, and you really have to have a background with Active Directory and Exchange.Not what I would use for a really small site. On 10/28/2011 10:34 AM, Derek Werthmuller wrote: Looking to make some changes to an old but working LAN, that has about 10 samba servers serving printers and network shares and a NT 4 PDC server with Exchange 5.5 on it. The samba servers are members of the nt4 domain, XP systems are members of the nt 4 domain also. Samba servers are ldapbacked. We use the ldap component directly to login to the Linux servers. I'd like to be able to support windows 7 clients as domain members, right now the clients are all XP. The plan I'm considering is building a new domain with the latest version of samba 3.x stable series for my RHEL6 servers, join my new windows clients to that domain and create a trust relationship to the NT 4 domain. The existing samba servers can be joined to the new domain so that only the email server will be in the old domain. The idea behind the trust relationship is so that entering email for my users can be just a click and won't have to login again. We'd want to keep the ldap backend capability too. Keeping the exchange is really a stop gap till we can move that function to the cloud. Have others done similar upgrades successfully? Does this sound reasonable? Is the trust relationship overkill and likely to cause problems? (tell users to cache the outlook login and be done) Thanks Derek Derek Werthmuller Director of Technology Innovation and Services Center for Technology in Government 518.442.3892 www.ctg.albany.eduwww.ctg.albany.edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbac ked PDC and MS Exchange 5.5 still
On Fri, Oct 28, 2011 at 1:51 PM, Derek Werthmuller dwert...@ctg.albany.edu wrote: I did consider this, though the issue is what do I do with the existing NT4 PDC - I can demote this to BDC but from the samba docs samba PDC and Windows BDC is not supported. And I don't think it can demote the PDC to server role. There is no supported NT4 PDC demotion scenario. But via registry hack I think you can demote to server and then become a member server. And Exchange 5.5 can run on member server. I'm also trying to be very careful not to make substantial changes to the exchange host - I need that working for a short while longer. That's one reason for dealing with the VM's. I'll be able to test these changes in a separate virtual environment. Just would be nice to know if anyone has actually done this and, if doable, what the caveats and gotchas were. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbac ked PDC and MS Exchange 5.5 still
Am 28.10.2011 20:00, schrieb Chris Smith: On Fri, Oct 28, 2011 at 1:51 PM, Derek Werthmuller dwert...@ctg.albany.edu wrote: I did consider this, though the issue is what do I do with the existing NT4 PDC - I can demote this to BDC but from the samba docs samba PDC and Windows BDC is not supported. And I don't think it can demote the PDC to server role. There is no supported NT4 PDC demotion scenario. But via registry hack I think you can demote to server and then become a member server. And Exchange 5.5 can run on member server. for info long time ago i tested exchange 5.5 / win2000 server working with a samba pdc controller it worked like charme, but thats years ago these days you shouldnt use such setups, there are a lot of other solutions, based on open source or ms solutions exchange 5.5 is too much outdated I'm also trying to be very careful not to make substantial changes to the exchange host - I need that working for a short while longer. That's one reason for dealing with the VM's. I'll be able to test these changes in a separate virtual environment. Just would be nice to know if anyone has actually done this and, if doable, what the caveats and gotchas were. -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba server slow down after serving more than casual data
Hello, I am currently running Fedora 15 on an x86_64 system that acts as a whole house server for named, dhcp, nfs, nis, htpp, samba, etc The system is currently running samba-3.5.11-71 with kernel 2.6.40.6-0.fc15.x86_64. The system is fully patched as of today. However, this issue has existed for at least 2 years and I am at a loss to debug it. I have a simple samba configuration for sharing files to a windows VM on another box. Here is the config: [global] workgroup = NERD server string = Samba Server on NERD security = user hosts allow =192.168.1. log file = /var/log/samba/%m.log max log size = 50 passdb backend = smbpasswd dns proxy = no [homes] comment = Home Directories browseable = no writable = yes This seems to work well for extended periods of time without issues until I transfer more than normal (for me) amounts of data like DVD ISOs or importing a music collection into itunes. The direction of the data flow doesn't seem to matter. Once a large amount of data has been transferred, then all remote access becomes painfully slow. NFS access to the unix clients, samba access, even ssh'ing into the server becomes painfully slow. Memory utilization and cpu utilization are low. Restarting the samba server does not clear the issue. Only rebooting the server clears up the issue. I don't see any interesting messages in the log files It seems like the use of samba triggers something on the server that brings it to a crawl and affects everything. I can copy data back and forth using NFS for hours and never see the issue unless I use samba. Any suggestions or help in debugging this issue? Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6c07505 s4:librpc/dcerpc_smb2: fix smb2_write_callback() via 926b339 s4:librpc/dcerpc_smb: fix smb_write_callback() from ac79427 s4:torture:smb2: avoid leaking tree connects up to the main function from the durable_open test http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6c07505b15e3822cf5fe09b0e32794b6abecbeeb Author: Stefan Metzmacher me...@samba.org Date: Thu Oct 27 22:55:17 2011 +0200 s4:librpc/dcerpc_smb2: fix smb2_write_callback() The should use smb2_write_recv() to get the result. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Fri Oct 28 09:55:48 CEST 2011 on sn-devel-104 commit 926b3394b653a9bef561fea9c89a18a1850df6f9 Author: Stefan Metzmacher me...@samba.org Date: Thu Oct 27 22:55:17 2011 +0200 s4:librpc/dcerpc_smb: fix smb_write_callback() The should use smb_raw_write_recv() to get the result. metze --- Summary of changes: source4/librpc/rpc/dcerpc_smb.c | 15 ++- source4/librpc/rpc/dcerpc_smb2.c | 14 +- 2 files changed, 19 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/librpc/rpc/dcerpc_smb.c b/source4/librpc/rpc/dcerpc_smb.c index c231295..bdba217 100644 --- a/source4/librpc/rpc/dcerpc_smb.c +++ b/source4/librpc/rpc/dcerpc_smb.c @@ -308,13 +308,18 @@ static NTSTATUS smb_send_trans_request(struct dcecli_connection *c, DATA_BLOB *b static void smb_write_callback(struct smbcli_request *req) { struct dcecli_connection *c = (struct dcecli_connection *)req-async.private_data; + union smb_write io; + NTSTATUS status; - if (!NT_STATUS_IS_OK(req-status)) { - DEBUG(0,(dcerpc_smb: write callback error\n)); - pipe_dead(c, req-status); - } + ZERO_STRUCT(io); + io.generic.level = RAW_WRITE_WRITEX; - smbcli_request_destroy(req); + status = smb_raw_write_recv(req, io); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,(dcerpc_smb: write callback error: %s\n, + nt_errstr(status))); + pipe_dead(c, status); + } } /* diff --git a/source4/librpc/rpc/dcerpc_smb2.c b/source4/librpc/rpc/dcerpc_smb2.c index 75fb423..0de8935 100644 --- a/source4/librpc/rpc/dcerpc_smb2.c +++ b/source4/librpc/rpc/dcerpc_smb2.c @@ -284,13 +284,17 @@ static NTSTATUS smb2_send_trans_request(struct dcecli_connection *c, DATA_BLOB * static void smb2_write_callback(struct smb2_request *req) { struct dcecli_connection *c = (struct dcecli_connection *)req-async.private_data; + struct smb2_write io; + NTSTATUS status; - if (!NT_STATUS_IS_OK(req-status)) { - DEBUG(0,(dcerpc_smb2: write callback error\n)); - pipe_dead(c, req-status); - } + ZERO_STRUCT(io); - smb2_request_destroy(req); + status = smb2_write_recv(req, io); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,(dcerpc_smb2: write callback error: %s\n, +nt_errstr(status))); + pipe_dead(c, status); + } } /* -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7d7ba3b Add systemd service files. from 6c07505 s4:librpc/dcerpc_smb2: fix smb2_write_callback() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7d7ba3ba40895090d9bd791f210f89c5d5d2582e Author: Andreas Schneider a...@samba.org Date: Thu Oct 27 17:11:19 2011 +0200 Add systemd service files. Autobuild-User: Andreas Schneider a...@cryptomilk.org Autobuild-Date: Fri Oct 28 11:34:27 CEST 2011 on sn-devel-104 --- Summary of changes: packaging/systemd/nmb.service | 12 .../{RHEL-CTDB/setup = systemd}/samba.sysconfig |0 packaging/systemd/smb.service | 13 + packaging/systemd/winbind.service | 13 + 4 files changed, 38 insertions(+), 0 deletions(-) create mode 100644 packaging/systemd/nmb.service copy packaging/{RHEL-CTDB/setup = systemd}/samba.sysconfig (100%) create mode 100644 packaging/systemd/smb.service create mode 100644 packaging/systemd/winbind.service Changeset truncated at 500 lines: diff --git a/packaging/systemd/nmb.service b/packaging/systemd/nmb.service new file mode 100644 index 000..a2ecd22 --- /dev/null +++ b/packaging/systemd/nmb.service @@ -0,0 +1,12 @@ +[Unit] +Description=Samba NMB Daemon +After=syslog.target network.target + +[Service] +Type=forking +PIDFile=/run/nmbd.pid +EnvironmentFile=-/etc/sysconfig/samba +ExecStart=/usr/sbin/nmbd $NMBDOPTIONS + +[Install] +WantedBy=multi-user.target diff --git a/packaging/RHEL-CTDB/setup/samba.sysconfig b/packaging/systemd/samba.sysconfig similarity index 100% copy from packaging/RHEL-CTDB/setup/samba.sysconfig copy to packaging/systemd/samba.sysconfig diff --git a/packaging/systemd/smb.service b/packaging/systemd/smb.service new file mode 100644 index 000..7d765db --- /dev/null +++ b/packaging/systemd/smb.service @@ -0,0 +1,13 @@ +[Unit] +Description=Samba SMB Daemon +After=syslog.target network.target + +[Service] +Type=forking +PIDFile=/run/smbd.pid +LimitNOFILE=16384 +EnvironmentFile=-/etc/sysconfig/samba +ExecStart=/usr/sbin/smbd $SMBDOPTIONS + +[Install] +WantedBy=multi-user.target diff --git a/packaging/systemd/winbind.service b/packaging/systemd/winbind.service new file mode 100644 index 000..91f9112 --- /dev/null +++ b/packaging/systemd/winbind.service @@ -0,0 +1,13 @@ +[Unit] +Description=Samba Winbind Daemon +Requires=smb.service nmb.service +After=syslog.target network.target smb.service nmb.service + +[Service] +Type=forking +PIDFile=/run/winbindd.pid +EnvironmentFile=-/etc/sysconfig/samba +ExecStart=/usr/sbin/winbindd $WINBINDOPTIONS + +[Install] +WantedBy=multi-user.target -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2330e52 s3-passdb: use tevent_context in passdb. via 0b6ced6 s3-smbldap: use tevent_context in smbldap. from 7d7ba3b Add systemd service files. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2330e52cacef0f1cf0e766cd25d23715be5102ef Author: Günther Deschner g...@samba.org Date: Thu Oct 27 16:28:27 2011 +0200 s3-passdb: use tevent_context in passdb. Guenther Autobuild-User: Günther Deschner g...@samba.org Autobuild-Date: Fri Oct 28 13:09:47 CEST 2011 on sn-devel-104 commit 0b6ced62096cf31142b329056c0d0066d04b344c Author: Günther Deschner g...@samba.org Date: Thu Oct 27 16:19:07 2011 +0200 s3-smbldap: use tevent_context in smbldap. Guenther --- Summary of changes: source3/include/passdb.h |5 +++-- source3/include/smbldap.h |6 +++--- source3/lib/smbldap.c | 19 ++- source3/passdb/pdb_interface.c | 10 +- source3/passdb/pdb_ldap.c |2 +- 5 files changed, 22 insertions(+), 20 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/passdb.h b/source3/include/passdb.h index 70b21c9..37d35cf 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -32,6 +32,7 @@ #endif #include ../librpc/gen_ndr/lsa.h +#include tevent.h /* group mapping headers */ @@ -801,7 +802,7 @@ bool pdb_element_is_set_or_changed(const struct samu *sampass, NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function init) ; struct pdb_init_function_entry *pdb_find_backend_entry(const char *name); const struct pdb_init_function_entry *pdb_get_backends(void); -struct event_context *pdb_get_event_context(void); +struct tevent_context *pdb_get_tevent_context(void); NTSTATUS make_pdb_method_name(struct pdb_methods **methods, const char *selected); struct pdb_domain_info *pdb_get_domain_info(TALLOC_CTX *mem_ctx); bool pdb_getsampwnam(struct samu *sam_acct, const char *username) ; @@ -872,7 +873,7 @@ bool pdb_sid_to_id(const struct dom_sid *sid, uid_t *uid, gid_t *gid, enum lsa_SidType *type); uint32_t pdb_capabilities(void); bool pdb_new_rid(uint32_t *rid); -bool initialize_password_db(bool reload, struct event_context *event_ctx); +bool initialize_password_db(bool reload, struct tevent_context *tevent_ctx); struct pdb_search *pdb_search_init(TALLOC_CTX *mem_ctx, enum pdb_search_type type); struct pdb_search *pdb_search_users(TALLOC_CTX *mem_ctx, uint32_t acct_flags); diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index cce3e1e..9a81c30 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -131,7 +131,7 @@ extern ATTRIB_MAP_ENTRY trustpw_attr_list[]; have to worry about LDAP structure types */ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, - struct event_context *event_ctx, + struct tevent_context *tevent_ctx, const char *location, struct smbldap_state **smbldap_state); @@ -174,7 +174,7 @@ struct smbldap_state { unsigned int num_failures; time_t last_use; /* monotonic */ - struct event_context *event_context; + struct tevent_context *tevent_context; struct timed_event *idle_event; struct timeval last_rebind; /* monotonic */ @@ -239,7 +239,7 @@ int smbldap_search_suffix (struct smbldap_state *ldap_state, const char *filter, const char **search_attr, LDAPMessage ** result); void smbldap_free_struct(struct smbldap_state **ldap_state) ; -NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, struct event_context *event_ctx, +NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, struct tevent_context *tevent_ctx, const char *location, struct smbldap_state **smbldap_state); bool smbldap_has_control(LDAP *ld, const char *control); diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index b333f30..bb98d44 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -26,6 +26,7 @@ #include smbldap.h #include secrets.h #include ../libcli/security/security.h +#include tevent.h /* Try not to hit the up or down server forever */ @@ -1249,7 +1250,7 @@ done: return rc; } -static void smbldap_idle_fn(struct event_context *event_ctx, +static void smbldap_idle_fn(struct tevent_context *tevent_ctx, struct timed_event *te, struct timeval now_abs, void *private_data); @@ -1310,9 +1311,9 @@ static int smbldap_open(struct smbldap_state *ldap_state) TALLOC_FREE(ldap_state-idle_event); - if (ldap_state-event_context != NULL) { -
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1e2f15f lib/util Add ABI to the samba-module library via 7f8f715 lib/util Rename samba_modules_load - samba_module_init_fns_for_subsystem via b256799 lib/util Rename samba_init_module - samba_module_init via 0ce09fc lib/util Rename samba_init_module_fns_run - samba_module_init_fns_run via 1b7cc4a lib/util Rename samba_init_module_fn - samba_module_init_fn via 87354c9 lib/util Split samba-modules library into public and private parts via b7b798e lib/util Rename load_samba_modules - samba_modules_load via ce0ccc2 lib/util Rename run_init_functions - samba_init_module_fns_run via 1935b7b lib/util Rename init_module_fn to samba_init_module_fn via 7cf00e3 gensec: Add parinoia about integer wrapping via 1bc787d s3-selftest Add all the LOCAL-* smbtorture tests to make test via 289b03d s3-build: Remove libbigballofmud.so via f28fda7 s3-torture Remove t_stringoverflow as fstrcpy now uses strlcpy via 9fe8c3d s3-selftest: Add LOCAL-sprintf_append via f31fd31 s3-torture run t_strappend tests as LOCAL-sprintf_append via 4cc0552 s3-torture Run t_strappend test for less time via de148f7 s3-torture Fix t_strappend test via 659ec79 selftest: Have only one set of selftest knownfail and skip files via 8dcfe2e selftest: Remove --target option and the ability to run 'samba4 only' tests via f54dcc8 s3-torture remove unused t_push_ucs2.c t_strcmp.c t_strstr.c via 961952e s3-torture remove unused t_asn1.c via 3167b95 examples: rework wscript to use a loop from 2330e52 s3-passdb: use tevent_context in passdb. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1e2f15f773ec97716af7e63562fe142fd619444a Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 25 11:39:47 2011 +1100 lib/util Add ABI to the samba-module library Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Fri Oct 28 14:42:43 CEST 2011 on sn-devel-104 commit 7f8f7159afbd9cfce4181eeb31a5c575c14d5f81 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 25 10:34:13 2011 +1100 lib/util Rename samba_modules_load - samba_module_init_fns_for_subsystem This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett commit b256799eaf829fcb7d6e1d88de4478f77df8ff73 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 25 10:30:14 2011 +1100 lib/util Rename samba_init_module - samba_module_init This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett commit 0ce09fcf7ae971a2dc4131fd137c925f0b9a57a4 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 25 10:11:06 2011 +1100 lib/util Rename samba_init_module_fns_run - samba_module_init_fns_run This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett commit 1b7cc4ac7c793d4c1829d842c84273ef2d081fdb Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 25 07:43:06 2011 +1100 lib/util Rename samba_init_module_fn - samba_module_init_fn This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett commit 87354c9a6de95d5dcebace77a35fc21a73d599ab Author: Andrew Bartlett abart...@samba.org Date: Mon Oct 24 19:39:53 2011 +1100 lib/util Split samba-modules library into public and private parts This will allow OpenChange to get at the symbols it needs, without exposing any more of this as a public API than we must. Andrew Bartlett commit b7b798e15b7be2d57e20c14cca2f908b301ed894 Author: Andrew Bartlett abart...@samba.org Date: Mon Oct 24 19:07:12 2011 +1100 lib/util Rename load_samba_modules - samba_modules_load This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett commit ce0ccc2a2ea820cd5d30ffd082d898fcb57431e6 Author: Andrew Bartlett abart...@samba.org Date: Mon Oct 24 19:01:16 2011 +1100 lib/util Rename run_init_functions - samba_init_module_fns_run This is to provide a cleaner namespace in the public samba plugin functions. Andrew Bartlett commit 1935b7b6c223542c1807e275c44e6ba4b2e90b68 Author: Andrew Bartlett abart...@samba.org Date: Mon Oct 24 09:49:26 2011 +1100 lib/util Rename init_module_fn to samba_init_module_fn This prepares for making the samba_module.h header public again, for OpenChange. I am keen to avoid too much API namespace pollution if we can. commit 7cf00e3231da1808a5ad1adf8fbc319846eacabe Author: Andrew Bartlett abart...@samba.org Date: Sat Oct 22 11:48:30 2011 +1100 gensec: Add parinoia about integer wrapping commit
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 151bb29 s3-net: Make sure to always re-use the good dc for the DNS updates as well. from 1e2f15f lib/util Add ABI to the samba-module library http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 151bb290d12f6727fce4b6be29175d5ad5551bef Author: Günther Deschner g...@samba.org Date: Fri Oct 28 12:03:58 2011 +0200 s3-net: Make sure to always re-use the good dc for the DNS updates as well. Guenther Autobuild-User: Günther Deschner g...@samba.org Autobuild-Date: Fri Oct 28 19:13:49 CEST 2011 on sn-devel-104 --- Summary of changes: source3/utils/net_ads.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index c17367a..b614432 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -1466,7 +1466,7 @@ int net_ads_join(struct net_context *c, int argc, const char **argv) /* We enter this block with user creds */ ADS_STRUCT *ads_dns = NULL; - if ( (ads_dns = ads_init( lp_realm(), NULL, NULL )) != NULL ) { + if ( (ads_dns = ads_init( lp_realm(), NULL, r-in.dc_name )) != NULL ) { /* kinit with the machine password */ use_in_memory_ccache(); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f30f71c Fix bug #8548 - winbind_samlogon_retry_loop ignores logon_parameters flags. via 8c6ff21 The xcopy test is used in unusual ways (via a different uid). Ensure we can cope with this. via 3bd6513 Remove the order dependency in parent_override_delete(), just check for not ==. via 80c3aa7 The xcopy test requires dos filemode=yes as it opens with WRITE_OWNER. via 30a5996 Remove the mkdir and open functions from the ACL modules - main code paths now handle this. via 8a65e2c Remove unused struct security_descriptor parameter from check_parent_access() via ea195b6 Finally do all the open checks inside open_file(). Checks inside vfs_acl_common can now be removed. via 8a3070a Simplify smbd_check_open_rights() and move all the special casing inside it. via 18df3ae Move parent_override_delete() to before I need to use it. via 1619de3 Make smbd_check_open_rights() static. from 151bb29 s3-net: Make sure to always re-use the good dc for the DNS updates as well. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f30f71c14a0b89dea296910ac9b92d3ae4016613 Author: Jeremy Allison j...@samba.org Date: Fri Oct 28 12:29:54 2011 -0700 Fix bug #8548 - winbind_samlogon_retry_loop ignores logon_parameters flags. Fix confirmed by reporter. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Fri Oct 28 23:04:47 CEST 2011 on sn-devel-104 commit 8c6ff21782b141571dde64e80cc42540e9177a23 Author: Jeremy Allison j...@samba.org Date: Fri Oct 28 12:15:51 2011 -0700 The xcopy test is used in unusual ways (via a different uid). Ensure we can cope with this. commit 3bd6513884f1f02fe5638a424bcb1948f0921853 Author: Jeremy Allison j...@samba.org Date: Thu Oct 27 16:48:13 2011 -0700 Remove the order dependency in parent_override_delete(), just check for not ==. commit 80c3aa7d2991302a2280dbfe6df14040347fdc52 Author: Jeremy Allison j...@samba.org Date: Thu Oct 27 16:41:18 2011 -0700 The xcopy test requires dos filemode=yes as it opens with WRITE_OWNER. commit 30a599684a0a8c1f9af2d5b8adf8302172b49ae3 Author: Jeremy Allison j...@samba.org Date: Wed Oct 26 16:02:40 2011 -0700 Remove the mkdir and open functions from the ACL modules - main code paths now handle this. commit 8a65e2c747c17be023d8c1285e0c8b2394fd4354 Author: Jeremy Allison j...@samba.org Date: Wed Oct 26 15:30:00 2011 -0700 Remove unused struct security_descriptor parameter from check_parent_access() commit ea195b6cd2152a7f09847dba9c0c2288cc9a862d Author: Jeremy Allison j...@samba.org Date: Wed Oct 26 15:03:28 2011 -0700 Finally do all the open checks inside open_file(). Checks inside vfs_acl_common can now be removed. commit 8a3070a7c9fe3fad35103435c5c74188866057eb Author: Jeremy Allison j...@samba.org Date: Wed Oct 26 14:58:32 2011 -0700 Simplify smbd_check_open_rights() and move all the special casing inside it. commit 18df3aedb9dc0b7af0cc4046efb23026708f5d71 Author: Jeremy Allison j...@samba.org Date: Wed Oct 26 14:47:52 2011 -0700 Move parent_override_delete() to before I need to use it. commit 1619de30805e57adc8bf063a9ccf6f5ba245bc5a Author: Jeremy Allison j...@samba.org Date: Wed Oct 26 14:06:41 2011 -0700 Make smbd_check_open_rights() static. --- Summary of changes: selftest/target/Samba3.pm|6 + selftest/target/Samba4.pm|7 + source3/modules/vfs_acl_common.c | 140 + source3/modules/vfs_acl_tdb.c|2 - source3/modules/vfs_acl_xattr.c |2 - source3/smbd/globals.h |4 - source3/smbd/open.c | 251 +++--- source3/winbindd/winbindd_pam.c |4 +- source4/selftest/tests.py| 18 ++-- 9 files changed, 153 insertions(+), 281 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 2f23ae3..3c0fbe9 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -916,6 +916,7 @@ sub provision($$$) map readonly = no store dos attributes = yes create mask = 755 + dos filemode = yes vfs objects = $vfs_modulesdir_abs/xattr_tdb.so $vfs_modulesdir_abs/streams_depot.so printing = vlp @@ -1002,6 +1003,11 @@ sub provision($$$) copy = print1 [lp] copy = print1 +[xcopy_share] + path = $shrdir + comment = smb username is [%U] + create mask = 777 + force create mode = 777 [print\$] copy = tmp ; diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 6d67229..506bbee 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -751,6 +751,13 @@ sub
Re: [SCM] Samba Shared Repository - branch master updated
On Fri, 2011-10-28 at 11:35 +0200, Andreas Schneider wrote: +Requires=smb.service nmb.service +After=syslog.target network.target smb.service nmb.service This looks wrong, winbind does not require smb or nmb to run, if you have a laptop and do not offer shares you may want to run just winbind and no smb or nmb service. And actually I think you probably want to start winbind before smb *if* you are using winbind on a samba file server. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com