Re: [Samba] Advantages to using CUPS printing on a PDC

[Daniel Müller]

The only advantage I have found ist o set up a central pdf-printer with
cups. So all  pdfs are created in the users /home/pdf.
For all other stuff you will be better with a network printer. 

---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---
-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Michael da Silva Pereira
Gesendet: Freitag, 28. Oktober 2011 07:15
An: samba@lists.samba.org
Betreff: [Samba] Advantages to using CUPS printing on a PDC

Hi,

I'd like to know the advantages out there in the field, using CUPS to print
from the PDC. To me it sounds like just adding another single point of
failure in the network, perhaps I am being blinded by windows printing
issues to see the advantage in running all the prints via a PDC box?

How out there has implemented it and has it helped?

Kind Regards,
Michael da Silva Pereira
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Advantages to using CUPS printing on a PDC

[Miguel Medalha]

I'd like to know the advantages out there in the field, using CUPS to print
from the PDC. To me it sounds like just adding another single point of
failure in the network, perhaps I am being blinded by windows printing
issues to see the advantage in running all the prints via a PDC box?


Centralized management of printers? Print job accounting? Network 
printing to printers without a network interface?

These examples can be important in some environments.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Advantages to using CUPS printing on a PDC

[Nico Kadel-Garcia]

On Fri, Oct 28, 2011 at 5:45 AM, Miguel Medalha miguelmeda...@sapo.pt wrote:

 I'd like to know the advantages out there in the field, using CUPS to
 print
 from the PDC. To me it sounds like just adding another single point of
 failure in the network, perhaps I am being blinded by windows printing
 issues to see the advantage in running all the prints via a PDC box?

 Centralized management of printers? Print job accounting? Network printing
 to printers without a network interface?
 These examples can be important in some environments.

In particular, the ability for an admin to lock the printing to a
single server, or pair of servers, on a dedicated VLAN and provide a
single point of *management* for print queues. There's nothing like
having to find the idiot who's been sending their 300 page print jobs
to the wrong printer, and resent it 10 times because it kept not
coming out, and get the jobs killed from their laptop. And no, they
won't accept the bill for $1/page because it's the color printer: it's
IT's problem to make this not happen, even when it's the same idiot
who won't permit IT to *label the printers visibly* because it
detracts from the ambience of the office used for presentations.

Been there, had some idiot printing dozens of resumes for handing out
to a poster printer. We got suspicious and pulled the plug on the
printer when we heard it churning that long.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] winbind nsswitch resolving names issue

[Alessio Tomelleri - ARPAV Dipartimento di Belluno]

Hi,

I manage have a mixed enviroment, which is composed by a BDC win2k3 plus
fileserver linux Suse with samba ver. 3.0.22-13.16, an old one I know...
:( 

I'm facing an odds behaviour with wbinfo querying by bash console from
my linux desktop (ubuntu 11.04 smb 3.5.8, joined in domain and regularly
I authenticated to). For my purpose I've written this tiny script
idtest.sh :

#!/bin/bash
user=$1

if [ -z $user ]; then
echo Usage :  idtest.sh  username_to_search
exit 1
fi

for gruppo in `id -G $user`; do
if [ $gruppo  -ge 1 ]; then
  sid=`wbinfo -G $gruppo`
  desc=`wbinfo -s $sid`
  echo $gruppo  - $sid - $desc
fi
done

exit 0


Is not clear to me why if I query my user, randomly it doesn't show mine
Domain Local Group, only Global Group... I underline this happen
randomly, it seems to me...

Also, at some point with command id I can see all my group but at same
time wbinfo -r myaccount doesn't show Local Group again...   And I
need be sure to retrive clearly all domain groups, local and global

I tried to give a look (a bit in deep as well), to winbind wbinfo smb...
at these matter, but I'm unable to find a clear response, what am I
missing ?

Finally I would ask some clarification about option compat in
nsswich.conf, 'cause I've not find in doc and man a clear explanation.


Any help would be appreciated, thx in advance...
Alessio.





signature.asc
Description: OpenPGP digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Advantages to using CUPS printing on a PDC

[José Guzmán]

On 10/28/2011 12:15 AM, Michael da Silva Pereira wrote:

Hi,

I'd like to know the advantages out there in the field, using CUPS to print
from the PDC. To me it sounds like just adding another single point of
failure in the network, perhaps I am being blinded by windows printing
issues to see the advantage in running all the prints via a PDC box?

How out there has implemented it and has it helped?

Kind Regards,
Michael da Silva Pereira
I see no advantage to use the PDC as print server, but I guess there are 
many ways to get the same results and it depends on the size/needs of 
your place.


We have a couple of BDCs in every VLAN, one of them serves as a CUPS 
print server to samba on the VLAN and every user in the VLAN has it's 
printers configured. That way, the PDC serves a single purpose (it's 
also our master DNS btw) and it's easy to back-up and restore while 
users can keep working/printing in case something happens to it, 
although in 4 years it has never failed.


Depending on the print volume and burst-rate, you may even do without a 
samba print server, for a small setup, an HP/netgear printserver may 
work. In our case, largish queue handling and print Classes (for added 
redundancy) offer a better advantage over 'hardware' printservers.


Greetings

 José
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbacked PDC and MS Exchange 5.5 still

[Derek Werthmuller]

Looking to make some changes to an old but working LAN, that has about 10
samba servers serving printers and network shares and a NT 4 PDC server with
Exchange 5.5 on it.  The samba servers are members of the nt4 domain, XP
systems are members of the nt 4 domain also.  Samba servers are ldapbacked.
We use the ldap component directly to login to the Linux servers.

I'd like to be able to support windows 7 clients as domain members, right
now the clients are all XP.  The plan I'm considering is building a new
domain with the latest version of samba 3.x stable series for my RHEL6
servers, join my new windows clients to that domain and create a trust
relationship to the NT 4 domain.  The existing samba servers can be joined
to the new domain so that only the email server will be in the old domain.
The idea behind the trust
relationship is so that entering email for my users can be just a click and
won't have to login again.  We'd want to keep the ldap backend capability
too.

Keeping the exchange is really a stop gap till we can move that function to
the cloud.

Have others done similar upgrades successfully?  Does this sound reasonable?

Is the trust relationship overkill and likely to cause problems? (tell users
to cache the outlook login and be done)

Thanks
Derek

Derek Werthmuller
Director of Technology Innovation and Services
Center for Technology in Government
518.442.3892
www.ctg.albany.edu www.ctg.albany.edu 







-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbacked PDC and MS Exchange 5.5 still

[Gaiseric Vandal]

If you are getting rid of the exchange server it seems a lot of work to 
do the trusts thing.  Having outlook remember your password isn't a 
major problem.  Except of course then people are pretty likely to have 
forgotten  their e-mail password if they ever use another PC.



I have found Samba trusts to be fairly painful.  I had a Samba 3.0.x PDC 
(LDAP backend) which I tried having a trust with a Windows 2003 
domain.In order for trusts to work, the Samba machine uses Idmap to 
create a range of unix uid's and gid's for the trusted Windows users.
With Samba 3.0.x, these idmap entries were created but would stop 
working after the cache period expired.I don't know why.  When I 
moved to Samba 3.4.x, the expiration issue went away but then idmap 
entries were not automatically.   We didn't have many people in the 
Windows 2003 domain so I can manually create idmap entries as needed.


My gut feeling is that any changes you make to support Windows 7 
machines will break compatibility with legacy machines  (e.g. NT4) or 
the domain trusts-  altho installing the latest NT4 SP pack (6a?) may help.


Could you make migrate the PDC role from your NT server to a samba 3.4.x 
or 3.5.x server?   I don't think Exchange 5.5 has to be on the domain 
controller.


At my work we have a Samba domain for most of the users and computers.  
We also have a separate untrusted  Win 2008 domain just to support our 
Exchange 2007 server.It would be nice if we could consolidate to a 
single domain (or at least a single Active Directory tree) but for the 
moment people have to maintain separate e-mail accounts.


FYI-  I had a look at the latest version of Zimbra- it looks like a 
pretty nice product for a small business, if you decide not to go with 
the hosting route.I do like Exchange 2007 but it can be a big 
challenge to set up and maintain, and you really have to have a 
background with Active Directory and Exchange.Not what I would use 
for a really small site.






On 10/28/2011 10:34 AM, Derek Werthmuller wrote:

Looking to make some changes to an old but working LAN, that has about 10
samba servers serving printers and network shares and a NT 4 PDC server with
Exchange 5.5 on it.  The samba servers are members of the nt4 domain, XP
systems are members of the nt 4 domain also.  Samba servers are ldapbacked.
We use the ldap component directly to login to the Linux servers.

I'd like to be able to support windows 7 clients as domain members, right
now the clients are all XP.  The plan I'm considering is building a new
domain with the latest version of samba 3.x stable series for my RHEL6
servers, join my new windows clients to that domain and create a trust
relationship to the NT 4 domain.  The existing samba servers can be joined
to the new domain so that only the email server will be in the old domain.
The idea behind the trust
relationship is so that entering email for my users can be just a click and
won't have to login again.  We'd want to keep the ldap backend capability
too.

Keeping the exchange is really a stop gap till we can move that function to
the cloud.

Have others done similar upgrades successfully?  Does this sound reasonable?

Is the trust relationship overkill and likely to cause problems? (tell users
to cache the outlook login and be done)

Thanks
Derek

Derek Werthmuller
Director of Technology Innovation and Services
Center for Technology in Government
518.442.3892
www.ctg.albany.eduwww.ctg.albany.edu









--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Strange Performance Issue / concurrent clients - very very slow

[Götz Reinicke]

Hi,

recently I installed a new GBit connected iSCSI Storage to one of our
fileservers. Redhat EL Linux 5.7 samba3x-3.5.4-0.83.el5, kernel
2.6.18-238.19.1.el5PAE, Dell Poweredge 1750, dual Xeon.

The transfer speed is very very different, depending on the method I
use. Currently I'm the only user accessing that server and there is low
network traffic.

I know, that there are some overheads etc. which influence the speed.

My Test Client is a Macbook pro  and a Mac Pro (OS X 10.6.x each,
connected by GBit wired lan)

I copy a couple of 30 MB files and in an other test files of 1GB.

Transferspeed for ftp is about 85 MB/s, scp about 25 MB/s, samba 30 MB/s.

So the 'raw' speed is o.k. for me, more that 30 MB would be nice.

BUT the most confusing thing is, as soon as I copy files from two
clients at the same time to my samba share, the performance drops to 5
MB/s for each client. So 10 MB/s.

Transferring from two ftp clients is about 40 MB/s per client.

Currently I use 'socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192 IPTOS_LOWDELAY'

Dose anybody has an explanation for such a poor performance? Any tunig
tips or hints? Everything is welcome.

Thanks and best regards. Götz

-- 
Götz Reinicke
IT-Koordinator

Tel. +49 7141 969 420
Fax  +49 7141 969 55 420
E-Mail goetz.reini...@filmakademie.de

Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016

Vorsitzender des Aufsichtsrats:
Jürgen Walter MdL
Staatssekretär im Ministerium für Wissenschaft,
Forschung und Kunst Baden-Württemberg

Geschäftsführer:
Prof. Thomas Schadt

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Strange Performance Issue / concurrent clients - very very slow

[José Guzmán]

 Is the new GBit iSCSI storage connected on the same collision domain 
as the other machines?


 If so, you may be hitting the limit of the switch. Try separating 
iSCSI from the rest of the network with another switch, or at least a 
separate VLAN.


Greetings

 José

On 10/28/2011 10:04 AM, Götz Reinicke wrote:

Hi,

recently I installed a new GBit connected iSCSI Storage to one of our
fileservers. Redhat EL Linux 5.7 samba3x-3.5.4-0.83.el5, kernel
2.6.18-238.19.1.el5PAE, Dell Poweredge 1750, dual Xeon.

The transfer speed is very very different, depending on the method I
use. Currently I'm the only user accessing that server and there is low
network traffic.

I know, that there are some overheads etc. which influence the speed.

My Test Client is a Macbook pro  and a Mac Pro (OS X 10.6.x each,
connected by GBit wired lan)

I copy a couple of 30 MB files and in an other test files of 1GB.

Transferspeed for ftp is about 85 MB/s, scp about 25 MB/s, samba 30 MB/s.

So the 'raw' speed is o.k. for me, more that 30 MB would be nice.

BUT the most confusing thing is, as soon as I copy files from two
clients at the same time to my samba share, the performance drops to 5
MB/s for each client. So 10 MB/s.

Transferring from two ftp clients is about 40 MB/s per client.

Currently I use 'socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192 IPTOS_LOWDELAY'

Dose anybody has an explanation for such a poor performance? Any tunig
tips or hints? Everything is welcome.

Thanks and best regards. Götz





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Mac OS X / MS Office save issues and possible .TemporaryItems fix

[Nathan A Friedl]

I just wanted to follow up and let the list know that pre-creating the 
.TemporaryItems folder on our shares and forcing rwx acls for all users appears 
to have fixed these issues for us and we're considering this issue closed.

Best,
Nathan Friedl

  On Sat, 2011-10-15 at 15:53 +, Nathan A Friedl wrote:
   We have an issue where Macs that try to save MS Office files on our
   3.5.11
  samba servers occasionally get error messages such as There has been
  a network or file permission error.  The network connection may be lost.”
  When this happens, the user often has to save the file to their local
  drive and then copy it over to the network share.
  
   After doing some research, we suspect the issue may be related to
   the
  .TemporaryItems folder that MS Office creates on any drive that it
  opens a file on (described here:
  http://prowiki.isc.upenn.edu/wiki/MS_Office_and_Network_Volumes ).
  MS Office apparently continually modifies the permissions on this
  folder and can occasionally prevent a user from opening a file due to
  wonky permissions.  Yesterday we created a .TemporaryItems folder for
  every share and set the default acl to be rwx for all, as there's no
  way that Office should be able to change that.  We're hoping that will
  solve the problem, but we've been unable to replicate these problems
  ourselves so we're just waiting to see if the errors appear again.
  
   Are we on the right track here, or do you suspect something else may
   be
  going on?  Do you have any suggestions for other things to try?
  
   Additionally, we've been having a hard time determining a good
   logging
  level.  When we up the logging, the Macs can rotate the logs quite
  quickly as they touch every file in a folder whenever the folder is
  opened.  What would your suggestion be for a proper logging level to
 monitor these issues?
  
   Thanks for your time,
  
  gosh that's a real old problem and the solution is painful. You should
  be able to google the issue/resolution.
 
  The issue is that one each local Macintosh, the first user created is
  uid #500 and the next is #501, etc.
 
  On probably about 70% of the Mac's, the primary user is the only user
  and he is uid 500. Likewise, other users simultaneously open files on
  the server with the same uid # and Microsoft Office just plays havoc
  (I wonder if they fixed this problem with Office 2008?)
 
  Anyway, the only way to permanently fix this problem is to have unique
  UID's assigned to each user on each Macintosh (at one location, I used
  LDAP for authenticating users on each Mac).
 
  The user can also 'copy' existing files from the server to their
  desktop, make their changes and then move it back to the server when
  they are finished (ugh).
 
  Otherwise, you can use Libre Office which doesn't suffer from the same
  issues  ;-)
 
  Craig
 
 Thanks for the advice Craig.  I should have mentioned that we're in the
 process of binding our Macs to our Active Directory domain.  We've got
 Services for UNIX installed on the domain servers and have verified that they
 have the correct domain uids when logged into their Macs.  Oddly enough,
 some domain users have still had these Office problems on their home
 shares (which only they have access to).  In addition, some of the complaints
 have come from Office 2011 users, so it doesn't appear that Microsoft has
 changed anything.
 
 We are hopeful that forcing the rwx acls for all users on the .TemporaryItems
 folder has resolved this (we've had no reports of these problems since
 before we made the change on Friday), but I wanted to check and see if
 anyone has any other ideas for things we could be looking at here...and
 suggestions for the proper logging level to help monitor this issue.
 
 Best,
 Nate
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Strange Performance Issue / concurrent clients - very very slow

[Götz Reinicke]

Hi José,

no, the iSCSI Storag is on a separate collision domain. The file Server
has two NICs.

And from the test speed you can see, that I can get about 90 MB/s form
my client to ths storage through the server:

Mac ---gbitlan--- switch ---gbitlan--- fileserver ---gbitlan--- iSCSI

cheers . Götz

Am 28.10.11 17:24, schrieb José Guzmán:
 
  Is the new GBit iSCSI storage connected on the same collision domain as
 the other machines?
 
  If so, you may be hitting the limit of the switch. Try separating iSCSI
 from the rest of the network with another switch, or at least a separate
 VLAN.
 
 Greetings
 
  José
 
 On 10/28/2011 10:04 AM, Götz Reinicke wrote:
 Hi,

 recently I installed a new GBit connected iSCSI Storage to one of our
 fileservers. Redhat EL Linux 5.7 samba3x-3.5.4-0.83.el5, kernel
 2.6.18-238.19.1.el5PAE, Dell Poweredge 1750, dual Xeon.

 The transfer speed is very very different, depending on the method I
 use. Currently I'm the only user accessing that server and there is low
 network traffic.

 I know, that there are some overheads etc. which influence the speed.

 My Test Client is a Macbook pro  and a Mac Pro (OS X 10.6.x each,
 connected by GBit wired lan)

 I copy a couple of 30 MB files and in an other test files of 1GB.

 Transferspeed for ftp is about 85 MB/s, scp about 25 MB/s, samba 30 MB/s.

 So the 'raw' speed is o.k. for me, more that 30 MB would be nice.

 BUT the most confusing thing is, as soon as I copy files from two
 clients at the same time to my samba share, the performance drops to 5
 MB/s for each client. So 10 MB/s.

 Transferring from two ftp clients is about 40 MB/s per client.

 Currently I use 'socket options = TCP_NODELAY SO_RCVBUF=8192
 SO_SNDBUF=8192 IPTOS_LOWDELAY'

 Dose anybody has an explanation for such a poor performance? Any tunig
 tips or hints? Everything is welcome.

 Thanks and best regards. Götz



 


-- 
Götz Reinicke
IT-Koordinator

Tel. +49 7141 969 420
Fax  +49 7141 969 55 420
E-Mail goetz.reini...@filmakademie.de

Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016

Vorsitzender des Aufsichtsrats:
Jürgen Walter MdL
Staatssekretär im Ministerium für Wissenschaft,
Forschung und Kunst Baden-Württemberg

Geschäftsführer:
Prof. Thomas Schadt

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Linux Samba Server: empty shares on (Mac) clients [solved]

[Ray]

Hi,

after not hearing anything about this issue, I found the problem 
myself: It is not related to samba, but rather to the AppArmor-Profile 
for Samba which comes with openSuSE 11.4. The profile, located in 
/etc/apparmor.d/usr/sbin/smbd only permits access to the home 
directories on the box, that's why Samba would list the contents of 
those and not list the contents of any other shares. Adding directory 
entries defined in other Samba share to /etc/apparmor.d/usr/sbin/smbd 
solves the problem instantly.


For testing one may simply switch off AppArmor altogether (rcapparmor 
stop as root). This will directly make any self-defined Samba shares 
fully functional.



Cheers,
Ray

Am 13.09.2011 16:18, schrieb Ray:

Hi,

I run a Samba Server on openSuSE 11.4 with LDAP Authentication
Backend. appears to work fine. However, only some shares work on my
Mac client boxes: for instance, i can browse my home directory on the
Linux box (/home/ray), whereas other shares are simply empty (r01
below) on the mac (but they are shown as connected).

[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[r01]
comment = r01
path = /local/r01
valid users = ray
browseable = Yes
read only = Yes
inherit acls = Yes

I get errors like the one below when accessing the shares:


[2011/09/13 12:05:55.141244,  0] smbd/dir.c:304(dptr_close)
  Invalid key 0 given to dptr_close


I could not find anything useful googling for this.

Can anyone help me out here?

Cheers,
Ray


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Strange Performance Issue / concurrent clients - very very slow

[Jeremy Allison]

On Fri, Oct 28, 2011 at 05:04:37PM +0200, Götz Reinicke wrote:
 
 Currently I use 'socket options = TCP_NODELAY SO_RCVBUF=8192
 SO_SNDBUF=8192 IPTOS_LOWDELAY'

Remove this line. Setting socket options on a modern Linux
kernel is like shaking a chicken at the machine (or SCSI
termination magic). Let the kernel self-tune these variables
and you'll be much happier.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Resolution for slow samba speeds on our 10.6 Macs

[Nathan A Friedl]

We recently resolved an issue with a few 10.6 Macs in our environment that were 
experiencing very slow network speeds (a few KB/s) when browsing or opening 
files on our samba servers, and I just wanted to share our solution in case 
anyone else sees this problem.

We had to create sysctl.conf and nsmb.conf files and place them in /etc on the 
client Macs.  After a reboot, the speeds were back to what we expected from our 
network.  Macwindows.com has more information on this fix:  
http://www.macwindows.com/snowleopard-filesharing.html#091709k

I've included the contents of these conf files below:

Nsmb.conf
--
[default]
streams=no
soft=yes
domain=XXX
notify_off=yes
port445=no_netbios
--

Sysctl.conf
--
net.inet.tcp.delayed_ack=0
--


Nathan Friedl
Systems Analyst/Programmer - Weinberg IT
n...@northwestern.edumailto:n...@northwestern.edu
847-467-6845

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbacked PDC and MS Exchange 5.5 still

[Chris Smith]

On Fri, Oct 28, 2011 at 10:34 AM, Derek Werthmuller
dwert...@ctg.albany.edu wrote:
 Looking to make some changes to an old but working LAN, that has about 10
 samba servers serving printers and network shares and a NT 4 PDC server with
 Exchange 5.5 on it.  The samba servers are members of the nt4 domain, XP
 systems are members of the nt 4 domain also.

 I'd like to be able to support windows 7 clients as domain members, right
 now the clients are all XP.

 Keeping the exchange is really a stop gap till we can move that function to
 the cloud.

 Have others done similar upgrades successfully?  Does this sound reasonable?

I have a client in a similar situation. NT4 PDC w/Exchange 5.5 and
Samba member servers. Main problem is that they're running an old
custom Outlook/Exchange workflow app which locks them in until it can
be replaced.

As you're aware newer then XP cannot join an NT4 domain but can join a
Samba domain - and they will eventually need some new desktops. So my
thoughts have been running along the lines of demoting the NT4 PDC and
having a Samba server take over those duties. Problem's are the NT4
PDC is not a supported task, and even if a registry hack can
accomplish it (according to an old post by Minasi it should) but the
effect on Exchange after this is apparently unknown. Also a test
attempt to vampire the PDC did not work due to capitalization problems
(if the vampire script did a lower case conversion this might have
been a big start).

All services except for PDC, WINS and Exchange have been moved from
the NT4 box. Outside email is handled by Google Apps. DNS, NTP, file
and print services, etc. all handled by Linux servers, firewall is
OpenBSD/PF. Also to protect from failure of the old hardware the PDC
has been virtrualized and running under VirtualBox where regular
snapshots can be taken.

The virtualization of the NT4 PDC also provides an opportunity to
experiment with copies/snapshots so I hope to tackle this a bit more
in depth when time permits. Of course any clues, hints, experience to
be shared in this area are very welcome. I will gladly provide
anything I find out that may be useful.

Chris
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Win7pro can't authenticate dcom identity

[Chris Perry]

On Wed, Oct 26, 2011 at 7:25 AM, Chris Perry outtasc...@gmail.com wrote:

 I have a Samba 3.4.7 PDC set up (Ubuntu 10.10/OpenLDAP) and have configured
 a Windows 7 Pro 64 bit workstation as a domain member. Logins and shares
 work without a hitch.

 I'm running into a problem with ArcGIS 10 Server on Windows using domain
 accounts for the services.  ArcGIS post-install fails because it won't take
 the username/password combination of the domain account.  I initially
 thought this was an ArcGIS problem, but looking at the Samba logs, I find
 check_ntlm_password: sam authentication for user [ArcGISSOC] FAILED with
 error NT_STATUS_WRONG_PASSWORD entries whenever I try to configure the
 service.


Ok, I have fixed this problem on my site by patching Samba 3.4.7 on Ubuntu
10.04 (I incorrectly said 10.10 originally).  It isn't clear to me if this
is a Samba bug, a Windows bug, or a misconfiguration on either end of my
systems, but the following does fix my problem.

The issue appears to (my neophyte eyes) to be that login requests that fail
ntlmv2 authentication are not falling through gracefully to lm auth.  In
Samba, the code that determines whether or not to process is an ntlmv2
request checks the length parameter of the nt field in the RPC request.  If
this field is greater than or equal to 24, it processes as ntlmv2.  If it
processes the ntlmv2 check and it fails, it returns an
NT_STATUS_WRONG_PASSWORD to the client before it ever has a chance to check
lm.
Now I have played around with these auth settings on my Windows machine
endlessly and it does not seem to have an effect on what authentication
dcomcnfg uses when setting the identity of a component.
My instinct on this issue is that whatever initially processes the rpc
request in Samba is creating a zero-filled data element for both methods and
setting the length accordingly, regardless of whether the particular method
was requested or not (probably to avoid null pointer errors).  The ntlmv2
check assumes that the length should be zero for the nt data element if it
wasn't requested.  My patch additionally checks that the nt response
property is not just a zero-filled array before deciding that it is an
ntlmv2 request.

Again, I can't say that this is the right solution and I'm sure there are
some enormous deficits in my understanding of how this is supposed to work,
but this patch does work if you are willing to compile yourself.  This
section of code has been changed quite a bit in Samba 3.5 and up, so it may
not be an issue on those new versions, but I can't say for sure.

If anyone has any additional insight into this (ie., I have an obvious
configuration error, I have misunderstood something, or I have created a
gaping security hole with this patch) I would appreciate the feedback.

Thanks,

- Chris




Extract from log files of failing configuration (real data replaced with
01234, ... sequences are directly from log).

in.logon.network.nt and in.logon.network.lm properties of netr_LogonSamLogon
struct at rpc_server/srv_pipe.c:2327(api_rpcTNP)

From request generated when setting Identity property of DCOM object in
DComCnfg

nt: struct netr_ChallengeResponse
  length : 0x002c (44)
  size   : 0x002c (44)
  data   : *
data :

lm: struct netr_ChallengeResponse
  length : 0x0018 (24)
  size   : 0x0018 (24)
  data   : *
data : 01234567890123456789012345678901

From domain login on the same workstation

nt: struct netr_ChallengeResponse
  length : 0x010e (270)
  size   : 0x010e (270)
  data   : *
data : 01234567890123456789012345 ... 01234567890123456789012345
lm: struct netr_ChallengeResponse
  length : 0x0018 (24)
  size   : 0x0018 (24)
  data   : *
data : 



Patch to source3/libsmb/ntlm_check.c that makes this work:

--- samba-3.4.7~dfsg/source3/libsmb/ntlm_check.c2011-10-28
11:05:38.0 -0400
+++ samba-3.4.7~dfsg-modified/source3/libsmb/ntlm_check.c   2011-10-28
11:41:12.0 -0400
@@ -28,6 +28,21 @@
 /
  Core of smb password checking routine.
 /
+static bool nt_response_empty(TALLOC_CTX *mem_ctx,
+  const DATA_BLOB *nt_response)
+{
+if(nt_response-length == 0)
+return true;
+
+DATA_BLOB empty_response = data_blob_talloc_zero(mem_ctx,
nt_response-length);
+if(memcmp(nt_response-data, empty_response.data,
nt_response-length)) {
+data_blob_free(empty_response);
+return false;
+}
+
+data_blob_free(empty_response);
+return true;
+}

 static bool smb_pwd_check_ntlmv1(const DATA_BLOB *nt_response,
 const uchar *part_passwd,
@@ -283,7 +298,7 @@
   

Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbac ked PDC and MS Exchange 5.5 still

[Derek Werthmuller]

 I have a client in a similar situation. NT4 PDC w/Exchange 5.5 and Samba
member servers. Main problem is that they're running an old custom
Outlook/Exchange workflow app which locks them in until it can be replaced.

Similar situation - though we've been able to replicate it fairly easily in
google apps.

As you're aware newer then XP cannot join an NT4 domain but can join a
Samba domain - and they will eventually need some new desktops. So my
thoughts have been running along the lines of demoting the NT4 PDC and
having a Samba server take over those duties. Problem's are the NT4 PDC is
not a supported task, and even if a registry hack can accomplish it
(according to an old post by Minasi it should) but the effect on Exchange
after this is apparently unknown. Also a test attempt to vampire the PDC
did not work due to capitalization problems (if the vampire script did a
lower case conversion this might have been a big start).

I did consider this, though the issue is what do I do with the existing NT4
PDC - I can demote this to BDC but from the samba docs samba PDC and Windows
BDC is not supported.  And I don't think it can demote the PDC to server
role.
I'm also trying to be very careful not to make substantial changes to the
exchange host - I need that working for a short while longer.

Thanks
Derek


-Original Message-
From: Chris Smith [mailto:smb...@chrissmith.org] 
Sent: Friday, October 28, 2011 12:07 PM
To: Derek Werthmuller
Cc: samba@lists.samba.org
Subject: Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x
ldapbacked PDC and MS Exchange 5.5 still

On Fri, Oct 28, 2011 at 10:34 AM, Derek Werthmuller
dwert...@ctg.albany.edu wrote:
 Looking to make some changes to an old but working LAN, that has about 
 10 samba servers serving printers and network shares and a NT 4 PDC 
 server with Exchange 5.5 on it.  The samba servers are members of the 
 nt4 domain, XP systems are members of the nt 4 domain also.

 I'd like to be able to support windows 7 clients as domain members, 
 right now the clients are all XP.

 Keeping the exchange is really a stop gap till we can move that 
 function to the cloud.

 Have others done similar upgrades successfully?  Does this sound
reasonable?



All services except for PDC, WINS and Exchange have been moved from the NT4
box. Outside email is handled by Google Apps. DNS, NTP, file and print
services, etc. all handled by Linux servers, firewall is OpenBSD/PF. Also to
protect from failure of the old hardware the PDC has been virtrualized and
running under VirtualBox where regular snapshots can be taken.

The virtualization of the NT4 PDC also provides an opportunity to experiment
with copies/snapshots so I hope to tackle this a bit more in depth when time
permits. Of course any clues, hints, experience to be shared in this area
are very welcome. I will gladly provide anything I find out that may be
useful.

Chris
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbac ked PDC and MS Exchange 5.5 still

[Derek Werthmuller]

Thanks for the advice - Good to know not to go down the trust relationship
path.  A seperate domain does sound like a good path.  Leave the existing
nt/exchange setup as just an email platform.  Users are likely to need to
login again once we move that email/calendar/contacts funtion to the cloud
anyway.

Gives a nice clean migration path - here is your new win7 pc and your new
login for it.

Though I've also considered not making the new win7 domain members anyway.
They are all going laptops and staff are somewhat mobile to highly mobile.
When the domain is not avilable because of poor network link quality or no
network at all laptop performance suffers.  I know this to be the case with
XP, I have no indication that its
any different with Win7.  

Thanks
Derek

-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
On Behalf Of Gaiseric Vandal
Sent: Friday, October 28, 2011 11:05 AM
To: samba@lists.samba.org
Subject: Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x
ldapbacked PDC and MS Exchange 5.5 still

If you are getting rid of the exchange server it seems a lot of work to do
the trusts thing.  Having outlook remember your password isn't a major
problem.  Except of course then people are pretty likely to have forgotten
their e-mail password if they ever use another PC.


I have found Samba trusts to be fairly painful.  I had a Samba 3.0.x PDC
(LDAP backend) which I tried having a trust with a Windows 2003 
domain.In order for trusts to work, the Samba machine uses Idmap to 
create a range of unix uid's and gid's for the trusted Windows users.
With Samba 3.0.x, these idmap entries were created but would stop 
working after the cache period expired.I don't know why.  When I 
moved to Samba 3.4.x, the expiration issue went away but then idmap 
entries were not automatically.   We didn't have many people in the 
Windows 2003 domain so I can manually create idmap entries as needed.

My gut feeling is that any changes you make to support Windows 7 machines
will break compatibility with legacy machines  (e.g. NT4) or the domain
trusts-  altho installing the latest NT4 SP pack (6a?) may help.

Could you make migrate the PDC role from your NT server to a samba 3.4.x 
or 3.5.x server?   I don't think Exchange 5.5 has to be on the domain 
controller.

At my work we have a Samba domain for most of the users and computers.  
We also have a separate untrusted  Win 2008 domain just to support our 
Exchange 2007 server.It would be nice if we could consolidate to a 
single domain (or at least a single Active Directory tree) but for the
moment people have to maintain separate e-mail accounts.

FYI-  I had a look at the latest version of Zimbra- it looks like a pretty
nice product for a small business, if you decide not to go with 
the hosting route.I do like Exchange 2007 but it can be a big 
challenge to set up and maintain, and you really have to have a 
background with Active Directory and Exchange.Not what I would use 
for a really small site.





On 10/28/2011 10:34 AM, Derek Werthmuller wrote:
 Looking to make some changes to an old but working LAN, that has about 10
 samba servers serving printers and network shares and a NT 4 PDC server
with
 Exchange 5.5 on it.  The samba servers are members of the nt4 domain, XP
 systems are members of the nt 4 domain also.  Samba servers are
ldapbacked.
 We use the ldap component directly to login to the Linux servers.

 I'd like to be able to support windows 7 clients as domain members, right
 now the clients are all XP.  The plan I'm considering is building a new
 domain with the latest version of samba 3.x stable series for my RHEL6
 servers, join my new windows clients to that domain and create a trust
 relationship to the NT 4 domain.  The existing samba servers can be joined
 to the new domain so that only the email server will be in the old domain.
 The idea behind the trust
 relationship is so that entering email for my users can be just a click
and
 won't have to login again.  We'd want to keep the ldap backend capability
 too.

 Keeping the exchange is really a stop gap till we can move that function
to
 the cloud.

 Have others done similar upgrades successfully?  Does this sound
reasonable?

 Is the trust relationship overkill and likely to cause problems? (tell
users
 to cache the outlook login and be done)

 Thanks
   Derek

 Derek Werthmuller
 Director of Technology Innovation and Services
 Center for Technology in Government
 518.442.3892
 www.ctg.albany.eduwww.ctg.albany.edu








-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbac ked PDC and MS Exchange 5.5 still

[Chris Smith]

On Fri, Oct 28, 2011 at 1:51 PM, Derek Werthmuller
dwert...@ctg.albany.edu wrote:
 I did consider this, though the issue is what do I do with the existing NT4
 PDC - I can demote this to BDC but from the samba docs samba PDC and Windows
 BDC is not supported.  And I don't think it can demote the PDC to server
 role.

There is no supported NT4 PDC demotion scenario. But via registry hack
I think you can demote to server and then become a member server. And
Exchange 5.5 can run on member server.

 I'm also trying to be very careful not to make substantial changes to the
 exchange host - I need that working for a short while longer.

That's one reason for dealing with the VM's. I'll be able to test
these changes in a separate virtual environment. Just would be nice to
know if anyone has actually done this and, if doable, what the caveats
and gotchas were.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbac ked PDC and MS Exchange 5.5 still

[Robert Schetterer]

Am 28.10.2011 20:00, schrieb Chris Smith:
 On Fri, Oct 28, 2011 at 1:51 PM, Derek Werthmuller
 dwert...@ctg.albany.edu wrote:
 I did consider this, though the issue is what do I do with the existing NT4
 PDC - I can demote this to BDC but from the samba docs samba PDC and Windows
 BDC is not supported.  And I don't think it can demote the PDC to server
 role.
 
 There is no supported NT4 PDC demotion scenario. But via registry hack
 I think you can demote to server and then become a member server. And
 Exchange 5.5 can run on member server.

for info
long time ago i tested exchange 5.5 / win2000 server working with a
samba pdc controller
it worked like charme, but thats years ago

these days you shouldnt use such setups, there are a lot of other
solutions, based on open source or ms solutions
exchange 5.5 is too much outdated


 
 I'm also trying to be very careful not to make substantial changes to the
 exchange host - I need that working for a short while longer.
 
 That's one reason for dealing with the VM's. I'll be able to test
 these changes in a separate virtual environment. Just would be nice to
 know if anyone has actually done this and, if doable, what the caveats
 and gotchas were.


-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba server slow down after serving more than casual data

[Michael]

Hello,

I am currently running Fedora 15 on an x86_64 system that acts as a 
whole house server for named, dhcp, nfs, nis, htpp, samba, etc


The system is currently running samba-3.5.11-71 with kernel 
2.6.40.6-0.fc15.x86_64.  The system is fully patched as of today. 
However, this issue has existed for at least 2 years and I am at a loss 
to debug it.


I have a simple samba configuration for sharing files to a windows VM on 
another box.


Here is the config:

[global]

workgroup = NERD
server string = Samba Server on NERD
security = user
hosts allow =192.168.1.
log file = /var/log/samba/%m.log
max log size = 50

passdb backend = smbpasswd

dns proxy = no

[homes]
comment = Home Directories
browseable = no
writable = yes


This seems to work well for extended periods of time without issues 
until I transfer more than normal (for me) amounts of data like DVD ISOs 
or importing a music collection into itunes.  The direction of the data 
flow doesn't seem to matter. Once a large amount of data has been 
transferred, then all remote access becomes painfully slow. NFS access 
to the unix clients, samba access, even ssh'ing into the server becomes 
painfully slow.  Memory utilization and cpu utilization are low.


Restarting the samba server does not clear the issue.  Only rebooting 
the server clears up the issue.


I don't see any interesting messages in the log files

It seems like the use of samba triggers something on the server that 
brings it to a crawl and affects everything.


I can copy data back and forth using NFS for hours and never see the 
issue unless I use samba.


Any suggestions or help in debugging this issue?

Michael

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[SCM] Samba Shared Repository - branch master updated

[Stefan Metzmacher]

The branch, master has been updated
   via  6c07505 s4:librpc/dcerpc_smb2: fix smb2_write_callback()
   via  926b339 s4:librpc/dcerpc_smb: fix smb_write_callback()
  from  ac79427 s4:torture:smb2: avoid leaking tree connects up to the main 
function from the durable_open test

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 6c07505b15e3822cf5fe09b0e32794b6abecbeeb
Author: Stefan Metzmacher me...@samba.org
Date:   Thu Oct 27 22:55:17 2011 +0200

s4:librpc/dcerpc_smb2: fix smb2_write_callback()

The should use smb2_write_recv() to get the result.

metze

Autobuild-User: Stefan Metzmacher me...@samba.org
Autobuild-Date: Fri Oct 28 09:55:48 CEST 2011 on sn-devel-104

commit 926b3394b653a9bef561fea9c89a18a1850df6f9
Author: Stefan Metzmacher me...@samba.org
Date:   Thu Oct 27 22:55:17 2011 +0200

s4:librpc/dcerpc_smb: fix smb_write_callback()

The should use smb_raw_write_recv() to get the result.

metze

---

Summary of changes:
 source4/librpc/rpc/dcerpc_smb.c  |   15 ++-
 source4/librpc/rpc/dcerpc_smb2.c |   14 +-
 2 files changed, 19 insertions(+), 10 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/librpc/rpc/dcerpc_smb.c b/source4/librpc/rpc/dcerpc_smb.c
index c231295..bdba217 100644
--- a/source4/librpc/rpc/dcerpc_smb.c
+++ b/source4/librpc/rpc/dcerpc_smb.c
@@ -308,13 +308,18 @@ static NTSTATUS smb_send_trans_request(struct 
dcecli_connection *c, DATA_BLOB *b
 static void smb_write_callback(struct smbcli_request *req)
 {
struct dcecli_connection *c = (struct dcecli_connection 
*)req-async.private_data;
+   union smb_write io;
+   NTSTATUS status;
 
-   if (!NT_STATUS_IS_OK(req-status)) {
-   DEBUG(0,(dcerpc_smb: write callback error\n));
-   pipe_dead(c, req-status);
-   }
+   ZERO_STRUCT(io);
+   io.generic.level = RAW_WRITE_WRITEX;
 
-   smbcli_request_destroy(req);
+   status = smb_raw_write_recv(req, io);
+   if (!NT_STATUS_IS_OK(status)) {
+   DEBUG(0,(dcerpc_smb: write callback error: %s\n,
+   nt_errstr(status)));
+   pipe_dead(c, status);
+   }
 }
 
 /* 
diff --git a/source4/librpc/rpc/dcerpc_smb2.c b/source4/librpc/rpc/dcerpc_smb2.c
index 75fb423..0de8935 100644
--- a/source4/librpc/rpc/dcerpc_smb2.c
+++ b/source4/librpc/rpc/dcerpc_smb2.c
@@ -284,13 +284,17 @@ static NTSTATUS smb2_send_trans_request(struct 
dcecli_connection *c, DATA_BLOB *
 static void smb2_write_callback(struct smb2_request *req)
 {
struct dcecli_connection *c = (struct dcecli_connection 
*)req-async.private_data;
+   struct smb2_write io;
+   NTSTATUS status;
 
-   if (!NT_STATUS_IS_OK(req-status)) {
-   DEBUG(0,(dcerpc_smb2: write callback error\n));
-   pipe_dead(c, req-status);
-   }
+   ZERO_STRUCT(io);
 
-   smb2_request_destroy(req);
+   status = smb2_write_recv(req, io);
+   if (!NT_STATUS_IS_OK(status)) {
+   DEBUG(0,(dcerpc_smb2: write callback error: %s\n,
+nt_errstr(status)));
+   pipe_dead(c, status);
+   }
 }
 
 /* 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Andreas Schneider]

The branch, master has been updated
   via  7d7ba3b Add systemd service files.
  from  6c07505 s4:librpc/dcerpc_smb2: fix smb2_write_callback()

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 7d7ba3ba40895090d9bd791f210f89c5d5d2582e
Author: Andreas Schneider a...@samba.org
Date:   Thu Oct 27 17:11:19 2011 +0200

Add systemd service files.

Autobuild-User: Andreas Schneider a...@cryptomilk.org
Autobuild-Date: Fri Oct 28 11:34:27 CEST 2011 on sn-devel-104

---

Summary of changes:
 packaging/systemd/nmb.service  |   12 
 .../{RHEL-CTDB/setup = systemd}/samba.sysconfig   |0
 packaging/systemd/smb.service  |   13 +
 packaging/systemd/winbind.service  |   13 +
 4 files changed, 38 insertions(+), 0 deletions(-)
 create mode 100644 packaging/systemd/nmb.service
 copy packaging/{RHEL-CTDB/setup = systemd}/samba.sysconfig (100%)
 create mode 100644 packaging/systemd/smb.service
 create mode 100644 packaging/systemd/winbind.service


Changeset truncated at 500 lines:

diff --git a/packaging/systemd/nmb.service b/packaging/systemd/nmb.service
new file mode 100644
index 000..a2ecd22
--- /dev/null
+++ b/packaging/systemd/nmb.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Samba NMB Daemon
+After=syslog.target network.target
+
+[Service]
+Type=forking
+PIDFile=/run/nmbd.pid
+EnvironmentFile=-/etc/sysconfig/samba
+ExecStart=/usr/sbin/nmbd $NMBDOPTIONS
+
+[Install]
+WantedBy=multi-user.target
diff --git a/packaging/RHEL-CTDB/setup/samba.sysconfig 
b/packaging/systemd/samba.sysconfig
similarity index 100%
copy from packaging/RHEL-CTDB/setup/samba.sysconfig
copy to packaging/systemd/samba.sysconfig
diff --git a/packaging/systemd/smb.service b/packaging/systemd/smb.service
new file mode 100644
index 000..7d765db
--- /dev/null
+++ b/packaging/systemd/smb.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Samba SMB Daemon
+After=syslog.target network.target
+
+[Service]
+Type=forking
+PIDFile=/run/smbd.pid
+LimitNOFILE=16384
+EnvironmentFile=-/etc/sysconfig/samba
+ExecStart=/usr/sbin/smbd $SMBDOPTIONS
+
+[Install]
+WantedBy=multi-user.target
diff --git a/packaging/systemd/winbind.service 
b/packaging/systemd/winbind.service
new file mode 100644
index 000..91f9112
--- /dev/null
+++ b/packaging/systemd/winbind.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Samba Winbind Daemon
+Requires=smb.service nmb.service
+After=syslog.target network.target smb.service nmb.service
+
+[Service]
+Type=forking
+PIDFile=/run/winbindd.pid
+EnvironmentFile=-/etc/sysconfig/samba
+ExecStart=/usr/sbin/winbindd $WINBINDOPTIONS
+
+[Install]
+WantedBy=multi-user.target


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Günther Deschner]

The branch, master has been updated
   via  2330e52 s3-passdb: use tevent_context in passdb.
   via  0b6ced6 s3-smbldap: use tevent_context in smbldap.
  from  7d7ba3b Add systemd service files.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 2330e52cacef0f1cf0e766cd25d23715be5102ef
Author: Günther Deschner g...@samba.org
Date:   Thu Oct 27 16:28:27 2011 +0200

s3-passdb: use tevent_context in passdb.

Guenther

Autobuild-User: Günther Deschner g...@samba.org
Autobuild-Date: Fri Oct 28 13:09:47 CEST 2011 on sn-devel-104

commit 0b6ced62096cf31142b329056c0d0066d04b344c
Author: Günther Deschner g...@samba.org
Date:   Thu Oct 27 16:19:07 2011 +0200

s3-smbldap: use tevent_context in smbldap.

Guenther

---

Summary of changes:
 source3/include/passdb.h   |5 +++--
 source3/include/smbldap.h  |6 +++---
 source3/lib/smbldap.c  |   19 ++-
 source3/passdb/pdb_interface.c |   10 +-
 source3/passdb/pdb_ldap.c  |2 +-
 5 files changed, 22 insertions(+), 20 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/passdb.h b/source3/include/passdb.h
index 70b21c9..37d35cf 100644
--- a/source3/include/passdb.h
+++ b/source3/include/passdb.h
@@ -32,6 +32,7 @@
 #endif
 
 #include ../librpc/gen_ndr/lsa.h
+#include tevent.h
 
 /* group mapping headers */
 
@@ -801,7 +802,7 @@ bool pdb_element_is_set_or_changed(const struct samu 
*sampass,
 NTSTATUS smb_register_passdb(int version, const char *name, pdb_init_function 
init) ;
 struct pdb_init_function_entry *pdb_find_backend_entry(const char *name);
 const struct pdb_init_function_entry *pdb_get_backends(void);
-struct event_context *pdb_get_event_context(void);
+struct tevent_context *pdb_get_tevent_context(void);
 NTSTATUS make_pdb_method_name(struct pdb_methods **methods, const char 
*selected);
 struct pdb_domain_info *pdb_get_domain_info(TALLOC_CTX *mem_ctx);
 bool pdb_getsampwnam(struct samu *sam_acct, const char *username) ;
@@ -872,7 +873,7 @@ bool pdb_sid_to_id(const struct dom_sid *sid, uid_t *uid, 
gid_t *gid,
   enum lsa_SidType *type);
 uint32_t pdb_capabilities(void);
 bool pdb_new_rid(uint32_t *rid);
-bool initialize_password_db(bool reload, struct event_context *event_ctx);
+bool initialize_password_db(bool reload, struct tevent_context *tevent_ctx);
 struct pdb_search *pdb_search_init(TALLOC_CTX *mem_ctx,
   enum pdb_search_type type);
 struct pdb_search *pdb_search_users(TALLOC_CTX *mem_ctx, uint32_t acct_flags);
diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index cce3e1e..9a81c30 100644
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -131,7 +131,7 @@ extern ATTRIB_MAP_ENTRY trustpw_attr_list[];
have to worry about LDAP structure types */
 
 NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx,
- struct event_context *event_ctx,
+ struct tevent_context *tevent_ctx,
   const char *location,
   struct smbldap_state **smbldap_state);
 
@@ -174,7 +174,7 @@ struct smbldap_state {
unsigned int num_failures;
 
time_t last_use; /* monotonic */
-   struct event_context *event_context;
+   struct tevent_context *tevent_context;
struct timed_event *idle_event;
 
struct timeval last_rebind; /* monotonic */
@@ -239,7 +239,7 @@ int smbldap_search_suffix (struct smbldap_state *ldap_state,
   const char *filter, const char **search_attr,
   LDAPMessage ** result);
 void smbldap_free_struct(struct smbldap_state **ldap_state) ;
-NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, struct event_context *event_ctx,
+NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, struct tevent_context *tevent_ctx,
  const char *location,
  struct smbldap_state **smbldap_state);
 bool smbldap_has_control(LDAP *ld, const char *control);
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index b333f30..bb98d44 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -26,6 +26,7 @@
 #include smbldap.h
 #include secrets.h
 #include ../libcli/security/security.h
+#include tevent.h
 
 /* Try not to hit the up or down server forever */
 
@@ -1249,7 +1250,7 @@ done:
return rc;
 }
 
-static void smbldap_idle_fn(struct event_context *event_ctx,
+static void smbldap_idle_fn(struct tevent_context *tevent_ctx,
struct timed_event *te,
struct timeval now_abs,
void *private_data);
@@ -1310,9 +1311,9 @@ static int smbldap_open(struct smbldap_state *ldap_state)
 
TALLOC_FREE(ldap_state-idle_event);
 
-   if (ldap_state-event_context != NULL) {
- 

[SCM] Samba Shared Repository - branch master updated

[Andrew Bartlett]

The branch, master has been updated
   via  1e2f15f lib/util Add ABI to the samba-module library
   via  7f8f715 lib/util Rename samba_modules_load - 
samba_module_init_fns_for_subsystem
   via  b256799 lib/util Rename samba_init_module - samba_module_init
   via  0ce09fc lib/util Rename samba_init_module_fns_run - 
samba_module_init_fns_run
   via  1b7cc4a lib/util Rename samba_init_module_fn - samba_module_init_fn
   via  87354c9 lib/util Split samba-modules library into public and 
private parts
   via  b7b798e lib/util Rename load_samba_modules - samba_modules_load
   via  ce0ccc2 lib/util Rename run_init_functions - 
samba_init_module_fns_run
   via  1935b7b lib/util Rename init_module_fn to samba_init_module_fn
   via  7cf00e3 gensec: Add parinoia about integer wrapping
   via  1bc787d s3-selftest Add all the LOCAL-* smbtorture tests to make 
test
   via  289b03d s3-build: Remove libbigballofmud.so
   via  f28fda7 s3-torture Remove t_stringoverflow as fstrcpy now uses 
strlcpy
   via  9fe8c3d s3-selftest: Add LOCAL-sprintf_append
   via  f31fd31 s3-torture run t_strappend tests as LOCAL-sprintf_append
   via  4cc0552 s3-torture Run t_strappend test for less time
   via  de148f7 s3-torture Fix t_strappend test
   via  659ec79 selftest: Have only one set of selftest knownfail and skip 
files
   via  8dcfe2e selftest: Remove --target option and the ability to run 
'samba4 only' tests
   via  f54dcc8 s3-torture remove unused t_push_ucs2.c t_strcmp.c t_strstr.c
   via  961952e s3-torture remove unused t_asn1.c
   via  3167b95 examples: rework wscript to use a loop
  from  2330e52 s3-passdb: use tevent_context in passdb.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 1e2f15f773ec97716af7e63562fe142fd619444a
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Oct 25 11:39:47 2011 +1100

lib/util Add ABI to the samba-module library

Autobuild-User: Andrew Bartlett abart...@samba.org
Autobuild-Date: Fri Oct 28 14:42:43 CEST 2011 on sn-devel-104

commit 7f8f7159afbd9cfce4181eeb31a5c575c14d5f81
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Oct 25 10:34:13 2011 +1100

lib/util Rename samba_modules_load - samba_module_init_fns_for_subsystem

This is to provide a cleaner namespace in the public samba plugin
functions.

Andrew Bartlett

commit b256799eaf829fcb7d6e1d88de4478f77df8ff73
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Oct 25 10:30:14 2011 +1100

lib/util Rename samba_init_module - samba_module_init

This is to provide a cleaner namespace in the public samba plugin
functions.

Andrew Bartlett

commit 0ce09fcf7ae971a2dc4131fd137c925f0b9a57a4
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Oct 25 10:11:06 2011 +1100

lib/util Rename samba_init_module_fns_run - samba_module_init_fns_run

This is to provide a cleaner namespace in the public samba plugin
functions.

Andrew Bartlett

commit 1b7cc4ac7c793d4c1829d842c84273ef2d081fdb
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Oct 25 07:43:06 2011 +1100

lib/util Rename samba_init_module_fn - samba_module_init_fn

This is to provide a cleaner namespace in the public samba plugin
functions.

Andrew Bartlett

commit 87354c9a6de95d5dcebace77a35fc21a73d599ab
Author: Andrew Bartlett abart...@samba.org
Date:   Mon Oct 24 19:39:53 2011 +1100

lib/util Split samba-modules library into public and private parts

This will allow OpenChange to get at the symbols it needs, without
exposing any more of this as a public API than we must.

Andrew Bartlett

commit b7b798e15b7be2d57e20c14cca2f908b301ed894
Author: Andrew Bartlett abart...@samba.org
Date:   Mon Oct 24 19:07:12 2011 +1100

lib/util Rename load_samba_modules - samba_modules_load

This is to provide a cleaner namespace in the public samba plugin
functions.

Andrew Bartlett

commit ce0ccc2a2ea820cd5d30ffd082d898fcb57431e6
Author: Andrew Bartlett abart...@samba.org
Date:   Mon Oct 24 19:01:16 2011 +1100

lib/util Rename run_init_functions - samba_init_module_fns_run

This is to provide a cleaner namespace in the public samba plugin
functions.

Andrew Bartlett

commit 1935b7b6c223542c1807e275c44e6ba4b2e90b68
Author: Andrew Bartlett abart...@samba.org
Date:   Mon Oct 24 09:49:26 2011 +1100

lib/util Rename init_module_fn to samba_init_module_fn

This prepares for making the samba_module.h header public again, for 
OpenChange.

I am keen to avoid too much API namespace pollution if we can.

commit 7cf00e3231da1808a5ad1adf8fbc319846eacabe
Author: Andrew Bartlett abart...@samba.org
Date:   Sat Oct 22 11:48:30 2011 +1100

gensec: Add parinoia about integer wrapping

commit 

[SCM] Samba Shared Repository - branch master updated

[Günther Deschner]

The branch, master has been updated
   via  151bb29 s3-net: Make sure to always re-use the good dc for the 
DNS updates as well.
  from  1e2f15f lib/util Add ABI to the samba-module library

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 151bb290d12f6727fce4b6be29175d5ad5551bef
Author: Günther Deschner g...@samba.org
Date:   Fri Oct 28 12:03:58 2011 +0200

s3-net: Make sure to always re-use the good dc for the DNS updates as 
well.

Guenther

Autobuild-User: Günther Deschner g...@samba.org
Autobuild-Date: Fri Oct 28 19:13:49 CEST 2011 on sn-devel-104

---

Summary of changes:
 source3/utils/net_ads.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index c17367a..b614432 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -1466,7 +1466,7 @@ int net_ads_join(struct net_context *c, int argc, const 
char **argv)
/* We enter this block with user creds */
ADS_STRUCT *ads_dns = NULL;
 
-   if ( (ads_dns = ads_init( lp_realm(), NULL, NULL )) != NULL ) {
+   if ( (ads_dns = ads_init( lp_realm(), NULL, r-in.dc_name )) != 
NULL ) {
/* kinit with the machine password */
 
use_in_memory_ccache();


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Jeremy Allison]

The branch, master has been updated
   via  f30f71c Fix bug #8548 - winbind_samlogon_retry_loop ignores 
logon_parameters flags.
   via  8c6ff21 The xcopy test is used in unusual ways (via a different 
uid). Ensure we can cope with this.
   via  3bd6513 Remove the order dependency in parent_override_delete(), 
just check for  not ==.
   via  80c3aa7 The xcopy test requires dos filemode=yes as it opens with 
WRITE_OWNER.
   via  30a5996 Remove the mkdir and open functions from the ACL modules - 
main code paths now handle this.
   via  8a65e2c Remove unused struct security_descriptor parameter from 
check_parent_access()
   via  ea195b6 Finally do all the open checks inside open_file(). Checks 
inside vfs_acl_common can now be removed.
   via  8a3070a Simplify smbd_check_open_rights() and move all the special 
casing inside it.
   via  18df3ae Move parent_override_delete() to before I need to use it.
   via  1619de3 Make smbd_check_open_rights() static.
  from  151bb29 s3-net: Make sure to always re-use the good dc for the 
DNS updates as well.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit f30f71c14a0b89dea296910ac9b92d3ae4016613
Author: Jeremy Allison j...@samba.org
Date:   Fri Oct 28 12:29:54 2011 -0700

Fix bug #8548 - winbind_samlogon_retry_loop ignores logon_parameters flags.

Fix confirmed by reporter.

Autobuild-User: Jeremy Allison j...@samba.org
Autobuild-Date: Fri Oct 28 23:04:47 CEST 2011 on sn-devel-104

commit 8c6ff21782b141571dde64e80cc42540e9177a23
Author: Jeremy Allison j...@samba.org
Date:   Fri Oct 28 12:15:51 2011 -0700

The xcopy test is used in unusual ways (via a different uid). Ensure we can 
cope with this.

commit 3bd6513884f1f02fe5638a424bcb1948f0921853
Author: Jeremy Allison j...@samba.org
Date:   Thu Oct 27 16:48:13 2011 -0700

Remove the order dependency in parent_override_delete(), just check for  
not ==.

commit 80c3aa7d2991302a2280dbfe6df14040347fdc52
Author: Jeremy Allison j...@samba.org
Date:   Thu Oct 27 16:41:18 2011 -0700

The xcopy test requires dos filemode=yes as it opens with WRITE_OWNER.

commit 30a599684a0a8c1f9af2d5b8adf8302172b49ae3
Author: Jeremy Allison j...@samba.org
Date:   Wed Oct 26 16:02:40 2011 -0700

Remove the mkdir and open functions from the ACL modules - main code paths 
now handle this.

commit 8a65e2c747c17be023d8c1285e0c8b2394fd4354
Author: Jeremy Allison j...@samba.org
Date:   Wed Oct 26 15:30:00 2011 -0700

Remove unused struct security_descriptor parameter from 
check_parent_access()

commit ea195b6cd2152a7f09847dba9c0c2288cc9a862d
Author: Jeremy Allison j...@samba.org
Date:   Wed Oct 26 15:03:28 2011 -0700

Finally do all the open checks inside open_file(). Checks inside
vfs_acl_common can now be removed.

commit 8a3070a7c9fe3fad35103435c5c74188866057eb
Author: Jeremy Allison j...@samba.org
Date:   Wed Oct 26 14:58:32 2011 -0700

Simplify smbd_check_open_rights() and move all the special casing inside it.

commit 18df3aedb9dc0b7af0cc4046efb23026708f5d71
Author: Jeremy Allison j...@samba.org
Date:   Wed Oct 26 14:47:52 2011 -0700

Move parent_override_delete() to before I need to use it.

commit 1619de30805e57adc8bf063a9ccf6f5ba245bc5a
Author: Jeremy Allison j...@samba.org
Date:   Wed Oct 26 14:06:41 2011 -0700

Make smbd_check_open_rights() static.

---

Summary of changes:
 selftest/target/Samba3.pm|6 +
 selftest/target/Samba4.pm|7 +
 source3/modules/vfs_acl_common.c |  140 +
 source3/modules/vfs_acl_tdb.c|2 -
 source3/modules/vfs_acl_xattr.c  |2 -
 source3/smbd/globals.h   |4 -
 source3/smbd/open.c  |  251 +++---
 source3/winbindd/winbindd_pam.c  |4 +-
 source4/selftest/tests.py|   18 ++--
 9 files changed, 153 insertions(+), 281 deletions(-)


Changeset truncated at 500 lines:

diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 2f23ae3..3c0fbe9 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -916,6 +916,7 @@ sub provision($$$)
map readonly = no
store dos attributes = yes
create mask = 755
+   dos filemode = yes
vfs objects = $vfs_modulesdir_abs/xattr_tdb.so 
$vfs_modulesdir_abs/streams_depot.so
 
printing = vlp
@@ -1002,6 +1003,11 @@ sub provision($$$)
copy = print1
 [lp]
copy = print1
+[xcopy_share]
+   path = $shrdir
+   comment = smb username is [%U]
+   create mask = 777
+   force create mode = 777
 [print\$]
copy = tmp
;
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 6d67229..506bbee 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -751,6 +751,13 @@ sub 

Re: [SCM] Samba Shared Repository - branch master updated

[simo]

On Fri, 2011-10-28 at 11:35 +0200, Andreas Schneider wrote:
 +Requires=smb.service nmb.service
 +After=syslog.target network.target smb.service nmb.service

This looks wrong, winbind does not require smb or nmb to run, if you
have a laptop and do not offer shares you may want to run just winbind
and no smb or nmb service.
And actually I think you probably want to start winbind before smb *if*
you are using winbind on a samba file server.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer s...@samba.org
Principal Software Engineer at Red Hat, Inc. s...@redhat.com