[Samba] HTML docs and the removal of SWAT in 4.1
On Fri, 2013-10-11 at 15:17 -0400, Charles Marcus wrote: On 2013-10-11 9:49 AM, samba-requ...@lists.samba.org samba-requ...@lists.samba.org wrote: REMOVED COMPONENTS == The Samba Web Administration Tool (SWAT) has been removed. Details why SWAT has been removed can be found on the samba-technical mailing list: https://lists.samba.org/archive/samba-technical/2013-February/090572.html Just curious what was decided about this comment (he has a very excellent point): I have yet to make the jump to Samba4, so I have not seen the version of SWAT designed for it. For me, the primary benefit of SWAT in Samba3 was the ability to use the help link for any parameter to see what that parameter did, what the default was, and what its proper syntax was. For reference, I ran man smb.conf. Viewing full screen, I pressed the Page Down key 34 times and was still in the 1st third of the alphabetical listing of parameters. It's no small wonder that I never used man smb.conf to configure Samba. SWAT was my friend. So, if Samba4 has anywhere near the number of parameters as Samba3, I would be greatly disappointed to see SWAT go away entirely. An html version of the samba-doc package that contained all parameters with links to their definitions/descriptions would be a welcome and suitable replacement. You can search the manpage with the normal pager commands (eg /directory). No matter if we would have liked to keep SWAT around, it was simply not maintained, and fixing the CVE issues only introduced other issues. HTML documentation should be generated by running 'make htmlman' in the docs-xml directory, but some of this seems to have bitrotted, at least in my brief testing. Patches to have HTML manpages generated by our main buildsystem (see docs-xml/wscript_build and buildtools/wafsamba/wafsamba.py) are most welcome. Andrew Bartlett Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] From 3.0.11 to up-to-date versions protocol problem
Hi. We have been using samba 3.0.11 for years and now we need to add some win7 machines to our domain. So I test up-to-date Samba versions (3.6.19, 4.1.0 compiled, and Centos today native binary package 3.6.something) and with all of them I run into the same problem. I get stuck with protocols when checking XP machines (which works like a charm in 3.0.11 domain) When max protocol is NT1 (as in 3.0.11), I can add XP into domain, but can not do domain logon nor net view /DOMAIN:NIS7 - the domain is not longer available. Net view /DOMAIN:NIS works good - NIS is 3.0.11 samba domain. When I set protocol to LANMAN2, net view shows my SAMBA7 server, I can log into domain from already-in-domain XP, but I can not add the XP into domain, when it was removed from it - with incorrect parameter message. (The XP is in LDAP and can join the domain with max protocol NT1, as I said). I have tried many combinations of options, but with no luck. I suppose NT1 should be used as max protocol, is it right? Where can be the problem with logging into domain and net view command then? I did wiresharking, tcpdumping, log reading, googling for days... Thanks, Michal This is my global section right now. [global] dos charset = CP852 unix charset = ISO8859-2 workgroup = NIS7 server string = passdb backend = ldapsam:ldap://10.200.11.11 lanman auth = Yes syslog = 0 log file = /var/log/samba/%m.log max log size = 50 max protocol = LANMAN2 name resolve order = host bcast server signing = auto socket options = TCP_NODELAY,SO_KEEPALIVE add user script = /usr/sbin/useradd -d /dev/null -g users -s /bin/false -M %u add machine script = /usr/local/bin/AM %u logon script = smbprofile.bat logon path = \\%h\home\profiles\%U logon drive = S: domain logons = Yes os level = 35 preferred master = Yes domain master = Yes dns proxy = No ldap admin dn = cn=Manager,dc=nspuh,dc=cz ldap group suffix = ou=groups ldap machine suffix = ou=machines ldap suffix = dc=nspuh,dc=cz ldap ssl = no ldap user suffix = ou=people allow insecure wide links = Yes panic action = /usr/share/samba/panic-action %d template homedir = /profiles/DEFAULT idmap config * : range = idmap config * : backend = tdb admin users = root root preexec = /usr/local/bin/RPE '%u' 'GLOBALS' /var/log/RPE.log 21 wide links = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Fix Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
On Sat, 2013-10-12 at 12:35 -0700, Mauricio Alvarez wrote: Is there any chance the problem I am having (drsuapi.DsBindInfoFallBack' object has no attribute 'supported_extensions') is related to this patch? No. Sorry, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using samba 4 as plugin replacement for samba 3
On Fri, 2013-10-11 at 17:00 +0200, Klaus Hartnegg wrote: Hi, when I don't want to switch to Active Directory, but don't want to be stuck on version 3.6 either, can I simply give samba 4 a copy of the old smb.conf file? Yes. Will it be able to store all windows acl's in extended attributes, or is this improvement only available in combination with letting it run as active directory domain controller? You can load acl_xattr as a vfs module without being an AD DC, it's just on by default in that case. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems joining Samba4 domain
I have fixed this problem by changing the following line in /etc/krb5.conf from dns_lookup_realm = false to dns_lookup_realm = true Why must i change this line? When provisioning Samba4 the first time krb5.conf is generated automatically with the option dns_lookup_realm = false. Am 14.09.2013 23:28, schrieb X-Dimension: Hi! I've installed Samba4 like described here on Ubuntu 12.04.3 http://www.matrix44.net/cms/notes/gnulinux/samba-4-ad-domain-with-ubuntu-12-04 DNS with BIND_DLZ backend seems to work and i can add DNS records without a problem with Microsoft RSAT. When i try kinit on the server i get the following: root@PDC:~# kinit administrator Password for administra...@mydomain.lan: - Works fine root@PDC:~# kinit administra...@mydomain.lan Password for administra...@mydomain.lan: - Works fine root@PDC:~# kinit administra...@mydomain.lan Password for administra...@mydomain.lan: kinit: KDC reply did not match expectations while getting initial credentials - Don't work When i try to join a Windows 7 Professional client to my domain, i get this: 1. Joining as user administrator to domain mydomain or MYDOMAIN or mydomain.lan or MYDOMAIN.LAN - wrong username or password 2. Joining as user administrator@mydomain to domain mydomain - works fine But after a reboot i can't login as administrator@mydomain and i get wrong username and password My krb5.conf looks like this: [libdefaults] default_realm = MYDOMAIN.LAN dns_lookup_realm = false dns_lookup_kdc = true What goes wrong here? Thanks for help! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems joining Samba4 domain
After some minutes the problem exists again! :( I' can't login anymore as an domain user and i can't join other clients to the Samba4 domain. After restart the Server it looks like it works again, but some minutes later i ran into the same problems. What goes wrong? Am 13.10.2013 14:27, schrieb X-Dimension: I have fixed this problem by changing the following line in /etc/krb5.conf from dns_lookup_realm = false to dns_lookup_realm = true Why must i change this line? When provisioning Samba4 the first time krb5.conf is generated automatically with the option dns_lookup_realm = false. Am 14.09.2013 23:28, schrieb X-Dimension: Hi! I've installed Samba4 like described here on Ubuntu 12.04.3 http://www.matrix44.net/cms/notes/gnulinux/samba-4-ad-domain-with-ubuntu-12-04 DNS with BIND_DLZ backend seems to work and i can add DNS records without a problem with Microsoft RSAT. When i try kinit on the server i get the following: root@PDC:~# kinit administrator Password for administra...@mydomain.lan: - Works fine root@PDC:~# kinit administra...@mydomain.lan Password for administra...@mydomain.lan: - Works fine root@PDC:~# kinit administra...@mydomain.lan Password for administra...@mydomain.lan: kinit: KDC reply did not match expectations while getting initial credentials - Don't work When i try to join a Windows 7 Professional client to my domain, i get this: 1. Joining as user administrator to domain mydomain or MYDOMAIN or mydomain.lan or MYDOMAIN.LAN - wrong username or password 2. Joining as user administrator@mydomain to domain mydomain - works fine But after a reboot i can't login as administrator@mydomain and i get wrong username and password My krb5.conf looks like this: [libdefaults] default_realm = MYDOMAIN.LAN dns_lookup_realm = false dns_lookup_kdc = true What goes wrong here? Thanks for help! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems joining Samba4 domain
On 13/10/13 14:01, X-Dimension wrote: After some minutes the problem exists again! :( I' can't login anymore as an domain user and i can't join other clients to the Samba4 domain. After restart the Server it looks like it works again, but some minutes later i ran into the same problems. What goes wrong? Am 13.10.2013 14:27, schrieb X-Dimension: I have fixed this problem by changing the following line in /etc/krb5.conf from dns_lookup_realm = false to dns_lookup_realm = true Why must i change this line? When provisioning Samba4 the first time krb5.conf is generated automatically with the option dns_lookup_realm = false. Am 14.09.2013 23:28, schrieb X-Dimension: Hi! I've installed Samba4 like described here on Ubuntu 12.04.3 http://www.matrix44.net/cms/notes/gnulinux/samba-4-ad-domain-with-ubuntu-12-04 DNS with BIND_DLZ backend seems to work and i can add DNS records without a problem with Microsoft RSAT. When i try kinit on the server i get the following: root@PDC:~# kinit administrator Password for administra...@mydomain.lan: - Works fine root@PDC:~# kinit administra...@mydomain.lan Password for administra...@mydomain.lan: - Works fine root@PDC:~# kinit administra...@mydomain.lan Password for administra...@mydomain.lan: kinit: KDC reply did not match expectations while getting initial credentials - Don't work When i try to join a Windows 7 Professional client to my domain, i get this: 1. Joining as user administrator to domain mydomain or MYDOMAIN or mydomain.lan or MYDOMAIN.LAN - wrong username or password 2. Joining as user administrator@mydomain to domain mydomain - works fine But after a reboot i can't login as administrator@mydomain and i get wrong username and password My krb5.conf looks like this: [libdefaults] default_realm = MYDOMAIN.LAN dns_lookup_realm = false dns_lookup_kdc = true What goes wrong here? Thanks for help! Just how closely did you follow the webpage you posted in your OP? , it seems to be using the standard samba4 packages from Ubuntu, which if I remember correctly are broken. Also there is a howler on the webpage you posted, you are advised to create a share called [global] , this is the standard top share that you will find in any smb.conf. I would advise you to compile samba4 yourself, it is easy, see here: https://wiki.samba.org/index.php/Build_Samba I would also suggest that you use the latest tarball (4.1.0) Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] execute permissions missing after upgrade to Samba 4
After upgrading from samba-3.6.12 to samba-4.0.9 (Fedora 17 i686 - Fedora 19 i686, smb.conf stayed same) I see weird behavior - windows client can not run executable files due to insufficient permissions. However, when I in Linux set (with 'chmod u+x,g+x ...') execution bit for these files, all is fine and windows client can run their. It seems for me as samba4 (contrary to samba3) now check x bit for some 'Read-And-Execute' (or how are executables called from windows) and deny access although client has all other rights (read and write) to this .exe file. Data are stored on ext4 volume which is mounted with 'user_xattr acl' option. My smb.conf look as (some IMO unimportant items omitted from 'testparm -s' output): [global] logon script = %m.bat logon path = domain logons = Yes os level = 63 preferred master = Yes domain master = Yes wins support = Yes idmap config * : backend = tdb ea support = Yes map archive = No map readonly = no store dos attributes = Yes [info] comment = Data info path = /home/DATA/info read list = @info write list = @info force group = info create mask = 0770 directory mask = 0771 force create mode = 0660 force directory mode = 02770 - How is possible solve this issue? Win client self did not set x bit on executables (e.g. when I from windows client extract ZIP archive with executables, they have no x-bit set). Should Samba4 itself set 'Read-And-Execute' rights, either by settin x bit or by setting these rights in extended attributes? Thank in advance, Franta Hanzlik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] kinit user works, kinit user@domain.local doesn't
I'm running Samba 4.0.10 on Ubuntu Server 12.04.3 x64 Samba was installed from source and provisioned with internal DNS as PDC of the domain domain.local. Users were mapped through pam. I created a new user (user@domain.local) and joined a winxp workstation (workstation.domain.local). It seems kerberos is working since user can log to workstation without any problem using user@domain.local. Same with DNS; if I try to ping pdc.domain.local, I get name resolved correctly, as well as with just ping pdc. However, if I run ping workstation.domain.local from pdc, I get unknown host, though ping workstation works. Similarly, if I run kinit user, I get a ticket, but kinit user@domain.local produces Cannot contact any KDC for realm 'domain.local' while getting initial credentials. Probably related issue is with samba_dnsupdate. Running sudo /usr/local/samba/sbin/samba_dnsupdate --verbose --all-names gives RuntimeError: kinit for PDC$@DOMAIN.LOCAL failed (Cannot contact any KDC for requested realm). sudo host -t SRV _kerberos._udp.domain.local. gives _kerberos._udp.domain.local has SRV record 0 100 88 pdc.domain.local. so it seems there is a correct record for kdc in dns. I've read that this issue can be caused by wrong dns setting in resolv.conf. My /etc/resolv.conf (and /etc/resolvconf/resolv.conf.d/tail) is: domain domain.local nameserver 127.0.0.1 and my /etc/hosts: 127.0.0.1 localhost.localdomain localhost 127.0.1.1 pdc.domain.localpdc #network interface eth0: 192.168.1.67pdc.domain.localpdc So even here everything looks ok My krb5.conf: [libdefaults] default_realm = DOMAIN.LOCAL dns_lookup_realm = false dns_lookup_kdc = true forwardable = true [realms] DOMAIN.LOCAL = { kdc = pdc.domain.local admin_server = pdc.domain.local } [domain_realm] .domain.local = DOMAIN.LOCAL domain.local = DOMAIN.LOCAL My smb.conf: [global] workgroup = DOMAIN realm = DOMAIN.LOCAL netbios name = PDC server role = active directory domain controller server role check:inhibit = yes server services = s3fs, rpc, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns template shell = /bin/bash security = user map to guest = bad user guest account = nobody encrypt passwords = yes allow dns updates = True dns forwarder = 217.119.113.244 interfaces = 127.0.1.1/8 eth0 lo bind interfaces only = yes logon path = \\%L\profiles\%U\%a logon drive = P: wins support = yes name resolve order = wins host bcast load printers = yes printing = cups printcap name = cups [netlogon] path = /usr/local/samba/var/locks/sysvol/domain.local/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No -- View this message in context: http://samba.2283325.n4.nabble.com/kinit-user-works-kinit-user-domain-local-doesn-t-tp4654989.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Port 139 Not open on bootup...
That matches what I have been thinking. However the IPv6 is up, and isn't that the same interface? There is only one mac address device, the NIC. If this is the case, then how do I delay the smb start up? I've been using linux for decades, but only infrequently, soI have to relearn these things every couple of years. I know it's somewhere in the init.d scripts for run level 3 and 5 Thanks. -Scott On Sun, Oct 13, 2013 at 12:05 AM, Gregory Sloop gr...@sloop.net wrote: [I may be completely wrong, but I'm too lazy to look it up, but perhaps it's a place to start...] I seem to recall that if the interface isn't up and ready, Samba, when it comes up, won't listen on that interface unless it's explicitly defined. Is there a chance that the IPv4 interface isn't up when the Samba loads, but IPv6 is? [Or perhaps IPv6 gets treated differently...] Something to investigate - but remember, I'm not claiming to be right. :) -Greg SW I am running SUSE 12.0 I have had this problem on another machine months SW ago, but never solved it. I have done many searches, but have come up empty. SW When booted, port 139 is not open on IPv4. There os no 0.0.0.0:139 listening. SW HOWEVER: :::139 is listening. SO I know it is open on IPv6. SW When I try to gain remote access through a share, the machine is not found. SW When I try to telnet to port 139, the connection is refused. SW To solve it, I have to manually restart smb. So this is some kind of SW 'first bootup' problem. All the searches I came up with all describe a SW problem that it just isn't working at all. This is just that it doesn't SW work until I restart the daemon. SW It's annoying to work around, especially when I'm using a VM and SW starting/stopping the machine often. SW Can anyone advise on what this problem is, or how to fix it? SW -Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] File share permissions act different on member server than on DC
Hello, a while ago I wrote the http://wiki.samba.org/index.php/Setup_and_configure_file_shares HowTo. When I wrote the HowTo, I setup and configured the share on a DC - what still works like described. Today I tried the first time to do exactly the same on a 4.0.10 and 4.1.0 _member server_, and it doesn't work there. The share in smb.conf: [demo] path = /srv/samba/Demo read only = no The folder in the filesystem (XFS): drwxr-xr-x 2 root root6 13. Okt 22:16 /srv/samba/Demo I connect to the share as Domain Admin, right-click to it and go to the security tab. Here I see now everyone and two root entries. - I click the edit button and remove the two root entries. When I click apply, everything is reset (the two entries went back. - If i grant modify to everyone - where all allow entries are empty per default and click apply, then all boxes are checked automatically (full access) and CREATOR OWNER and CREATOR GROUP appear. And this two can't be removed as well any more. If I do exactly the same on a DC, then already the security tab shows on the first time I open it very different settings. The wiki screenshot shows them: http://wikiupload.samba.org/images/8/8f/Demo_Share_Security.png). But the folder on Linux side is also just 755 (and without any extended ACLs when I begin). Also whatever I change (like remove root from the ACLs) everything is done like expected and saved. The member server is also self compiled. I installed all packages on my RHEL6 that I have installed on the DC too. Any idea what could be different on a 4.x member than on a DC? Or did I find a bug? Regards Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] kinit user works, kinit user@domain.local doesn't
Try appending a dot character to the end and put it in domain_realm mapping. Let us know. kinit user@domain.local. On Oct 13, 2013 11:08 AM, Danny Fedor lubomirf@gmail.com wrote: I'm running Samba 4.0.10 on Ubuntu Server 12.04.3 x64 Samba was installed from source and provisioned with internal DNS as PDC of the domain domain.local. Users were mapped through pam. I created a new user (user@domain.local) and joined a winxp workstation (workstation.domain.local). It seems kerberos is working since user can log to workstation without any problem using user@domain.local. Same with DNS; if I try to ping pdc.domain.local, I get name resolved correctly, as well as with just ping pdc. However, if I run ping workstation.domain.local from pdc, I get unknown host, though ping workstation works. Similarly, if I run kinit user, I get a ticket, but kinit user@domain.local produces Cannot contact any KDC for realm 'domain.local' while getting initial credentials. Probably related issue is with samba_dnsupdate. Running sudo /usr/local/samba/sbin/samba_dnsupdate --verbose --all-names gives RuntimeError: kinit for PDC$@DOMAIN.LOCAL failed (Cannot contact any KDC for requested realm). sudo host -t SRV _kerberos._udp.domain.local. gives _kerberos._udp.domain.local has SRV record 0 100 88 pdc.domain.local. so it seems there is a correct record for kdc in dns. I've read that this issue can be caused by wrong dns setting in resolv.conf. My /etc/resolv.conf (and /etc/resolvconf/resolv.conf.d/tail) is: domain domain.local nameserver 127.0.0.1 and my /etc/hosts: 127.0.0.1 localhost.localdomain localhost 127.0.1.1 pdc.domain.localpdc #network interface eth0: 192.168.1.67pdc.domain.localpdc So even here everything looks ok My krb5.conf: [libdefaults] default_realm = DOMAIN.LOCAL dns_lookup_realm = false dns_lookup_kdc = true forwardable = true [realms] DOMAIN.LOCAL = { kdc = pdc.domain.local admin_server = pdc.domain.local } [domain_realm] .domain.local = DOMAIN.LOCAL domain.local = DOMAIN.LOCAL My smb.conf: [global] workgroup = DOMAIN realm = DOMAIN.LOCAL netbios name = PDC server role = active directory domain controller server role check:inhibit = yes server services = s3fs, rpc, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns template shell = /bin/bash security = user map to guest = bad user guest account = nobody encrypt passwords = yes allow dns updates = True dns forwarder = 217.119.113.244 interfaces = 127.0.1.1/8 eth0 lo bind interfaces only = yes logon path = \\%L\profiles\%U\%a logon drive = P: wins support = yes name resolve order = wins host bcast load printers = yes printing = cups printcap name = cups [netlogon] path = /usr/local/samba/var/locks/sysvol/domain.local/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No -- View this message in context: http://samba.2283325.n4.nabble.com/kinit-user-works-kinit-user-domain-local-doesn-t-tp4654989.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Fix Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
Hi Andrew... Aplied patch but not work! Same error! Thanks! Jacó Ramos 2013/10/12 Andrew Bartlett abart...@samba.org On Fri, 2013-10-11 at 12:06 -0300, Jacó Ramos wrote: Hi guys, When run join in DC root@samba4:~# samba-tool domain join jacoramos.net.br DC -Uadministrador --realm=jacoramos.net.br --dns-backend=BIND9_DLZ Finding a writeable DC for domain 'jacoramos.net.br' Found DC win2003.jacoramos.net.br Password for [WORKGROUP\administrador]: workgroup is JACORAMOS realm is jacoramos.net.br checking sAMAccountName Adding CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Adding CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br Adding CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br Adding SPNs to CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Setting account password for SAMBA4$ Enabling account Adding DNS account CN=dns-SAMBA4,CN=Users,DC=jacoramos,DC=net,DC=br with dns/ SPN Join failed - cleaning up checking sAMAccountName Deleted CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Deleted CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br Deleted CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - 052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1169, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1072, in do_join ctx.join_add_objects() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 616, in join_add_objects ctx.samdb.add(msg) root@samba4:~# Sorry about that. Try the attached patch. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error samba task: cc scavenger.c - scavenger 91.o
Thanks for your reply. So, in root i run this : git cherry-pick -x 31714c97845fff11b2997c86b5fc3a3bff8ed710 And its good or I misunderstood? On Fri, Sep 27, 2013 at 08:09:42AM +0200, LIBERT Anthony wrote: Hello everybody, I try to install samba on ubuntu server 13.04 So I downloaded the 4.0.9 version of samba but when the make I get this error: ../source3/smbd/scavenger.c : In function 'scavenger_timer' : ../source3/smbd/scavenger.c: 482:3 : error : format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'uint64_t' [-Werror=format] ../source3/smbd/scavenger.c: 490:3 : error : format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'uint64_t' [-Werror=format] cc1 : some warnings being treated as errors Waf : Leaving directory /opt/samba-4.0.9/bin' Build failed: - Task failed (err #1) {task: cc scavenger.c - scavenger_91.o} make: *** [all] Error 1 An idea please ? This is bug: https://bugzilla.samba.org/show_bug.cgi?id=10169 Will be fixed in the next 4.0.x release. The patch is available there if you wish to hand apply it. Sorry for the problem. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Host Cannot Access Samba
Hi Marc, Answers as follows: - The linux VB is on a different network than the server - I have a log file generated for that VB ipaddress with errors: getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection timed out. closed connection to service -No firewalls between server and host or on host Thanks, Amanda Hicks Systems Analyst - Systems Engineering NAV CANADA 280 Hunt Club Road Ottawa, ON. K1V 1C1 hic...@navcanada.ca 613-248-6568 -Original Message- From: Marc Muehlfeld [mailto:sa...@marc-muehlfeld.de] Sent: September-27-13 1:37 PM To: Hicks, Amanda Cc: samba@lists.samba.org Subject: Re: [Samba] Host Cannot Access Samba Hello Amanda, Am 25.09.2013 19:57, schrieb Hicks, Amanda: Our windows clients can access samba but we have a user using linux in a virtual box that is getting permission errors when trying to access the share. Can someone give direction to samples with Linux client smb.conf? You are giving to less information, to provide any help. - Is the Linux in VB in the same network than the server? Or maybe the VB network is using NAT to connect? - Anything in the logfiles on the Samba server? At least you should see the connection try. If not, increase the loglevel to 2 or 3. - Any firewall on the VB Linux or on it's host? Or between them and the server? - Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Using userpassword attribute with sha1 in samba4
Hi everyone, I have a php script that put all the people from a ldap(Openldap) base to Samba4 so I need to use the same password. I'm using userpassword in samba to store the passwords sha1 but I don't understand what is happening. My user is not logging on the system. Do I need to enable anything in samba4 ? My script: public function gerarSenhaPadraoTextoPlano($strSenha) { $senha = \ . $strSenha . \; $novaSenha = null; $len = strlen($senha); for($i=0;$i$len;$i++) $novaSenha .= {$senha{$i}}\000; return $novaSenha; } $ldaprecord['userpassword'] = $this-gerarSenhaPadraoTextoPlano(123Mudar); -- Att, *Thiago Holanda* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] client hangs
Doug, Has anything changed on your DCs? When we had a similar sounding issue it took us about a month to connect that a) a Windows domain controller had its IP address changed with b) the old IP address was still lurking in DNS that was managed by the DC. Once the obsolete addressing was repaired, Samba started working correctly again. We were not able, however, to create a scenario that would lead to the failure, so we solved the problem only by inference. The one (simple) test that we did use was to put the DC address relationships into the Samba server's /etc/hosts and saw the issue disappear. Andy Colb -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Doug Tucker Sent: Thursday, October 03, 2013 11:21 AM To: samba@lists.samba.org Subject: [Samba] client hangs All, I've exhausted myself on this issue. Our samba server has been up and running for ages without any issues. About 6 weeks ago quite suddenly we began having intermittent clients hangs network wide and I'm at a loss to find the issue. The users have so named them the windows explorer status bar of death. It has been extremely disruptive when it happens. Looking at the logs at the time of the event there doesn't seems to be anything particularly unusual anywhere. It's as if all is well in the world at every level. Network is quiet, file server is fine, samba server is fine, but client attempts to access a resource on a shared drive either by saving, or just simply clicking on a folder on the shared drive can takes minutes to complete. Anyone else suddently experiencing this? Clients are mostly windows7. Though even the mac clients as well as the linux clients are seeing the slowness. Running samba: samba-3.0.33-3.39.el5_8 Centos5 x86_64 I know I'm not providing much here, but I simply can't find anything relevant to send. -- Sincerely, Doug Tucker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Failover
Hi guys, I have a domain with Samba 4.0.5 domain controllers and also a failover DRBD shared disk, where the active DC controlls the access to the disk. DOMAINC01 - 10.48.16.150 DOMAINC02 - 10.48.16.151 DOMAINCHA - 10.48.16.155 this would be the failover IP, which works perfectly on Windows XP clients. I can see the shares, just like on DOMAINC01 or DOMAINC02 and if the users has the proper credentials they can write open etc. But when I try to do the same on a Windows 7 client I simply get an error message You dont have the proper rights to open the directory I guess because of the DOMAINCHA virtual controller is not in the AC, but shall I add a computer to the AC so my win7 clients could open the available shares? Thanks, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Point'n Print setup on Samba4 failing to install drivers
Premise / status: I've set up Samba 4 as an AD controller, and, according to the instructions on the [howto](https://wiki.samba.org/index.php/Samba_as_a_print_server), have established a [print$] share that should allow me to upload printer drivers for Point'n'Print driver installation. The printers are visible from the Windows client, but the server does not have Windows drivers available so drag and drop installation won't work. Problems / deviation from the instructions: If I attempt to load the driver with the [print$] share permissions set as per the howto, (755 server side, samba config includes 'writeable = yes') I get an access denied error. If I set the [print$] share permissions wide open on the server (777) and use the Windows 7 interface to make sure that either Domain Admins or even Everyone has full control, drivers will appear to begin installation and then fail with errer 0x001f. It does not appear that any files are actually placed on the server. I've tried this with different printers and drivers. The user account is a Domain Admin and that group was granted print operator privileges. I can even just shove random text files into the [print$] share from Windows. Sub-question: Is there / shouldn't there be a way to have write permissions through the Samba4 server without setting the local unix permissions wide open? Main question: What could I have overlooked? What do I need to do in order to get the print drivers to installed on the server? Thank you, -- Pablo Virgo System Administrator Solutions for Progress, Inc. 728 South Broad Street Philadelphia, PA 19146 Phone: 215-701-8075 Fax: 215-972-8109 pgpTI5VnI7mbb.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Question about DNS Ghost Records
I just found this: https://wiki.samba.org/index.php/DNS - Under troubleshoot Let me try it out first. Am 10.10.2013 15:07, schrieb Gerhard Stein: I have had an IP Address Record of the name Z37 which was 192.168.2.203. Using nslookup I find it, but samba-tool queries the name and shows 0 Records? $ nslookup Z37 Server:192.168.2.1 Address:192.168.2.1#53 Name:Z37.calcdom.local Address: 192.168.2.203 $ samba-tool dns query localhost calcdom.local @ ALL Name=, Records=4, Children=0 SOA: serial=119, refresh=900, retry=600, expire=86400, ns=zcontroller.calcdom.local., email=hostmaster.calcdom.local. (flags=60f0, serial=119, ttl=3600) NS: zcontroller.calcdom.local. (flags=60f0, serial=1, ttl=900) A: 134.147.57.144 (flags=60f0, serial=110, ttl=900) A: 192.168.2.1 (flags=60f0, serial=110, ttl=900) Name=_msdcs, Records=0, Children=0 Name=_sites, Records=0, Children=1 Name=_tcp, Records=0, Children=4 Name=_udp, Records=0, Children=2 Name=DomainDnsZones, Records=0, Children=2 Name=ForestDnsZones, Records=0, Children=2 Name=Y15, Records=1, Children=0 A: 192.168.2.192 (flags=f0, serial=110, ttl=1200) Name=Y16, Records=1, Children=0 A: 192.168.2.122 (flags=f0, serial=110, ttl=1200) Name=Z34, Records=1, Children=0 A: 192.168.2.169 (flags=f0, serial=110, ttl=1200) Name=Z35, Records=1, Children=0 A: 192.168.2.206 (flags=f0, serial=115, ttl=0) Name=Z36, Records=1, Children=0 A: 192.168.2.205 (flags=f0, serial=116, ttl=0) Name=Z37, Records=0, Children=0 Name=zcontroller, Records=2, Children=0 A: 134.147.57.144 (flags=f0, serial=110, ttl=900) A: 192.168.2.1 (flags=f0, serial=110, ttl=900) Name=Ztest, Records=0, Children=0 Now in order to fix that I tried to delete that record and get this: $ samba-tool dns update localhost calcdom.local Z37 A 192.168.2.203 192.168.2.210 Password for [Administrator@CALCDOM.LOCAL]: ERROR: Record does not exist I can believe that, but when I try then to add a new record with that name: $ samba-tool dns add localhost calcdom.local Z37 A 192.168.2.203 Password for [Administrator@CALCDOM.LOCAL]: ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py, line 1053, in run 0, server, zone, name, add_rec_buf, None) So, no record, but I cannot add this one...? A bit strange. I did a recent update where also the automatic DNS updates got better on the other computers. I'm still trying to remove that record...What works is to add a Record with another data: $ samba-tool dns add localhost calcdom.local Z37 A 192.168.2.210 Password for [Administrator@CALCDOM.LOCAL]: Record added successfully But I cannot update or remove the one with the 192.168.2.203: now both are shown : $ nslookup z37 Server:192.168.2.1 Address:192.168.2.1#53 Name:z37.calcdom.local Address: 192.168.2.203 Name:z37.calcdom.local Address: 192.168.2.210 Btw. I have no bind installed. I hope you can help, because I have no way to remove that record. Can I clear the DNS Cache maybe? How? Kind Regards, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Question about DNS Ghost Records
nope, it didn't help: gerstrong@ZController:~$ /usr/local/samba/bin/samba-tool dns add zcontroller calcdom.local Z37 A IP -k yes ERROR(runtime): uncaught exception - (-1073741811, 'Unexpected information received') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py, line 1053, in run 0, server, zone, name, add_rec_buf, None) gerstrong@ZController:~$ /usr/local/samba/bin/samba-tool dns delete zcontroller calcdom.local Z37 A IP -k yes ERROR: Record does not exist Regards - Gerd Am 10.10.2013 16:43, schrieb Gerhard Stein: I just found this: https://wiki.samba.org/index.php/DNS - Under troubleshoot Let me try it out first. Am 10.10.2013 15:07, schrieb Gerhard Stein: I have had an IP Address Record of the name Z37 which was 192.168.2.203. Using nslookup I find it, but samba-tool queries the name and shows 0 Records? $ nslookup Z37 Server:192.168.2.1 Address:192.168.2.1#53 Name:Z37.calcdom.local Address: 192.168.2.203 $ samba-tool dns query localhost calcdom.local @ ALL Name=, Records=4, Children=0 SOA: serial=119, refresh=900, retry=600, expire=86400, ns=zcontroller.calcdom.local., email=hostmaster.calcdom.local. (flags=60f0, serial=119, ttl=3600) NS: zcontroller.calcdom.local. (flags=60f0, serial=1, ttl=900) A: 134.147.57.144 (flags=60f0, serial=110, ttl=900) A: 192.168.2.1 (flags=60f0, serial=110, ttl=900) Name=_msdcs, Records=0, Children=0 Name=_sites, Records=0, Children=1 Name=_tcp, Records=0, Children=4 Name=_udp, Records=0, Children=2 Name=DomainDnsZones, Records=0, Children=2 Name=ForestDnsZones, Records=0, Children=2 Name=Y15, Records=1, Children=0 A: 192.168.2.192 (flags=f0, serial=110, ttl=1200) Name=Y16, Records=1, Children=0 A: 192.168.2.122 (flags=f0, serial=110, ttl=1200) Name=Z34, Records=1, Children=0 A: 192.168.2.169 (flags=f0, serial=110, ttl=1200) Name=Z35, Records=1, Children=0 A: 192.168.2.206 (flags=f0, serial=115, ttl=0) Name=Z36, Records=1, Children=0 A: 192.168.2.205 (flags=f0, serial=116, ttl=0) Name=Z37, Records=0, Children=0 Name=zcontroller, Records=2, Children=0 A: 134.147.57.144 (flags=f0, serial=110, ttl=900) A: 192.168.2.1 (flags=f0, serial=110, ttl=900) Name=Ztest, Records=0, Children=0 Now in order to fix that I tried to delete that record and get this: $ samba-tool dns update localhost calcdom.local Z37 A 192.168.2.203 192.168.2.210 Password for [Administrator@CALCDOM.LOCAL]: ERROR: Record does not exist I can believe that, but when I try then to add a new record with that name: $ samba-tool dns add localhost calcdom.local Z37 A 192.168.2.203 Password for [Administrator@CALCDOM.LOCAL]: ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py, line 1053, in run 0, server, zone, name, add_rec_buf, None) So, no record, but I cannot add this one...? A bit strange. I did a recent update where also the automatic DNS updates got better on the other computers. I'm still trying to remove that record...What works is to add a Record with another data: $ samba-tool dns add localhost calcdom.local Z37 A 192.168.2.210 Password for [Administrator@CALCDOM.LOCAL]: Record added successfully But I cannot update or remove the one with the 192.168.2.203: now both are shown : $ nslookup z37 Server:192.168.2.1 Address:192.168.2.1#53 Name:z37.calcdom.local Address: 192.168.2.203 Name:z37.calcdom.local Address: 192.168.2.210 Btw. I have no bind installed. I hope you can help, because I have no way to remove that record. Can I clear the DNS Cache maybe? How? Kind Regards, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ntlm_auth with require-membership-of not working
Hi, The latest samba from sernet was installed on a new CentOS server. ntlm_auth is implemented with pptpd. ntlm_auth always return success whenever group, username and password are correct. No matter the user is in the group or not. Is it a bug or I missed something? The following is detail of my settings and testing result from command line. OS: CentOS 6.4 Samba version: sernet-samba.x86_64 4.0.10-5.el6 Samba mode: AD [root@powerpptp samba]# samba-tool group listmembers pptp_user test_pptp1 [root@powerpptp samba]# wbinfo -n pptp_user S-1-5-21-463116762-3579576764-3594160179-1110 SID_DOM_GROUP (2) [root@powerpptp samba]# ntlm_auth --request-nt-key --require-membership-of=S-1-5-21-463116762-3579576764-3594160179-1110 --username=test_pptp1 --password=test_pptp1 NT_STATUS_OK: Success (0x0) [root@powerpptp samba]# ntlm_auth --request-nt-key --require-membership-of=S-1-5-21-463116762-3579576764-3594160179-1110 --username=test_pptp2 --password=test_pptp2 NT_STATUS_OK: Success (0x0) Regards, Dominic -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4.1.0
I am using samba 4.1.0 on Fedora 19 x64. I compiled from source and provisioned from scratch. I joined the domain with a Windows 7 Pro x64 machine. I do see the shares on the server, but I do not have the security tab to set permissions on the folders. The unix filesystem rights are set to root:root to 770. I do not know what the problem is. I did not experience this issue on previous versions on samba 4. Is this a knonw bug? -- View this message in context: http://samba.2283325.n4.nabble.com/Samba-4-1-0-tp4654968.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] One user getting: Primary group is 0 and contains 0 supplementary groups on standalone server
Greetings, We are having some rights issues on Samba 3.6.18 running on Slackware64 14.0 (the official Slackware Package). One of our users is having access issues and I believe I have traced the problem to the following entry in the log.smbd: Primary group is 0 and contains 0 supplementary groups Issuing the groups command for this user returns the 8 Linux groups in which the user has membership. In researching this, I found another reference to this log entry for which the solution had to do with Windows groups and their relationship to local groups. Since we are using Samba stand-alone, we do not create any Windows groups and use local Linux groups for privileges. (I'm assuming Samba can still be used this way.) My question is: How does Samba calculate these group memberships? I'll look through the source code and see what I can see, but I am no programming wizard, so I doubt I'll find what I need there. Thanks! Stu... -- Stuart Reedy Working hard for a great university! s...@coe.uky.edu 859 257-7966 http://www.coe.uky.edu/~stu/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] GPO Permissions _AGAIN_
On 09/10/2013 16:41, Alex Matthews wrote: Hi all, I'm afraid I'm back to my old issue of GPO permissions. I have two ADDCs providing an AD Domain (internal.stmaryscollege.co.uk (short-name 'SMC')). Servers are called 'ad-01' and 'tainan'. ad-01 is 'Version 4.0.10' and tainan is 'Version 4.1.0rc4' (the latest version in the package repos of the respective OSs (arch and gentoo)) I have set up a script that synchronises the two sysvol shares (using rsync) that I run manually when I make a change to a GPO. However I have found that even after running `samba-tool ntacl sysvolreset` I still get 'Access Denied' or the more long winded: 'Configuration information could not be read from the domain controller, either because the machine is unavailable or access has been denied.' when accessing some 'gpt.ini' files. For reference here is the getfacl output for the GPT.INI file in question from the two servers: TAINAN: getfacl GPT.INI # file: GPT.INI # owner: SMC\134administrator # group: SMC\134Domain\040Admins user::rwx user:SMC\134administrator:rwx group::rwx group:SMC\134Domain\040Admins:rwx group:302:rwx group:303:r-x group:SMC\134Enterprise\040Admins:rwx group:311:r-x mask::rwx other::--- AD-01: getfacl GPT.INI # file: GPT.INI # owner: SMC\134administrator # group: SMC\134Domain\040Admins user::rwx user:SMC\134administrator:rwx group::rwx group:SMC\134Domain\040Admins:rwx group:SMC\134Enterprise\040Admins:rwx group:308:r-x group:316:rwx group:318:r-x mask::rwx other::--- I would assume the inconsisteny is due to idmap being different, I'm not sure. The output of `samba-tool ntacl sysvolcheck` from the two servers is as follows: tainan: ERROR(class 'samba.provision.ProvisioningError'): uncaught exception - ProvisioningError: DB ACL on GPO directory /vol/samba/shares/sysvol/internal.stmaryscollege.co.uk/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9} O:LAG:DAD:PAR(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:PAR(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object File /usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/lib64/python2.7/site-packages/samba/netcmd/ntacl.py, line 249, in run lp) File /usr/lib64/python2.7/site-packages/samba/provision/__init__.py, line 1695, in checksysvolacl direct_db_access) File /usr/lib64/python2.7/site-packages/samba/provision/__init__.py, line 1646, in check_gpos_acl domainsid, direct_db_access) File /usr/lib64/python2.7/site-packages/samba/provision/__init__.py, line 1593, in check_dir_acl raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl)) ad-01: ERROR(class 'samba.provision.ProvisioningError'): uncaught exception - ProvisioningError: DB ACL on GPO directory /srv/samba/sysvol/internal.stmaryscollege.co.uk/Policies/{6AC1786C-016F-11D2-945F-00C04FB984F9} O:LAG:DAD:PAR(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:PAR(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object File /usr/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/lib/python2.7/site-packages/samba/netcmd/ntacl.py, line 245, in run lp) File /usr/lib/python2.7/site-packages/samba/provision/__init__.py, line 1685, in checksysvolacl direct_db_access) File /usr/lib/python2.7/site-packages/samba/provision/__init__.py, line 1636, in check_gpos_acl domainsid, direct_db_access) File /usr/lib/python2.7/site-packages/samba/provision/__init__.py, line 1586, in check_dir_acl raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl)) Would it also be possible, as an update to sysvolcheck, to not throw an uncaught exception but more gracefully give the errors and continue after the first one? Thanks, Alex Hi all, Just a quick follow up. I found a GPO entitled 'sysvol share compatibility' which has the following blurb: This setting controls whether or not the Sysvol share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications. When this setting is enabled, the
[Samba] Question about DNS Ghost Records
I have had an IP Address Record of the name Z37 which was 192.168.2.203. Using nslookup I find it, but samba-tool queries the name and shows 0 Records? $ nslookup Z37 Server:192.168.2.1 Address:192.168.2.1#53 Name:Z37.calcdom.local Address: 192.168.2.203 $ samba-tool dns query localhost calcdom.local @ ALL Name=, Records=4, Children=0 SOA: serial=119, refresh=900, retry=600, expire=86400, ns=zcontroller.calcdom.local., email=hostmaster.calcdom.local. (flags=60f0, serial=119, ttl=3600) NS: zcontroller.calcdom.local. (flags=60f0, serial=1, ttl=900) A: 134.147.57.144 (flags=60f0, serial=110, ttl=900) A: 192.168.2.1 (flags=60f0, serial=110, ttl=900) Name=_msdcs, Records=0, Children=0 Name=_sites, Records=0, Children=1 Name=_tcp, Records=0, Children=4 Name=_udp, Records=0, Children=2 Name=DomainDnsZones, Records=0, Children=2 Name=ForestDnsZones, Records=0, Children=2 Name=Y15, Records=1, Children=0 A: 192.168.2.192 (flags=f0, serial=110, ttl=1200) Name=Y16, Records=1, Children=0 A: 192.168.2.122 (flags=f0, serial=110, ttl=1200) Name=Z34, Records=1, Children=0 A: 192.168.2.169 (flags=f0, serial=110, ttl=1200) Name=Z35, Records=1, Children=0 A: 192.168.2.206 (flags=f0, serial=115, ttl=0) Name=Z36, Records=1, Children=0 A: 192.168.2.205 (flags=f0, serial=116, ttl=0) Name=Z37, Records=0, Children=0 Name=zcontroller, Records=2, Children=0 A: 134.147.57.144 (flags=f0, serial=110, ttl=900) A: 192.168.2.1 (flags=f0, serial=110, ttl=900) Name=Ztest, Records=0, Children=0 Now in order to fix that I tried to delete that record and get this: $ samba-tool dns update localhost calcdom.local Z37 A 192.168.2.203 192.168.2.210 Password for [Administrator@CALCDOM.LOCAL]: ERROR: Record does not exist I can believe that, but when I try then to add a new record with that name: $ samba-tool dns add localhost calcdom.local Z37 A 192.168.2.203 Password for [Administrator@CALCDOM.LOCAL]: ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py, line 1053, in run 0, server, zone, name, add_rec_buf, None) So, no record, but I cannot add this one...? A bit strange. I did a recent update where also the automatic DNS updates got better on the other computers. I'm still trying to remove that record...What works is to add a Record with another data: $ samba-tool dns add localhost calcdom.local Z37 A 192.168.2.210 Password for [Administrator@CALCDOM.LOCAL]: Record added successfully But I cannot update or remove the one with the 192.168.2.203: now both are shown : $ nslookup z37 Server:192.168.2.1 Address:192.168.2.1#53 Name:z37.calcdom.local Address: 192.168.2.203 Name:z37.calcdom.local Address: 192.168.2.210 Btw. I have no bind installed. I hope you can help, because I have no way to remove that record. Can I clear the DNS Cache maybe? How? Kind Regards, -- M. Sc. Gerhard Stein Lehrstuhl für Energieanlagen und Energieprozesstechnik (LEAT) Ruhr-Universität Bochum Universitätsstraße 150, IC E2/93 D-44780 Bochum Tel: +49 (0)234 / 32-26333 E-Mail: st...@leat.ruhr-uni-bochum.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] swat not working.
I have downloaded, build and installed samba-4.0.9 from source on two separate boxes running RHEL6.4. My problem is that despite having identical configurations, swat is running on one server and not on the other. Here is my xinetd conf service swat { port = 901 socket_type = stream wait= no only_from = 192.168.1.0/24 user= root server = /usr/local/samba/sbin/swat log_on_failure += USERID disable = no } I'm getting the below error Oct 7 20:25:55 server1 xinetd[21938]: START: swat pid=21940 from=:::192.168.1.3 Oct 7 20:25:55 server1 xinetd[21938]: EXIT: swat status=0 pid=21940 duration=0(sec) Oct 7 20:26:00 server1 xinetd[21938]: START: swat pid=21942 from=:::192.168.1.3 Oct 7 20:26:00 server1 swat[21942]: [2013/10/07 20:26:00.374208, 0] ../source3/auth/pampass.c:827(smb_pam_passcheck) Oct 7 20:26:00 server1 swat[21942]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User root ! Oct 7 20:26:00 server1 xinetd[21938]: EXIT: swat status=0 pid=21942 duration=0(sec) Another thing I noticed on the box where swat is not working is that there is a directory called security, containing two libraries pam_smbpass.so and pam_winbind.so under /usr/local/samba/lib I configured the build on both the boxes using ./configure --enable-debug --enable-selftest --enable-gnutls on both the boxes. What seems to be wrong here ?? Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with squid+ntlm+samba
Hello, I'm having a little problem after logging into domain via samba, after a few minutes the squid no longer authenticates the users through single sign on and keeps asking for authentication in the browser without stopping. below is my settings and error logs. smb.conf [global]workgroup = SALEnetbios name = utmadmserver string = PROXY SERVERload printers = nolog file = /var/log/samba34/log.%mpid directory = /var/run/samba34max log size = 500realm = sale.brsecurity = adsauth methods = winbindwinbind separator = |encrypt passwords = yeswinbind cache time = 300winbind enum users = yeswinbind enum groups = yeswinbind use default domain = yesidmap uid = 1-5idmap gid = 1-5local master = noos level = 233domain master = nopreferred master = nodomain logons = nowins server = 192.168.8.202dns proxy = noldap ssl = noclient use spnego = noserver signing = autoclient signing = autolog level = 3 auth:10 winbind:10 krb5.conf [libdefaults]default_realm = SALE.BRclockskew = 300[realms]SALE.BR = { kdc = 192.168.0.1default_domain = domain.localadmin_server = 192.168.0.1}[logging]kdc = FILE:/var/log/krb5/krb5kdc.logadmin_server = FILE:/var/log/krb5/kadmind.logdefault = SYSLOG:NOTICE:DAEMON [domain_realm].domain.local = DOMAIN.LOCAL [appdefaults]pam = {ticket_lifetime = 1drenew_lifetime = 1d forwardable = trueproxiable = falseretain_after_close = falseminimum_uid = 1 squid.conf # Do not edit manually !http_port 192.168.0.1:8080icp_port 0 pid_filename /var/run/squid.pidcache_effective_user proxycache_effective_group proxyerror_directory /usr/local/etc/squid/errors/Englishicon_directory /usr/local/etc/squid/iconsvisible_hostname localhostcache_mgr admin@localhostaccess_log /var/squid/logs/access.logcache_log /var/squid/logs/cache.logreferer_log /var/squid/logs/referer.loglogfile_rotate 0cache_store_log noneshutdown_lifetime 3 seconds# Allow local network(s) on interface(s)acl localnet src 192.168.0.0/255.255.255.0uri_whitespace stripdns_nameservers 208.67.222.222cache_mem 8 MBmaximum_object_size_in_memory 32 KBmemory_replacement_policy heap GDSFcache_replacement_policy heap LFUDAcache_dir ufs /var/squid/cache 100 16 256minimum_object_size 0 KBmaximum_object_size 4 KBoffline_mode offcache_swap_low 90cache_swap_high 95 url_rewrite_program /usr/local/bin/redirectorurl_rewrite_children 50 # Setup some default aclsacl all src 0.0.0.0/0.0.0.0acl localhost src 127.0.0.1/255.255.255.255acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 5080 3128 1025-65535 5080 81 80 443 21 20acl sslports port 443 563 5080 5080 81 80 443 21 20acl manager proto cache_objectacl purge method PURGEacl connect method CONNECTacl dynamic urlpath_regex cgi-bin \?acl unrestricted_hosts src /var/squid/acl/unrestricted_hosts.aclacl whitelist dstdom_regex -i /var/squid/acl/whitelist.aclcache deny dynamichttp_access allow manager localhosthttp_access deny managerhttp_access allow purge localhosthttp_access deny purgehttp_access deny !safeportshttp_access deny CONNECT !sslports # Always allow localhost connectionshttp_access allow localhost request_body_max_size 0 KBreply_body_max_size 0 deny alldelay_pools 1delay_class 1 2delay_parameters 1 -1/-1 -1/-1delay_initial_bucket_level 100delay_access 1 allow all # Custom optionstcp_outgoing_address 192.168.0.1auth_param ntlm keep_alive on # These hosts do not have any restrictionshttp_access allow unrestricted_hosts# Always allow access to whitelist domainshttp_access allow whitelistauth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmsspauth_param ntlm children 45auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basicauth_param basic casesensitive offauthenticate_cache_garbage_interval 10 secondsauth_param basic children 45auth_param basic realm Please enter your credentials to access the proxyauth_param basic credentialsttl 600 minutesacl password proxy_auth REQUIREDhttp_access allow unrestricted_hostshttp_access allow password localnet# Default block all to be surehttp_access deny all My winbind_privileged drwxr-x--- 2 root proxy 512B Oct 2 10:00 winbindd_privileged Error logs: [2013/10/01 19:39:44, 0] utils/ntlm_auth.c:833(manage_squid_ntlmssp_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED2013/10/01 19:39:44| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED' Login for user [SALE]\[wellington.gomes]@[TI-06] failed due to [Access denied]2013/10/01 19:37:35| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED'[2013/10/01 19:37:35, 0] utils/ntlm_auth.c:833(manage_squid_ntlmssp_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED [2013/10/01 19:36:52, 10] utils/ntlm_auth.c:2190(manage_squid_request) NTLMSSP BH: NT_STATUS_ACCESS_DENIED [2013/10/01 10:30:12, 3] utils/ntlm_auth.c:329(check_plaintext_auth)
[Samba] Instruction how to Connect a Linux computer to Active Directory
Hi, I am new to Linux, and I am trying to join a CentOS 6.4 computer to Windows Active Directory Domain. I have read an follow documentation that I have found online but I have not been able to successfully join the Linux computer to the AD. I am getting overwhelmed by the bast amount of information that is available but a lot of that is not accurate or simple doesn't apply to what I am trying to do. Can you please point me to where I can get reliable and up to date information on how to do the task that I am working. Thank you any help will be very appreciated. -- Walter Luna -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA + open LDAP + password hashing
Hi everybody, I'm running an Ubuntu server as fileserver for Osx clients using netatalk and now I need to add support to samba for windows clients. Every user has an account on open LDAP user base and every account has a password stored using SSHA hashing. I would like to know if I can use the same user base with samba and how to configure it to use ssha instead of NT/LM or if there is an alternative. Thanks Bye *Alberto* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Host Cannot Access Samba
Thanks for your assistance I have more information as requested: Smb.conf was created from a template by the systems administrator of the file server File server is running Red Hat 4.4.6-4 File server has Samba version 3.5.10-124 Client has box running Windows 7 and installed Virtual Box with Linux Centos 6.3. He has mounted a share to the file server samba share and can read the files. He has mounted the share with windows credentials. He can read files but not edit them on the Linux VB but can read/edit /delete from the Windows 7 box directly. He gets the error permission denied when trying to write through the Linux box. He is using VBOX host with Bridged networking. Also the user noted that when transferring files from Windows to the samba drive that preservation of gid and pid was not achieved and may be the reason this share is not successful. The logging below was a file generated specifically with his IP address in the title. Our logging for samba is set as follows: # logs split per machine log file = /var/log/samba/log.%m # max 50KB per log file, then rotate max log size = 50 So what the default level is for samba is what is being used currently. I have increased to logging level 10 and re-started a logging of files for the duration of trying to connect. Here are excerpts from logs: For log log._ipaddress _VB [2013/09/30 09:37:17.498293, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/09/30 09:37:17.498717, 10] smbd/process.c:694(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(housekeeping) (nil) rescheduled [2013/09/30 09:38:15.379882, 10] lib/util_sock.c:731(read_smb_length_return_keepalive) got smb length of 38 [2013/09/30 09:38:15.379950, 6] smbd/process.c:1486(process_smb) got message type 0x0 of len 0x26 [2013/09/30 09:38:15.379975, 3] smbd/process.c:1489(process_smb) Transaction 4819 of length 42 (0 toread) [2013/09/30 09:38:15.379996, 5] lib/util.c:639(show_msg) [2013/09/30 09:38:15.380008, 5] lib/util.c:649(show_msg) size=38 smb_com=0x2b smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=1 smb_tid=65535 smb_pid=3408 smb_uid=0 smb_mid=0 smt_wct=1 smb_vwv[ 0]=1 (0x1) smb_bcc=1 [2013/09/30 09:38:15.380101, 10] ../lib/util/util.c:278(_dump_data) [] 61a [2013/09/30 09:38:15.380131, 3] smbd/process.c:1298(switch_message) switch message SMBecho (pid 28191) conn 0x0 [2013/09/30 09:38:15.380154, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/09/30 09:38:15.380174, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2013/09/30 09:38:15.380193, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups Log file for computer log__workstationname [2013/09/30 09:38:01.187163, 10] smbd/process.c:694(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(housekeeping) (nil) rescheduled [2013/09/30 09:39:01.246851, 10] lib/events.c:131(run_events) Running timed event smbd_idle_event_handler 0x7fa864d19830 [2013/09/30 09:39:01.246915, 10] smbd/process.c:683(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) called [2013/09/30 09:39:01.246940, 10] smbd/process.c:694(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(deadtime) (nil) rescheduled [2013/09/30 09:39:01.246970, 10] lib/events.c:131(run_events) Running timed event smbd_idle_event_handler 0x7fa864d32820 [2013/09/30 09:39:01.246993, 10] smbd/process.c:683(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(housekeeping) (nil) called [2013/09/30 09:39:01.247013, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/09/30 09:39:01.247035, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2013/09/30 09:39:01.247054, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/09/30 09:39:01.247096, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2013/09/30 09:39:01.247123, 10] smbd/process.c:694(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(housekeeping) (nil) rescheduled [2013/09/30 09:39:51.486288, 10] lib/events.c:131(run_events) Running timed event smbd_idle_event_handler 0x7fa864d30e30 [2013/09/30 09:39:51.486362, 10] smbd/process.c:683(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(keepalive) (nil) called [2013/09/30 09:39:51.486417, 10] smbd/process.c:694(smbd_idle_event_handler) smbd_idle_event_handler: idle_evt(keepalive) (nil) rescheduled [2013/09/30 09:40:01.256672, 10] lib/events.c:131(run_events) Running timed event smbd_idle_event_handler 0x7fa864cb3580 [2013/09/30 09:40:01.256742, 10]
[Samba] Samba login using upn
I want to know if we can configure samba to authenticate to active directory using the user principal name (upn). Currently, it is working using the samaccountname but we need to use the upn. I am using samba 3.5 Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems joining Samba4 domain
On Sun, 2013-10-13 at 14:29 +0100, Rowland Penny wrote: Just how closely did you follow the webpage you posted in your OP? , it seems to be using the standard samba4 packages from Ubuntu, which if I remember correctly are broken. Also there is a howler on the webpage you posted, you are advised to create a share called [global] , this is the standard top share that you will find in any smb.conf. I would advise you to compile samba4 yourself, it is easy, see here: https://wiki.samba.org/index.php/Build_Samba I would also suggest that you use the latest tarball (4.1.0) I totally agree. We are only now getting current Samba 4.0 packages into Debian unstable, and Ubuntu's package, particularly on 12.04 is very, very old. Start with current code, and then get network traces and log files if you still have issues. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] execute permissions missing after upgrade to Samba 4
On Sun, 2013-10-13 at 15:39 +0200, Frantisek Hanzlik wrote: After upgrading from samba-3.6.12 to samba-4.0.9 (Fedora 17 i686 - Fedora 19 i686, smb.conf stayed same) I see weird behavior - windows client can not run executable files due to insufficient permissions. However, when I in Linux set (with 'chmod u+x,g+x ...') execution bit for these files, all is fine and windows client can run their. It seems for me as samba4 (contrary to samba3) now check x bit for some 'Read-And-Execute' (or how are executables called from windows) and deny access although client has all other rights (read and write) to this .exe file. Data are stored on ext4 volume which is mounted with 'user_xattr acl' option. My smb.conf look as (some IMO unimportant items omitted from 'testparm -s' output): [global] logon script = %m.bat logon path = domain logons = Yes os level = 63 preferred master = Yes domain master = Yes wins support = Yes idmap config * : backend = tdb ea support = Yes map archive = No map readonly = no store dos attributes = Yes [info] comment = Data info path = /home/DATA/info read list = @info write list = @info force group = info create mask = 0770 directory mask = 0771 force create mode = 0660 force directory mode = 02770 - How is possible solve this issue? Win client self did not set x bit on executables (e.g. when I from windows client extract ZIP archive with executables, they have no x-bit set). Should Samba4 itself set 'Read-And-Execute' rights, either by settin x bit or by setting these rights in extended attributes? See the new parameter in Samba 4.0.10 'acl allow execute always' Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba is still crashing
I have had a problem for a couple of weeks now. I get very regular crashes on two of my three Domain Controllers. I just updated to 4.1.0 and I am still getting the same problem. I have added panic action = /bin/sleep 9 to my config. Here is a back trace for the crash. (gdb) bt #0 0x003c3424 in __kernel_vsyscall () #1 0xb76fa363 in __waitpid_nocancel () at ../sysdeps/unix/syscall-template.S:82 #2 0xb7693eb3 in do_system (line=0x15b3d90 /bin/sleep 9) at ../sysdeps/posix/system.c:149 #3 0x006a67ed in system (line=0x15b3d90 /bin/sleep 9) at pt-system.c:29 #4 0x0081fc28 in smb_panic_s3 (why=0x964ea1 internal error) at ../source3/lib/util.c:798 #5 0x0095356d in smb_panic (why=0x964ea1 internal error) at ../lib/util/fault.c:159 #6 0x00953237 in fault_report (sig=11) at ../lib/util/fault.c:77 #7 0x00953248 in sig_fault (sig=11) at ../lib/util/fault.c:88 #8 signal handler called #9 0x003db680 in get_dcs_insite (ctx=0xad33f398, ldb=0xad59be60, sitedn=0xad50e948, list=0xad33f458, dofqdn=false) at ../dfs_server/dfs_server_ad.c:236 #10 0x003dbcf0 in get_dcs (ctx=0xad33d668, ldb=0xad59be60, searched_site=0xad2e7f18 Default-First-Site-Name, need_fqdn=false, pset_list=0xbfba3034, flags=0) at ../dfs_server/dfs_server_ad.c:345 #11 0x003dc760 in dodc_referral (lp_ctx=0xad6e8860, sam_ctx=0xad59be60, client=0xacffa098, r=0xad33d668, domain_name=0xad33d6e9 CORP) at ../dfs_server/dfs_server_ad.c:559 #12 0x003dd3e9 in dfs_server_ad_get_referrals (lp_ctx=0xad6e8860, sam_ctx=0xad59be60, client=0xacffa098, r=0xad33d668) at ../dfs_server/dfs_server_ad.c:880 #13 0x00dd1ecd in dfs_samba4_get_referrals (handle=0xad4270f8, r=0xad33d668) at ../source3/modules/vfs_dfs_samba4.c:118 #14 0x00d3f075 in smb_vfs_call_get_dfs_referrals (handle=0xad4270f8, r=0xad33d668) at ../source3/smbd/vfs.c:1442 #15 0x00d67a1f in setup_dfs_referral (orig_conn=0xad274248, dfs_path=0xad33d608 \\CORP, max_referral_level=3, ppdata=0xad1ee3fc, pstatus=0xbfba31dc) at ../source3/smbd/msdfs.c:1102 #16 0x00d20d73 in call_trans2getdfsreferral (conn=0xad274248, req=0xad33d528, pparams=0xad1ee3f4, total_params=14, ppdata=0xad1ee3fc, total_data=0, max_data_bytes=4096) at ../source3/smbd/trans2.c:8570 #17 0x00d217ff in handle_trans2 (conn=0xad274248, req=0xad33d528, state=0xad1ee3b0) at ../source3/smbd/trans2.c:8837 #18 0x00d221cb in reply_trans2 (req=0xad33d528) at ../source3/smbd/trans2.c:9022 #19 0x00d5303c in switch_message (type=50 '2', req=0xad33d528) at ../source3/smbd/process.c:1557 #20 0x00d531cc in construct_reply (sconn=0xace3a9c0, inbuf=0x0, size=86, unread_bytes=0, seqnum=0, encrypted=false, deferred_pcd=0x0) at ../source3/smbd/process.c:1593 #21 0x00d53cba in process_smb (sconn=0xace3a9c0, inbuf=0xad33d498 , nread=86, unread_bytes=0, seqnum=0, encrypted=false, deferred_pcd=0x0) at ../source3/smbd/process.c:1844 #22 0x00d54bca in smbd_server_connection_read_handler (sconn=0xace3a9c0, fd=44) at ../source3/smbd/process.c:2433 #23 0x00d54c40 in smbd_server_connection_handler (ev=0x14138e0, fde=0x156bab0, flags=1, private_data=0xace3a9c0) at ../source3/smbd/process.c:2450 #24 0x0083b82c in run_events_poll (ev=0x14138e0, pollrtn=1, pfds=0xad198ce0, num_pfds=3) at ../source3/lib/events.c:257 #25 0x0083baf7 in s3_event_loop_once (ev=0x14138e0, location=0xec5c18 ../source3/smbd/process.c:3627) at ../source3/lib/events.c:326 #26 0x008a8133 in _tevent_loop_once (ev=0x14138e0, location=0xec5c18 ../source3/smbd/process.c:3627) at ../lib/tevent/tevent.c:530 #27 0x00d581ab in smbd_process (ev_ctx=0x14138e0, msg_ctx=0x1413960, sock_fd=44, interactive=false) at ../source3/smbd/process.c:3627 #28 0x004376d1 in smbd_accept_connection (ev=0x14138e0, fde=0xad132a98, flags=1, private_data=0xad1a1cb8) at ../source3/smbd/server.c:621 #29 0x0083b82c in run_events_poll (ev=0x14138e0, pollrtn=1, pfds=0xad198ce0, num_pfds=6) at ../source3/lib/events.c:257 #30 0x0083baf7 in s3_event_loop_once (ev=0x14138e0, location=0x43bf6e ../source3/smbd/server.c:943) at ../source3/lib/events.c:326 #31 0x008a8133 in _tevent_loop_once (ev=0x14138e0, location=0x43bf6e ../source3/smbd/server.c:943) at ../lib/tevent/tevent.c:530 #32 0x004383de in smbd_parent_loop (ev_ctx=0x14138e0, parent=0x1416630) at ../source3/smbd/server.c:943 #33 0x00439c70 in main (argc=4, argv=0xbfba3c34) at ../source3/smbd/server.c:1577 Please let me know what other info I should provide. Does this warrant a bug report? -- Wayne Andersen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via dd0e4c4 smbd: Remove unused create_options from open_mode_check via 4c82e83 smbd: Remove name_hash param from open_mode_check from 26b1103 s3/time_audit: Add offline and durable functions http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit dd0e4c47e5004aaceb5ad64115cfe039edb3fe8b Author: Volker Lendecke v...@samba.org Date: Thu Sep 26 14:42:59 2013 -0700 smbd: Remove unused create_options from open_mode_check Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Sun Oct 13 14:35:26 CEST 2013 on sn-devel-104 commit 4c82e8358ad8eaac008929aed4fc2a607afeca78 Author: Volker Lendecke v...@samba.org Date: Thu Sep 26 14:35:15 2013 -0700 smbd: Remove name_hash param from open_mode_check This came from delete_on_close handling which was factored out. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: source3/smbd/open.c | 10 -- 1 files changed, 4 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 6255180..f6df035 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1121,10 +1121,8 @@ static bool has_delete_on_close(struct share_mode_lock *lck, static NTSTATUS open_mode_check(connection_struct *conn, struct share_mode_lock *lck, - uint32_t name_hash, uint32 access_mask, uint32 share_access, - uint32 create_options, bool *file_existed) { int i; @@ -2435,9 +2433,9 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, return NT_STATUS_SHARING_VIOLATION; } - status = open_mode_check(conn, lck, fsp-name_hash, + status = open_mode_check(conn, lck, access_mask, share_access, -create_options, file_existed); +file_existed); if (NT_STATUS_IS_OK(status)) { /* We might be going to allow this open. Check oplock @@ -3173,9 +3171,9 @@ static NTSTATUS open_directory(connection_struct *conn, return NT_STATUS_DELETE_PENDING; } - status = open_mode_check(conn, lck, fsp-name_hash, + status = open_mode_check(conn, lck, access_mask, share_access, -create_options, dir_existed); +dir_existed); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(lck); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 064433f libcli4: Remove an unused variable from dd0e4c4 smbd: Remove unused create_options from open_mode_check http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 064433f265d2215389f2a377b6e8243318669b65 Author: Volker Lendecke v...@samba.org Date: Sun Oct 13 12:20:29 2013 +0200 libcli4: Remove an unused variable Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Sun Oct 13 17:58:23 CEST 2013 on sn-devel-104 --- Summary of changes: source4/libcli/smb2/transport.c |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/libcli/smb2/transport.c b/source4/libcli/smb2/transport.c index b4a6c94..9b0c146 100644 --- a/source4/libcli/smb2/transport.c +++ b/source4/libcli/smb2/transport.c @@ -48,7 +48,6 @@ struct smb2_transport *smb2_transport_init(struct smbcli_socket *sock, struct smbcli_options *options) { struct smb2_transport *transport; - uint32_t smb2_capabilities = 0; transport = talloc_zero(parent_ctx, struct smb2_transport); if (!transport) return NULL; -- Samba Shared Repository