To Jerry's original question: it seems to fail without an admin
username/pw. With the old smbpasswd, it would work if a machine account
was first set up on the PDC -- now it doesn't.
Ken
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Gerald
(Jerry)
) Carter
Sent: Monday, December 16, 2002 9:11 AM
To: Ken Cross
Cc: [EMAIL PROTECTED]
Subject: Re: Memory leak in smbd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, 14 Dec 2002, Ken Cross wrote:
Guys:
While running NetBench against SAMBA_3_0, there appears to be a memory
leak. The smbd
= 0, start = *num_entries; -- here
start is being re-initialized every time through the loop. It mustn't
be.
The fix is easy - move it to the top of the routine a few lines up:
uint32 start = 0;
Hope this helps anyone else battling this problem.
Ken Cross
Network Storage Solutions
the loop.
Another good data point is the fact that it was broken before I changed
it and worked after. ;-)
Ken
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of
[EMAIL PROTECTED]
Sent: Sunday, January 05, 2003 11:03 PM
To: Ken Cross
Cc: [EMAIL PROTECTED
strcasecmp(lp_workgroup(),
workgroup) != 0) {
ads-server.foreign = 1;
}
Ken
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Ken Cross
Sent: Saturday, January 11, 2003 1:44 PM
To: [EMAIL PROTECTED]
Subject: Unnecessary NetBIOS domain
Samba critters:
Running with SAMBA_3_0, the following sequence gives incorrect results
from the last net ads testjoin:
# net ads testjoin -P
ERROR: Unable to fetch machine password
# net ads join -U ...
Joined 'KJCTST' to realm 'WIN2DOM.LOCAL'
# net ads testjoin -P
Join is OK
#
I've been having a problem with net crashing in SAMBA_3_0 and OpenLDAP
2.0.27:
assertion entry != NULL failed: file getvalues.c, line 93, function
ldap_get_values_len
Abort trap (core dumped)
I traced the problem to the ads_set_machine_sd routine in ldap.c. It
wasn't checking the return from
I'm pretty sure that Kerberos uses port 88, but that's just for
authentication. Port 445 is used for connecting to shares.
We've been running tests blocking ports. With ports 137 - 139 and 445
blocked for UDP and TCP, the join fails but the computer name is still
entered in the AD. With just
records is the RID of the primary group.
That should be included in enumerating the members of any group.
The patch below fixes this.
Ken Cross
Network Storage Solutions
# cvs diff -pu winbindd_ads.c
Index: winbindd_ads.c
===
RCS
Hmm ... the helpful email client wrapped some of the lines. The patch
is attached.
Ken
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Ken Cross
Sent: Thursday, January 23, 2003 11:01 PM
To: [EMAIL PROTECTED]
Subject: Finding group members - fix
That builds the libraries. Now, how do you get the utilities to link to
them?
Thanks,
Ken Cross
Network Storage Solutions
Andrew:
- firstly, if the destination of this call
is the unix group membership, then we don't
want 'primary' users added to the sups list,
as the unix primary group should show this.
The destination is programmatic -- the user does what he wants with
the results of a call to
to either an NT domain or AD to return the same
thing. It seems like they should be consistent.
Ken
-Original Message-
From: Andrew Bartlett [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 31, 2003 5:47 PM
To: Ken Cross
Cc: 'Andrew Bartlett'
Subject: RE: Finding group members - fix
Maybe a dumb question, but...
libsmbclient.so is being built in bin, but nothing seems to be linking
to it. I tried make installclientlib, which installed it, but no
change.
Is there some trick to get it to be used? (NetBSD with SAMBA_3_0)
Thanks,
Ken
Pretty standard: -l smbclient
You may need -L libdir if not standard
Ken
-Original Message-
From: Richard Sharpe [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 05, 2003 11:26 AM
To: Jelmer Vernooij
Cc: Ken Cross; 'Multiple recipients of list SAMBA-TECHNICAL'
Subject: Re: Using
Sure, but my original question (which was answered) was whether Samba
used it. Apparently not.
Ken
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Richard Sharpe
Sent: Wednesday, February 05, 2003 12:50 PM
To: Ken Cross
Cc: 'Ken Cross'; 'Jelmer
a patch if it seems to have been forgotten, so...
Ken Cross
Network Storage Solutions
Index: winbindd_ads.c
===
RCS file: /cvsroot/samba/source/nsswitch/winbindd_ads.c,v
retrieving revision 1.43.2.7
diff -p -u -r1.43.2.7
No problem, Jeremy -- I understand completely. Thanks for the response.
Ken
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 08, 2003 1:00 PM
To: Ken Cross
Cc: 'Multiple recipients of list SAMBA-TECHNICAL'
Subject: Re: REPOST: Finding
question is: do we really need to re-init the winbindd cache every
time it starts?
It seems like the sequence number is a pretty effective way to manage
aging the cache. I hacked it where it doesn't truncate the cache at
startup and it seems to work very well.
What am I missing?
Thanks,
Ken Cross
Potter [mailto:[EMAIL PROTECTED]]
Sent: Sunday, February 09, 2003 5:03 PM
To: Ken Cross
Cc: 'Multiple recipients of list SAMBA-TECHNICAL'
Subject: Re: Why reset winbindd_cache.tdb?
On Sun, Feb 09, 2003 at 03:53:05PM -0500, Ken Cross wrote:
We have a site with SAMBA_3_0 where it takes 12-15
]]
Sent: Monday, February 10, 2003 7:20 AM
To: Ken Cross
Cc: 'Multiple recipients of list SAMBA-TECHNICAL'
Subject: Re: REPOST: Finding group members - fix to winbindd_ads.c
Ken Cross wrote:
Currently, if you do WINBINDD_GETGRNAM to an NT domain using RPC, you
get *all* the members of a group
, but that would have been a slightly
bigger deal to patch.
Ken Cross
Network Storage Solutions
Index: winbindd_util.c
===
RCS file: /cvsroot/samba/source/nsswitch/winbindd_util.c,v
retrieving revision 1.73.2.13
diff -p -u -r1.73.2.13
]
nsswitch/winbindd_idmap.c:winbindd_idmap_init(438)
winbindd_idmap_init: Unable to open idmap database
and then becomes a zombie. The one-line fix below closes idmap before
calling winbind_setup_common.
BTW, I haven't really had a chance to test it -- does the dual daemon
thing work well?
Ken
That patch (or the one that Tim is submitting) should fix it. Without
it, the wbinfo -m action clears the trusted domain list, but it get
restored within 5 minutes.
Note that the patch is to the cvs version -- it may need tweaking for
a20 or a21.
Ken
-Original Message-
From: [EMAIL
I'm quite sure it does.
Our solution was to create a default ACL on the directory which set the
appropriate ACL on files created in that directory. This may or may not
work depending on the file system implementation of ACLs.
Ken
-Original Message-
From: [EMAIL PROTECTED]
The patch works on SAMBA_3_0 as of 5 minutes ago. How did you patch it
manually?
The messages you see below are normal and don't indicate any real
problems.
Ken
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Nir Soffer
Sent: Wednesday, February 12,
.
This could be a build option, but it might be much simpler to hard-code
it in local.h, which is what I did to fix it.
Can somebody check the implications of this on Solaris, HPUX, etc.?
Thanks,
Ken Cross
Network Storage Solutions
You're right -- sorry. (Going in the wrong direction.)
Ken
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Shirish Kalele
Sent
We should probably do both.
IMO, 256 (the default in NetBSD) is wy too low and we should have a
way to increase it.
OTOH, if something goes nuts, it should detect the fact that too many
connections have occurred and log the error.
Ken
Ken Cross
Network
FD_SETSIZE in the calling program was sufficient to fix the
problem.
Ken
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED]
-Original Message-
From: Michael Steffens [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 15
I was suggesting the other way around -- the number of winbindd fd's
shouldn't be more than the max # of smbd's (well, maybe a *few* more).
Ken
-Original Message-
From: Michael Steffens [mailto:[EMAIL PROTECTED]]
Sent: Saturday, February 15, 2003 11:18 AM
To: Ken Cross
Cc: 'Mike Sweet
Good point about non-smbd processes being winbindd clients. I've got
some myself :-)
Also agreed about benefits of shutting down idle connections -- just not
done yet.
Ken
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED
-- those caused subtle problems.
This applies to SAMBA_3_0.
Ken
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED]
Index: uid.c
===
RCS file: /cvsroot/samba/source/smbd
Richard:
Please define an appropriate ACL on the file.
Yes, it could have significant impact. Is there are problem with the
current way it's set (RO == owner r mode)?
Ken
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED
if the domain changes. Hence the
hack.
Since we're trying to emulate a Windows environment, Windows admins
expect to have certain privileges. Is there a better way to do this
automatically?
Ken
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
.
Anybody know if this will break something?
Ken
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED]
Index: ldap.c
===
RCS file: /cvsroot/samba/source/libads/ldap.c,v
In reply to myself:
That's not a very general solution. You run into the same problem if
the OU string contains /.
I see two possibilities: supply the full OU string (yuck), or provide
some means to escape characters.
Any better ideas?
Ken
Ken Cross
Network
Finding
group members - fix to winbindd_ads.c around Feb 8.
Ken
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED]
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
amba.org] On Behalf Of Chere Zhou
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED]
join AD1 -A AD2.COMPANY.COM -U username%password
Or have I missed something fundamental?
Ken
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED]
NGROUPS_MAX statically would break. That meant almost everything in
/sbin /usr/sbin and a lot of /bin and /usr/bin, not to mention libc.
It's a pretty Big Deal.
Ken
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED]
-Original Message
Let's try this again. The previous patch I submitted didn't work in
some configurations. (ads-auth.realm needs to be preserved over the
ads_connect call.)
This patch is for SAMBA_3_0.
Ken
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL
Andrew:
Patch to HEAD below -- sorry, should have realized that.
The reason I had to change it was that ads_set_machine_password uses
ads-auth.realm to build the principal name. Should that be
ads-config.realm?
Ken
Ken Cross
Network Storage Solutions
Phone
BTW, the patch also includes two more lines of output for net ads info
-- the KDC server and server time offset. I find them useful for
helping to automate the join process.
Ken
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED]
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
amba.org] On Behalf Of Richard Sharpe
Sent: Wednesday, March 19, 2003 5:00 PM
To: [EMAIL PROTECTED]
Subject: What to do when
Right. In smbd/posix_acls.c the definition:
#define FILE_SPECIFIC_WRITE_BITS
(FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_WRITE_EA|FILE_WRITE_ATTRIBUTES)
is used to set the required perms in the ACL.
Ken
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext
.
Is this on anybody's To-Do list?
Ken
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED]
).
Ken
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED]
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
amba.org] On Behalf Of Richard Sharpe
Sent: Thursday, March 20, 2003 4:14 PM
To: Christopher
Ken Cross
Network Storage Solutions
Phone 865.675.4070 ext 31
[EMAIL PROTECTED]
49 matches
Mail list logo
