[Samba] [Announce] Samba 3.6.2 Available for Download
=== "Originality is the fine art of remembering what you hear but forgetting where you heard it." Laurence J. Peter == Release Announcements = This is the latest stable release of Samba 3.6. Major enhancements in Samba 3.6.2 include: o Make Winbind receive user/group information (bug #8371). o Several SMB2 fixes. Changes since 3.6.1: o Michael Adam * BUG 8528: Fix SEGFAULT from net registry export on not zero terminated REG_SZ values. o Jeremy Allison * BUG 8541: readlink() on Linux clients fails if the symlink target is outside of the share. * BUG 8542: smbclient posix_open command fails to return correct info on open file. * BUG 8548: winbind_samlogon_retry_loop ignores logon_parameters flags. * BUG 8561: Password change settings not fully observed. * BUG 8562: Fix double free error in talloc. * BUG 8614: Ensure we correctly calculate reply credits over all returned SMB2 replies. * BUG 8631: POSIX ACE x permission becomes rx following mapping to and from a DACL. * BUG 8636: When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field. * BUG 8644: vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on a directory with no stored ACL. * BUG 8663: Fix deleting a symlink if the symlink target is outside of * the share. * BUG 8664: Fix renaming a symlink if the symlink target is outside of the share. * BUG 8673: Fix NT ACL issue. * BUG 8674: Fix buffer overflow issue with AES encryption in samba traffic analyzer. * BUG 8679: recvfile code path using splice() on Linux leaves data in the pipe on short write. * BUG 8687: Fix typo in 'net memberships' usage. * BUG 8710: Fix major leak with SMB2 in connections.tdb. * Fix a crash bug in the spoolss code. * Add new contributing FAQ announcing acceptance of corporate (C). o Christian Ambach * BUG 8444: Add an allocation pool to idmap_autorid. * BUG 8585: Increase a debug level. o Andrew Bartlett * BUG 8623: Fix crash bug when trying to browse Samba printers. o Björn Baumbach * BUG 8580: Enable inotify if sys or kernel inotify is available. * BUG 8618: Fix migrate printer code. o Gregor Beck * BUG 8528: Fix SEGFAULT from net registry export on not zero terminated REG_SZ values. o Günther Deschner * BUG 7465: Remove pointless use_memory_krb5_ccache. * BUG 8176: Fix perl path. * BUG 8591: Fix marshalling of samr_ChangePasswordUser3. * BUG 8692: libads: Fix malloc/talloc mismatch in ads_keytab_verify_ticket(). o David Disseldorp * BUG 4942: DeletePrinterDriverEx deletes files in use. * BUG 8575: Add systemd service files. * BUG 8606: Fix intermittent print job failures caused by character conversion errors. * BUG 8697: Make DeletePrinterDriverEx remove printer driver files. o Björn Jacke * BUG 8531: Make DSO_EXPORTS_CMD more portable. * BUG 8616: Allow to set TCP_NODELAYACK socket option on AIX. * BUG 8652: Document the "ignore system acls" option of vfs_acl_xattr and vfs_acl_tdb vfs modules. o Frank Lahm * BUG 8419: Make VFS op "streaminfo" stackable. o Volker Lendecke * BUG 8371: Make Winbind receive user/group information. * BUG 8639: Fix the vfs_commit module. * BUG 8686: Packet validation checks can be done before length validation causing uninitialized memory read. o Stefan Metzmacher * BUG 5326: Fix cli_write_and_x() against OS/2 print shares. * BUG 8357: Grant credits in async interim responses (SMB2). * BUG 8560: Make SMB2 handle compound request headers in the same way as Windows. * BUG 8573: Fix alignment in the non-extended-security negprot. * BUG 8586: libsmb: Only align unicode pipe_name. * BUG 8579: smb2_flush: Don't send uninitialized memory. * BUG 8592: Don't limit the number of open dptrs for SMB2. * BUG 8593: Fix a crash bug in cldap_socket_recv_dgram(). * BUG 8684: Try ctdbd_init_connection() as root. o Masafumi Nakayama * BUG 563: Fix 'smbclient tar' for files greater than 8GB on BE machines. o Matthieu Patou * BUG 8600: Make cldap work over IPv6. * BUG 8674: Fix buffer overflow issue with AES encryption in samba traffic analyzer. o Andreas Schneider * BUG 8550: Fix setting the machine account password. * BUG 8575: Add systemd service files. * BUG 8608: Winbind: Don't fail on users without a uid. * BUG 8628: libsmb: Don't duplicate Kerberos service tickets. * BUG 8643: Add an update function for Winbind cache.
Re: [Samba] login from Windows xp
On 01/24/2012 8:46 PM, Craig Ham wrote: So I've got Ubuntu and Samba servers up and running. I create a user in linux and on samba, both same username and password. I then follow the steps to create a share for that user. > From a WinXp SP3 workstation I double click the Ubuntu server name, I see the share, I double click and get a login prompt. I enter the samba/linux username and password but it fails to log me in. What should I check or do? You should probably provide your samba version and smb.conf for the list to review. Dale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Bind9
Helo team, a I have samba4 alfa 18 as Domain Controller in Debian Squeeze, when i configure the bind9, i can see the follow problem for me. Iam monitoring my dns's configuration from windows xp with admin pack tool, when I into in the configuration i can not change any thing, example i can not change the ROOT HINTS, I can not change the Zone of Transfers...I need change this option. Somebody can helpme Bye. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
You could turn off the Windows Automatic printer find feature? That would stop the printers that are found and Tagged Auto I believe.. Windows searches the network for shared printers and will auto add the printer if this is turned on and they will be tagged as Auto.. My first post is probably irrelevant if this is the issue.. But it may have the same effect to set BrowseAllow NONE, if it is finding the cups shared printers.. On 01/25/2012 01:09 PM, Yécine Allouache wrote: Sorry I'm not really fluent in english :) I will try tomorrow, but I did not know that CUPS could be the reason Le 25 janvier 2012 17:28, Yécine Allouache a écrit : Hello, I'm on a debian Squeez and I use Samba 3.5.6 and CUPS 1.4.4 When I add a printer with windows: \\server\Name_printer, regulary all printers on this server come with this syntax: Auto-Nameprinter on server. I search in the configuration file but I can not find options that will fix this problem. Thanks! -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
Sorry I'm not really fluent in english :) I will try tomorrow, but I did not know that CUPS could be the reason Le 25 janvier 2012 17:28, Yécine Allouache a écrit : > Hello, > > I'm on a debian Squeez and I use Samba 3.5.6 and CUPS 1.4.4 > > When I add a printer with windows: \\server\Name_printer, regulary all > printers on this server come with this syntax: Auto-Nameprinter on server. > > I search in the configuration file but I can not find options that > will fix this > problem. > > Thanks! > > -- > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- J'ai mal au dos callaghan! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba 3 a 4 with kerberized nfs4
Hi openSUSE 12.1 server and client. I can't get the s4 fileserver nor uid:gid mappings working with s4. I used nfs and idmapd instead. It's working, but I've a couple of qns. 1. Server fqdn hh3.hh3.site Samba 4, DNS and NFS4 I set up the nfs server with GSSAPI as in this screenshot: http://2.bp.blogspot.com/-IspbLnfxizc/Txsp-Z1z1tI/ADk/lsgel498elg/s1600/yastnfs1.png The nfs server would not start until I had made a nfs principal and stuck it in the keytab. Then I could mount the share and users were mapped correctly, home directory permissions OK etc. (I'd previously adder Linux attributes to LDAP). Everything fine so far. klist -k /etc/krb5.keytab 1 nfs/hh3.hh3.s...@hh3.site 1 nfs/hh3.hh3.s...@hh3.site 1 nfs/hh3.hh3.s...@hh3.site 2. Client. fqdn hh6.hh3.site, Samba 3.6 smb.conf: workgroup = CACTUS realm = HH3.SITE security = ADS kerberos method = system keytab Join the domain: net ads join -U Administrator net ads keytab add nfs klist -k /etc/krb5.keytab 1 host/hh6.hh3.s...@hh3.site 1 host/hh6.hh3.s...@hh3.site 1 host/hh6.hh3.s...@hh3.site 1 host/h...@hh3.site 1 host/h...@hh3.site 1 host/h...@hh3.site 1 HH6$@HH3.SITE 1 HH6$@HH3.SITE 1 HH6$@HH3.SITE 1 nfs/hh6.hh3.s...@hh3.site 1 nfs/hh6.hh3.s...@hh3.site 1 nfs/hh6.hh3.s...@hh3.site 1 nfs/h...@hh3.site 1 nfs/h...@hh3.site 1 nfs/h...@hh3.site mount -t nfs4 hh3:/ /home Amazingly still OK. Samba 4 users can login, get correctly mapped files, edit etc. I now mv the keytab and recreate it _without_ nfs. It still mounts! Why does the server(s4) need the nfs principal but the client(s3) not? How can I tell if Kerberos is working? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (no subject)
If I understand you properly, I believe you want to disable or enable pending on what you need these two settings in cupsd.conf Browsing on/off BrowseAllow None/All On 01/25/2012 11:28 AM, Yécine Allouache wrote: Hello, I'm on a debian Squeez and I use Samba 3.5.6 and CUPS 1.4.4 When I add a printer with windows: \\server\Name_printer, regulary all printers on this server come with this syntax: Auto-Nameprinter on server. I search in the configuration file but I can not find options that will fix this problem. Thanks! -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba CTDB with data coming via pNFS?
Greetings all, Does anyone know whether I'll encounter problems serving out CIFS using Samba/CTDB where the servers are pNFS clients? In more detail: The servers are linux virtual machines running RHEL 6.2. They mount volumes coming from the latest net app OS (which runs a pNFS service). I'll then put samba and CTDB on of these machines to serve data to our windows clients. Samba will authenticate to a windows AD. I'm not yet sure how the authentication/acls will work. I've run a similar configuration using GPFS as the backend filesystem (fast for sequentail IO but challenged with metadata performance). Will locking be an issue? Thanks for any insight, JR -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (no subject)
Hello, I'm on a debian Squeez and I use Samba 3.5.6 and CUPS 1.4.4 When I add a printer with windows: \\server\Name_printer, regulary all printers on this server come with this syntax: Auto-Nameprinter on server. I search in the configuration file but I can not find options that will fix this problem. Thanks! -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] printing issue after update to 3.6.1
Hi, thanks for the quick reply - I just opened bug 8719. https://bugzilla.samba.org/show_bug.cgi?id=8719 Greetings, Stefan Winter On 25.01.2012 17:59, David Disseldorp wrote: > Hi Stefan, > > On Wed, 25 Jan 2012 15:44:31 +0100 > Stefan Winter wrote: > > ... >> So, for some reasons, jobid gets lost. Strangely enough, the file size is >> also zero. >> >> I'm sort of lost what would cause this. The thing I could >> imagine is our fairly ancient cups on the system (1.2.7) >> and that maybe 3.6.1 doesn't support some legacy CUPS API stuff that >> 3.5.5 still did. That's the only straw I'm holding onto. >> >> Can anyone help out here? > > The spoolss print job file open code-path has changed recently, looking > at print_spool_open() it looks like the job file is created without > taking the print jobid into account. > > Please raise a bug with your logs attached. > > Cheers, David -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] printing issue after update to 3.6.1
Hi Stefan, On Wed, 25 Jan 2012 15:44:31 +0100 Stefan Winter wrote: ... > So, for some reasons, jobid gets lost. Strangely enough, the file size is > also zero. > > I'm sort of lost what would cause this. The thing I could > imagine is our fairly ancient cups on the system (1.2.7) > and that maybe 3.6.1 doesn't support some legacy CUPS API stuff that > 3.5.5 still did. That's the only straw I'm holding onto. > > Can anyone help out here? The spoolss print job file open code-path has changed recently, looking at print_spool_open() it looks like the job file is created without taking the print jobid into account. Please raise a bug with your logs attached. Cheers, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 will not start after new checkout [URGENT]
On Tue, Jan 24, 2012 at 10:53 PM, Andrew Bartlett wrote: > On Mon, 2012-01-23 at 14:44 -0500, Charles Tryon wrote: > > On Fri, Jan 20, 2012 at 3:56 AM, Michael Wood > wrote: > > > > > Hi > > > > > > On 20 January 2012 09:16, Matthieu Patou wrote: > > > > > > > >> Perhaps upgradeprovision should just print a warning at the end to > > > >> check that the path to dlz_bind.so is correct. > > > > > > > > Please refrain from using upgradeprovision until it's 100% fixed. > > > > > > Sorry, I should have mentioned that you told me recently that there > > > was a problem with it. > > > > > > > > > AH! I missed that note. =8-0 I've been using it on a regular basis, > > though not in the past few days. I'll keep my eyes open. > > In general, you should not need to upgradeprovision unless we make > (major) changes to our default provision template. > > We need to find the right way to describe the great things that > upgradeprovision does, and how it relates to dbcheck (also required at > times) and when to run both. > AH! Good to know that, though I can't say it gives me a "warm fuzzy feeling" on how to know *when* it's necessary... ;-) I can comment out that line on my "install me" script for now. Are there any behavioral clues as to when I might need to run the upgradeprovision, in case I miss the email saying, "Oh, don't forget to do the upgrade when you pull this git version"? What typically breaks, or is that impossible to predict? Would you expect restarting Samba to either fail or give some sort of notification in the log saying it has encountered an incompatible schema or database version? (Ah the joys of living on the git-y edge...) Thanks! > Andrew Bartlett > -- > Andrew Bartletthttp://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > > -- Charles Tryon _ “Risks are not to be evaluated in terms of the probability of success, but in terms of the value of the goal.” - Ralph D. Winter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Winbind multiple client authentication
Hello, I have two CentOS 5.6 clients I'm trying to join to my Active Directory domain for authentication. I have configured my smb.conf like: realm = SYSLAB.DC idmap backend = rid idmap uid = 1-2 idmap gid = 1-2 and have been able to join both to the domain via: kinit administra...@syslab.dc net ads join -U Administrator Then I added krb5 to pam.d auth section and configured passwd, group and shadow in nsswitch.conf for "compat winbind". This works fine on the first configured client, but the second one always says it is unable to resolve the accounts to a uid/gid pair, even though manual tests like "getent passwd Administrator" work. HOWEVER, one oddity in my setup is that the second client is a virtual machine clone of the first... Is it possible that as a result samba joined the second computer with a kerberos property that conflicts with the first client's AD object? Is it not possible to have a cloned virtual machine authenticate in this way at the same time as its original (mac address and IP are unique)? Thanks for any advice you can offer, please cc me when replying as I receive list postings in digest. -- Best Regards, John Musbach -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Prevent smbd from consulting winbindd
On 13:37:19 wrote Victor Sudakov: > Colleagues, > > I am running smbd in a setup described in > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.h > tml#id2604553 under "Winbind is not used; users and groups are > local". Samba is running in the security=domain mode, Do you have a PDC with the same setup? Are you syncing uid/gid manually? > but all > Windows users are being mapped to Unix users in /etc/passwd. This will break the setup which is described in the Samba-HOWTO- Collection you refere above :-( . "The only way in which this differs from having local accounts is that the accounts are stored in a repository that *can be shared* . In practice this means that they will reside in either *an NIS-type database or else in LDAP* ." So only NIS or LDAP will guarantee that you have identical uid/gid mapping across different machines. > Now I need to run winbindd for Squid authentication. The problem is, > as soon as I start winbindd, smbd begins consulting it so you are running smbd and winbind an squid on the same machine > and all > Windows users start receiving uids/gids different from those in > /etc/passwd. Thats quite normal. > How do I prevent smbd from consulting winbindd and make > it use the old /etc/passwd mechanism for uids? I do not know. I believe it's not possible. Run smbd on one machine with NIS or LDAP, winbind for squid on an other machine. Alternatively you may try to run winbind with an own smb.conf for example # smb.conf for winbind only # Here you MUST have one blank line include /etc/samba.conf [global] security = domain winbind use default domain = yes # and so on if you wish to try this, you may start with a new setup. I have done this tree times with LDAP as backend, it works. If you need more details, I can write a step-by-step guide, maybe next week. In all cases you must have a PDC with security=user in smb.conf. > > TIA for any input. -- regards Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] printing issue after update to 3.6.1
Hello, we've updated to 3.6.1 yesterday, and since encounter problems with printing for some users. There's a descriptive error in the log.smbd, but I can't see what to do about it really (the rest of the, admittedly fairly ancient system, is the same base system as the previous 3.5.5 - only a couple of security updates were patched in during downtime). The message in log.smbd is: adminpc-rmarx (158.64.1.188) connect to service SuperJam PCL6 initially as user Administrator (uid=1003, gid=100) (pid 15885) [2012/01/25 13:14:01.334500, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\SuperJam PCL6 already exists [2012/01/25 13:14:01.575723, 0] printing/print_cups.c:940(cups_job_submit) cups_job_submit: failed to parse jobid from name /usr/local/samba/var/spool/samba/smbprn..CXRIP3 [2012/01/25 13:14:11.775067, 1] smbd/service.c:1291(close_cnum) adminpc-rmarx (158.64.1.188) closed connection to service SuperJam PCL6 And indeed, looking into the spool directory, the file names which used to encode the jobid now don't any more. For illustration, a few old spooled jobs in the right format as well: [... snip lots more of the same ...] -rw--- 1 rmarx users 0 Jan 25 15:29 smbprn..zfgbGg -rw--- 1 rmarx users 0 Jan 25 14:41 smbprn..zjVnMg -rw--- 1 rmarx users 0 Jan 25 08:46 smbprn..zpuUmw -rw--- 1 rmarx users 0 Jan 25 15:25 smbprn..zqdI3C -rw--- 1 rmarx users 0 Jan 25 15:09 smbprn..zqu3kj -rw--- 1 rmarx users 0 Jan 25 14:46 smbprn..zx3GuR -rw--- 1 rmarx users 0 Jan 25 15:28 smbprn..zxNUxy -rw--- 1 tduhautpas users 1657499 Apr 21 2008 smbprn.0676.rcl7r5 -rw--- 1 tduhautpas users 3441093 Apr 21 2008 smbprn.0678.eJYB0d -rw--- 1 tduhautpas users 1587952 Apr 21 2008 smbprn.0679.0TbJsK -rw--- 1 tduhautpas users 581632 May 25 2009 smbprn.1277.TEBFAb -rw--- 1 abarthel users6774 Nov 15 2007 smbprn.2633.psJWJh -rw--- 1 lbattani users 53156 Dec 14 2007 smbprn.3546.e7BsgC -rw--- 1 yschaafusers8179 Oct 17 2008 smbprn.6035.9IfNcf So, for some reasons, jobid gets lost. Strangely enough, the file size is also zero. I'm sort of lost what would cause this. The thing I could imagine is our fairly ancient cups on the system (1.2.7) and that maybe 3.6.1 doesn't support some legacy CUPS API stuff that 3.5.5 still did. That's the only straw I'm holding onto. Can anyone help out here? Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] The Recycled PIDs Fix
On Wed, Jan 25, 2012 at 03:47:58PM +0100, Stefan (metze) Metzmacher wrote: > Hi Manoj, > > > This is regarding your fix on recycled PIDs. I am an NCP developer from > > Novell and we use libsmbsharemodes library > > from Samba for Cross Protocols Locks between NCP, Samba and others. I have > > few queries regarding your fix. > > > > In your fix, you have added a new field called 'unique_id' in the server_id > > structure > > and we need to pass this in our call to samba share mode APIs e.g. > > create_share_mode_entry(). > > > > Also, you have introduced server registration/de-registration which is > > associated with 'unqiue_id'. If we use these new APIs > > then in which library from Samba do we need to link to? Or without calling > > serverid_register() can we directly pass any 'unique_id' > > while calling to create_share_mode_entry() and in that case whether this > > and other share mode APIs will work properly? > > > > > > Looking forward to your answer, > > Maybe we could invent a special value e.g. UINT64_MAX as "don't verify > this unique id". Good idea. Did not think about that. This would assume that the ncp server process never dies... Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] The Recycled PIDs Fix
Hi Manoj, > This is regarding your fix on recycled PIDs. I am an NCP developer from > Novell and we use libsmbsharemodes library > from Samba for Cross Protocols Locks between NCP, Samba and others. I have > few queries regarding your fix. > > In your fix, you have added a new field called 'unique_id' in the server_id > structure > and we need to pass this in our call to samba share mode APIs e.g. > create_share_mode_entry(). > > Also, you have introduced server registration/de-registration which is > associated with 'unqiue_id'. If we use these new APIs > then in which library from Samba do we need to link to? Or without calling > serverid_register() can we directly pass any 'unique_id' > while calling to create_share_mode_entry() and in that case whether this and > other share mode APIs will work properly? > > > Looking forward to your answer, Maybe we could invent a special value e.g. UINT64_MAX as "don't verify this unique id". metze signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] The Recycled PIDs Fix
** Low Priority ** Hi Volker, For the time being trivial one will be good enough, provided the patch will be accepted in the upstream and it works well with existing code. Moving forward we can think of having cluster support as well. Appreciate your continuos support on the issue. Thanks, -Manoj >>> Volker Lendecke 1/25/2012 7:08 PM >>> Hi! Sure it can be modified to do that. What part of the last mail I sent needs clarification? The non-clustered version is relatively minor work, serverid.c is pretty trivial. Adding the clustered version is definitely more work. If you need any specific guidance to write a clean-room lgpl serverid.c, feel free to ask the questions here. I will be more than happy to review the patch once you have it. With best regards, Volker Lendecke On Wed, Jan 25, 2012 at 04:57:11AM -0700, Shyamsundar R wrote: > Adding my thoughts to this. > > Basically the smbsharedmodes manner of working, as of now, will not work for > any other service/protocol provider to have shared locking semantics with > SAMBA (unless they are GPLv3 themselves). As without registering the unique > ID, any other service that wants to register locks in the SAMBA database for > cross protocol locking to function, will not be feasible. > > I would think the intention for having the shared locking database and the > library (smbsharedmodes) would be to enable this functionality, across SAMBA > and other file services that need file locking of this nature. Hence the > ability to register the unique ID would also fall under this bucket of things > to provide. > > With this in mind, would it be possibly to (re)consider how the unique ID > registration can be modified, so that other services can leverage the > inherent locking that smbsharedmodes is providing to play nice in a SAMBA + > other protocol serving needs environment? > > Regards, > Shyam > > >>> Manoj Dahal 1/25/2012 05:12 PM >>> > Hi Volker, > > An alternate thought came into mind. > Is it possible for you or someone from Samba to write a simpler serverid.c > code without cluster support? > Which can possibly be bundled in a new library or in libsmbsharemodes.so > under LGPL. > So that it will have lesser licensing issues. > > Thanks, > > -Manoj > > >>> Volker Lendecke 1/24/2012 7:06 PM >>> > On Tue, Jan 24, 2012 at 06:31:59AM -0700, Manoj Dahal wrote: > > Thanks a lot again. Is it possible for you to let us know > > the other authors/contributors > > of serverid.c ? So that we can obtain their approval as well. > > You can find them with "git log serverid.c". > > With best regards, > > Volker Lendecke > > -- > SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen > phone: +49-551-37-0, fax: +49-551-37-9 > AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen > http://www.sernet.de, mailto:kont...@sernet.de > . > -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] The Recycled PIDs Fix
Adding my thoughts to this. Basically the smbsharedmodes manner of working, as of now, will not work for any other service/protocol provider to have shared locking semantics with SAMBA (unless they are GPLv3 themselves). As without registering the unique ID, any other service that wants to register locks in the SAMBA database for cross protocol locking to function, will not be feasible. I would think the intention for having the shared locking database and the library (smbsharedmodes) would be to enable this functionality, across SAMBA and other file services that need file locking of this nature. Hence the ability to register the unique ID would also fall under this bucket of things to provide. With this in mind, would it be possibly to (re)consider how the unique ID registration can be modified, so that other services can leverage the inherent locking that smbsharedmodes is providing to play nice in a SAMBA + other protocol serving needs environment? Regards, Shyam >>> Manoj Dahal 1/25/2012 05:12 PM >>> Hi Volker, An alternate thought came into mind. Is it possible for you or someone from Samba to write a simpler serverid.c code without cluster support? Which can possibly be bundled in a new library or in libsmbsharemodes.so under LGPL. So that it will have lesser licensing issues. Thanks, -Manoj >>> Volker Lendecke 1/24/2012 7:06 PM >>> On Tue, Jan 24, 2012 at 06:31:59AM -0700, Manoj Dahal wrote: > Thanks a lot again. Is it possible for you to let us know > the other authors/contributors > of serverid.c ? So that we can obtain their approval as well. You can find them with "git log serverid.c". With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] The Recycled PIDs Fix
** Low Priority ** Hi Volker, An alternate thought came into mind. Is it possible for you or someone from Samba to write a simpler serverid.c code without cluster support? Which can possibly be bundled in a new library or in libsmbsharemodes.so under LGPL. So that it will have lesser licensing issues. Thanks, -Manoj >>> Volker Lendecke 1/24/2012 7:06 PM >>> On Tue, Jan 24, 2012 at 06:31:59AM -0700, Manoj Dahal wrote: > Thanks a lot again. Is it possible for you to let us know > the other authors/contributors > of serverid.c ? So that we can obtain their approval as well. You can find them with "git log serverid.c". With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] The Recycled PIDs Fix
** Low Priority ** Hi Volker, Thanks a lot again. Is it possible for you to let us know the other authors/contributors of serverid.c ? So that we can obtain their approval as well. Regards, -Manoj >>> Volker Lendecke 1/24/2012 2:36 PM >>> On Tue, Jan 24, 2012 at 12:19:14AM -0700, Manoj Dahal wrote: > Thanks a lot for your response. I have some more doubts. > > What is the issue with libsmbsharemodes to make it cluster aware? It's licensing. The cluster code is a significant piece of GPLv3+ code that has had contributions from many people. So relicensing under a more liberal license will be a challenge. Eventually we will implement a lgpl-friendly ctdb database access layer and use it in Samba, but this is nowhere on anyones concrete plans. If you are willing to relicense your NCP server code under a GPLv3-compatible license, making libsmbsharemodes cluster-aware will become a lot easier. > If the serverid is included in libsmbsharemodes without > the dbwrap for clustering, > I believe without the *_ctdb() calls and without the > #ifdef CLUSTER_SUPPORT would be enough, right? > That is mainly re-writing dbwrap.c . Or in serverid.c Rewriting dbwrap.c under a liberal license is not enough. The big one is dbwrap_ctdb.c and its dependencies. > should I replace the db_open() and other related calls by > tdb_open() etc. This is the way to go. You need to make sure the other contributors to serverid.c also agree to re-licensing it under LGPL. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] The Recycled PIDs Fix
** Low Priority ** Hi Volker, Thanks a lot for your response. I have some more doubts. What is the issue with libsmbsharemodes to make it cluster aware? If the serverid is included in libsmbsharemodes without the dbwrap for clustering, I believe without the *_ctdb() calls and without the #ifdef CLUSTER_SUPPORT would be enough, right? That is mainly re-writing dbwrap.c . Or in serverid.c should I replace the db_open() and other related calls by tdb_open() etc. If any of my approaches looks fine, then I would like to submit the patch to you for review. Thanks, -Manoj >>> Volker Lendecke 1/20/2012 7:08 PM >>> Hello! On Fri, Jan 20, 2012 at 04:38:21AM -0700, Manoj Dahal wrote: > > This is regarding your fix on recycled PIDs. I am an NCP > developer from Novell and we use libsmbsharemodes library > from Samba for Cross Protocols Locks between NCP, Samba > and others. I have few queries regarding your fix. > > In your fix, you have added a new field called 'unique_id' > in the server_id structure > and we need to pass this in our call to samba share mode > APIs e.g. create_share_mode_entry(). > > Also, you have introduced server > registration/de-registration which is associated with > 'unqiue_id'. If we use these new APIs > then in which library from Samba do we need to link to? > Or without calling serverid_register() can we directly > pass any 'unique_id' > while calling to create_share_mode_entry() and in that > case whether this and other share mode APIs will work > properly? If you pass a random unique_id, the share mode entry will be wiped once smbd reads it. You have to invent a unique_id, fill a struct server_id with it and call serverid_register() before using it. serverid_deregister() will remove that registration again. Unfortunately we don't provide an API to that functionality via libsmbsharemodes. It's not rocket science, and I would be happy to relicense my contribution to serverid.c under LGPL for inclusion into libsmbsharemodes. The problem there is that serverid.c is based on dbwrap for clustering, which libsmbsharemodes is not. So you will have to rewrite significant portions of serverid.c to directly open the tdb file. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] The Recycled PIDs Fix
** Low Priority ** Hi Volker, This is regarding your fix on recycled PIDs. I am an NCP developer from Novell and we use libsmbsharemodes library from Samba for Cross Protocols Locks between NCP, Samba and others. I have few queries regarding your fix. In your fix, you have added a new field called 'unique_id' in the server_id structure and we need to pass this in our call to samba share mode APIs e.g. create_share_mode_entry(). Also, you have introduced server registration/de-registration which is associated with 'unqiue_id'. If we use these new APIs then in which library from Samba do we need to link to? Or without calling serverid_register() can we directly pass any 'unique_id' while calling to create_share_mode_entry() and in that case whether this and other share mode APIs will work properly? Looking forward to your answer, Thanks, -Manoj -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Prevent smbd from consulting winbindd
Lukas wrote: > > Lukas wrote: > > Colleagues, please respond. Have I asked something too unconventional > > or something too trivial? > > idmap backend = nss ?? > >>> > >>> Its man page is very scarce. Is it supposed to work at all? Do you have > >>> any > >>> experience with it? > >>> > >>> root@fs02-sibptus:~# id zimaev uid=3237(zimaev) gid=2000(user) > >>> groups=2000(user),2012(budget),3134(pto),2011(ntd) > >>> root@fs02-sibptus:~# wbinfo -n zimaev > >>> S-1-5-21-839522115-2139871995-725345543-1618 User (1) > >>> root@fs02-sibptus:~# wbinfo -i zimaev > >>> Could not get info for user zimaev > >>> root@fs02-sibptus:~# > >>> > >>> what gives? > >>> > >> > >> what do you have in smb.conf defined for security? > >> (general portion of smb.conf) > > > > [global] > > workgroup = SIBPTUS > > wins server = 10.14.134.1 10.14.134.4 > > security = domain > > idmap backend = nss > > idmap uid = 1000-199 > > idmap gid = 1000-199 > > template shell = /bin/bash > > winbind use default domain = Yes > > allow trusted domains = Yes > > > > > To me it seems, since you have security = domain, samba will try to > authenticate4 always to the domain controller. > Therefore: wbinfo -i zimaev will not return something valid, unless you > prepend the user with the domain (wbinfo -i DOMAIN\zimaev don't forget > to map the backslash with a second one DOMAIN\\zimaev) :-) Don't forget, I have "winbind use default domain = Yes" and "wbinfo -n user_without_domain" is successful. Anyway, I have tried both: root@fs02-sibptus:~# wbinfo -n kuskovaa S-1-5-21-839522115-2139871995-725345543-1114 User (1) root@fs02-sibptus:~# wbinfo -i kuskovaa Could not get info for user kuskovaa root@fs02-sibptus:~# wbinfo -i SIBPTUS\\kuskovaa Could not get info for user SIBPTUS\kuskovaa root@fs02-sibptus:~# wbinfo --own-domain SIBPTUS root@fs02-sibptus:~# > More about how that works with the security: > http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#SECURITY > > The idmap backend = nss just tells samba, where to store the mapping > informations from AD- versus *nix-Users. Yes, I want to store the mapping in getpwnam() and the primary group in getgrnam(). -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] The Recycled PIDs Fix
Hi! Sure it can be modified to do that. What part of the last mail I sent needs clarification? The non-clustered version is relatively minor work, serverid.c is pretty trivial. Adding the clustered version is definitely more work. If you need any specific guidance to write a clean-room lgpl serverid.c, feel free to ask the questions here. I will be more than happy to review the patch once you have it. With best regards, Volker Lendecke On Wed, Jan 25, 2012 at 04:57:11AM -0700, Shyamsundar R wrote: > Adding my thoughts to this. > > Basically the smbsharedmodes manner of working, as of now, will not work for > any other service/protocol provider to have shared locking semantics with > SAMBA (unless they are GPLv3 themselves). As without registering the unique > ID, any other service that wants to register locks in the SAMBA database for > cross protocol locking to function, will not be feasible. > > I would think the intention for having the shared locking database and the > library (smbsharedmodes) would be to enable this functionality, across SAMBA > and other file services that need file locking of this nature. Hence the > ability to register the unique ID would also fall under this bucket of things > to provide. > > With this in mind, would it be possibly to (re)consider how the unique ID > registration can be modified, so that other services can leverage the > inherent locking that smbsharedmodes is providing to play nice in a SAMBA + > other protocol serving needs environment? > > Regards, > Shyam > > >>> Manoj Dahal 1/25/2012 05:12 PM >>> > Hi Volker, > > An alternate thought came into mind. > Is it possible for you or someone from Samba to write a simpler serverid.c > code without cluster support? > Which can possibly be bundled in a new library or in libsmbsharemodes.so > under LGPL. > So that it will have lesser licensing issues. > > Thanks, > > -Manoj > > >>> Volker Lendecke 1/24/2012 7:06 PM >>> > On Tue, Jan 24, 2012 at 06:31:59AM -0700, Manoj Dahal wrote: > > Thanks a lot again. Is it possible for you to let us know > > the other authors/contributors > > of serverid.c ? So that we can obtain their approval as well. > > You can find them with "git log serverid.c". > > With best regards, > > Volker Lendecke > > -- > SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen > phone: +49-551-37-0, fax: +49-551-37-9 > AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen > http://www.sernet.de, mailto:kont...@sernet.de > . > -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Prevent smbd from consulting winbindd
Am 25.01.2012 11:49, schrieb Victor Sudakov: Lukas wrote: Colleagues, please respond. Have I asked something too unconventional or something too trivial? idmap backend = nss ?? Its man page is very scarce. Is it supposed to work at all? Do you have any experience with it? root@fs02-sibptus:~# id zimaev uid=3237(zimaev) gid=2000(user) groups=2000(user),2012(budget),3134(pto),2011(ntd) root@fs02-sibptus:~# wbinfo -n zimaev S-1-5-21-839522115-2139871995-725345543-1618 User (1) root@fs02-sibptus:~# wbinfo -i zimaev Could not get info for user zimaev root@fs02-sibptus:~# what gives? what do you have in smb.conf defined for security? (general portion of smb.conf) [global] workgroup = SIBPTUS wins server = 10.14.134.1 10.14.134.4 security = domain idmap backend = nss idmap uid = 1000-199 idmap gid = 1000-199 template shell = /bin/bash winbind use default domain = Yes allow trusted domains = Yes To me it seems, since you have security = domain, samba will try to authenticate4 always to the domain controller. Therefore: wbinfo -i zimaev will not return something valid, unless you prepend the user with the domain (wbinfo -i DOMAIN\zimaev don't forget to map the backslash with a second one DOMAIN\\zimaev) :-) More about how that works with the security: http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#SECURITY The idmap backend = nss just tells samba, where to store the mapping informations from AD- versus *nix-Users. that's about what I know of... :) hope it can hint you to where you'd like to go ... L. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] AD to samba 3 migration help
Hi all, I have a MS AD domain that I want to migrate to samba 3. I know that it is not possible to migrate all the features of AD but we're using only the features supported by samba3. what is the best way you suggest? Thanks Marco -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Prevent smbd from consulting winbindd
Lukas wrote: > >>> Colleagues, please respond. Have I asked something too unconventional > >>> or something too trivial? > >> > >> idmap backend = nss ?? > > > > Its man page is very scarce. Is it supposed to work at all? Do you have any > > experience with it? > > > > root@fs02-sibptus:~# id zimaev uid=3237(zimaev) gid=2000(user) > > groups=2000(user),2012(budget),3134(pto),2011(ntd) > > root@fs02-sibptus:~# wbinfo -n zimaev > > S-1-5-21-839522115-2139871995-725345543-1618 User (1) > > root@fs02-sibptus:~# wbinfo -i zimaev > > Could not get info for user zimaev > > root@fs02-sibptus:~# > > > > what gives? > > > > what do you have in smb.conf defined for security? > (general portion of smb.conf) [global] workgroup = SIBPTUS wins server = 10.14.134.1 10.14.134.4 security = domain idmap backend = nss idmap uid = 1000-199 idmap gid = 1000-199 template shell = /bin/bash winbind use default domain = Yes allow trusted domains = Yes -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] CTDB : DNS Round-robin of *ONE* ip (!)
Hi, Using ctdb, is it a valid setup to have : CTDB_PUBLIC_ADDRESSES=/etc/ctdb/public_addresses containing only one ip address, thus with no round-robin. Is there a particular hard-coded limit that doesn't allow this? -- Nicolas Ecarnot -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.8 - windows XP workstations disapear from browselist
Hello ! I would like to refresh this topic beacuse I have discovered something new. This problem relates only to machines with WINDOWS XP with automatic system update enabled. Win XP sp2 (fresh install) with disabled updates does not dissapear! So should i try to uninstall some of updates ?Is there any way to find the one responsible for this problem? Thanks ! BartekR -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Prevent smbd from consulting winbindd
Am 25.01.2012 09:58, schrieb Victor Sudakov: Volker Lendecke wrote: Colleagues, please respond. Have I asked something too unconventional or something too trivial? idmap backend = nss ?? Its man page is very scarce. Is it supposed to work at all? Do you have any experience with it? root@fs02-sibptus:~# id zimaev uid=3237(zimaev) gid=2000(user) groups=2000(user),2012(budget),3134(pto),2011(ntd) root@fs02-sibptus:~# wbinfo -n zimaev S-1-5-21-839522115-2139871995-725345543-1618 User (1) root@fs02-sibptus:~# wbinfo -i zimaev Could not get info for user zimaev root@fs02-sibptus:~# what gives? what do you have in smb.conf defined for security? (general portion of smb.conf) Greetz, L. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Prevent smbd from consulting winbindd
Volker Lendecke wrote: > > Colleagues, please respond. Have I asked something too unconventional > > or something too trivial? > > idmap backend = nss ?? Its man page is very scarce. Is it supposed to work at all? Do you have any experience with it? root@fs02-sibptus:~# id zimaev uid=3237(zimaev) gid=2000(user) groups=2000(user),2012(budget),3134(pto),2011(ntd) root@fs02-sibptus:~# wbinfo -n zimaev S-1-5-21-839522115-2139871995-725345543-1618 User (1) root@fs02-sibptus:~# wbinfo -i zimaev Could not get info for user zimaev root@fs02-sibptus:~# what gives? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
