Re: [Samba] smbpasswd problem on Solaris-10
I get this: $ smbpasswd -D 10 olb Netbios name list:- my_netbios_names[0]=FILES Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend 'NDS_ldapsam' Attempting to register passdb backend NDS_ldapsam_compat Successfully added passdb backend 'NDS_ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to find an passdb backend to match smbpasswd (smbpasswd) Found pdb backend smbpasswd pdb backend smbpasswd has a valid init New SMB password: Retype new SMB password: getsampwnam (smbpasswd): search by name: olb startsmbfilepwent_internal: opening file /data/samba/private/smbpasswd getsmbfilepwent: returning passwd entry for user olb, uid 1 endsmbfilepwent_internal: closed password file. getsampwnam (smbpasswd): found by name: olb Finding user olb Trying _Get_Pwnam(), username as lowercase is olb Get_Pwnam_internals did find user [olb]! pdb_set_username: setting username olb, was pdb_set_full_name: setting full name , was pdb_set_domain: setting domain FILES, was Home server: files pdb_set_profile_path: setting profile path \\files\olb\profile, was Home server: files pdb_set_homedir: setting home dir \\files\olb, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was pdb_set_user_sid: setting user sid S-1-5-21-4108215807-3801520835-147286624-21000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4108215807-3801520835-147286624-21000 from rid 21000 grant_privilege: S-1-1-0 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-548 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-549 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-550 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-551 original privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0x0 0x0 0x0 0x0 grant_privilege: S-1-5-32-544 original privilege mask: SE_PRIV 0xff0 0x0 0x0 0x0 new privilege mask: SE_PRIV 0xff0 0x0 0x0 0x0 account_policy_get: name: maximum password age, val: -1 account_policy_get: name: password history, val: 0 pdb_set_username: setting username olb, was pdb_set_domain: setting domain FILES, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name , was Home server: files pdb_set_homedir: setting home dir \\files\olb, was pdb_set_dir_drive: setting dir drive , was NULL pdb_set_logon_script: setting logon script , was Home server: files pdb_set_profile_path: setting profile path \\files\olb\profile, was pdb_set_workstations: setting workstations , was account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-4108215807-3801520835-147286624-21000 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-4108215807-3801520835-147286624-21000 from rid 21000 account_policy_get: name: password history, val: 0 mod_smbfilepwd_entry: opening file /data/samba/private/smbpasswd mod_smbfilepwd_entry: entry exists for user olb I have now tried to compile samba-3.0.21b with the exactly same configuration as samba-3.0.25b version (same compiler etc.) and this version works with more than 8 chars passwords. Regards Ole Benner Netic A/S Roberto Lizana wrote: What can you see in console if you type this 'smbpasswd -D 10 anyUser' ??? Ole Benner escribió: I have compiled both samba-3.0.25a and samba-3.0.25b and with both I have problems setting user password longer than 8 chars with smbpasswd. I get no errors, but if I try to set a password with more than 8 chars the password will only be generated using the first 8 chars. This is on Solaris-10 update 3 on amd64 and I have compiled samba using Sun Studio 11 compiler suite and no other options to configure than --prefix=/some/path. Solaris-10 comes with samba 3.0.21b preinstalled and if I use smbpasswd from that installation there is no problems and the smaba-3.0.25(a/b) version works alright with 8 chars passwd once it is set. This looks like some 32/64 bit bug or similar. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Volker Lendecke schrieb: On Wed, Jul 11, 2007 at 06:16:12PM +0200, Ralf Gross wrote: [2007/07/11 18:06:02, 0] nsswitch/winbindd.c:request_len_recv(555) request_len_recv: Invalid request size received: 1848 Update /lib/libnss_winbind.so with the version you just compiled and reboot. That worked and now I've got 3.2 running. One thing I also noticed with the ubuntu package: the groupnames are only numbers. I [EMAIL PROTECTED]:~$ /opt/samba32/bin/wbinfo -r ralfgro 2003 2004 2005 2006 2007 2008 2009 [...] [EMAIL PROTECTED]:~$ id -a uid=2000(ralfgro) gid=2000 Gruppen=2000 [EMAIL PROTECTED]:~$ ls -l insgesamt 0 lrwxrwxrwx 1 ralfgro 2000 26 2007-07-12 08:27 Examples - /usr/share/example-content -rw-r--r-- 1 ralfgro 2000 0 2007-07-12 08:29 foo [EMAIL PROTECTED]:~$ ls -la insgesamt 24 drwxr-xr-x 2 ralfgro 2000 4096 2007-07-12 08:43 . drwxr-xr-x 4 rootroot 4096 2007-07-12 08:27 .. -rw-r--r-- 1 ralfgro 2000 220 2007-07-12 08:27 .bash_logout -rw-r--r-- 1 ralfgro 2000 414 2007-07-12 08:27 .bash_profile -rw-r--r-- 1 ralfgro 2000 2298 2007-07-12 08:27 .bashrc lrwxrwxrwx 1 ralfgro 2000 26 2007-07-12 08:27 Examples - /usr/share/example-content -rwxr--r-- 1 ralfgro 20000 2007-07-12 08:29 foo -rw-r--r-- 1 ralfgro 2000 566 2007-07-12 08:27 .profile -rwxr--r-- 1 ralfgro 20000 2007-07-12 08:43 test [EMAIL PROTECTED]:~$ chgrp users test chgrp: Ändern der Gruppe für test: Operation not permitted I must still be missing something... Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Vista
On Mon, 2007-07-09 at 14:27 -0400, Adam Tauno Williams wrote: Does anybody know if Samba is compadable with Vista Yet? Yes. If so, is there a way for a group pr user policy to allow samba users to things in windows vista, like install programs w/o admin access. No, a Samba 3.x PDC only supports NT4 domain policies. http://www.microsoft.com/technet/archive/winntas/maintain/featusability/prof_pol.mspx?pf=true But Samba4 just got group policy support. I'm working to make it a bit more 'out of the box', but the guts are there if you read the samba-technical archives for the details. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] cannot autenticate user in AD
-Messaggio originale- Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] Per conto di Roberto Lizana Inviato: mercoledì 11 luglio 2007 13.26 A: samba@lists.samba.org Oggetto: [Samba] cannot autenticate user in AD I have configured samba like member of AD, if i type in console 'wbinfo -u' y get all user of my AD, if type in console 'wbinfo -g' y get all groups too. It's correct but if i type 'getent passwd' or 'getent group' don't get any user or group of my AD... why??? * in nsswitch.conf appears: passws: files winbind group: files winbind shadow: files winbind i execute ldconfig for apply all changes of nsswitch.conf i have libnss_winbind.so and libnss_winbind.so.2 in /lib * smbd version is 3.0.25b and i compile this with arguments: --with-winbind --with-krb5=/usr/lib --with-ads * smb.conf: workgroup = DOMAIN realm = DOMAIN.INT netbios name = samba1 preferred master = no client schannel = no security = ADS password server = * idmap uid = 1-25 idmap gid = 1-25 winbind uid = 1-25 winbind gid = 1-25 winbind separator = + winbind enum users = yes winbind enum groups = yes * klist Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 07/11/07 12:26:17 07/11/07 22:26:18 krbtgt/[EMAIL PROTECTED] renew until 07/12/07 12:26:17 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Hello Roberto I'm not a Samba Expert, so ... Make backups before trying what I suggest :D I don't like two settings in your smb.conf password server = * I'd specify an address or a name which CAN be sonved by DNS winbind separator = +YOU REALLY SURE ? I'd suppress this with a comment # Hope this helps Be well Gianluca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Ralf Gross schrieb: One thing I also noticed with the ubuntu package: the groupnames are only numbers. I [EMAIL PROTECTED]:~$ /opt/samba32/bin/wbinfo -r ralfgro 2003 2004 2005 2006 2007 2008 2009 [...] I obviously screwed the nsswitch.conf. After correcting this, I get the group names. But the whole thing is still very fragile. A simpe 'id -a' takes ages and I just killed winbind after one minute with this result. [EMAIL PROTECTED]:~$ id -a uid=2000(ralfgro) gid=2000(emea\domain users) Gruppen=2000(emea\domain users),2003(emea\emtc_tsrv_restrict_cul_a),2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2022,2025,2026,2028,2029,2033,2035,2036,2037,2038,2039,2041,2042,2043,2044,2046,2048,2049,2050,2051,2053,2054,2056,2057,2058,2059,2060,2062,2063,2064,2066,2067,2069,2070,2071,2072,2073,2075,2076,2079,2080,2081,2082,2083,2084,2085,2086,2088,2089,2090,2093,2094,2099,2103,2109,2111,2113,2114,2115,2116,2119,2122,2125,2126,2127,2130,2131,2133 This is the debug output of a second try... [2007/07/12 09:28:10, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(886) [ 6914]: getgrgid 2004 [2007/07/12 09:28:10, 1] nsswitch/winbindd_group.c:getgrsid_sid2gid_recv(760) Can't find domain from name (EMEA\EMTC_ITS_MTC) [2007/07/12 09:28:10, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(886) [ 6914]: getgrgid 2005 [2007/07/12 09:28:15, 3] nsswitch/winbindd_ads.c:lookup_groupmem(1099) ads lookup_groupmem for sid=S-1-5-21-1482476501-1450960922-725345543-152681 succeeded --- pause [2007/07/12 09:30:33, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(521) [ 6914]: request interface version [2007/07/12 09:30:33, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(521) [ 6915]: request interface version [2007/07/12 09:30:33, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(521) [ 6914]: request interface version [2007/07/12 09:30:33, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(521) [ 6914]: request interface version [2007/07/12 09:30:33, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(521) [ 6914]: request interface version [2007/07/12 09:30:33, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(554) [ 6914]: request location of privileged pipe [2007/07/12 09:30:33, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(886) [ 6914]: getgrgid 2008 [2007/07/12 09:30:33, 3] nsswitch/winbindd_ads.c:lookup_groupmem(1099) [...] [2007/07/12 09:39:21, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(886) [ 6914]: getgrgid 2076 [...] During this command no connection to any share was possible! Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: smbpasswd problem on Solaris-10
I have now tried if the problem exists in samba-3.0.24 and it doesn't. The problem is only with samba-3.0.25(a/b). I will fill in a bug report on it. Mvh Ole Benner Netic A/S Ole Benner wrote: I have compiled both samba-3.0.25a and samba-3.0.25b and with both I have problems setting user password longer than 8 chars with smbpasswd. I get no errors, but if I try to set a password with more than 8 chars the password will only be generated using the first 8 chars. This is on Solaris-10 update 3 on amd64 and I have compiled samba using Sun Studio 11 compiler suite and no other options to configure than --prefix=/some/path. Solaris-10 comes with samba 3.0.21b preinstalled and if I use smbpasswd from that installation there is no problems and the smaba-3.0.25(a/b) version works alright with 8 chars passwd once it is set. This looks like some 32/64 bit bug or similar. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with the option force user
Hi. I've set up a samba share which was working fine. But now, I need to force to be a especific user, so I've modified the configuration to use that option. And now it complains about not existing the directory. Here's the config: [advantage] comment = advantage path = /home/fileserver/advantage public = yes writable = yes create mask = 0770 directory mask = 0770 force user = advantage guest ok = yes case sensitive = no Is there any problem with that? Thanks -- - Andreas Calvo Gómez [EMAIL PROTECTED] Dept. Informàtica ESCI Pg. Pujades, 1 08003 Barcelona tel. (34) 932954710 ext.233 fax. (34) 932954720 http://www.esci.es - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Ralf Gross schrieb: Now after executing 'id -a' I got a panic: [2007/07/12 10:28:28, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(886) [ 6998]: getgrgid 2054 [2007/07/12 10:28:38, 0] libsmb/clientgen.c:cli_receive_smb_internal(136) Receiving SMB: Server stopped responding [2007/07/12 10:28:38, 0] rpc_client/cli_pipe.c:rpc_api_pipe(789) rpc_api_pipe: Remote machine smtcd001.emea.corpdir.net pipe \lsarpc fnum 0x8005returned critical error. Error was Call timed out: server did not respond after 1 milliseconds [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(40) === [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 6905 (3.2.1pre1-SVN-build-23823) Please read the Trouble-Shooting section of the Samba3-HOWTO [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(44) === [2007/07/12 10:28:38, 0] lib/util.c:smb_panic(1655) PANIC (pid 6905): internal error [2007/07/12 10:28:38, 0] lib/util.c:log_stack_trace(1759) BACKTRACE: 18 stack frames: #0 /opt/samba32/sbin/winbindd(log_stack_trace+0x2d) [0x8142eab] #1 /opt/samba32/sbin/winbindd(smb_panic+0x78) [0x8142fd9] #2 /opt/samba32/sbin/winbindd [0x812e72e] #3 [0xe420] #4 /lib/tls/i686/cmov/libc.so.6(vsnprintf+0xb4) [0xb7d8eb54] #5 /opt/samba32/sbin/winbindd(talloc_vasprintf+0x3b) [0x81254ec] #6 /opt/samba32/sbin/winbindd(talloc_asprintf+0x2e) [0x812563f] #7 /opt/samba32/sbin/winbindd [0x80d4662] #8 /opt/samba32/sbin/winbindd [0x80ba8a9] #9 /opt/samba32/sbin/winbindd [0x80afeea] #10 /opt/samba32/sbin/winbindd [0x80b1c89] #11 /opt/samba32/sbin/winbindd [0x80db102] #12 /opt/samba32/sbin/winbindd [0x80dbe15] #13 /opt/samba32/sbin/winbindd [0x80da383] #14 /opt/samba32/sbin/winbindd [0x80a9220] #15 /opt/samba32/sbin/winbindd(main+0xdef) [0x80aa0db] #16 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xdc) [0xb7d45ebc] #17 /opt/samba32/sbin/winbindd [0x80a8031] [2007/07/12 10:28:38, 0] lib/fault.c:dump_core(180) dumping core in /opt/samba32/var/cores/winbindd Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: smbpasswd problem on Solaris-10
type tdbdump /var/lib/samba/account_policy.tdb and show me data of key '* password length' Ole Benner escribió: I have now tried if the problem exists in samba-3.0.24 and it doesn't. The problem is only with samba-3.0.25(a/b). I will fill in a bug report on it. Mvh Ole Benner Netic A/S Ole Benner wrote: I have compiled both samba-3.0.25a and samba-3.0.25b and with both I have problems setting user password longer than 8 chars with smbpasswd. I get no errors, but if I try to set a password with more than 8 chars the password will only be generated using the first 8 chars. This is on Solaris-10 update 3 on amd64 and I have compiled samba using Sun Studio 11 compiler suite and no other options to configure than --prefix=/some/path. Solaris-10 comes with samba 3.0.21b preinstalled and if I use smbpasswd from that installation there is no problems and the smaba-3.0.25(a/b) version works alright with 8 chars passwd once it is set. This looks like some 32/64 bit bug or similar. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Hello Ralf, could you please for debugging this raise your log level to 10 (and possibly set max log size to 0 to prevent rotation of log files). For the stack trace to be more meaningful, it would also be good to have samba compiled with CFLAGS=-g (debugging symbols) and without optimizations (no -O, -O2, ... flag). Furthermore the configure option --enable-pie=no is useful. As for your setup: Could you provide your smb.conf file (secret stuff grayed out of course)? You should double check that no components are mixed between your system package samba installation and your hand-compiled version (sorry if I am stating obious things): * save your smb.conf * clean all of /opt/samba32 * recompile as stated above * reinstall * copy your smb.conf to /opt/samba32/lib (don't forget to raise log level to 10 and max log size = 0) * make sure to copy (or link) libnss_winbind.so to /lib/libnss_winbind.so (and /lib/libnss_winbind.so.2) * rejoin the domain * start nmbd/smbd/winbindd daemons * make your tests as before, using tools (wbinfo...) from /opt/samba32/bin when not using system commands (id, getent, ...) Then provide us with the logs - maybe bugzilla.samba.org is more approriate a place for this. Also some key data about your AD environment would be interesting to know: number of DCs, OS version of DCs, mode of AD (native 2003, ...) number of users, number of groups, size of largest groups involved in your tests, number of groups user is member of, ... Best, Michael On Thu, Jul 12, 2007 at 10:46:26AM +0200, Ralf Gross wrote: Ralf Gross schrieb: Now after executing 'id -a' I got a panic: [2007/07/12 10:28:28, 3] nsswitch/winbindd_group.c:winbindd_getgrgid(886) [ 6998]: getgrgid 2054 [2007/07/12 10:28:38, 0] libsmb/clientgen.c:cli_receive_smb_internal(136) Receiving SMB: Server stopped responding [2007/07/12 10:28:38, 0] rpc_client/cli_pipe.c:rpc_api_pipe(789) rpc_api_pipe: Remote machine smtcd001.emea.corpdir.net pipe \lsarpc fnum 0x8005returned critical error. Error was Call timed out: server did not respond after 1 milliseconds [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(40) === [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 6905 (3.2.1pre1-SVN-build-23823) Please read the Trouble-Shooting section of the Samba3-HOWTO [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2007/07/12 10:28:38, 0] lib/fault.c:fault_report(44) === [2007/07/12 10:28:38, 0] lib/util.c:smb_panic(1655) PANIC (pid 6905): internal error [2007/07/12 10:28:38, 0] lib/util.c:log_stack_trace(1759) BACKTRACE: 18 stack frames: #0 /opt/samba32/sbin/winbindd(log_stack_trace+0x2d) [0x8142eab] #1 /opt/samba32/sbin/winbindd(smb_panic+0x78) [0x8142fd9] #2 /opt/samba32/sbin/winbindd [0x812e72e] #3 [0xe420] #4 /lib/tls/i686/cmov/libc.so.6(vsnprintf+0xb4) [0xb7d8eb54] #5 /opt/samba32/sbin/winbindd(talloc_vasprintf+0x3b) [0x81254ec] #6 /opt/samba32/sbin/winbindd(talloc_asprintf+0x2e) [0x812563f] #7 /opt/samba32/sbin/winbindd [0x80d4662] #8 /opt/samba32/sbin/winbindd [0x80ba8a9] #9 /opt/samba32/sbin/winbindd [0x80afeea] #10 /opt/samba32/sbin/winbindd [0x80b1c89] #11 /opt/samba32/sbin/winbindd [0x80db102] #12 /opt/samba32/sbin/winbindd [0x80dbe15] #13 /opt/samba32/sbin/winbindd [0x80da383] #14 /opt/samba32/sbin/winbindd [0x80a9220] #15 /opt/samba32/sbin/winbindd(main+0xdef) [0x80aa0db] #16 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xdc) [0xb7d45ebc] #17 /opt/samba32/sbin/winbindd [0x80a8031] [2007/07/12 10:28:38, 0] lib/fault.c:dump_core(180) dumping core in /opt/samba32/var/cores/winbindd Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- i.A. Michael Adam -- Michael Adam [EMAIL PROTECTED] SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.SerNet.DE, mailto: Info @ SerNet.DE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: smbpasswd problem on Solaris-10
There is only one entry: key(20) = min password length\00 data(4) = \05\00\00\00 Regards Ole Benner Netic A/S Roberto Lizana wrote: type tdbdump /var/lib/samba/account_policy.tdb and show me data of key '* password length' Ole Benner escribió: I have now tried if the problem exists in samba-3.0.24 and it doesn't. The problem is only with samba-3.0.25(a/b). I will fill in a bug report on it. Mvh Ole Benner Netic A/S Ole Benner wrote: I have compiled both samba-3.0.25a and samba-3.0.25b and with both I have problems setting user password longer than 8 chars with smbpasswd. I get no errors, but if I try to set a password with more than 8 chars the password will only be generated using the first 8 chars. This is on Solaris-10 update 3 on amd64 and I have compiled samba using Sun Studio 11 compiler suite and no other options to configure than --prefix=/some/path. Solaris-10 comes with samba 3.0.21b preinstalled and if I use smbpasswd from that installation there is no problems and the smaba-3.0.25(a/b) version works alright with 8 chars passwd once it is set. This looks like some 32/64 bit bug or similar. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba's characters encoding differs when guest and when by security = user ????
hello everyone first to say that I'd greatly appreciate any help (smbd v.3.0.25b-2.fc7) I'm trying to run CommuniGate ver. 4.1.8 on winXP and --Base to \\some\uncpath when: guest ok = yes guest account = cgpro security = share it works fine, but when I change a second later to: security = user; valid users = cgpro, writeable = yes it fails giving these errors: Initiating CommuniGate Pro Server failed to create '\\10.10.10.57\CommuniGate\Base' directory. Error Code=Microsoft Windows XP error #1240 Base Directory \\10.10.10.57\CommuniGate\Base creation failed All Objects Dump --- {\r\n cp866 = VCharsetTable 730128;\r\n IBM866 = VCharsetTable 730128;\r\n ISO-88 59-1 = VCharsetTable 727F68;\r\n ISO-8859-10 = VCharsetTable 72D308;\r\n ISO-8859- 11 = VCharsetTable 72DA60;\r\n ISO-8859-13 = VCharsetTable 72 VCharsetTable 727F68 VCharsetTable 7288D0 VCharsetTable 729238 VCharsetTable 729A98 VCharsetTable 72A2F8 VCharsetTable 72AD68 VCharsetTable 72B4C0 VCharsetTable 72BF30 VCharsetTable 72C9A0 VCharsetTable 72D308 VCharsetTable 72DA60 VCharsetTable 72E0B0 VCharsetTable 72E808 VCharsetTable 72EF60 VCharsetTable 72F8C8 VCharsetTable 730128 VCharsetTable 730BB0 VCharsetTable 731620 VCharsetTable 731F88 VCharsetTable 7328F0 VCharsetTable 733258 ___ All new Yahoo! Mail The new Interface is stunning in its simplicity and ease of use. - PC Magazine http://uk.docs.yahoo.com/nowyoucan.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Using setuid on smbd
Hello list, I wonder if it is a really bad idea to setuid bit on samba daemons to make them start with root privileges? I need it in an embedded systems where the daemons are started by a non root user and I don't have access to sudo etc and we all know that smbd should run under root. Cheers, henke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Linux CIFS-access problem since samba 3.0.25(a/b)
Hi there, at first, the following scenario is used in our environment: Server-Side: - One Samba PDC using 3.0.24 release with TDB-backend. - Some Samba member servers serving files, home-dirs, etc. Client-Side: - Windows XP-Clients. - Windows Vista Clients (testing). - some Linux Ubuntu Distro (Feisty) Clients, using CIFS to access the samba-shares. fstab-entry of the Ubuntu-clients: //server/share /media/files_on_server cifs credentials=/home/user/.smbcredentials,dom=domain,directio,users,noperm,iocharset=utf8,nolock,soft,intr,rsize=8192,wsize=8192 0 0 The problem: Since using release 3.0.25(a/b) on the samba-member servers, - accessing the shares by using a Linux Ubuntu Client through CIFS-mount is very slow (). Sometimes you have to wait centuries to get the directory-contents. - accessing the shares by a Windows Client is at normal speed. After rolling back to 3.0.24 on the samba-member servers: - accessing the shares by using a Linux Ubuntu Client through CIFS-mount work like it should be (normal speed). What I've found out is: If we use Samba 3.0.25(a/b) on the member-servers and unset the msdfs root-parameter from yes to no, the access-speed of the Ubuntu-Clients is at normal speed. Reverting the parameter to yes results in the mentioned problem. Rolling back to 3.0.24 and using msdfs root = yes results in NO problem. smb.conf on Samba-member server: [global] unix charset = ISO8859-1 name resolve order = host wins bcast display charset = ISO8859-1 encrypt passwords = yes preferred master = no domain master = auto domain logons = no local master = yes log level = 1 os level = 20 workgroup = DOMAIN netbios name = %h interfaces = eth0 lo server string = %h on SMB %v allow hosts = 127.0.0.1 10.0.1.0/24 0.0.0.0/0 deny hosts = ALL EXCEPT 10.0.1.0/24 127.0.0.1 0.0.0.0/0 keep alive = 30 read raw = yes write raw = yes socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 passdb backend = tdbsam:/etc/samba/private/passdb.tdb host msdfs = yes msdfs root = yes security = domain password server = * idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind cache time = 100 template homedir = /home/%U load printers = yes printing = cups printcap = cups show add printer wizard = yes deadtime = 15 write cache size = 1048576 [homes] path = /home/%S comment = %U Home Dir browseable = no admin users = @domain\domain admins invalid users = @domain\domain guests valid users = domain\%S,@domain\domain admins writeable = yes write list = domain\%U,@domain\domain admins guest ok = no inherit owner = yes inherit permissions = yes force user = domain\%U force group = domain\domain admins guest ok = no [Files] map acl inherit = yes dos filemode = yes inherit acls = yes inherit permissions = yes browseable = yes writeable = yes guest ok = no path = /share-point/files comment = FILE01 LV vfs objects = recycle recycle:repository = SERVER_RECYCLE_BIN recycle:keeptree = Yes recycle:touch = Yes recycle:versions = Yes [Files-test] map acl inherit = yes dos filemode = yes inherit acls = yes inherit permissions = yes browseable = yes writeable = yes guest ok = no path = /mnt comment = FILE01 backup [printers] comment = Printer printable = yes guest ok = no browseable = yes path = /var/spool/samba admin users = [print$] comment = Printer Driver Download Area write list = @domain\domain admins guest ok = no browseable = yes path = /etc/samba/config/printer read only = yes admin users = Is there any solution known to solve this problem? Regards, Michael _ Wenn Ihnen E-Mail nicht schnell genug ist: MSN Messenger! - http://www.imagine-msn.com/messenger/default2.aspx?locale=de Kostenlos downloaden! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + samba limits with large AD?
Michael Adam schrieb: could you please for debugging this raise your log level to 10 (and possibly set max log size to 0 to prevent rotation of log files). For the stack trace to be more meaningful, it would also be good to have samba compiled with CFLAGS=-g (debugging symbols) and without optimizations (no -O, -O2, ... flag). Furthermore the configure option --enable-pie=no is useful. As for your setup: Could you provide your smb.conf file (secret stuff grayed out of course)? You should double check that no components are mixed between your system package samba installation and your hand-compiled version (sorry if I am stating obious things): * save your smb.conf * clean all of /opt/samba32 * recompile as stated above * reinstall * copy your smb.conf to /opt/samba32/lib (don't forget to raise log level to 10 and max log size = 0) * make sure to copy (or link) libnss_winbind.so to /lib/libnss_winbind.so (and /lib/libnss_winbind.so.2) * rejoin the domain * start nmbd/smbd/winbindd daemons * make your tests as before, using tools (wbinfo...) from /opt/samba32/bin when not using system commands (id, getent, ...) Then provide us with the logs - maybe bugzilla.samba.org is more approriate a place for this. I would prefere to send this data to you directly and not publish it on the bts. I can remove some of the critical data from the log files, but not all. Also some key data about your AD environment would be interesting to know: number of DCs, OS version of DCs, mode of AD (native 2003, ...) number of users, number of groups, size of largest groups involved in your tests, number of groups user is member of, ... I can also send you this information to your mail address. Which one should I use? Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Active directory and multiple forests
Well I'm hoping someone here can give me some assistance. Where I work we manage multiple AD forests. We are looking for a way to centrally manage this. Right now each forest has its own logins for our support people here. I hoping there's a way to make samba make this a bit easier. I know samba will do domain trusts, but is there a way to have it have do trusts to each seperate forest. For eample: samba.local customerA.local |-- customerB.local |-- customerC.local So in essence you would have a centralized login for the domains with samba. The user could log into any domain with their samba.local login. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] refresh samba share listing
I have a linux host that's sharing files to a windows domain. If I enter the command, net status shares| grep USERSHARE I get a listing of which windows hosts have a user logged in. This works because the windows login script maps USERSHARE as they login. I can then take this output and do cool things like create a webpage showing which windows hosts are available and which ones are in use. The problem is when our linux samba server reboots, it looses context ie it forgets about the older hosts that already have logins. Is there some way to refresh this info? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba file owner issue.
Hi, I have 2 Samba shares and it looks like when I drop a file from my computer to my user_input share it gives the file owner the id of the other share(smbrprts). Anyone seen this before? I have Samba 2.2.7 running. [user_input] comment = Application Access path = /opt/info/extracts/flinx/user_input username = smbinput read only = No force create mode = 0666 force directory mode = 0775 inherit permissions = Yes browseable = No [reports] comment = reports directory path = /opt/info/extracts/flinx/reports username = smbrprts browseable = No [EMAIL PROTECTED]:/opt/info/extracts/flinx/user_input] $ ls -alrt total 352 -rwxrw-rw- 1 smbrprts flinx 236 Jun 29 12:27 dw_return_mail.txt Dave -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind idmap customization
Then, at least, can lookups for 'username' return matches for 'DOM \username'? This would make it act more windows-like, anyways, where the user can login using 'username', unless it conflicts with a local user. On Fri, 2007-07-06 at 15:50 -0500, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: Nope. You haven't looked at how much trouble this would be in the code. For example, Lookupsid() *always* returns the sAMAcountName but LookupName() will resolve a UPN to the same SID. So The conversion is asymetric. UPN-SID-sAMAcountName. But canonicalizing on the sAMAccountName does give you a symmetic mapping. Secondly, your 'unix' variant would break with trusted domains. So yes, it is a bad idea for very real technical reasons. I should clarify that you can easily convert form UPN to sAMAcountName and vice versa using the DsCrackNames calls but this requires a lot of plumbing we don't have currently and would be a fundamental change in design which would require a lot of code restabilization. Or of course you can use LDAP queries but remember that machines do not have UPNs by default. So what do you use then? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGjqr5IR7qMdg1EfYRAp8cAKCXRYT54CMNBbnYUlRPsuDwErPfLACgoYQ3 7l3fIz4KrkEecX5dPZFDhFA= =5nEl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind idmap customization
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jerome Haltom wrote: Then, at least, can lookups for 'username' return matches for 'DOM \username'? This would make it act more windows-like, anyways, where the user can login using 'username', unless it conflicts with a local user. Please read smb.conf(5) and look at the 'winbind use default domain' option. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGlkX9IR7qMdg1EfYRAuABAJ9p0FBvIi5fU6AOyEEUHwF2YnCnQQCg6E40 +0bNnB0r7nPYJAC/T+WH2YU= =8Ntg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind idmap customization
I have. This doesn't work. If I set it to yes, then looks ups for 'DOM \user' resolve to 'user'. I want everything to resolve to 'DOM\user'. Even lookups for 'user'. If I set it to no, then lookups for 'DOM\user' resolve to 'DOM\user', but lookups for 'user' do not match at all. 'user' should resolve to 'DOM\user'. On Thu, 2007-07-12 at 10:17 -0500, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jerome Haltom wrote: Then, at least, can lookups for 'username' return matches for 'DOM \username'? This would make it act more windows-like, anyways, where the user can login using 'username', unless it conflicts with a local user. Please read smb.conf(5) and look at the 'winbind use default domain' option. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGlkX9IR7qMdg1EfYRAuABAJ9p0FBvIi5fU6AOyEEUHwF2YnCnQQCg6E40 +0bNnB0r7nPYJAC/T+WH2YU= =8Ntg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Urgent, Security: Privilege Escalation in 3.0.24?
Hi list, we have spotted a serious problem with our Samba (Debian version 3.0.24-6) on linux 2.4.31, ext2 with ACLs enabled. We use hide unreadable = yes to reduce clutter for our users. Today we noticed that with this option enabled any linux client can access and read *all* directories under the share, even directories that are owned by root and set to 0700. No ACLs are set on the directories in question nor on any parent directory. We have reproduced the same problem on a separate gentoo box (Kernel 2.6.18, Samba 3.0.24-r3, ext3 without acl support). I'd be glad if someone could look at our smb.conf (pasted at the end of this mail) and comment on whether this is a configuration problem or if we have hit a bug. Below a shell transcript to illustrate the problem: ### ### commands executed as root on the samba host ### ## ## 1. create the test directory and file, ##make them accessible only for root ## [EMAIL PROTECTED]:~# cd /vol0 [EMAIL PROTECTED]:/vol0# mkdir test [EMAIL PROTECTED]:/vol0# echo secret test/file.txt [EMAIL PROTECTED]:/vol0# chown -R root:root test [EMAIL PROTECTED]:/vol0# chmod -R 0700 test [EMAIL PROTECTED]:/vol0# ls -al total 12 drwx--2 root root4096 Jul 12 17:02 . drwxrwx--- 139 root users 4096 Jul 12 15:04 .. -rwx--1 root root 7 Jul 12 17:02 file ## ## 2. create a new samba user ## [EMAIL PROTECTED]:/vol0# useradd -m -g users testuser [EMAIL PROTECTED]:/vol0# smbpasswd -a testuser New SMB password: Retype new SMB password: Added user testuser. [EMAIL PROTECTED]:/vol0# id testuser uid=1137(testuser) gid=100(users) groups=100(users) [EMAIL PROTECTED]:/vol0# pdbedit -L -u testuser Unix username:testuser NT username: Account Flags:[U ] User SID: S-1-5-21-3613053638-1853485231-1729343208-3274 Primary Group SID:S-1-5-21-3613053638-1853485231-1729343208-513 Full Name: Home Directory: \\srv\testuser HomeDir Drive: Logon Script: Profile Path: \\srv\testuser\profile Domain: FOO Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Tue, 19 Jan 2038 04:14:07 CET Kickoff time: Tue, 19 Jan 2038 04:14:07 CET Password last set:Thu, 12 Jul 2007 17:05:54 CEST Password can change: Thu, 12 Jul 2007 17:05:54 CEST Password must change: Tue, 19 Jan 2038 04:14:07 CET Last bad password : 0 Bad password count : 0 Logon hours : FF [EMAIL PROTECTED]:/vol0# su - testuser [EMAIL PROTECTED]:~$ ls /vol0/test ls: /vol0/test: Permission denied [EMAIL PROTECTED]:~/$ cat /vol0/test/test.txt cat: /vol0/test/test.txt: Permission denied ### ### commands executed as user (uid 1023) on ### a remote linux client ### ## ## 3. mount the remote share ## [EMAIL PROTECTED]:~$ mkdir fileserver [EMAIL PROTECTED]:~$ smbmount //srv/data fileserver -o username=testuser Password: ## ## 4. do things that should not be possible ## [EMAIL PROTECTED]:~$ ls -al fileserver total 8 drwxr-xr-x 1 someuser users 4096 Jul 12 17:02 . drwxr-xr-x 1 someuser users 4096 Jul 12 17:28 .. ### comment: this is correct, the test directory doesn't show [EMAIL PROTECTED]:~$ ls -al fileserver/test total 8 drwxr-xr-x 1 someuser users 4096 Jul 12 17:02 . drwxr-xr-x 1 someuser users 4096 Jul 12 17:28 .. ### comment: this should not be possible [EMAIL PROTECTED]:~$ cat fileserver/test/file.txt secret ### ### end of transcript ### further observations: - during one session i can sometimes cd to the test-directory, sometimes i get Permission denied. also sometimes the directory listing for the test directory shows the contained files, sometimes it doesn't. intermittent bug? - when we set hide unreadable = no (but leave the rest of smb.conf as is) the permission checking seems to work properly. remote clients can then not get into the test directory. i am not quite sure if this really works around the actual problem or only disguises it (i.e. does it cause the client to honor the access bits or does it cause the server to *enforce* them?) well, and finally our smb.conf... ### smb.conf ### [global] workgroup = foo unix extensions = no server string = fileserver dns proxy = no log file = /var/log/samba/log.%U.%m.log max log size = 5 log level = 0 vfs:2 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true obey pam restrictions = yes invalid users = root passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . socket options = TCP_NODELAY [data] path = /vol0 vfs objects = full_audit full_audit:prefix = %u|%I full_audit:success = open opendir rmdir unlink rename write chmod chmod_acl mkdir close chown chmod_acl fchmod_acl fset_nt_acl aio_write full_audit:failure =
Re: [Samba] Urgent, Security: Privilege Escalation in 3.0.24?
On Thu, Jul 12, 2007 at 06:30:02PM +0200, moe wrote: Hi list, we have spotted a serious problem with our Samba (Debian version 3.0.24-6) on linux 2.4.31, ext2 with ACLs enabled. We use hide unreadable = yes to reduce clutter for our users. Today we noticed that with this option enabled any linux client can access and read *all* directories under the share, even directories that are owned by root and set to 0700. No ACLs are set on the directories in question nor on any parent directory. We have reproduced the same problem on a separate gentoo box (Kernel 2.6.18, Samba 3.0.24-r3, ext3 without acl support). Firstly, please report all security issues to [EMAIL PROTECTED], not to the [EMAIL PROTECTED] list. That way your problem is private, and will be handled urgently. Secondly, did you read the release notes for 3.0.25 ? In them there is a note : Security Fixes included in the Samba 3.0.25 release are: o CVE-2007-2444 Versions: Samba 3.0.23d - 3.0.25pre2 Local SID/Name translation bug can result in user privilege elevation which was widely publicized at the time. This may be the problem you are reporting. Can you please update to Samba 3.0.25b, and try and reproduce the problem. Please send any follow-ups to [EMAIL PROTECTED], and not to the [EMAIL PROTECTED] list please. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind idmap customization
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jerome Haltom wrote: I have. This doesn't work. If I set it to yes, then looks ups for 'DOM \user' resolve to 'user'. I want everything to resolve to 'DOM\user'. Even lookups for 'user'. Ahh.. my bad. I misread the original report. What you want is support for aliases which I have in a private branch. It's a little tricky since there are limitation to how well the feature can work. Basically I just added the alias-login name translation as a shim just before and after the lookupname and lookupsid calls. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGlmkjIR7qMdg1EfYRApdFAJ4ihMoYHzN2sQxApZrIlebNE3AyHwCeIahq LRDsiCpBsDdqRpwS9OTYR30= =aQoe -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] modification time inconsistency
On Wed, Jul 11, 2007 at 12:14:19PM -0400, Chris Smith wrote: On Thursday 21 June 2007, Carlos Knowlton wrote: I have a client with a windows utility that relies on touching (changing the mod time) on zero-length files in a folder for the purpose of judging when that folder was last accessed. This works fine for him on mapped windows servers, and from the local disk, but from a Samba (v3.0.22) volume, the mod time doesn't change unless there was an actual data change within the file. (ie, clicking save in notepad doesn't change the mod time unless he enters some data first.). Tried this out of curiosity and find the same results. It only happens with a zero length file, if the file has any data in it then the timestamp does change by doing a save in notepad (no data change necessary). With a zero length file it doesn't change when the file is on a Samba share. However with a cifs mounted Samba share a touch filename does update the timestamp even for zero length files. I've fixed this for 3.0.25c and later. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] groups seems broken in samba-3.0.24-7.fc5
I've recently rebuilt a samba server and noticed this problem keeps coming up with groups. If I use a user in smb.conf valid users = me It works and I'm able to access the shared drive. There are no messages in the log file. However if I use group valid users = @admin I can't access the drive and I get a lot of errors in my messages file. Here is some of the errors. [2007/07/12 13:21:55, 0] lib/fault.c:faul PANIC (pid 29421): internal error BACKTRACE: 19 stack frames: #0 smbd(log_stack_trace+0x2d) [0x80224c0d] #1 smbd(smb_panic+0x5d) [0x80224d3d] #2 smbd [0x802101da] smbd[29421]:#3 [0xd5a420] smbd[29421]:#4 /lib/libc.so.6(__strdup+0x1f) [0x35c893] smbd[29421]:#5 /lib/libnsl.so.1(nis_list+0x5d2) [0x95db5f] #6 /lib/libnss_nisplus.so.2(_nss_nisplus_setnetgrent+0x8f) [0x63762e] #7 /lib/libc.so.6(innetgr+0xb2) [0x3d7d05] #8 smbd(user_in_netgroup+0x65) [0x8005a4e5] #9 smbd(token_contains_name_in_list+0x23d) [0x8005cf4d] #10 smbd(user_ok_token+0x8f) [0x8005d37f] smbd[29421]:#11 smbd [0x800baf3f] smbd[29421]:#12 smbd(make_connection+0x194) [0x800bc6b4] #13 smbd(reply_tcon_and_X+0x217) [0x8007fe87] #14 smbd [0x800b77b0] #15 smbd(smbd_process+0x7ab) [0x800b88db] #16 smbd(main+0xbd0) [0x802d3960] #17 /lib/libc.so.6(__libc_start_main+0xdc) [0x3084e4] #18 smbd [0x80042891] [2007/07/12 13:21:55, 0] lib/fault.c:dump_core(173) When I try to read the core dumb, it says it is not in a valid format. thanks Dean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain member, security = ADS|domain and trusts with NT4
After extensive testing, the answer I come up with is yes, and no. Jonathan Johnson wrote: I presently have a Samba server (3.0.21b) set up as a member server in an NT4 domain (with a real Windows NT4 PDC). We are migrating to an Active Directory domain (with a real Windows 2003 domain controller). We have set up a two-way trust between the old NT4 domain CLUNKY and the new ADS domain SLEEK (aka sleek.local). The Samba server is a member of the CLUNKY domain (security = domain) and authentication is against the PDC for the CLUNKY domain. How can I ensure that users in both CLUNKY and SLEEK can access the Samba server? Will joining the Samba server to SLEEK with security = ADS allow this? Will Samba honor the domain trust? If a share is not restricted with valid users =, then the user in SLEEK can access the share on the Samba server in CLUNKY. However, if you have restrictions on the share such as valid users = @CLUNKY+sales, CLUNKY+fred then the user 'fred' in the SLEEK domain will NOT be able to access. You can grant SLEEK+fred access by modifying: valid users = @CLUNKY+sales, CLUNKY+fred, SLEEK+fred so it appears that you can add users in trusted domains to the 'valid users =' directive. However, groups of trusted domains don't work: valid users = @CLUNKY+sales, @SLEEK+sales If 'fred' is a member of the group SLEEK+sales, fred will NOT have access (assuming the Samba server is in the CLUNKY domain). -Jonathan Johnson Sutinen Consulting, Inc. www.sutinen.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] modification time inconsistency
On 7/12/07, Jeremy Allison [EMAIL PROTECTED] wrote: On Wed, Jul 11, 2007 at 12:14:19PM -0400, Chris Smith wrote: On Thursday 21 June 2007, Carlos Knowlton wrote: I have a client with a windows utility that relies on touching (changing the mod time) on zero-length files in a folder for the purpose of judging when that folder was last accessed. This works fine for him on mapped windows servers, and from the local disk, but from a Samba (v3.0.22) volume, the mod time doesn't change unless there was an actual data change within the file. (ie, clicking save in notepad doesn't change the mod time unless he enters some data first.). Tried this out of curiosity and find the same results. It only happens with a zero length file, if the file has any data in it then the timestamp does change by doing a save in notepad (no data change necessary). With a zero length file it doesn't change when the file is on a Samba share. However with a cifs mounted Samba share a touch filename does update the timestamp even for zero length files. I've fixed this for 3.0.25c and later. Jeremy. This is wonderful, Thanks! Any idea when 3.0.25c will be released? Thanks! Carlos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] BUG? 'valid users' doesn't allow groups from trusted domains
It appears that you cannot include groups from trusted domains in the 'valid users =' directive on a share. Here is the scenario as I experienced it (names have been changed to protect the innocent): Configuration: - Samba 3.0.21b as a member server in a real NT4 domain (security = domain) called 'NTDOMAIN' - NTDOMAIN has a two-way trust with Windows 2003 Active Directory domain 'ADSDOMAIN' - User 'fred' has an account on NTDOMAIN (NTDOMAIN+fred) and is a member of the 'sales' group on NTDOMAIN (@NTDOMAIN+sales) - User 'wilma' has an account on ADSDOMAIN (ADSDOMAIN+wilma) and is a member of the 'sales' group on ADSDOMAIN (@ADSDOMAIN+sales) If the share 'salesforce' has a 'valid users =' line in it, members of the trusting domain have no access by group; they can only access it if their accounts are specified explicitly. For example: [salesforce] path = /data/salesforce valid users = @NTDOMAIN+sales, @ADSDOMAIN+sales then fred will have access to the salesforce share, but wilma will not, even though her group has been granted access to the share. If I specify wilma's account explicitly: [salesforce] path = /data/salesforce valid users = @NTDOMAIN+sales, @ADSDOMAIN+sales, ADSDOMAIN+wilma then wilma will be able to access the share. It appears that adding a group from a trusted domain doesn't achieve what I hope to accomplish. Now, I have not tried this with all possible combinations: both domains NT, both domains ADS, etc. ad infinitum. I just don't have the resources. Is this a bug or is it by design? If you folks think it's a bug, then I'll submit it as a bug report. If I'm misunderstanding something, please enlighten me or point me to the appropriate docs. -Jonathan Johnson Sutinen Consulting, Inc. www.sutinen.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Urgent, Security: Privilege Escalation in 3.0.24?
On Thu, Jul 12, 2007 at 10:40:44AM -0700, Jeremy Allison wrote: On Thu, Jul 12, 2007 at 06:30:02PM +0200, moe wrote: Hi list, we have spotted a serious problem with our Samba (Debian version 3.0.24-6) on linux 2.4.31, ext2 with ACLs enabled. We use hide unreadable = yes to reduce clutter for our users. Today we noticed that with this option enabled any linux client can access and read *all* directories under the share, even directories that are owned by root and set to 0700. No ACLs are set on the directories in question nor on any parent directory. We have reproduced the same problem on a separate gentoo box (Kernel 2.6.18, Samba 3.0.24-r3, ext3 without acl support). Firstly, please report all security issues to [EMAIL PROTECTED], not to the [EMAIL PROTECTED] list. That way your problem is private, and will be handled urgently. Sorry, I was not aware that a security-list exists. Maybe put a hint about that somewhere on the website? Didn't see anything on the mailing list pages or the netiquette page and not in my search for security. Well, I'll know better next time. Secondly, did you read the release notes for 3.0.25 ? In them there is a note : Security Fixes included in the Samba 3.0.25 release are: o CVE-2007-2444 Versions: Samba 3.0.23d - 3.0.25pre2 Local SID/Name translation bug can result in user privilege elevation which was widely publicized at the time. This may be the problem you are reporting. Can you please update to Samba 3.0.25b, and try and reproduce the problem. I have seen that in the release notes but didn't relate to my particular problem. My bad after all, apologies. regards, moe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Urgent, Security: Privilege Escalation in 3.0.24?
On Thu, Jul 12, 2007 at 09:42:55PM +0200, moe wrote: I have seen that in the release notes but didn't relate to my particular problem. My bad after all, apologies. FYI: To anyone following this - Moe reported that this was the bug that was fixed in 3.0.25. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] modification time inconsistency
On Thu, Jul 12, 2007 at 02:37:01PM -0500, Carlos Knowlton wrote: This is wonderful, Thanks! Any idea when 3.0.25c will be released? Week after next I think. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Vista
Does anybody know if Samba is compadable with Vista Yet? Yes. If so, is there a way for a group pr user policy to allow samba users to things in windows vista, like install programs w/o admin access. No, a Samba 3.x PDC only supports NT4 domain policies. http://www.microsoft.com/technet/archive/winntas/maintain/featusability/prof_pol.mspx?pf=true But Samba4 just got group policy support. I'm working to make it a bit more 'out of the box', but the guts are there if you read the samba-technical archives for the details. Yep, I lurk over there and saw that message. It is on my calendar to setup a Samba4 test domain in August. Very much looking forward to it, GPO support would be so awesome; but I'm pretty leery of the thought of using in production. -- Adam Tauno Williams, Network Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] groups seems broken in samba-3.0.24-7.fc5
On Thu, Jul 12, 2007 at 01:39:52PM -0500, Dean Clapper wrote: However if I use group valid users = @admin Fedora bug. Use valid users = +admin Volker pgpWrg5KL2c82.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] groups seems broken in samba-3.0.24-7.fc5
On Thu, 2007-07-12 at 23:04 +0200, Volker Lendecke wrote: On Thu, Jul 12, 2007 at 01:39:52PM -0500, Dean Clapper wrote: However if I use group valid users = @admin Fedora bug. Use valid users = +admin FC5 is not maintained anymore anyway, I suggest you to move to F7 where this problem have been fixed. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] groups seems broken in samba-3.0.24-7.fc5
It worked! Thanks Dean On 12 Jul 2007 at 23:04, Volker Lendecke wrote: On Thu, Jul 12, 2007 at 01:39:52PM -0500, Dean Clapper wrote: However if I use group valid users = @admin Fedora bug. Use valid users = +admin Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] modification time inconsistency
Hey Guys, I have also noticed this problem; we have a ftp server with samba on it. I was trying to use find with mtime to remove folders older then 6 months. However when a folder is moved through a samba share the date stamp stays the same. This causes issues as old folders that want to be kept are moved; however the date stamp still remains the same. Is this going to be fixed in 3.2.0? Cheers, Adrian S. From: Carlos Knowlton [EMAIL PROTECTED] To: Jeremy Allison [EMAIL PROTECTED] CC: samba@lists.samba.org Subject: Re: [Samba] modification time inconsistency Date: Wed, 11 Jul 2007 09:45:11 -0500 On 6/21/07, Jeremy Allison [EMAIL PROTECTED] wrote: On Thu, Jun 21, 2007 at 03:50:51PM -0500, Carlos Knowlton wrote: Hello, I have a client with a windows utility that relies on touching (changing the mod time) on zero-length files in a folder for the purpose of judging when that folder was last accessed. This works fine for him on mapped windows servers, and from the local disk, but from a Samba (v3.0.22) volume, the mod time doesn't change unless there was an actual data change within the file. (ie, clicking save in notepad doesn't change the mod time unless he enters some data first.). I know this seems pretty trivial, but it seems to make all the difference for some backup and SCADA software packages. Any ideas what I could do to fix this? Can you test against 3.0.25a (or soon b) to see if this is currently a problem please ? Thanks, Jeremy. Sorry for the delay in getting back to you on this. I have checked the latest Samba version, and the same behavior I saw in 3.0.22 also exists in 3.0.25b. Any ideas what might be happening, or how to fix this? Thanks, Carlos _ Movie session times on Messenger - add Movie Scout today! http://ninemsn.com.au/share/redir/adTrack.asp?mode=clickclientID=785referral=hotmailtagline0707URL=http://www.yourmovies.com.au/messenger/signup/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cross-VPN Browsing
Hey all, I'm having a bit of a problem with cross-subnet browsing where one of the subnets is managed by an OpenVPN server. My network is set up with a central wireless router running OpenWRT. 192.168.10.x is the subnet for wired hosts and 192.168.20.x is the subnet for wireless hosts. To allow cross-subnet browsing, the OpenWRT router is running as a WINS server (samba). Now, I've added an OpenVPN subnet (192.168.30.x) in routed mode. The VPN works well (hosts on all 3 subnets can communicate with one another). However, I am having some problems with browsing. 1. Hosts that are on the wired/wireless subnets can see one another in the workgroup browser (Network Places - Entire Network - MS Windows Network - Workgroup) but cannot see VPN hosts. 2. VPN hosts cannot see wired/wireless subnet hosts in the workgroup browser. 3. VPN hosts can access wired/wireless hosts directly by name (//computername) but wired/wireless hosts can only access VPN hosts by IP (//192.168.30.x). All hosts are running windows (except the router running OpenWRT) and all firewalls are disabled. /etc/openvpn/server.conf: - # network port 1194 proto udp dev tun server 192.168.30.0 255.255.255.0 push route 192.168.10.0 255.255.255.0 push route 192.168.20.0 255.255.255.0 push redirect-gateway push dhcp-option WINS 192.168.10.1 # certificate and keyfiles ca /etc/openvpn/ca.crt cert /etc/openvpn/server.crt key /etc/openvpn/server.key dh /etc/openvpn/dh.pem tls-auth /etc/openvpn/shared.key #misc keepalive 10 120 status /tmp/openvpn.status - /etc/samba/smb.conf: - [global] syslog = 0 syslog only = yes workgroup = WORKGROUP server string = OpenWrt Samba Server security = share encrypt passwords = yes guest account = nobody domain master = yes master = yes preferred master = yes wins support = yes name resolve order = wins lmhosts hosts bcast browse list = yes remote browse sync = 192.168.10.255 192.168.20.255 192.168.30.255 remote announce = 192.168.10.255/WORKGROUP 192.168.20.255/WORKGROUP 192.168.30.255/WORKGROUP os level = 250 - Any ideas? Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [computers] Re: [Samba] XP Home and Samba problem
You do, of course, have valid smb accounts and passwords created on borzo for each XP client where the XP account (username) and the XP account (password) are identical and match the Linux user account (username) and the smb (password) created with the smbpasswd -a command, right? Yes, I know that is not a strict requirement, but unless you're doing UID and GID mapping, it never hurts! -- David C. Rankin, J.D., P.E. 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com -- - Original Message - From: SG [EMAIL PROTECTED] Cc: samba samba@lists.samba.org Sent: Wednesday, July 11, 2007 6:30 AM Subject: Re: [computers] Re: [Samba] XP Home and Samba problem Problem resolved!, I created a XP user test123 with a null password, logged in and everything worked fine then I logged back to borzo and everything went back to normal. I must say this is the weirdest case i ever had and i stll don't understand what happened. Anyway, thanks for all the help :) SG SG pisze: I Tried XP restarts, and tried removing hosts allow/deny, and I still have the same problem, enforced guest login. I am starting to wonder if this might be somehow related to the fact that I changed the XP's name, except that it shouldn't be a problem as I see the new XP name and shares correctly from Linux. I Will try to add a new user to XP and add that to samba, login with the new user and see if it works then. Gary Dale pisze: You should also try removing your global hosts allow and hosts deny lines. If they aren't done properly, they can cause you to be unable to connect. Gary Dale wrote: Is your borzo password on Unix the same as your borzo password on Windows? And have you tried rebooting your Windows box between attempts to connect? SG wrote: After a couple of minutes of inactivity I tried to access the samba share again and I got the error message I wrote about previously: * Error Message: /x/ is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permission * . The share is accessible locally and so is the XP share from Linux. Gary Dale pisze: You said, I believe, that you are running XP/Home. Are you logged on as borzo (and not Borzo, BORZO or some other variant)? Also, take it back to just including the path, restart samba, and let us know the exact error message Windows gives you. SG wrote: From [global] I have removed valid users At first in [MyFiles] I left only the path, which didn't work at all ( I was presented with an error on XP ), here's what I'm left with: [MyFiles] path = /home/samba/ force user = borzo force group = borzo create mask = 0644 directory mask = 755 but this didn't change the situation, I am still presented by the grayedout login prompt, and by the way the share is accessible through samba locally, aswell as the XP shares. The share's permissions are set to 0777, user and group are set to borzo and borzo is added and enabled with smbpasswd. thanks so far, SG Gary Dale pisze: simo wrote: On Tue, 2007-07-10 at 18:02 +0200, SG wrote: Here's my smb.conf [global] workgroup = GINVEST netbios name = LINACER interfaces = ath0, eth0 bind interfaces only = Yes null passwords = Yes passdb backend = tdbsam username map = /etc/samba/smbusers log level = 3 log file = /var/log/samba/log.%m announce version = 5.0 name resolve order = host wins bcast socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = CUPS os level = 32 wins support = Yes invalid users = root valid users = borzo --^^ you really _don't_ want to put this in the global section, or the only user allowed is borzo everywhere, and guest connections will always be denied. [..] Simo. Yes, but that probably isn't his problem as he also has borzo as the only valid user for his MyFiles share. My concern is that he has so much other unnecessary entries in his share definition. My advice to him would be to clear out all the unnecessary stuff until he can get a working share. Start with just the path and see if that works. If it doesn't then your problem lies elsewhere. What are the Unix directory permissions for the share? Try setting them to allow everyone read-write-execute access. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r23849 - in branches/SAMBA_4_0: source/ldap_server testprogs/blackbox
Author: abartlet Date: 2007-07-12 06:15:47 + (Thu, 12 Jul 2007) New Revision: 23849 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23849 Log: ldap_server: Provide more info in debug traces blackbox tests: increase test coverage by running more options. Andrew Bartlett Modified: branches/SAMBA_4_0/source/ldap_server/ldap_backend.c branches/SAMBA_4_0/testprogs/blackbox/test_ldb.sh branches/SAMBA_4_0/testprogs/blackbox/test_smbclient.sh Changeset: Modified: branches/SAMBA_4_0/source/ldap_server/ldap_backend.c === --- branches/SAMBA_4_0/source/ldap_server/ldap_backend.c2007-07-12 04:56:33 UTC (rev 23848) +++ branches/SAMBA_4_0/source/ldap_server/ldap_backend.c2007-07-12 06:15:47 UTC (rev 23849) @@ -155,7 +155,7 @@ struct ldb_request *lreq; enum ldb_scope scope = LDB_SCOPE_DEFAULT; const char **attrs = NULL; - const char *errstr = NULL; + const char *scope_str, *errstr = NULL; int success_limit = 1; int result = -1; int ldb_ret = -1; @@ -176,25 +176,26 @@ switch (req-scope) { case LDAP_SEARCH_SCOPE_BASE: - DEBUG(10,(SearchRequest: scope: [BASE]\n)); + scope_str = BASE; scope = LDB_SCOPE_BASE; success_limit = 0; break; case LDAP_SEARCH_SCOPE_SINGLE: - DEBUG(10,(SearchRequest: scope: [ONE]\n)); + scope_str = ONE; scope = LDB_SCOPE_ONELEVEL; success_limit = 0; break; case LDAP_SEARCH_SCOPE_SUB: - DEBUG(10,(SearchRequest: scope: [SUB]\n)); + scope_str = SUB; scope = LDB_SCOPE_SUBTREE; success_limit = 0; break; default: result = LDAP_PROTOCOL_ERROR; errstr = Invalid scope; - break; + goto reply; } + DEBUG(10,(SearchRequest: scope: [%s]\n, scope_str)); if (req-num_attributes = 1) { attrs = talloc_array(local_ctx, const char *, req-num_attributes+1); @@ -207,8 +208,8 @@ attrs[i] = NULL; } - DEBUG(5,(ldb_request dn=%s filter=%s\n, -req-basedn, ldb_filter_from_tree(call, req-tree))); + DEBUG(5,(ldb_request %s dn=%s filter=%s\n, +scope_str, req-basedn, ldb_filter_from_tree(call, req-tree))); lreq = talloc(local_ctx, struct ldb_request); NT_STATUS_HAVE_NO_MEMORY(lreq); Modified: branches/SAMBA_4_0/testprogs/blackbox/test_ldb.sh === --- branches/SAMBA_4_0/testprogs/blackbox/test_ldb.sh 2007-07-12 04:56:33 UTC (rev 23848) +++ branches/SAMBA_4_0/testprogs/blackbox/test_ldb.sh 2007-07-12 06:15:47 UTC (rev 23849) @@ -1,7 +1,16 @@ #!/bin/sh +if [ $# -lt 2 ]; then +cat EOF +Usage: test_ldb.sh PROTOCOL SERVER [OPTIONS] +EOF +exit 1; +fi + + p=$1 SERVER=$2 +PREFIX=$3 shift 2 options=$* @@ -29,6 +38,8 @@ check Listing Users bin/ldbsearch $options $CONFIGURATION -H $p://$SERVER '(objectclass=user)' sAMAccountName || failed=`expr $failed + 1` +check Listing Users (sorted) bin/ldbsearch -S $options $CONFIGURATION -H $p://$SERVER '(objectclass=user)' sAMAccountName || failed=`expr $failed + 1` + check Listing Groups bin/ldbsearch $options $CONFIGURATION -H $p://$SERVER '(objectclass=group)' sAMAccountName || failed=`expr $failed + 1` nentries=`bin/ldbsearch $options -H $p://$SERVER $CONFIGURATION '(|(|((!(groupType:1.2.840.113556.1.4.803:=1))(groupType:1.2.840.113556.1.4.803:=2147483648)(groupType:1.2.840.113556.1.4.804:=10))(samAccountType=805306368))(samAccountType=805306369))' sAMAccountName | grep sAMAccountName | wc -l` Modified: branches/SAMBA_4_0/testprogs/blackbox/test_smbclient.sh === --- branches/SAMBA_4_0/testprogs/blackbox/test_smbclient.sh 2007-07-12 04:56:33 UTC (rev 23848) +++ branches/SAMBA_4_0/testprogs/blackbox/test_smbclient.sh 2007-07-12 06:15:47 UTC (rev 23849) @@ -40,6 +40,8 @@ return $? } +testit share and server list $VALGRIND bin/smbclient -L $SERVER $CONFIGURATION -W $DOMAIN -U$USERNAME%$PASSWORD $@ || failed=`expr $failed + 1` + testit domain join $VALGRIND bin/net join $DOMAIN $CONFIGURATION -W $DOMAIN -U$USERNAME%$PASSWORD $@ || failed=`expr $failed + 1` # Generate random file
svn commit: samba r23850 - in branches: SAMBA_3_2/source/rpc_client SAMBA_3_2_0/source/rpc_client
Author: obnox Date: 2007-07-12 09:36:52 + (Thu, 12 Jul 2007) New Revision: 23850 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23850 Log: Fix whitespacing in DEBUG output. Modified: branches/SAMBA_3_2/source/rpc_client/cli_pipe.c branches/SAMBA_3_2_0/source/rpc_client/cli_pipe.c Changeset: Modified: branches/SAMBA_3_2/source/rpc_client/cli_pipe.c === --- branches/SAMBA_3_2/source/rpc_client/cli_pipe.c 2007-07-12 06:15:47 UTC (rev 23849) +++ branches/SAMBA_3_2/source/rpc_client/cli_pipe.c 2007-07-12 09:36:52 UTC (rev 23850) @@ -781,7 +781,7 @@ rparam, rparam_len,/* return params, len */ prdata, rdata_len))/* return data, len */ { - DEBUG(0, (rpc_api_pipe: Remote machine %s pipe %s fnum 0x%x + DEBUG(0, (rpc_api_pipe: Remote machine %s pipe %s fnum 0x%x returned critical error. Error was %s\n, cli-cli-desthost, cli-pipe_name, Modified: branches/SAMBA_3_2_0/source/rpc_client/cli_pipe.c === --- branches/SAMBA_3_2_0/source/rpc_client/cli_pipe.c 2007-07-12 06:15:47 UTC (rev 23849) +++ branches/SAMBA_3_2_0/source/rpc_client/cli_pipe.c 2007-07-12 09:36:52 UTC (rev 23850) @@ -781,7 +781,7 @@ rparam, rparam_len,/* return params, len */ prdata, rdata_len))/* return data, len */ { - DEBUG(0, (rpc_api_pipe: Remote machine %s pipe %s fnum 0x%x + DEBUG(0, (rpc_api_pipe: Remote machine %s pipe %s fnum 0x%x returned critical error. Error was %s\n, cli-cli-desthost, cli-pipe_name,
svn commit: samba r23851 - in branches/SAMBA_4_0/source/selftest: .
Author: metze Date: 2007-07-12 09:52:32 + (Thu, 12 Jul 2007) New Revision: 23851 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23851 Log: export _ABS versions of PREFIX and SRCDIR metze Modified: branches/SAMBA_4_0/source/selftest/selftest.pl Changeset: Modified: branches/SAMBA_4_0/source/selftest/selftest.pl === --- branches/SAMBA_4_0/source/selftest/selftest.pl 2007-07-12 09:36:52 UTC (rev 23850) +++ branches/SAMBA_4_0/source/selftest/selftest.pl 2007-07-12 09:52:32 UTC (rev 23851) @@ -505,7 +505,9 @@ die(using '/' as absolute prefix isn't allowed) unless $prefix_abs ne /; $ENV{PREFIX} = $prefix; +$ENV{PREFIX_ABS} = $prefix_abs; $ENV{SRCDIR} = $srcdir; +$ENV{SRCDIR_ABS} = $srcdir_abs; my $tls_enabled = not $opt_quick; my $from_build_farm = (defined($ENV{RUN_FROM_BUILD_FARM}) and
svn commit: samba r23852 - in branches/SAMBA_4_0/source/nsswitch: .
Author: abartlet Date: 2007-07-12 10:16:59 + (Thu, 12 Jul 2007) New Revision: 23852 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23852 Log: Merge Samba 3.2's wbinfo into Samba4, so Kai can use it for testing. Andrew Bartlett Added: branches/SAMBA_4_0/source/nsswitch/wbinfo.c Modified: branches/SAMBA_4_0/source/nsswitch/config.mk Changeset: Sorry, the patch is too large (1285 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23852
svn commit: samba r23853 - in branches: SAMBA_3_0_25/source/tdb/common SAMBA_3_2/source/lib/tdb/tools SAMBA_3_2_0/source/lib/tdb/tools SAMBA_4_0/source/lib/tdb/tools
Author: obnox Date: 2007-07-12 13:41:34 + (Thu, 12 Jul 2007) New Revision: 23853 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23853 Log: Fix a very misleading error message in tdbbackup. Michael Modified: branches/SAMBA_3_0_25/source/tdb/common/tdbback.c branches/SAMBA_3_2/source/lib/tdb/tools/tdbbackup.c branches/SAMBA_3_2_0/source/lib/tdb/tools/tdbbackup.c branches/SAMBA_4_0/source/lib/tdb/tools/tdbbackup.c Changeset: Modified: branches/SAMBA_3_0_25/source/tdb/common/tdbback.c === --- branches/SAMBA_3_0_25/source/tdb/common/tdbback.c 2007-07-12 10:16:59 UTC (rev 23852) +++ branches/SAMBA_3_0_25/source/tdb/common/tdbback.c 2007-07-12 13:41:34 UTC (rev 23853) @@ -77,7 +77,7 @@ TDB_CONTEXT *tdb_new = (TDB_CONTEXT *)state; if (tdb_store(tdb_new, key, dbuf, TDB_INSERT) != 0) { - fprintf(stderr,Failed to insert into %s\n, tdb_name(tdb)); + fprintf(stderr,Failed to insert into %s\n, tdb_name(tdb_new)); failed = 1; return 1; } Modified: branches/SAMBA_3_2/source/lib/tdb/tools/tdbbackup.c === --- branches/SAMBA_3_2/source/lib/tdb/tools/tdbbackup.c 2007-07-12 10:16:59 UTC (rev 23852) +++ branches/SAMBA_3_2/source/lib/tdb/tools/tdbbackup.c 2007-07-12 13:41:34 UTC (rev 23853) @@ -70,7 +70,7 @@ TDB_CONTEXT *tdb_new = (TDB_CONTEXT *)state; if (tdb_store(tdb_new, key, dbuf, TDB_INSERT) != 0) { - fprintf(stderr,Failed to insert into %s\n, tdb_name(tdb)); + fprintf(stderr,Failed to insert into %s\n, tdb_name(tdb_new)); failed = 1; return 1; } Modified: branches/SAMBA_3_2_0/source/lib/tdb/tools/tdbbackup.c === --- branches/SAMBA_3_2_0/source/lib/tdb/tools/tdbbackup.c 2007-07-12 10:16:59 UTC (rev 23852) +++ branches/SAMBA_3_2_0/source/lib/tdb/tools/tdbbackup.c 2007-07-12 13:41:34 UTC (rev 23853) @@ -70,7 +70,7 @@ TDB_CONTEXT *tdb_new = (TDB_CONTEXT *)state; if (tdb_store(tdb_new, key, dbuf, TDB_INSERT) != 0) { - fprintf(stderr,Failed to insert into %s\n, tdb_name(tdb)); + fprintf(stderr,Failed to insert into %s\n, tdb_name(tdb_new)); failed = 1; return 1; } Modified: branches/SAMBA_4_0/source/lib/tdb/tools/tdbbackup.c === --- branches/SAMBA_4_0/source/lib/tdb/tools/tdbbackup.c 2007-07-12 10:16:59 UTC (rev 23852) +++ branches/SAMBA_4_0/source/lib/tdb/tools/tdbbackup.c 2007-07-12 13:41:34 UTC (rev 23853) @@ -70,7 +70,7 @@ TDB_CONTEXT *tdb_new = (TDB_CONTEXT *)state; if (tdb_store(tdb_new, key, dbuf, TDB_INSERT) != 0) { - fprintf(stderr,Failed to insert into %s\n, tdb_name(tdb)); + fprintf(stderr,Failed to insert into %s\n, tdb_name(tdb_new)); failed = 1; return 1; }
svn commit: samba r23854 - in branches/SAMBA_3_0_25/source/lib: .
Author: jra Date: 2007-07-12 18:02:04 + (Thu, 12 Jul 2007) New Revision: 23854 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23854 Log: Keep consistent with 3.2 (at least for now). Remove unneeded pstring. Jeremy. Modified: branches/SAMBA_3_0_25/source/lib/util.c Changeset: Modified: branches/SAMBA_3_0_25/source/lib/util.c === --- branches/SAMBA_3_0_25/source/lib/util.c 2007-07-12 13:41:34 UTC (rev 23853) +++ branches/SAMBA_3_0_25/source/lib/util.c 2007-07-12 18:02:04 UTC (rev 23854) @@ -1833,8 +1833,7 @@ BOOL is_in_path(const char *name, name_compare_entry *namelist, BOOL case_sensitive) { - pstring last_component; - char *p; + const char *last_component; /* if we have no list it's obviously not in the path */ if((namelist == NULL ) || ((namelist != NULL) (namelist[0].name == NULL))) { @@ -1844,8 +1843,12 @@ DEBUG(8, (is_in_path: %s\n, name)); /* Get the last component of the unix name. */ - p = strrchr_m(name, '/'); - pstrcpy(last_component, p ? ++p : name); + last_component = strrchr_m(name, '/'); + if (!last_component) { + last_component = name; + } else { + last_component++; /* Go past '/' */ + } for(; namelist-name != NULL; namelist++) { if(namelist-is_wild) { @@ -1862,7 +1865,6 @@ } } DEBUG(8,(is_in_path: match not found\n)); - return False; } @@ -2748,7 +2750,7 @@ of the .. name. ***/ -BOOL mask_match(const char *string, char *pattern, BOOL is_case_sensitive) +BOOL mask_match(const char *string, const char *pattern, BOOL is_case_sensitive) { if (strcmp(string,..) == 0) string = .; @@ -2764,7 +2766,7 @@ pattern translation. ***/ -BOOL mask_match_search(const char *string, char *pattern, BOOL is_case_sensitive) +BOOL mask_match_search(const char *string, const char *pattern, BOOL is_case_sensitive) { if (strcmp(string,..) == 0) string = .;
svn commit: samba r23855 - in branches: SAMBA_3_0_25/source/smbd SAMBA_3_2/source/smbd SAMBA_3_2_0/source/smbd
Author: jra Date: 2007-07-12 18:11:41 + (Thu, 12 Jul 2007) New Revision: 23855 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23855 Log: Setting the allocation size updates the modified time as a write does. Fix bug #4779. Jeremy. Modified: branches/SAMBA_3_0_25/source/smbd/trans2.c branches/SAMBA_3_2/source/smbd/trans2.c branches/SAMBA_3_2_0/source/smbd/trans2.c Changeset: Modified: branches/SAMBA_3_0_25/source/smbd/trans2.c === --- branches/SAMBA_3_0_25/source/smbd/trans2.c 2007-07-12 18:02:04 UTC (rev 23854) +++ branches/SAMBA_3_0_25/source/smbd/trans2.c 2007-07-12 18:11:41 UTC (rev 23855) @@ -4845,18 +4845,25 @@ allocation_size = smb_roundup(conn, allocation_size); } - if(allocation_size == get_file_size(*psbuf)) { - return NT_STATUS_OK; - } - DEBUG(10,(smb_set_file_allocation_info: file %s : setting new allocation size to %.0f\n, fname, (double)allocation_size )); - + if (fsp fsp-fh-fd != -1) { /* Open file handle. */ - if (vfs_allocate_file_space(fsp, allocation_size) == -1) { - return map_nt_error_from_unix(errno); + /* Only change if needed. */ + if (allocation_size != get_file_size(*psbuf)) { + if (vfs_allocate_file_space(fsp, allocation_size) == -1) { + return map_nt_error_from_unix(errno); + } } + /* But always update the time. */ + if (null_timespec(fsp-pending_modtime)) { + /* +* This is equivalent to a write. Ensure it's seen immediately +* if there are no pending writes. +*/ + set_filetime(fsp-conn, fsp-fsp_name, timespec_current()); + } return NT_STATUS_OK; } @@ -4870,17 +4877,27 @@ FILE_ATTRIBUTE_NORMAL, FORCE_OPLOCK_BREAK_TO_NONE, NULL, new_fsp); - + if (!NT_STATUS_IS_OK(status)) { /* NB. We check for open_was_deferred in the caller. */ return status; } - if (vfs_allocate_file_space(new_fsp, allocation_size) == -1) { - status = map_nt_error_from_unix(errno); - close_file(new_fsp,NORMAL_CLOSE); - return status; + + /* Only change if needed. */ + if (allocation_size != get_file_size(*psbuf)) { + if (vfs_allocate_file_space(new_fsp, allocation_size) == -1) { + status = map_nt_error_from_unix(errno); + close_file(new_fsp,NORMAL_CLOSE); + return status; + } } + /* Changing the allocation size should set the last mod time. */ + /* Don't need to call set_filetime as this will be flushed on +* close. */ + + fsp_set_pending_modtime(new_fsp, timespec_current()); + close_file(new_fsp,NORMAL_CLOSE); return NT_STATUS_OK; } Modified: branches/SAMBA_3_2/source/smbd/trans2.c === --- branches/SAMBA_3_2/source/smbd/trans2.c 2007-07-12 18:02:04 UTC (rev 23854) +++ branches/SAMBA_3_2/source/smbd/trans2.c 2007-07-12 18:11:41 UTC (rev 23855) @@ -5009,18 +5009,25 @@ allocation_size = smb_roundup(conn, allocation_size); } - if(allocation_size == get_file_size(*psbuf)) { - return NT_STATUS_OK; - } - DEBUG(10,(smb_set_file_allocation_info: file %s : setting new allocation size to %.0f\n, fname, (double)allocation_size )); - + if (fsp fsp-fh-fd != -1) { /* Open file handle. */ - if (vfs_allocate_file_space(fsp, allocation_size) == -1) { - return map_nt_error_from_unix(errno); + /* Only change if needed. */ + if (allocation_size != get_file_size(*psbuf)) { + if (vfs_allocate_file_space(fsp, allocation_size) == -1) { + return map_nt_error_from_unix(errno); + } } + /* But always update the time. */ + if (null_timespec(fsp-pending_modtime)) { + /* +* This is equivalent to a write. Ensure it's seen immediately +* if there are no pending writes. +*/ + set_filetime(fsp-conn, fsp-fsp_name, timespec_current()); + } return NT_STATUS_OK; } @@ -5034,17 +5041,27 @@
svn commit: samba r23856 - in branches: SAMBA_3_2/source/modules SAMBA_3_2_0/source/modules
Author: jra Date: 2007-07-12 18:49:44 + (Thu, 12 Jul 2007) New Revision: 23856 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23856 Log: Add [EMAIL PROTECTED];s fix from Axel Apitz for ZFS ACLs. Jeremy. Modified: branches/SAMBA_3_2/source/modules/vfs_zfsacl.c branches/SAMBA_3_2_0/source/modules/vfs_zfsacl.c Changeset: Modified: branches/SAMBA_3_2/source/modules/vfs_zfsacl.c === --- branches/SAMBA_3_2/source/modules/vfs_zfsacl.c 2007-07-12 18:11:41 UTC (rev 23855) +++ branches/SAMBA_3_2/source/modules/vfs_zfsacl.c 2007-07-12 18:49:44 UTC (rev 23856) @@ -4,6 +4,9 @@ * Copyright (C) Jiri Sasek, 2007 * based on the foobar.c module which is copyrighted by Volker Lendecke * + * Many thanks to Axel Apitz for help to fix the special ace's handling + * issues. + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or @@ -71,7 +74,19 @@ aceprop.aceFlags = (uint32) acebuf[i].a_flags; aceprop.aceMask = (uint32) acebuf[i].a_access_mask; aceprop.who.id = (uint32) acebuf[i].a_who; - aceprop.flags= 0; + + if(aceprop.aceFlags ACE_OWNER) { + aceprop.flags = SMB_ACE4_ID_SPECIAL; + aceprop.who.special_id = SMB_ACE4_WHO_OWNER; + } else if(aceprop.aceFlags ACE_GROUP) { + aceprop.flags = SMB_ACE4_ID_SPECIAL; + aceprop.who.special_id = SMB_ACE4_WHO_GROUP; + } else if(aceprop.aceFlags ACE_EVERYONE) { + aceprop.flags = SMB_ACE4_ID_SPECIAL; + aceprop.who.special_id = SMB_ACE4_WHO_EVERYONE; + } else { + aceprop.flags = 0; + } if(smb_add_ace4(pacl, aceprop) == NULL) return 0; } @@ -103,6 +118,23 @@ acebuf[i].a_flags = aceprop-aceFlags; acebuf[i].a_access_mask = aceprop-aceMask; acebuf[i].a_who = aceprop-who.id; + if(aceprop-flags SMB_ACE4_ID_SPECIAL) { + switch(aceprop-who.special_id) { + case SMB_ACE4_WHO_EVERYONE: + acebuf[i].a_flags |= ACE_EVERYONE; + break; + case SMB_ACE4_WHO_OWNER: + acebuf[i].a_flags |= ACE_OWNER; + break; + case SMB_ACE4_WHO_GROUP: + acebuf[i].a_flags |= ACE_GROUP; + break; + default: + DEBUG(8, (unsupported special_id %d\n, \ + aceprop-who.special_id)); + continue; /* don't add it !!! */ + } + } } SMB_ASSERT(i == naces); @@ -178,8 +210,23 @@ {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} }; +/* != 0 if this module will be compiled as static */ + +#define STATIC 0 + +#if STATIC NTSTATUS vfs_zfsacl_init(void); -NTSTATUS vfs_zfsacl_init(void) +#else +NTSTATUS init_module(void); +#endif + +NTSTATUS +#if STATIC + vfs_zfsacl_init +#else + init_module +#endif + (void) { return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, zfsacl, zfsacl_ops); Modified: branches/SAMBA_3_2_0/source/modules/vfs_zfsacl.c === --- branches/SAMBA_3_2_0/source/modules/vfs_zfsacl.c2007-07-12 18:11:41 UTC (rev 23855) +++ branches/SAMBA_3_2_0/source/modules/vfs_zfsacl.c2007-07-12 18:49:44 UTC (rev 23856) @@ -4,6 +4,9 @@ * Copyright (C) Jiri Sasek, 2007 * based on the foobar.c module which is copyrighted by Volker Lendecke * + * Many thanks to Axel Apitz for help to fix the special ace's handling + * issues. + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or @@ -71,7 +74,19 @@ aceprop.aceFlags = (uint32) acebuf[i].a_flags; aceprop.aceMask = (uint32) acebuf[i].a_access_mask; aceprop.who.id = (uint32) acebuf[i].a_who; - aceprop.flags= 0; + + if(aceprop.aceFlags ACE_OWNER) { + aceprop.flags = SMB_ACE4_ID_SPECIAL; + aceprop.who.special_id = SMB_ACE4_WHO_OWNER; + } else if(aceprop.aceFlags ACE_GROUP) { + aceprop.flags = SMB_ACE4_ID_SPECIAL; +
svn commit: samba r23857 - in branches/SAMBA_3_0_25/source/smbd: .
Author: jra Date: 2007-07-12 21:53:15 + (Thu, 12 Jul 2007) New Revision: 23857 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23857 Log: Fix bug #4308 (Excel ACL bug). Now we're doing a 3.0.25c we need this. Jeremy. Modified: branches/SAMBA_3_0_25/source/smbd/posix_acls.c Changeset: Modified: branches/SAMBA_3_0_25/source/smbd/posix_acls.c === --- branches/SAMBA_3_0_25/source/smbd/posix_acls.c 2007-07-12 18:49:44 UTC (rev 23856) +++ branches/SAMBA_3_0_25/source/smbd/posix_acls.c 2007-07-12 21:53:15 UTC (rev 23857) @@ -47,7 +47,7 @@ DOM_SID trustee; enum ace_owner owner_type; enum ace_attribute attr; - posix_id unix_ug; + posix_id unix_ug; BOOL inherited; } canon_ace; @@ -828,20 +828,23 @@ not get. Deny entries are implicit on get with ace-perms = 0. / -static SEC_ACCESS map_canon_ace_perms(int snum, int *pacl_type, DOM_SID *powner_sid, canon_ace *ace, BOOL directory_ace) +static SEC_ACCESS map_canon_ace_perms(int snum, + int *pacl_type, + mode_t perms, + BOOL directory_ace) { SEC_ACCESS sa; uint32 nt_mask = 0; *pacl_type = SEC_ACE_TYPE_ACCESS_ALLOWED; - if (lp_acl_map_full_control(snum) ((ace-perms ALL_ACE_PERMS) == ALL_ACE_PERMS)) { + if (lp_acl_map_full_control(snum) ((perms ALL_ACE_PERMS) == ALL_ACE_PERMS)) { if (directory_ace) { nt_mask = UNIX_DIRECTORY_ACCESS_RWX; } else { nt_mask = UNIX_ACCESS_RWX; } - } else if ((ace-perms ALL_ACE_PERMS) == (mode_t)0) { + } else if ((perms ALL_ACE_PERMS) == (mode_t)0) { /* * Windows NT refuses to display ACEs with no permissions in them (but * they are perfectly legal with Windows 2000). If the ACE has empty @@ -857,18 +860,18 @@ nt_mask = 0; } else { if (directory_ace) { - nt_mask |= ((ace-perms S_IRUSR) ? UNIX_DIRECTORY_ACCESS_R : 0 ); - nt_mask |= ((ace-perms S_IWUSR) ? UNIX_DIRECTORY_ACCESS_W : 0 ); - nt_mask |= ((ace-perms S_IXUSR) ? UNIX_DIRECTORY_ACCESS_X : 0 ); + nt_mask |= ((perms S_IRUSR) ? UNIX_DIRECTORY_ACCESS_R : 0 ); + nt_mask |= ((perms S_IWUSR) ? UNIX_DIRECTORY_ACCESS_W : 0 ); + nt_mask |= ((perms S_IXUSR) ? UNIX_DIRECTORY_ACCESS_X : 0 ); } else { - nt_mask |= ((ace-perms S_IRUSR) ? UNIX_ACCESS_R : 0 ); - nt_mask |= ((ace-perms S_IWUSR) ? UNIX_ACCESS_W : 0 ); - nt_mask |= ((ace-perms S_IXUSR) ? UNIX_ACCESS_X : 0 ); + nt_mask |= ((perms S_IRUSR) ? UNIX_ACCESS_R : 0 ); + nt_mask |= ((perms S_IWUSR) ? UNIX_ACCESS_W : 0 ); + nt_mask |= ((perms S_IXUSR) ? UNIX_ACCESS_X : 0 ); } } DEBUG(10,(map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n, - (unsigned int)ace-perms, (unsigned int)nt_mask )); + (unsigned int)perms, (unsigned int)nt_mask )); init_sec_access(sa,nt_mask); return sa; @@ -2889,26 +2892,37 @@ } memset(nt_ace_list, '\0', (num_acls + num_def_acls) * sizeof(SEC_ACE) ); - + /* * Create the NT ACE list from the canonical ace lists. */ - + ace = file_ace; for (i = 0; i num_acls; i++, ace = ace-next) { SEC_ACCESS acc; - acc = map_canon_ace_perms(SNUM(conn), nt_acl_type, owner_sid, ace, fsp-is_directory); - init_sec_ace(nt_ace_list[num_aces++], ace-trustee, nt_acl_type, acc, ace-inherited ? SEC_ACE_FLAG_INHERITED_ACE : 0); + acc = map_canon_ace_perms(SNUM(conn), + nt_acl_type, + ace-perms, + fsp-is_directory); + init_sec_ace(nt_ace_list[num_aces++], + ace-trustee, + nt_acl_type, + acc, + ace-inherited ? +
Rev 578: fully save/restore scheduler parameters in http://samba.org/~tridge/ctdb
revno: 578 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell [EMAIL PROTECTED] branch nick: tridge timestamp: Fri 2007-07-13 09:35:46 +1000 message: fully save/restore scheduler parameters modified: common/ctdb_util.c ctdb_util.c-20061128065342-to93h6eejj5kon81-3 include/ctdb_private.h ctdb_private.h-20061117234101-o3qt14umlg9en8z0-13 server/ctdb_daemon.c ctdb_daemon.c-20070409200331-3el1kqgdb9m4ib0g-1 server/eventscript.c eventscript.c-20070704074533-95f10rsay8um8wrr-1 === modified file 'common/ctdb_util.c' --- a/common/ctdb_util.c2007-07-10 05:29:31 + +++ b/common/ctdb_util.c2007-07-12 23:35:46 + @@ -192,20 +192,42 @@ /* if possible, make this task real time */ -void ctdb_set_realtime(bool enable) +void ctdb_set_scheduler(struct ctdb_context *ctdb) { -#if HAVE_SCHED_SETSCHEDULER +#if HAVE_SCHED_SETSCHEDULER struct sched_param p; - p.__sched_priority = 1; - - if (enable) { - if (sched_setscheduler(getpid(), SCHED_FIFO, p) == -1) { - DEBUG(0,(Unable to set scheduler to SCHED_FIFO (%s)\n, strerror(errno))); - } else { - DEBUG(0,(Set scheduler to SCHED_FIFO\n)); - } + + if (ctdb-saved_scheduler_param == NULL) { + ctdb-saved_scheduler_param = talloc_size(ctdb, sizeof(p)); + } + + if (sched_getparam(0, (struct sched_param *)ctdb-saved_scheduler_param) == -1) { + DEBUG(0,(Unable to get old scheduler params\n)); + return; + } + + p = *(struct sched_param *)ctdb-saved_scheduler_param; + p.sched_priority = 1; + + if (sched_setscheduler(0, SCHED_FIFO, p) == -1) { + DEBUG(0,(Unable to set scheduler to SCHED_FIFO (%s)\n, strerror(errno))); } else { - sched_setscheduler(getpid(), SCHED_OTHER, p); + DEBUG(0,(Set scheduler to SCHED_FIFO\n)); + } +#endif +} + +/* + restore previous scheduler parameters + */ +void ctdb_restore_scheduler(struct ctdb_context *ctdb) +{ +#if HAVE_SCHED_SETSCHEDULER + if (ctdb-saved_scheduler_param == NULL) { + ctdb_fatal(ctdb, No saved scheduler parameters\n); + } + if (sched_setscheduler(0, SCHED_OTHER, (struct sched_param *)ctdb-saved_scheduler_param) == -1) { + ctdb_fatal(ctdb, Unable to restore old scheduler parameters\n); } #endif } === modified file 'include/ctdb_private.h' --- a/include/ctdb_private.h2007-07-12 22:47:02 + +++ b/include/ctdb_private.h2007-07-12 23:35:46 + @@ -308,6 +308,7 @@ struct ctdb_tcp_list *tcp_list; struct ctdb_client_ip *client_ip_list; bool do_setsched; + void *saved_scheduler_param; }; struct ctdb_db_context { @@ -948,7 +949,8 @@ uint32_t destnode, uint32_t db_id, uint64_t rsn); int ctdb_ctrl_delete_low_rsn(struct ctdb_context *ctdb, struct timeval timeout, uint32_t destnode, uint32_t db_id, uint64_t rsn); -void ctdb_set_realtime(bool enable); +void ctdb_set_scheduler(struct ctdb_context *ctdb); +void ctdb_restore_scheduler(struct ctdb_context *ctdb); int32_t ctdb_control_takeover_ip(struct ctdb_context *ctdb, struct ctdb_req_control *c, TDB_DATA indata, === modified file 'server/ctdb_daemon.c' --- a/server/ctdb_daemon.c 2007-07-12 22:47:02 + +++ b/server/ctdb_daemon.c 2007-07-12 23:35:46 + @@ -646,7 +646,7 @@ if (ctdb-do_setsched) { /* try to set us up as realtime */ - ctdb_set_realtime(true); + ctdb_set_scheduler(ctdb); } /* ensure the socket is deleted on exit of the daemon */ === modified file 'server/eventscript.c' --- a/server/eventscript.c 2007-07-12 22:47:02 + +++ b/server/eventscript.c 2007-07-12 23:35:46 + @@ -167,7 +167,7 @@ if (state-child == 0) { close(state-fd[0]); if (ctdb-do_setsched) { - ctdb_set_realtime(false); + ctdb_restore_scheduler(ctdb); } set_close_on_exec(state-fd[1]); va_start(ap, fmt);
Rev 575: added --nosetsched option to ctdbd in http://samba.org/~tridge/ctdb
revno: 575 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell [EMAIL PROTECTED] branch nick: tridge timestamp: Fri 2007-07-13 08:47:02 +1000 message: added --nosetsched option to ctdbd modified: config/functions functions-20070601105405-gajwirydr5a9zd6x-1 include/ctdb_private.h ctdb_private.h-20061117234101-o3qt14umlg9en8z0-13 server/ctdb_daemon.c ctdb_daemon.c-20070409200331-3el1kqgdb9m4ib0g-1 server/ctdbd.c ctdbd.c-20070411085044-dqmhr6mfeexnyt4m-1 server/eventscript.c eventscript.c-20070704074533-95f10rsay8um8wrr-1 === modified file 'config/functions' --- a/config/functions 2007-06-17 02:05:29 + +++ b/config/functions 2007-07-12 22:47:02 + @@ -43,6 +43,7 @@ echo ctdb daemon has died. Exiting wait for $service_name exit 1 } + [ $all_ok -eq 1 ] || sleep 1 done echo `/bin/date` Local service $service_name is up } === modified file 'include/ctdb_private.h' --- a/include/ctdb_private.h2007-07-10 05:29:31 + +++ b/include/ctdb_private.h2007-07-12 22:47:02 + @@ -307,6 +307,7 @@ struct ctdb_takeover takeover; struct ctdb_tcp_list *tcp_list; struct ctdb_client_ip *client_ip_list; + bool do_setsched; }; struct ctdb_db_context { === modified file 'server/ctdb_daemon.c' --- a/server/ctdb_daemon.c 2007-07-10 05:29:31 + +++ b/server/ctdb_daemon.c 2007-07-12 22:47:02 + @@ -644,8 +644,10 @@ } block_signal(SIGPIPE); - /* try to set us up as realtime */ - ctdb_set_realtime(true); + if (ctdb-do_setsched) { + /* try to set us up as realtime */ + ctdb_set_realtime(true); + } /* ensure the socket is deleted on exit of the daemon */ domain_socket_name = talloc_strdup(talloc_autofree_context(), ctdb-daemon.name); === modified file 'server/ctdbd.c' --- a/server/ctdbd.c2007-07-10 05:29:31 + +++ b/server/ctdbd.c2007-07-12 22:47:02 + @@ -47,6 +47,7 @@ const char *logfile; const char *recovery_lock_file; const char *db_dir; + int no_setsched; } options = { .nlist = ETCDIR /ctdb/nodes, .transport = tcp, @@ -108,6 +109,7 @@ { transport, 0, POPT_ARG_STRING, options.transport, 0, protocol transport, NULL }, { dbdir, 0, POPT_ARG_STRING, options.db_dir, 0, directory for the tdb files, NULL }, { reclock, 0, POPT_ARG_STRING, options.recovery_lock_file, 0, location of recovery lock file, filename }, + { nosetsched, 0, POPT_ARG_NONE, options.no_setsched, 0, disable setscheduler SCHED_FIFO call, NULL }, POPT_TABLEEND }; int opt, ret; @@ -224,6 +226,8 @@ talloc_free(name); } + ctdb-do_setsched = !!options.no_setsched; + /* start the protocol running (as a child) */ return ctdb_start_daemon(ctdb, interactive?False:True); } === modified file 'server/eventscript.c' --- a/server/eventscript.c 2007-07-10 05:29:31 + +++ b/server/eventscript.c 2007-07-12 22:47:02 + @@ -166,7 +166,9 @@ if (state-child == 0) { close(state-fd[0]); - ctdb_set_realtime(false); + if (ctdb-do_setsched) { + ctdb_set_realtime(false); + } set_close_on_exec(state-fd[1]); va_start(ap, fmt); ret = ctdb_event_script_v(ctdb, fmt, ap);
Rev 577: fixed the sense of do_setsched in http://samba.org/~tridge/ctdb
revno: 577 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell [EMAIL PROTECTED] branch nick: tridge timestamp: Fri 2007-07-13 09:14:31 +1000 message: fixed the sense of do_setsched modified: server/ctdbd.c ctdbd.c-20070411085044-dqmhr6mfeexnyt4m-1 === modified file 'server/ctdbd.c' --- a/server/ctdbd.c2007-07-12 22:47:02 + +++ b/server/ctdbd.c2007-07-12 23:14:31 + @@ -226,7 +226,7 @@ talloc_free(name); } - ctdb-do_setsched = !!options.no_setsched; + ctdb-do_setsched = !options.no_setsched; /* start the protocol running (as a child) */ return ctdb_start_daemon(ctdb, interactive?False:True);
Build status as of Fri Jul 13 00:00:02 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-07-12 00:00:57.0 + +++ /home/build/master/cache/broken_results.txt 2007-07-13 00:01:09.0 + @@ -1,4 +1,4 @@ -Build status as of Thu Jul 12 00:00:02 2007 +Build status as of Fri Jul 13 00:00:02 2007 Build counts: Tree Total Broken Panic @@ -7,18 +7,18 @@ ccache 35 8 0 ctdb 0 0 0 distcc 2 0 0 -ldb 33 3 0 +ldb 35 4 0 libreplace 33 10 0 lorikeet-heimdal 31 14 0 pidl 19 4 0 ppp 15 10 0 python 0 0 0 -rsync35 14 0 +rsync36 13 0 samba-docs 0 0 0 samba-gtk4 4 0 -samba4 33 21 5 -samba_3_233 19 0 -smb-build32 32 0 -talloc 35 1 0 -tdb 34 2 0 +samba4 33 22 5 +samba_3_234 19 0 +smb-build33 33 0 +talloc 36 1 0 +tdb 34 3 0
Rev 576: allow extra option override in /etc/sysconfig/ctdb in http://samba.org/~tridge/ctdb
revno: 576 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell [EMAIL PROTECTED] branch nick: tridge timestamp: Fri 2007-07-13 09:14:15 +1000 message: allow extra option override in /etc/sysconfig/ctdb modified: config/ctdb.init ctdb.init-20070527204758-biuh7znabuwan3zn-6 === modified file 'config/ctdb.init' --- a/config/ctdb.init 2007-06-04 12:13:59 + +++ b/config/ctdb.init 2007-07-12 23:14:15 + @@ -41,8 +41,6 @@ # check networking is up (for redhat) [ ${NETWORKING} = no ] exit 0 -CTDB_OPTIONS= - [ -z $CTDB_RECOVERY_LOCK ] { echo You must configure the location of the CTDB_RECOVERY_LOCK exit 1
svn commit: samba r23858 - in branches: SAMBA_3_2/source/include SAMBA_3_2/source/lib SAMBA_3_2/source/smbd SAMBA_3_2_0/source/include SAMBA_3_2_0/source/lib SAMBA_3_2_0/source/smbd
Author: jra Date: 2007-07-13 01:22:09 + (Fri, 13 Jul 2007) New Revision: 23858 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23858 Log: Added srvstr_pull_buf_talloc() and srvstr_pull_talloc() calls and converted reply_tcon and reply_tconX to use them - to show the boilerplate usage (valgrind tested). In conjunction with Volker's srvstr_get_path_talloc() work this should allow us to start eliminating all pstrings/fstrings out of the main path processing code. I'll watch the build farm tonight... Jeremy. Modified: branches/SAMBA_3_2/source/include/safe_string.h branches/SAMBA_3_2/source/include/srvstr.h branches/SAMBA_3_2/source/lib/charcnv.c branches/SAMBA_3_2/source/smbd/reply.c branches/SAMBA_3_2_0/source/include/safe_string.h branches/SAMBA_3_2_0/source/include/srvstr.h branches/SAMBA_3_2_0/source/lib/charcnv.c branches/SAMBA_3_2_0/source/smbd/reply.c Changeset: Sorry, the patch is too large (1378 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23858
Rev 580: ensure killtcp structure is initialised in http://samba.org/~tridge/ctdb
revno: 580 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell [EMAIL PROTECTED] branch nick: tridge timestamp: Fri 2007-07-13 11:55:58 +1000 message: ensure killtcp structure is initialised modified: server/ctdb_takeover.c ctdb_takeover.c-20070525071636-a5n1ihghjtppy08r-2 === modified file 'server/ctdb_takeover.c' --- a/server/ctdb_takeover.c2007-07-13 01:31:18 + +++ b/server/ctdb_takeover.c2007-07-13 01:55:58 + @@ -908,7 +908,8 @@ } -/* called every second until all sentenced connections have been reset +/* + called every second until all sentenced connections have been reset */ static void ctdb_tickle_sentenced_connections(struct event_context *ev, struct timed_event *te, struct timeval t, void *private_data) @@ -976,7 +977,7 @@ a new structure */ if (killtcp == NULL) { - killtcp = talloc(ctdb, struct ctdb_kill_tcp); + killtcp = talloc_zero(ctdb, struct ctdb_kill_tcp); CTDB_NO_MEMORY(ctdb, killtcp); killtcp-ctdb= ctdb; @@ -1027,7 +1028,7 @@ /* We also need to set up some events to tickle all these connections until they are all reset */ - event_add_timed(ctdb-ev, killtcp, timeval_current_ofs(0, 0), + event_add_timed(ctdb-ev, killtcp, timeval_zero(), ctdb_tickle_sentenced_connections, killtcp); }
Rev 579: - merge from ronnie in http://samba.org/~tridge/ctdb
revno: 579 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell [EMAIL PROTECTED] branch nick: tridge timestamp: Fri 2007-07-13 11:31:18 +1000 message: - merge from ronnie - cleaner handling of system capture socket modified: client/ctdb_client.c ctdb_client.c-20070411010216-3kd8v37k61steeya-1 common/ctdb_util.c ctdb_util.c-20061128065342-to93h6eejj5kon81-3 common/system.csystem.c-20070525071636-a5n1ihghjtppy08r-3 config/events.d/60.nfs nfs-20070601141008-hy3h4qgbk1jd2jci-1 doc/ctdbd.1ctdbd.1-20070610004249-06awdka4n3gyea3w-1 doc/ctdbd.1.html ctdbd.1.html-20070610004253-y2xxgjfgnpsucekc-1 include/ctdb_private.h ctdb_private.h-20061117234101-o3qt14umlg9en8z0-13 server/ctdb_call.c ctdb_call.c-20061128065342-to93h6eejj5kon81-1 server/ctdb_control.c ctdb_control.c-20070426122724-j6gkpiofhbwdin63-1 server/ctdb_server.c ctdb.c-20061127094323-t50f58d65iaao5of-2 server/ctdb_takeover.c ctdb_takeover.c-20070525071636-a5n1ihghjtppy08r-2 tools/ctdb.c ctdb_control.c-20070426122705-9ehj1l5lu2gn9kuj-1 revno: 432.1.136 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie Sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Thu 2007-07-12 11:43:30 +1000 message: netinet/if_ether.h is more portable than net/ethernet.h revno: 432.1.135 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie Sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Thu 2007-07-12 11:31:20 +1000 message: the posix.4 name for the priority field is sched_priority not __sched_priority revno: 432.1.134 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie Sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Thu 2007-07-12 09:22:06 +1000 message: as an optimization for when we want to send multiple tickles at a time let the caller create the sending socket and use a single socket instead of one new one for each tickle. pass a sending socket to ctdb_sys_send_tcp() ctdb_sys_kill_tcp is not longer used so remove it set the socketflags for close on exec and nonblocking in the helper that creates the sockets instead of in the caller add a helper to create a sending socket to send tickles from revno: 432.1.133 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie Sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Thu 2007-07-12 08:52:24 +1000 message: rename killtcp-fd to killtcp-capture_fd we might want to have two sockets attached to the killtcp structure one for capturing and a second one for sending so we dont have to create a new socket for each tickle we want to send revno: 432.1.132 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie Sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Thu 2007-07-12 08:31:56 +1000 message: ctdb killtcp no longer takes a numrst argument to control how many times to try the reset. the reset retry attempt is now handled inside the daemon update the 60.nfs script and remove this parameter that is no longer used revno: 432.1.131 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie Sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Thu 2007-07-12 08:30:04 +1000 message: make the ctdb tool use the killtcp control in the daemon instead of calling killtcp directly revno: 432.1.130 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie Sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Wed 2007-07-11 18:24:25 +1000 message: add daemon code for the new kill_tcp control revno: 432.1.129 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie Sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Wed 2007-07-11 18:13:03 +1000 message: add a ctdb_ prefix to two public functions revno: 432.1.128