Re: [Samba] change in AD authentication behaviour since 3.0.24

[John Hodrien]

On Wed, 20 Feb 2008, Robert Cohen wrote:


Ok, I thought winbind was only relevant if you were using AD as a NSS (name
service source). We have all the users in the name service from LDAP or
NIS+. We're only getting the passwords from AD.

I guess this could be an unusual combination and could be whats causing our
problems...


Probably unusual.  I do that too, running ldap/krb5 for NSS and samba server.
Setting ACLs from the client doesn't work unless winbind is running, as the
server needs to map SIDs to UIDs.

jh

--
Clothes make the man.  Naked people have little or no influence on society.
 -- Mark Twain
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] sambaPwdMustChange attribute didn't get updated (3.0.27a)

[Markus Kahle]

Hi there,

i got into some trouble after updating my samba installation to 3.0.27a. 
My installation uses Samba-3.0.27a,OpenLDAP-2.2.13,smbldap-tools-0.9.2 
as a PDC NT4-domain.Originally I used the installation-guide from 
smbldap-tools and everything worked fine. I also limited the access to 
LDAP as told in the installation-guide with no problems.
After updating to 3.0.27a i realized that when using the usrmgr.exe, the 
password preferences in policies - accounts didn't got saved - only the 
password-length option got saved.
After doing some research, i managed to solve this by adding the 
following LDAP attributes to the access rules in slapd.conf:


sambaMinPwdLength
sambaPwdHistoryLength
sambaLogonToChgPwd
sambaMaxPwdAge
sambaMinPwdAge
sambaLockoutDuration
sambaLockoutObservationWindow
sambaLockoutThreshold
sambaForceLogoff
sambaRefuseMachinePwdChange

But one problem still exists:

If Windows-users change their password via the normal Windows dialog, 
the password got changed in LDAP , also the sambaLastChange attribute 
got updated , BUT sambaPwdCanChange and sambaPwdMustChange attributes 
didn't update and so all the Maximum Password Age stuff, including 
remind users of their password expiration and force user to change their 
 password if expire didn't work anymore.


I can't find any other maybe access right problems within ldap, so why 
the sambaPwdMustChange Attribute didn't update ??


The problem also exist when adding a new user. After the user change his 
password at first login, the sambaPwdMustChange Attribute didn't update.



slapd.conf digest
--
access to 
attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdMustChange

by dn=cn=samba,ou=DSA,dc=bel-gmbh,dc=lan write
by dn=cn=smbldap-tools,ou=DSA,dc=bel-gmbh,dc=lan write
by dn=cn=nssldap,ou=DSA,dc=bel-gmbh,dc=lan write
by self write
by anonymous auth
by * none

access to 
attrs=objectClass,entry,homeDirectory,uid,uidNumber,gidNumber,memberUid

by dn=cn=samba,ou=DSA,dc=bel-gmbh,dc=lan write
by dn=cn=smbldap-tools,ou=DSA,dc=bel-gmbh,dc=lan write
by * read

access to 
attrs=description,telephoneNumber,roomNumber,homePhone,loginShell,gecos,cn,sn,givenname

by dn=cn=samba,ou=DSA,dc=bel-gmbh,dc=lan write
by dn=cn=smbldap-tools,ou=DSA,dc=bel-gmbh,dc=lan write
by self write
by * read

access to 
attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,sambaLogoffTime,sambaKickoffTime,

sambaPwdCanChange,sambaPwdMustChange,sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,
sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName,sambaMungedDial,
sambaBadPasswordCount,sambaBadPasswordTime,sambaPasswordHistory,sambaLogonHours,sambaSID,sambaSIDList,sambaTrustFlags,
sambaGroupType,sambaNextRid,sambaNextGroupRid,sambaNextUserRid,sambaAlgorithmicRidBase,sambaShareName,sambaOptionName,
sambaBoolOption,sambaIntegerOption,sambaStringOption,sambaStringListoption,sambaMinPwdLength,sambaPwdHistoryLength,
sambaLogonToChgPwd,sambaMaxPwdAge,sambaMinPwdAge,sambaLockoutDuration,sambaLockoutObservationWindow,sambaLockoutThreshold,
sambaForceLogoff,sambaRefuseMachinePwdChange
by dn=cn=samba,ou=DSA,dc=bel-gmbh,dc=lan write
by dn=cn=smbldap-tools,ou=DSA,dc=bel-gmbh,dc=lan write
by self read
by * none

access to dn.base=dc=bel-gmbh,dc=lan
by dn=cn=samba,ou=DSA,dc=bel-gmbh,dc=lan write
by dn=cn=smbldap-tools,ou=DSA,dc=bel-gmbh,dc=lan write
by * none

access to dn=ou=Users,dc=bel-gmbh,dc=lan
by dn=cn=samba,ou=DSA,dc=bel-gmbh,dc=lan write
by dn=cn=smbldap-tools,ou=DSA,dc=bel-gmbh,dc=lan write
by * none

access to dn=ou=Groups,dc=bel-gmbh,dc=lan
by dn=cn=samba,ou=DSA,dc=bel-gmbh,dc=lan write
by dn=cn=smbldap-tools,ou=DSA,dc=bel-gmbh,dc=lan write
by * none

access to dn=ou=Computers,dc=bel-gmbh,dc=lan
by dn=cn=samba,ou=DSA,dc=bel-gmbh,dc=lan write
by dn=cn=smbldap-tools,ou=DSA,dc=bel-gmbh,dc=lan write
by * none

access to *
by self read
by * read
--


Thanks in advance for all hints and suggestions..



Bye,

Markus Kahle

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Joining Domain Problem only with XP SP2

[Robert]

On Sunday 17 February 2008, Rune Tønnesen wrote:
 Robert skrev:
  On Saturday 16 February 2008, Doug VanLeuven wrote:
  Robert wrote:
  I've having trouble getting XP SP2's to join a domain. Whenever I try
  to join, at the point I'm asked for a user name and password with
  permission to join the domain, I enter root and root's password, then
  get the dreaded Unknown user or bad password error message.
 
  The clients are a mixed bunch with some 98's, 1 Win2K, a few XP SP1 (I
  know, I know!, but it's not a priority to management who has me
  fighting other fires), and the rest being XP SP2. I *ONLY* get the
  error with XP SP2. The Win2K and SP1 all join no problem, so it
  shouldn't be a problem with the Samba PDC or the config file else none
  should be joining. The 98's aren't a problem of course. In fact, for
  reasons I can't figure out, 2 of the SP2's joined too. What is stopping
  the SP2's from joining?
 
  I've tried creating the machine accounts by hand, but that had no
  effect. I cranked up the logging and it looks to me like root
  authenticates correctly, but I still get the error.
 
  Background: The original Samba PDC machine was getting old so
  management decided to trash it. I was tasked with putting together a
  replacement machine. I am using Kubuntu 7.10 (Gutsy) with Samba
  3.0.26a. I disconnected the client machines from the domain (switched
  them to workgroup), then tried to reconnect with the new server online.
  The old server is physically gone.
 
  As I stated, only the XP SP2's are not joining. I'm including my
  smb.conf, but considering the XP SP1's and the one Win2K (which is
  actually running as a virtual machine with XP SP2 as a host OS; this XP
  SP2 won't join) all join, the config file should be correct, and I have
  a root user in my smbpassword file, and I'm typing the password
  correctly. Therefore it has to be something to do with the SP2's.
  Possibly some registry setting??? Right now the XP SP2's are running as
  workgroup computers.
 
  Yes, the old domain and new domain name are the same, but I've already
  tried changing the new name to something different then joining but
  with no luck.
 
  #=== Global Settings
  = [global]
  debug level = 2
  workgroup = hap
  netbios name = linuxII
  hosts allow = 192.168.1. 127.
  printcap name = cups
  load printers = yes
  printing = cups
  guest account = pcguest
  log file = /var/log/samba/log.%m
  max log size = 50
  security = user
  encrypt passwords = true
  passdb backend = tdbsam
  unix password sync = yes
  passwd program = /usr/bin/passwd %u
  passwd chat = *New*UNIX*password* %n\n
  *ReType*new*UNIX*password*
  %n\n*passwd:*all*authentication*tokens*updated*successfully* username
  map = /etc/samba/smbusers
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  interfaces = 192.168.1.8/32 127.0.0.1/32
  bind interfaces only = true
  local master = yes
  os level = 34
  domain master = yes
  preferred master = yes
  domain logons = yes
  logon script =  home.bat
  logon path = \\%L\profiles\%U
  logon home = \\%L\%U
  logon drive = H:
  name resolve order = wins lmhosts bcast
  wins support = yes
  wins proxy = yes
   hide dot files = yes
   deadtime = 15
   disable spoolss = yes
   show add printer wizard = no
   add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false %u
   time server = yes
  # Share Definitions =
 
  [homes]
 comment = Home Directory
 browseable = no
 writable = yes
 
  # Un-comment the following and create the netlogon directory for Domain
  Logons [netlogon]
 comment = Net
 
   Logon Service
 path = /home/netlogon
 guest ok = yes
 writable = no
  #...Lots more shares...snip
  #=end config file=
 
  Since it's just XP SP2, you might want to look at the XP firewall
  settings that were added by default during the SP2 update.  Get there
  Control Panel/Windows Firewall.  In there is file and printer sharing
  blocking on by default for notebooks and computers directly on the
  internet. Maybe you already looked at this.  Nothing else stands out.
 
  Regards, Doug
 
  It's a good thought. I'll check it, but I don't think that's the problem.
  As I said, the XP SP2's are functioning as workgroup computers for now,
  so the users can access their home shares just fine. Unless I'm badly
  mistaken, file and printer sharing blocking, if on, should block this
  too.

 Hi Robert

 I've think i found the solution to your problem. what is the name of the
 workgroup, it's not in your smb.conf?
 Since the SP2 pc's are in a workgroup with the same name as your
 domainname they need to be taken out of the that particular workgroup
 before you can join them to your domain. To join them to your domain do
 as follows:

1. Make a workstation member of a workgroup with a name differet to
   your 

[Samba] Groupmapping Samba-AD

[Bernd Bednarz]

Hi everyone,

I tried to map a group from my AD to my local unixgroup.
To get groups in samba I create one groupmap like this:

$ net groupmap add ntgroup=H+BEDV unixgroup=hbedv

Now I want to map my H+BEDV group from AD to the same unixgroup.

$ net groupmap add sid=S-1-5-21-1024011789-1237596223-2747892489-1534
unixgroup=hbedv type=domain

But it don't works 'cause there is already an entry for the unixgroup.
What should I do to map my samba H+BEDV group to my AD H+BEDV group?


The background is we want to migrate and we want to do it step by step.
So we have some clients in the samba domain an some in the ad domain.
I hope you understand what I want to do.


Best regards,
Bernd Bednarz
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: cifs verses smbfs for Linux clients

[Volker Lendecke]

On Wed, Feb 20, 2008 at 12:56:00AM -0800, Steve Langasek wrote:
 Is this a problem practically, or is it a matter of the Samba Team's
 licensing policy?
 
 As this is a stand-alone shell script, I wouldn't expect there to be any
 license compatibility issues; but if it's a requirement that even shell
 scripts be GPLv3 to ship with Samba, I'll concede GPLv2 or greater.

Well, it's not a strict requirement. But we would like it to
be as consistent as possible.

What do others think? Can we replace smbmount with such a
wrapper for 3.2? Jeremy? Jerry?

Volker


pgpzP0hdLzCs3.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with samba+openldap with regard changing passwords from windows

[Alan Goodman]

Edmundo Valle Neto wrote:

Alan Goodman escreveu:

Edmundo Valle Neto wrote:

Alan Goodman escreveu:
I have implemented samba with LDAP backend, domain logins and 
roaming profiles and everything is great - except for one thing.


Noone can change their passwords from windows - trying to change 
your password results in windows telling you your not allowed to do 
that!


I did smbldap-show alan and among other information the line: 
sambaPwdCanChange: 0 appeared.


From my understanding if I do smbldap-usermod -A0 -B0 alan that 
line should then be changed to have a value of 1 allowing users to 
change passwords from their windows logins, however running the 
above command does not appear to be changing these values at all 
and thus im left with manually smbldap-passwd user to change each 
persons passwords (which does work)


If someone could let me know which logs you require and how to 
obtain them I would be happy to post them up here.


OS = CentOS 5.1

Alan


Post your smb.conf.

Edmundo Valle Neto

http://pastebin.com/f5fba0114

Alan


netbios name = MARANATHACENTRA

Netbios names can have a maximum of 12 characters, it will probably be 
truncated. (but this isnt related to your problem)


You only need password options if you want that unix passwords stay in 
sync.


Then, you only need ldap passwd sync = Yes. Its commented out, you 
already tried it? What happens?


These three options together works too.
unix password sync = Yes
passwd program = /usr/local/sbin/smbldap-passwd -u %u
passwd chat = Changing password for*\nNew password* %n\n *Retype 
new password* %n\n


Theres a double quote that isn't needed at the end (its not opening 
nor closing any string), the old smbldap-tools documentation shows 
that way (wrong), I dont have sure if it is really a problem.


If it doesn't work as you said that it works at command line, include 
a piece of log using level 3 when a client try to change its password.


Regards.

Edmundo Valle Neto

Besides that, the configuration is right.

/usr/local/sbin/smbldap-passwd -u anyuser works when executed from 
the command line?

What samba version you use, you compile your own packages?

Here you go...

http://pastebin.com/f61c911dd - logs

In answer to your questions...

Yeah that command works as root on the CLI
Samba version is 3.0.25b-1.el5_1.4
No I used the RPM's
OpenLDAP version...
slapd -V
@(#) $OpenLDAP: slapd 2.3.27 (Nov 10 2007 09:24:08) $
   
[EMAIL PROTECTED]:/builddir/build/BUILD/openldap-2.3.27/openldap-2.3.27/build-servers/servers/slapd 



Many thanks for your help.  It is much appreciated.

Alan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba crashing word and excell?

[Tamas Csabina]

On Tue, Feb 05, 2008 at 05:31:42PM +, Benedict White wrote:
 I am having some trouble with Samba. It was working fine on an old server 
 with 3.0.21.
 
 Now I have updated to 3.0.28 (via 3.0.25) and a bigger fatter faster server.
 
 There are two problems. Firstly the new server seems slower than the old 
 one, and some users 
 are experiencing intermittent data loss via MS apps such as Word or Excell 
 crashing.
 
 The system runs on Arch Linux, with a slightly modified package to include 
 winbind.

 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8576 
 SO_SNDBUF=8576

On Tue, Feb 05, 2008 at 09:53PM, Jeremy Allison wrote:
 Remove the socket options line. It always amazes me that people
 think they can outguess the kernel for resource allocation.

 socket options hails from a time long long ago, when TCP
 was not so well tuned.

 Jeremy.


Mr. White mentioned 2 problems:

sys_acl_set_file type file failed
smb_set_file_dosmode: file_set_dosmode ... (Operation not permitted)


Is this 'socket options' is related to both problems? I`m having the 
`smb_set_file_dosmode` error too. 

From log.smbd:
[2008/02/19 10:33:09, 2] smbd/trans2.c:smb_set_file_dosmode(4151)
  smb_set_file_dosmode: file_set_dosmode of 
space/server/space/wcs/RCS/w_reset_date.c,v failed (Operation not permitted)
[2008/02/19 10:33:09, 3] smbd/error.c:error_packet_set(106)
  error packet at smbd/trans2.c(6048) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED

This problem occurred after updating to 3.0.26a.


Regards,
Tamas


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba doesn't accept groups?

[[EMAIL PROTECTED]]

Hi you all!
this is my strange problem of the day!
I use Debian stable, linux 2.6.18-5-686, samba Version 3.0.24.

Here's my smb.conf

[global]
workgroup = NO1KNOWS
realm = NO1KNOWS
bios name = PBT
server string = Rob's Samba
dns proxy = no
os level = 64
log file = /var/log/samba/log.%m
max log size = 50
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
invalid users = root
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX
spassword:* %n\n .
password server = 127.0.0.1 ;   pam password change = no
socket options = TCP_NODELAY SO_SNDBUF=8192
local master = yes
domain master =yes
preferred master = yes
domain logons = yes
hosts allow = 127.0.0.1 192.168.3.2/32 192.168.3.3/32 192.168.3.4/32
192.168.3.9/32 192.168.3.22/32 192.168.3.93/32 192.168.2.93/3\
2
logon path = \\%L\profiles\%u\%m
logon script = logon.bat
logon drive = H:
logon home = \\%L\%u\.win_profile\%m
time server = yes
logon home = \\%L\%U\.profile
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false %u
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/lib/netlogon
read only = yes
write list = @admin
guest ok = no
writable = no
share modes = no
browsable = no
[homes]
comment = Home Directories
read only = no
browseable = no
writable = yes
create mask = 0600
directory mask = 0700
guest ok = no
map archive = yes

[Tutto]
path = /tutto
writable = yes
create mask = 0750
directory mask = 0750
browseable = yes
read only = no
guest ok = no

[Condivisa]
path = /condivisa
writable = yes
create mask = 0777
directory mask = 0777
browseable = yes
read only = no
guest ok = no

[EMAIL PROTECTED]:~$ smbmount  //pbt3/Condivisa /home/rob/Condivisa -o
username=rob,password=ZZ,uid=rob,gid=ufficio
[EMAIL PROTECTED]:~$

but this is what i get:

pbt:~# smbstatus 
WARNING: The printer admin option is deprecated

Samba version 3.0.24
PID Username  Group Machine
---
20761   rob   rob   192.168.3.93 (192.168.3.93)

Service  pid machine   Connected at
---
Tutto20761   192.168.3.93  Wed Feb 20 12:18:10 2008
Condivisa20761   192.168.3.93  Wed Feb 20 12:17:58 2008

No locked files

pbt:~#

It seems it doesn't accept GID.
any help?
tnx in adv.


signature.asc
Description: Questa è una parte del messaggio	firmata digitalmente
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] change in AD authentication behaviour since 3.0.24

[Charles Marcus]

On 2/19/2008, Robert Cohen ([EMAIL PROTECTED]) wrote:

I'm not sure whether its the same problem as us.

BTW I should mention that we're simply not using winbind.
The behaviour I'm talking about is when an XP client machine attempts 
to

connect to our server to get a network share.

So winbind doesn't enter into the equation.


From the 3.0.25 release notes (3rd paragraph is most relevant to you):

Member servers, domain accounts, and smb.conf
=

Since Samba 3.0.8, it has been recommended that all domain accounts
listed in smb.conf on a member server be fully qualified with the
domain name.  This is now a requirement.  All unqualified names are
assumed to be local to the Unix host, either as part of the server's
local passdb or in the local system list of accounts (e.g. /etc/passwd
or /etc/group).

The reason for this change is that smbd has transitioned from
access checks based on string comparisons to token based
authorization.  All names are resolved to a SID and then verified
against the logged on user's NT user token.  Local names will
resolve to a local SID, while qualified domain names will resolve
to the appropriate domain SID.

If the member server is not running winbindd at all, domain
accounts will be implicitly mapped to local accounts and their
tokens will be modified appropriately to reflect the local
SID and group membership.

For example, the following share will restrict access to the
domain group Linux Admins and the local group srvadmin.

[restricted]
path = /data
valid users = +DOMAIN\Linux Admins +srvadmin


--

Best regards,

Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] using MD5 to cipher password

[Luigi Santangelo]

Hi everybody, 
When I create a new user with smbpasswd -a, can I encrypt the password 
with MD5 protocol instead of NTLM protocol?
What I Would do is to insert into the smbpasswd file a new user with 
its password encrypted by MD5. 
Thanks
Best regards




Tiscali Voce 8 Mega: Telefono+Adsl SENZA LIMITI a  4,95 Euro al mese!
http://abbonati.tiscali.it/promo/mail_ol200208/

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: cifs verses smbfs for Linux clients

[simo]

On Wed, 2008-02-20 at 11:54 +0100, Volker Lendecke wrote:
 On Wed, Feb 20, 2008 at 12:56:00AM -0800, Steve Langasek wrote:
  Is this a problem practically, or is it a matter of the Samba Team's
  licensing policy?
  
  As this is a stand-alone shell script, I wouldn't expect there to be any
  license compatibility issues; but if it's a requirement that even shell
  scripts be GPLv3 to ship with Samba, I'll concede GPLv2 or greater.
 
 Well, it's not a strict requirement. But we would like it to
 be as consistent as possible.
 
 What do others think? Can we replace smbmount with such a
 wrapper for 3.2? Jeremy? Jerry?

Uhmm I think wrappers like this should be distribution specific, maybe
we can put it in the examples ?

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer [EMAIL PROTECTED]
Senior Software Engineer at Red Hat Inc. [EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem connecting to Samba server

[Lionel Pinkhard]

Hi,

Well, thanks for reading, would appreciate *ANY* help! Here goes...

[2008/02/19 18:05:51, 0] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/smbd/server.c:main(944)
  smbd version 3.0.25b started.
  Copyright Andrew Tridgell and the Samba Team 1992-2007
[2008/02/19 18:05:51, 2] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/param/loadparm.c:do_section(3780)
  Processing section [homes]
[2008/02/19 18:05:51, 2] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/param/loadparm.c:do_section(3780)
  Processing section [netlogon]
[2008/02/19 18:05:51, 2] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/param/loadparm.c:do_section(3780)
  Processing section [printers]
[2008/02/19 18:05:51, 2] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/param/loadparm.c:do_section(3780)
  Processing section [tmp]
[2008/02/19 18:05:51, 2] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/param/loadparm.c:do_section(3780)
  Processing section [profiles]
[2008/02/19 18:05:51, 2] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/param/loadparm.c:do_section(3780)
  Processing section [public]
[2008/02/19 18:05:51, 3] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/param/loadparm.c:lp_add_ipc(2701)
  adding IPC service
[2008/02/19 18:05:51, 3] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/printing/pcap.c:pcap_cache_reload(117)
  reloading printcap cache
[2008/02/19 18:05:51, 3] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/printing/pcap.c:pcap_cache_reload(223)
  reload status: ok
[2008/02/19 18:05:51, 3] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/printing/pcap.c:pcap_cache_reload(117)
  reloading printcap cache
[2008/02/19 18:05:51, 3] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/printing/pcap.c:pcap_cache_reload(223)
  reload status: ok
[2008/02/19 18:05:56, 0] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/nmbd/nmbd.c:main(697)
  Netbios nameserver version 3.0.25b started.
  Copyright Andrew Tridgell and the Samba Team 1992-2007
[2008/02/19 18:05:56, 3] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/nmbd/nmbd.c:reload_nmbd_services(261)
  services not loaded
[2008/02/19 18:05:56, 2] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/nmbd/nmbd.c:main(721)
  Becoming a daemon.
[2008/02/19 18:05:56, 2] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/lib/tallocmsg.c:register_msg_pool_usage(105)
  Registered MSG_REQ_POOL_USAGE
[2008/02/19 18:05:56, 2] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/lib/dmallocmsg.c:register_dmalloc_msgs(75)
  Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2008/02/19 18:05:56, 3] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/nmbd/nmbd.c:main(759)
  Opening sockets 137
[2008/02/19 18:05:56, 3] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/nmbd/nmbd.c:open_sockets(615)
  open_sockets: Broadcast sockets opened.
[2008/02/19 18:05:56, 2] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/lib/interface.c:add_interface(81)
  added interface ip=10.0.0.1 bcast=10.255.255.255 nmask=255.0.0.0
[2008/02/19 18:05:56, 2] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/nmbd/nmbd_subnetdb.c:make_subnet(144)
  making subnet name:10.0.0.1 Broadcast address:10.255.255.255 Subnet 
mask:255.0.0.0
[2008/02/19 18:05:56, 2] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/nmbd/nmbd_subnetdb.c:make_subnet(144)
  making subnet name:UNICAST_SUBNET Broadcast address:10.0.0.1 Subnet 
mask:10.0.0.1
[2008/02/19 18:05:56, 2] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/nmbd/nmbd_subnetdb.c:make_subnet(144)
  making subnet name:REMOTE_BROADCAST_SUBNET Broadcast address:0.0.0.0 Subnet 
mask:0.0.0.0
[2008/02/19 18:05:56, 2] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/nmbd/nmbd_subnetdb.c:make_subnet(144)
  making subnet name:WINS_SERVER_SUBNET Broadcast address:0.0.0.0 Subnet 
mask:0.0.0.0
[2008/02/19 18:05:56, 2] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/nmbd/nmbd_lmhosts.c:load_lmhosts_file(41)
  load_lmhosts_file: Can't open lmhosts file /etc/samba/lmhosts. Error was No 
such file or directory
[2008/02/19 18:05:56, 3] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/nmbd/nmbd.c:main(778)
  Loaded hosts file /etc/samba/lmhosts
[2008/02/19 18:05:56, 3] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/nmbd/nmbd_namelistdb.c:add_name_to_subnet(247)
  add_name_to_subnet: Added netbios name *00 with first IP 10.0.0.1 ttl=0 
nb_flags=60 to subnet WINS_SERVER_SUBNET
[2008/02/19 18:05:56, 3] 
/usr/obj/ports/samba-3.0.25b-cups-ldap/samba-3.0.25b/source/nmbd/nmbd_namelistdb.c:add_name_to_subnet(247)
  add_name_to_subnet: Added netbios name *20 with first IP 10.0.0.1 ttl=0 
nb_flags=60 to subnet WINS_SERVER_SUBNET
[2008/02/19 18:05:56, 3] 

Re: [Samba] Problem with samba+openldap with regard changing passwords from windows

[Edmundo Valle Neto]

(...)


Here you go...

http://pastebin.com/f61c911dd - logs

In answer to your questions...

Yeah that command works as root on the CLI
Samba version is 3.0.25b-1.el5_1.4
No I used the RPM's
OpenLDAP version...
slapd -V
@(#) $OpenLDAP: slapd 2.3.27 (Nov 10 2007 09:24:08) $
   
[EMAIL PROTECTED]:/builddir/build/BUILD/openldap-2.3.27/openldap-2.3.27/build-servers/servers/slapd 



Many thanks for your help.  It is much appreciated.

Alan


...
[2008/02/20 10:06:11, 3] smbd/chgpasswd.c:chat_with_program(430)
 chat_with_program: Dochild for user alan (uid=0,gid=0) (as_root = Yes)
[2008/02/20 10:06:14, 2] smbd/chgpasswd.c:expect(285)
 expect: Success
[2008/02/20 10:06:14, 3] smbd/chgpasswd.c:talktochild(316)
 Response 1 incorrect
...

Your log is showing that something is going wrong when chating with the 
passwd program.


1. Asking again, have you tried to use only ldap passwd sync = yes and 
unix password sync = no? This way the password program is not used.


2. Enable password chat debug passwd chat debug = yes and raise the 
log level to 100 in the related debug class, log level = 3 smb:100. It 
will print even your passwords used in the chat.


You can raise the log level to a specific machine if you have other 
useless traffic together:

http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/bugreport.html

Or the error is there or you have a samba version with a broken password 
chat processing (I dont know CentOS).



Regards.

Edmundo Valle Neto
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] understanding the ldap backend

[Lionel Pinkhard]

Hi,

Can someone confirm if it's necessary to have nss? I don't have nss in my 
configuration (I'm running OpenBSD, so it's a little different) and it's not 
working, I've also tried adding LDAP users to my /etc/passwd for my samba users 
as an experiment, but I couldn't get them to authenticate with LDAP through a 
shell, nor did it help Samba in any way so I removed them again. According to 
the logs, login_ldap (the bsd_auth module for ldap authentication) is 
attempting to communicate with openldap with ldapv2, which openldap doesn't 
support, so it appears this technique is impossible as far as I could figure 
out. However, it is strange that login_ldap and openldap ship together in the 
same version of the bsd packages collection, yet they communicate with 
different versions. Anyways, I need LDAP authentication for users with shell 
access, but luckily not on this server, they will only need to authenticate 
against this server, not login to the server itself via
 SSH or shell, only log in onto the shell on Linux workstations (which can 
easily be configured to authenticate with my OpenBSD openldap server using 
ldapv3). Anyways, this is a bit off-topic I think, but does this in any way 
relate to Samba? If I don't have users in my /etc/passwd file can't they log in 
to Samba?

Btw I don't think that should break my configuration, considering that I should 
still be able to log in as root since root has account in both LDAP and 
/etc/passwd, though the problem I'm experiencing with my configuration is that 
I don't even get an opportunity to log in, it just bluntly throws at me The 
specified network name is no longer available (in most cases, though during 
this stage I cannot see anything being logged in Samba - maybe Windows caches 
the first attempt and then doesn't give Access is denied until you reboot? As 
usually when I reboot I get Access is denied again), though the first time it 
shows Access is denied, the same happens with NET VIEW, yet, I'm not given a 
single opportunity to log in, on joining a domain (attempting to) it throws the 
same messages at me, dcdiag.txt also isn't much help. I have also tried setting 
my Windows username and password to match a Samba username and password 
(although I don't think this
 should be required).

Another thing, is it possible to hide a certain folder in every user's home 
directory from them when viewing with Samba? I've got a Maildir in each user's 
home directory to keep mail, but it's owned by vmail anyway (I know I should 
probably use virtual aliases and domains for this, but this seems to fit my 
scenario better), so the user can't access it, would just like them to not see 
it, if it's in any way possible. (Though this is not serious, since currently, 
my users can't even connect!)

Regards

Lionel

- Original Message 
From: Adam Williams [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
Cc: samba@lists.samba.org
Sent: Wednesday, 20 February 2008 9:33:53
Subject: Re: [Samba] understanding the ldap backend



[EMAIL PROTECTED] wrote:
 Hello List,

 i am trying to understand the LDAP-backend i just set up. Maybe 
 someone can help me a little understanding the whole magic.

 In smb.conf i have my smbldap-tools scripts:
  # use the smbldap-tools scripts
  add user script = /usr/sbin//smbldap-useradd -m %u
  delete user script = /usr/sbin//smbldap-userdel %u
  add machine script = /usr/sbin//smbldap-useradd -w %u
  add group script = /usr/sbin//smbldap-groupadd -p %g
  delete group script = /usr/sbin//smbldap-groupdel %g
  add user to group script = /usr/sbin//smbldap-groupmod -m %u %g
  delete user from group script = /usr/sbin//smbldap-groupmod -x %u %g
  set primary group script = /usr/sbin//smbldap-usermod -g %g %u


 and some ldap specific stuff:
  passdb backend = ldapsam:ldap://127.0.0.1/
  ldap admin dn = cn=Manager,dc=example,dc=net
  ldap suffix = dc=example,dc=net
  ldap group suffix = ou=Groups
  ldap user suffix = ou=Users
  ldap machine suffix = ou=Computers
  ldap idmap suffix = ou=Users
  idmap backend = ldap://127.0.0.1
  #ldap ssl = start tls
  ldap delete dn = Yes



 1.) Now how does the authentification excatly work? Does samba talk 
 directly to the ldap database and verifies user/password?
 2.) I guess changing/deleting passwords/users is beeing made by the 
 smblda-tools.
 3.) How does samba get the user ids? By contacting the ldap database 
 directl again?
 4.) How does samba get he user/group of files and folders? By nss?
 5.) Has samba got anything to do with nss/libnss-ldap?


 Thanks, Mario

1) yes
2) you can use smbldap-passwd to change a user's password if you want to 
set the passwd chat, unix password sync, etc.  or you can just set ldap 
passwd sync = yes and let samba handle the password changing directly
3)yes
4) yes
5) i think so, i have nss_ldap working because my users need shell 
access for database/html work.  i've never tried getting samba going 
without using nss_ldap for user auth.  i 

Re: [Samba] Re: cifs verses smbfs for Linux clients

[Jeremy Allison]

On Wed, Feb 20, 2008 at 11:54:14AM +0100, Volker Lendecke wrote:
 On Wed, Feb 20, 2008 at 12:56:00AM -0800, Steve Langasek wrote:
  Is this a problem practically, or is it a matter of the Samba Team's
  licensing policy?
  
  As this is a stand-alone shell script, I wouldn't expect there to be any
  license compatibility issues; but if it's a requirement that even shell
  scripts be GPLv3 to ship with Samba, I'll concede GPLv2 or greater.
 
 Well, it's not a strict requirement. But we would like it to
 be as consistent as possible.
 
 What do others think? Can we replace smbmount with such a
 wrapper for 3.2? Jeremy? Jerry?

I think if we're going to make such a change, 3.2 is the
time to do it :-).

Still ill, sorry for the slow response.

Jeremy
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Need help upgrading from 3.0.4 to 3.0.28

[Joe]

I have a FreeBSD 5.2.1 machine running Samba 3.0.4.  I am going to
upgrade Samba to 3.0.28.  The process I would follow would be...

download source
configure
make
make install

My questions are...

1. Can I make install with users connected to the samba
   server and using shares?

2. Can I just restart nmbd and smbd to run the new version?
   What happens to connected users if I restart nmbd and smbd?

2. Will I need to change anything in smb.conf?

3. Will any of the samba databases (users) get destroyed/erased/
   changed?

Sorry for all the questions, I'm just nervous about creating
a big mess during the upgrade.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP adding workstation accounts fails (but not really???)

[Pat Riehecky]

This is highly weird.  I am trying to setup LDAP as the back for my
samba test system, all is going well, except for adding workstation
accounts to the server.

# net rpc join -S TESTING -U root%password
Creation of workstation account failed
Unable to join domain IWU.EDU.

Yet, if I search LDAP after the join attempt I find:

dn: uid=testing$,ou=Computers,dc=iwu,dc=edu
objectClass: top
objectClass: account
objectClass: posixAccount
cn: testing$
uid: testing$
uidNumber: 1001
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer


My LDAP logs show it is searching ou=People rather than ou=Computers to
see if it was added successfully.  What must I do to make it search
ou=Computers?

testparm reports the following in my smb.conf global section and reports
no errors.

[global]
workgroup = TESTING
netbios name = TESTING
server string = %h server
security = DOMAIN
passdb backend = ldapsam:ldap://localhost
log level = 2
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
load printers = No
add machine script = smbldap-useradd -w -s /bin/false %u
domain logons = Yes
preferred master = Yes
domain master = Yes
dns proxy = No
ldap admin dn = cn=admin
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=iwu,dc=edu
ldap ssl = no
ldap user suffix = ou=People
panic action = /usr/share/samba/panic-action %d
idmap uid = 15000-25000
idmap gid = 15000-25000



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba, PAM and active directory

[Miguel Gonzalez]

Hi,

  I want that users can log on (SSH and console) a
Debian box can do it through Active Directory. I still
want that root user can log on (SSH and console) so I
created a wheel group for that.

  I can log on successfully with all AD and root
users. However, I'd like to limit the AD users to the
technology domain group.

  I've googled a lot:

  http://ubuntuforums.org/showthread.php?t=547324

  but I can't figure out how to make it to work under
my Debian box.

  Here are my settings:
  
  #
# /etc/pam.d/common-account - authorization settings
common to all services
#
# This file is included from other service-specific
PAM config files,
# and should contain a list of the authorization
modules that define
# the central access policy for use on the system. 
The default is to
# only deny service to users whose accounts are
expired in /etc/shadow.
#

account sufficientpam_succeed_if.so debug user
ingroup wheel
account sufficient  pam_succeed_if.so debug user
ingroup Technology

#
# /etc/pam.d/common-auth - authentication settings
common to all services
#
# This file is included from other service-specific
PAM config files,
# and should contain a list of the authentication
modules that define
# the central authentication scheme for use on the
system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The
default is to use the
# traditional Unix authentication mechanisms.
#
authsufficient  pam_unix.so debug
nullok_secure try_first_pass
authrequiredpam_winbind.so debug


#
# /etc/pam.d/common-password - password-related
modules common to all services
#
# This file is included from other service-specific
PAM config files,
# and should contain a list of modules that define 
the services to be
#used to change user passwords.  The default is
pam_unix

# The nullok option allows users to change an empty
password, else
# empty passwords are treated as locked accounts.
#
# (Add `md5' after the module name to enable MD5
passwords)
#
# The obscure option replaces the old
`OBSCURE_CHECKS_ENAB' option in
# login.defs. Also the min and max options enforce
the length of the
# new password.

#password   required   pam_unix.so nullok obscure
min=4 max=8 md5

# Alternate strength checking for password. Note that
this
# requires the libpam-cracklib package to be
installed.
# You will need to comment out the password line above
and
# uncomment the next two in order to use this.
# (Replaces the `OBSCURE_CHECKS_ENAB',
`CRACKLIB_DICTPATH')
#
# password required   pam_cracklib.so retry=3
minlen=6 difok=3
# password required   pam_unix.so use_authtok
nullok md5

authsufficient  pam_winbind.so
authrequiredpam_unix.so nullok obscure
min=4 max=8 md5 try_first_pass


#
# /etc/pam.d/common-session - session-related modules
common to all services
#
# This file is included from other service-specific
PAM config files,
# and should contain a list of modules that define
tasks to be performed
# at the start and end of sessions of *any* kind (both
interactive and
# non-interactive).  The default is pam_unix.
#
session requiredpam_unix.so debug
try_first_pass
session requiredpam_mkhomedir.so
skel=/etc/skel/ umask=0022
session requiredpam_winbind.so debug

I've created a test AD user that is not in the
Technology group. If I issue:

svn:/etc/pam.d# su - test
su: Permission denied
(Ignored)

the auth.log file gives:

Feb 20 13:45:27 svn su[6526]: pam_succeed_if: 'user'
resolves to 'test'
Feb 20 13:45:27 svn su[6526]: pam_succeed_if:
requirement user ingroup wheel not met by user
test
Feb 20 13:45:27 svn su[6526]: pam_succeed_if: 'user'
resolves to 'test'
Feb 20 13:45:27 svn su[6526]: pam_succeed_if:
requirement user ingroup Technology not met by user
test
Feb 20 13:45:27 svn su[6526]: Successful su for test
by root
Feb 20 13:45:27 svn su[6526]: + pts/0 root:test
Feb 20 13:45:27 svn su[6526]: (pam_unix) session
opened for user test by (uid=0)
Feb 20 13:45:27 svn pam_winbind[6526]: pam_winbind:
pam_sm_open_session handler (flags: 0x)

So is seeing that the test user is not part of any of
the allowed groups but still the user is being logged
on.

What am I doing wrong?

Thanks,

Miguel



  


   
__ 
¿Con Mascota por primera vez? Sé un mejor Amigo. Entra en Yahoo! Respuestas 
http://es.answers.yahoo.com/info/welcome

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Subfolders and permissions

[Paul Rijke]

Hi,

 

I have currently a department called HRM which have their own share
/data/hrm

 

Within that share is a folder called recruitment.

 

We recently hired an external recruiter to do some work for us. The folder
is /data/hrm/recruitment

 

How can I enforce that this person can only read and write in this
directory? Look below, is this the way to go? How would you handle this?

 

My config:

#=== Global Settings
=

[global]

dns proxy = no 

log file = /var/log/samba/log.%m

netbios name = srv01

load printers = yes

server string = srv01.mydomain.com

 

workgroup = MYDOMAIN

os level = 20

username map = /usr/local/etc/samba/smbusers



encrypt passwords = yes

hosts allow = 192.168.20. 127.

security = user

max log size = 50

 

# Share Definitions
==

 

# the staff group

[hrm]

writeable = yes

path = /data/hrm

write list = @hrm

force group = hrm

valid users = @hrm

create mode = 764

directory mode = 774

 

[recruitment]

comment = Recruitment Share

valid users = @recruitment

writeable = yes

path = /data/hrm/recruitment

write list = @recruitment

force group = recruitment

create mode = 764

directory mode = 774

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Subfolders and permissions

[Scott Lovenberg]

Paul Rijke wrote:

Hi,

 


I have currently a department called HRM which have their own share
/data/hrm

 


Within that share is a folder called recruitment.

 


We recently hired an external recruiter to do some work for us. The folder
is /data/hrm/recruitment

 


How can I enforce that this person can only read and write in this
directory? Look below, is this the way to go? How would you handle this?

 


My config:

#=== Global Settings
=

[global]

dns proxy = no 


log file = /var/log/samba/log.%m

netbios name = srv01

load printers = yes

server string = srv01.mydomain.com

 


workgroup = MYDOMAIN

os level = 20

username map = /usr/local/etc/samba/smbusers




encrypt passwords = yes

hosts allow = 192.168.20. 127.

security = user

max log size = 50

 


# Share Definitions
==

 


# the staff group

[hrm]

writeable = yes

path = /data/hrm

write list = @hrm

force group = hrm

valid users = @hrm

create mode = 764

directory mode = 774

 


[recruitment]

comment = Recruitment Share

valid users = @recruitment

writeable = yes

path = /data/hrm/recruitment

write list = @recruitment

force group = recruitment

create mode = 764

directory mode = 774

  
Personally, I'd do this at the file system level.  Put them in a group 
such that they don't have any permissions other than traverse (751 
permissions or so) parent directories, and make them the owner of the 
recruitment directory with a 2770 permission on the directory.  If you 
need to add more recruiters, just add them to the recruitment group.



So, it'd look like this:
user: recruiter
group: recruitment

/data/hrm (perms - root.users rwxrwx--x)
/data/hrm/recruitment (perms - recruiter.recruitment rwxrwt---)

Then just give them a link to /data/hrm/recruitment on their desktop or 
something (or map a drive on logon with the logon script).  This is, of 
course, just one way to do it.

 I usually like to handle permissions at the lowest level.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] RE: Delegation of authentication (S4U) and SAMBA

[Andrew Bartlett]

On Tue, 2008-02-12 at 12:15 -0800, Ephi Dror wrote:
 Hello,
 
  
 
 Does samba support the use of S4U?
 
  
 
 What do we need to configure in SAMBA or krb5 to support getting a
 ticket obtained by S4U.  We are using 3.0.25 and krb5-1.4.1
 
  
 
 We are getting the following error:
 
  
 
 decode_pac_data: Name in PAC [EMAIL PROTECTED]
 does not match principal name in ticket
 
  
 
 The ticket could be different than the PAC name because the ticket was
 obtained using S4U extension.

As you have found out, the code does not currently allow this.  

Now that we are using the PAC, it shouldn't be too hard for you to
change things so that instead of requiring the two strings does to
match, it takes the PAC in precedence (if available).

I suggest raising this on samba-technical

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Samba Developer, Red Hat Inc.


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] CTDB and LDAP: anyone?

[Andrew Bartlett]

On Tue, 2008-02-12 at 11:01 +, Alex Crow wrote:
 Hi there,
 
 I am looking into using CTDB between a PDC and a BDC. I assume this is
 possible!
 
 However I have a few questions:
 
 1: Do I have to use tdb2 as an Idmap backend? Can I not stay with ldap?
 (from the CTDB docs:
 
 A clustered Samba install must set some specific configuration
 parameters 
 clustering = yes
   idmap backend = tdb2
   private dir = /a/directory/on/your/cluster/filesystem
 It is vital that the private directory is on shared storage.)

LDAP should be fine...

 2. I have got the git tree as mentioned on the CTDB pages; however it
 seems like 3.2.0pre1 will also support this; which should I go with?
 
 3. Do I have to use IP takeover? All I am trying to do in this case is
 to consistently provide the home directories and profiles on both the
 PDC and BDC (I'm using GFS over iSCSI).
 
 It doesn't matter if the IP address of either box vanishes - since they
 are both domain controllers the still-living box should be used anyway
 (background - I am using passdb expand explicit = yes and in LDAP I
 have home and profile paths specified prefixed by \\%L, so the user's
 profile and home dir are mapped to whatever the logon server is for that
 session).
 
 I can see how for sharing domain member services around a cluster that
 IP takeover is required, but the PDC/BDC relationship means (IMHO) it's
 not required in this instance.

This looks like a perfectly good reason not to require IP takeover.

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Samba Developer, Red Hat Inc.


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Need help upgrading from 3.0.4 to 3.0.28

[Douglas VanLeuven]

Joe wrote:
 I have a FreeBSD 5.2.1 machine running Samba 3.0.4.  I am going to
 upgrade Samba to 3.0.28.  The process I would follow would be...
 
 download source
 configure
 make
 make install
 
 My questions are...
 
 1. Can I make install with users connected to the samba
server and using shares?

Only if you're an optimist.  It's a rare day one can migrate that many
releases without some changes in config file syntax or interpretation.

 
 2. Can I just restart nmbd and smbd to run the new version?
What happens to connected users if I restart nmbd and smbd?

You could.  Your users would get (optimistically) momentarily
disconnected.  The windows offline files balloon pops up or a message
no longer connected to 

 
 2. Will I need to change anything in smb.conf?

Probably.  I know some of the defaults have changed, but I don't have a
list handy.

 
 3. Will any of the samba databases (users) get destroyed/erased/
changed?
Shouldn't, but someone else would have to say definitively.  I've
personally wiped and reinitialized most of them several times only
keeping the private tdb files secrets  passdb while regenerating the
printer tdb's and mappings.

 
 Sorry for all the questions, I'm just nervous about creating
 a big mess during the upgrade.

If it's at all possible, your best course is to setup a test machine
(real or virtual) and test the new version in your current setup by
joining it to your domain and connecting from users.  Alternatively,
duplicate the existing OS  samba version with a different machine name
and perform the upgrade on it.  Your experience doing that is the only
real way to self answer some of your questions and make the production
upgrade as smooth as possible.

Regards, Doug
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] RE: Delegation of authentication (S4U) and SAMBA

[Andrew Bartlett]

On Wed, 2008-02-20 at 13:58 -0800, Todd Stecher wrote:
 From my readings, only the Heimdahl Kerberos distribution has S4USelf
 support, at least in the Samba 4 code base.  MIT tries to stay away
 from being PAC-cognizent.

In terms of Samba4's KDE, S4USelf is something that I need to finish
understanding, particularly in terms of interoperable behaviours etc.

 It sounds like you're trying to do something slightly different - e.g.
 Constrained Delegation, where the identity lives in the PAC, and not
 in the ticket.  There are additional security considerations which
 come into play when relying simply on the PAC, since anyone can put a
 PAC into a service ticket with a custom codebase - you can easily get
 into cases of identity theft if you also don't verify the second
 (KRBTGT HMAC of the server signature) signature in the PAC.

Why do we need to check that, expect if we think that unprivileged
processes on our box have access to the keytab?

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Samba Developer, Red Hat Inc.


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] change in AD authentication behaviour since 3.0.24

[Neal A. Lucier]

Robert Cohen wrote:

On 20/2/08 4:11 PM, Neal A. Lucier [EMAIL PROTECTED] wrote:

Robert Cohen wrote:


Ok, I thought winbind was only relevant if you were using AD as a NSS (name
service source). We have all the users in the name service from LDAP or
NIS+. We're only getting the passwords from AD.

I guess this could be an unusual combination and could be whats causing our
problems...



This is exactly what we are doing, and until 3.0.25 setting up idmap to work in 
this environment was a bit convoluted, but now it is extremely simple, mainly 
because an nss backend was introduced to idmap.  Generally speaking idmap is 
for authorization; however, there is some interplay with authentication.


So, to be clear, your nsswitch on the machine is only look at LDAP or NIS+, and 
in AD you have all the same users with the same username?


You need IDmap to map the uid of the owner of the files (which is coming from 
LDAP/NIS+) to the SID of the user that is accessing via Samba (which is coming 
from AD).  There are many ways to do this, by putting the SID in LDAP, the uid 
in AD, using local .tdb files, or a local mapping.  The simpliest (given that my 
assumptions about your environment are correct) is:


winbind use default domain = yes
idmap domains = XX
idmap config XX:backend = nss
idmap config XX:readonly = yes
idmap config XX:default = no

The only setting I'm not sure exactly what is does is the :default = no, but 
IIRC that says if someone from another domain that is not defined by idmap 
domains =  tries to connect than idmap should not use this backend as the 
default backend.


see: http://www.samba.org/~idra/samba3_newidmap.pdf



And allow trusted domains = no doesn't make any difference.



Sorry, I was thinking of winbind trusted domains only which has been obsoleted 
by the idmap_nss backend.


Neal
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] change in AD authentication behaviour since 3.0.24

[Robert Cohen]

Charles Marcus CMarcus at Media-Brokers.com wrote

On 2/19/2008, Robert Cohen (robert.cohen at anu.edu.au) wrote: I'm not sure
whether its the same problem as us.

 BTW I should mention that we're simply not using winbind. The behaviour I'm
 talking about is when an XP client machine attempts to connect to our server
 to get a network share.
 
 So winbind doesn't enter into the equation.
 
From the 3.0.25 release notes (3rd paragraph is most relevant to you):

Member servers, domain accounts, and smb.conf
=

Since Samba 3.0.8, it has been recommended that all domain accounts listed
In smb.conf on a member server be fully qualified with the domain name.
This is now a requirement.  All unqualified names are assumed to be local to
the Unix host, either as part of the server's local passdb or in the local
system list of accounts (e.g. /etc/passwd or /etc/group).

The reason for this change is that smbd has transitioned from access checks
based on string comparisons to token based authorization.  All names are
resolved to a SID and then verified against the logged on user's NT user
token.  Local names will resolve to a local SID, while qualified domain
names will resolve to the appropriate domain SID.
If the member server is not running winbindd at all, domain accounts will be
implicitly mapped to local accounts and their tokens will be modified
appropriately to reflect the local SID and group membership.



This turned out to be the problem. We hadnt been starting winbindd since I
thought it was only relevant if you were using winbind in
/etc/nsswitch.conf.
But as soon as we started winbind, along with other config settings
mentioned earlier, everything just started working.




===
Robert Cohen 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Subfolders and permissions

[Jamrock]

Paul Rijke [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
 Hi,



 I have currently a department called HRM which have their own share
 /data/hrm



 Within that share is a folder called recruitment.



 We recently hired an external recruiter to do some work for us. The folder
 is /data/hrm/recruitment



 How can I enforce that this person can only read and write in this
 directory? Look below, is this the way to go? How would you handle this?


A Samba account is linked to a Linux account.  I would set the security on
the Linux account.  I would do this using regular Linux file and directory
permissions.



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] using MD5 to cipher password

[Michael Heydon]

Luigi Santangelo wrote:
Hi everybody, 
When I create a new user with smbpasswd -a, can I encrypt the password 
with MD5 protocol instead of NTLM protocol?
  

No.

snip
  

Use unix or ldap password sync.

*Michael Heydon - IT Administrator *
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-930-g8c2f658

[Andrew Bartlett]

The branch, v4-0-test has been updated
   via  8c2f658a9688f0c51d2f3b948dc3213b65c7b77f (commit)
  from  02cb396d42976efc03fcb0082e914eb17ae72e11 (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v4-0-test


- Log -
commit 8c2f658a9688f0c51d2f3b948dc3213b65c7b77f
Author: Andrew Bartlett [EMAIL PROTECTED]
Date:   Wed Feb 20 19:20:13 2008 +1100

Simpler specification of CFLAGS and LDFLAGS

By being more consistant in applying CFLAGS and LDFLAGS (in
particular) to every invocation, we make it simpler to enable gcov
code coverage, both in the build system and on the build farm.

Andrew Bartlett

---

Summary of changes:
 source/Makefile|4 ++--
 source/build/m4/check_ld.m4|   17 ++---
 source/build/smb_build/makefile.pm |4 ++--
 source/torture/config.mk   |   10 ++
 4 files changed, 16 insertions(+), 19 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/Makefile b/source/Makefile
index ea98b5e..1fddfef 100644
--- a/source/Makefile
+++ b/source/Makefile
@@ -14,10 +14,10 @@ SETUPDIR = $(datadir)/setup
 NCALRPCDIR = $(localstatedir)/ncalrpc
 
 BNLD = $(LD)
-BNLD_FLAGS = $(LDFLAGS)
+BNLD_FLAGS = $(LDFLAGS) $(SYS_LDFLAGS)
 
 HOSTCC_FLAGS = -D_SAMBA_HOSTCC_ $(CFLAGS)
-HOSTLD_FLAGS = $(LDFLAGS)
+HOSTLD_FLAGS = $(LDFLAGS) $(SYS_LDFLAGS)
 
 default: all
 
diff --git a/source/build/m4/check_ld.m4 b/source/build/m4/check_ld.m4
index 3b69057..0d0742e 100644
--- a/source/build/m4/check_ld.m4
+++ b/source/build/m4/check_ld.m4
@@ -13,6 +13,7 @@ LD=
 
 AC_SUBST(BLDSHARED)
 AC_SUBST(LD)
+AC_SUBST(SYS_LDFLAGS)
 AC_SUBST(LDFLAGS)
 
 # Assume non-shared by default and override below
@@ -32,13 +33,13 @@ AC_MSG_CHECKING([whether to try to build shared libraries 
on $host_os])
 case $host_os in
*linux*)
BLDSHARED=true
-   LDFLAGS=$LDFLAGS -Wl,--export-dynamic
+   SYS_LDFLAGS=-Wl,--export-dynamic
;;
*solaris*)
BLDSHARED=true
if test ${GCC} = yes; then
if test ${ac_cv_prog_gnu_ld} = yes; then
-   LDFLAGS=$LDFLAGS -Wl,-E
+   SYS_LDFLAGS=-Wl,-E
fi
fi
;;
@@ -47,26 +48,26 @@ case $host_os in
;;
*netbsd* | *freebsd* | *dragonfly* )  
BLDSHARED=true
-   LDFLAGS=$LDFLAGS -Wl,--export-dynamic
+   SYS_LDFLAGS=-Wl,--export-dynamic
;;
*openbsd*)
BLDSHARED=true
-   LDFLAGS=$LDFLAGS -Wl,-Bdynamic
+   SYS_LDFLAGS=-Wl,-Bdynamic
;;
*irix*)
BLDSHARED=true
;;
*aix*)
BLDSHARED=true
-   LDFLAGS=$LDFLAGS -Wl,-brtl,-bexpall,-bbigtoc
+   SYS_LDFLAGS=-Wl,-brtl,-bexpall,-bbigtoc
;;
*hpux*)
# Use special PIC flags for the native HP-UX compiler.
BLDSHARED=true # I hope this is correct
if test $host_cpu = ia64; then
-   LDFLAGS=$LDFLAGS 
-Wl,-E,+b/usr/local/lib/hpux32:/usr/lib/hpux32
+   
SYS_LDFLAGS=-Wl,-E,+b/usr/local/lib/hpux32:/usr/lib/hpux32
else
-   LDFLAGS=$LDFLAGS -Wl,-E,+b/usr/local/lib:/usr/lib
+   SYS_LDFLAGS=-Wl,-E,+b/usr/local/lib:/usr/lib
fi
;;
*osf*)
@@ -86,6 +87,8 @@ AC_MSG_CHECKING([LD])
 AC_MSG_RESULT([$LD])
 AC_MSG_CHECKING([LDFLAGS])
 AC_MSG_RESULT([$LDFLAGS])
+AC_MSG_CHECKING([SYS_LDFLAGS])
+AC_MSG_RESULT([$SYS_LDFLAGS])
 
 AC_SUBST(HOSTLD)
 
diff --git a/source/build/smb_build/makefile.pm 
b/source/build/smb_build/makefile.pm
index d11e761..498b619 100644
--- a/source/build/smb_build/makefile.pm
+++ b/source/build/smb_build/makefile.pm
@@ -187,7 +187,7 @@ __EOD__
 $ctx-{SHAREDDIR}/$ctx-{LIBRARY_REALNAME}: \$($ctx-{NAME}_DEPEND_LIST) 
\$($ctx-{NAME}_FULL_OBJ_LIST) $init_obj
[EMAIL PROTECTED] Linking \$\@
[EMAIL PROTECTED] -p $ctx-{SHAREDDIR}
-   [EMAIL PROTECTED](MDLD) \$(MDLD_FLAGS) \$(INTERN_LDFLAGS) -o \$\@ 
\$(INSTALL_LINK_FLAGS) \\
+   [EMAIL PROTECTED](MDLD) \$(LDFLAGS) \$(MDLD_FLAGS) \$(INTERN_LDFLAGS) 
-o \$\@ \$(INSTALL_LINK_FLAGS) \\
\$($ctx-{NAME}\_FULL_OBJ_LIST) $init_obj \\
\$($ctx-{NAME}_LINK_FLAGS)
 __EOD__
@@ -242,7 +242,7 @@ sub SharedLibrary($$)
 $ctx-{RESULT_SHARED_LIBRARY}: \$($ctx-{NAME}_DEPEND_LIST) 
\$($ctx-{NAME}_FULL_OBJ_LIST)
[EMAIL PROTECTED] Linking \$\@
[EMAIL PROTECTED] -p $ctx-{SHAREDDIR}
-   [EMAIL PROTECTED](SHLD) \$(SHLD_FLAGS) \$(INTERN_LDFLAGS) -o \$\@ 
\$(INSTALL_LINK_FLAGS) \\
+   [EMAIL PROTECTED](SHLD) 

[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-932-ge8f3653

[Michael Adam]

The branch, v4-0-test has been updated
   via  e8f3653414c12fb752c096d848dc962008d90439 (commit)
   via  4c77550d80b0cfc80bc2cac500fc27e0c43dad64 (commit)
  from  8c2f658a9688f0c51d2f3b948dc3213b65c7b77f (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v4-0-test


- Log -
commit e8f3653414c12fb752c096d848dc962008d90439
Author: Volker Lendecke [EMAIL PROTECTED]
Date:   Fri Feb 1 14:23:56 2008 +0100

NetBSD does not support AI_ADDRCONFIG
(cherry picked from commit fb3f7f4046fa195baf5116598772d9016238637f)

commit 4c77550d80b0cfc80bc2cac500fc27e0c43dad64
Author: Volker Lendecke [EMAIL PROTECTED]
Date:   Fri Feb 1 20:03:05 2008 +0100

NetBSD needs LD_LIBRARY_PATH
(cherry picked from commit d64b19e77aa499c1ee1aaf788ddf3d6fd36253e4)

---

Summary of changes:
 source/lib/replace/libreplace_ld.m4 |3 +++
 source/lib/replace/system/network.h |7 +++
 2 files changed, 10 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/lib/replace/libreplace_ld.m4 
b/source/lib/replace/libreplace_ld.m4
index 2aec698..f0d10c1 100644
--- a/source/lib/replace/libreplace_ld.m4
+++ b/source/lib/replace/libreplace_ld.m4
@@ -289,6 +289,9 @@ AC_DEFUN([AC_LIBREPLACE_RUNTIME_LIB_PATH_VAR],
*linux*)
LIB_PATH_VAR=LD_LIBRARY_PATH
;;
+   *netbsd*)
+   LIB_PATH_VAR=LD_LIBRARY_PATH
+   ;;
*solaris*)
LIB_PATH_VAR=LD_LIBRARY_PATH
;;
diff --git a/source/lib/replace/system/network.h 
b/source/lib/replace/system/network.h
index 53bef66..d09e3f7 100644
--- a/source/lib/replace/system/network.h
+++ b/source/lib/replace/system/network.h
@@ -163,8 +163,15 @@ void rep_freeifaddrs(struct ifaddrs *);
 #endif
 
 #ifndef AI_ADDRCONFIG
+/*
+ * logic copied from AI_NUMERICHOST
+ */
+#if defined(HAVE_STRUCT_ADDRINFO)  defined(HAVE_GETADDRINFO)
+#define AI_ADDRCONFIG  0
+#else
 #define AI_ADDRCONFIG  0x0020
 #endif
+#endif
 
 #ifndef AI_NUMERICSERV
 /*


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-945-g7a2ff3e

[Jelmer Vernooij]

The branch, v4-0-test has been updated
   via  7a2ff3ee26bce49a3eeeb270f4a5e4df2adbefbb (commit)
   via  7bbe48af5568ffc4e4873692316673fd974ef4ef (commit)
   via  ce332130ea77159832da23bab760fa26921719e2 (commit)
   via  92c1c0e9137f0845cac6cc96bf78711b6aaffe21 (commit)
   via  e464a344bc11587abc5c663bc8d6471eeb314959 (commit)
   via  b1a7810f3e70f9a831d9b8e85d531e448072adaf (commit)
   via  46e5027f56722fbe19af36aad1ab03ea1c862f43 (commit)
   via  85c96a325867f7bcdb412ebc53f8a47dbf7cd89b (commit)
   via  141ee91272fb4dafca0149f679e17721b6a3011e (commit)
   via  2548c2a1e7dab8abc00f8f49374a08cc0b427552 (commit)
   via  89590d7dfe0735093a4a5b66eeed9276df043ac9 (commit)
   via  5ad9bc7dd9b8a3b37e0acd77eaecc5ee71d7b422 (commit)
   via  9b0dcac0bd805c3e1741448167b461c3fa0e33fd (commit)
  from  e8f3653414c12fb752c096d848dc962008d90439 (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v4-0-test


- Log -
commit 7a2ff3ee26bce49a3eeeb270f4a5e4df2adbefbb
Merge: 7bbe48af5568ffc4e4873692316673fd974ef4ef 
e8f3653414c12fb752c096d848dc962008d90439
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Wed Feb 20 10:55:20 2008 +0100

Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 
v4-0-nodeclare

commit 7bbe48af5568ffc4e4873692316673fd974ef4ef
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Wed Feb 20 10:51:26 2008 +0100

Fix nbt tests.

commit ce332130ea77159832da23bab760fa26921719e2
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Wed Feb 20 04:33:43 2008 +0100

Fix use of some modules (needed _PUBLIC_).

commit 92c1c0e9137f0845cac6cc96bf78711b6aaffe21
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Wed Feb 20 03:40:44 2008 +0100

Fix static module list generation for ldb.

commit e464a344bc11587abc5c663bc8d6471eeb314959
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Wed Feb 20 03:21:38 2008 +0100

Require at least talloc 1.2.0.

commit b1a7810f3e70f9a831d9b8e85d531e448072adaf
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Wed Feb 20 02:57:07 2008 +0100

Remove more function-based inits.

commit 46e5027f56722fbe19af36aad1ab03ea1c862f43
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Wed Feb 20 01:56:55 2008 +0100

Use function-based initialization for ildap backend.

commit 85c96a325867f7bcdb412ebc53f8a47dbf7cd89b
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Wed Feb 20 01:54:32 2008 +0100

Use struct-based rather than function-based initialization for ldb modules 
everywhere.

commit 141ee91272fb4dafca0149f679e17721b6a3011e
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Wed Feb 20 01:37:53 2008 +0100

Allow ldb backends without init function, use init function-less ldb 
modules.

commit 2548c2a1e7dab8abc00f8f49374a08cc0b427552
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Tue Feb 19 23:53:04 2008 +0100

Factor out IP marshalling into separate function.

commit 89590d7dfe0735093a4a5b66eeed9276df043ac9
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Tue Feb 19 23:00:43 2008 +0100

Add configure test for vdeplug library.

commit 5ad9bc7dd9b8a3b37e0acd77eaecc5ee71d7b422
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Tue Feb 19 22:04:26 2008 +0100

Add VDE switch management functions.

commit 9b0dcac0bd805c3e1741448167b461c3fa0e33fd
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Tue Feb 19 21:51:09 2008 +0100

Initial work on vde support.

---

Summary of changes:
 source/build/smb_build/header.pm  |   10 ++-
 source/build/smb_build/makefile.pm|3 +-
 source/build/smb_build/summary.pm |3 +
 source/configure.ac   |2 +-
 source/dsdb/samdb/ldb_modules/anr.c   |8 +--
 source/dsdb/samdb/ldb_modules/config.mk   |   57 +++
 source/dsdb/samdb/ldb_modules/dsdb_cache.c|7 +--
 source/dsdb/samdb/ldb_modules/extended_dn.c   |7 +--
 source/dsdb/samdb/ldb_modules/instancetype.c  |8 +--
 source/dsdb/samdb/ldb_modules/kludge_acl.c|7 +--
 source/dsdb/samdb/ldb_modules/linked_attributes.c |7 +--
 source/dsdb/samdb/ldb_modules/local_password.c|8 +--
 source/dsdb/samdb/ldb_modules/naming_fsmo.c   |7 +--
 source/dsdb/samdb/ldb_modules/normalise.c |7 +--
 source/dsdb/samdb/ldb_modules/objectclass.c   |8 +--
 source/dsdb/samdb/ldb_modules/objectguid.c|8 +--
 source/dsdb/samdb/ldb_modules/partition.c |9 +--
 source/dsdb/samdb/ldb_modules/password_hash.c |8 +--
 source/dsdb/samdb/ldb_modules/pdc_fsmo.c  |7 +--
 source/dsdb/samdb/ldb_modules/proxy.c |7 +--
 source/dsdb/samdb/ldb_modules/ranged_results.c|7 +--
 source/dsdb/samdb/ldb_modules/repl_meta_data.c|7 +--
 

[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2460-g53c9098

[Michael Adam]

The branch, v3-2-test has been updated
   via  53c9098253f5a7f84ea8079a755b9d4f0b28fb2c (commit)
  from  af5ec88ece3ecca2b3c5d6585deec10fe851339b (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test


- Log -
commit 53c9098253f5a7f84ea8079a755b9d4f0b28fb2c
Author: Michael Adam [EMAIL PROTECTED]
Date:   Wed Feb 20 00:44:40 2008 +0100

Remove the getifaddrs checks from configure.in: they are now in lib/replace.

Michael

---

Summary of changes:
 source/configure.in |   96 ---
 1 files changed, 0 insertions(+), 96 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/configure.in b/source/configure.in
index afe68d7..6b9131c 100644
--- a/source/configure.in
+++ b/source/configure.in
@@ -2736,102 +2736,6 @@ SMB_CHECK_SYSCONF(_SC_NPROCESSORS_ONLN)
 SMB_CHECK_SYSCONF(_SC_PAGESIZE)
 AC_CHECK_FUNCS(getpagesize)
 
-dnl test for getifaddrs and freeifaddrs
-AC_CACHE_CHECK([for getifaddrs and freeifaddrs],samba_cv_HAVE_GETIFADDRS,[
-AC_TRY_COMPILE([
-#include sys/socket.h
-#include sys/types.h
-#include netinet/in.h
-#include arpa/inet.h
-#include ifaddrs.h
-#include netdb.h],
-[
-struct ifaddrs *ifp = NULL;
-int ret = getifaddrs (ifp);
-freeifaddrs(ifp);
-],
-samba_cv_HAVE_GETIFADDRS=yes,samba_cv_HAVE_GETIFADDRS=no)])
-if test x$samba_cv_HAVE_GETIFADDRS = xyes; then
-AC_DEFINE(HAVE_GETIFADDRS,1,[Whether the system has getifaddrs])
-AC_DEFINE(HAVE_FREEIFADDRS,1,[Whether the system has freeifaddrs])
-fi
-
-##
-# look for a method of finding the list of network interfaces
-iface=no;
-AC_CACHE_CHECK([for iface getifaddrs],samba_cv_HAVE_IFACE_GETIFADDRS,[
-SAVE_CPPFLAGS=$CPPFLAGS
-CPPFLAGS=$CPPFLAGS ${SAMBA_CONFIGURE_CPPFLAGS}
-AC_TRY_RUN([
-#define NO_CONFIG_H 1
-#define HAVE_IFACE_GETIFADDRS 1
-#define AUTOCONF_TEST 1
-#include ${srcdir-.}/lib/replace/replace.c
-#include ${srcdir-.}/lib/interfaces.c],
-   
samba_cv_HAVE_IFACE_GETIFADDRS=yes,samba_cv_HAVE_IFACE_GETIFADDRS=no,samba_cv_HAVE_IFACE_GETIFADDRS=cross)])
-CPPFLAGS=$SAVE_CPPFLAGS
-if test x$samba_cv_HAVE_IFACE_GETIFADDRS = xyes; then
-iface=yes;AC_DEFINE(HAVE_IFACE_GETIFADDRS,1,[Whether iface getifaddrs is 
available])
-fi
-
-if test $iface = no; then
-AC_CACHE_CHECK([for iface ifconf],samba_cv_HAVE_IFACE_IFCONF,[
-SAVE_CPPFLAGS=$CPPFLAGS
-CPPFLAGS=$CPPFLAGS ${SAMBA_CONFIGURE_CPPFLAGS}
-AC_TRY_RUN([
-#define NO_CONFIG_H 1
-#define HAVE_IFACE_IFCONF 1
-#define AUTOCONF_TEST 1
-#define SOCKET_WRAPPER_NOT_REPLACE
-#include ${srcdir-.}/lib/replace/replace.c
-#include ${srcdir-.}/lib/interfaces.c],
-   
samba_cv_HAVE_IFACE_IFCONF=yes,samba_cv_HAVE_IFACE_IFCONF=no,samba_cv_HAVE_IFACE_IFCONF=cross)])
-CPPFLAGS=$SAVE_CPPFLAGS
-if test x$samba_cv_HAVE_IFACE_IFCONF = xyes; then
-iface=yes;AC_DEFINE(HAVE_IFACE_IFCONF,1,[Whether iface ifconf is 
available])
-fi
-fi
-
-if test $iface = no; then
-AC_CACHE_CHECK([for iface ifreq],samba_cv_HAVE_IFACE_IFREQ,[
-SAVE_CPPFLAGS=$CPPFLAGS
-CPPFLAGS=$CPPFLAGS ${SAMBA_CONFIGURE_CPPFLAGS}
-AC_TRY_RUN([
-#define NO_CONFIG_H 1
-#define HAVE_IFACE_IFREQ 1
-#define AUTOCONF_TEST 1
-#define SOCKET_WRAPPER_NOT_REPLACE
-#include ${srcdir-.}/lib/replace/replace.c
-#include ${srcdir-.}/lib/replace/getaddrinfo.c
-#include ${srcdir-.}/lib/replace/snprintf.c
-#include ${srcdir-.}/lib/interfaces.c],
-   
samba_cv_HAVE_IFACE_IFREQ=yes,samba_cv_HAVE_IFACE_IFREQ=no,samba_cv_HAVE_IFACE_IFREQ=cross)])
-CPPFLAGS=$SAVE_CPPFLAGS
-if test x$samba_cv_HAVE_IFACE_IFREQ = xyes; then
-iface=yes;AC_DEFINE(HAVE_IFACE_IFREQ,1,[Whether iface ifreq is available])
-fi
-fi
-
-if test $iface = no; then
-AC_CACHE_CHECK([for iface AIX],samba_cv_HAVE_IFACE_AIX,[
-SAVE_CPPFLAGS=$CPPFLAGS
-CPPFLAGS=$CPPFLAGS ${SAMBA_CONFIGURE_CPPFLAGS}
-AC_TRY_RUN([
-#define NO_CONFIG_H 1
-#define HAVE_IFACE_AIX 1
-#define AUTOCONF_TEST 1
-#undef _XOPEN_SOURCE_EXTENDED
-#define SOCKET_WRAPPER_NOT_REPLACE
-#include ${srcdir-.}/lib/replace/replace.c
-#include ${srcdir-.}/lib/replace/snprintf.c
-#include ${srcdir-.}/lib/interfaces.c],
-   
samba_cv_HAVE_IFACE_AIX=yes,samba_cv_HAVE_IFACE_AIX=no,samba_cv_HAVE_IFACE_AIX=cross)])
-CPPFLAGS=$SAVE_CPPFLAGS
-if test x$samba_cv_HAVE_IFACE_AIX = xyes; then
-iface=yes;AC_DEFINE(HAVE_IFACE_AIX,1,[Whether iface AIX is available])
-fi
-fi
-
 dnl test for ipv6
 AC_CACHE_CHECK([for ipv6 support],samba_cv_HAVE_IPV6,[
 AC_TRY_COMPILE([


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-946-gd45c6b5

[Jelmer Vernooij]

The branch, v4-0-test has been updated
   via  d45c6b5574ea732d25e9180c83f1fa807ebe57ba (commit)
  from  7a2ff3ee26bce49a3eeeb270f4a5e4df2adbefbb (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v4-0-test


- Log -
commit d45c6b5574ea732d25e9180c83f1fa807ebe57ba
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Wed Feb 20 11:32:56 2008 +0100

Avoid python2.2-specific types.

---

Summary of changes:
 source/scripting/python/config.m4 |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/scripting/python/config.m4 
b/source/scripting/python/config.m4
index 908efd1..2142cd9 100644
--- a/source/scripting/python/config.m4
+++ b/source/scripting/python/config.m4
@@ -54,7 +54,7 @@ fi
 
 if test x$PYTHON != x
 then
-   DISTUTILS_CFLAGS=`$PYTHON -c from distutils import sysconfig; print 
'-I%s -I%s %s' % (sysconfig.get_python_inc(), 
sysconfig.get_python_inc(plat_specific=True), 
sysconfig.get_config_var('CFLAGS'))`
+   DISTUTILS_CFLAGS=`$PYTHON -c from distutils import sysconfig; print 
'-I%s -I%s %s' % (sysconfig.get_python_inc(), 
sysconfig.get_python_inc(plat_specific=1), sysconfig.get_config_var('CFLAGS'))`
DISTUTILS_LDFLAGS=`$PYTHON -c from distutils import sysconfig; print 
'%s %s -lpython%s -L%s' % (sysconfig.get_config_var('LIBS'), 
sysconfig.get_config_var('SYSLIBS'), sysconfig.get_config_var('VERSION'), 
sysconfig.get_config_var('LIBPL'))`
TRY_LINK_PYTHON($DISTUTILS_LDFLAGS, $DISTUTILS_CFLAGS)
 fi


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-947-ga57adcf

[Jelmer Vernooij]

The branch, v4-0-test has been updated
   via  a57adcfdd32fa9516eb092f7568e213347c583d7 (commit)
  from  d45c6b5574ea732d25e9180c83f1fa807ebe57ba (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v4-0-test


- Log -
commit a57adcfdd32fa9516eb092f7568e213347c583d7
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Wed Feb 20 12:17:18 2008 +0100

Allow building ldb as static library again \o/

---

Summary of changes:
 source/lib/ldb/config.mk |1 -
 1 files changed, 0 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/lib/ldb/config.mk b/source/lib/ldb/config.mk
index b44a317..6027acd 100644
--- a/source/lib/ldb/config.mk
+++ b/source/lib/ldb/config.mk
@@ -127,7 +127,6 @@ PRIVATE_DEPENDENCIES = \
 [LIBRARY::LIBLDB]
 VERSION = 0.0.1
 SO_VERSION = 0
-OUTPUT_TYPE = SHARED_LIBRARY
 CFLAGS = -Ilib/ldb/include
 PC_FILE = ldb.pc
 INIT_FUNCTION_TYPE = extern const struct ldb_module_ops


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-951-g83387ec

[Michael Adam]

The branch, v4-0-test has been updated
   via  83387ecccfe95b80525bf53c5fc9e945ffee10ec (commit)
   via  00c173bfba9c659750bf231fbd9278dd38aa8bfc (commit)
   via  d3b3d3ec9ff64108b4cd5b7c912ab4ea207256cb (commit)
   via  acab9def2a1e3460bef8baae6efc66d9dfad6eac (commit)
  from  a57adcfdd32fa9516eb092f7568e213347c583d7 (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v4-0-test


- Log -
commit 83387ecccfe95b80525bf53c5fc9e945ffee10ec
Author: Michael Adam [EMAIL PROTECTED]
Date:   Wed Feb 20 12:53:07 2008 +0100

libreplace: change samba_cv_ to libreplace_cv_ in libreplace.m4.

Michael

commit 00c173bfba9c659750bf231fbd9278dd38aa8bfc
Author: Michael Adam [EMAIL PROTECTED]
Date:   Wed Feb 20 12:49:30 2008 +0100

libreplace: change samba_cv_ to libreplace_cv_ in system/config.m4.

Michael

commit d3b3d3ec9ff64108b4cd5b7c912ab4ea207256cb
Author: Michael Adam [EMAIL PROTECTED]
Date:   Wed Feb 20 12:46:20 2008 +0100

libreplace: change samba_cv_ to libreplace_cv_ in getpass.m4.

Michael

commit acab9def2a1e3460bef8baae6efc66d9dfad6eac
Author: Michael Adam [EMAIL PROTECTED]
Date:   Wed Feb 20 12:43:37 2008 +0100

libreplace: change samba_cv_ to libreplace_cv_ in getifaddrs.m4

Michael

---

Summary of changes:
 source/lib/replace/getifaddrs.m4|   30 +++---
 source/lib/replace/getpass.m4   |   12 +++---
 source/lib/replace/libreplace.m4|   72 +-
 source/lib/replace/system/config.m4 |   16 
 4 files changed, 65 insertions(+), 65 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/lib/replace/getifaddrs.m4 b/source/lib/replace/getifaddrs.m4
index 4259d1a..4cf86d8 100644
--- a/source/lib/replace/getifaddrs.m4
+++ b/source/lib/replace/getifaddrs.m4
@@ -7,7 +7,7 @@ AC_CHECK_MEMBERS([struct sockaddr.sa_len],
 [#include sys/socket.h])
 
 dnl test for getifaddrs and freeifaddrs
-AC_CACHE_CHECK([for getifaddrs and freeifaddrs],samba_cv_HAVE_GETIFADDRS,[
+AC_CACHE_CHECK([for getifaddrs and freeifaddrs],libreplace_cv_HAVE_GETIFADDRS,[
 AC_TRY_COMPILE([
 #include sys/types.h
 #if STDC_HEADERS
@@ -24,8 +24,8 @@ struct ifaddrs *ifp = NULL;
 int ret = getifaddrs (ifp);
 freeifaddrs(ifp);
 ],
-samba_cv_HAVE_GETIFADDRS=yes,samba_cv_HAVE_GETIFADDRS=no)])
-if test x$samba_cv_HAVE_GETIFADDRS = xyes; then
+libreplace_cv_HAVE_GETIFADDRS=yes,libreplace_cv_HAVE_GETIFADDRS=no)])
+if test x$libreplace_cv_HAVE_GETIFADDRS = xyes; then
 AC_DEFINE(HAVE_GETIFADDRS,1,[Whether the system has getifaddrs])
 AC_DEFINE(HAVE_FREEIFADDRS,1,[Whether the system has freeifaddrs])
AC_DEFINE(HAVE_STRUCT_IFADDRS,1,[Whether struct ifaddrs is available])
@@ -42,15 +42,15 @@ iface=no;
 ##
 # look for a method of finding the list of network interfaces
 iface=no;
-AC_CACHE_CHECK([for iface getifaddrs],samba_cv_HAVE_IFACE_GETIFADDRS,[
+AC_CACHE_CHECK([for iface getifaddrs],libreplace_cv_HAVE_IFACE_GETIFADDRS,[
 AC_TRY_RUN([
 #define NO_CONFIG_H 1
 #define HAVE_IFACE_GETIFADDRS 1
 #define AUTOCONF_TEST 1
 #include $libreplacedir/replace.c
 #include $libreplacedir/getifaddrs.c],
-   
samba_cv_HAVE_IFACE_GETIFADDRS=yes,samba_cv_HAVE_IFACE_GETIFADDRS=no,samba_cv_HAVE_IFACE_GETIFADDRS=cross)])
-if test x$samba_cv_HAVE_IFACE_GETIFADDRS = xyes; then
+   
libreplace_cv_HAVE_IFACE_GETIFADDRS=yes,libreplace_cv_HAVE_IFACE_GETIFADDRS=no,libreplace_cv_HAVE_IFACE_GETIFADDRS=cross)])
+if test x$libreplace_cv_HAVE_IFACE_GETIFADDRS = xyes; then
 iface=yes;AC_DEFINE(HAVE_IFACE_GETIFADDRS,1,[Whether iface getifaddrs is 
available])
 else
LIBREPLACEOBJ=${LIBREPLACEOBJ} getifaddrs.o
@@ -58,39 +58,39 @@ fi
 
 
 if test $iface = no; then
-AC_CACHE_CHECK([for iface AIX],samba_cv_HAVE_IFACE_AIX,[
+AC_CACHE_CHECK([for iface AIX],libreplace_cv_HAVE_IFACE_AIX,[
 AC_TRY_RUN([
 #define HAVE_IFACE_AIX 1
 #define AUTOCONF_TEST 1
 #undef _XOPEN_SOURCE_EXTENDED
 #include $libreplacedir/getifaddrs.c],
-   
samba_cv_HAVE_IFACE_AIX=yes,samba_cv_HAVE_IFACE_AIX=no,samba_cv_HAVE_IFACE_AIX=cross)])
-if test x$samba_cv_HAVE_IFACE_AIX = xyes; then
+   
libreplace_cv_HAVE_IFACE_AIX=yes,libreplace_cv_HAVE_IFACE_AIX=no,libreplace_cv_HAVE_IFACE_AIX=cross)])
+if test x$libreplace_cv_HAVE_IFACE_AIX = xyes; then
 iface=yes;AC_DEFINE(HAVE_IFACE_AIX,1,[Whether iface AIX is available])
 fi
 fi
 
 
 if test $iface = no; then
-AC_CACHE_CHECK([for iface ifconf],samba_cv_HAVE_IFACE_IFCONF,[
+AC_CACHE_CHECK([for iface ifconf],libreplace_cv_HAVE_IFACE_IFCONF,[
 AC_TRY_RUN([
 #define HAVE_IFACE_IFCONF 1
 #define AUTOCONF_TEST 1
 #include $libreplacedir/getifaddrs.c],
-   
samba_cv_HAVE_IFACE_IFCONF=yes,samba_cv_HAVE_IFACE_IFCONF=no,samba_cv_HAVE_IFACE_IFCONF=cross)])
-if test x$samba_cv_HAVE_IFACE_IFCONF = xyes; then
+   

[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2464-g12ec7df

[Michael Adam]

The branch, v3-2-test has been updated
   via  12ec7dfb109bedd7b086702394a7094a4853cf1f (commit)
   via  450034582ba78b296e9cacc9ea06b632196b8644 (commit)
   via  d6719f1c2f349c34d7a14e8e0e264db8dbe48598 (commit)
   via  f790cb4aedee58abe6324c47912b58a808bfca51 (commit)
  from  53c9098253f5a7f84ea8079a755b9d4f0b28fb2c (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test


- Log -
commit 12ec7dfb109bedd7b086702394a7094a4853cf1f
Author: Michael Adam [EMAIL PROTECTED]
Date:   Wed Feb 20 12:53:07 2008 +0100

libreplace: change samba_cv_ to libreplace_cv_ in libreplace.m4.

Michael
(cherry picked from commit 83387ecccfe95b80525bf53c5fc9e945ffee10ec)

commit 450034582ba78b296e9cacc9ea06b632196b8644
Author: Michael Adam [EMAIL PROTECTED]
Date:   Wed Feb 20 12:49:30 2008 +0100

libreplace: change samba_cv_ to libreplace_cv_ in system/config.m4.

Michael
(cherry picked from commit 00c173bfba9c659750bf231fbd9278dd38aa8bfc)

commit d6719f1c2f349c34d7a14e8e0e264db8dbe48598
Author: Michael Adam [EMAIL PROTECTED]
Date:   Wed Feb 20 12:46:20 2008 +0100

libreplace: change samba_cv_ to libreplace_cv_ in getpass.m4.

Michael
(cherry picked from commit d3b3d3ec9ff64108b4cd5b7c912ab4ea207256cb)

commit f790cb4aedee58abe6324c47912b58a808bfca51
Author: Michael Adam [EMAIL PROTECTED]
Date:   Wed Feb 20 12:43:37 2008 +0100

libreplace: change samba_cv_ to libreplace_cv_ in getifaddrs.m4

Michael
(cherry picked from commit acab9def2a1e3460bef8baae6efc66d9dfad6eac)

---

Summary of changes:
 source/lib/replace/getifaddrs.m4|   30 +++---
 source/lib/replace/getpass.m4   |   12 +++---
 source/lib/replace/libreplace.m4|   72 +-
 source/lib/replace/system/config.m4 |   16 
 4 files changed, 65 insertions(+), 65 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/lib/replace/getifaddrs.m4 b/source/lib/replace/getifaddrs.m4
index 4259d1a..4cf86d8 100644
--- a/source/lib/replace/getifaddrs.m4
+++ b/source/lib/replace/getifaddrs.m4
@@ -7,7 +7,7 @@ AC_CHECK_MEMBERS([struct sockaddr.sa_len],
 [#include sys/socket.h])
 
 dnl test for getifaddrs and freeifaddrs
-AC_CACHE_CHECK([for getifaddrs and freeifaddrs],samba_cv_HAVE_GETIFADDRS,[
+AC_CACHE_CHECK([for getifaddrs and freeifaddrs],libreplace_cv_HAVE_GETIFADDRS,[
 AC_TRY_COMPILE([
 #include sys/types.h
 #if STDC_HEADERS
@@ -24,8 +24,8 @@ struct ifaddrs *ifp = NULL;
 int ret = getifaddrs (ifp);
 freeifaddrs(ifp);
 ],
-samba_cv_HAVE_GETIFADDRS=yes,samba_cv_HAVE_GETIFADDRS=no)])
-if test x$samba_cv_HAVE_GETIFADDRS = xyes; then
+libreplace_cv_HAVE_GETIFADDRS=yes,libreplace_cv_HAVE_GETIFADDRS=no)])
+if test x$libreplace_cv_HAVE_GETIFADDRS = xyes; then
 AC_DEFINE(HAVE_GETIFADDRS,1,[Whether the system has getifaddrs])
 AC_DEFINE(HAVE_FREEIFADDRS,1,[Whether the system has freeifaddrs])
AC_DEFINE(HAVE_STRUCT_IFADDRS,1,[Whether struct ifaddrs is available])
@@ -42,15 +42,15 @@ iface=no;
 ##
 # look for a method of finding the list of network interfaces
 iface=no;
-AC_CACHE_CHECK([for iface getifaddrs],samba_cv_HAVE_IFACE_GETIFADDRS,[
+AC_CACHE_CHECK([for iface getifaddrs],libreplace_cv_HAVE_IFACE_GETIFADDRS,[
 AC_TRY_RUN([
 #define NO_CONFIG_H 1
 #define HAVE_IFACE_GETIFADDRS 1
 #define AUTOCONF_TEST 1
 #include $libreplacedir/replace.c
 #include $libreplacedir/getifaddrs.c],
-   
samba_cv_HAVE_IFACE_GETIFADDRS=yes,samba_cv_HAVE_IFACE_GETIFADDRS=no,samba_cv_HAVE_IFACE_GETIFADDRS=cross)])
-if test x$samba_cv_HAVE_IFACE_GETIFADDRS = xyes; then
+   
libreplace_cv_HAVE_IFACE_GETIFADDRS=yes,libreplace_cv_HAVE_IFACE_GETIFADDRS=no,libreplace_cv_HAVE_IFACE_GETIFADDRS=cross)])
+if test x$libreplace_cv_HAVE_IFACE_GETIFADDRS = xyes; then
 iface=yes;AC_DEFINE(HAVE_IFACE_GETIFADDRS,1,[Whether iface getifaddrs is 
available])
 else
LIBREPLACEOBJ=${LIBREPLACEOBJ} getifaddrs.o
@@ -58,39 +58,39 @@ fi
 
 
 if test $iface = no; then
-AC_CACHE_CHECK([for iface AIX],samba_cv_HAVE_IFACE_AIX,[
+AC_CACHE_CHECK([for iface AIX],libreplace_cv_HAVE_IFACE_AIX,[
 AC_TRY_RUN([
 #define HAVE_IFACE_AIX 1
 #define AUTOCONF_TEST 1
 #undef _XOPEN_SOURCE_EXTENDED
 #include $libreplacedir/getifaddrs.c],
-   
samba_cv_HAVE_IFACE_AIX=yes,samba_cv_HAVE_IFACE_AIX=no,samba_cv_HAVE_IFACE_AIX=cross)])
-if test x$samba_cv_HAVE_IFACE_AIX = xyes; then
+   
libreplace_cv_HAVE_IFACE_AIX=yes,libreplace_cv_HAVE_IFACE_AIX=no,libreplace_cv_HAVE_IFACE_AIX=cross)])
+if test x$libreplace_cv_HAVE_IFACE_AIX = xyes; then
 iface=yes;AC_DEFINE(HAVE_IFACE_AIX,1,[Whether iface AIX is available])
 fi
 fi
 
 
 if test $iface = no; then
-AC_CACHE_CHECK([for iface ifconf],samba_cv_HAVE_IFACE_IFCONF,[
+AC_CACHE_CHECK([for iface ifconf],libreplace_cv_HAVE_IFACE_IFCONF,[
 

[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2465-g9b9495d

[Michael Adam]

The branch, v3-2-test has been updated
   via  9b9495d3672e3a8e74d153dbef62825e6b5d5170 (commit)
  from  12ec7dfb109bedd7b086702394a7094a4853cf1f (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test


- Log -
commit 9b9495d3672e3a8e74d153dbef62825e6b5d5170
Author: Michael Adam [EMAIL PROTECTED]
Date:   Wed Feb 20 17:26:39 2008 +0100

Remove tests for vsnprintf snprintf asprintf vasprintf and va_copy from 
configure.

These are tested in libreplace.

Michael

---

Summary of changes:
 source/configure.in |   54 +--
 1 files changed, 1 insertions(+), 53 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/configure.in b/source/configure.in
index 6b9131c..e218c0b 100644
--- a/source/configure.in
+++ b/source/configure.in
@@ -907,10 +907,6 @@ fi
 AC_HAVE_DECL(errno, [#include errno.h])
 AC_HAVE_DECL(setresuid, [#include unistd.h])
 AC_HAVE_DECL(setresgid, [#include unistd.h])
-AC_HAVE_DECL(asprintf, [#include stdio.h])
-AC_HAVE_DECL(vasprintf, [#include stdio.h])
-AC_HAVE_DECL(vsnprintf, [#include stdio.h])
-AC_HAVE_DECL(snprintf, [#include stdio.h])
 
 # and glibc has setresuid under linux but the function does
 # nothing until kernel 2.1.44! very dumb.
@@ -1062,7 +1058,7 @@ AC_CHECK_FUNCS(waitpid getcwd strdup strndup strnlen 
strerror chown fchown lchow
 AC_CHECK_FUNCS(strtol strtoll strtoul strtoull strtouq __strtoull)
 AC_CHECK_FUNCS(fstat strchr utime utimes chflags)
 AC_CHECK_FUNCS(getrlimit fsync fdatasync memset strlcpy strlcat setpgid)
-AC_CHECK_FUNCS(memmove vsnprintf snprintf asprintf vasprintf setsid glob 
strpbrk pipe crypt16 getauthuid)
+AC_CHECK_FUNCS(memmove setsid glob strpbrk pipe crypt16 getauthuid)
 AC_CHECK_FUNCS(strftime sigprocmask sigblock sigaction sigset innetgr 
setnetgrent getnetgrent endnetgrent)
 AC_CHECK_FUNCS(initgroups select poll rdchk getgrnam getgrent pathconf 
realpath)
 AC_CHECK_FUNCS(setpriv setgidx setuidx setgroups sysconf mktime rename 
ftruncate chsize stat64 fstat64)
@@ -2032,54 +2028,6 @@ if test x$samba_cv_WITH_PROFILE = xyes; then
 
 fi
 
-AC_CACHE_CHECK([for va_copy],samba_cv_HAVE_VA_COPY,[
-AC_TRY_LINK([#include stdarg.h
-va_list ap1,ap2;], [va_copy(ap1,ap2);],
-samba_cv_HAVE_VA_COPY=yes,
-samba_cv_HAVE_VA_COPY=no)])
-if test x$samba_cv_HAVE_VA_COPY = xyes; then
-AC_DEFINE(HAVE_VA_COPY,1,[Whether va_copy() is available])
-else
-AC_CACHE_CHECK([for __va_copy],samba_cv_HAVE___VA_COPY,[
-AC_TRY_LINK([#include stdarg.h
-va_list ap1,ap2;], [__va_copy(ap1,ap2);],
-samba_cv_HAVE___VA_COPY=yes,
-samba_cv_HAVE___VA_COPY=no)])
-if test x$samba_cv_HAVE___VA_COPY = xyes; then
-AC_DEFINE(HAVE___VA_COPY,1,[Whether __va_copy() is available])
-fi
-fi
-
-AC_CACHE_CHECK([for C99 vsnprintf],samba_cv_HAVE_C99_VSNPRINTF,[
-AC_TRY_RUN([
-#include sys/types.h
-#include stdarg.h
-void foo(const char *format, ...) {
-   va_list ap;
-   int len;
-   char buf[5];
-
-   va_start(ap, format);
-   len = vsnprintf(buf, 0, format, ap);
-   va_end(ap);
-   if (len != 5) exit(1);
-
-   va_start(ap, format);
-   len = vsnprintf(0, 0, format, ap);
-   va_end(ap);
-   if (len != 5) exit(1);
-
-   if (snprintf(buf, 3, hello) != 5 || strcmp(buf, he) != 0) exit(1);
-
-   exit(0);
-}
-main() { foo(hello); }
-],
-samba_cv_HAVE_C99_VSNPRINTF=yes,samba_cv_HAVE_C99_VSNPRINTF=no,samba_cv_HAVE_C99_VSNPRINTF=cross)])
-if test x$samba_cv_HAVE_C99_VSNPRINTF = xyes; then
-AC_DEFINE(HAVE_C99_VSNPRINTF,1,[Whether there is a C99 compliant 
vsnprintf])
-fi
-
 AC_CACHE_CHECK([for broken readdir name],samba_cv_HAVE_BROKEN_READDIR_NAME,[
 AC_TRY_RUN([#include sys/types.h
 #include dirent.h


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-955-g53c70b5

[Jelmer Vernooij]

The branch, v4-0-test has been updated
   via  53c70b5f77a3b9abaab783590e66278129173d5f (commit)
   via  54ebd4e353038e86470ad036aa038e18a4296b4b (commit)
   via  da1a9438bd89569077ef1eaa9dc977b5f9d62836 (commit)
   via  675bab738085cb5a9f17c1f159fbd97c4daafed2 (commit)
  from  83387ecccfe95b80525bf53c5fc9e945ffee10ec (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v4-0-test


- Log -
commit 53c70b5f77a3b9abaab783590e66278129173d5f
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Wed Feb 20 20:05:51 2008 +0100

Support dlopen(NULL, ...) on HPUX.

commit 54ebd4e353038e86470ad036aa038e18a4296b4b
Merge: da1a9438bd89569077ef1eaa9dc977b5f9d62836 
83387ecccfe95b80525bf53c5fc9e945ffee10ec
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Wed Feb 20 19:41:52 2008 +0100

Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 
v4-0-trivial

commit da1a9438bd89569077ef1eaa9dc977b5f9d62836
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Wed Feb 20 19:40:20 2008 +0100

Make more module init functions public, since they are compiled with 
-fvisibility=hidden. Not doing this causes failures on Mac OS X.

commit 675bab738085cb5a9f17c1f159fbd97c4daafed2
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Wed Feb 20 19:34:45 2008 +0100

Make all auth module init functions public, since they are compiled with 
-fvisibility=hidden. Not doing this causes failures on Mac OS X.

---

Summary of changes:
 source/auth/auth_anonymous.c|2 +-
 source/auth/auth_developer.c|2 +-
 source/auth/auth_sam.c  |2 +-
 source/auth/auth_unix.c |2 +-
 source/auth/auth_winbind.c  |2 +-
 source/auth/gensec/gensec_gssapi.c  |2 +-
 source/auth/gensec/gensec_krb5.c|2 +-
 source/auth/gensec/schannel.c   |2 +-
 source/auth/gensec/spnego.c |2 +-
 source/auth/ntlmssp/ntlmssp.c   |2 +-
 source/lib/events/events_select.c   |2 +-
 source/lib/events/events_standard.c |2 +-
 source/lib/replace/dlfcn.c  |2 ++
 source/lib/socket/socket_ip.c   |4 ++--
 source/lib/socket/socket_unix.c |2 +-
 15 files changed, 17 insertions(+), 15 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/auth/auth_anonymous.c b/source/auth/auth_anonymous.c
index bcab918..38c13d4 100644
--- a/source/auth/auth_anonymous.c
+++ b/source/auth/auth_anonymous.c
@@ -63,7 +63,7 @@ static const struct auth_operations anonymous_auth_ops = {
.check_password = anonymous_check_password
 };
 
-NTSTATUS auth_anonymous_init(void)
+_PUBLIC_ NTSTATUS auth_anonymous_init(void)
 {
NTSTATUS ret;
 
diff --git a/source/auth/auth_developer.c b/source/auth/auth_developer.c
index 57eb752..0da947b 100644
--- a/source/auth/auth_developer.c
+++ b/source/auth/auth_developer.c
@@ -186,7 +186,7 @@ static const struct auth_operations 
fixed_challenge_auth_ops = {
.check_password = fixed_challenge_check_password
 };
 
-NTSTATUS auth_developer_init(void)
+_PUBLIC_ NTSTATUS auth_developer_init(void)
 {
NTSTATUS ret;
 
diff --git a/source/auth/auth_sam.c b/source/auth/auth_sam.c
index 0885d82..9189640 100644
--- a/source/auth/auth_sam.c
+++ b/source/auth/auth_sam.c
@@ -425,7 +425,7 @@ static const struct auth_operations sam_ops = {
.check_password = authsam_check_password
 };
 
-NTSTATUS auth_sam_init(void)
+_PUBLIC_ NTSTATUS auth_sam_init(void)
 {
NTSTATUS ret;
 
diff --git a/source/auth/auth_unix.c b/source/auth/auth_unix.c
index 62fb429..20e1987 100644
--- a/source/auth/auth_unix.c
+++ b/source/auth/auth_unix.c
@@ -829,7 +829,7 @@ static const struct auth_operations unix_ops = {
.check_password = authunix_check_password
 };
 
-NTSTATUS auth_unix_init(void)
+_PUBLIC_ NTSTATUS auth_unix_init(void)
 {
NTSTATUS ret;
 
diff --git a/source/auth/auth_winbind.c b/source/auth/auth_winbind.c
index 89ae319..2f8074d 100644
--- a/source/auth/auth_winbind.c
+++ b/source/auth/auth_winbind.c
@@ -260,7 +260,7 @@ static const struct auth_operations winbind_ops = {
.check_password = winbind_check_password
 };
 
-NTSTATUS auth_winbind_init(void)
+_PUBLIC_ NTSTATUS auth_winbind_init(void)
 {
NTSTATUS ret;
 
diff --git a/source/auth/gensec/gensec_gssapi.c 
b/source/auth/gensec/gensec_gssapi.c
index 87fa476..8361b11 100644
--- a/source/auth/gensec/gensec_gssapi.c
+++ b/source/auth/gensec/gensec_gssapi.c
@@ -1463,7 +1463,7 @@ static const struct gensec_security_ops 
gensec_gssapi_sasl_krb5_security_ops = {
.priority = GENSEC_GSSAPI
 };
 
-NTSTATUS gensec_gssapi_init(void)
+_PUBLIC_ NTSTATUS gensec_gssapi_init(void)
 {
NTSTATUS ret;
 
diff --git a/source/auth/gensec/gensec_krb5.c b/source/auth/gensec/gensec_krb5.c
index 5cd0de1..d9addca 100644
--- a/source/auth/gensec/gensec_krb5.c
+++ 

[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2466-g8883ee2

[Michael Adam]

The branch, v3-2-test has been updated
   via  8883ee2418152d58e2ce609e02105e009f8ca4e8 (commit)
  from  9b9495d3672e3a8e74d153dbef62825e6b5d5170 (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test


- Log -
commit 8883ee2418152d58e2ce609e02105e009f8ca4e8
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Wed Feb 20 20:05:51 2008 +0100

Support dlopen(NULL, ...) on HPUX.
(cherry picked from commit 53c70b5f77a3b9abaab783590e66278129173d5f)

---

Summary of changes:
 source/lib/replace/dlfcn.c |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/lib/replace/dlfcn.c b/source/lib/replace/dlfcn.c
index 4284884..3b109d7 100644
--- a/source/lib/replace/dlfcn.c
+++ b/source/lib/replace/dlfcn.c
@@ -35,6 +35,8 @@ void *rep_dlopen(const char *name, int flags)
 #endif
 {
 #ifdef HAVE_SHL_LOAD
+   if (name == NULL)
+   return PROG_HANDLE;
return (void *)shl_load(name, flags, 0);
 #else
return NULL;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2470-g39eef8e

[Michael Adam]

The branch, v3-2-test has been updated
   via  39eef8e86cfab60c1328d2335a737b41d8fd6db0 (commit)
   via  63bff18f3f6396736910a8e1f5f2abf453c4f89a (commit)
   via  8b220717e8dd62455716d4aaf6728087d04fb71b (commit)
   via  2e6b66eda4dc30f03f1309a1dbef3eb87a4f7d1e (commit)
  from  8883ee2418152d58e2ce609e02105e009f8ca4e8 (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test


- Log -
commit 39eef8e86cfab60c1328d2335a737b41d8fd6db0
Author: Michael Adam [EMAIL PROTECTED]
Date:   Wed Feb 20 23:44:17 2008 +0100

Fix build with static libs: place tdb static lib after tdb-util objects.

Michael

commit 63bff18f3f6396736910a8e1f5f2abf453c4f89a
Author: Michael Adam [EMAIL PROTECTED]
Date:   Wed Feb 20 22:47:31 2008 +0100

configure: add --enable-shared-libs to control overall internal use of 
shared libs.

To disable internal use of shared libraries altogether (as opposed to
disabling use of single shared libs by --with-static-libs=LIBS), use
this new configure parameter --disable-shared-libs.

Michael

commit 8b220717e8dd62455716d4aaf6728087d04fb71b
Author: Michael Adam [EMAIL PROTECTED]
Date:   Wed Feb 20 21:33:06 2008 +0100

configure: Move assemblage of samba version strings to m4 include file.

Michael

commit 2e6b66eda4dc30f03f1309a1dbef3eb87a4f7d1e
Author: Michael Adam [EMAIL PROTECTED]
Date:   Wed Feb 20 17:56:21 2008 +0100

Remove checks for ino_t, loff_t, offset_t, and comparison_fn_t from 
configure.in.

These tests are in libreplace.

Michael

---

Summary of changes:
 source/Makefile.in |5 ++-
 source/configure.in|   60 ---
 source/m4/samba_version.m4 |   29 +
 3 files changed, 65 insertions(+), 29 deletions(-)
 create mode 100644 source/m4/samba_version.m4


Changeset truncated at 500 lines:

diff --git a/source/Makefile.in b/source/Makefile.in
index 4402a6c..5c0b73a 100644
--- a/source/Makefile.in
+++ b/source/Makefile.in
@@ -241,8 +241,9 @@ MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) 
$(IDMAP_MODULES) \
 LIBTDB_OBJ0 = @TDB_OBJS@
 LIBTDB_OBJ = $(LIBTDB_OBJ0) $(LIBREPLACE_OBJ)
 
-TDB_OBJ = @LIBTDB_STATIC@ lib/util_tdb.o \
-   lib/dbwrap.o lib/dbwrap_tdb.o lib/dbwrap_ctdb.o lib/dbwrap_rbt.o
+TDB_OBJ = lib/util_tdb.o \
+ lib/dbwrap.o lib/dbwrap_tdb.o lib/dbwrap_ctdb.o lib/dbwrap_rbt.o \
+ @LIBTDB_STATIC@
 
 SMBLDAP_OBJ = @SMBLDAP@ @SMBLDAPUTIL@
 
diff --git a/source/configure.in b/source/configure.in
index e218c0b..fe9d716 100644
--- a/source/configure.in
+++ b/source/configure.in
@@ -18,25 +18,7 @@ esac
 builddir=`pwd`
 AC_SUBST(builddir)
 
-SMB_VERSION_STRING=`cat $srcdir/include/version.h | grep 
'SAMBA_VERSION_OFFICIAL_STRING' | cut -d '' -f2`
-echo SAMBA VERSION: ${SMB_VERSION_STRING}
-
-SAMBA_VERSION_GIT_COMMIT_FULLREV=`cat $srcdir/include/version.h | grep 
'SAMBA_VERSION_GIT_COMMIT_FULLREV' | cut -d ' ' -f3- | cut -d '' -f2`
-if test -n ${SAMBA_VERSION_GIT_COMMIT_FULLREV};then
-   echo BUILD COMMIT REVISION: ${SAMBA_VERSION_GIT_COMMIT_FULLREV}
-fi
-SAMBA_VERSION_GIT_COMMIT_DATE=`cat $srcdir/include/version.h | grep 
'SAMBA_VERSION_GIT_COMMIT_DATE' | cut -d ' ' -f3-`
-if test -n ${SAMBA_VERSION_GIT_COMMIT_DATE};then
-   echo BUILD COMMIT DATE: ${SAMBA_VERSION_GIT_COMMIT_DATE}
-fi
-SAMBA_VERSION_GIT_COMMIT_TIME=`cat $srcdir/include/version.h | grep 
'SAMBA_VERSION_GIT_COMMIT_TIME' | cut -d ' ' -f3-`
-if test -n ${SAMBA_VERSION_GIT_COMMIT_TIME};then
-   echo BUILD COMMIT TIME: ${SAMBA_VERSION_GIT_COMMIT_TIME}
-
-   # just to keep the build-farm gui happy for now...
-   echo BUILD REVISION: ${SAMBA_VERSION_GIT_COMMIT_TIME}
-fi
-
+m4_include(m4/samba_version.m4)
 m4_include(m4/check_path.m4)
 
 AC_LIBREPLACE_CC_CHECKS
@@ -792,13 +774,8 @@ AC_TYPE_SIZE_T
 AC_TYPE_PID_T
 AC_STRUCT_ST_RDEV
 AC_DIRENT_D_OFF
-AC_CHECK_TYPE(ino_t,unsigned)
-AC_CHECK_TYPE(loff_t,off_t)
-AC_CHECK_TYPE(offset_t,loff_t)
 AC_CHECK_TYPE(ssize_t, int)
 AC_CHECK_TYPE(wchar_t, unsigned short)
-AC_CHECK_TYPE(comparison_fn_t,
-[AC_DEFINE(HAVE_COMPARISON_FN_T, 1,[Whether or not we have comparison_fn_t])])
 
 
 # for cups support we need libcups, and a handful of header files
@@ -4723,6 +4700,31 @@ if test $enable_static = yes; then
 fi
 
 #
+# --disable-shared-libs
+# can be used to disable the internal use of shared libs altogether
+# (this only has an effect when building shared libs is enabled)
+#
+USESHARED=false
+AC_SUBST(USESHARED)
+
+AC_MSG_CHECKING(whether to use shared libraries internally)
+AC_ARG_ENABLE([shared-libs],
+   AS_HELP_STRING([--enable-shared-libs],
+   [Use shared libraries internally (default=yes)]),
+   [enable_shared_libs=$enableval],
+

[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-957-g5cd3310

[Andrew Bartlett]

The branch, v4-0-test has been updated
   via  5cd3310b78a85243eb436d05db3228c3495f9162 (commit)
   via  c4d502f68fbd5d5bc2ac5bb6369950379c9176fc (commit)
  from  53c70b5f77a3b9abaab783590e66278129173d5f (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v4-0-test


- Log -
commit 5cd3310b78a85243eb436d05db3228c3495f9162
Merge: c4d502f68fbd5d5bc2ac5bb6369950379c9176fc 
53c70b5f77a3b9abaab783590e66278129173d5f
Author: Andrew Bartlett [EMAIL PROTECTED]
Date:   Thu Feb 21 09:55:13 2008 +1100

Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local

commit c4d502f68fbd5d5bc2ac5bb6369950379c9176fc
Author: Andrew Bartlett [EMAIL PROTECTED]
Date:   Thu Feb 21 09:53:11 2008 +1100

Until the new ldb changes land, make ldb_wait set the error string.

This makes it easier to track down which module only returned and
error code, but not the error string.

Andrew Bartlett

---

Summary of changes:
 source/lib/ldb/common/ldb.c |8 +++-
 1 files changed, 7 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/lib/ldb/common/ldb.c b/source/lib/ldb/common/ldb.c
index 5f2e5e3..3c9ef3f 100644
--- a/source/lib/ldb/common/ldb.c
+++ b/source/lib/ldb/common/ldb.c
@@ -508,11 +508,17 @@ static int ldb_autotransaction_request(struct ldb_context 
*ldb, struct ldb_reque
 
 int ldb_wait(struct ldb_handle *handle, enum ldb_wait_type type)
 {
+   int ret;
if (!handle) {
return LDB_SUCCESS;
}
 
-   return handle-module-ops-wait(handle, type);
+   ret = handle-module-ops-wait(handle, type);
+   if (!ldb_errstring(handle-module-ldb)) {
+   /* Set a default error string, to place the blame somewhere */
+   ldb_asprintf_errstring(handle-module-ldb, error waiting on 
module %s: %s (%d), handle-module-ops-name, ldb_strerror(ret), ret);
+   }
+   return ret;
 }
 
 /* set the specified timeout or, if timeout is 0 set the default timeout */


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-958-gb1d2584

[Andrew Bartlett]

The branch, v4-0-test has been updated
   via  b1d2584277304be3f2a640465cbf6b2a3ec571cc (commit)
  from  5cd3310b78a85243eb436d05db3228c3495f9162 (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v4-0-test


- Log -
commit b1d2584277304be3f2a640465cbf6b2a3ec571cc
Author: Andrew Bartlett [EMAIL PROTECTED]
Date:   Thu Feb 21 10:43:13 2008 +1100

Be consistant about --ldap-backend-type

Make the EJS provision and the selftest scripts both use the new
syntax for speicifying the ldap backend type.

Andrew Bartlett

---

Summary of changes:
 source/selftest/target/Samba4.pm |3 ++-
 source/setup/provision   |   16 ++--
 2 files changed, 12 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/selftest/target/Samba4.pm b/source/selftest/target/Samba4.pm
index 563aca8..11d4c85 100644
--- a/source/selftest/target/Samba4.pm
+++ b/source/selftest/target/Samba4.pm
@@ -729,9 +729,10 @@ nogroup:x:65534:nobody
 
if ($self-{ldap} eq openldap) {
   ($ret-{SLAPD_CONF}, $ret-{OPENLDAP_PIDFILE}) = 
$self-mk_openldap($ldapdir, $configuration) or die(Unable to create openldap 
directories);
+  push (@provision_options, 
--ldap-backend-type=openldap);
} elsif ($self-{ldap} eq fedora-ds) {
   ($ret-{FEDORA_DS_DIR}, $ret-{FEDORA_DS_PIDFILE}) = 
$self-mk_fedora_ds($ldapdir, $configuration) or die(Unable to create fedora 
ds directories);
-  push (@provision_options, --ldap-module=nsuniqueid);
+  push (@provision_options, 
--ldap-backend-type=fedora-ds);
   push (@provision_options, '--aci=aci:: 
KHRhcmdldGF0dHIgPSAiKiIpICh2ZXJzaW9uIDMuMDthY2wgImZ1bGwgYWNjZXNzIHRvIGFsbCBieSBhbGwiO2FsbG93IChhbGwpKHVzZXJkbiA9ICJsZGFwOi8vL2FueW9uZSIpOykK');
  }
 
diff --git a/source/setup/provision b/source/setup/provision
index 9e135cd..328754f 100755
--- a/source/setup/provision
+++ b/source/setup/provision
@@ -35,7 +35,7 @@ options = GetOptions(ARGV,
'partitions-only',
'ldap-base',
'ldap-backend=s',
-'ldap-module=s',
+'ldap-backend-type=s',
 'aci=s');
 
 if (options == undefined) {
@@ -88,7 +88,7 @@ provision [options]
  --partitions-only  Configure Samba's partitions, but do not 
modify them (ie, join a BDC)
  --ldap-base   output only an LDIF file, suitable for creating 
an LDAP baseDN
  --ldap-backend LDAPSERVER  LDAP server to use for this provision
- --ldap-module  MODULE  LDB mapping module to use for the LDAP backend
+ --ldap-backend-type  TYPE  OpenLDAP or Fedora DS
  --aci  ACI An arbitary LDIF fragment, particularly useful 
to loading a backend ACI value into a target LDAP server
 You must provide at least a realm and domain
 
@@ -124,7 +124,7 @@ for (r in options) {
 
 var blank = (options[blank] != undefined);
 var ldapbackend = (options[ldap-backend] != undefined);
-var ldapmodule = (options[ldap-module] != undefined);
+var ldapbackendtype = options[ldap-backend-type];
 var partitions_only = (options[partitions-only] != undefined);
 var paths = provision_default_paths(subobj);
 if (options[aci] != undefined) {
@@ -139,9 +139,13 @@ if (ldapbackend) {
if (options[ldap-backend] == ldapi) {
subobj.LDAPBACKEND = subobj.LDAPI_URI;
}
-   if (!ldapmodule) {
+   if (ldapbackendtype == undefined) {
+  
+   } else if (ldapbackendtype == openldap) {
subobj.LDAPMODULE = normalise,entryuuid;
subobj.TDB_MODULES_LIST = ;
+   } else if (ldapbackendtype == fedora-ds) {
+   subobj.LDAPMODULE = nsuniqueid;
}
subobj.BACKEND_MOD = subobj.LDAPMODULE + ,paged_searches;
subobj.DOMAINDN_LDB = subobj.LDAPBACKEND;
@@ -183,8 +187,8 @@ if (partitions_only) {
if (ldapbackend) {
message(--ldap-backend='%s' \\\n, subobj.LDAPBACKEND);
}
-   if (ldapmodule) {
-   message(--ldap-module='%s' \\\n, + subobj.LDAPMODULE);
+   if (ldapbackendtype != undefined) {
+   message(--ldap-backend-type='%s' \\\n, + ldapbackendtype);
}
message(--aci=' + subobj.ACI + ' \\\n)
 }


-- 
Samba Shared Repository

Build status as of Thu Feb 21 00:00:02 2008

[build]

URL: http://build.samba.org/

--- /home/build/master/cache/broken_results.txt.old 2008-02-20 
00:00:48.0 +
+++ /home/build/master/cache/broken_results.txt 2008-02-21 00:00:18.0 
+
@@ -1,4 +1,4 @@
-Build status as of Wed Feb 20 00:00:02 2008
+Build status as of Thu Feb 21 00:00:02 2008
 
 Build counts:
 Tree Total  Broken Panic 
@@ -6,17 +6,17 @@
 ccache   32 8  0 
 ctdb 0  0  0 
 distcc   1  0  0 
-ldb  32 16 0 
-libreplace   31 17 0 
+ldb  32 30 0 
+libreplace   31 16 0 
 lorikeet-heimdal 26 13 0 
 pidl 18 5  0 
 ppp  10 0  0 
 rsync32 12 0 
 samba-docs   0  0  0 
 samba-gtk4  4  0 
-samba_3_2_test 32 26 0 
-samba_4_0_test 30 30 0 
+samba_3_2_test 32 21 0 
+samba_4_0_test 30 26 0 
 smb-build30 3  0 
-talloc   32 8  0 
+talloc   32 7  0 
 tdb  31 16 0 
 

[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-960-g1bb673c

[Jelmer Vernooij]

The branch, v4-0-test has been updated
   via  1bb673ce4e84088bc77d490101e8904cf9a467a2 (commit)
   via  e8751e513d5f9b30e518104bbc23bcbd203818a6 (commit)
  from  b1d2584277304be3f2a640465cbf6b2a3ec571cc (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v4-0-test


- Log -
commit 1bb673ce4e84088bc77d490101e8904cf9a467a2
Merge: e8751e513d5f9b30e518104bbc23bcbd203818a6 
b1d2584277304be3f2a640465cbf6b2a3ec571cc
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Thu Feb 21 01:07:06 2008 +0100

Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 
v4-0-trivial

commit e8751e513d5f9b30e518104bbc23bcbd203818a6
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Thu Feb 21 01:04:18 2008 +0100

Never assume -fvisibility=hidden for modules unless explicitly specified 
(consistent with what we do for other subsystems/libraries).

---

Summary of changes:
 source/build/smb_build/input.pm |8 
 1 files changed, 0 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/build/smb_build/input.pm b/source/build/smb_build/input.pm
index da90e9d..8c9a6ef 100644
--- a/source/build/smb_build/input.pm
+++ b/source/build/smb_build/input.pm
@@ -233,14 +233,6 @@ sub check($)
my ($INPUT, $enabled, $subsys_ot, $lib_ot, $module_ot) = @_;
 
foreach my $part (values %$INPUT) {
-   unless (defined($part-{STANDARD_VISIBILITY})) {
-   if ($part-{TYPE} eq MODULE or $part-{TYPE} eq 
BINARY) {
-   $part-{STANDARD_VISIBILITY} = hidden;
-   } else {
-   $part-{STANDARD_VISIBILITY} = default;
-   }
-   }
-
unless (defined($part-{PUBLIC_HEADERS})) {
$part-{PUBLIC_HEADERS} = [];
}


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha2-962-ga0a05c5

[Jelmer Vernooij]

The branch, v4-0-test has been updated
   via  a0a05c5a3d614d0f2936ecfcab5273a2ef7d61a8 (commit)
   via  157deac27d01dc61952601ffd2655c8161418ac7 (commit)
  from  1bb673ce4e84088bc77d490101e8904cf9a467a2 (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v4-0-test


- Log -
commit a0a05c5a3d614d0f2936ecfcab5273a2ef7d61a8
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Thu Feb 21 01:22:20 2008 +0100

Make setup/provision the name of the python provision script now that that 
is the default.

commit 157deac27d01dc61952601ffd2655c8161418ac7
Author: Jelmer Vernooij [EMAIL PROTECTED]
Date:   Thu Feb 21 01:20:12 2008 +0100

Remove kinit with pkinit failure from known failures list again.

---

Summary of changes:
 source/samba4-knownfail  |1 -
 source/selftest/target/Samba4.pm |4 +-
 source/setup/provision   |  368 ++
 source/setup/{provision = provision.js} |0 
 source/setup/provision.py|  170 --
 source/setup/tests/blackbox_provision.sh |6 +-
 6 files changed, 175 insertions(+), 374 deletions(-)
 copy source/setup/{provision = provision.js} (100%)
 delete mode 100755 source/setup/provision.py


Changeset truncated at 500 lines:

diff --git a/source/samba4-knownfail b/source/samba4-knownfail
index 652..18fb4b9 100644
--- a/source/samba4-knownfail
+++ b/source/samba4-knownfail
@@ -34,6 +34,5 @@ rpc.netlogon.*.GetTrustPasswords
 base.charset.*.Testing partial surrogate
 .*net.api.delshare.*   # DelShare isn't implemented yet
 rap.*netservergetinfo
-kinit with pkinit # fails with: salt type 3 not supported
 samba4.blackbox.provision.py.reprovision # Fails with entry already exists
 local.torture.provision
diff --git a/source/selftest/target/Samba4.pm b/source/selftest/target/Samba4.pm
index 11d4c85..37e3cbe 100644
--- a/source/selftest/target/Samba4.pm
+++ b/source/selftest/target/Samba4.pm
@@ -676,10 +676,10 @@ nogroup:x:65534:nobody
push (@provision_options, NSS_WRAPPER_GROUP=\$nsswrap_group\);
if (defined($ENV{PROVISION_EJS})) {
push (@provision_options, $self-{bindir}/smbscript);
-   push (@provision_options, $self-{setupdir}/provision);
+   push (@provision_options, $self-{setupdir}/provision.js);
} else {
push (@provision_options, $self-{bindir}/smbpython);
-   push (@provision_options, $self-{setupdir}/provision.py);
+   push (@provision_options, $self-{setupdir}/provision);
}
push (@provision_options, split(' ', $configuration));
push (@provision_options, --host-name=$netbiosname);
diff --git a/source/setup/provision b/source/setup/provision
index 328754f..033d249 100755
--- a/source/setup/provision
+++ b/source/setup/provision
@@ -1,198 +1,170 @@
-#!/bin/sh
-exec smbscript $0 ${1+$@}
-/*
-   provision a Samba4 server
-   Copyright Andrew Tridgell 2005
-   Released under the GNU GPL v2 or later
-*/
-
-options = GetOptions(ARGV,
-   POPT_AUTOHELP,
-   POPT_COMMON_SAMBA,
-   POPT_COMMON_VERSION,
-   POPT_COMMON_CREDENTIALS,
-   'realm=s',
-   'domain=s',
-   'domain-guid=s',
-   'domain-sid=s',
-   'policy-guid=s',
-   'host-name=s',
-   'host-ip=s',
-   'host-guid=s',
-   'invocationid=s',
-   'adminpass=s',
-   'krbtgtpass=s',
-   'machinepass=s',
-   'dnspass=s',
-   'root=s',
-   'nobody=s',
-   'nogroup=s',
-   'wheel=s',
-   'users=s',
-   'quiet',
-   'blank',
-   'server-role=s',
-   'partitions-only',
-   'ldap-base',
-   'ldap-backend=s',
-'ldap-backend-type=s',
-'aci=s');
-
-if (options == undefined) {
-   println(Failed to parse options);
-   return -1;
-}
-
-libinclude(base.js);
-libinclude(provision.js);
-
-/*
-  print a message if quiet is not set
-*/
-function message()
-{
-   if (options[quiet] == undefined) {
-   print(vsprintf(arguments));
-   }
-}
-
-/*
- show some help
-*/
-function ShowHelp()
-{
-   print(
-Samba4 provisioning
-
-provision [options]
- --realm   REALM   set realm
- --domain  DOMAIN  set domain
- --domain-guid GUIDset domainguid (otherwise random)
- --domain-sid  SID set domainsid (otherwise random)
- --host-name   HOSTNAMEset hostname
- --host-ip IPADDRESS   set ipaddress
- --host-guid   GUIDset hostguid (otherwise random)
- --policy-guid  GUIDset group policy guid 

[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2471-gf7d2f69

[Jeremy Allison]

The branch, v3-2-test has been updated
   via  f7d2f692994918037e603ef95dd097b03d2c5456 (commit)
  from  39eef8e86cfab60c1328d2335a737b41d8fd6db0 (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test


- Log -
commit f7d2f692994918037e603ef95dd097b03d2c5456
Author: Tim Potter [EMAIL PROTECTED]
Date:   Mon Feb 18 10:43:46 2008 +1100

Fix possible close of invalid fd if call to socket() returns -1.

---

Summary of changes:
 source/lib/util_sock.c |3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/lib/util_sock.c b/source/lib/util_sock.c
index 71d48d6..e040f46 100644
--- a/source/lib/util_sock.c
+++ b/source/lib/util_sock.c
@@ -1933,7 +1933,8 @@ int create_pipe_sock(const char *socket_dir,
 
 out_close:
SAFE_FREE(path);
-   close(sock);
+   if (sock != -1)
+   close(sock);
 
 out_umask:
umask(old_umask);


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2473-g737bb95

[Jeremy Allison]

The branch, v3-2-test has been updated
   via  737bb950d50ac6c5d4f99279bf535ae3a9963b2f (commit)
   via  47dd0700b4320bf5ac9a80e71ae82d82d4554e6a (commit)
  from  f7d2f692994918037e603ef95dd097b03d2c5456 (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test


- Log -
commit 737bb950d50ac6c5d4f99279bf535ae3a9963b2f
Author: Tim Potter [EMAIL PROTECTED]
Date:   Mon Feb 18 20:37:33 2008 +1100

Fix double free bugs after calling regfio_close()

commit 47dd0700b4320bf5ac9a80e71ae82d82d4554e6a
Author: Tim Potter [EMAIL PROTECTED]
Date:   Mon Feb 18 21:00:51 2008 +1100

Fix memory leaks on error path

---

Summary of changes:
 source/libsmb/clifile.c  |9 -
 source/registry/regfio.c |4 
 2 files changed, 8 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/libsmb/clifile.c b/source/libsmb/clifile.c
index 9b4c380..10c35a3 100644
--- a/source/libsmb/clifile.c
+++ b/source/libsmb/clifile.c
@@ -38,8 +38,15 @@ static bool cli_link_internal(struct cli_state *cli, const 
char *oldname, const
size_t newlen = 2*(strlen(newname)+1);
 
param = SMB_MALLOC_ARRAY(char, 6+newlen+2);
+
+   if (!param) {
+   return false;
+   }
+
data = SMB_MALLOC_ARRAY(char, oldlen+2);
-   if (!param || !data) {
+
+   if (!data) {
+   SAFE_FREE(param);
return false;
}
 
diff --git a/source/registry/regfio.c b/source/registry/regfio.c
index 3740ff0..1c3aad7 100644
--- a/source/registry/regfio.c
+++ b/source/registry/regfio.c
@@ -1171,7 +1171,6 @@ out:

if ( !(rb-mem_ctx = talloc_init( read_regf_block )) ) {
regfio_close( rb );
-   SAFE_FREE(rb);
return NULL;
}
 
@@ -1182,7 +1181,6 @@ out:
if ( (rb-fd = open(filename, flags, mode)) == -1 ) {
DEBUG(0,(regfio_open: failure to open %s (%s)\n, filename, 
strerror(errno)));
regfio_close( rb );
-   SAFE_FREE(rb);
return NULL;
}

@@ -1192,7 +1190,6 @@ out:
if ( !init_regf_block( rb ) ) {
DEBUG(0,(regfio_open: Failed to read initial REGF 
block\n));
regfio_close( rb );
-   SAFE_FREE(rb);
return NULL;
}

@@ -1205,7 +1202,6 @@ out:
if ( !read_regf_block( rb ) ) {
DEBUG(0,(regfio_open: Failed to read initial REGF block\n));
regfio_close( rb );
-   SAFE_FREE(rb);
return NULL;
}



-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2474-gd9b7228

[Jeremy Allison]

The branch, v3-2-test has been updated
   via  d9b72282c63b57c8e54131306b2a3028a1ea41dc (commit)
  from  737bb950d50ac6c5d4f99279bf535ae3a9963b2f (commit)

http://gitweb.samba.org/?samba.git;a=shortlog;h=v3-2-test


- Log -
commit d9b72282c63b57c8e54131306b2a3028a1ea41dc
Author: Jeremy Allison [EMAIL PROTECTED]
Date:   Wed Feb 20 22:10:54 2008 -0800

From: David Disseldorp [EMAIL PROTECTED]
The vfs_prealloc module makes use of the now redundant fd parameter for
SMB_VFS_FTRUNCATE(), instead get the fd from the files_struct.

Patch for Samba 3.2 Test branch below.

Cheers, David D

---

Summary of changes:
 source/modules/vfs_prealloc.c |3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/modules/vfs_prealloc.c b/source/modules/vfs_prealloc.c
index cb3508d..2a06e3d 100644
--- a/source/modules/vfs_prealloc.c
+++ b/source/modules/vfs_prealloc.c
@@ -199,7 +199,7 @@ static int prealloc_ftruncate(vfs_handle_struct * handle,
 
/* Maintain the allocated space even in the face of truncates. */
if ((psize = VFS_FETCH_FSP_EXTENSION(handle, fsp))) {
-   preallocate_space(fd, *psize);
+   preallocate_space(fsp-fh-fd, *psize);
}
 
return ret;
@@ -218,4 +218,3 @@ NTSTATUS vfs_prealloc_init(void)
return smb_register_vfs(SMB_VFS_INTERFACE_VERSION,
MODULE, prealloc_op_tuples);
 }
-


-- 
Samba Shared Repository

svn commit: samba-web r1172 - in trunk/team: .

[kseeger]

Author: kseeger
Date: 2008-02-21 07:51:58 + (Thu, 21 Feb 2008)
New Revision: 1172

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1172

Log:
Adding myself to the team list.
Modified:
   trunk/team/index.html


Changeset:
Modified: trunk/team/index.html
===
--- trunk/team/index.html   2008-02-09 16:04:59 UTC (rev 1171)
+++ trunk/team/index.html   2008-02-21 07:51:58 UTC (rev 1172)
@@ -66,6 +66,7 @@
 
 lia href=mailto:[EMAIL PROTECTED]James Peach/a/li
 lia href=mailto:[EMAIL PROTECTED]Tim Potter/a/li
+lia href=mailto:[EMAIL PROTECTED]Karolin Seeger/a/li
 lia href=http://www.richardsharpe.com;Richard Sharpe/a/li
 lia href=mailto:[EMAIL PROTECTED]Dan Shearer/a/li
 lia href=mailto:[EMAIL PROTECTED]Simo Sorce/a/li