[Samba] How to move a samba PDC to a diffrent box
Hello List, i have got a samba pdc running based on the smbldap tools and Debian Sarge. Now we would like to move everything over to Ubuntu Hardy. Can i simply: - Create the same users and groups with the same id on Hardy - Move the files and profiles over by keeping their permissions (rsync -avzp ...) - Set the samba SID to be the old orginial one (i do not know how this could be done and if it even works) Will i then simply be able to log back in with my Windows clients? Is there a HowTo explaining this scenario? Thanks, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Peculiar issue when loading images via samba/cifs
I am using Enterprise Samba 3.0.30 on RHEL 4 to share a directory of images between two servers. I'm using CIFS to mount the share. Both servers expose the images over the web via Apache2. On the server with the mounted share, when I load a page with many images embedded, some of the images load only partially -- some part of the image draws normally, and then the rest is just blank. On the server with the images directly on it, this problem does not occur. Some details about the images that don't finish loading on the server using the share: * The problem occurs in Firefox 2 and in Opera 9, but the images load normally in IE. * The problem only occurs the first time you load the image. If you then hit reload on the page to get the images from the cache, the images load fine. However, if you shift-reload to force a reload from the server, the problem occurs again. * The same images always fail in exactly the same place. I had a very similar setup working using Ubuntu Gutsy, but of course that was a different version of the kernel (2.6.22-14-server vs 2.6.9-67.ELsmp) and of Samba (3.0.26a vs 3.0.30). I've been experimenting with increasingly more esoteric settings in the smb.conf and in the options I am using to mount the share via cifs, but without any luck. Does anyone have some insight into why the combination of a certain browser + the fact that the files are coming over a cifs share might lead to this kind of behavior? And, more importantly, what can I try to resolve it? Thanks in advance for any help, David Brewer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbd process eating memory
Hello, First ,sorry for my poor english. I have samba server 3.0.9-1 with ldap. The server is running about 4 years correctly. But now the smbd process is eating memory and after about 2 days the slapd process is killed because Out of Memory.(Server is dead) Nothing changed in conf. Only users added to ldap. Perhaps ldap database is to big ? Memory error? Any idea? Openldap 2.0.27-8 and there are 580 users. Kerri Mõisa -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind, ads member server and pam_mkhomedir
Hi Am Montag, den 02.06.2008, 09:46 -0600 schrieb Jason Gerfen: I am having a problem with the pam_mkhomedir.so not setting up the users home directory. Relevant data: /etc/pam.d/system-auth sessionoptional pam_mkhomedir.so umask=0022 skel=/etc/skel/ /etc/samba/smb.conf nt acl support = yes inherit permissions = yes create mask = 0022 template homedir = /home/samba/%U I think you are missing obey pam restrictions = yes Regards Sebastian Ries -- DT Netsolution GmbH - Talaeckerstr. 30 - D-70437 Stuttgart Tel: +49-711-849910-36 Fax: +49-711-849910-936 WEB: http://www.dtnet.de/ email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed building 3.0.30 for tru64 4.0F
On Tue, Jun 03, 2008 at 07:15:43AM +0200, Bengt Nilsson wrote: I downgraded to autoconf 2.61 which eliminated the circular dependency error. Nevertheless, the uint32_t and final link problem remains. Is there ANY chance that samba 3 will ever build under tru64 4.0F? Sure. Right now it is a matter of resources, but in general we are very paranoid about building on all platforms around. Give us a few days please. Sorry for the build breakage. Volker pgpqdIUa6IuNI.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Peculiar issue when loading images via samba/cifs
Hi, try setting EnableSendfile off in httpd.conf Regards On Tue, Jun 3, 2008 at 12:55 PM, David Brewer [EMAIL PROTECTED] wrote: I am using Enterprise Samba 3.0.30 on RHEL 4 to share a directory of images between two servers. I'm using CIFS to mount the share. Both servers expose the images over the web via Apache2. On the server with the mounted share, when I load a page with many images embedded, some of the images load only partially -- some part of the image draws normally, and then the rest is just blank. On the server with the images directly on it, this problem does not occur. Some details about the images that don't finish loading on the server using the share: * The problem occurs in Firefox 2 and in Opera 9, but the images load normally in IE. * The problem only occurs the first time you load the image. If you then hit reload on the page to get the images from the cache, the images load fine. However, if you shift-reload to force a reload from the server, the problem occurs again. * The same images always fail in exactly the same place. I had a very similar setup working using Ubuntu Gutsy, but of course that was a different version of the kernel (2.6.22-14-server vs 2.6.9-67.ELsmp) and of Samba (3.0.26a vs 3.0.30). I've been experimenting with increasingly more esoteric settings in the smb.conf and in the options I am using to mount the share via cifs, but without any luck. Does anyone have some insight into why the combination of a certain browser + the fact that the files are coming over a cifs share might lead to this kind of behavior? And, more importantly, what can I try to resolve it? Thanks in advance for any help, David Brewer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Peculiar issue when loading images via samba/cifs
That did it! My only regret is that I didn't ask before spending several hours fiddling with my samba config settings. Next time I'll know to look at apache earlier on. Thanks so much! David On Tue, Jun 3, 2008 at 12:33 AM, mallapadi niranjan [EMAIL PROTECTED] wrote: Hi, try setting EnableSendfile off in httpd.conf Regards On Tue, Jun 3, 2008 at 12:55 PM, David Brewer [EMAIL PROTECTED] wrote: I am using Enterprise Samba 3.0.30 on RHEL 4 to share a directory of images between two servers. I'm using CIFS to mount the share. Both servers expose the images over the web via Apache2. On the server with the mounted share, when I load a page with many images embedded, some of the images load only partially -- some part of the image draws normally, and then the rest is just blank. On the server with the images directly on it, this problem does not occur. Some details about the images that don't finish loading on the server using the share: * The problem occurs in Firefox 2 and in Opera 9, but the images load normally in IE. * The problem only occurs the first time you load the image. If you then hit reload on the page to get the images from the cache, the images load fine. However, if you shift-reload to force a reload from the server, the problem occurs again. * The same images always fail in exactly the same place. I had a very similar setup working using Ubuntu Gutsy, but of course that was a different version of the kernel (2.6.22-14-server vs 2.6.9-67.ELsmp) and of Samba (3.0.26a vs 3.0.30). I've been experimenting with increasingly more esoteric settings in the smb.conf and in the options I am using to mount the share via cifs, but without any luck. Does anyone have some insight into why the combination of a certain browser + the fact that the files are coming over a cifs share might lead to this kind of behavior? And, more importantly, what can I try to resolve it? Thanks in advance for any help, David Brewer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Strange with an acl.
Hi, I have a strange issue: # file: Current\040docs/Outcoming\040Correspondence_2008.xls # owner: secretary # group: users user::-w- user:alex:rwx user:tat:rwx user:secretary:rwx group::--- group:wheel:rwx mask::rwx other::--- User 'secretary' has no access to this file from Samba. Any advices? G. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] getent not listing ADS users ctdb samba
Hi,
I am setting up ctdb samba, and have hit a brick wall trying to solve the
following issue.
1. getent does not retrieve the list of domain users or groups (wbinfo
works fine)
I'm not sure what I'm missing but I've almost spent the whole day trying to
resolve this one and haven't made any progress :-(
Any help or suggestions are appreciated
My configuration is as follows
Installed pre-built RHEL binaries from ctdb.samba
ctdb-1.0-41.src.rpm
ctdb-1.0-41.x86_64.rpm
ctdb-debuginfo-1.0-41.x86_64.rpm
samba-3.0.25-ctdb.16.src.rpm
samba-3.0.25-ctdb.16.x86_64.rpm
samba-client-3.0.25-ctdb.16.x86_64.rpm
samba-common-3.0.25-ctdb.16.x86_64.rpm
samba-debuginfo-3.0.25-ctdb.16.x86_64.rpm
samba-doc-3.0.25-ctdb.16.x86_64.rpm
samba-swat-3.0.25-ctdb.16.x86_64.rpm
samba-winbind-32bit-3.0.25-ctdb.16.i386.rpm
SMB.CONF
[global]
workgroup = PLANET
realm = PLANET.AD
netbios name = CTDBSAMBA
server string = CTDB Samba Server
security = ADS
private dir = /gpfs/gpfs0/SMBDconfig
log file = /usr/local/samba/var/log.%m
max log size = 50
clustering = Yes
dns proxy = No
ldap ssl = no
idmap backend = tdb2
idmap uid = 1-2
idmap gid = 1-2
winbind separator = +
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /usr/spool/samba
printable = Yes
browseable = No
[GPFSGLOBAL]
comment = GPFS Global Share
path = /gpfs/gpfs0/GLOBALSHARE
read only = No
force unknown acl user = Yes
vfs objects = gpfs
nfs4:acedup = merge
nfs4:chown = yes
nfs4:mode = special
gpfs:sharemodes = No
fileid:mapping = fsname
KRB5.CONF
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = PLANET.AD
[realms]
PLANET.AD = {
kdc = msad2k3.planet.ad
admin_server = msad2k3
}
[domain_realm]
.msad2k3.planet.ad = PLANET.AD
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
NSSWITCH.CONF
passwd: files winbind
shadow: files
group: files winbind
SYSTEM-AUTH
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
authrequired pam_env.so
### WINBIND AUTH ###
authsufficient /lib/security/pam_winbind.so
authsufficientpam_unix.so nullok try_first_pass
authrequisite pam_succeed_if.so uid = 500 quiet
authrequired pam_deny.so
### WINBIND AUTH ###
accountsufficient /lib/security/pam_winbind.so
account required pam_unix.so
account sufficientpam_succeed_if.so uid 500 quiet
account required pam_permit.so
passwordrequisite pam_cracklib.so try_first_pass retry=3
passwordsufficientpam_unix.so md5 shadow nullok try_first_pass
use_authtok
passwordrequired pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond
quiet use_uid
session required pam_unix.so
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to move a samba PDC to a diffrent box
I think there must be some migration guide in samba documentation (read chapter 5 and 36 in Samba official howto). I think the best would be to build up your second machine and add it in your domain as BDC, so that all users/groups/machines/... get propagated to this new machine. Once done, migrate all your data, then you can safely switch off the first one and promote your new machine to PDC (changing OS level, and browsing options domain master/prefered master) Hello List, i have got a samba pdc running based on the smbldap tools and Debian Sarge. Now we would like to move everything over to Ubuntu Hardy. Can i simply: - Create the same users and groups with the same id on Hardy - Move the files and profiles over by keeping their permissions (rsync -avzp ...) - Set the samba SID to be the old orginial one (i do not know how this could be done and if it even works) Will i then simply be able to log back in with my Windows clients? Is there a HowTo explaining this scenario? Thanks, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Message scanned by ClamAV engine (http://www.clamav.net) -- François Legal Message scanned by ClamAV engine (http://www.clamav.net) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] getent not listing ADS users ctdb samba
Did you copy the libnss_winbind.so to /lib and make a libnss_winbind.so.2
link out of it ?
Hi,
I am setting up ctdb samba, and have hit a brick wall trying to solve the
following issue.
1.getent does not retrieve the list of domain users or groups (wbinfo
works fine)
I'm not sure what I'm missing but I've almost spent the whole day trying
to
resolve this one and haven't made any progress :-(
Any help or suggestions are appreciated
My configuration is as follows
Installed pre-built RHEL binaries from ctdb.samba
ctdb-1.0-41.src.rpm
ctdb-1.0-41.x86_64.rpm
ctdb-debuginfo-1.0-41.x86_64.rpm
samba-3.0.25-ctdb.16.src.rpm
samba-3.0.25-ctdb.16.x86_64.rpm
samba-client-3.0.25-ctdb.16.x86_64.rpm
samba-common-3.0.25-ctdb.16.x86_64.rpm
samba-debuginfo-3.0.25-ctdb.16.x86_64.rpm
samba-doc-3.0.25-ctdb.16.x86_64.rpm
samba-swat-3.0.25-ctdb.16.x86_64.rpm
samba-winbind-32bit-3.0.25-ctdb.16.i386.rpm
SMB.CONF
[global]
workgroup = PLANET
realm = PLANET.AD
netbios name = CTDBSAMBA
server string = CTDB Samba Server
security = ADS
private dir = /gpfs/gpfs0/SMBDconfig
log file = /usr/local/samba/var/log.%m
max log size = 50
clustering = Yes
dns proxy = No
ldap ssl = no
idmap backend = tdb2
idmap uid = 1-2
idmap gid = 1-2
winbind separator = +
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /usr/spool/samba
printable = Yes
browseable = No
[GPFSGLOBAL]
comment = GPFS Global Share
path = /gpfs/gpfs0/GLOBALSHARE
read only = No
force unknown acl user = Yes
vfs objects = gpfs
nfs4:acedup = merge
nfs4:chown = yes
nfs4:mode = special
gpfs:sharemodes = No
fileid:mapping = fsname
KRB5.CONF
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = PLANET.AD
[realms]
PLANET.AD = {
kdc = msad2k3.planet.ad
admin_server = msad2k3
}
[domain_realm]
.msad2k3.planet.ad = PLANET.AD
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
NSSWITCH.CONF
passwd: files winbind
shadow: files
group: files winbind
SYSTEM-AUTH
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
authrequired pam_env.so
### WINBIND AUTH ###
authsufficient /lib/security/pam_winbind.so
authsufficientpam_unix.so nullok try_first_pass
authrequisite pam_succeed_if.so uid = 500 quiet
authrequired pam_deny.so
### WINBIND AUTH ###
accountsufficient /lib/security/pam_winbind.so
account required pam_unix.so
account sufficientpam_succeed_if.so uid 500 quiet
account required pam_permit.so
passwordrequisite pam_cracklib.so try_first_pass retry=3
passwordsufficientpam_unix.so md5 shadow nullok try_first_pass
use_authtok
passwordrequired pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond
quiet use_uid
session required pam_unix.so
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Message scanned by ClamAV engine (http://www.clamav.net)
--
François Legal
Message scanned by ClamAV engine (http://www.clamav.net)
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] How to move a samba PDC to a diffrent box
this seems to have been created during the rpm install, see below [EMAIL PROTECTED] samba]# rpm -ql samba-winbind-32bit-3.0.25-ctdb.16 /lib/libnss_winbind.so /lib/libnss_winbind.so.2 /lib/libnss_wins.so /lib/libnss_wins.so.2 /lib/security/pam_winbind.so [EMAIL PROTECTED] samba]# ls -lasp /lib | grep libnss 40 -rwxr-xr-x 1 root root 36340 Jul 5 2007 libnss_compat-2.5.so 4 lrwxrwxrwx 1 root root 20 May 26 08:37 libnss_compat.so.2 - libnss_compat-2.5.so 816 -rwxr-xr-x 1 root root 824900 Jul 13 2006 libnss_db-2.2.so 4 lrwxrwxrwx 1 root root 16 May 26 08:39 libnss_db.so.2 - libnss_db-2.2.so 28 -rwxr-xr-x 1 root root 21848 Jul 5 2007 libnss_dns-2.5.so 4 lrwxrwxrwx 1 root root 17 May 26 08:37 libnss_dns.so.2 - libnss_dns-2.5.so 52 -rwxr-xr-x 1 root root 46740 Jul 5 2007 libnss_files-2.5.so 4 lrwxrwxrwx 1 root root 19 May 26 08:37 libnss_files.so.2 - libnss_files-2.5.so 28 -rwxr-xr-x 1 root root 22752 Jul 5 2007 libnss_hesiod-2.5.so 4 lrwxrwxrwx 1 root root 20 May 26 08:37 libnss_hesiod.so.2 - libnss_hesiod-2.5.so 3036 -rwxr-xr-x 1 root root 3099444 Jul 6 2007 libnss_ldap-2.5.so 4 lrwxrwxrwx 1 root root 18 May 26 08:40 libnss_ldap.so.2 - libnss_ldap-2.5.so 48 -rwxr-xr-x 1 root root 42368 Jul 5 2007 libnss_nis-2.5.so 60 -rwxr-xr-x 1 root root 51696 Jul 5 2007 libnss_nisplus-2.5.so 4 lrwxrwxrwx 1 root root 21 May 26 08:37 libnss_nisplus.so.2 - libnss_nisplus-2.5.so 4 lrwxrwxrwx 1 root root 17 May 26 08:37 libnss_nis.so.2 - libnss_nis-2.5.so 20 -rwxr-xr-x 1 root root 19408 Jan 31 10:30 libnss_winbind.so 0 lrwxrwxrwx 1 root root 17 Jun 3 18:36 libnss_winbind.so.2 - libnss_winbind.so 1016 -rwxr-xr-x 1 root root 1032916 Jan 31 10:30 libnss_wins.so 0 lrwxrwxrwx 1 root root 14 Jun 3 18:36 libnss_wins.so.2 - libnss_wins.so -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, 3 June 2008 7:28 PM To: ml Cc: samba@lists.samba.org Subject: Re: [Samba] How to move a samba PDC to a diffrent box I think there must be some migration guide in samba documentation (read chapter 5 and 36 in Samba official howto). I think the best would be to build up your second machine and add it in your domain as BDC, so that all users/groups/machines/... get propagated to this new machine. Once done, migrate all your data, then you can safely switch off the first one and promote your new machine to PDC (changing OS level, and browsing options domain master/prefered master) Hello List, i have got a samba pdc running based on the smbldap tools and Debian Sarge. Now we would like to move everything over to Ubuntu Hardy. Can i simply: - Create the same users and groups with the same id on Hardy - Move the files and profiles over by keeping their permissions (rsync -avzp ...) - Set the samba SID to be the old orginial one (i do not know how this could be done and if it even works) Will i then simply be able to log back in with my Windows clients? Is there a HowTo explaining this scenario? Thanks, Mario -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Message scanned by ClamAV engine (http://www.clamav.net) -- François Legal Message scanned by ClamAV engine (http://www.clamav.net) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Grant or deny internet access based on Samba domain logon?
I am looking for some way to grant or deny internet access (that is, changing iptables rules) based on Samba domain logon. When a user logs on, I would like to run a script that modifies firewall rules based on the group that the user belongs to (this determines if he has internet access or not) and based on the workstation's IP address (so I know which IP address to grant internet access to). When the user logs off, I need to know the same information (username and IP) so I can remove the firewall rule. I have seen some scripts based on preexec and postexec, and some based on a loop that checks smbstatus every minute to see if new users are addedd or presnet users have gone away, but I think that both methods are not very efficient and not really stable. Checking every minute means that a user needs to wait after logon to be granted internet access, and using preexec and postexec seems to fail sometimes, as it seems that clients tend to connect the same share multiple times, and sometimes disconnect it while they are still online. I'd like to know if there is something else that I could use, if there is some hook in Samba that I can use to run scripts at logon and logoff, that can pass me username, groups (not really necessary) and IP address of the workstation. Thanks. -- Fabio Kurgan Muzzi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] getent not listing ADS users ctdb samba
this seems to have been created during the rpm install, see below
[EMAIL PROTECTED] samba]# rpm -ql samba-winbind-32bit-3.0.25-ctdb.16
/lib/libnss_winbind.so
/lib/libnss_winbind.so.2
/lib/libnss_wins.so
/lib/libnss_wins.so.2
/lib/security/pam_winbind.so
[EMAIL PROTECTED] samba]# ls -lasp /lib | grep libnss
40 -rwxr-xr-x 1 root root 36340 Jul 5 2007 libnss_compat-2.5.so
4 lrwxrwxrwx 1 root root 20 May 26 08:37 libnss_compat.so.2 -
libnss_compat-2.5.so
816 -rwxr-xr-x 1 root root 824900 Jul 13 2006 libnss_db-2.2.so
4 lrwxrwxrwx 1 root root 16 May 26 08:39 libnss_db.so.2 -
libnss_db-2.2.so
28 -rwxr-xr-x 1 root root 21848 Jul 5 2007 libnss_dns-2.5.so
4 lrwxrwxrwx 1 root root 17 May 26 08:37 libnss_dns.so.2 -
libnss_dns-2.5.so
52 -rwxr-xr-x 1 root root 46740 Jul 5 2007 libnss_files-2.5.so
4 lrwxrwxrwx 1 root root 19 May 26 08:37 libnss_files.so.2 -
libnss_files-2.5.so
28 -rwxr-xr-x 1 root root 22752 Jul 5 2007 libnss_hesiod-2.5.so
4 lrwxrwxrwx 1 root root 20 May 26 08:37 libnss_hesiod.so.2 -
libnss_hesiod-2.5.so
3036 -rwxr-xr-x 1 root root 3099444 Jul 6 2007 libnss_ldap-2.5.so
4 lrwxrwxrwx 1 root root 18 May 26 08:40 libnss_ldap.so.2 -
libnss_ldap-2.5.so
48 -rwxr-xr-x 1 root root 42368 Jul 5 2007 libnss_nis-2.5.so
60 -rwxr-xr-x 1 root root 51696 Jul 5 2007 libnss_nisplus-2.5.so
4 lrwxrwxrwx 1 root root 21 May 26 08:37 libnss_nisplus.so.2 -
libnss_nisplus-2.5.so
4 lrwxrwxrwx 1 root root 17 May 26 08:37 libnss_nis.so.2 -
libnss_nis-2.5.so
20 -rwxr-xr-x 1 root root 19408 Jan 31 10:30 libnss_winbind.so
0 lrwxrwxrwx 1 root root 17 Jun 3 18:36 libnss_winbind.so.2 -
libnss_winbind.so
1016 -rwxr-xr-x 1 root root 1032916 Jan 31 10:30 libnss_wins.so
0 lrwxrwxrwx 1 root root 14 Jun 3 18:36 libnss_wins.so.2 -
libnss_wins.so
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Evan Koutsandreou
Sent: Tuesday, 3 June 2008 7:09 PM
To: samba@lists.samba.org
Subject: [Samba] getent not listing ADS users ctdb samba
Hi,
I am setting up ctdb samba, and have hit a brick wall trying to solve the
following issue.
1. getent does not retrieve the list of domain users or groups (wbinfo
works fine)
I'm not sure what I'm missing but I've almost spent the whole day trying to
resolve this one and haven't made any progress :-(
Any help or suggestions are appreciated
My configuration is as follows
Installed pre-built RHEL binaries from ctdb.samba
ctdb-1.0-41.src.rpm
ctdb-1.0-41.x86_64.rpm
ctdb-debuginfo-1.0-41.x86_64.rpm
samba-3.0.25-ctdb.16.src.rpm
samba-3.0.25-ctdb.16.x86_64.rpm
samba-client-3.0.25-ctdb.16.x86_64.rpm
samba-common-3.0.25-ctdb.16.x86_64.rpm
samba-debuginfo-3.0.25-ctdb.16.x86_64.rpm
samba-doc-3.0.25-ctdb.16.x86_64.rpm
samba-swat-3.0.25-ctdb.16.x86_64.rpm
samba-winbind-32bit-3.0.25-ctdb.16.i386.rpm
SMB.CONF
[global]
workgroup = PLANET
realm = PLANET.AD
netbios name = CTDBSAMBA
server string = CTDB Samba Server
security = ADS
private dir = /gpfs/gpfs0/SMBDconfig
log file = /usr/local/samba/var/log.%m
max log size = 50
clustering = Yes
dns proxy = No
ldap ssl = no
idmap backend = tdb2
idmap uid = 1-2
idmap gid = 1-2
winbind separator = +
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /usr/spool/samba
printable = Yes
browseable = No
[GPFSGLOBAL]
comment = GPFS Global Share
path = /gpfs/gpfs0/GLOBALSHARE
read only = No
force unknown acl user = Yes
vfs objects = gpfs
nfs4:acedup = merge
nfs4:chown = yes
nfs4:mode = special
gpfs:sharemodes = No
fileid:mapping = fsname
KRB5.CONF
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = PLANET.AD
[realms]
PLANET.AD = {
kdc = msad2k3.planet.ad
admin_server = msad2k3
}
[domain_realm]
.msad2k3.planet.ad = PLANET.AD
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
NSSWITCH.CONF
passwd: files winbind
shadow: files
group: files winbind
SYSTEM-AUTH
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
authrequired pam_env.so
### WINBIND AUTH ###
authsufficient /lib/security/pam_winbind.so
authsufficientpam_unix.so nullok try_first_pass
authrequisite pam_succeed_if.so uid = 500 quiet
auth
Re: [Samba] getent not listing ADS users ctdb samba
On Tue, 3 Jun 2008, Evan Koutsandreou wrote: 1. getent does not retrieve the list of domain users or groups (wbinfo works fine) Do you mean getent passwd, or getent passwd foo? If you mean the former, then you need: winbind enum groups = yes winbind enum users = yes jh -- Woman was God's second mistake.-- Nietzsche -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] getent not listing ADS users ctdb samba
That's worked, thanks a million!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Hodrien Sent: Tuesday, 3 June 2008 8:11 PM Cc: samba@lists.samba.org Subject: Re: [Samba] getent not listing ADS users ctdb samba On Tue, 3 Jun 2008, Evan Koutsandreou wrote: 1.getent does not retrieve the list of domain users or groups (wbinfo works fine) Do you mean getent passwd, or getent passwd foo? If you mean the former, then you need: winbind enum groups = yes winbind enum users = yes jh -- Woman was God's second mistake.-- Nietzsche -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Gentoo, Samba, Upgrade, Authentications now failing
I just updated Samba on Gentoo due to a security vulnerability and the authentication for domain accounts is now failing. Has anyone else seen this? -- Jas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Gentoo, Samba, Upgrade, Authentications now failing
I have upgraded a domain memberservers last week to net-fs/samba-3.0.30 but not the PDC. No problems so far with that. It should have read all domain member servers. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Gentoo, Samba, Upgrade, Authentications now failing
On Tue, Jun 3, 2008 at 7:52 AM, Jason Gerfen [EMAIL PROTECTED] wrote: I just updated Samba on Gentoo due to a security vulnerability and the authentication for domain accounts is now failing. Has anyone else seen this? -- I have upgraded a domain memberservers last week to net-fs/samba-3.0.30 but not the PDC. No problems so far with that. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Gentoo, Samba, Upgrade, Authentications now failing
Gentlemen,
The following links may or may not be of help.
http://bugs.gentoo.org/show_bug.cgi?id=224201
http://lists.samba.org/archive/samba/2008-June/141041.html
You can specify a default in /etc/krb5.conf like this:
.
.
[realms]
doma.com= {
kdc = DOMA.com:88
admin_server = doma.com:749
default_domain = doma.com
}
.
.
But I'm far from an expert.
Rob
Robert LR Mattson | La Trobe University |
PhD Candidate | Melbourne, Australia |
Dept. Computer Science |Phone:+(613) 9479 1408 |
Office: PS1-219 |Mob: +(61)417 515 695 |
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Jason Gerfen
Sent: Tuesday, 3 June 2008 10:43 PM
Cc: samba@lists.samba.org
Subject: Re: [Samba] Gentoo, Samba, Upgrade, Authentications now failing
Hmm... I am on Version 3.0.28a using Gentoo's emerge utility.
In my logs I am recieving:
check_ntlm_password: Authentication for user [smb] - [smb] FAILED with
error NT_STATUS_NO_SUCH_USER
...
ads_verify_ticket: smb_krb5_parse_name(thor$) failed (Configuration file
does not specify default realm)
But I can see all my information for the user with the following
commands:
wbinfo -u smb
wbinfo -i smb
wbinfo -n smb
wbinfo -S SID
getent passwd smb
Everything shows the user in Active Directory but I cannot authenticate
them any longer since the upgrade. Any advice?
John Drescher wrote:
On Tue, Jun 3, 2008 at 7:52 AM, Jason Gerfen
[EMAIL PROTECTED] wrote:
I just updated Samba on Gentoo due to a security vulnerability and
the
authentication for domain accounts is now failing. Has anyone else
seen
this?
--
I have upgraded a domain memberservers last week to
net-fs/samba-3.0.30 but not the PDC. No problems so far with that.
John
--
Jas
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Gentoo, Samba, Upgrade, Authentications now failing
I tried that. After upgrading Samba yesterday using Gentoo's emerge
facility due to the vulnerability listed
http://www.samba.org/samba/security/CVE-2008-1105.html and
http://www.gentoo.org/security/en/glsa/glsa-200805-23.xml the
authentication of AD users has ceased working.
krb5.conf
[libdefaults]
default_realm = UTAH.EDU
[realms]
UTAH.EDU = {
kdc = 155.99.1.95
default_domain = scl.utah.edu
}
[domain_realm]
.utah.edu = UTAH.EDU
utah.edu = UTAH.EDU
scl.utah.edu = UTAH.EDU
[logging]
default = FILE:/var/log/krb5.log
[appdefaults]
pam = {
ticket_lifetime = 365d
renew_lifetime = 365d
forwardable = true
proxiable = false
retain_after_close = true
minimum_uid = 0
}
smb.conf
[global]
workgroup = SCL
realm = SCL.UTAH.EDU
server string = valhalla.scl.utah.edu
netbios name = valhalla
password server = *
encrypt passwords = true
security = ads
lanman auth = no
ntlm auth = no
os level = 20
allow trusted domains = yes
auth methods = winbind
ldap ssl = no
ldap suffix = dc=scl,dc=utah,dc=edu
interfaces = eth0, lo
bind interfaces only = yes
socket options = TCP_NODELAY
log level = 20
log file = /var/log/samba/log.%m
max log size = 50
client signing = yes
client schannel = no
client use spnego = yes
client lanman auth = no
client NTLMv2 auth = yes
client plaintext auth = no
preferred master = no
local master = no
domain master = no
wins proxy = no
dns proxy = No
obey pam restrictions = yes
template shell = /bin/bash
nt acl support = yes
inherit permissions = yes
create mask = 0022
template homedir = /home/samba/%U
winbind uid = 1000-200
winbind gid = 500-200
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = yes
winbind offline logon = true
# winbind nss info = sfu
winbind nss info = rfc2307
idmap uid = 1000-200
idmap gid = 500-200
idmap domains = SCL
idmap config SCL:backend = ad
idmap config SCL:default = yes
#idmap config SCL:schema_mode = sfu
idmap config SCL:schema_mode = rfc2307
idmap config SCL:range = 1000 - 3
Enumerating users, enumerating groups, SID to UID conversion, and lookup
of user information using getent and wbinfo all work.
Here is some abbreviated log data:
% tail -f /var/log/samba/log.* | grep smb
[2008/06/03 07:02:36, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
file /etc/samba/smb.conf - /etc/samba/smb.conf last mod_time: Tue
Jun 3 06:32:45 2008
make_user_info_map: Mapping user [VALHALLA]\[smb] from workstation [LOKI]
attempting to make a user_info for smb (smb)
making strings for smb's user_info struct
making blobs for smb's user_info struct
made an encrypted user_info for smb (smb)
check_ntlm_password: Checking password for unmapped user
[EMAIL PROTECTED] with the new password interface
check_ntlm_password: mapped user is: [EMAIL PROTECTED]
check_ntlm_password: Authentication for user [smb] - [smb] FAILED
with error NT_STATUS_NO_SUCH_USER
structure was created for smb
[2008/06/03 07:02:36, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/sesssetup.c(105) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
As you can see from the logs it is showing the message
NT_STATUS_NO_SUCH_USER even though wbinfo -i smb works and shows the
user account in Active directory.
I did however notice this odd entry in the logs as well:
Attempting to register auth backend smbserver
[2008/06/03 07:02:36, 5] auth/auth.c:smb_register_auth(59)
Successfully added auth method 'smbserver'
Not sure if the auth method being 'smbserver' is accurate or not. Any
help, pointers etc. is greatly appreciated.
Robert Mattson wrote:
Gentlemen,
The following links may or may not be of help.
http://bugs.gentoo.org/show_bug.cgi?id=224201
http://lists.samba.org/archive/samba/2008-June/141041.html
.
clipped
.
net-fs/samba-3.0.30 but not the PDC. No problems so far with that.
John
--
Jas
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Gentoo, Samba, Upgrade, Authentications now failing
Hmm... I am on Version 3.0.28a using Gentoo's emerge utility. In my logs I am recieving: check_ntlm_password: Authentication for user [smb] - [smb] FAILED with error NT_STATUS_NO_SUCH_USER ... ads_verify_ticket: smb_krb5_parse_name(thor$) failed (Configuration file does not specify default realm) But I can see all my information for the user with the following commands: wbinfo -u smb wbinfo -i smb wbinfo -n smb wbinfo -S SID getent passwd smb Everything shows the user in Active Directory but I cannot authenticate them any longer since the upgrade. Any advice? John Drescher wrote: On Tue, Jun 3, 2008 at 7:52 AM, Jason Gerfen [EMAIL PROTECTED] wrote: I just updated Samba on Gentoo due to a security vulnerability and the authentication for domain accounts is now failing. Has anyone else seen this? -- I have upgraded a domain memberservers last week to net-fs/samba-3.0.30 but not the PDC. No problems so far with that. John -- Jas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Gentoo, Samba, Upgrade, Authentications now failing
On Tue, Jun 3, 2008 at 9:07 AM, Jason Gerfen [EMAIL PROTECTED] wrote: I tried that. After upgrading Samba yesterday using Gentoo's emerge facility due to the vulnerability listed Did you try 3.0.30? It is in portage now. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Gentoo, Samba, Upgrade, Authentications now failing
Installing it now... it looks like the amd64 package is masked for samba however. John Drescher wrote: On Tue, Jun 3, 2008 at 9:07 AM, Jason Gerfen [EMAIL PROTECTED] wrote: I tried that. After upgrading Samba yesterday using Gentoo's emerge facility due to the vulnerability listed Did you try 3.0.30? It is in portage now. John -- Jas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Gentoo, Samba, Upgrade, Authentications now failing
Ok I have updated it and am no able to authenticate. It seems that even though my smb.conf shows 'client plaintext auth = no' in the logs when performing a 'wbinfo --krb5auth=username%password' it shows plaintext kerberos password authentication for [username%password] failed (requesting cctype: FILE) Any ideas? I do appreciate any help I can get on this. Here is some version information: Version 3.0.30 -- Sorry that did not help. For now I am out of ideas. Hopefully someone knows how to fix that soon otherwise I would go back to the last version that worked. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Gentoo, Samba, Upgrade, Authentications now failing
John Drescher wrote: Ok I have updated it and am no able to authenticate. It seems that even though my smb.conf shows 'client plaintext auth = no' in the logs when performing a 'wbinfo --krb5auth=username%password' it shows plaintext kerberos password authentication for [username%password] failed (requesting cctype: FILE) Any ideas? I do appreciate any help I can get on this. Here is some version information: Version 3.0.30 -- Sorry that did not help. For now I am out of ideas. Hopefully someone knows how to fix that soon otherwise I would go back to the last version that worked. No worries, I will roll it back to 3.0.28. I am not sure why it would use plaintext vs. the ntlmv2 that is specified in the config. John -- Jas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Gentoo, Samba, Upgrade, Authentications now failing
John Drescher wrote: On Tue, Jun 3, 2008 at 9:07 AM, Jason Gerfen [EMAIL PROTECTED] wrote: I tried that. After upgrading Samba yesterday using Gentoo's emerge facility due to the vulnerability listed Did you try 3.0.30? It is in portage now. John Ok I have updated it and am no able to authenticate. It seems that even though my smb.conf shows 'client plaintext auth = no' in the logs when performing a 'wbinfo --krb5auth=username%password' it shows plaintext kerberos password authentication for [username%password] failed (requesting cctype: FILE) Any ideas? I do appreciate any help I can get on this. Here is some version information: Version 3.0.30 -- Jas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] missing dependencies when compiling samba/ctdb rpm on sles 10.1 (don't have all features required for Active Directory support)
I appear to be missing some libs on suse 10.1 when running: rpmbuild --rebuild samba-3.0.25-ctdb.16.src.rpm cut lots of output checking for WRFILE: keytab support... no checking for krb5_princ_realm returns krb5_realm or krb5_data... no checking for krb5_addresses type... no checking whether krb5_mk_error takes 3 arguments MIT or 9 Heimdal... yes configure: WARNING: krb5_mk_req_extended not found in -lkrb5 configure: WARNING: no CREATE_KEY_FUNCTIONS detected configure: WARNING: no GET_ENCTYPES_FUNCTIONS detected configure: WARNING: no KT_FREE_FUNCTION detected configure: WARNING: no KRB5_VERIFY_CHECKSUM_FUNCTION detected configure: error: krb5 libs don't have all features required for Active Directory support error: Bad exit status from /var/tmp/rpm-tmp.54775 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.54775 (%build) oss02:/net/lmd01/space/samba # rpm -qa|egrep -i 'krb5|gss|ctdb' pam_krb5-2.2.3-18.2 krb5-32bit-1.4.3-19.30.6 krb5-devel-1.4.3-19.30.6 krb5-server-1.4.3-19.30.6 krb5-devel-32bit-1.4.3-19.30.6 pam_krb5-32bit-2.2.3-18.2 krb5-1.4.3-19.30.6 krb5-apps-clients-1.4.3-19.30.6 krb5-doc-1.4.3-19.2 cyrus-sasl-gssapi-2.1.21-18.4 libgssapi-32bit-0.6-13.7 librpcsecgss-0.7-13.8 libgssapi-0.6-13.7 ctdb-1.0-28 Any idea what I'm missing? Thanks JR -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Grant or deny internet access based on Samba domain logon?
On Tue, Jun 3, 2008 at 5:31 AM, Fabio Muzzi [EMAIL PROTECTED] wrote: When a user logs on, I would like to run a script that modifies firewall rules based on the group that the user belongs to (this determines if he has internet access or not) and based on the workstation's IP address (so I know which IP address to grant internet access to). Probably, despite what you say about them, preexec/postexec and/or rootpreexec/rootpostexec are your best bets. You may have to do something to prevent the clients from disconnecting these shares in the middle of a session -- there's probably something you can do with policies and whatnot, but I'm not expert in client configuration. You could use the logon script, but that would have to trigger something else that ran the actual iptables script, maybe some daemon could monitor a socket and wait for some sort of signal to trip off the iptables script? But then there is no 'logoff' script, and so you would have to use smbstatus in a cronjob and wait till the user no longer appeared in the list perhaps to trip the iptables rule change. Maybe the easiest way to do what you want is to segregate the users by VLAN -- users allowed to connect to the Internet get put on one VLAN and users that can't get put another VLAN. Then you only have one rule to rule them all! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Gentoo, Samba, Upgrade, Authentications now failing
I rolled it back and experienced the same problems so I went ahead and followed the following steps during the upgrade to 3.0.30 1. Removed machine from domain trust user account 2. Uninstalled samba 3. Re-installed latest 3.0.30 using Gentoo's emerge facility 4. Used Kinit with domain admin account 5. Joined machine to domain 6. Ensured that krb5auth using winbind worked (now working, had to modify user accounts in active directory. even having to go so far as to remove user, and recreate then apply the RFC2307 schema attributes) Everything is authenticating again but I am not able to get the pam_mkhomedir.so object create my user directories. relevant file info: nt acl support = yes inherit permissions = yes create mask = 0022 template homedir = /home/samba/%U comment = %U Home directory browsable = yes read only = yes create mask = 0022 force create mode = 0022 directory mask = 0022 force directory mode = 0022 path = /home/samba/%U % ls -lah /home drwxrwxrwx 2 nobody users 48 Jun 2 09:48 samba Am I missing something with the permissions? I know, they are at 755 for now so I can figure out why its not working. What is the best practice for this folders permissions? Thanks. Jason Gerfen wrote: John Drescher wrote: Ok I have updated it and am no able to authenticate. It seems that even though my smb.conf shows 'client plaintext auth = no' in the logs when performing a 'wbinfo --krb5auth=username%password' it shows plaintext kerberos password authentication for [username%password] failed (requesting cctype: FILE) Any ideas? I do appreciate any help I can get on this. Here is some version information: Version 3.0.30 -- Sorry that did not help. For now I am out of ideas. Hopefully someone knows how to fix that soon otherwise I would go back to the last version that worked. No worries, I will roll it back to 3.0.28. I am not sure why it would use plaintext vs. the ntlmv2 that is specified in the config. John -- Jas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Gentoo, Samba, Upgrade, Authentications now failing
Ivan Ordonez wrote: Hi Jason, Sorry I can't be of any help but I am thinking about updating our PDC to 3.0.30 but afraid it will have the same problem. I have a few questions if you don't mind. 1. Can a PDC be remove on the domain and join again? if so, who will be the login server to authenticate the process of joining the PDC to the domain? I have two BDC and one PDC. % net ads join -U [EMAIL PROTECTED] -- joins samba server to domain (could be PDC, BDC or Domain member server types depending on config) % net ads leave -U [EMAIL PROTECTED] -- this will remove the machine account from active directory 2. Can you roll back to Samba 3.0.24 if you emerge 3.0.30 Nope, the lastest in portage right now is 3.0.28 Thanks to any info you can provide. -Ivan Jason Gerfen wrote: I rolled it back and experienced the same problems so I went ahead and followed the following steps during the upgrade to 3.0.30 1. Removed machine from domain trust user account 2. Uninstalled samba 3. Re-installed latest 3.0.30 using Gentoo's emerge facility 4. Used Kinit with domain admin account 5. Joined machine to domain 6. Ensured that krb5auth using winbind worked (now working, had to modify user accounts in active directory. even having to go so far as to remove user, and recreate then apply the RFC2307 schema attributes) Everything is authenticating again but I am not able to get the pam_mkhomedir.so object create my user directories. relevant file info: nt acl support = yes inherit permissions = yes create mask = 0022 template homedir = /home/samba/%U comment = %U Home directory browsable = yes read only = yes create mask = 0022 force create mode = 0022 directory mask = 0022 force directory mode = 0022 path = /home/samba/%U % ls -lah /home drwxrwxrwx 2 nobody users 48 Jun 2 09:48 samba Am I missing something with the permissions? I know, they are at 755 for now so I can figure out why its not working. What is the best practice for this folders permissions? Thanks. Jason Gerfen wrote: John Drescher wrote: Ok I have updated it and am no able to authenticate. It seems that even though my smb.conf shows 'client plaintext auth = no' in the logs when performing a 'wbinfo --krb5auth=username%password' it shows plaintext kerberos password authentication for [username%password] failed (requesting cctype: FILE) Any ideas? I do appreciate any help I can get on this. Here is some version information: Version 3.0.30 -- Sorry that did not help. For now I am out of ideas. Hopefully someone knows how to fix that soon otherwise I would go back to the last version that worked. No worries, I will roll it back to 3.0.28. I am not sure why it would use plaintext vs. the ntlmv2 that is specified in the config. John -- Jas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Gentoo, Samba, Upgrade, Authentications now failing
2. Can you roll back to Samba 3.0.24 if you emerge 3.0.30 Save the ebuild from 3.0.24 into a local portage overlay See here: http://gentoo-wiki.com/HOWTO_Installing_3rd_Party_Ebuilds The ebuild will be in /var/db/pkg/net-fs/samba-3.0.24 And then do a quickpkg --include-config=y =net-fs/samba-3.0.24 Then to restore emerge -K =net-fs/samba-3.0.24 John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Test Failure for RW1 with samba-3.0.30, Solaris 9
On Mon, Jun 2, 2008 at 9:29 PM, Jeremy Allison [EMAIL PROTECTED] wrote: Try this patch against 3.0.x - should fix the problem. Jeremy. Yep, make test seems to be happy now. Thanks. Should I still file a bug report? -David -- David Eisner http://cradle.brokenglass.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] windows share vs. linux share access
Hello again, I am seeing something I never thought I would see. I can open a dos prompt on a windows machine and map a drive to the samba server using the ADS authentication and read/write from the share etc. My problem is if I try to mount the samba share from a linux client I receive errors. Is there anything special about linux commands such as: % mount -t smbfs -o username=USERNAME //server/share /mnt/samba-share According to the logs my authentication is failing for linux clients: [ 7066]: pam auth crap domain: [DOMAIN] user: username -- Jas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group membership confusion, UNIX, nested, and AD
Brian Gregorcy wrote: ... Hi Bob, I recently did something similar, this page helped me the most of anything I believe it was section 14.3 http://samba.dsmirror.nl/samba/docs/man/Samba-HOWTO-Collection/idmapper.html Thank you, I'll be taking a look at that next. I am just perplexed that samba as an AD member server cannot check UNIX groups for membership while it can otherwise. However I think you will need an account with privileges to join machines to the domain, ... I already have the machine in Active Directory and domain users can access shares on it - they gave me a Domain Admin account long enough to join AD, but not longer. -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] error on ads_startup: No logon servers
Folks,
I have set up a samba development server. It is able to let users log in
through ldap, it grabs their groups correctly, it gets a kerberos ticket
correctly, however it craps out when trying to join to the ADS. I have
an already working server with, from what I can tell, the same
configuration.
When I run the net ads join -d3 (letting it use a previously cached
kerberos ticket for auth), I get the following errors:
[2008/06/03 13:17:16, 3] param/loadparm.c:lp_load(5055)
lp_load: refreshing parameters
[2008/06/03 13:17:16, 3] param/loadparm.c:init_globals(1440)
Initialising global parameters
[2008/06/03 13:17:16, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file
/opt/samba/3.0.30/lib/smb.conf
[2008/06/03 13:17:16, 3] param/loadparm.c:do_section(3794)
Processing section [global]
[2008/06/03 13:17:16, 2] lib/interface.c:add_interface(81)
added interface ip=ipaddress bcast=bcast nmask=255.255.255.0
[2008/06/03 13:17:16, 3] libsmb/namequery.c:get_dc_list(1489)
get_dc_list: preferred server list: , MY.AD.SERVER
[2008/06/03 13:17:23, 1] libads/cldap.c:recv_cldap_netlogon(219)
no reply received to cldap netlogon
[2008/06/03 13:17:23, 3] libads/ldap.c:ads_try_connect(189)
ads_try_connect: CLDAP request ad server ip address failed.
[2008/06/03 13:17:23, 3] libsmb/namequery.c:get_dc_list(1489)
get_dc_list: preferred server list: , MY.AD.SERVER
[2008/06/03 13:17:27, 3] libsmb/namequery.c:get_dc_list(1489)
get_dc_list: preferred server list: , MY.AD.SERVER
[2008/06/03 13:17:27, 3] libsmb/namequery.c:get_dc_list(1489)
get_dc_list: preferred server list: , MY.AD.SERVER
[2008/06/03 13:17:27, 0] utils/net_ads.c:ads_startup_int(286)
ads_connect: No logon servers
[2008/06/03 13:17:27, 1] utils/net_ads.c:net_ads_join(1470)
error on ads_startup: No logon servers
Failed to join domain: No logon servers
[2008/06/03 13:17:27, 2] utils/net.c:main(1066)
return code = -1
For reference, here's smb.conf:
[global]
netbios name= MYCOMPUTERNAME
workgroup = MYWORKGROUP
security= ads
realm = MY.FULL.DOMAIN
password server = MY.AD.SERVER
encrypt passwords = yes
browseable = no
os level= 0
domain master = no
local master= no
preferred master= no
wins server = ad.server.ipaddress
;do not act as a WINS server
wins support= no
restrict anonymous = 2
log level = 0
log file= /opt/samba/var/log_smbd.%m
; winbindd configuration
; winbind separator = +
; winbind enum users= yes
; winbind enum groups = yes
winbind use default domain = yes
; winbind enable local accounts = yes
; template shell= /bin/bash
; template homedir = /home/%D/%U
idmap uid = 3-4
idmap gid = 3-4
client ntlmv2 auth = yes
client schannel = no
server schannel = no
; disabled for now, unhash these
; lines to enable NTLMv2 only authentication
lanman auth = no
ntlm auth = no
;try fixing win98 caching problem?
csc policy = disable
wins support= no
block size = 4096
unix extensions = no
krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
dns_lookup_realm = false
dns_lookup_kdc = false
default_tgs_enctypes = des-cbc-md5, des-cbc-crc
default_tkt_enctypes = des-cbc-md5, des-cbc-crc
[realms]
MY.DOMAIN = {
kdc = ad.server:88
admin_server = ad.server:749
default_domain = my.domain
}
[domain_realm]
.my.realm.path = MY.REALM.PATH
my.realm.path = MY.REALM.PATH
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Any help on this would be GREATLY appreciated!
Mike
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] wbinfo -u lists ADS users without domain, getent passwd returns only local users
I'm using Samba/Winbind for single-sign on in a network where Active Directory is the authoritative authentication source. The active directory server is Windows 2003 with Services for Unix installed so that the schema is extended and the management interface has a Unix Attributes tab. wbinfo -u produces a list of users, without a DOMAIN+ prefix. getent passwd lists only local users although getent passwd username produces the proper info. Same behavior for groups. Could SELinux interference be the problem? This happens even after I completely disable it, leave the domain, and then rejoin the domain and restart everything. Everything is working, but this strikes me as incorrect behavior. Here's a dump of my samba config [global] workgroup = BLAH realm = BLAHHQ.BLAH-INC.COM server string = Samba Server Version %v security = ADS auth methods = winbind password server = BLAH-DC-02.BLAHHQ.BLAH-INC.COM BLAH-DC-04.BLAHHQ.BLAH-INC.COM idmap domains = BLAHHQ.BLAH-INC.COM idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template homedir = /home/%U template shell = /bin/bash winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = sfu idmap config BLAHHQ.BLAH-INC.COM:range = 1-4 idmap config BLAHHQ.BLAH-INC.COM:backend = ad idmap config BLAHHQ.BLAH-INC.COM:default = yes idmap config BLAHHQ.BLAH-INC.COM:schema_mode = sfu [homes] comment = Home Directories valid users = BLAHHQ.BLAH-INC.COM+%S read only = No browseable = No nsswitch.conf lists files winbind There's nothing particularly exotic going on here, as far as I can tell (other than the hassle created by SELinux). What am I missing? If y'all need more info, please tell me. Regards, Thomas Leavitt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SELinux and samba/winbind w/ADS on RHEL 4.6
SELinux appears to be interfering with winbind's functionality. I have the lastest policy package installed: selinux-policy-targeted-1.17.30-2.149 which allegedly solves this problem according to the RedHat knowledge base, but clearly does not. I have to turn off SELinux by using setenforce 0 (permissive) to get winbind to work at all, and based on what I see in the log files, disabling it completely is necessary to prevent all interference. Am I missing something? Are other folks having this problem? Regards, Thomas Leavitt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] unable to connect to KDC Server
I'm trying to connect my FreeBSD 6.2 machine to Windows 2008 Server AD.
this is what I get.
rock# kinit Administrator
[EMAIL PROTECTED]'s Password:
kinit: NOTICE: ticket renewable lifetime is 1 week
rock# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: [EMAIL PROTECTED]
Issued Expires Principal
Jun 3 11:19:44 Jun 3 21:19:44 krbtgt/[EMAIL PROTECTED]
rock# net ads join -U Administrator
Administrator's password:
[2008/06/03 11:20:01, 0] utils/net_ads.c:ads_startup(281)
ads_connect: Server not found in Kerberos database
rock#
*my krb5.conf***
[libdefaults]
default_realm = lab.net
clockskew = 300
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
SAFAD.LAB.NET = {
kdc = SAFAD.LAB.NET
}
SAFAD.LAB.NET = {
v4_instance_convert = {
kerberos = kerberos
computer = SAFAD.LAB.NET
}
}
[domain_realm]
.lab.net = LAB.NET
[kdc]
profile = /usr/src/crypto/heimdal/krb5.conf
***my smb.conf ***
[global]
workgroup = LAB
realm = LAB.NET
server string = SambaServer
security = ADS
password server = SAFAD.LAB.NET*
guest account = pcguest
use kerberos keytab = Yes
log file = /var/log/samba/log.%m
max log size = 50
socket options = SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = lpstat
os level = 33
local master = No
domain master = No
dns proxy = No
wins server = SAFAD.LAB.NET
idmap uid = 1000-2
idmap gid = 1000-2
winbind separator = /
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
hosts allow = 192.168.124., 192.168.1., 127.
Thanks in advance,
Augustin.
_
Search that pays you back! Introducing Live Search cashback.
http://search.live.com/cashback/?pkw=form=MIJAAF/publ=HMTGL/crea=srchpaysyouback--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Test Failure for RW1 with samba-3.0.30, Solaris 9
On Tue, Jun 03, 2008 at 12:23:31PM -0400, David Eisner wrote: On Mon, Jun 2, 2008 at 9:29 PM, Jeremy Allison [EMAIL PROTECTED] wrote: Try this patch against 3.0.x - should fix the problem. Jeremy. Yep, make test seems to be happy now. Thanks. Should I still file a bug report? It might help so we can track it, thanks. I've already committed this into all branches so I'll close it out immediately, but at least we'll have a bug id to hang user problems on. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Test Failure for RW1 with samba-3.0.30, Solaris 9
On Tue, Jun 3, 2008 at 2:56 PM, Jeremy Allison [EMAIL PROTECTED] wrote: Should I still file a bug report? It might help so we can track it, thanks. https://bugzilla.samba.org/show_bug.cgi?id=5517 Thanks again for your help. -David -- David Eisner http://cradle.brokenglass.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] missing dependencies when compiling samba/ctdb rpm on sles 10.1 (don't have all features required for Active Directory support)
It did help, though I had to install the libcom_err rpm. For some reason; only the libcom_err-32bit was installed on the machine. Thanks much JR troc wrote: Hello, If you look at the samba source config.log (at least in rhel5.1) it says the lcom_err was missing which I think had to symlink so.X versions to .so and then run ldconfig after. Not sure if it is the right thing to do due to version compatibilities, but at least the rpms built after doing this. ln -s libcom_err.so.2 libcom_err.so Hope it helps. Regards, Troc On Tue, 2008-06-03 at 11:03 -0400, jrs wrote: I appear to be missing some libs on suse 10.1 when running: rpmbuild --rebuild samba-3.0.25-ctdb.16.src.rpm cut lots of output checking for WRFILE: keytab support... no checking for krb5_princ_realm returns krb5_realm or krb5_data... no checking for krb5_addresses type... no checking whether krb5_mk_error takes 3 arguments MIT or 9 Heimdal... yes configure: WARNING: krb5_mk_req_extended not found in -lkrb5 configure: WARNING: no CREATE_KEY_FUNCTIONS detected configure: WARNING: no GET_ENCTYPES_FUNCTIONS detected configure: WARNING: no KT_FREE_FUNCTION detected configure: WARNING: no KRB5_VERIFY_CHECKSUM_FUNCTION detected configure: error: krb5 libs don't have all features required for Active Directory support error: Bad exit status from /var/tmp/rpm-tmp.54775 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.54775 (%build) oss02:/net/lmd01/space/samba # rpm -qa|egrep -i 'krb5|gss|ctdb' pam_krb5-2.2.3-18.2 krb5-32bit-1.4.3-19.30.6 krb5-devel-1.4.3-19.30.6 krb5-server-1.4.3-19.30.6 krb5-devel-32bit-1.4.3-19.30.6 pam_krb5-32bit-2.2.3-18.2 krb5-1.4.3-19.30.6 krb5-apps-clients-1.4.3-19.30.6 krb5-doc-1.4.3-19.2 cyrus-sasl-gssapi-2.1.21-18.4 libgssapi-32bit-0.6-13.7 librpcsecgss-0.7-13.8 libgssapi-0.6-13.7 ctdb-1.0-28 Any idea what I'm missing? Thanks JR -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to move a samba PDC to a diffrent box
On Tue 3 Jun 2008 4:42:40 am ml wrote: Hello List, i have got a samba pdc running based on the smbldap tools and Debian Sarge. Now we would like to move everything over to Ubuntu Hardy. Can i simply: - Create the same users and groups with the same id on Hardy - Move the files and profiles over by keeping their permissions (rsync -avzp ...) - Set the samba SID to be the old orginial one (i do not know how this could be done and if it even works) Will i then simply be able to log back in with my Windows clients? Is there a HowTo explaining this scenario? Thanks, Mario I don't know how official it is, but if you move all the files and everything beforehand, making sure to keep the ACLs, then shutdown samba on machine 1. Then move /etc/samba /var/lib/samba to the new machine, overwriting the existing ones created by the .debs. Start samba on the new machine, and you're done. Of course, that's not very high-availability, and it's assuming you're not using LDAP or something...even though it should work. Have to make sure everybody is off of the original. I may be forgetting something, but I've done it dozens of times; one of the benefits of samba versus MS implementations is that there's much magic involved and so it really can be as simple as moving the files. Wes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed building 3.0.30 for tru64 4.0F
That's good to hear, I'll try to be patient. 3 jun 2008 kl. 10.05 skrev Volker Lendecke: On Tue, Jun 03, 2008 at 07:15:43AM +0200, Bengt Nilsson wrote: I downgraded to autoconf 2.61 which eliminated the circular dependency error. Nevertheless, the uint32_t and final link problem remains. Is there ANY chance that samba 3 will ever build under tru64 4.0F? Sure. Right now it is a matter of resources, but in general we are very paranoid about building on all platforms around. Give us a few days please. Sorry for the build breakage. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] unsafe_string_function_usage_here when linking smbd
I'm trying to build 3.0.30 on Alpha/Tru64-4.0G. The configure step works, but make fails when it tries to link smbd: Compiling popt/popt.c Compiling popt/poptconfig.c Compiling popt/popthelp.c Compiling popt/poptparse.c Linking bin/smbd ld: Unresolved: __unsafe_string_function_usage_here_size_t__ gmake: *** [bin/smbd] Error 1 This Should Never Happen :) -- that looks like a message for the developers. How can I track down the cause of this and fix it? Here are some details: I'm using the samba-3.0.30.tar.gz source distribution downloaded from samba.org. I configured the build as follows: env CC=cc LDFLAGS=-L/local/lib CPPFLAGS=-I/local/include ./ configure \ --with-winbind --with-krb5=/local --with-ldap --with-ads (I have to use the vendor cc, because if I try to build with gcc, I get the same errors Bengt Nilsson is reporting about tdb_open, _E__lc_ctype, tdb_traverse, _Eioctl and many others.) Prior to running make, I fixed what appears to be a typo in the Makefile: diff Makefile Makefile.orig 590c590 LIBSMBSHAREMODES_OBJ = libsmb/smb_share_modes.o $(TDBBASE_OBJ) --- LIBSMBSHAREMODES_OBJ = libsmb/smb_share_modes.o $(TDB_BASE_OBJ) Dunno if that's important. Then I ran make like so, using GNU make: limit datasize 1048576 limit memoryuse 2041072 gmake The make process begins by reporting (long lines wrapped): Using FLAGS = -I/usr/local/include -O -D_SAMBA_BUILD_=3 -I/src/pub/samba-3.0.30/source/popt -I/src/pub/samba-3.0.30/source/iniparser/src -Iinclude -I./include - I. -I. -I./lib/replace -I./lib/talloc -I./tdb/include -I./libaddns -I./librpc -DHAVE_CONFIG_H -I/usr/local/include -I/local/include -DLDAP_DEPRECATED -I/src/pub/samba-3.0.30/source/lib -D_SAMBA_BUILD_=3 PICFLAG= -fPIC LIBS = -lproplist -lsecurity -lresolv -lresolv LDFLAGS= -L/usr/local/lib -Wl,-rpath -Wl,/usr/local/lib -L/ local/lib DYNEXP = LDSHFLAGS = -shared -L/usr/local/lib -Wl,-rpath -Wl,/usr/ local/lib -L/local/lib SHLIBEXT = so SONAMEFLAG = -Wl,-soname, Generating smbd/build_options.c This dies with the unresolved complaint from the linker as shown above. My guess is this is a false-positive from safe_string.h -- i.e., there's nothing wrong with the string function calls in the smbd source files, but rather safe_string is mistakenly reporting a problem. Is it possible to muzzle safe_string and just get on with the build? I have previously built 3.0.25 successfully on this same Alpha box. But when I was trying to build 3.0.28 after it came out, I hit the same unsafe_string_function_usage error as I'm now seeing with 3.0.30. At that time I just gave up; this time I'd like to solve the problem. -- Kai Lanz Stanford University School of Earth Sciences -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to move a samba PDC to a diffrent box
i have got a samba pdc running based on the smbldap tools and Debian Sarge. Now we would like to move everything over to Ubuntu Hardy. I have done this quite a few times. Can i simply: - Create the same users and groups with the same id on Hardy slapcat slapadd or configure syncrepl in openldap-2.3 or greater and add the new ldap sever as a read only replicator of the first. Then start slapd to sync and then you can remove the master and sync commands and restart slapd - Move the files and profiles over by keeping their permissions (rsync -avzp ...) Seems ok. I do not have any actual user shares or profiles on my pdc. These are on my fileservers instead. - Set the samba SID to be the old orginial one (i do not know how this could be done and if it even works) net setdomainsid Will i then simply be able to log back in with my Windows clients? Is there a HowTo explaining this scenario? After you copy the smb.conf, nsswitch.conf and configure openldap and start all the required services. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] windows share vs. linux share access
Jason Gerfen wrote: snip My problem is if I try to mount the samba share from a linux client I receive errors. What errors? The full output from the client would be useful. Is there anything special about linux commands such as: % mount -t smbfs -o username=USERNAME //server/share /mnt/samba-share smb is depreciated, use cifs if possible. According to the logs my authentication is failing for linux clients: [ 7066]: pam auth crap domain: [DOMAIN] user: username That doesn't look like a failure to me. *Michael Heydon - IT Administrator * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SELinux and samba/winbind w/ADS on RHEL 4.6
Hi, I am not seeing this issue on RHEL4 update 6. but i am using samba-3.0.25b-1.el4_6.5 samba-common-3.0.25b-1.el4_6.5.i386 samba-client-3.0.25b-1.el4_6.5.i386 My sestatus is having as below snip [EMAIL PROTECTED] ~]# sestatus SELinux status: enabled SELinuxfs mount:/selinux Current mode: enforcing Mode from config file: enforcing Policy version: 18 Policy from config file:targeted Policy booleans: allow_syslog_to_console inactive allow_ypbindinactive dhcpd_disable_trans inactive httpd_builtin_scripting active httpd_disable_trans inactive httpd_enable_cgiactive httpd_enable_homedirs active httpd_ssi_exec active httpd_tty_comm inactive httpd_unified active mysqld_disable_transinactive named_disable_trans inactive named_write_master_zonesinactive nscd_disable_trans inactive ntpd_disable_trans inactive pegasus_disable_trans inactive portmap_disable_trans inactive postgresql_disable_transinactive snmpd_disable_trans inactive squid_disable_trans inactive syslogd_disable_trans inactive use_nfs_home_dirs inactive use_samba_home_dirs inactive use_syslognginactive winbind_disable_trans inactive ypbind_disable_transinactive /snip When i joined the system to AD and restarted winbind, it did not give any selinux errors on /var/log/message, or console or /var/log/audit/audit.log snip [EMAIL PROTECTED] ~]# service winbind restart Shutting down Winbind services:[ OK ] Starting Winbind services: [ OK ] /snip So can you paste your selinux messages, that you are getting, and the samba version. Or if you feel you can do the following , without making selinux to permissive or disabling it. #getsebool -P winbind_disable_trans = 1 Regards Niranjan On Tue, Jun 3, 2008 at 11:26 PM, Thomas Leavitt [EMAIL PROTECTED] wrote: SELinux appears to be interfering with winbind's functionality. I have the lastest policy package installed: selinux-policy-targeted-1.17.30-2.149 which allegedly solves this problem according to the RedHat knowledge base, but clearly does not. I have to turn off SELinux by using setenforce 0 (permissive) to get winbind to work at all, and based on what I see in the log files, disabling it completely is necessary to prevent all interference. Am I missing something? Are other folks having this problem? Regards, Thomas Leavitt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SELinux and samba/winbind w/ADS on RHEL 4.6
oops In my previous post i made a typo #getsebool -P winbind_disable_trans = 1 it should be #setsebool -P winbind_disable_trans = 1 On Wed, Jun 4, 2008 at 10:25 AM, mallapadi niranjan [EMAIL PROTECTED] wrote: Hi, I am not seeing this issue on RHEL4 update 6. but i am using samba-3.0.25b-1.el4_6.5 samba-common-3.0.25b-1.el4_6.5.i386 samba-client-3.0.25b-1.el4_6.5.i386 My sestatus is having as below snip [EMAIL PROTECTED] ~]# sestatus SELinux status: enabled SELinuxfs mount:/selinux Current mode: enforcing Mode from config file: enforcing Policy version: 18 Policy from config file:targeted Policy booleans: allow_syslog_to_console inactive allow_ypbindinactive dhcpd_disable_trans inactive httpd_builtin_scripting active httpd_disable_trans inactive httpd_enable_cgiactive httpd_enable_homedirs active httpd_ssi_exec active httpd_tty_comm inactive httpd_unified active mysqld_disable_transinactive named_disable_trans inactive named_write_master_zonesinactive nscd_disable_trans inactive ntpd_disable_trans inactive pegasus_disable_trans inactive portmap_disable_trans inactive postgresql_disable_transinactive snmpd_disable_trans inactive squid_disable_trans inactive syslogd_disable_trans inactive use_nfs_home_dirs inactive use_samba_home_dirs inactive use_syslognginactive winbind_disable_trans inactive ypbind_disable_transinactive /snip When i joined the system to AD and restarted winbind, it did not give any selinux errors on /var/log/message, or console or /var/log/audit/audit.log snip [EMAIL PROTECTED] ~]# service winbind restart Shutting down Winbind services:[ OK ] Starting Winbind services: [ OK ] /snip So can you paste your selinux messages, that you are getting, and the samba version. Or if you feel you can do the following , without making selinux to permissive or disabling it. #getsebool -P winbind_disable_trans = 1 Regards Niranjan On Tue, Jun 3, 2008 at 11:26 PM, Thomas Leavitt [EMAIL PROTECTED] wrote: SELinux appears to be interfering with winbind's functionality. I have the lastest policy package installed: selinux-policy-targeted-1.17.30-2.149 which allegedly solves this problem according to the RedHat knowledge base, but clearly does not. I have to turn off SELinux by using setenforce 0 (permissive) to get winbind to work at all, and based on what I see in the log files, disabling it completely is necessary to prevent all interference. Am I missing something? Are other folks having this problem? Regards, Thomas Leavitt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SCM] CTDB repository - branch master updated - 181318fea6886c40d0aff02d0de777f28ffeddce
The branch, master has been updated
via 181318fea6886c40d0aff02d0de777f28ffeddce (commit)
via 6222ece63ae3b7f3477646232ae5bbeee6f4 (commit)
via dfe0c44c1e8e9dab790686c5ba798986d04bf218 (commit)
from f0b55adae450cac3cf925e111e1dc9628cff4525 (commit)
http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master
- Log -
commit 181318fea6886c40d0aff02d0de777f28ffeddce
Author: Ronnie Sahlberg [EMAIL PROTECTED]
Date: Tue Jun 3 18:19:48 2008 +1000
run the persistent write test with 4 nodes by default
use the timelimit argument to the persistent writer to run the test for
30 seconds by default
commit 6222ece63ae3b7f3477646232ae5bbeee6f4
Author: Ronnie Sahlberg [EMAIL PROTECTED]
Date: Tue Jun 3 18:18:28 2008 +1000
redesign the test of persistent writes
so that we have n persistent writers on n nodes,
all writers writing persistently to the same record.
each writer on a node has its own counter in this record that is
incremented by one in each iteration.
the persistent writer on node 0 also checks that all the counters in the
record are increasing monotonically and if they are not, flagging it as an
ERROR.
commit dfe0c44c1e8e9dab790686c5ba798986d04bf218
Author: Ronnie Sahlberg [EMAIL PROTECTED]
Date: Tue Jun 3 18:14:54 2008 +1000
create the nodes file in a 'test' subdirectory and not the current directory
delete all persistent databases when the test starts
(the tests only uses test databases in a special test directory)
do not set up any public addresses in the tests
wait until there are no disconnected or unhealthy nodes when starting the
test daemons instead of waiting for the recovery mode to change.
we do want to wait until the system has recovered and ALL nodes are ok.
---
Summary of changes:
tests/ctdb_persistent.c | 139 ---
tests/persistent.sh |8 ++-
tests/start_daemons.sh | 20 ---
3 files changed, 135 insertions(+), 32 deletions(-)
Changeset truncated at 500 lines:
diff --git a/tests/ctdb_persistent.c b/tests/ctdb_persistent.c
index dd0e27c..b98e662 100644
--- a/tests/ctdb_persistent.c
+++ b/tests/ctdb_persistent.c
@@ -27,21 +27,88 @@
#include sys/time.h
#include time.h
+static struct timeval tp1,tp2;
+
+static void start_timer(void)
+{
+ gettimeofday(tp1,NULL);
+}
+
+static double end_timer(void)
+{
+ gettimeofday(tp2,NULL);
+ return (tp2.tv_sec + (tp2.tv_usec*1.0e-6)) -
+ (tp1.tv_sec + (tp1.tv_usec*1.0e-6));
+}
+
+static int timelimit = 10;
+
+static unsigned int pnn;
+
+static TDB_DATA old_data;
+
+static int success = true;
+
+static void each_second(struct event_context *ev, struct timed_event *te,
+struct timeval t, void *private_data)
+{
+ struct ctdb_context *ctdb = talloc_get_type(private_data, struct
ctdb_context);
+ int i;
+ uint32_t *old_counters;
+
+
+ printf(Counters: );
+ old_counters = (uint32_t *)old_data.dptr;
+ for (i=0;iold_data.dsize/sizeof(uint32_t); i++) {
+ printf(%6u , old_counters[i]);
+ }
+ printf(\n);
+
+ event_add_timed(ev, ctdb, timeval_current_ofs(1, 0), each_second, ctdb);
+}
+
+static void check_counters(struct ctdb_context *ctdb, TDB_DATA data)
+{
+ int i;
+ uint32_t *counters, *old_counters;
+
+ counters = (uint32_t *)data.dptr;
+ old_counters = (uint32_t *)old_data.dptr;
+
+ /* check that all the counters are monotonic increasing */
+ for (i=0; iold_data.dsize/sizeof(uint32_t); i++) {
+ if (counters[i]old_counters[i]) {
+ printf(ERROR: counters has decreased for node %u From
%u to %u\n, i, old_counters[i], counters[i]);
+ success = false;
+ }
+ }
+
+ if (old_data.dsize != data.dsize) {
+ old_data.dsize = data.dsize;
+ old_data.dptr = talloc_realloc_size(ctdb, old_data.dptr,
old_data.dsize);
+ }
+
+ memcpy(old_data.dptr, data.dptr, data.dsize);
+}
+
+
+
static void test_store_records(struct ctdb_context *ctdb, struct event_context
*ev)
{
TDB_DATA key, data;
struct ctdb_db_context *ctdb_db;
TALLOC_CTX *tmp_ctx = talloc_new(ctdb);
- int ret, i;
+ int ret;
struct ctdb_record_handle *h;
- unsigned node=0, count=0;
-
+ uint32_t *counters;
+ int first_time = true;
ctdb_db = ctdb_db_handle(ctdb, persistent.tdb);
key.dptr = discard_const(testkey);
key.dsize = strlen((const char *)key.dptr)+1;
- for (i=0;i10;i++) {
+ start_timer();
+ while (end_timer() timelimit) {
h = ctdb_fetch_lock(ctdb_db,
[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-0rc1-26-gb524bc0
The branch, v3-2-stable has been updated
via b524bc0e284806877105ebb62570645efc6f2f56 (commit)
via 0abc7c7c5738154d833e57433a19b9bb2e3f32cd (commit)
from 9fd47f8f1e761d321a13987f3ca2f926d7420c37 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable
- Log -
commit b524bc0e284806877105ebb62570645efc6f2f56
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Mon Jun 2 15:26:37 2008 -0700
Fix by Bo Yang [EMAIL PROTECTED] for bug with winbindd trusted domain
child
not keeping primary domain online status up to date.
Jeremy.
(cherry picked from commit d634d78cdfbfa9e27cf9cb5ada3c5220be257a7f)
commit 0abc7c7c5738154d833e57433a19b9bb2e3f32cd
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Mon Jun 2 18:37:16 2008 -0700
Fix bug reported by David Eisner [EMAIL PROTECTED]. When allocating cli
buffers for large read/write - make sure we take account of the large
read/write SMB headers as well as the buffer space.
Jeremy.
(cherry picked from commit 220bb029a9f32a011c59013076eaeb3a86dc8843)
---
Summary of changes:
source/libsmb/cliconnect.c |6 +++---
source/winbindd/winbindd_dual.c | 20 ++--
2 files changed, 21 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/libsmb/cliconnect.c b/source/libsmb/cliconnect.c
index ae16572..0f17571 100644
--- a/source/libsmb/cliconnect.c
+++ b/source/libsmb/cliconnect.c
@@ -1352,9 +1352,9 @@ bool cli_negprot(struct cli_state *cli)
if (cli-capabilities (CAP_LARGE_READX|CAP_LARGE_WRITEX)) {
SAFE_FREE(cli-outbuf);
SAFE_FREE(cli-inbuf);
- cli-outbuf = (char
*)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN);
- cli-inbuf = (char
*)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+SAFETY_MARGIN);
- cli-bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE;
+ cli-outbuf = (char
*)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
+ cli-inbuf = (char
*)SMB_MALLOC(CLI_SAMBA_MAX_LARGE_READX_SIZE+LARGE_WRITEX_HDR_SIZE+SAFETY_MARGIN);
+ cli-bufsize = CLI_SAMBA_MAX_LARGE_READX_SIZE +
LARGE_WRITEX_HDR_SIZE;
}
} else if (cli-protocol = PROTOCOL_LANMAN1) {
diff --git a/source/winbindd/winbindd_dual.c b/source/winbindd/winbindd_dual.c
index b8c0ab9..29849e9 100644
--- a/source/winbindd/winbindd_dual.c
+++ b/source/winbindd/winbindd_dual.c
@@ -965,6 +965,7 @@ static bool fork_domain_child(struct winbindd_child *child)
int fdpair[2];
struct winbindd_cli_state state;
struct winbindd_domain *domain;
+ struct winbindd_domain *primary_domain = NULL;
if (child-domain) {
DEBUG(10, (fork_domain_child called for domain '%s'\n,
@@ -1060,10 +1061,13 @@ static bool fork_domain_child(struct winbindd_child
*child)
}
/* Ensure we have no pending check_online events other
- than one for this domain. */
+ than one for this domain or the primary domain. */
for (domain = domain_list(); domain; domain = domain-next) {
- if (domain != child-domain) {
+ if (domain-primary) {
+ primary_domain = domain;
+ }
+ if ((domain != child-domain) !domain-primary) {
TALLOC_FREE(domain-check_online_event);
}
}
@@ -1080,6 +1084,18 @@ static bool fork_domain_child(struct winbindd_child
*child)
set_domain_online_request(child-domain);
+ if (primary_domain != child-domain) {
+ /* We need to talk to the primary
+* domain as well as the trusted
+* domain inside a trusted domain
+* child.
+* See the code in :
+* set_dc_type_and_flags_trustinfo()
+* for details.
+*/
+ set_domain_online_request(primary_domain);
+ }
+
child-lockout_policy_event = event_add_timed(
winbind_event_context(), NULL, timeval_zero(),
account_lockout_policy_handler,
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2502-ge7b0d54
The branch, v3-2-test has been updated via e7b0d54fa0c26117047c23b2a295edfbad3c19d9 (commit) from 220bb029a9f32a011c59013076eaeb3a86dc8843 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit e7b0d54fa0c26117047c23b2a295edfbad3c19d9 Author: Karolin Seeger [EMAIL PROTECTED] Date: Tue Jun 3 09:09:39 2008 +0200 WHATSNEW: Update changes since 3.2.0rc1. Karolin --- Summary of changes: WHATSNEW.txt |8 1 files changed, 8 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 536e319..31e644b 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -216,6 +216,9 @@ o Jeremy Allison [EMAIL PROTECTED] * BUG 5504: Fix behaviour of winbindd children receiving a SIGTERM. * Security fix for CVE-2008-1105. * Fix valgrind bug in debug statement. +* Make sure we take account of the large read/write SMB headers as + well as the buffer space when allocating cli buffers for large + read/write. o Günther Deschner [EMAIL PROTECTED] @@ -230,6 +233,11 @@ o Marc VanHeyningen [EMAIL PROTECTED] * Fix memory leak. +o Bo Yang [EMAIL PROTECTED] +* Fix winbindd trusted domain child not keeping primary domain + online status up to date. + + o Chere Zhou [EMAIL PROTECTED] * Fix memory leaks. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-0rc1-27-g0b26d4e
The branch, v3-2-stable has been updated via 0b26d4e68f4212cf93250eb03bbc7e4834e74bc4 (commit) from b524bc0e284806877105ebb62570645efc6f2f56 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable - Log - commit 0b26d4e68f4212cf93250eb03bbc7e4834e74bc4 Author: Karolin Seeger [EMAIL PROTECTED] Date: Tue Jun 3 09:09:39 2008 +0200 WHATSNEW: Update changes since 3.2.0rc1. Karolin (cherry picked from commit e7b0d54fa0c26117047c23b2a295edfbad3c19d9) --- Summary of changes: WHATSNEW.txt |8 1 files changed, 8 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 536e319..31e644b 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -216,6 +216,9 @@ o Jeremy Allison [EMAIL PROTECTED] * BUG 5504: Fix behaviour of winbindd children receiving a SIGTERM. * Security fix for CVE-2008-1105. * Fix valgrind bug in debug statement. +* Make sure we take account of the large read/write SMB headers as + well as the buffer space when allocating cli buffers for large + read/write. o Günther Deschner [EMAIL PROTECTED] @@ -230,6 +233,11 @@ o Marc VanHeyningen [EMAIL PROTECTED] * Fix memory leak. +o Bo Yang [EMAIL PROTECTED] +* Fix winbindd trusted domain child not keeping primary domain + online status up to date. + + o Chere Zhou [EMAIL PROTECTED] * Fix memory leaks. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-29-23-g7ffc312
The branch, v3-0-test has been updated
via 7ffc312b493d95389266be180d38b8a35584d6d9 (commit)
from c537b4376db8eb17904d2cf5fa3ec1fa32548742 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test
- Log -
commit 7ffc312b493d95389266be180d38b8a35584d6d9
Author: Karolin Seeger [EMAIL PROTECTED]
Date: Tue Mar 25 12:00:42 2008 +0100
Fix usage message for 'net idmap dump'.
Karolin
(cherry picked from commit c967b62dd3c924419fa4a72aa2143d6bef959d18)
---
Summary of changes:
source/utils/net_idmap.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/utils/net_idmap.c b/source/utils/net_idmap.c
index 1f70daf..ba1ec82 100644
--- a/source/utils/net_idmap.c
+++ b/source/utils/net_idmap.c
@@ -270,7 +270,7 @@ static int net_idmap_secret(int argc, const char **argv)
int net_help_idmap(int argc, const char **argv)
{
- d_printf(net idmap dump outputfile\n\
+ d_printf(net idmap dump inputfile\n\
Dump current id mapping\n);
d_printf(net idmap restore\n\
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha4-16-g03f43a9
The branch, v4-0-test has been updated via 03f43a9a91bffd60de8f59f8fb717505a428d070 (commit) via c285b540cb1c2b554a85ef08a4280f544d9d20cc (commit) via 62030027d1ab735fb9c590fafb0887dc882662d1 (commit) via 61bad69e2d7f84e2c6d6fb82917cfa86b17f54b0 (commit) via 7f033ce4fb6fc897f8159926d5a6d2e45dd447b6 (commit) via 58c118ab4d2b76c4ea68d79b711b81900634f767 (commit) via 418e2592b48d558ff1d32031d64263ae21cf1eb0 (commit) via c8e15d4c185f18322a882aa908939fa9d0e341a0 (commit) via c3ba19ca62affced96b927fcbe63cf5d075aed22 (commit) via def52cc0988c26a815e74b3391e5857512408d90 (commit) via 3868d8ce630c71e2c70aae442fcdbd68ba1eb708 (commit) via fde9880f9943897549859037b0fc9341d3a032f7 (commit) via 9c004df8910c07d75bb3f75d7c3cfba9f9c94f51 (commit) from e9bc72495affb31e5c3d25be7e86d5165974 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 03f43a9a91bffd60de8f59f8fb717505a428d070 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Mon May 5 13:10:02 2008 +0200 selftest: don't skip BASE-DELAYWRITE metze commit c285b540cb1c2b554a85ef08a4280f544d9d20cc Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Mon May 5 13:06:54 2008 +0200 selftest: pass torture:writetimeupdatedelay to smbtorture metze commit 62030027d1ab735fb9c590fafb0887dc882662d1 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Tue Jun 3 11:06:33 2008 +0200 selftest: set posix:writetimeupdatedelay metze Signed-off-by: Stefan Metzmacher [EMAIL PROTECTED] commit 61bad69e2d7f84e2c6d6fb82917cfa86b17f54b0 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Tue Jun 3 13:32:04 2008 +0200 pvfs: use utimes() instead of utime() to get better timestamp resolution Note: that libreplace always provides utimes() metze commit 7f033ce4fb6fc897f8159926d5a6d2e45dd447b6 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Thu May 8 22:16:55 2008 +0200 pvfs_close: correctly handle the write time updates passed by close() metze commit 58c118ab4d2b76c4ea68d79b711b81900634f767 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Tue Jun 3 11:54:21 2008 +0200 pvfs: correctly set the write time in the handle destructor metze commit 418e2592b48d558ff1d32031d64263ae21cf1eb0 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Tue Jun 3 11:47:12 2008 +0200 pvfs_setfileinfo: update the write time in the opendb metze commit c8e15d4c185f18322a882aa908939fa9d0e341a0 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Tue Jun 3 11:36:08 2008 +0200 pvfs: trigger a write time update 2 seconds after the first write metze commit c3ba19ca62affced96b927fcbe63cf5d075aed22 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Tue Jun 3 11:34:10 2008 +0200 pvfs: add posix:writetimeupdatedelay option metze commit def52cc0988c26a815e74b3391e5857512408d90 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Mon May 5 12:18:47 2008 +0200 pvfs: add PVFS_RESOLVE_NO_OPENDB flag and get the write time from the opendb By default get the current write time from the opendb, but allow callers to pass PVFS_RESOLVE_NO_OPENDB for performance reasons, if they don't need to the write time. metze commit 3868d8ce630c71e2c70aae442fcdbd68ba1eb708 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Tue Apr 15 16:00:42 2008 +0200 opendb: add write time handling metze commit fde9880f9943897549859037b0fc9341d3a032f7 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Tue Jun 3 14:01:02 2008 +0200 BASE-DELAYWRITE: fix test on filesystem without high resolution timestamps metze commit 9c004df8910c07d75bb3f75d7c3cfba9f9c94f51 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Mon May 5 15:05:41 2008 +0200 BASE-DELAYWRITE: add missing time checks to make sure the server has updated the write time metze --- Summary of changes: source/cluster/ctdb/opendb_ctdb.c | 51 +--- source/librpc/idl/opendb.idl |2 + source/ntvfs/common/opendb.c | 24 ++--- source/ntvfs/common/opendb.h |9 ++- source/ntvfs/common/opendb_tdb.c | 51 +-- source/ntvfs/posix/pvfs_fileinfo.c| 31 +++- source/ntvfs/posix/pvfs_open.c| 80 +- source/ntvfs/posix/pvfs_rename.c |8 ++- source/ntvfs/posix/pvfs_resolve.c | 32 source/ntvfs/posix/pvfs_search.c |2 +- source/ntvfs/posix/pvfs_seek.c|2 +- source/ntvfs/posix/pvfs_setfileinfo.c | 87 +++- source/ntvfs/posix/pvfs_unlink.c |9 +++- source/ntvfs/posix/pvfs_write.c | 55
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha4-17-gf65e43e
The branch, v4-0-test has been updated
via f65e43e9456e8e951d172779cba53ab417114b20 (commit)
from 03f43a9a91bffd60de8f59f8fb717505a428d070 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -
commit f65e43e9456e8e951d172779cba53ab417114b20
Author: Andrew Bartlett [EMAIL PROTECTED]
Date: Tue Jun 3 23:27:22 2008 +1000
Align the Python and EJS ldap tests.
We should now (need to review and compare them once more) be able to
remove ldap.js (and once samba3sam.js is done, smbscript).
Andrew Bartlett
---
Summary of changes:
source/lib/ldb/tests/python/ldap.py | 196 +++
testprogs/ejs/ldap.js |8 +-
2 files changed, 155 insertions(+), 49 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/lib/ldb/tests/python/ldap.py
b/source/lib/ldb/tests/python/ldap.py
index c76222c..aba9581 100755
--- a/source/lib/ldb/tests/python/ldap.py
+++ b/source/lib/ldb/tests/python/ldap.py
@@ -14,7 +14,7 @@ from samba.auth import system_session
from ldb import (SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE, LdbError,
LDB_ERR_NO_SUCH_OBJECT, LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS,
LDB_ERR_ENTRY_ALREADY_EXISTS, LDB_ERR_UNWILLING_TO_PERFORM,
- LDB_ERR_NOT_ALLOWED_ON_NON_LEAF, LDB_ERR_OTHER)
+ LDB_ERR_NOT_ALLOWED_ON_NON_LEAF, LDB_ERR_OTHER,
LDB_ERR_INVALID_DN_SYNTAX)
from samba import Ldb
from subunit import SubunitTestRunner
from samba import param
@@ -115,6 +115,86 @@ class BasicTests(unittest.TestCase):
userAccountControl: 4096,
displayname: ldap testy})
+self.delete_force(self.ldb, cn=ldaptestcomputer3,cn=computers, +
self.base_dn)
+try:
+ldb.add({dn: cn=ldaptestcomputer3,cn=computers, + self.base_dn,
+ objectClass: computer,
+ cn: LDAPtest2COMPUTER
+ })
+self.fail()
+except LdbError, (num, _):
+self.assertEquals(num, LDB_ERR_INVALID_DN_SYNTAX)
+
+self.delete_force(self.ldb, cn=ldaptestcomputer3,cn=computers, +
self.base_dn)
+try:
+ldb.add({dn: cn=ldaptestcomputer3,cn=computers, + self.base_dn,
+ objectClass: computer,
+ cn: ldaptestcomputer3,
+ sAMAccountType: 805306368
+})
+self.fail()
+except LdbError, (num, _):
+self.assertEquals(num, LDB_ERR_UNWILLING_TO_PERFORM)
+
+self.delete_force(self.ldb, cn=ldaptestcomputer3,cn=computers, +
self.base_dn)
+try:
+ldb.add({dn: cn=ldaptestcomputer3,cn=computers, + self.base_dn,
+ objectClass: computer,
+ cn: ldaptestcomputer3,
+ userAccountControl: 0
+})
+self.fail()
+except LdbError, (num, _):
+self.assertEquals(num, LDB_ERR_UNWILLING_TO_PERFORM)
+
+self.delete_force(self.ldb, cn=ldaptestuser7,cn=users, +
self.base_dn)
+try:
+ldb.add({dn: cn=ldaptestuser7,cn=users, + self.base_dn,
+ objectClass: user,
+ cn: LDAPtestuser7,
+ userAccountControl: 0
+})
+self.fail()
+except LdbError, (num, _):
+self.assertEquals(num, LDB_ERR_UNWILLING_TO_PERFORM)
+
+self.delete_force(self.ldb, cn=ldaptestuser7,cn=users, +
self.base_dn)
+
+ldb.add({dn: cn=ldaptestuser7,cn=users, + self.base_dn,
+ objectClass: user,
+ cn: LDAPtestuser7,
+ userAccountControl: 2
+ })
+
+self.delete_force(self.ldb, cn=ldaptestuser7,cn=users, +
self.base_dn)
+
+self.delete_force(self.ldb, cn=ldaptestcomputer3,cn=computers, +
self.base_dn)
+ldb.add({dn: cn=ldaptestcomputer3,cn=computers, + self.base_dn,
+ objectClass: computer,
+ cn: LDAPtestCOMPUTER3
+ })
+
+ print Testing ldb.search for
((cn=ldaptestcomputer3)(objectClass=user));
+res = ldb.search(self.base_dn,
expression=((cn=ldaptestcomputer3)(objectClass=user)));
+self.assertEquals(len(res), 1, Found only %d for
((cn=ldaptestcomputer3)(objectClass=user)) % len(res))
+
+ self.assertEquals(str(res[0].dn), (CN=ldaptestcomputer3,CN=Computers,
+ self.base_dn));
+ self.assertEquals(res[0][cn][0], ldaptestcomputer3);
+ self.assertEquals(res[0][name][0], ldaptestcomputer3);
+ self.assertEquals(res[0][objectClass][0], top);
+ self.assertEquals(res[0][objectClass][1], person);
+ self.assertEquals(res[0][objectClass][2],
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-2712-ge1579c9
The branch, v3-3-test has been updated
via e1579c90fb27c07f95889dd8778daeef53e2ac16 (commit)
via ac3597ef8b7781499ab55f1039670ec82202e32c (commit)
from 19519bca9b64b736d2fe0447b7cd495f00dba60a (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -
commit e1579c90fb27c07f95889dd8778daeef53e2ac16
Author: Andreas Schneider [EMAIL PROTECTED]
Date: Tue Jun 3 15:26:42 2008 +0200
Fix empty input fields in SWAT; [#5515].
Signed-off-by: Stefan Metzmacher [EMAIL PROTECTED]
commit ac3597ef8b7781499ab55f1039670ec82202e32c
Author: Andreas Schneider [EMAIL PROTECTED]
Date: Tue Jun 3 15:05:50 2008 +0200
Fix saving of the config file in SWAT; [#5516].
The strlen of the source string passed to convert_string_allocate was too
short :)
Signed-off-by: Stefan Metzmacher [EMAIL PROTECTED]
---
Summary of changes:
source/web/cgi.c |4 ++--
source/web/swat.c |8
2 files changed, 6 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/web/cgi.c b/source/web/cgi.c
index 28f64f8..070e80c 100644
--- a/source/web/cgi.c
+++ b/source/web/cgi.c
@@ -206,14 +206,14 @@ void cgi_load_variables(void)
size_t dest_len;
convert_string_allocate(frame, CH_UTF8, CH_UNIX,
- variables[i].name, -1,
+ variables[i].name, strlen(variables[i].name),
dest, dest_len, True);
SAFE_FREE(variables[i].name);
variables[i].name = SMB_STRDUP(dest ? dest : );
dest = NULL;
convert_string_allocate(frame, CH_UTF8, CH_UNIX,
- variables[i].value, -1,
+ variables[i].value, strlen(variables[i].value),
dest, dest_len, True);
SAFE_FREE(variables[i].value);
variables[i].value = SMB_STRDUP(dest ? dest : );
diff --git a/source/web/swat.c b/source/web/swat.c
index 3e14d2d..373ab73 100644
--- a/source/web/swat.c
+++ b/source/web/swat.c
@@ -86,13 +86,14 @@ static const char *fix_quotes(TALLOC_CTX *ctx, const char
*str)
/* Count the number of quotes. */
newstring_len = 1;
- while (*str) {
- if ( *str == '\') {
+ p = (char *) str;
+ while (*p) {
+ if ( *p == '\') {
newstring_len += quote_len;
} else {
newstring_len++;
}
- ++str;
+ ++p;
}
newstring = TALLOC_ARRAY(ctx, char, newstring_len);
if (!newstring) {
@@ -105,7 +106,6 @@ static const char *fix_quotes(TALLOC_CTX *ctx, const char
*str)
} else {
*p++ = *str;
}
- ++str;
}
*p = '\0';
return newstring;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2504-gf29f96f
The branch, v3-2-test has been updated
via f29f96fe76a139291cbc6e2dee1bca160ea3460a (commit)
via cd7e6b0a0de376c94f9c97247db65a959031a21a (commit)
from e7b0d54fa0c26117047c23b2a295edfbad3c19d9 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -
commit f29f96fe76a139291cbc6e2dee1bca160ea3460a
Author: Andreas Schneider [EMAIL PROTECTED]
Date: Tue Jun 3 15:26:42 2008 +0200
Fix empty input fields in SWAT; [#5515].
Signed-off-by: Stefan Metzmacher [EMAIL PROTECTED]
(cherry picked from commit e1579c90fb27c07f95889dd8778daeef53e2ac16)
commit cd7e6b0a0de376c94f9c97247db65a959031a21a
Author: Andreas Schneider [EMAIL PROTECTED]
Date: Tue Jun 3 15:05:50 2008 +0200
Fix saving of the config file in SWAT; [#5516].
The strlen of the source string passed to convert_string_allocate was too
short :)
Signed-off-by: Stefan Metzmacher [EMAIL PROTECTED]
(cherry picked from commit ac3597ef8b7781499ab55f1039670ec82202e32c)
---
Summary of changes:
source/web/cgi.c |4 ++--
source/web/swat.c |8
2 files changed, 6 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/web/cgi.c b/source/web/cgi.c
index 28f64f8..070e80c 100644
--- a/source/web/cgi.c
+++ b/source/web/cgi.c
@@ -206,14 +206,14 @@ void cgi_load_variables(void)
size_t dest_len;
convert_string_allocate(frame, CH_UTF8, CH_UNIX,
- variables[i].name, -1,
+ variables[i].name, strlen(variables[i].name),
dest, dest_len, True);
SAFE_FREE(variables[i].name);
variables[i].name = SMB_STRDUP(dest ? dest : );
dest = NULL;
convert_string_allocate(frame, CH_UTF8, CH_UNIX,
- variables[i].value, -1,
+ variables[i].value, strlen(variables[i].value),
dest, dest_len, True);
SAFE_FREE(variables[i].value);
variables[i].value = SMB_STRDUP(dest ? dest : );
diff --git a/source/web/swat.c b/source/web/swat.c
index 6d8f4ca..6c6d78e 100644
--- a/source/web/swat.c
+++ b/source/web/swat.c
@@ -86,13 +86,14 @@ static const char *fix_quotes(TALLOC_CTX *ctx, const char
*str)
/* Count the number of quotes. */
newstring_len = 1;
- while (*str) {
- if ( *str == '\') {
+ p = (char *) str;
+ while (*p) {
+ if ( *p == '\') {
newstring_len += quote_len;
} else {
newstring_len++;
}
- ++str;
+ ++p;
}
newstring = TALLOC_ARRAY(ctx, char, newstring_len);
if (!newstring) {
@@ -105,7 +106,6 @@ static const char *fix_quotes(TALLOC_CTX *ctx, const char
*str)
} else {
*p++ = *str;
}
- ++str;
}
*p = '\0';
return newstring;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2507-gdfd0254
The branch, v3-2-test has been updated
via dfd02542f540d89a17d3de5b49adb0cfd32aa2a0 (commit)
via b8ae41fa0a51e26de5dde9869303871df41bfdc6 (commit)
from 1f7296350212a65500885c7d21cb586026713f61 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -
commit dfd02542f540d89a17d3de5b49adb0cfd32aa2a0
Author: Karolin Seeger [EMAIL PROTECTED]
Date: Tue Jun 3 16:44:59 2008 +0200
man pages: Add documentation for new parameter 'ldap connection timeout'.
Karolin
(cherry picked from commit f7bfa1330cef34b1bbe7969bddbce2ff895321ed)
commit b8ae41fa0a51e26de5dde9869303871df41bfdc6
Author: Björn Jacke [EMAIL PROTECTED]
Date: Mon May 26 11:29:24 2008 +0200
Add ldap connection timeout for OpenLDAP and Netscape LDAP libs. This can
be controlled via the ldap connection timeout parameter. This fixes fallbacks
to secondary LDAP servers in multi LDAP server setups like in #4544
(cherry picked from commit 8e59a2fedc940b081222b0e8f90fe0c5a0981c06)
---
Summary of changes:
docs-xml/smbdotconf/ldap/ldapconnectiontimeout.xml | 22
source/include/smbldap.h |3 +-
source/lib/smbldap.c | 26 +++-
source/param/loadparm.c| 14 ++-
4 files changed, 62 insertions(+), 3 deletions(-)
create mode 100644 docs-xml/smbdotconf/ldap/ldapconnectiontimeout.xml
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/ldap/ldapconnectiontimeout.xml
b/docs-xml/smbdotconf/ldap/ldapconnectiontimeout.xml
new file mode 100644
index 000..31713c9
--- /dev/null
+++ b/docs-xml/smbdotconf/ldap/ldapconnectiontimeout.xml
@@ -0,0 +1,22 @@
+samba:parameter name=ldap connection timeout
+context=G
+advanced=1 developer=1
+ type=integer
+xmlns:samba=http://www.samba.org/samba/DTD/samba-doc;
+description
+ para
+ This parameter tells the LDAP library calls which timeout in seconds
+ they should honor during initial connection establishments to LDAP
servers.
+ It is very useful in failover scenarios in particular. If one or more
LDAP
+ servers are not reachable at all, we do not have to wait until TCP
+ timeouts are over. This feature must be supported by your LDAP library.
+ /para
+
+ para
+ This parameter is different from smbconfoption name=ldap timeout/
+ which affects operations on LDAP servers using an existing connection
+ and not establishing an initial connection.
+ /para
+/description
+value type=default2/value
+/samba:parameter
diff --git a/source/include/smbldap.h b/source/include/smbldap.h
index d9d7aca..79e0a38 100644
--- a/source/include/smbldap.h
+++ b/source/include/smbldap.h
@@ -220,7 +220,8 @@ const char *smbldap_talloc_dn(TALLOC_CTX *mem_ctx, LDAP *ld,
#endif /* HAVE_LDAP */
-#define LDAP_CONNECT_DEFAULT_TIMEOUT 15
+#define LDAP_DEFAULT_TIMEOUT 15
+#define LDAP_CONNECTION_DEFAULT_TIMEOUT 2
#define LDAP_PAGE_SIZE 1024
#endif /* _SMBLDAP_H */
diff --git a/source/lib/smbldap.c b/source/lib/smbldap.c
index 65a039b..0598b78 100644
--- a/source/lib/smbldap.c
+++ b/source/lib/smbldap.c
@@ -670,9 +670,33 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char
*uri)
return LDAP_OPERATIONS_ERROR;
#endif /* LDAP_OPT_X_TLS */
}
-
}
#endif /* HAVE_LDAP_INITIALIZE */
+
+
+ /* now set connection timeout */
+#ifdef LDAP_X_OPT_CONNECT_TIMEOUT /* Netscape */
+ {
+ int ct = lp_ldap_connection_timeout()*1000;
+ rc = ldap_set_option(*ldap_struct, LDAP_X_OPT_CONNECT_TIMEOUT,
ct);
+ if (rc != LDAP_SUCCESS) {
+ DEBUG(0,(Failed to setup an ldap connection timeout
%d: %s\n,
+ ct, ldap_err2string(rc)));
+ }
+ }
+#elif defined (LDAP_OPT_NETWORK_TIMEOUT) /* OpenLDAP */
+ {
+ struct timeval ct;
+ ct.tv_usec = 0;
+ ct.tv_sec = lp_ldap_connection_timeout();
+ rc = ldap_set_option(*ldap_struct, LDAP_OPT_NETWORK_TIMEOUT,
ct);
+ if (rc != LDAP_SUCCESS) {
+ DEBUG(0,(Failed to setup an ldap connection timeout
%d: %s\n,
+ ct.tv_sec, ldap_err2string(rc)));
+ }
+ }
+#endif
+
return LDAP_SUCCESS;
}
diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index b539684..c6a7489 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -264,6 +264,7 @@ struct global {
int ldap_passwd_sync;
int ldap_replication_sleep;
int ldap_timeout; /* This is initialised in init_globals */
+ int
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-2714-gf7bfa13
The branch, v3-3-test has been updated via f7bfa1330cef34b1bbe7969bddbce2ff895321ed (commit) from 8e59a2fedc940b081222b0e8f90fe0c5a0981c06 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit f7bfa1330cef34b1bbe7969bddbce2ff895321ed Author: Karolin Seeger [EMAIL PROTECTED] Date: Tue Jun 3 16:44:59 2008 +0200 man pages: Add documentation for new parameter 'ldap connection timeout'. Karolin --- Summary of changes: docs-xml/smbdotconf/ldap/ldapconnectiontimeout.xml | 22 1 files changed, 22 insertions(+), 0 deletions(-) create mode 100644 docs-xml/smbdotconf/ldap/ldapconnectiontimeout.xml Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/ldap/ldapconnectiontimeout.xml b/docs-xml/smbdotconf/ldap/ldapconnectiontimeout.xml new file mode 100644 index 000..31713c9 --- /dev/null +++ b/docs-xml/smbdotconf/ldap/ldapconnectiontimeout.xml @@ -0,0 +1,22 @@ +samba:parameter name=ldap connection timeout +context=G +advanced=1 developer=1 + type=integer +xmlns:samba=http://www.samba.org/samba/DTD/samba-doc; +description + para + This parameter tells the LDAP library calls which timeout in seconds + they should honor during initial connection establishments to LDAP servers. + It is very useful in failover scenarios in particular. If one or more LDAP + servers are not reachable at all, we do not have to wait until TCP + timeouts are over. This feature must be supported by your LDAP library. + /para + + para + This parameter is different from smbconfoption name=ldap timeout/ + which affects operations on LDAP servers using an existing connection + and not establishing an initial connection. + /para +/description +value type=default2/value +/samba:parameter -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-0rc1-30-g73ae1aa
The branch, v3-2-stable has been updated
via 73ae1aa1c6c460451855e30114b1a331529a042d (commit)
via 1e04dd755a0564e0179546567453880966a46cd7 (commit)
via 13dee8d300f14880fdab3bb559e50919b69f6251 (commit)
from 0b26d4e68f4212cf93250eb03bbc7e4834e74bc4 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable
- Log -
commit 73ae1aa1c6c460451855e30114b1a331529a042d
Author: Karolin Seeger [EMAIL PROTECTED]
Date: Tue Jun 3 16:25:17 2008 +0200
WHATSNEW: Update changes since 3.2.0rc1.
Karolin
(cherry picked from commit 1f7296350212a65500885c7d21cb586026713f61)
commit 1e04dd755a0564e0179546567453880966a46cd7
Author: Andreas Schneider [EMAIL PROTECTED]
Date: Tue Jun 3 15:26:42 2008 +0200
Fix empty input fields in SWAT; [#5515].
Signed-off-by: Stefan Metzmacher [EMAIL PROTECTED]
(cherry picked from commit e1579c90fb27c07f95889dd8778daeef53e2ac16)
(cherry picked from commit f29f96fe76a139291cbc6e2dee1bca160ea3460a)
commit 13dee8d300f14880fdab3bb559e50919b69f6251
Author: Andreas Schneider [EMAIL PROTECTED]
Date: Tue Jun 3 15:05:50 2008 +0200
Fix saving of the config file in SWAT; [#5516].
The strlen of the source string passed to convert_string_allocate was too
short :)
Signed-off-by: Stefan Metzmacher [EMAIL PROTECTED]
(cherry picked from commit ac3597ef8b7781499ab55f1039670ec82202e32c)
(cherry picked from commit cd7e6b0a0de376c94f9c97247db65a959031a21a)
---
Summary of changes:
WHATSNEW.txt |5 +
source/web/cgi.c |4 ++--
source/web/swat.c |8
3 files changed, 11 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 31e644b..1db5358 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -233,6 +233,11 @@ o Marc VanHeyningen [EMAIL PROTECTED]
* Fix memory leak.
+o Andreas Schneider [EMAIL PROTECTED]
+* BUG 5515: Fix empty input fields in SWAT.
+* BUG 5516: Fix saving of the config file in SWAT.
+
+
o Bo Yang [EMAIL PROTECTED]
* Fix winbindd trusted domain child not keeping primary domain
online status up to date.
diff --git a/source/web/cgi.c b/source/web/cgi.c
index 28f64f8..070e80c 100644
--- a/source/web/cgi.c
+++ b/source/web/cgi.c
@@ -206,14 +206,14 @@ void cgi_load_variables(void)
size_t dest_len;
convert_string_allocate(frame, CH_UTF8, CH_UNIX,
- variables[i].name, -1,
+ variables[i].name, strlen(variables[i].name),
dest, dest_len, True);
SAFE_FREE(variables[i].name);
variables[i].name = SMB_STRDUP(dest ? dest : );
dest = NULL;
convert_string_allocate(frame, CH_UTF8, CH_UNIX,
- variables[i].value, -1,
+ variables[i].value, strlen(variables[i].value),
dest, dest_len, True);
SAFE_FREE(variables[i].value);
variables[i].value = SMB_STRDUP(dest ? dest : );
diff --git a/source/web/swat.c b/source/web/swat.c
index 6d8f4ca..6c6d78e 100644
--- a/source/web/swat.c
+++ b/source/web/swat.c
@@ -86,13 +86,14 @@ static const char *fix_quotes(TALLOC_CTX *ctx, const char
*str)
/* Count the number of quotes. */
newstring_len = 1;
- while (*str) {
- if ( *str == '\') {
+ p = (char *) str;
+ while (*p) {
+ if ( *p == '\') {
newstring_len += quote_len;
} else {
newstring_len++;
}
- ++str;
+ ++p;
}
newstring = TALLOC_ARRAY(ctx, char, newstring_len);
if (!newstring) {
@@ -105,7 +106,6 @@ static const char *fix_quotes(TALLOC_CTX *ctx, const char
*str)
} else {
*p++ = *str;
}
- ++str;
}
*p = '\0';
return newstring;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2505-g1f72963
The branch, v3-2-test has been updated via 1f7296350212a65500885c7d21cb586026713f61 (commit) from f29f96fe76a139291cbc6e2dee1bca160ea3460a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 1f7296350212a65500885c7d21cb586026713f61 Author: Karolin Seeger [EMAIL PROTECTED] Date: Tue Jun 3 16:25:17 2008 +0200 WHATSNEW: Update changes since 3.2.0rc1. Karolin --- Summary of changes: WHATSNEW.txt |5 + 1 files changed, 5 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 31e644b..1db5358 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -233,6 +233,11 @@ o Marc VanHeyningen [EMAIL PROTECTED] * Fix memory leak. +o Andreas Schneider [EMAIL PROTECTED] +* BUG 5515: Fix empty input fields in SWAT. +* BUG 5516: Fix saving of the config file in SWAT. + + o Bo Yang [EMAIL PROTECTED] * Fix winbindd trusted domain child not keeping primary domain online status up to date. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-2716-g57d5963
The branch, v3-3-test has been updated
via 57d596395db287301eefd34e62c9aaf857c34c69 (commit)
via 7c96795e5954b6a716beb6f5a30d6c7bb1647717 (commit)
from f7bfa1330cef34b1bbe7969bddbce2ff895321ed (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -
commit 57d596395db287301eefd34e62c9aaf857c34c69
Author: Gerald W. Carter [EMAIL PROTECTED]
Date: Tue Jun 3 11:18:44 2008 -0500
winbindd_cm: Replace the use of lp_realm() with our_domain-alt_name.
Reduce the use of config parameters with run time information after
discussion
with Guenther.
commit 7c96795e5954b6a716beb6f5a30d6c7bb1647717
Author: Gerald W. Carter [EMAIL PROTECTED]
Date: Tue May 27 16:27:21 2008 -0500
Release scripts: Update create-tarball to include docs and other packaging
details.
I've updated the create-tarball script to support command line options,
docs build (or copy and existing build), and to run the packaging update
scripts.
$ release-scripts/create-tarball --help
Usage release-scripts/create-tarball [options]
--help Print command usage
--branch nameSpecify the branch to to create the archive file
from
--copy-docs dir Copy documentation from dir rather than building
--tag name Tag name for release
--keyid emailThe GnuPG key ID used to sign the release tag
---
Summary of changes:
release-scripts/create-tarball | 314
source/winbindd/winbindd_cm.c |8 +-
2 files changed, 226 insertions(+), 96 deletions(-)
Changeset truncated at 500 lines:
diff --git a/release-scripts/create-tarball b/release-scripts/create-tarball
index a689e69..3463f01 100755
--- a/release-scripts/create-tarball
+++ b/release-scripts/create-tarball
@@ -1,98 +1,222 @@
#!/bin/bash
-TOPDIR=`dirname $0`/..
+## option defaults
+OPT_BRANCH=
+OPT_DOCSDIR=
+OPT_TAG=
+OPT_KEYID=
-cd $TOPDIR
-
-echo -n Please enter branch to cut tarball from:
-read branch
-
-if [ x$branch = x ]; then
- echo You must enter a name! Exiting
- exit 1
-fi
-
-git-checkout $branch
-if [ $? -ne 0 ]; then
- echo Invalid branch name! Exiting
- exit 2
-fi
-
-VER_H=source/include/version.h
-(cd source ./script/mkversion.sh)
-
-if [ ! -f $VER_H ]; then
- echo Failed to find $VER_H! Exiting
- exit 1
-fi
-
-version=`grep SAMBA_VERSION_OFFICIAL_STRING $VER_H | awk '{print $3}'`
-vendor_version=`grep SAMBA_VERSION_VENDOR_SUFFIX $VER_H | awk '{print $3}'`
-if [ -n $vendor_version ]; then
-version=$version-$vendor_version
-fi
-version=`echo $version | sed 's/\//g'`
-
-echo Creating release tarball for Samba $version
-
-/bin/rm -rf ../samba-${version}
-git-archive --format=tar --prefix=samba-${version}/ HEAD | (cd .. tar xf -)
-
-pushd ../samba-${version}
-
-echo Enter the absolute path to the generated Samba docs directory.
-echo -n Just hit return to exclude the docs from the generate tarball:
-read docsdir
-
-if [ x$docsdir != x ]; then
- if [ ! -d $docsdir ]; then
- echo $docsdir does not exist! Exiting
- exit 1
- fi
-
- /bin/rm -rf docs
- mkdir docs
- rsync -a --exclude=.svn $docsdir/ docs/
-
- cd docs
- /bin/rm -rf test.pdf Samba4*pdf htmldocs/Samba4* htmldocs/test
- /bin/mv manpages-3 manpages
- /bin/mv htmldocs/manpages-3 htmldocs/manpages
- cd ..
-fi
-
-cd source
-./autogen.sh
-cd ..
-
-cd ..
-tar cf samba-${version}.tar --exclude=.git* --exclude=CVS --exclude=.svn
samba-${version}
-gpg --detach-sign --armor samba-${version}.tar
-gzip -9 samba-${version}.tar
-
-popd
-echo -n Enter tag name (or hit enter to skip):
-read tagname
-
-if [ x$tagname != x ]; then
- if [ x`git-tag -l $tagname` != x ]; then
- echo -n Tag exists. Do you wish to overwrite? (y/N):
- read answer
-
- if [ x$answer != xy ]; then
-echo Tag creation aborted.
-exit 1
- fi
- fi
-
- echo -n Enter the keyid:
- read keyid
- if [ x$keyid = x ];then
- echo no keyid
- exit 1
- fi
- git-tag -u $keyid ${tagname}
-fi
-
-echo Done!
-exit 0
+TOPDIR=`dirname $0`/..
+VER_H=${TOPDIR}/source/include/version.h
+
+function exitOnError
+{
+local _error=$1
+local _msg=$2
+
+if [ ${_error} -eq 0 ]; then
+ return 0
+fi
+
+echo FAILURE: ${_msg}
+exit ${_error}
+}
+
+##
+## Print help usage
+##
+
+function printUsage
+{
+echo Usage $0 [options]
+echo --help Print command usage
+echo --branch nameSpecify the branch to to create the archive
file from
+echo --copy-docs dir Copy documentation from dir rather than
building
+echo --tag name Tag name for release
+echo --keyid emailThe GnuPG key ID used to sign the release tag
+echo
+}
+
+##
+## Parse the command
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-2718-g62fcad0
The branch, v3-3-test has been updated
via 62fcad0c0548ab53e9c20cfd6301972c68172b95 (commit)
via 06b597213a25c3370d3b7e29cf80ddd42fa35e0c (commit)
from 57d596395db287301eefd34e62c9aaf857c34c69 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -
commit 62fcad0c0548ab53e9c20cfd6301972c68172b95
Author: Günther Deschner [EMAIL PROTECTED]
Date: Tue Jun 3 20:41:55 2008 +0200
build: fix build warning.
Guenther
commit 06b597213a25c3370d3b7e29cf80ddd42fa35e0c
Author: Günther Deschner [EMAIL PROTECTED]
Date: Tue Jun 3 20:41:29 2008 +0200
build: fix the build (missing protoype for lp_ldap_connection_timeout()).
Guenther
---
Summary of changes:
source/include/proto.h |1 +
source/lib/smbldap.c |2 +-
2 files changed, 2 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/include/proto.h b/source/include/proto.h
index 761c720..e8a2b69 100644
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -5829,6 +5829,7 @@ int lp_ldap_passwd_sync(void);
bool lp_ldap_delete_dn(void);
int lp_ldap_replication_sleep(void);
int lp_ldap_timeout(void);
+int lp_ldap_connection_timeout(void);
int lp_ldap_page_size(void);
int lp_ldap_debug_level(void);
int lp_ldap_debug_threshold(void);
diff --git a/source/lib/smbldap.c b/source/lib/smbldap.c
index c2c58c0..efe3a1b 100644
--- a/source/lib/smbldap.c
+++ b/source/lib/smbldap.c
@@ -694,7 +694,7 @@ int smb_ldap_setup_conn(LDAP **ldap_struct, const char *uri)
rc = ldap_set_option(*ldap_struct, LDAP_OPT_NETWORK_TIMEOUT,
ct);
if (rc != LDAP_SUCCESS) {
DEBUG(0,(Failed to setup an ldap connection timeout
%d: %s\n,
- ct.tv_sec, ldap_err2string(rc)));
+ (int)ct.tv_sec, ldap_err2string(rc)));
}
}
#endif
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-29-24-gad29a26
The branch, v3-0-test has been updated
via ad29a26c4226aa4d4a6a586413dcb0749bfea6b3 (commit)
from 7ffc312b493d95389266be180d38b8a35584d6d9 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test
- Log -
commit ad29a26c4226aa4d4a6a586413dcb0749bfea6b3
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Tue Jun 3 12:17:34 2008 -0700
Fix by Bo Yang [EMAIL PROTECTED] for bug with winbindd trusted domain chil
not keeping primary domain online status up to date.
Jeremy.
---
Summary of changes:
source/nsswitch/winbindd_dual.c | 22 --
1 files changed, 20 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/nsswitch/winbindd_dual.c b/source/nsswitch/winbindd_dual.c
index 7b79734..5ba68d6 100644
--- a/source/nsswitch/winbindd_dual.c
+++ b/source/nsswitch/winbindd_dual.c
@@ -886,6 +886,7 @@ static BOOL fork_domain_child(struct winbindd_child *child)
int fdpair[2];
struct winbindd_cli_state state;
struct winbindd_domain *domain;
+ struct winbindd_domain *primary_domain = NULL;
if (socketpair(AF_UNIX, SOCK_STREAM, 0, fdpair) != 0) {
DEBUG(0, (Could not open child pipe: %s\n,
@@ -965,10 +966,13 @@ static BOOL fork_domain_child(struct winbindd_child
*child)
}
/* Ensure we have no pending check_online events other
- than one for this domain. */
+ than one for this domain or the primary domain. */
for (domain = domain_list(); domain; domain = domain-next) {
- if (domain != child-domain) {
+ if (domain-primary) {
+ primary_domain = domain;
+ }
+ if ((domain != child-domain) !domain-primary) {
TALLOC_FREE(domain-check_online_event);
}
}
@@ -985,6 +989,20 @@ static BOOL fork_domain_child(struct winbindd_child *child)
set_domain_online_request(child-domain);
+ if (primary_domain != child-domain) {
+ /* We need to talk to the primary
+* domain as well as the trusted
+* domain inside a trusted domain
+* child.
+* See the code in :
+* winbindd_dual_pam_auth_samlogon()
+* especially the calling of
+* contact_domain = find_our_domain()
+* in the non-DC case for details.
+*/
+ set_domain_online_request(primary_domain);
+ }
+
child-lockout_policy_event = event_add_timed(
winbind_event_context(), NULL, timeval_zero(),
account_lockout_policy_handler,
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-2719-g6c80362
The branch, v3-3-test has been updated
via 6c80362e291d8c5e748b987a583e8e32acc36354 (commit)
from 62fcad0c0548ab53e9c20cfd6301972c68172b95 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -
commit 6c80362e291d8c5e748b987a583e8e32acc36354
Author: Volker Lendecke [EMAIL PROTECTED]
Date: Tue Jun 3 20:51:42 2008 +0200
Always set registry shares = yes for include = registry
This fixes the case where include = registry is set in the smb.conf text
file
and *only* shares (no [global] settings) are present in the registry.
Michael, please check!
Thanks,
Volker
---
Summary of changes:
source/param/loadparm.c |6 +-
1 files changed, 5 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index ef6648a..1ce88df 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -6558,6 +6558,11 @@ static bool process_registry_globals(void)
goto done;
}
+ ret = do_parameter(registry shares, yes, NULL);
+ if (!ret) {
+ goto done;
+ }
+
if (!smbconf_share_exists(conf_ctx, GLOBAL_NAME)) {
/* nothing to read from the registry yet but make sure lp_load
* doesn't return false */
@@ -6575,7 +6580,6 @@ static bool process_registry_globals(void)
goto done;
}
- ret = do_parameter(registry shares, yes, NULL);
/* store the csn */
smbconf_changed(conf_ctx, conf_last_csn, NULL, NULL);
--
Samba Shared Repository
Build status as of Wed Jun 4 00:00:01 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-06-03 00:00:34.0 + +++ /home/build/master/cache/broken_results.txt 2008-06-04 00:00:09.0 + @@ -1,4 +1,4 @@ -Build status as of Tue Jun 3 00:00:02 2008 +Build status as of Wed Jun 4 00:00:01 2008 Build counts: Tree Total Broken Panic @@ -7,7 +7,7 @@ ctdb 0 0 0 distcc 1 0 0 ldb 33 12 0 -libreplace 32 12 0 +libreplace 31 12 0 lorikeet-heimdal 29 25 0 pidl 20 14 0 ppp 13 0 0 @@ -15,8 +15,8 @@ samba-docs 0 0 0 samba-gtk5 5 0 samba_3_2_test 33 20 0 -samba_4_0_test 31 24 0 -smb-build30 6 0 +samba_4_0_test 31 25 0 +smb-build31 5 0 talloc 33 6 0 tdb 33 12 0
[SCM] CTDB repository - branch master updated - 4948574f5a290434f3edd0c052cf13f3645deec4
The branch, master has been updated
via 4948574f5a290434f3edd0c052cf13f3645deec4 (commit)
from 181318fea6886c40d0aff02d0de777f28ffeddce (commit)
http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master
- Log -
commit 4948574f5a290434f3edd0c052cf13f3645deec4
Author: Ronnie Sahlberg [EMAIL PROTECTED]
Date: Wed Jun 4 10:46:20 2008 +1000
add a parameter for the tdb-flags to the client function
ctdb_attach() so that we can pass TDB_NOSYNC when we attach to
a persistent database and want fast unsafe writes instead of
slow but safe tdb_transaction writes.
enhance the ctdb_persistent test suite to test both safe and unsafe writes
---
Summary of changes:
client/ctdb_client.c|4 ++--
include/ctdb.h |2 +-
server/ctdb_recoverd.c |2 +-
tests/ctdb_bench.c |2 +-
tests/ctdb_fetch.c |2 +-
tests/ctdb_persistent.c | 14 --
tests/ctdb_randrec.c|2 +-
tests/ctdb_store.c |2 +-
tests/ctdb_traverse.c |2 +-
tests/persistent.sh | 22 +-
tools/ctdb.c|4 ++--
tools/ctdb_vacuum.c |4 ++--
12 files changed, 46 insertions(+), 16 deletions(-)
Changeset truncated at 500 lines:
diff --git a/client/ctdb_client.c b/client/ctdb_client.c
index 921392c..04befd0 100644
--- a/client/ctdb_client.c
+++ b/client/ctdb_client.c
@@ -1640,7 +1640,7 @@ static int ctdb_fetch_func(struct ctdb_call_info *call)
/*
attach to a specific database - client call
*/
-struct ctdb_db_context *ctdb_attach(struct ctdb_context *ctdb, const char
*name, bool persistent)
+struct ctdb_db_context *ctdb_attach(struct ctdb_context *ctdb, const char
*name, bool persistent, uint32_t tdb_flags)
{
struct ctdb_db_context *ctdb_db;
TDB_DATA data;
@@ -1663,7 +1663,7 @@ struct ctdb_db_context *ctdb_attach(struct ctdb_context
*ctdb, const char *name,
data.dsize = strlen(name)+1;
/* tell ctdb daemon to attach */
- ret = ctdb_control(ctdb, CTDB_CURRENT_NODE, 0,
+ ret = ctdb_control(ctdb, CTDB_CURRENT_NODE, tdb_flags,
persistent?CTDB_CONTROL_DB_ATTACH_PERSISTENT:CTDB_CONTROL_DB_ATTACH,
0, data, ctdb_db, data, res, NULL, NULL);
if (ret != 0 || res != 0 || data.dsize != sizeof(uint32_t)) {
diff --git a/include/ctdb.h b/include/ctdb.h
index 95d3f2f..ecbe957 100644
--- a/include/ctdb.h
+++ b/include/ctdb.h
@@ -185,7 +185,7 @@ int ctdb_start_daemon(struct ctdb_context *ctdb, bool
do_fork);
/*
attach to a ctdb database
*/
-struct ctdb_db_context *ctdb_attach(struct ctdb_context *ctdb, const char
*name, bool persistent);
+struct ctdb_db_context *ctdb_attach(struct ctdb_context *ctdb, const char
*name, bool persistent, uint32_t tdb_flags);
/*
find an attached ctdb_db handle given a name
diff --git a/server/ctdb_recoverd.c b/server/ctdb_recoverd.c
index 9a33819..30b121c 100644
--- a/server/ctdb_recoverd.c
+++ b/server/ctdb_recoverd.c
@@ -866,7 +866,7 @@ static void vacuum_fetch_handler(struct ctdb_context *ctdb,
uint64_t srvid,
}
/* attach to it */
- ctdb_db = ctdb_attach(ctdb, name, persistent);
+ ctdb_db = ctdb_attach(ctdb, name, persistent, 0);
if (ctdb_db == NULL) {
DEBUG(DEBUG_ERR,(__location__ Failed to attach to database
'%s'\n, name));
talloc_free(tmp_ctx);
diff --git a/tests/ctdb_bench.c b/tests/ctdb_bench.c
index c14ef2b..2d6b3ab 100644
--- a/tests/ctdb_bench.c
+++ b/tests/ctdb_bench.c
@@ -201,7 +201,7 @@ int main(int argc, const char *argv[])
cluster_ready);
/* attach to a specific database */
- ctdb_db = ctdb_attach(ctdb, test.tdb, false);
+ ctdb_db = ctdb_attach(ctdb, test.tdb, false, 0);
if (!ctdb_db) {
printf(ctdb_attach failed - %s\n, ctdb_errstr(ctdb));
exit(1);
diff --git a/tests/ctdb_fetch.c b/tests/ctdb_fetch.c
index 56eb244..2cc51d5 100644
--- a/tests/ctdb_fetch.c
+++ b/tests/ctdb_fetch.c
@@ -219,7 +219,7 @@ int main(int argc, const char *argv[])
cluster_ready);
/* attach to a specific database */
- ctdb_db = ctdb_attach(ctdb, test.tdb, false);
+ ctdb_db = ctdb_attach(ctdb, test.tdb, false, 0);
if (!ctdb_db) {
printf(ctdb_attach failed - %s\n, ctdb_errstr(ctdb));
exit(1);
diff --git a/tests/ctdb_persistent.c b/tests/ctdb_persistent.c
index b98e662..7bd4ab8 100644
--- a/tests/ctdb_persistent.c
+++ b/tests/ctdb_persistent.c
@@ -167,11 +167,12 @@ int main(int argc, const char *argv[])
{
struct ctdb_context *ctdb;
struct ctdb_db_context *ctdb_db;
-
+ int unsafe_writes = 0;
struct poptOption popt_options[] = {
[SCM] CTDB repository - branch master updated - b87fab857bc9b3537527be93b7f68484502d6b84
The branch, master has been updated
via b87fab857bc9b3537527be93b7f68484502d6b84 (commit)
via 86d6f53512d358ff68b58dac737ffa7576c3cce6 (commit)
from 4948574f5a290434f3edd0c052cf13f3645deec4 (commit)
http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master
- Log -
commit b87fab857bc9b3537527be93b7f68484502d6b84
Author: Ronnie Sahlberg [EMAIL PROTECTED]
Date: Wed Jun 4 15:23:06 2008 +1000
fix a comment
note that we dont actually send the ipv6 gratious arp on the wire just
yet.
(since ipv6 doesnt use arp)
but all the infrastructure is there when we implement sending raw
neig.disc. packets
commit 86d6f53512d358ff68b58dac737ffa7576c3cce6
Author: Ronnie Sahlberg [EMAIL PROTECTED]
Date: Wed Jun 4 15:13:00 2008 +1000
convert handling of gratious arps and their controls and helpers to
use the ctdb_sock_addr structure so tehy work for both ipv4 and ipv6
---
Summary of changes:
client/ctdb_client.c | 10 ++--
common/ctdb_util.c | 19 ++
common/system_aix.c|2 +-
common/system_linux.c | 160
include/ctdb_private.h | 19 +-
server/ctdb_takeover.c | 43 +
tools/ctdb.c |9 +--
7 files changed, 155 insertions(+), 107 deletions(-)
Changeset truncated at 500 lines:
diff --git a/client/ctdb_client.c b/client/ctdb_client.c
index 04befd0..fd9003d 100644
--- a/client/ctdb_client.c
+++ b/client/ctdb_client.c
@@ -2385,27 +2385,27 @@ int ctdb_ctrl_killtcp(struct ctdb_context *ctdb,
int ctdb_ctrl_gratious_arp(struct ctdb_context *ctdb,
struct timeval timeout,
uint32_t destnode,
- struct sockaddr_in *sin,
+ ctdb_sock_addr *addr,
const char *ifname)
{
TDB_DATA data;
int32_t res;
int ret, len;
- struct ctdb_control_ip_iface *gratious_arp;
+ struct ctdb_control_gratious_arp *gratious_arp;
TALLOC_CTX *tmp_ctx = talloc_new(ctdb);
len = strlen(ifname)+1;
gratious_arp = talloc_size(tmp_ctx,
- offsetof(struct ctdb_control_ip_iface, iface) + len);
+ offsetof(struct ctdb_control_gratious_arp, iface) + len);
CTDB_NO_MEMORY(ctdb, gratious_arp);
- gratious_arp-sin = *sin;
+ gratious_arp-addr = *addr;
gratious_arp-len = len;
memcpy(gratious_arp-iface[0], ifname, len);
- data.dsize = offsetof(struct ctdb_control_ip_iface, iface) + len;
+ data.dsize = offsetof(struct ctdb_control_gratious_arp, iface) + len;
data.dptr = (unsigned char *)gratious_arp;
ret = ctdb_control(ctdb, destnode, 0, CTDB_CONTROL_SEND_GRATIOUS_ARP,
0, data, NULL,
diff --git a/common/ctdb_util.c b/common/ctdb_util.c
index cb53511..a92a53f 100644
--- a/common/ctdb_util.c
+++ b/common/ctdb_util.c
@@ -371,6 +371,25 @@ bool parse_ip_port(const char *addr, ctdb_sock_addr *saddr)
}
/*
+ parse an ip
+ */
+bool parse_ip(const char *addr, ctdb_sock_addr *saddr)
+{
+ char *p;
+ bool ret;
+
+ /* now is this a ipv4 or ipv6 address ?*/
+ p = index(addr, ':');
+ if (p == NULL) {
+ ret = parse_ipv4(addr, 0, saddr);
+ } else {
+ ret = parse_ipv6(addr, 0, saddr);
+ }
+
+ return ret;
+}
+
+/*
parse a ip/mask pair
*/
bool parse_ip_mask(const char *s, struct sockaddr_in *ip, unsigned *mask)
diff --git a/common/system_aix.c b/common/system_aix.c
index d455ac7..8742a39 100644
--- a/common/system_aix.c
+++ b/common/system_aix.c
@@ -220,7 +220,7 @@ int ctdb_sys_close_capture_socket(void *private_data)
saddr is the address we are trying to claim
iface is the interface name we will be using to claim the address
*/
-int ctdb_sys_send_arp(const struct sockaddr_in *saddr, const char *iface)
+int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface)
{
/* We dont do grat arp on aix yet */
return 0;
diff --git a/common/system_linux.c b/common/system_linux.c
index fb50c6b..32db545 100644
--- a/common/system_linux.c
+++ b/common/system_linux.c
@@ -36,7 +36,7 @@
saddr is the address we are trying to claim
iface is the interface name we will be using to claim the address
*/
-int ctdb_sys_send_arp(const struct sockaddr_in *saddr, const char *iface)
+int ctdb_sys_send_arp(const ctdb_sock_addr *addr, const char *iface)
{
int s, ret;
struct sockaddr sa;
@@ -48,92 +48,94 @@ int ctdb_sys_send_arp(const struct sockaddr_in *saddr,
const char *iface)
ZERO_STRUCT(sa);
- /* for now, we only handle AF_INET addresses */
- if (saddr-sin_family != AF_INET) {
- DEBUG(DEBUG_CRIT,(__location__ not an ipv4 address (family is
%u)\n, saddr-sin_family));
-
