Re: [Samba] machine password changed in secrets.tdb

[Rajesh Ghanekar]

I tested this further and its initiated by
machine password timeout option in
smb.conf which is 7 days default.

Brajesh Shrivastava wrote:

Any reply to this mail?


On 18 June 2010 14:19, Rajesh Ghanekar rajesh_ghane...@symantec.com 
mailto:rajesh_ghane...@symantec.com wrote:


Hi,
  I see my machine password change in secrets.tdb. I am not sure
who initiated it.
But can this happen automatically after 7 days as mentioned in
following link
initiated by someone else (PDC), other than smbd/winbindd?

http://www.windowsnetworking.com/nt/registry/rtips295.shtml

 I am confused who changed it, but it got changed after 7 days.
Can PDC
ask smbd/winbindd to change this? Or it is initiated by smbd/winbindd?
But I see logs from winbindd that initiated the change after 7
days, but got
permission denied. Will the denied message cause the change to
be persistent
in secrets.tdb? I am unsure of this, too:

2010 Jun 14 18:34:00 xyz winbindd[31473]: [2010/06/14
18:34:00.040611,  0]
rpc_client/cli_netlogon.c:563(rpccli_netlogon_set_trust_password)
2010 Jun 14 18:34:00 xyz winbindd[31473]:  
rpccli_netr_ServerPasswordSet2 failed: NT_STATUS_ACCESS_DENIED



Here is krb5.conf:

# cat /etc/krb5.conf
[libdefaults]
   default_realm = XYZ.COM http://XYZ.COM

[realms]
XYZ.COM http://XYZ.COM = {
   kdc = xyz_ad
   admin_server = xyz_ad
   kpasswd_server = xyz_ad
   default_domain = XYZ.COM http://XYZ.COM
}

[domain_realm]
   .kerberos.server = XYZ.COM http://XYZ.COM

[logging]
   default = SYSLOG:NOTICE:DAEMON
   kdc = FILE:/var/log/kdc.log
   kadmind = FILE:/var/log/kadmind.log

[appdefaults]
   pam = {
   ticket_lifetime = 3d
   renew_lifetime = 7d
   forwardable = true
   proxiable = false
   retain_after_close = false
   minimum_uid = 0
   debug = false
   }

Thanks,
Rajesh

-- 
To unsubscribe from this list go to the following URL and read the

instructions:  https://lists.samba.org/mailman/options/samba




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Blocking workgroup discovery

[Tjerk Jan Vonk]

Hi all,

At my work I`ve set up a VPN. When I connect to it, my colleagues see 
all the workgroups from my side of the VPN (I live on a campus with ~50 
workgroups). Do you know how I block the workgroup discovery on through 
the VPN gateway? Is the broadcast done on a specific port? Is samba 
actively repeating the broadcast and their replies?


Greetings

Tjerk Jan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Windows 7 and windows server 2008 unable to join domain

[Frank Bonnet]

Hello

We are running samba 3.5.2 and we are in trouble with windows 7 and 
windows server 2008 that cannot join Samba PDC domain.


Any infos / links welcome

Thank you
F
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows 7 and windows server 2008 unable to join domain

[Tom Reijnders]

google of 'samba windows 7 domain', the first link is the one you want:

http://wiki.samba.org/index.php/Windows7

Op 24-6-2010 11:38, Frank Bonnet schreef:

Hello

We are running samba 3.5.2 and we are in trouble with windows 7 and 
windows server 2008 that cannot join Samba PDC domain.


Any infos / links welcome

Thank you
F


--
--

Tom Reijnders
TOR Informatica
Chopinlaan 27
5242HM Rosmalen
Tel: 073 5226191
Fax: 073 5226196


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba transfer rate slower than ftp

[Francois Lepretre]

Le 23/06/2010 21:01, Jeremy Allison a écrit :

On Wed, Jun 23, 2010 at 12:26:04PM +0200, Francois Lepretre wrote:

Hello,

I have a file server under Debian Lenny, with a 41TB file system (XFS,
24 x 2TB hard drives on RAID 6 on an Areca card)

Reading files with ftp works like a charm and we easily reach the 125
MB/s limit of the GB ethernet card.

But when reading files (on the same clients) from a samba share, we get
around 60 MB/s.
Clients are Windows XP 64 and Seven 64 and show the same performances.


An interesting question. Do you see different performance
between the XP and Win7 clients ? I know you say the same
performance above, but have you looked closely at this ?



Honestly I did not look too closely. The Win7 clients might look a 
little bit faster, like a few extra MB/s during transfer compared to XP 
clients, but this might be due to hardware, more recent on Win7 hosts.


I'll try to produce detailed numbers later...

Thanks,

Francois


Jeremy


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba migration from PDC tdbsam to BDC tdbsam

[Hubert Choma]

Hello

According to my post samba migration to another distro llinux on samba 
lists I would like to make migration of samba from one machine to 
another.

I can't find information how to transfer accounts,policies,users,domain 
SID and other options from PDC (tdbsam backend)(current server) to BDC 
(tdbsam backend)future server.
I found some info but its about migration from tdbsam to LDAP. I don't 
use LDAP.

Could you explain me how to do it step by step ?


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Blocking workgroup discovery

[Gaiseric Vandal]

I think, by the fundamental nature of how networking protocols work, that
broadcasts do not pass through routers -  although with a VPN it may be a
little different.


However, I have the same situation.  A Windows server on the host network
shows my home workgroup in the network neighborhood.  However I can't see
my home computer listed in it.  If I know the ip of my home computer I can
use net use \\x.x.x.x to get to shares on it.  


My VPN client (sonicwall) has a virtual network interface that gets an IP
from the same class C range as the host network.  From the perspective of
the samba server, my home PC is on the local work network.  The VPN
configuration on the server includes an option Enable Windows Networking
(NetBIOS) Broadcast - disabled -  I am not sure if that means NBT (NetBios
over TCP/IP) or the really old NetBEUI (remember Windows for Workgroups?)
VPN Clients are not using WINS -  I thought this would fix the issues but it
didn't.  The Samba server is not the WINS server but it is (or should be)
the master browser.

I don't know if this means that my host PC has registered with the browser
on the samba server OR if broadcasts initiated by my host PC on the VPN
virtual network interface are passing through the VPN.My local PC's
Network Neighborhood only shows its own workgroup, not the corporate one or
other VPN users.   Maybe I can adjust my Windows firewall setting to block
outgoing netbios.

  






-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org]
On Behalf Of Tjerk Jan Vonk
Sent: Thursday, June 24, 2010 5:24 AM
To: samba@lists.samba.org
Subject: [Samba] Blocking workgroup discovery

Hi all,

At my work I`ve set up a VPN. When I connect to it, my colleagues see 
all the workgroups from my side of the VPN (I live on a campus with ~50 
workgroups). Do you know how I block the workgroup discovery on through 
the VPN gateway? Is the broadcast done on a specific port? Is samba 
actively repeating the broadcast and their replies?

Greetings

Tjerk Jan
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba PDC and big files

[Pedro Rafael Alves Simoes]

Hello,

I'm trying to setup a PDC with Samba, but I have the known problem of the
roaming profiles: big files. I think it's difficult to guarantee that a
inexperienced user will copy is downloaded files, documents, or whatever,
to a H:\ share instead of is handy desktop. Other problem is the files of
Outlook or Thunderbird that can get big. The goal is to avoid email
configuration each time the user changes to another workstation, so I can't
configure the email client to store the files locally on the workstation.

Could someone give me some lights in how I can circumvent this problem?

Thanks.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba winbind problem with trusted domains

[*...@ppu]

Hi TMS,

thanks for your reply .Those are trusted domains and wbinfo-m is showing all
the trusted domains.

Anyways I have resolved the problem with Likewise open backend
authentication tool. :) . But now I am facing another problem . i am not
able to access samba shares using netbios name even with full machine FQDN
wherears it is accessible with IP address. can you please help me 



On Wed, Jun 23, 2010 at 6:16 PM, t...@tms3.com wrote:




 On Wednesday 23/06/2010 at 12:12 am, *...@ppu wrote:

 hi all

 i am new to samba and struggling with trusted domains authentication from
 many days .i have a win2k3 domain(corp.raju.ad )and win2k8 domain (
 testraju.ad) .

 i have joined samba server as a member to win2k8 domain (testraju.ad)
 using
 net ads join commands /

 i m able to access samba shares using testraju.ad user ID's successfully ,
 while authenticating with corp.raju.ad users i m unable to.log is
 showing as NT_STATUS NO_SUCH USER

 In such situations, the forrest testaju.ad must have a trust with
 corp.raju.ad, which would be controlled by the Windoze DC's.  Samba NT
 style domain trusts are not applicable to member servers.  Member servers
 are little more than domain joined machines.

 Cheers,

 TMS III



 follwing is my smb.conf file


 [global]
  log file = /var/log/samba/%m
  load printers = yes
  idmap gid = 600-200
  interfaces = 127.0.0.1 eth0
  encrypt passwords = yes
  realm = testraju.ad
  winbind use default domain = true
  template shell = /bin/bash
  netbios name = slclinuxfs001
  winbind enum users = no
  idmap uid = 600-200
  password server = hsttestadc001.testraju.ad
  winbind nested groups = YeS
  workgroup = test
  winbind enum groups = no
  security = ADS
  max log size = 5
  bind interfaces only = true
  log level = 3


 #winbind separator = \


 [raju]
  comment = test share
  path = /tmp/raju
  browsable = yes
  available = yes
  writable = yes
  readonly = no
  valid users = @RAJU\domain users @TEST\domain users



 wbinfo -m is listing all trusted domains .

 i m able to authenticate trusted domain user with wbinfo
 --authenticate=raju\\pa72635%password (2 back slashes)


 i have enabled logging on and following is the client log when i access
 with trusted domain user ID .


 [2010/06/23 12:47:38.010714, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user
 []...@[hicmbsa001] with the new password interface
 [2010/06/23 12:47:38.010761, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [slclinuxfs001]...@[hicmbsa001]
 [2010/06/23 12:47:38.011642, 3] smbd/sec_ctx.c:210(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
 [2010/06/23 12:47:38.011670, 3] smbd/uid.c:429(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
 [2010/06/23 12:47:38.011709, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
 [2010/06/23 12:47:38.011812, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
 [2010/06/23 12:47:38.011921, 3] smbd/sec_ctx.c:210(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
 [2010/06/23 12:47:38.011946, 3] smbd/uid.c:429(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
 [2010/06/23 12:47:38.011969, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
 [2010/06/23 12:47:38.012000, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
 [2010/06/23 12:47:38.012286, 3] auth/auth.c:265(check_ntlm_password)
check_ntlm_password: guest authentication for user [] succeeded
 [2010/06/23 12:47:38.082054, 3] smbd/sec_ctx.c:210(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
 [2010/06/23 12:47:38.082095, 3] smbd/uid.c:429(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
 [2010/06/23 12:47:38.082119, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
 [2010/06/23 12:47:38.082356, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
 [2010/06/23 12:47:38.082422, 3] lib/privileges.c:63(get_privileges)
get_privileges: No privileges assigned to SID
 [S-1-5-21-2180847254-3007464121-335579984-501]
 [2010/06/23 12:47:38.082464, 3] lib/privileges.c:63(get_privileges)
get_privileges: No privileges assigned to SID [S-1-5-2]
 [2010/06/23 12:47:38.082503, 3] lib/privileges.c:63(get_privileges)
get_privileges: No privileges assigned to SID [S-1-5-32-546]
 [2010/06/23 12:47:38.082587, 3]
 libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init)
NTLMSSP Sign/Seal - Initialising with flags:
 [2010/06/23 12:47:38.082624, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0xa2088205
 [2010/06/23 12:47:38.082676, 3] 

Re: [Samba] Samba PDC and big files

[tms3]

--- Original message ---
Subject: [Samba] Samba PDC and big files
From: Pedro Rafael Alves Simoes pedro.a.sim...@gmail.com
To: samba@lists.samba.org
Date: Thursday, 24/06/2010  5:03 AM

Hello,

I'm trying to setup a PDC with Samba, but I have the known problem of 
the
roaming profiles: big files. I think it's difficult to guarantee that 
a
inexperienced user will copy is downloaded files, documents, or 
whatever,
to a H:\ share instead of is handy desktop. Other problem is the files 
of

Outlook or Thunderbird that can get big. The goal is to avoid email
configuration each time the user changes to another workstation, so I 
can't
configure the email client to store the files locally on the 
workstation.


Could someone give me some lights in how I can circumvent this 
problem?


BOFH's Guide to Electrified Keyboards:  101 Tips and tricks to train 
your users.


Cheers,

TMS III

P.S. for email imap is a good idea.




Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba PDC and big files

[John H Terpstra]

On 06/24/2010 07:04 AM, Pedro Rafael Alves Simoes wrote:
 Hello,
 
 I'm trying to setup a PDC with Samba, but I have the known problem of the
 roaming profiles: big files. I think it's difficult to guarantee that a
 inexperienced user will copy is downloaded files, documents, or whatever,
 to a H:\ share instead of is handy desktop. Other problem is the files of
 Outlook or Thunderbird that can get big. The goal is to avoid email
 configuration each time the user changes to another workstation, so I can't
 configure the email client to store the files locally on the workstation.
 
 Could someone give me some lights in how I can circumvent this problem?
 
 Thanks.

You need folder redirection.  Read chapter 5 of my book
Samba3-ByExample http://www.samba.org/samba/docs/Samba3-ByExample.pdf

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Blocking workgroup discovery

[tms3]

SNIP


I don't know if this means that my host PC has registered with the 
browser
on the samba server OR if broadcasts initiated by my host PC on the 
VPN
virtual network interface are passing through the VPN.My local 
PC's
Network Neighborhood only shows its own workgroup, not the corporate 
one or
other VPN users.   Maybe I can adjust my Windows firewall setting to 
block

outgoing netbios.


Block port 137 to VPN clients.











-Original Message-
From: samba-boun...@lists.samba.org 
[mailto:samba-boun...@lists.samba.org]

On Behalf Of Tjerk Jan Vonk
Sent: Thursday, June 24, 2010 5:24 AM
To: samba@lists.samba.org
Subject: [Samba] Blocking workgroup discovery

Hi all,

At my work I`ve set up a VPN. When I connect to it, my colleagues see
all the workgroups from my side of the VPN (I live on a campus with 
~50
workgroups). Do you know how I block the workgroup discovery on 
through

the VPN gateway? Is the broadcast done on a specific port? Is samba
actively repeating the broadcast and their replies?

Greetings

Tjerk Jan
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba winbind problem with trusted domains

[tms3]

SNIP



thanks for your reply .Those are trusted domains and wbinfo-m is 
showing all the trusted domains.


Anyways I have resolved the problem with Likewise open backend 
authentication tool. :) . But now I am facing another problem . i am 
not able to access samba shares using netbios name





Is netbios active on windows machines?  How is netbios being handled


even with full machine FQDN wherears it is accessible with IP address.

Is the samba machine in DNS?  ping myserver.mydomain.extention


can you please help me 




On Wed, Jun 23, 2010 at 6:16 PM, t...@tms3.com wrote:






On Wednesday 23/06/2010 at 12:12 am, *...@ppu  wrote:

hi all

i am new to samba and struggling with trusted domains authentication 
from

many days .i have a win2k3 domain(corp.raju.ad )and win2k8 domain (
testraju.ad) .

i have joined samba server as a member to win2k8 domain (testraju.ad) 
using

net ads join commands /

i m able to access samba shares using testraju.ad user ID's 
successfully ,

while authenticating with corp.raju.ad users i m unable to.log is
showing as NT_STATUS NO_SUCH USER


In such situations, the forrest testaju.ad must have a trust with 
corp.raju.ad, which would be controlled by the Windoze DC's.  Samba NT 
style domain trusts are not applicable to member servers.  Member 
servers are little more than domain joined machines.


Cheers,

TMS III




follwing is my smb.conf file


[global]
   log file = /var/log/samba/%m
   load printers = yes
   idmap gid = 600-200
   interfaces = 127.0.0.1 eth0
   encrypt passwords = yes
   realm = testraju.ad
   winbind use default domain = true
   template shell = /bin/bash
   netbios name = slclinuxfs001
   winbind enum users = no
   idmap uid = 600-200
   password server = hsttestadc001.testraju.ad
   winbind nested groups = YeS
   workgroup = test
   winbind enum groups = no
   security = ADS
   max log size = 5
   bind interfaces only = true
   log level = 3


#winbind separator = \


[raju]
   comment = test share
   path = /tmp/raju
   browsable = yes
   available = yes
   writable = yes
   readonly = no
   valid users = @RAJU\domain users @TEST\domain users



wbinfo -m is listing all trusted domains .

i m able to authenticate trusted domain user with wbinfo
--authenticate=raju\\pa72635%password (2 back slashes)


i have enabled logging on and following is the client log  when i 
access

with trusted domain user ID .


[2010/06/23 12:47:38.010714,  3] auth/auth.c:216(check_ntlm_password)
   check_ntlm_password:  Checking password for unmapped user
[]...@[hicmbsa001] with the new password interface
[2010/06/23 12:47:38.010761,  3] auth/auth.c:219(check_ntlm_password)
   check_ntlm_password:  mapped user is: 
[slclinuxfs001]...@[hicmbsa001]

[2010/06/23 12:47:38.011642,  3] smbd/sec_ctx.c:210(push_sec_ctx)
   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.011670,  3] smbd/uid.c:429(push_conn_ctx)
   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/23 12:47:38.011709,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.011812,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.011921,  3] smbd/sec_ctx.c:210(push_sec_ctx)
   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.011946,  3] smbd/uid.c:429(push_conn_ctx)
   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/23 12:47:38.011969,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.012000,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.012286,  3] auth/auth.c:265(check_ntlm_password)
   check_ntlm_password: guest authentication for user [] succeeded
[2010/06/23 12:47:38.082054,  3] smbd/sec_ctx.c:210(push_sec_ctx)
   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.082095,  3] smbd/uid.c:429(push_conn_ctx)
   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/23 12:47:38.082119,  3] smbd/sec_ctx.c:310(set_sec_ctx)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/23 12:47:38.082356,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/06/23 12:47:38.082422,  3] lib/privileges.c:63(get_privileges)
   get_privileges: No privileges assigned to SID
[S-1-5-21-2180847254-3007464121-335579984-501]
[2010/06/23 12:47:38.082464,  3] lib/privileges.c:63(get_privileges)
   get_privileges: No privileges assigned to SID [S-1-5-2]
[2010/06/23 12:47:38.082503,  3] lib/privileges.c:63(get_privileges)
   get_privileges: No privileges assigned to SID [S-1-5-32-546]
[2010/06/23 

Re: [Samba] Samba PDC and big files

[Carl Werner]

Roaming profiles with folder redirection...

Regards

Carl



t...@tms3.com wrote:







--- Original message ---
Subject: [Samba] Samba PDC and big files
From: Pedro Rafael Alves Simoes pedro.a.sim...@gmail.com
To: samba@lists.samba.org
Date: Thursday, 24/06/2010  5:03 AM

Hello,

I'm trying to setup a PDC with Samba, but I have the known problem of 
the

roaming profiles: big files. I think it's difficult to guarantee that a
inexperienced user will copy is downloaded files, documents, or 
whatever,
to a H:\ share instead of is handy desktop. Other problem is the 
files of

Outlook or Thunderbird that can get big. The goal is to avoid email
configuration each time the user changes to another workstation, so I 
can't
configure the email client to store the files locally on the 
workstation.


Could someone give me some lights in how I can circumvent this problem?


BOFH's Guide to Electrified Keyboards:  101 Tips and tricks to train 
your users.


Cheers,

TMS III

P.S. for email imap is a good idea.




Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] xp clients can't auth after reboot without smb restart

[delpheye]

On Wed, Jun 23, 2010 at 9:32 PM, John H Terpstra j...@samba.org wrote:

 On 06/23/2010 07:50 PM, delpheye wrote:
  On Wed, Jun 23, 2010 at 5:57 PM, t...@tms3.com wrote:
 
 
 
  SNIP
 
   NetBIOS Names Resolved By Broadcast
  --
  DOMAIN.COM  1C
  DOMAIN-FS
  DOMAIN.COM  1C
  DOMAIN.COM  1C
  DOMAIN-FS
  DOMAIN.COM  1C
 
  DOMAIN.COM is a bad netbios name.  I suggest something with 8 letters
 or
  numbers.  Samba 3.x does not use FQDN's.
 
 
  DOMAIN.COM is what I have specified as the workgroup only.  the netbios
 name
  in smb.conf is is just the machine's hostname only.  Is there somewhere
 else
  I should be looking to change the netbios name?

 Wrong! Both the machine _AND_ the workgroup name are NetBIOS names.

 - John T.


I changed the workgroup name from domain.com to domain, but that didn't
alter the results of trying to map the share without restarting samba.


 
  nbtstat -RR:
 
  The NetBIOS names registered by this computer have been refreshed.
 
  net use y: \\domain-fs\business
  Enter the user name for 'domain-fs': username
  Enter the password for domain-fs: xx
  System error 64 has occurred.
 
  The specified network name is no longer available.
 
 
 
 
 
 
 
 
 
  Matt
 
 
 
 
  On 06/22/2010 04:24 PM, delpheye wrote:
 
 
 
  On Tue, Jun 22, 2010 at 1:07 PM, Gaiseric Vandal 
  gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote:
 
 
   On 06/22/2010 01:55 PM, John Drescher wrote:
 
   An error occurred while reconnecting Z: to
   \\domain-fs\business
   Microsoft Windows Network: The specified network name is
   no longer available
   This connection has not been restored.
 
 
   Looks like a browsing problem to me. Try to reconnect using ip
   address
   instead of name.
 
   John
 
 
   Are you using WINS? I find that makes a lot of issues go away.
 
 
  I have wins support enabled in Samba and the following lines in
  nsswitch.conf:
 
  debug 1
 
  passwd: files ldap
  shadow: files ldap
  group: files ldap
  hosts: files wins dns
  bootparams: files
  ethers: files
  netmasks: files
  networks: files
  protocols: files
  rpc: files
  services: files
  netgroup: files ldap
  publickey: files
  automount: files ldap
  aliases: files
 
  Is that all there is to enabling WINS?
 
 
   -- To unsubscribe from this list go to the following URL and read
  the
   instructions: https://lists.samba.org/mailman/options/samba
 
 
 
  --
 
  To unsubscribe from this list go to the following URL and read the
  instructions: https://lists.samba.org/mailman/options/samba
 
  --
 
  To unsubscribe from this list go to the following URL and read the
  instructions: https://lists.samba.org/mailman/options/samba
 
 
 
 
 

 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba PDC and big files

[Natxo Asenjo]

On Thu, Jun 24, 2010 at 2:04 PM, Pedro Rafael Alves Simoes
pedro.a.sim...@gmail.com wrote:
 Hello,

 I'm trying to setup a PDC with Samba, but I have the known problem of the
 roaming profiles: big files. I think it's difficult to guarantee that a
 inexperienced user will copy is downloaded files, documents, or whatever,
 to a H:\ share instead of is handy desktop. Other problem is the files of
 Outlook or Thunderbird that can get big. The goal is to avoid email
 configuration each time the user changes to another workstation, so I can't
 configure the email client to store the files locally on the workstation.

1. Do not store mail locally, you will lose mail if you do. Use a
central imap server for instance, it's also much easier for backups;

2. I set the user's desktop to readonly with cacls in the logon
scripts, problem solved (get yourself management's approval before you
try this, explain why it is necessary). If they do not want to listen
to you then ...

3. use folder redirection. This is harder to do in a pure samba 3
environment than in AD, but it is certainly doable. Soon, with samba 4
we will have all the group policy goodies :-)

-- 
natxo
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] security = share

[JoséPF]

Hello,
Please, i need help with security mode = share.
i want to configure security = share and the parameter username = user in
a shared folder to avoid that everybody could access to it. f I have
understood correctly the manual, this configuration enables to access if the
password provided matches with the user`password. But when i try to access
returns this error:
smbclient //SERVER/Docs
Enter user's password: 
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.4.7]
Server not using user level security and no password supplied.
tree connect failed: NT_STATUS_WRONG_PASSWORD

I also tried:
smbclient -U user%passwd //SERVER/Docs
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.4.7]
Server not using user level security and no password supplied.
tree connect failed: NT_STATUS_WRONG_PASSWORD

smbclient -U user%passwd //SERVER/Docs -P
Failed to open /var/lib/samba/secrets.tdb
ERROR: Unable to open secrets database

sudo smbclient -U user%passwd //SERVER/Docs -P
ERROR: Unable to fetch machine password for SERVER$@ in domain WORKGROUP

If i change passdb backend = smbpasswd in GLOBAL options:

smbclient -U user%passwd //SERVER/Docs -P -e -A /etc/samba/smbpasswd
ERROR: Unable to open credentials file!

sudo smbclient -U user%passwd //SERVER/Docs -P -e -A 
/etc/samba/smbpasswd
ERROR: Unable to fetch machine password for SERVER$@ in domain WORKGROUP

My config:

testparm

Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.4.7]
smb: \ quit
j...@jose-laptop:~$ testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section [printers]
Processing section [print$]
Processing section [Docs]
Processing section [printers]
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
netbios name = SERVER
server string = %h server (Samba, Ubuntu)
map to guest = Bad User
client lanman auth = Yes
security = SHARE
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:*
%n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d

[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
browseable = No
browsable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers

[Docs]
comment = Documents
path = /home/user/Documentos/Docs
read only = No
username = user

smbtree

WORKGROUP
\\SERVERserver (Samba, Ubuntu)
\\SERVER\IPC$   IPC Service (server (Samba, 
Ubuntu))
\\SERVER\Docs   Documents
\\SERVER\print$ Printer Drivers

sudo pdbedit -Lw
nobody:65534:::[U
 
]:LCT-:
user:1000::CC63D87C86C99FF2FB25B31C84CF584A:[U  
   
]:LCT-4C23B25F:
smbguest:1001:::[U
 
]:LCT-:

Thanks in advance for your time
Regards
-- 
View this message in context: 
http://old.nabble.com/security-%3D-share-tp28986491p28986491.html
Sent from the Samba - General mailing list archive at Nabble.com.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] minor BUG? re: smbstatus, 'rlimit max'=xxx - msg=files on client; not server.

[Linda W]

When I run smbstatus, I have the impression it's giving me the status of the
smb server.

But the first thing that pops when I run it was:
rlimit_max: rlimit_max(1024) below minimum Windows limit (16384)

But this isn't really the case -- it's telling me my rlimit_max on the
linux-client I am running smbstatus on, not what 'rlimit max' is set to for
the server. 

Had me confused for a bit -- as my startup scripts have the open file 
params set
to 32K for the hard limit and 16K for the soft limit for smb -- and 
didn't know why

it wasn't reading that...

Until I started playing around with the limit in my shell where I was 
running
smbstatusthen I realized it was telling me the shell's limit -- not 
the samba

server's limit --

Is this desired behavior?
It seems a bit confusing.

Linda
(sw version 3.5.2).




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Anyone try 'ssh server and get Password for DOMAIN\USER:

[L. A. Walsh]

I'm trying to use 'ssh' as a domain user from a workstation into my
server.

When I ssh as a non-domain user, it doesn't tack on a domain (or workstation)
name, so it just works, but when I log in from from my Samba domain,
it tacks it on (and the linux security stuff doesn't like domain\ either.

Should the pam_winbind module be able to authenticate 
this type of user name against the domain?


If not, is there a module that does?

thanks,
linda

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Build status as of Thu Jun 24 06:00:02 2010

[build]

URL: http://build.samba.org/

--- /home/build/master/cache/broken_results.txt.old 2010-06-23 
00:00:03.0 -0600
+++ /home/build/master/cache/broken_results.txt 2010-06-24 00:00:03.0 
-0600
@@ -1,4 +1,4 @@
-Build status as of Wed Jun 23 06:00:02 2010
+Build status as of Thu Jun 24 06:00:02 2010
 
 Build counts:
 Tree Total  Broken Panic 
@@ -16,7 +16,7 @@
 samba_3_master 28 28 1 
 samba_3_next 28 28 4 
 samba_4_0_test 30 30 0 
-samba_4_0_waf 30 29 0 
+samba_4_0_waf 30 30 0 
 talloc   30 7  0 
 tdb  28 9  0 
 

[SCM] Samba Shared Repository - branch v3-5-test updated

[Karolin Seeger]

The branch, v3-5-test has been updated
   via  28f6e41... WHATSNEW: Start release notes for 3.5.5.
   via  6e2b68f... VERSION: Bump version number up to 3.5.5.
  from  9d9a9a0... s3-docs: Add missing whitespace.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -
commit 28f6e4144b092bd21f49ca989d36df19ce002231
Author: Karolin Seeger ksee...@samba.org
Date:   Thu Jun 24 08:15:24 2010 +0200

WHATSNEW: Start release notes for 3.5.5.

Karolin

commit 6e2b68fef3e0851e1564921d1c4285c8d4a9b550
Author: Karolin Seeger ksee...@samba.org
Date:   Thu Jun 24 08:13:33 2010 +0200

VERSION: Bump version number up to 3.5.5.

Karolin

---

Summary of changes:
 WHATSNEW.txt|   46 --
 source3/VERSION |2 +-
 2 files changed, 45 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 1be1572..19f8875 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,46 @@
=
+   Release Notes for Samba 3.5.5
+  , 2010
+   =
+
+
+This is the latest stable release of Samba 3.5.
+
+Major enhancements in Samba 3.5.5 include:
+
+  o 
+
+
+Changes since 3.5.4
+---
+
+
+
+
+##
+Reporting bugs  Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
+   =
Release Notes for Samba 3.5.4
   June 23, 2010
=
@@ -88,8 +130,8 @@ database (https://bugzilla.samba.org/).
 ==
 
 
-Release notes for older releases follow:
-
+--
+
 
=
Release Notes for Samba 3.5.3
diff --git a/source3/VERSION b/source3/VERSION
index 1cf36f2..0594c9d 100644
--- a/source3/VERSION
+++ b/source3/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=3
 SAMBA_VERSION_MINOR=5
-SAMBA_VERSION_RELEASE=4
+SAMBA_VERSION_RELEASE=5
 
 
 # Bug fix releases use a letter for the patch revision #


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-5-stable updated

[Karolin Seeger]

The branch, v3-5-stable has been updated
   via  160cbf1... WHATSNEW: Start release notes for 3.5.5.
   via  71301df... VERSION: Bump version number up to 3.5.5.
  from  fb5b75d... s3-docs: Add missing whitespace.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable


- Log -
commit 160cbf1d242617409977e87d12f4871625052d4d
Author: Karolin Seeger ksee...@samba.org
Date:   Thu Jun 24 08:15:24 2010 +0200

WHATSNEW: Start release notes for 3.5.5.

Karolin
(cherry picked from commit 28f6e4144b092bd21f49ca989d36df19ce002231)

commit 71301dff2e75033e849f95feb647365c4b9efd7a
Author: Karolin Seeger ksee...@samba.org
Date:   Thu Jun 24 08:13:33 2010 +0200

VERSION: Bump version number up to 3.5.5.

Karolin
(cherry picked from commit 6e2b68fef3e0851e1564921d1c4285c8d4a9b550)

---

Summary of changes:
 WHATSNEW.txt|   46 --
 source3/VERSION |2 +-
 2 files changed, 45 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 1be1572..19f8875 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,46 @@
=
+   Release Notes for Samba 3.5.5
+  , 2010
+   =
+
+
+This is the latest stable release of Samba 3.5.
+
+Major enhancements in Samba 3.5.5 include:
+
+  o 
+
+
+Changes since 3.5.4
+---
+
+
+
+
+##
+Reporting bugs  Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 3.5 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
+   =
Release Notes for Samba 3.5.4
   June 23, 2010
=
@@ -88,8 +130,8 @@ database (https://bugzilla.samba.org/).
 ==
 
 
-Release notes for older releases follow:
-
+--
+
 
=
Release Notes for Samba 3.5.3
diff --git a/source3/VERSION b/source3/VERSION
index 8eb0d1f..795463c 100644
--- a/source3/VERSION
+++ b/source3/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=3
 SAMBA_VERSION_MINOR=5
-SAMBA_VERSION_RELEASE=4
+SAMBA_VERSION_RELEASE=5
 
 
 # Bug fix releases use a letter for the patch revision #


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Matthias Dieter Wallnöfer]

The branch, master has been updated
   via  41cdcd5... s4:provision.ldif - fix the number of available RIDs
   via  fec489b... s4:provision.ldif - this Win2003 revision level seems 
always to be 9 on Windows Server 2008 machines
   via  64e19ef... s4:provision_users.ldif - change a group description to 
be correct
   via  560620a... s4:upgradeprovision - fix include order for ldb
   via  e228b67... s4/ldb: ldb_msg_el_map_remote() should rename the remote 
attribute names into local names as defined in simple_ldap_map.c.
   via  e88f37d... s4:setup/provision.reg - raise version to Windows Server 
2008 R2
   via  b172b7f... s4:libnet_join.c - always use LDB constants
  from  f34db12... Add parse_setjob_command() to make setting job state 
easier for users.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 41cdcd54b7b7e3fb70fdb220e74a1daf30e1891a
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Thu Jun 24 09:35:58 2010 +0200

s4:provision.ldif - fix the number of available RIDs

There should be 4611686014132422209 and not 4611686014132422109.

commit fec489bd8706a7dbb84589ff7f5da08550d86e78
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Thu Jun 24 09:23:32 2010 +0200

s4:provision.ldif - this Win2003 revision level seems always to be 9 on 
Windows Server 2008 machines

commit 64e19ef9fb85d31f9428a6714ce485de2704734b
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Thu Jun 24 09:14:24 2010 +0200

s4:provision_users.ldif - change a group description to be correct

commit 560620a53df66ddbaa273afc9db796fc7562b53d
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Thu Jun 24 09:06:49 2010 +0200

s4:upgradeprovision - fix include order for ldb

Patch originally posted on the list by Matthieu Patou.

commit e228b67e56ab63414055e64455a97ea0643803e2
Author: Endi S. Dewata edew...@redhat.com
Date:   Wed Jun 23 07:26:25 2010 -0500

s4/ldb: ldb_msg_el_map_remote() should rename the remote attribute names 
into local names as defined in simple_ldap_map.c.

commit e88f37daa068f7effe6f11b8ff8aeb79316e6632
Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de
Date:   Sun Mar 7 21:13:27 2010 +0100

s4:setup/provision.reg - raise version to Windows Server 2008 R2

commit b172b7f467e3c2968ec154fab38399b29ad63d9b
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Wed Jun 23 17:30:10 2010 +0200

s4:libnet_join.c - always use LDB constants

---

Summary of changes:
 source4/lib/ldb/ldb_map/ldb_map_outbound.c |   16 +++-
 source4/libnet/libnet_join.c   |   10 +-
 source4/scripting/bin/upgradeprovision |2 +-
 source4/setup/provision.ldif   |4 ++--
 source4/setup/provision.reg|2 +-
 source4/setup/provision_users.ldif |2 +-
 6 files changed, 25 insertions(+), 11 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/lib/ldb/ldb_map/ldb_map_outbound.c 
b/source4/lib/ldb/ldb_map/ldb_map_outbound.c
index 836aec9..17d77d7 100644
--- a/source4/lib/ldb/ldb_map/ldb_map_outbound.c
+++ b/source4/lib/ldb/ldb_map/ldb_map_outbound.c
@@ -219,6 +219,8 @@ static struct ldb_message_element 
*ldb_msg_el_map_remote(struct ldb_module *modu
 const char *attr_name,
 const struct 
ldb_message_element *old)
 {
+   const struct ldb_map_context *data = map_get_context(module);
+   const char *local_attr_name = attr_name;
struct ldb_message_element *el;
unsigned int i;
 
@@ -235,7 +237,19 @@ static struct ldb_message_element 
*ldb_msg_el_map_remote(struct ldb_module *modu
return NULL;
}
 
-   el-name = talloc_strdup(el, attr_name);
+   for (i = 0; data-attribute_maps[i].local_name; i++) {
+   struct ldb_map_attribute *am = data-attribute_maps[i];
+   if ((am-type == LDB_MAP_RENAME 
+   !strcmp(am-u.rename.remote_name, attr_name))
+   || (am-type == LDB_MAP_CONVERT 
+   !strcmp(am-u.convert.remote_name, attr_name))) {
+
+   local_attr_name = am-local_name;
+   break;
+   }
+   }
+
+   el-name = talloc_strdup(el, local_attr_name);
if (el-name == NULL) {
talloc_free(el);
map_oom(module);
diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c
index ad3ed81..ea11039 100644
--- a/source4/libnet/libnet_join.c
+++ b/source4/libnet/libnet_join.c
@@ -298,7 +298,7 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context 
*ctx, struct libnet_J
return NT_STATUS_NO_MEMORY;
}
 

[SCM] Samba Shared Repository - branch master updated

[Andrew Tridgell]

The branch, master has been updated
   via  0be1820... s4-ldb: use CHECK_XSLTPROC_MANPAGES()
   via  f6e46ee... build: check if the manpages stylesheet is available 
locally
   via  4cb423f... s4-python: python is not always in /usr/bin
  from  41cdcd5... s4:provision.ldif - fix the number of available RIDs

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 0be1820718202bd73a0e756c35a9b21edbbc563b
Author: Andrew Tridgell tri...@samba.org
Date:   Thu Jun 24 16:03:02 2010 +1000

s4-ldb: use CHECK_XSLTPROC_MANPAGES()

commit f6e46ee0fba25efecb78412a61270d7e70bb6f7d
Author: Andrew Tridgell tri...@samba.org
Date:   Thu Jun 24 16:02:43 2010 +1000

build: check if the manpages stylesheet is available locally

this avoids trying to fetch the stylesheet from the internet. If we
can't process the stylesheet with --nonet at configure time then don't
build manpages.

Signed-off-by: Andrew Bartlett abart...@samba.org

commit 4cb423f52737d980132709fe63bc3194b9307880
Author: Andrew Tridgell tri...@samba.org
Date:   Thu Jun 24 14:33:58 2010 +1000

s4-python: python is not always in /usr/bin

Using #!/usr/bin/env python is more portable. It still isn't ideal
though, as we should really use the python path found at configure
time. We do that in many places already, but some don't.

Signed-off-by: Andrew Bartlett abart...@samba.org

---

Summary of changes:
 buildtools/wafsamba/samba_conftests.py |   36 +---
 buildtools/wafsamba/wafsamba.py|6 ++--
 lib/subunit/python/subunit/run.py  |2 +-
 lib/tdb/wscript|3 +-
 source4/auth/credentials/tests/bindings.py |2 +-
 source4/auth/gensec/tests/bindings.py  |2 +-
 source4/auth/tests/bindings.py |2 +-
 .../samdb/ldb_modules/tests/possibleinferiors.py   |2 +-
 source4/dsdb/samdb/ldb_modules/tests/samba3sam.py  |2 +-
 source4/lib/ldb/tests/python/dsdb_schema_info.py   |2 +-
 source4/lib/ldb/wscript|2 +-
 source4/lib/policy/tests/python/bindings.py|2 +-
 source4/librpc/rpc/dcerpc.py   |2 +-
 source4/param/tests/bindings.py|2 +-
 source4/script/depfilter.py|2 +-
 source4/scripting/bin/testparm |2 +-
 source4/scripting/python/examples/netbios.py   |2 +-
 source4/scripting/python/examples/samr.py  |2 +-
 source4/scripting/python/examples/winreg.py|2 +-
 source4/scripting/python/samba/__init__.py |2 +-
 source4/scripting/python/samba/getopt.py   |2 +-
 source4/scripting/python/samba/hostconfig.py   |2 +-
 source4/scripting/python/samba/idmap.py|2 +-
 .../python/samba/ms_display_specifiers.py  |2 +-
 source4/scripting/python/samba/ndr.py  |2 +-
 source4/scripting/python/samba/netcmd/__init__.py  |2 +-
 .../scripting/python/samba/netcmd/domainlevel.py   |2 +-
 source4/scripting/python/samba/netcmd/dsacl.py |2 +-
 .../scripting/python/samba/netcmd/enableaccount.py |2 +-
 source4/scripting/python/samba/netcmd/export.py|2 +-
 source4/scripting/python/samba/netcmd/fsmo.py  |2 +-
 source4/scripting/python/samba/netcmd/group.py |2 +-
 source4/scripting/python/samba/netcmd/join.py  |2 +-
 source4/scripting/python/samba/netcmd/machinepw.py |2 +-
 source4/scripting/python/samba/netcmd/netacl.py|2 +-
 source4/scripting/python/samba/netcmd/newuser.py   |2 +-
 source4/scripting/python/samba/netcmd/ntacl.py |2 +-
 .../scripting/python/samba/netcmd/pwsettings.py|2 +-
 source4/scripting/python/samba/netcmd/setexpiry.py |2 +-
 .../scripting/python/samba/netcmd/setpassword.py   |2 +-
 source4/scripting/python/samba/netcmd/time.py  |2 +-
 source4/scripting/python/samba/netcmd/user.py  |2 +-
 source4/scripting/python/samba/netcmd/vampire.py   |2 +-
 source4/scripting/python/samba/ntacls.py   |2 +-
 source4/scripting/python/samba/samba3.py   |2 +-
 source4/scripting/python/samba/samdb.py|2 +-
 source4/scripting/python/samba/shares.py   |2 +-
 source4/scripting/python/samba/tests/__init__.py   |2 +-
 .../python/samba/tests/dcerpc/__init__.py  |2 +-
 .../scripting/python/samba/tests/dcerpc/bare.py|2 +-
 .../scripting/python/samba/tests/dcerpc/misc.py|2 +-
 .../python/samba/tests/dcerpc/registry.py  |2 +-
 .../scripting/python/samba/tests/dcerpc/rpcecho.py |2 +-
 source4/scripting/python/samba/tests/dcerpc/sam.py |2 +-
 

Re: [SCM] Samba Shared Repository - branch master updated

[Stefan (metze) Metzmacher]

Am 24.06.2010 10:05, schrieb Matthias Dieter Wallnöfer:
 The branch, master has been updated
via  41cdcd5... s4:provision.ldif - fix the number of available RIDs
via  fec489b... s4:provision.ldif - this Win2003 revision level seems 
 always to be 9 on Windows Server 2008 machines
via  64e19ef... s4:provision_users.ldif - change a group description 
 to be correct
via  560620a... s4:upgradeprovision - fix include order for ldb
via  e228b67... s4/ldb: ldb_msg_el_map_remote() should rename the 
 remote attribute names into local names as defined in simple_ldap_map.c.
via  e88f37d... s4:setup/provision.reg - raise version to Windows 
 Server 2008 R2
via  b172b7f... s4:libnet_join.c - always use LDB constants
   from  f34db12... Add parse_setjob_command() to make setting job state 
 easier for users.
 
 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
 
 
 - Log -
 commit 41cdcd54b7b7e3fb70fdb220e74a1daf30e1891a
 Author: Matthias Dieter Wallnöfer m...@samba.org
 Date:   Thu Jun 24 09:35:58 2010 +0200
 
 s4:provision.ldif - fix the number of available RIDs
 
 There should be 4611686014132422209 and not 4611686014132422109.

 --- a/source4/setup/provision.ldif
 +++ b/source4/setup/provision.ldif
 @@ -809,7 +809,7 @@ dn: CN=RID Manager$,CN=System,${DOMAINDN}
  objectClass: top
  objectClass: rIDManager
  systemFlags: -1946157056
 -rIDAvailablePool: 1001-1073741823
 +rIDAvailablePool: 1601-1073741823
  isCriticalSystemObject: TRUE

I don't think that's correct.

me...@sernox:~/devel/samba/ctdb/ctdb$ i 4611686014132422209
4611686014132422209 0x3FFF0641 0374003101
0b1101100101
me...@sernox:~/devel/samba/ctdb/ctdb$ i 0x641
1601 0x641 03101 0b1100101
me...@sernox:~/devel/samba/ctdb/ctdb$ i 4611686014132422109
4611686014132422109 0x3FFF05DD 0374002735
0b11010111011101
me...@sernox:~/devel/samba/ctdb/ctdb$ i 0x5DD
1501 0x5DD 02735 0b10111011101

changing it from 1501 to 1601 on a running system (the first dc already
allocated its own rid pool with 500 entries)
means changing the lower value by 100 and not by 600.

The available pool also depends on the nextRid counter of the local sam,
before the dcpromo.
(which is copied into the 'nextRid' field on the domain object.

The local dc account get the value of nextRid and the intial
rIDAvailablePool starts
with nextRid + x + 100. x was 0 in my dcpromo with a local rid counter
of 50.
I'll test more combinations...

I'm wondering why x is 1 in some cases and the rIDAvailablePool starts
at 1101 when nextRid was 1000,
instead of starting with 1100. Maybe it depends on the functional level.

It also seems that the special dns accounts doesn't get hard coded rids,
they're getting rids from the
first pool the local dc allocates.

metze
metze



signature.asc
Description: OpenPGP digital signature

[SCM] Samba Shared Repository - branch master updated

[Matthias Dieter Wallnöfer]

The branch, master has been updated
   via  8ad0161... Revert s4:provision.ldif - fix the number of available 
RIDs
   via  0f45536... s4:auth/gensec/gensec_gssapi.c - reorder constructor
  from  0be1820... s4-ldb: use CHECK_XSLTPROC_MANPAGES()

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 8ad01613f673a123304da889e6fed4909c619309
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Thu Jun 24 15:11:25 2010 +0200

Revert s4:provision.ldif - fix the number of available RIDs

This reverts commit 41cdcd54b7b7e3fb70fdb220e74a1daf30e1891a.

As per request of metze revert this (cause written on the mailing list).

commit 0f455362797308ccef7976d81317d6175bc59ea5
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Thu Jun 24 11:05:41 2010 +0200

s4:auth/gensec/gensec_gssapi.c - reorder constructor

To have the same order as in the structure definition.

---

Summary of changes:
 source4/auth/gensec/gensec_gssapi.c |   68 +++---
 source4/setup/provision.ldif|2 +-
 2 files changed, 39 insertions(+), 31 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/auth/gensec/gensec_gssapi.c 
b/source4/auth/gensec/gensec_gssapi.c
index 4aaae6c..88fbcce 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -154,25 +154,19 @@ static NTSTATUS gensec_gssapi_start(struct 
gensec_security *gensec_security)
if (!gensec_gssapi_state) {
return NT_STATUS_NO_MEMORY;
}
-   
-   gensec_gssapi_state-gss_exchange_count = 0;
-   gensec_gssapi_state-max_wrap_buf_size
-   = gensec_setting_int(gensec_security-settings, 
gensec_gssapi, max wrap buf size, 65536);
-   
-   gensec_gssapi_state-sasl = false;
-   gensec_gssapi_state-sasl_state = STAGE_GSS_NEG;
 
gensec_security-private_data = gensec_gssapi_state;
 
gensec_gssapi_state-gssapi_context = GSS_C_NO_CONTEXT;
-   gensec_gssapi_state-server_name = GSS_C_NO_NAME;
-   gensec_gssapi_state-client_name = GSS_C_NO_NAME;
-   gensec_gssapi_state-lucid = NULL;
 
/* TODO: Fill in channel bindings */
gensec_gssapi_state-input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS;
+
+   gensec_gssapi_state-server_name = GSS_C_NO_NAME;
+   gensec_gssapi_state-client_name = GSS_C_NO_NAME;

gensec_gssapi_state-want_flags = 0;
+
if (gensec_setting_bool(gensec_security-settings, gensec_gssapi, 
delegation_by_kdc_policy, true)) {
gensec_gssapi_state-want_flags |= GSS_C_DELEG_POLICY_FLAG;
}
@@ -189,16 +183,6 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security 
*gensec_security)
gensec_gssapi_state-want_flags |= GSS_C_SEQUENCE_FLAG;
}
 
-   gensec_gssapi_state-got_flags = 0;
-
-   gensec_gssapi_state-session_key = data_blob(NULL, 0);
-   gensec_gssapi_state-pac = data_blob(NULL, 0);
-
-   gensec_gssapi_state-delegated_cred_handle = GSS_C_NO_CREDENTIAL;
-   gensec_gssapi_state-sig_size = 0;
-
-   talloc_set_destructor(gensec_gssapi_state, gensec_gssapi_destructor);
-
if (gensec_security-want_features  GENSEC_FEATURE_SIGN) {
gensec_gssapi_state-want_flags |= GSS_C_INTEG_FLAG;
}
@@ -209,6 +193,8 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security 
*gensec_security)
gensec_gssapi_state-want_flags |= GSS_C_DCE_STYLE;
}
 
+   gensec_gssapi_state-got_flags = 0;
+
switch (gensec_security-ops-auth_type) {
case DCERPC_AUTH_TYPE_SPNEGO:
gensec_gssapi_state-gss_oid = gss_mech_spnego;
@@ -219,6 +205,38 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security 
*gensec_security)
break;
}
 
+   gensec_gssapi_state-session_key = data_blob(NULL, 0);
+   gensec_gssapi_state-pac = data_blob(NULL, 0);
+
+   ret = smb_krb5_init_context(gensec_gssapi_state,
+   gensec_security-event_ctx,
+   gensec_security-settings-lp_ctx,
+   gensec_gssapi_state-smb_krb5_context);
+   if (ret) {
+   DEBUG(1,(gensec_krb5_start: krb5_init_context failed (%s)\n,
+error_message(ret)));
+   talloc_free(gensec_gssapi_state);
+   return NT_STATUS_INTERNAL_ERROR;
+   }
+
+   gensec_gssapi_state-client_cred = NULL;
+   gensec_gssapi_state-server_cred = NULL;
+
+   gensec_gssapi_state-lucid = NULL;
+
+   gensec_gssapi_state-delegated_cred_handle = GSS_C_NO_CREDENTIAL;
+
+   gensec_gssapi_state-sasl = false;
+   gensec_gssapi_state-sasl_state = STAGE_GSS_NEG;
+   gensec_gssapi_state-sasl_protection = 0;
+

Re: [SCM] Samba Shared Repository - branch master updated

[Matthias Dieter Wallnöfer]

Reverted.

Thanks for pointing this out.

Stefan (metze) Metzmacher wrote:

Am 24.06.2010 10:05, schrieb Matthias Dieter Wallnöfer:
   

The branch, master has been updated
via  41cdcd5... s4:provision.ldif - fix the number of available RIDs
via  fec489b... s4:provision.ldif - this Win2003 revision level seems always to 
be 9 on Windows Server 2008 machines
via  64e19ef... s4:provision_users.ldif - change a group description to 
be correct
via  560620a... s4:upgradeprovision - fix include order for ldb
via  e228b67... s4/ldb: ldb_msg_el_map_remote() should rename the 
remote attribute names into local names as defined in simple_ldap_map.c.
via  e88f37d... s4:setup/provision.reg - raise version to Windows 
Server 2008 R2
via  b172b7f... s4:libnet_join.c - always use LDB constants
   from  f34db12... Add parse_setjob_command() to make setting job state 
easier for users.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 41cdcd54b7b7e3fb70fdb220e74a1daf30e1891a
Author: Matthias Dieter Wallnöferm...@samba.org
Date:   Thu Jun 24 09:35:58 2010 +0200

 s4:provision.ldif - fix the number of available RIDs

 There should be 4611686014132422209 and not 4611686014132422109.

--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -809,7 +809,7 @@ dn: CN=RID Manager$,CN=System,${DOMAINDN}
  objectClass: top
  objectClass: rIDManager
  systemFlags: -1946157056
-rIDAvailablePool: 1001-1073741823
+rIDAvailablePool: 1601-1073741823
  isCriticalSystemObject: TRUE
 

I don't think that's correct.

me...@sernox:~/devel/samba/ctdb/ctdb$ i 4611686014132422209
4611686014132422209 0x3FFF0641 0374003101
0b1101100101
me...@sernox:~/devel/samba/ctdb/ctdb$ i 0x641
1601 0x641 03101 0b1100101
me...@sernox:~/devel/samba/ctdb/ctdb$ i 4611686014132422109
4611686014132422109 0x3FFF05DD 0374002735
0b11010111011101
me...@sernox:~/devel/samba/ctdb/ctdb$ i 0x5DD
1501 0x5DD 02735 0b10111011101

changing it from 1501 to 1601 on a running system (the first dc already
allocated its own rid pool with 500 entries)
means changing the lower value by 100 and not by 600.

The available pool also depends on the nextRid counter of the local sam,
before the dcpromo.
(which is copied into the 'nextRid' field on the domain object.

The local dc account get the value of nextRid and the intial
rIDAvailablePool starts
with nextRid + x + 100. x was 0 in my dcpromo with a local rid counter
of 50.
I'll test more combinations...

I'm wondering why x is 1 in some cases and the rIDAvailablePool starts
at 1101 when nextRid was 1000,
instead of starting with 1100. Maybe it depends on the functional level.

It also seems that the special dns accounts doesn't get hard coded rids,
they're getting rids from the
first pool the local dc allocates.

metze
metze

   

[SCM] Samba Shared Repository - branch master updated

[Michael Adam]

The branch, master has been updated
   via  2a0340b... s3:registry: remove unused function normalize_dbkey()
   via  5cac4e6... s3:registry: use normalize_reg_path() in 
regdb_set_secdesc()
   via  4c94825... s3:registry: use normalize_reg_path() in 
regdb_get_secdesc()
  from  8ad0161... Revert s4:provision.ldif - fix the number of available 
RIDs

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 2a0340baa35163d04537b0606f58ab77a1d39108
Author: Michael Adam ob...@samba.org
Date:   Thu Jun 24 15:32:46 2010 +0200

s3:registry: remove unused function normalize_dbkey()

commit 5cac4e648c635f4f3a46a5878827414a2cb80366
Author: Michael Adam ob...@samba.org
Date:   Thu Jun 24 15:31:06 2010 +0200

s3:registry: use normalize_reg_path() in regdb_set_secdesc()

instead of normalize_dbkey

commit 4c948251d97bea9429d3fa24f98814ac57f4d525
Author: Michael Adam ob...@samba.org
Date:   Thu Jun 24 15:30:31 2010 +0200

s3:registry: use normalize_reg_path() in regdb_get_secdesc()

instead of normalize_dbkey.

---

Summary of changes:
 source3/registry/reg_backend_db.c|   14 --
 source3/registry/reg_util_internal.c |   10 --
 source3/registry/reg_util_internal.h |1 -
 3 files changed, 12 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/registry/reg_backend_db.c 
b/source3/registry/reg_backend_db.c
index 0c90618..4e7f855 100644
--- a/source3/registry/reg_backend_db.c
+++ b/source3/registry/reg_backend_db.c
@@ -1740,7 +1740,12 @@ static WERROR regdb_get_secdesc(TALLOC_CTX *mem_ctx, 
const char *key,
err = WERR_NOMEM;
goto done;
}
-   normalize_dbkey(tdbkey);
+
+   tdbkey = normalize_reg_path(tmp_ctx, tdbkey);
+   if (tdbkey == NULL) {
+   err = WERR_NOMEM;
+   goto done;
+   }
 
data = dbwrap_fetch_bystring(regdb, tmp_ctx, tdbkey);
if (data.dptr == NULL) {
@@ -1779,7 +1784,12 @@ static WERROR regdb_set_secdesc(const char *key,
if (tdbkey == NULL) {
goto done;
}
-   normalize_dbkey(tdbkey);
+
+   tdbkey = normalize_reg_path(mem_ctx, tdbkey);
+   if (tdbkey == NULL) {
+   err = WERR_NOMEM;
+   goto done;
+   }
 
if (secdesc == NULL) {
/* assuming a delete */
diff --git a/source3/registry/reg_util_internal.c 
b/source3/registry/reg_util_internal.c
index 4cf8e28..47e2ce5 100644
--- a/source3/registry/reg_util_internal.c
+++ b/source3/registry/reg_util_internal.c
@@ -120,16 +120,6 @@ char *normalize_reg_path(TALLOC_CTX *ctx, const char 
*keyname )
return nkeyname;
 }
 
-/**
- * normalize ther registry path in place.
- */
-void normalize_dbkey(char *key)
-{
-   size_t len = strlen(key);
-   string_sub(key, \\, /, len+1);
-   strupper_m(key);
-}
-
 /**
  move to next non-delimter character
 */
diff --git a/source3/registry/reg_util_internal.h 
b/source3/registry/reg_util_internal.h
index 886e58c..0cb370e 100644
--- a/source3/registry/reg_util_internal.h
+++ b/source3/registry/reg_util_internal.h
@@ -23,7 +23,6 @@
 bool reg_split_path(char *path, char **base, char **new_path);
 bool reg_split_key(char *path, char **base, char **key);
 char *normalize_reg_path(TALLOC_CTX *ctx, const char *keyname );
-void normalize_dbkey(char *key);
 char *reg_remaining_path(TALLOC_CTX *ctx, const char *key);
 
 #endif /* _REG_UTIL_H */


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Tim Prouty]

The branch, master has been updated
   via  7e49a58... s4 torture: Warn on NOT_IMPLEMENTED in addition to 
NOT_SUPPORTED for RAW-QFILEINFO
  from  2a0340b... s3:registry: remove unused function normalize_dbkey()

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 7e49a58ab9a66a709ee2a15d40db7c59bf55cbac
Author: Aravind Srinivasan aravind.sriniva...@isilon.com
Date:   Tue Jun 22 10:42:20 2010 -0700

s4 torture: Warn on NOT_IMPLEMENTED in addition to NOT_SUPPORTED for 
RAW-QFILEINFO

Signed-off-by: Tim Prouty tpro...@samba.org

---

Summary of changes:
 source4/torture/raw/qfileinfo.c |   12 +---
 1 files changed, 9 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/torture/raw/qfileinfo.c b/source4/torture/raw/qfileinfo.c
index 12897ef..54f1d12 100644
--- a/source4/torture/raw/qfileinfo.c
+++ b/source4/torture/raw/qfileinfo.c
@@ -278,8 +278,10 @@ static bool torture_raw_qfileinfo_internals(struct 
torture_context *torture,
count++;
}
if (!levels[i].only_paths 
+  (NT_STATUS_EQUAL(levels[i].fnum_status,
+   NT_STATUS_NOT_SUPPORTED) ||
NT_STATUS_EQUAL(levels[i].fnum_status,
-   NT_STATUS_NOT_SUPPORTED)) {
+   NT_STATUS_NOT_IMPLEMENTED))) {
torture_warning(torture, fnum level %s %s,
levels[i].name,
nt_errstr(levels[i].fnum_status));
@@ -293,8 +295,10 @@ static bool torture_raw_qfileinfo_internals(struct 
torture_context *torture,
}
} else {
if (!levels[i].only_paths 
+  (NT_STATUS_EQUAL(levels[i].fnum_status,
+   NT_STATUS_NOT_SUPPORTED) ||
NT_STATUS_EQUAL(levels[i].fnum_status,
-   NT_STATUS_NOT_SUPPORTED)) {
+   NT_STATUS_NOT_IMPLEMENTED))) {
torture_warning(torture, fnum level %s %s,
levels[i].name,
nt_errstr(levels[i].fnum_status));
@@ -302,8 +306,10 @@ static bool torture_raw_qfileinfo_internals(struct 
torture_context *torture,
}
 
if (!levels[i].only_handles 
+  (NT_STATUS_EQUAL(levels[i].fname_status,
+   NT_STATUS_NOT_SUPPORTED) ||
NT_STATUS_EQUAL(levels[i].fname_status,
-   NT_STATUS_NOT_SUPPORTED)) {
+   NT_STATUS_NOT_IMPLEMENTED))) {
 torture_warning(torture, fname level %s %s,
levels[i].name,
nt_errstr(levels[i].fname_status));


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Jelmer Vernooij]

The branch, master has been updated
   via  700fcfb... pidl/python: Make sure to always increment reference 
counter when using Py_None.
   via  4a75cb9... pidl/python: Increment reference counter on Py_None to 
prevent us from accidentally deallocating it.
  from  7e49a58... s4 torture: Warn on NOT_IMPLEMENTED in addition to 
NOT_SUPPORTED for RAW-QFILEINFO

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 700fcfbc63c4b20fcb35dc3c7ef50ed20117cf74
Author: Jelmer Vernooij jel...@samba.org
Date:   Fri Jun 25 00:16:18 2010 +0200

pidl/python: Make sure to always increment reference counter when using
Py_None.

commit 4a75cb9cd5dfdd347803d03acbc0533c2e7e89cc
Author: Jelmer Vernooij jel...@samba.org
Date:   Thu Jun 24 23:17:51 2010 +0200

pidl/python: Increment reference counter on Py_None to prevent us from
accidentally deallocating it.

---

Summary of changes:
 pidl/lib/Parse/Pidl/Samba4/Python.pm |6 +-
 1 files changed, 5 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/pidl/lib/Parse/Pidl/Samba4/Python.pm 
b/pidl/lib/Parse/Pidl/Samba4/Python.pm
index 390ee27..4687a53 100644
--- a/pidl/lib/Parse/Pidl/Samba4/Python.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/Python.pm
@@ -126,6 +126,7 @@ sub FromUnionToPythonFunction()
$self-ConvertObjectToPython($mem_ctx, {}, $e, 
$name-$e-{NAME}, ret, return NULL;);
} else {
$self-pidl(ret = Py_None;);
+   $self-pidl(Py_INCREF(ret););
}
 
$self-pidl(return ret;);
@@ -371,7 +372,7 @@ sub PythonFunctionUnpackOut($$$)
$self-pidl(static PyObject *$outfnname(struct $fn-{NAME} *r));
$self-pidl({);
$self-indent;
-   $self-pidl(PyObject *result = Py_None;);
+   $self-pidl(PyObject *result;);
foreach my $e (@{$fn-{ELEMENTS}}) {
next unless (grep(/out/,@{$e-{DIRECTION}}));
next if (($metadata_args-{in}-{$e-{NAME}} and grep(/in/, 
@{$e-{DIRECTION}})) or 
@@ -390,6 +391,8 @@ sub PythonFunctionUnpackOut($$$)
$self-pidl(result = PyTuple_New($result_size););
$signature .= (;
} elsif ($result_size == 0) {
+   $self-pidl(result = Py_None;);
+   $self-pidl(Py_INCREF(result););
$signature .= None;
}
 
@@ -1052,6 +1055,7 @@ sub ConvertObjectToPythonLevel($$)
$self-pidl(if ($var_name == NULL) {);
$self-indent;
$self-pidl($py_var = Py_None;);
+   $self-pidl(Py_INCREF($py_var););
$self-deindent;
$self-pidl(} else {);
$self-indent;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Jelmer Vernooij]

The branch, master has been updated
   via  e0aa54d... selftest: Store the output of the last test run in 
st/subunit.
  from  700fcfb... pidl/python: Make sure to always increment reference 
counter when using Py_None.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit e0aa54d0ed25a55fd6b4f5d08644d37981572fdd
Author: Jelmer Vernooij jel...@samba.org
Date:   Fri Jun 25 01:21:14 2010 +0200

selftest: Store the output of the last test run in st/subunit.

If a testrepository repository is present, add the test output when it
has completed.

---

Summary of changes:
 source4/selftest/wscript |   13 ++---
 1 files changed, 10 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/selftest/wscript b/source4/selftest/wscript
index 5e42e6f..8244e6e 100644
--- a/source4/selftest/wscript
+++ b/source4/selftest/wscript
@@ -1,4 +1,5 @@
 #!/usr/bin/env python
+# vim: expandtab ft=python
 
 # selftest main code.
 
@@ -95,8 +96,6 @@ def cmd_testonly(opt):
 env.FILTER_OPTIONS = '${FILTER_XFAIL} --strip-passed-output'
 else:
 env.FILTER_OPTIONS = '${FILTER_XFAIL}'
-if not Options.options.FILTERED_SUBUNIT:
-env.FILTER_OPTIONS += ' | ${FORMAT_TEST_OUTPUT}'
 
 if Options.options.VALGRIND:
 os.environ['VALGRIND'] = 'valgrind -q --num-callers=30'
@@ -119,11 +118,19 @@ def cmd_testonly(opt):
 if os.path.exists(st_done):
 os.unlink(st_done)
 
-cmd = '(${PERL} ../selftest/selftest.pl --prefix=${SELFTEST_PREFIX} 
--builddir=. --srcdir=. --exclude=./selftest/skip 
--testlist=./selftest/tests.sh| ${OPTIONS} --socket-wrapper ${TESTS}  touch 
${SELFTEST_PREFIX}/st_done) | ${FILTER_OPTIONS}'
+cmd = '(${PERL} ../selftest/selftest.pl --prefix=${SELFTEST_PREFIX} 
--builddir=. --srcdir=. --exclude=./selftest/skip 
--testlist=./selftest/tests.sh| ${OPTIONS} --socket-wrapper ${TESTS}  touch 
${SELFTEST_PREFIX}/st_done) | ${FILTER_OPTIONS} | tee 
${SELFTEST_PREFIX}/subunit'
+if os.environ.get('RUN_FROM_BUILD_FARM') is None and not 
Options.options.FILTERED_SUBUNIT:
+cmd += ' | ${FORMAT_TEST_OUTPUT}'
 cmd = EXPAND_VARIABLES(opt, cmd)
 
 print(test: running %s % cmd)
 ret = RUN_COMMAND(cmd, env=env)
+if os.path.exists(.testrepository):
+# testr load -q isn't
+cmd = 'testr load -q  ${SELFTEST_PREFIX}/subunit  /dev/null'
+cmd = EXPAND_VARIABLES(opt, cmd)
+RUN_COMMAND(cmd, env=env)
+
 if ret != 0:
 print(ERROR: test failed with exit code %d % ret)
 sys.exit(ret)


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Kamen Mazdrashki]

The branch, master has been updated
   via  163ed44... s4/drs: DsReplicaSync should search partition to Sync
   via  e40635c... s4/utils: fix few 'net drs replicate' error messages
   via  0dd6a75... s4/drs-test: Tests Deleted objects replication
  from  e0aa54d... selftest: Store the output of the last test run in 
st/subunit.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 163ed44903fd6d9bf3047d0987bcbb8f0a28e7e2
Author: Kamen Mazdrashki kame...@samba.org
Date:   Fri Jun 25 04:34:42 2010 +0300

s4/drs: DsReplicaSync should search partition to Sync

by any valid DSName attribute given, be it - partition DN,
partition GUID or partition SID

commit e40635c48d4b5853cbf463455e2ec90178375100
Author: Kamen Mazdrashki kame...@samba.org
Date:   Fri Jun 25 04:31:41 2010 +0300

s4/utils: fix few 'net drs replicate' error messages

mainly for the output to be more informative

commit 0dd6a759ed41960500e0869bfe96d93b2d11f50a
Author: Kamen Mazdrashki kame...@samba.org
Date:   Fri Jun 25 04:30:21 2010 +0300

s4/drs-test: Tests Deleted objects replication

Tests how deleted objects are replicated between two DCs.
Currently the test exploits following vulnerabilities:
 - DsReplicaSync is not correctly implemented
 - a 'deleted object' is restored (kind of) in case DC1 replicates
   from DC2 before the 'deleted object' is replicated

---

Summary of changes:
 source4/dsdb/repl/drepl_out_pull.c  |   29 
 source4/dsdb/repl/drepl_service.c   |   15 +-
 source4/torture/drs/python/delete_object.py |  222 +++
 source4/utils/net/drs/net_drs_replicate.c   |   14 +-
 4 files changed, 268 insertions(+), 12 deletions(-)
 create mode 100755 source4/torture/drs/python/delete_object.py


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/repl/drepl_out_pull.c 
b/source4/dsdb/repl/drepl_out_pull.c
index 329b298..c82b48d 100644
--- a/source4/dsdb/repl/drepl_out_pull.c
+++ b/source4/dsdb/repl/drepl_out_pull.c
@@ -32,6 +32,7 @@
 #include librpc/gen_ndr/ndr_drsuapi.h
 #include librpc/gen_ndr/ndr_drsblobs.h
 #include libcli/composite/composite.h
+#include libcli/security/dom_sid.h
 
 WERROR dreplsrv_schedule_partition_pull_source(struct dreplsrv_service *s,
   struct 
dreplsrv_partition_source_dsa *source,
@@ -99,6 +100,34 @@ WERROR dreplsrv_schedule_partition_pull_by_guid(struct 
dreplsrv_service *s, TALL
return WERR_NOT_FOUND;
 }
 
+/* force an immediate of the specified partition by Naming Context */
+WERROR dreplsrv_schedule_partition_pull_by_nc(struct dreplsrv_service *s, 
TALLOC_CTX *mem_ctx,
+ struct 
drsuapi_DsReplicaObjectIdentifier *nc)
+{
+   struct dreplsrv_partition *p;
+   bool valid_sid, valid_guid;
+   struct dom_sid null_sid;
+   ZERO_STRUCT(null_sid);
+
+   valid_sid  = !dom_sid_equal(null_sid, nc-sid);
+   valid_guid = !GUID_all_zero(nc-guid);
+
+   if (!valid_sid  !valid_guid  !nc-dn) {
+   return WERR_DS_DRA_INVALID_PARAMETER;
+   }
+
+   for (p = s-partitions; p; p = p-next) {
+   if ((valid_guid  GUID_equal(p-nc.guid, nc-guid))
+   || strequal(p-nc.dn, nc-dn)
+   || (valid_sid  dom_sid_equal(p-nc.sid, nc-sid))) {
+   return dreplsrv_schedule_partition_pull(s, p, mem_ctx);
+   }
+   }
+
+   return WERR_DS_DRA_BAD_NC;
+}
+
+
 static void dreplsrv_pending_op_callback(struct tevent_req *subreq)
 {
struct dreplsrv_out_operation *op = tevent_req_callback_data(subreq,
diff --git a/source4/dsdb/repl/drepl_service.c 
b/source4/dsdb/repl/drepl_service.c
index 59436d6..e48ae3e 100644
--- a/source4/dsdb/repl/drepl_service.c
+++ b/source4/dsdb/repl/drepl_service.c
@@ -110,16 +110,19 @@ static NTSTATUS drepl_replica_sync(struct irpc_message 
*msg,
 {
struct dreplsrv_service *service = talloc_get_type(msg-private_data,
   struct 
dreplsrv_service);
-   struct GUID *guid = r-in.req-req1.naming_context-guid;
+   struct drsuapi_DsReplicaObjectIdentifier *nc = 
r-in.req-req1.naming_context;
 
-   r-out.result = dreplsrv_schedule_partition_pull_by_guid(service, msg, 
guid);
+   r-out.result = dreplsrv_schedule_partition_pull_by_nc(service, msg, 
nc);
if (W_ERROR_IS_OK(r-out.result)) {
-   DEBUG(3,(drepl_replica_sync: forcing sync of partition %s\n,
-GUID_string(msg, guid)));
+   DEBUG(3,(drepl_replica_sync: forcing sync of partition (%s, 
%s)\n,
+GUID_string(msg, nc-guid),
+nc-dn));
dreplsrv_run_pending_ops(service);
}