Re: [Samba] machine password changed in secrets.tdb
I tested this further and its initiated by machine password timeout option in smb.conf which is 7 days default. Brajesh Shrivastava wrote: Any reply to this mail? On 18 June 2010 14:19, Rajesh Ghanekar rajesh_ghane...@symantec.com mailto:rajesh_ghane...@symantec.com wrote: Hi, I see my machine password change in secrets.tdb. I am not sure who initiated it. But can this happen automatically after 7 days as mentioned in following link initiated by someone else (PDC), other than smbd/winbindd? http://www.windowsnetworking.com/nt/registry/rtips295.shtml I am confused who changed it, but it got changed after 7 days. Can PDC ask smbd/winbindd to change this? Or it is initiated by smbd/winbindd? But I see logs from winbindd that initiated the change after 7 days, but got permission denied. Will the denied message cause the change to be persistent in secrets.tdb? I am unsure of this, too: 2010 Jun 14 18:34:00 xyz winbindd[31473]: [2010/06/14 18:34:00.040611, 0] rpc_client/cli_netlogon.c:563(rpccli_netlogon_set_trust_password) 2010 Jun 14 18:34:00 xyz winbindd[31473]: rpccli_netr_ServerPasswordSet2 failed: NT_STATUS_ACCESS_DENIED Here is krb5.conf: # cat /etc/krb5.conf [libdefaults] default_realm = XYZ.COM http://XYZ.COM [realms] XYZ.COM http://XYZ.COM = { kdc = xyz_ad admin_server = xyz_ad kpasswd_server = xyz_ad default_domain = XYZ.COM http://XYZ.COM } [domain_realm] .kerberos.server = XYZ.COM http://XYZ.COM [logging] default = SYSLOG:NOTICE:DAEMON kdc = FILE:/var/log/kdc.log kadmind = FILE:/var/log/kadmind.log [appdefaults] pam = { ticket_lifetime = 3d renew_lifetime = 7d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 debug = false } Thanks, Rajesh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Blocking workgroup discovery
Hi all, At my work I`ve set up a VPN. When I connect to it, my colleagues see all the workgroups from my side of the VPN (I live on a campus with ~50 workgroups). Do you know how I block the workgroup discovery on through the VPN gateway? Is the broadcast done on a specific port? Is samba actively repeating the broadcast and their replies? Greetings Tjerk Jan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 and windows server 2008 unable to join domain
Hello We are running samba 3.5.2 and we are in trouble with windows 7 and windows server 2008 that cannot join Samba PDC domain. Any infos / links welcome Thank you F -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 and windows server 2008 unable to join domain
google of 'samba windows 7 domain', the first link is the one you want: http://wiki.samba.org/index.php/Windows7 Op 24-6-2010 11:38, Frank Bonnet schreef: Hello We are running samba 3.5.2 and we are in trouble with windows 7 and windows server 2008 that cannot join Samba PDC domain. Any infos / links welcome Thank you F -- -- Tom Reijnders TOR Informatica Chopinlaan 27 5242HM Rosmalen Tel: 073 5226191 Fax: 073 5226196 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba transfer rate slower than ftp
Le 23/06/2010 21:01, Jeremy Allison a écrit : On Wed, Jun 23, 2010 at 12:26:04PM +0200, Francois Lepretre wrote: Hello, I have a file server under Debian Lenny, with a 41TB file system (XFS, 24 x 2TB hard drives on RAID 6 on an Areca card) Reading files with ftp works like a charm and we easily reach the 125 MB/s limit of the GB ethernet card. But when reading files (on the same clients) from a samba share, we get around 60 MB/s. Clients are Windows XP 64 and Seven 64 and show the same performances. An interesting question. Do you see different performance between the XP and Win7 clients ? I know you say the same performance above, but have you looked closely at this ? Honestly I did not look too closely. The Win7 clients might look a little bit faster, like a few extra MB/s during transfer compared to XP clients, but this might be due to hardware, more recent on Win7 hosts. I'll try to produce detailed numbers later... Thanks, Francois Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba migration from PDC tdbsam to BDC tdbsam
Hello According to my post samba migration to another distro llinux on samba lists I would like to make migration of samba from one machine to another. I can't find information how to transfer accounts,policies,users,domain SID and other options from PDC (tdbsam backend)(current server) to BDC (tdbsam backend)future server. I found some info but its about migration from tdbsam to LDAP. I don't use LDAP. Could you explain me how to do it step by step ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Blocking workgroup discovery
I think, by the fundamental nature of how networking protocols work, that broadcasts do not pass through routers - although with a VPN it may be a little different. However, I have the same situation. A Windows server on the host network shows my home workgroup in the network neighborhood. However I can't see my home computer listed in it. If I know the ip of my home computer I can use net use \\x.x.x.x to get to shares on it. My VPN client (sonicwall) has a virtual network interface that gets an IP from the same class C range as the host network. From the perspective of the samba server, my home PC is on the local work network. The VPN configuration on the server includes an option Enable Windows Networking (NetBIOS) Broadcast - disabled - I am not sure if that means NBT (NetBios over TCP/IP) or the really old NetBEUI (remember Windows for Workgroups?) VPN Clients are not using WINS - I thought this would fix the issues but it didn't. The Samba server is not the WINS server but it is (or should be) the master browser. I don't know if this means that my host PC has registered with the browser on the samba server OR if broadcasts initiated by my host PC on the VPN virtual network interface are passing through the VPN.My local PC's Network Neighborhood only shows its own workgroup, not the corporate one or other VPN users. Maybe I can adjust my Windows firewall setting to block outgoing netbios. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Tjerk Jan Vonk Sent: Thursday, June 24, 2010 5:24 AM To: samba@lists.samba.org Subject: [Samba] Blocking workgroup discovery Hi all, At my work I`ve set up a VPN. When I connect to it, my colleagues see all the workgroups from my side of the VPN (I live on a campus with ~50 workgroups). Do you know how I block the workgroup discovery on through the VPN gateway? Is the broadcast done on a specific port? Is samba actively repeating the broadcast and their replies? Greetings Tjerk Jan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba PDC and big files
Hello, I'm trying to setup a PDC with Samba, but I have the known problem of the roaming profiles: big files. I think it's difficult to guarantee that a inexperienced user will copy is downloaded files, documents, or whatever, to a H:\ share instead of is handy desktop. Other problem is the files of Outlook or Thunderbird that can get big. The goal is to avoid email configuration each time the user changes to another workstation, so I can't configure the email client to store the files locally on the workstation. Could someone give me some lights in how I can circumvent this problem? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba winbind problem with trusted domains
Hi TMS, thanks for your reply .Those are trusted domains and wbinfo-m is showing all the trusted domains. Anyways I have resolved the problem with Likewise open backend authentication tool. :) . But now I am facing another problem . i am not able to access samba shares using netbios name even with full machine FQDN wherears it is accessible with IP address. can you please help me On Wed, Jun 23, 2010 at 6:16 PM, t...@tms3.com wrote: On Wednesday 23/06/2010 at 12:12 am, *...@ppu wrote: hi all i am new to samba and struggling with trusted domains authentication from many days .i have a win2k3 domain(corp.raju.ad )and win2k8 domain ( testraju.ad) . i have joined samba server as a member to win2k8 domain (testraju.ad) using net ads join commands / i m able to access samba shares using testraju.ad user ID's successfully , while authenticating with corp.raju.ad users i m unable to.log is showing as NT_STATUS NO_SUCH USER In such situations, the forrest testaju.ad must have a trust with corp.raju.ad, which would be controlled by the Windoze DC's. Samba NT style domain trusts are not applicable to member servers. Member servers are little more than domain joined machines. Cheers, TMS III follwing is my smb.conf file [global] log file = /var/log/samba/%m load printers = yes idmap gid = 600-200 interfaces = 127.0.0.1 eth0 encrypt passwords = yes realm = testraju.ad winbind use default domain = true template shell = /bin/bash netbios name = slclinuxfs001 winbind enum users = no idmap uid = 600-200 password server = hsttestadc001.testraju.ad winbind nested groups = YeS workgroup = test winbind enum groups = no security = ADS max log size = 5 bind interfaces only = true log level = 3 #winbind separator = \ [raju] comment = test share path = /tmp/raju browsable = yes available = yes writable = yes readonly = no valid users = @RAJU\domain users @TEST\domain users wbinfo -m is listing all trusted domains . i m able to authenticate trusted domain user with wbinfo --authenticate=raju\\pa72635%password (2 back slashes) i have enabled logging on and following is the client log when i access with trusted domain user ID . [2010/06/23 12:47:38.010714, 3] auth/auth.c:216(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []...@[hicmbsa001] with the new password interface [2010/06/23 12:47:38.010761, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [slclinuxfs001]...@[hicmbsa001] [2010/06/23 12:47:38.011642, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/06/23 12:47:38.011670, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/06/23 12:47:38.011709, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/06/23 12:47:38.011812, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/06/23 12:47:38.011921, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/06/23 12:47:38.011946, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/06/23 12:47:38.011969, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/06/23 12:47:38.012000, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/06/23 12:47:38.012286, 3] auth/auth.c:265(check_ntlm_password) check_ntlm_password: guest authentication for user [] succeeded [2010/06/23 12:47:38.082054, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/06/23 12:47:38.082095, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/06/23 12:47:38.082119, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/06/23 12:47:38.082356, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/06/23 12:47:38.082422, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2180847254-3007464121-335579984-501] [2010/06/23 12:47:38.082464, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2010/06/23 12:47:38.082503, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2010/06/23 12:47:38.082587, 3] libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2010/06/23 12:47:38.082624, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xa2088205 [2010/06/23 12:47:38.082676, 3]
Re: [Samba] Samba PDC and big files
--- Original message --- Subject: [Samba] Samba PDC and big files From: Pedro Rafael Alves Simoes pedro.a.sim...@gmail.com To: samba@lists.samba.org Date: Thursday, 24/06/2010 5:03 AM Hello, I'm trying to setup a PDC with Samba, but I have the known problem of the roaming profiles: big files. I think it's difficult to guarantee that a inexperienced user will copy is downloaded files, documents, or whatever, to a H:\ share instead of is handy desktop. Other problem is the files of Outlook or Thunderbird that can get big. The goal is to avoid email configuration each time the user changes to another workstation, so I can't configure the email client to store the files locally on the workstation. Could someone give me some lights in how I can circumvent this problem? BOFH's Guide to Electrified Keyboards: 101 Tips and tricks to train your users. Cheers, TMS III P.S. for email imap is a good idea. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and big files
On 06/24/2010 07:04 AM, Pedro Rafael Alves Simoes wrote: Hello, I'm trying to setup a PDC with Samba, but I have the known problem of the roaming profiles: big files. I think it's difficult to guarantee that a inexperienced user will copy is downloaded files, documents, or whatever, to a H:\ share instead of is handy desktop. Other problem is the files of Outlook or Thunderbird that can get big. The goal is to avoid email configuration each time the user changes to another workstation, so I can't configure the email client to store the files locally on the workstation. Could someone give me some lights in how I can circumvent this problem? Thanks. You need folder redirection. Read chapter 5 of my book Samba3-ByExample http://www.samba.org/samba/docs/Samba3-ByExample.pdf - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Blocking workgroup discovery
SNIP I don't know if this means that my host PC has registered with the browser on the samba server OR if broadcasts initiated by my host PC on the VPN virtual network interface are passing through the VPN.My local PC's Network Neighborhood only shows its own workgroup, not the corporate one or other VPN users. Maybe I can adjust my Windows firewall setting to block outgoing netbios. Block port 137 to VPN clients. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Tjerk Jan Vonk Sent: Thursday, June 24, 2010 5:24 AM To: samba@lists.samba.org Subject: [Samba] Blocking workgroup discovery Hi all, At my work I`ve set up a VPN. When I connect to it, my colleagues see all the workgroups from my side of the VPN (I live on a campus with ~50 workgroups). Do you know how I block the workgroup discovery on through the VPN gateway? Is the broadcast done on a specific port? Is samba actively repeating the broadcast and their replies? Greetings Tjerk Jan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba winbind problem with trusted domains
SNIP thanks for your reply .Those are trusted domains and wbinfo-m is showing all the trusted domains. Anyways I have resolved the problem with Likewise open backend authentication tool. :) . But now I am facing another problem . i am not able to access samba shares using netbios name Is netbios active on windows machines? How is netbios being handled even with full machine FQDN wherears it is accessible with IP address. Is the samba machine in DNS? ping myserver.mydomain.extention can you please help me On Wed, Jun 23, 2010 at 6:16 PM, t...@tms3.com wrote: On Wednesday 23/06/2010 at 12:12 am, *...@ppu wrote: hi all i am new to samba and struggling with trusted domains authentication from many days .i have a win2k3 domain(corp.raju.ad )and win2k8 domain ( testraju.ad) . i have joined samba server as a member to win2k8 domain (testraju.ad) using net ads join commands / i m able to access samba shares using testraju.ad user ID's successfully , while authenticating with corp.raju.ad users i m unable to.log is showing as NT_STATUS NO_SUCH USER In such situations, the forrest testaju.ad must have a trust with corp.raju.ad, which would be controlled by the Windoze DC's. Samba NT style domain trusts are not applicable to member servers. Member servers are little more than domain joined machines. Cheers, TMS III follwing is my smb.conf file [global] log file = /var/log/samba/%m load printers = yes idmap gid = 600-200 interfaces = 127.0.0.1 eth0 encrypt passwords = yes realm = testraju.ad winbind use default domain = true template shell = /bin/bash netbios name = slclinuxfs001 winbind enum users = no idmap uid = 600-200 password server = hsttestadc001.testraju.ad winbind nested groups = YeS workgroup = test winbind enum groups = no security = ADS max log size = 5 bind interfaces only = true log level = 3 #winbind separator = \ [raju] comment = test share path = /tmp/raju browsable = yes available = yes writable = yes readonly = no valid users = @RAJU\domain users @TEST\domain users wbinfo -m is listing all trusted domains . i m able to authenticate trusted domain user with wbinfo --authenticate=raju\\pa72635%password (2 back slashes) i have enabled logging on and following is the client log when i access with trusted domain user ID . [2010/06/23 12:47:38.010714, 3] auth/auth.c:216(check_ntlm_password) check_ntlm_password: Checking password for unmapped user []...@[hicmbsa001] with the new password interface [2010/06/23 12:47:38.010761, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [slclinuxfs001]...@[hicmbsa001] [2010/06/23 12:47:38.011642, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/06/23 12:47:38.011670, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/06/23 12:47:38.011709, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/06/23 12:47:38.011812, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/06/23 12:47:38.011921, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/06/23 12:47:38.011946, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/06/23 12:47:38.011969, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/06/23 12:47:38.012000, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/06/23 12:47:38.012286, 3] auth/auth.c:265(check_ntlm_password) check_ntlm_password: guest authentication for user [] succeeded [2010/06/23 12:47:38.082054, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/06/23 12:47:38.082095, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/06/23 12:47:38.082119, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/06/23 12:47:38.082356, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/06/23 12:47:38.082422, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-2180847254-3007464121-335579984-501] [2010/06/23 12:47:38.082464, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2010/06/23 12:47:38.082503, 3] lib/privileges.c:63(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-32-546] [2010/06/23
Re: [Samba] Samba PDC and big files
Roaming profiles with folder redirection... Regards Carl t...@tms3.com wrote: --- Original message --- Subject: [Samba] Samba PDC and big files From: Pedro Rafael Alves Simoes pedro.a.sim...@gmail.com To: samba@lists.samba.org Date: Thursday, 24/06/2010 5:03 AM Hello, I'm trying to setup a PDC with Samba, but I have the known problem of the roaming profiles: big files. I think it's difficult to guarantee that a inexperienced user will copy is downloaded files, documents, or whatever, to a H:\ share instead of is handy desktop. Other problem is the files of Outlook or Thunderbird that can get big. The goal is to avoid email configuration each time the user changes to another workstation, so I can't configure the email client to store the files locally on the workstation. Could someone give me some lights in how I can circumvent this problem? BOFH's Guide to Electrified Keyboards: 101 Tips and tricks to train your users. Cheers, TMS III P.S. for email imap is a good idea. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] xp clients can't auth after reboot without smb restart
On Wed, Jun 23, 2010 at 9:32 PM, John H Terpstra j...@samba.org wrote: On 06/23/2010 07:50 PM, delpheye wrote: On Wed, Jun 23, 2010 at 5:57 PM, t...@tms3.com wrote: SNIP NetBIOS Names Resolved By Broadcast -- DOMAIN.COM 1C DOMAIN-FS DOMAIN.COM 1C DOMAIN.COM 1C DOMAIN-FS DOMAIN.COM 1C DOMAIN.COM is a bad netbios name. I suggest something with 8 letters or numbers. Samba 3.x does not use FQDN's. DOMAIN.COM is what I have specified as the workgroup only. the netbios name in smb.conf is is just the machine's hostname only. Is there somewhere else I should be looking to change the netbios name? Wrong! Both the machine _AND_ the workgroup name are NetBIOS names. - John T. I changed the workgroup name from domain.com to domain, but that didn't alter the results of trying to map the share without restarting samba. nbtstat -RR: The NetBIOS names registered by this computer have been refreshed. net use y: \\domain-fs\business Enter the user name for 'domain-fs': username Enter the password for domain-fs: xx System error 64 has occurred. The specified network name is no longer available. Matt On 06/22/2010 04:24 PM, delpheye wrote: On Tue, Jun 22, 2010 at 1:07 PM, Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote: On 06/22/2010 01:55 PM, John Drescher wrote: An error occurred while reconnecting Z: to \\domain-fs\business Microsoft Windows Network: The specified network name is no longer available This connection has not been restored. Looks like a browsing problem to me. Try to reconnect using ip address instead of name. John Are you using WINS? I find that makes a lot of issues go away. I have wins support enabled in Samba and the following lines in nsswitch.conf: debug 1 passwd: files ldap shadow: files ldap group: files ldap hosts: files wins dns bootparams: files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files ldap publickey: files automount: files ldap aliases: files Is that all there is to enabling WINS? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC and big files
On Thu, Jun 24, 2010 at 2:04 PM, Pedro Rafael Alves Simoes pedro.a.sim...@gmail.com wrote: Hello, I'm trying to setup a PDC with Samba, but I have the known problem of the roaming profiles: big files. I think it's difficult to guarantee that a inexperienced user will copy is downloaded files, documents, or whatever, to a H:\ share instead of is handy desktop. Other problem is the files of Outlook or Thunderbird that can get big. The goal is to avoid email configuration each time the user changes to another workstation, so I can't configure the email client to store the files locally on the workstation. 1. Do not store mail locally, you will lose mail if you do. Use a central imap server for instance, it's also much easier for backups; 2. I set the user's desktop to readonly with cacls in the logon scripts, problem solved (get yourself management's approval before you try this, explain why it is necessary). If they do not want to listen to you then ... 3. use folder redirection. This is harder to do in a pure samba 3 environment than in AD, but it is certainly doable. Soon, with samba 4 we will have all the group policy goodies :-) -- natxo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] security = share
Hello, Please, i need help with security mode = share. i want to configure security = share and the parameter username = user in a shared folder to avoid that everybody could access to it. f I have understood correctly the manual, this configuration enables to access if the password provided matches with the user`password. But when i try to access returns this error: smbclient //SERVER/Docs Enter user's password: Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.4.7] Server not using user level security and no password supplied. tree connect failed: NT_STATUS_WRONG_PASSWORD I also tried: smbclient -U user%passwd //SERVER/Docs Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.4.7] Server not using user level security and no password supplied. tree connect failed: NT_STATUS_WRONG_PASSWORD smbclient -U user%passwd //SERVER/Docs -P Failed to open /var/lib/samba/secrets.tdb ERROR: Unable to open secrets database sudo smbclient -U user%passwd //SERVER/Docs -P ERROR: Unable to fetch machine password for SERVER$@ in domain WORKGROUP If i change passdb backend = smbpasswd in GLOBAL options: smbclient -U user%passwd //SERVER/Docs -P -e -A /etc/samba/smbpasswd ERROR: Unable to open credentials file! sudo smbclient -U user%passwd //SERVER/Docs -P -e -A /etc/samba/smbpasswd ERROR: Unable to fetch machine password for SERVER$@ in domain WORKGROUP My config: testparm Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.4.7] smb: \ quit j...@jose-laptop:~$ testparm Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section [printers] Processing section [print$] Processing section [Docs] Processing section [printers] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] netbios name = SERVER server string = %h server (Samba, Ubuntu) map to guest = Bad User client lanman auth = Yes security = SHARE obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No browsable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers [Docs] comment = Documents path = /home/user/Documentos/Docs read only = No username = user smbtree WORKGROUP \\SERVERserver (Samba, Ubuntu) \\SERVER\IPC$ IPC Service (server (Samba, Ubuntu)) \\SERVER\Docs Documents \\SERVER\print$ Printer Drivers sudo pdbedit -Lw nobody:65534:::[U ]:LCT-: user:1000::CC63D87C86C99FF2FB25B31C84CF584A:[U ]:LCT-4C23B25F: smbguest:1001:::[U ]:LCT-: Thanks in advance for your time Regards -- View this message in context: http://old.nabble.com/security-%3D-share-tp28986491p28986491.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] minor BUG? re: smbstatus, 'rlimit max'=xxx - msg=files on client; not server.
When I run smbstatus, I have the impression it's giving me the status of the smb server. But the first thing that pops when I run it was: rlimit_max: rlimit_max(1024) below minimum Windows limit (16384) But this isn't really the case -- it's telling me my rlimit_max on the linux-client I am running smbstatus on, not what 'rlimit max' is set to for the server. Had me confused for a bit -- as my startup scripts have the open file params set to 32K for the hard limit and 16K for the soft limit for smb -- and didn't know why it wasn't reading that... Until I started playing around with the limit in my shell where I was running smbstatusthen I realized it was telling me the shell's limit -- not the samba server's limit -- Is this desired behavior? It seems a bit confusing. Linda (sw version 3.5.2). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Anyone try 'ssh server and get Password for DOMAIN\USER:
I'm trying to use 'ssh' as a domain user from a workstation into my server. When I ssh as a non-domain user, it doesn't tack on a domain (or workstation) name, so it just works, but when I log in from from my Samba domain, it tacks it on (and the linux security stuff doesn't like domain\ either. Should the pam_winbind module be able to authenticate this type of user name against the domain? If not, is there a module that does? thanks, linda -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Thu Jun 24 06:00:02 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-06-23 00:00:03.0 -0600 +++ /home/build/master/cache/broken_results.txt 2010-06-24 00:00:03.0 -0600 @@ -1,4 +1,4 @@ -Build status as of Wed Jun 23 06:00:02 2010 +Build status as of Thu Jun 24 06:00:02 2010 Build counts: Tree Total Broken Panic @@ -16,7 +16,7 @@ samba_3_master 28 28 1 samba_3_next 28 28 4 samba_4_0_test 30 30 0 -samba_4_0_waf 30 29 0 +samba_4_0_waf 30 30 0 talloc 30 7 0 tdb 28 9 0
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 28f6e41... WHATSNEW: Start release notes for 3.5.5. via 6e2b68f... VERSION: Bump version number up to 3.5.5. from 9d9a9a0... s3-docs: Add missing whitespace. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 28f6e4144b092bd21f49ca989d36df19ce002231 Author: Karolin Seeger ksee...@samba.org Date: Thu Jun 24 08:15:24 2010 +0200 WHATSNEW: Start release notes for 3.5.5. Karolin commit 6e2b68fef3e0851e1564921d1c4285c8d4a9b550 Author: Karolin Seeger ksee...@samba.org Date: Thu Jun 24 08:13:33 2010 +0200 VERSION: Bump version number up to 3.5.5. Karolin --- Summary of changes: WHATSNEW.txt| 46 -- source3/VERSION |2 +- 2 files changed, 45 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 1be1572..19f8875 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,46 @@ = + Release Notes for Samba 3.5.5 + , 2010 + = + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.5 include: + + o + + +Changes since 3.5.4 +--- + + + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + = Release Notes for Samba 3.5.4 June 23, 2010 = @@ -88,8 +130,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + = Release Notes for Samba 3.5.3 diff --git a/source3/VERSION b/source3/VERSION index 1cf36f2..0594c9d 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=5 -SAMBA_VERSION_RELEASE=4 +SAMBA_VERSION_RELEASE=5 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-stable updated
The branch, v3-5-stable has been updated via 160cbf1... WHATSNEW: Start release notes for 3.5.5. via 71301df... VERSION: Bump version number up to 3.5.5. from fb5b75d... s3-docs: Add missing whitespace. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable - Log - commit 160cbf1d242617409977e87d12f4871625052d4d Author: Karolin Seeger ksee...@samba.org Date: Thu Jun 24 08:15:24 2010 +0200 WHATSNEW: Start release notes for 3.5.5. Karolin (cherry picked from commit 28f6e4144b092bd21f49ca989d36df19ce002231) commit 71301dff2e75033e849f95feb647365c4b9efd7a Author: Karolin Seeger ksee...@samba.org Date: Thu Jun 24 08:13:33 2010 +0200 VERSION: Bump version number up to 3.5.5. Karolin (cherry picked from commit 6e2b68fef3e0851e1564921d1c4285c8d4a9b550) --- Summary of changes: WHATSNEW.txt| 46 -- source3/VERSION |2 +- 2 files changed, 45 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 1be1572..19f8875 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,46 @@ = + Release Notes for Samba 3.5.5 + , 2010 + = + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.5 include: + + o + + +Changes since 3.5.4 +--- + + + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + = Release Notes for Samba 3.5.4 June 23, 2010 = @@ -88,8 +130,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + = Release Notes for Samba 3.5.3 diff --git a/source3/VERSION b/source3/VERSION index 8eb0d1f..795463c 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=5 -SAMBA_VERSION_RELEASE=4 +SAMBA_VERSION_RELEASE=5 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 41cdcd5... s4:provision.ldif - fix the number of available RIDs via fec489b... s4:provision.ldif - this Win2003 revision level seems always to be 9 on Windows Server 2008 machines via 64e19ef... s4:provision_users.ldif - change a group description to be correct via 560620a... s4:upgradeprovision - fix include order for ldb via e228b67... s4/ldb: ldb_msg_el_map_remote() should rename the remote attribute names into local names as defined in simple_ldap_map.c. via e88f37d... s4:setup/provision.reg - raise version to Windows Server 2008 R2 via b172b7f... s4:libnet_join.c - always use LDB constants from f34db12... Add parse_setjob_command() to make setting job state easier for users. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 41cdcd54b7b7e3fb70fdb220e74a1daf30e1891a Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Jun 24 09:35:58 2010 +0200 s4:provision.ldif - fix the number of available RIDs There should be 4611686014132422209 and not 4611686014132422109. commit fec489bd8706a7dbb84589ff7f5da08550d86e78 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Jun 24 09:23:32 2010 +0200 s4:provision.ldif - this Win2003 revision level seems always to be 9 on Windows Server 2008 machines commit 64e19ef9fb85d31f9428a6714ce485de2704734b Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Jun 24 09:14:24 2010 +0200 s4:provision_users.ldif - change a group description to be correct commit 560620a53df66ddbaa273afc9db796fc7562b53d Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Jun 24 09:06:49 2010 +0200 s4:upgradeprovision - fix include order for ldb Patch originally posted on the list by Matthieu Patou. commit e228b67e56ab63414055e64455a97ea0643803e2 Author: Endi S. Dewata edew...@redhat.com Date: Wed Jun 23 07:26:25 2010 -0500 s4/ldb: ldb_msg_el_map_remote() should rename the remote attribute names into local names as defined in simple_ldap_map.c. commit e88f37daa068f7effe6f11b8ff8aeb79316e6632 Author: Matthias Dieter Wallnöfer mwallnoe...@yahoo.de Date: Sun Mar 7 21:13:27 2010 +0100 s4:setup/provision.reg - raise version to Windows Server 2008 R2 commit b172b7f467e3c2968ec154fab38399b29ad63d9b Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed Jun 23 17:30:10 2010 +0200 s4:libnet_join.c - always use LDB constants --- Summary of changes: source4/lib/ldb/ldb_map/ldb_map_outbound.c | 16 +++- source4/libnet/libnet_join.c | 10 +- source4/scripting/bin/upgradeprovision |2 +- source4/setup/provision.ldif |4 ++-- source4/setup/provision.reg|2 +- source4/setup/provision_users.ldif |2 +- 6 files changed, 25 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/lib/ldb/ldb_map/ldb_map_outbound.c b/source4/lib/ldb/ldb_map/ldb_map_outbound.c index 836aec9..17d77d7 100644 --- a/source4/lib/ldb/ldb_map/ldb_map_outbound.c +++ b/source4/lib/ldb/ldb_map/ldb_map_outbound.c @@ -219,6 +219,8 @@ static struct ldb_message_element *ldb_msg_el_map_remote(struct ldb_module *modu const char *attr_name, const struct ldb_message_element *old) { + const struct ldb_map_context *data = map_get_context(module); + const char *local_attr_name = attr_name; struct ldb_message_element *el; unsigned int i; @@ -235,7 +237,19 @@ static struct ldb_message_element *ldb_msg_el_map_remote(struct ldb_module *modu return NULL; } - el-name = talloc_strdup(el, attr_name); + for (i = 0; data-attribute_maps[i].local_name; i++) { + struct ldb_map_attribute *am = data-attribute_maps[i]; + if ((am-type == LDB_MAP_RENAME + !strcmp(am-u.rename.remote_name, attr_name)) + || (am-type == LDB_MAP_CONVERT + !strcmp(am-u.convert.remote_name, attr_name))) { + + local_attr_name = am-local_name; + break; + } + } + + el-name = talloc_strdup(el, local_attr_name); if (el-name == NULL) { talloc_free(el); map_oom(module); diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c index ad3ed81..ea11039 100644 --- a/source4/libnet/libnet_join.c +++ b/source4/libnet/libnet_join.c @@ -298,7 +298,7 @@ static NTSTATUS libnet_JoinADSDomain(struct libnet_context *ctx, struct libnet_J return NT_STATUS_NO_MEMORY; }
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0be1820... s4-ldb: use CHECK_XSLTPROC_MANPAGES() via f6e46ee... build: check if the manpages stylesheet is available locally via 4cb423f... s4-python: python is not always in /usr/bin from 41cdcd5... s4:provision.ldif - fix the number of available RIDs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0be1820718202bd73a0e756c35a9b21edbbc563b Author: Andrew Tridgell tri...@samba.org Date: Thu Jun 24 16:03:02 2010 +1000 s4-ldb: use CHECK_XSLTPROC_MANPAGES() commit f6e46ee0fba25efecb78412a61270d7e70bb6f7d Author: Andrew Tridgell tri...@samba.org Date: Thu Jun 24 16:02:43 2010 +1000 build: check if the manpages stylesheet is available locally this avoids trying to fetch the stylesheet from the internet. If we can't process the stylesheet with --nonet at configure time then don't build manpages. Signed-off-by: Andrew Bartlett abart...@samba.org commit 4cb423f52737d980132709fe63bc3194b9307880 Author: Andrew Tridgell tri...@samba.org Date: Thu Jun 24 14:33:58 2010 +1000 s4-python: python is not always in /usr/bin Using #!/usr/bin/env python is more portable. It still isn't ideal though, as we should really use the python path found at configure time. We do that in many places already, but some don't. Signed-off-by: Andrew Bartlett abart...@samba.org --- Summary of changes: buildtools/wafsamba/samba_conftests.py | 36 +--- buildtools/wafsamba/wafsamba.py|6 ++-- lib/subunit/python/subunit/run.py |2 +- lib/tdb/wscript|3 +- source4/auth/credentials/tests/bindings.py |2 +- source4/auth/gensec/tests/bindings.py |2 +- source4/auth/tests/bindings.py |2 +- .../samdb/ldb_modules/tests/possibleinferiors.py |2 +- source4/dsdb/samdb/ldb_modules/tests/samba3sam.py |2 +- source4/lib/ldb/tests/python/dsdb_schema_info.py |2 +- source4/lib/ldb/wscript|2 +- source4/lib/policy/tests/python/bindings.py|2 +- source4/librpc/rpc/dcerpc.py |2 +- source4/param/tests/bindings.py|2 +- source4/script/depfilter.py|2 +- source4/scripting/bin/testparm |2 +- source4/scripting/python/examples/netbios.py |2 +- source4/scripting/python/examples/samr.py |2 +- source4/scripting/python/examples/winreg.py|2 +- source4/scripting/python/samba/__init__.py |2 +- source4/scripting/python/samba/getopt.py |2 +- source4/scripting/python/samba/hostconfig.py |2 +- source4/scripting/python/samba/idmap.py|2 +- .../python/samba/ms_display_specifiers.py |2 +- source4/scripting/python/samba/ndr.py |2 +- source4/scripting/python/samba/netcmd/__init__.py |2 +- .../scripting/python/samba/netcmd/domainlevel.py |2 +- source4/scripting/python/samba/netcmd/dsacl.py |2 +- .../scripting/python/samba/netcmd/enableaccount.py |2 +- source4/scripting/python/samba/netcmd/export.py|2 +- source4/scripting/python/samba/netcmd/fsmo.py |2 +- source4/scripting/python/samba/netcmd/group.py |2 +- source4/scripting/python/samba/netcmd/join.py |2 +- source4/scripting/python/samba/netcmd/machinepw.py |2 +- source4/scripting/python/samba/netcmd/netacl.py|2 +- source4/scripting/python/samba/netcmd/newuser.py |2 +- source4/scripting/python/samba/netcmd/ntacl.py |2 +- .../scripting/python/samba/netcmd/pwsettings.py|2 +- source4/scripting/python/samba/netcmd/setexpiry.py |2 +- .../scripting/python/samba/netcmd/setpassword.py |2 +- source4/scripting/python/samba/netcmd/time.py |2 +- source4/scripting/python/samba/netcmd/user.py |2 +- source4/scripting/python/samba/netcmd/vampire.py |2 +- source4/scripting/python/samba/ntacls.py |2 +- source4/scripting/python/samba/samba3.py |2 +- source4/scripting/python/samba/samdb.py|2 +- source4/scripting/python/samba/shares.py |2 +- source4/scripting/python/samba/tests/__init__.py |2 +- .../python/samba/tests/dcerpc/__init__.py |2 +- .../scripting/python/samba/tests/dcerpc/bare.py|2 +- .../scripting/python/samba/tests/dcerpc/misc.py|2 +- .../python/samba/tests/dcerpc/registry.py |2 +- .../scripting/python/samba/tests/dcerpc/rpcecho.py |2 +- source4/scripting/python/samba/tests/dcerpc/sam.py |2 +-
Re: [SCM] Samba Shared Repository - branch master updated
Am 24.06.2010 10:05, schrieb Matthias Dieter Wallnöfer: The branch, master has been updated via 41cdcd5... s4:provision.ldif - fix the number of available RIDs via fec489b... s4:provision.ldif - this Win2003 revision level seems always to be 9 on Windows Server 2008 machines via 64e19ef... s4:provision_users.ldif - change a group description to be correct via 560620a... s4:upgradeprovision - fix include order for ldb via e228b67... s4/ldb: ldb_msg_el_map_remote() should rename the remote attribute names into local names as defined in simple_ldap_map.c. via e88f37d... s4:setup/provision.reg - raise version to Windows Server 2008 R2 via b172b7f... s4:libnet_join.c - always use LDB constants from f34db12... Add parse_setjob_command() to make setting job state easier for users. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 41cdcd54b7b7e3fb70fdb220e74a1daf30e1891a Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Jun 24 09:35:58 2010 +0200 s4:provision.ldif - fix the number of available RIDs There should be 4611686014132422209 and not 4611686014132422109. --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -809,7 +809,7 @@ dn: CN=RID Manager$,CN=System,${DOMAINDN} objectClass: top objectClass: rIDManager systemFlags: -1946157056 -rIDAvailablePool: 1001-1073741823 +rIDAvailablePool: 1601-1073741823 isCriticalSystemObject: TRUE I don't think that's correct. me...@sernox:~/devel/samba/ctdb/ctdb$ i 4611686014132422209 4611686014132422209 0x3FFF0641 0374003101 0b1101100101 me...@sernox:~/devel/samba/ctdb/ctdb$ i 0x641 1601 0x641 03101 0b1100101 me...@sernox:~/devel/samba/ctdb/ctdb$ i 4611686014132422109 4611686014132422109 0x3FFF05DD 0374002735 0b11010111011101 me...@sernox:~/devel/samba/ctdb/ctdb$ i 0x5DD 1501 0x5DD 02735 0b10111011101 changing it from 1501 to 1601 on a running system (the first dc already allocated its own rid pool with 500 entries) means changing the lower value by 100 and not by 600. The available pool also depends on the nextRid counter of the local sam, before the dcpromo. (which is copied into the 'nextRid' field on the domain object. The local dc account get the value of nextRid and the intial rIDAvailablePool starts with nextRid + x + 100. x was 0 in my dcpromo with a local rid counter of 50. I'll test more combinations... I'm wondering why x is 1 in some cases and the rIDAvailablePool starts at 1101 when nextRid was 1000, instead of starting with 1100. Maybe it depends on the functional level. It also seems that the special dns accounts doesn't get hard coded rids, they're getting rids from the first pool the local dc allocates. metze metze signature.asc Description: OpenPGP digital signature
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8ad0161... Revert s4:provision.ldif - fix the number of available RIDs via 0f45536... s4:auth/gensec/gensec_gssapi.c - reorder constructor from 0be1820... s4-ldb: use CHECK_XSLTPROC_MANPAGES() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8ad01613f673a123304da889e6fed4909c619309 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Jun 24 15:11:25 2010 +0200 Revert s4:provision.ldif - fix the number of available RIDs This reverts commit 41cdcd54b7b7e3fb70fdb220e74a1daf30e1891a. As per request of metze revert this (cause written on the mailing list). commit 0f455362797308ccef7976d81317d6175bc59ea5 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Jun 24 11:05:41 2010 +0200 s4:auth/gensec/gensec_gssapi.c - reorder constructor To have the same order as in the structure definition. --- Summary of changes: source4/auth/gensec/gensec_gssapi.c | 68 +++--- source4/setup/provision.ldif|2 +- 2 files changed, 39 insertions(+), 31 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index 4aaae6c..88fbcce 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -154,25 +154,19 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) if (!gensec_gssapi_state) { return NT_STATUS_NO_MEMORY; } - - gensec_gssapi_state-gss_exchange_count = 0; - gensec_gssapi_state-max_wrap_buf_size - = gensec_setting_int(gensec_security-settings, gensec_gssapi, max wrap buf size, 65536); - - gensec_gssapi_state-sasl = false; - gensec_gssapi_state-sasl_state = STAGE_GSS_NEG; gensec_security-private_data = gensec_gssapi_state; gensec_gssapi_state-gssapi_context = GSS_C_NO_CONTEXT; - gensec_gssapi_state-server_name = GSS_C_NO_NAME; - gensec_gssapi_state-client_name = GSS_C_NO_NAME; - gensec_gssapi_state-lucid = NULL; /* TODO: Fill in channel bindings */ gensec_gssapi_state-input_chan_bindings = GSS_C_NO_CHANNEL_BINDINGS; + + gensec_gssapi_state-server_name = GSS_C_NO_NAME; + gensec_gssapi_state-client_name = GSS_C_NO_NAME; gensec_gssapi_state-want_flags = 0; + if (gensec_setting_bool(gensec_security-settings, gensec_gssapi, delegation_by_kdc_policy, true)) { gensec_gssapi_state-want_flags |= GSS_C_DELEG_POLICY_FLAG; } @@ -189,16 +183,6 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) gensec_gssapi_state-want_flags |= GSS_C_SEQUENCE_FLAG; } - gensec_gssapi_state-got_flags = 0; - - gensec_gssapi_state-session_key = data_blob(NULL, 0); - gensec_gssapi_state-pac = data_blob(NULL, 0); - - gensec_gssapi_state-delegated_cred_handle = GSS_C_NO_CREDENTIAL; - gensec_gssapi_state-sig_size = 0; - - talloc_set_destructor(gensec_gssapi_state, gensec_gssapi_destructor); - if (gensec_security-want_features GENSEC_FEATURE_SIGN) { gensec_gssapi_state-want_flags |= GSS_C_INTEG_FLAG; } @@ -209,6 +193,8 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) gensec_gssapi_state-want_flags |= GSS_C_DCE_STYLE; } + gensec_gssapi_state-got_flags = 0; + switch (gensec_security-ops-auth_type) { case DCERPC_AUTH_TYPE_SPNEGO: gensec_gssapi_state-gss_oid = gss_mech_spnego; @@ -219,6 +205,38 @@ static NTSTATUS gensec_gssapi_start(struct gensec_security *gensec_security) break; } + gensec_gssapi_state-session_key = data_blob(NULL, 0); + gensec_gssapi_state-pac = data_blob(NULL, 0); + + ret = smb_krb5_init_context(gensec_gssapi_state, + gensec_security-event_ctx, + gensec_security-settings-lp_ctx, + gensec_gssapi_state-smb_krb5_context); + if (ret) { + DEBUG(1,(gensec_krb5_start: krb5_init_context failed (%s)\n, +error_message(ret))); + talloc_free(gensec_gssapi_state); + return NT_STATUS_INTERNAL_ERROR; + } + + gensec_gssapi_state-client_cred = NULL; + gensec_gssapi_state-server_cred = NULL; + + gensec_gssapi_state-lucid = NULL; + + gensec_gssapi_state-delegated_cred_handle = GSS_C_NO_CREDENTIAL; + + gensec_gssapi_state-sasl = false; + gensec_gssapi_state-sasl_state = STAGE_GSS_NEG; + gensec_gssapi_state-sasl_protection = 0; +
Re: [SCM] Samba Shared Repository - branch master updated
Reverted. Thanks for pointing this out. Stefan (metze) Metzmacher wrote: Am 24.06.2010 10:05, schrieb Matthias Dieter Wallnöfer: The branch, master has been updated via 41cdcd5... s4:provision.ldif - fix the number of available RIDs via fec489b... s4:provision.ldif - this Win2003 revision level seems always to be 9 on Windows Server 2008 machines via 64e19ef... s4:provision_users.ldif - change a group description to be correct via 560620a... s4:upgradeprovision - fix include order for ldb via e228b67... s4/ldb: ldb_msg_el_map_remote() should rename the remote attribute names into local names as defined in simple_ldap_map.c. via e88f37d... s4:setup/provision.reg - raise version to Windows Server 2008 R2 via b172b7f... s4:libnet_join.c - always use LDB constants from f34db12... Add parse_setjob_command() to make setting job state easier for users. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 41cdcd54b7b7e3fb70fdb220e74a1daf30e1891a Author: Matthias Dieter Wallnöferm...@samba.org Date: Thu Jun 24 09:35:58 2010 +0200 s4:provision.ldif - fix the number of available RIDs There should be 4611686014132422209 and not 4611686014132422109. --- a/source4/setup/provision.ldif +++ b/source4/setup/provision.ldif @@ -809,7 +809,7 @@ dn: CN=RID Manager$,CN=System,${DOMAINDN} objectClass: top objectClass: rIDManager systemFlags: -1946157056 -rIDAvailablePool: 1001-1073741823 +rIDAvailablePool: 1601-1073741823 isCriticalSystemObject: TRUE I don't think that's correct. me...@sernox:~/devel/samba/ctdb/ctdb$ i 4611686014132422209 4611686014132422209 0x3FFF0641 0374003101 0b1101100101 me...@sernox:~/devel/samba/ctdb/ctdb$ i 0x641 1601 0x641 03101 0b1100101 me...@sernox:~/devel/samba/ctdb/ctdb$ i 4611686014132422109 4611686014132422109 0x3FFF05DD 0374002735 0b11010111011101 me...@sernox:~/devel/samba/ctdb/ctdb$ i 0x5DD 1501 0x5DD 02735 0b10111011101 changing it from 1501 to 1601 on a running system (the first dc already allocated its own rid pool with 500 entries) means changing the lower value by 100 and not by 600. The available pool also depends on the nextRid counter of the local sam, before the dcpromo. (which is copied into the 'nextRid' field on the domain object. The local dc account get the value of nextRid and the intial rIDAvailablePool starts with nextRid + x + 100. x was 0 in my dcpromo with a local rid counter of 50. I'll test more combinations... I'm wondering why x is 1 in some cases and the rIDAvailablePool starts at 1101 when nextRid was 1000, instead of starting with 1100. Maybe it depends on the functional level. It also seems that the special dns accounts doesn't get hard coded rids, they're getting rids from the first pool the local dc allocates. metze metze
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2a0340b... s3:registry: remove unused function normalize_dbkey() via 5cac4e6... s3:registry: use normalize_reg_path() in regdb_set_secdesc() via 4c94825... s3:registry: use normalize_reg_path() in regdb_get_secdesc() from 8ad0161... Revert s4:provision.ldif - fix the number of available RIDs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2a0340baa35163d04537b0606f58ab77a1d39108 Author: Michael Adam ob...@samba.org Date: Thu Jun 24 15:32:46 2010 +0200 s3:registry: remove unused function normalize_dbkey() commit 5cac4e648c635f4f3a46a5878827414a2cb80366 Author: Michael Adam ob...@samba.org Date: Thu Jun 24 15:31:06 2010 +0200 s3:registry: use normalize_reg_path() in regdb_set_secdesc() instead of normalize_dbkey commit 4c948251d97bea9429d3fa24f98814ac57f4d525 Author: Michael Adam ob...@samba.org Date: Thu Jun 24 15:30:31 2010 +0200 s3:registry: use normalize_reg_path() in regdb_get_secdesc() instead of normalize_dbkey. --- Summary of changes: source3/registry/reg_backend_db.c| 14 -- source3/registry/reg_util_internal.c | 10 -- source3/registry/reg_util_internal.h |1 - 3 files changed, 12 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/registry/reg_backend_db.c b/source3/registry/reg_backend_db.c index 0c90618..4e7f855 100644 --- a/source3/registry/reg_backend_db.c +++ b/source3/registry/reg_backend_db.c @@ -1740,7 +1740,12 @@ static WERROR regdb_get_secdesc(TALLOC_CTX *mem_ctx, const char *key, err = WERR_NOMEM; goto done; } - normalize_dbkey(tdbkey); + + tdbkey = normalize_reg_path(tmp_ctx, tdbkey); + if (tdbkey == NULL) { + err = WERR_NOMEM; + goto done; + } data = dbwrap_fetch_bystring(regdb, tmp_ctx, tdbkey); if (data.dptr == NULL) { @@ -1779,7 +1784,12 @@ static WERROR regdb_set_secdesc(const char *key, if (tdbkey == NULL) { goto done; } - normalize_dbkey(tdbkey); + + tdbkey = normalize_reg_path(mem_ctx, tdbkey); + if (tdbkey == NULL) { + err = WERR_NOMEM; + goto done; + } if (secdesc == NULL) { /* assuming a delete */ diff --git a/source3/registry/reg_util_internal.c b/source3/registry/reg_util_internal.c index 4cf8e28..47e2ce5 100644 --- a/source3/registry/reg_util_internal.c +++ b/source3/registry/reg_util_internal.c @@ -120,16 +120,6 @@ char *normalize_reg_path(TALLOC_CTX *ctx, const char *keyname ) return nkeyname; } -/** - * normalize ther registry path in place. - */ -void normalize_dbkey(char *key) -{ - size_t len = strlen(key); - string_sub(key, \\, /, len+1); - strupper_m(key); -} - /** move to next non-delimter character */ diff --git a/source3/registry/reg_util_internal.h b/source3/registry/reg_util_internal.h index 886e58c..0cb370e 100644 --- a/source3/registry/reg_util_internal.h +++ b/source3/registry/reg_util_internal.h @@ -23,7 +23,6 @@ bool reg_split_path(char *path, char **base, char **new_path); bool reg_split_key(char *path, char **base, char **key); char *normalize_reg_path(TALLOC_CTX *ctx, const char *keyname ); -void normalize_dbkey(char *key); char *reg_remaining_path(TALLOC_CTX *ctx, const char *key); #endif /* _REG_UTIL_H */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7e49a58... s4 torture: Warn on NOT_IMPLEMENTED in addition to NOT_SUPPORTED for RAW-QFILEINFO from 2a0340b... s3:registry: remove unused function normalize_dbkey() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7e49a58ab9a66a709ee2a15d40db7c59bf55cbac Author: Aravind Srinivasan aravind.sriniva...@isilon.com Date: Tue Jun 22 10:42:20 2010 -0700 s4 torture: Warn on NOT_IMPLEMENTED in addition to NOT_SUPPORTED for RAW-QFILEINFO Signed-off-by: Tim Prouty tpro...@samba.org --- Summary of changes: source4/torture/raw/qfileinfo.c | 12 +--- 1 files changed, 9 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/raw/qfileinfo.c b/source4/torture/raw/qfileinfo.c index 12897ef..54f1d12 100644 --- a/source4/torture/raw/qfileinfo.c +++ b/source4/torture/raw/qfileinfo.c @@ -278,8 +278,10 @@ static bool torture_raw_qfileinfo_internals(struct torture_context *torture, count++; } if (!levels[i].only_paths + (NT_STATUS_EQUAL(levels[i].fnum_status, + NT_STATUS_NOT_SUPPORTED) || NT_STATUS_EQUAL(levels[i].fnum_status, - NT_STATUS_NOT_SUPPORTED)) { + NT_STATUS_NOT_IMPLEMENTED))) { torture_warning(torture, fnum level %s %s, levels[i].name, nt_errstr(levels[i].fnum_status)); @@ -293,8 +295,10 @@ static bool torture_raw_qfileinfo_internals(struct torture_context *torture, } } else { if (!levels[i].only_paths + (NT_STATUS_EQUAL(levels[i].fnum_status, + NT_STATUS_NOT_SUPPORTED) || NT_STATUS_EQUAL(levels[i].fnum_status, - NT_STATUS_NOT_SUPPORTED)) { + NT_STATUS_NOT_IMPLEMENTED))) { torture_warning(torture, fnum level %s %s, levels[i].name, nt_errstr(levels[i].fnum_status)); @@ -302,8 +306,10 @@ static bool torture_raw_qfileinfo_internals(struct torture_context *torture, } if (!levels[i].only_handles + (NT_STATUS_EQUAL(levels[i].fname_status, + NT_STATUS_NOT_SUPPORTED) || NT_STATUS_EQUAL(levels[i].fname_status, - NT_STATUS_NOT_SUPPORTED)) { + NT_STATUS_NOT_IMPLEMENTED))) { torture_warning(torture, fname level %s %s, levels[i].name, nt_errstr(levels[i].fname_status)); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 700fcfb... pidl/python: Make sure to always increment reference counter when using Py_None. via 4a75cb9... pidl/python: Increment reference counter on Py_None to prevent us from accidentally deallocating it. from 7e49a58... s4 torture: Warn on NOT_IMPLEMENTED in addition to NOT_SUPPORTED for RAW-QFILEINFO http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 700fcfbc63c4b20fcb35dc3c7ef50ed20117cf74 Author: Jelmer Vernooij jel...@samba.org Date: Fri Jun 25 00:16:18 2010 +0200 pidl/python: Make sure to always increment reference counter when using Py_None. commit 4a75cb9cd5dfdd347803d03acbc0533c2e7e89cc Author: Jelmer Vernooij jel...@samba.org Date: Thu Jun 24 23:17:51 2010 +0200 pidl/python: Increment reference counter on Py_None to prevent us from accidentally deallocating it. --- Summary of changes: pidl/lib/Parse/Pidl/Samba4/Python.pm |6 +- 1 files changed, 5 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/pidl/lib/Parse/Pidl/Samba4/Python.pm b/pidl/lib/Parse/Pidl/Samba4/Python.pm index 390ee27..4687a53 100644 --- a/pidl/lib/Parse/Pidl/Samba4/Python.pm +++ b/pidl/lib/Parse/Pidl/Samba4/Python.pm @@ -126,6 +126,7 @@ sub FromUnionToPythonFunction() $self-ConvertObjectToPython($mem_ctx, {}, $e, $name-$e-{NAME}, ret, return NULL;); } else { $self-pidl(ret = Py_None;); + $self-pidl(Py_INCREF(ret);); } $self-pidl(return ret;); @@ -371,7 +372,7 @@ sub PythonFunctionUnpackOut($$$) $self-pidl(static PyObject *$outfnname(struct $fn-{NAME} *r)); $self-pidl({); $self-indent; - $self-pidl(PyObject *result = Py_None;); + $self-pidl(PyObject *result;); foreach my $e (@{$fn-{ELEMENTS}}) { next unless (grep(/out/,@{$e-{DIRECTION}})); next if (($metadata_args-{in}-{$e-{NAME}} and grep(/in/, @{$e-{DIRECTION}})) or @@ -390,6 +391,8 @@ sub PythonFunctionUnpackOut($$$) $self-pidl(result = PyTuple_New($result_size);); $signature .= (; } elsif ($result_size == 0) { + $self-pidl(result = Py_None;); + $self-pidl(Py_INCREF(result);); $signature .= None; } @@ -1052,6 +1055,7 @@ sub ConvertObjectToPythonLevel($$) $self-pidl(if ($var_name == NULL) {); $self-indent; $self-pidl($py_var = Py_None;); + $self-pidl(Py_INCREF($py_var);); $self-deindent; $self-pidl(} else {); $self-indent; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e0aa54d... selftest: Store the output of the last test run in st/subunit. from 700fcfb... pidl/python: Make sure to always increment reference counter when using Py_None. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e0aa54d0ed25a55fd6b4f5d08644d37981572fdd Author: Jelmer Vernooij jel...@samba.org Date: Fri Jun 25 01:21:14 2010 +0200 selftest: Store the output of the last test run in st/subunit. If a testrepository repository is present, add the test output when it has completed. --- Summary of changes: source4/selftest/wscript | 13 ++--- 1 files changed, 10 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/selftest/wscript b/source4/selftest/wscript index 5e42e6f..8244e6e 100644 --- a/source4/selftest/wscript +++ b/source4/selftest/wscript @@ -1,4 +1,5 @@ #!/usr/bin/env python +# vim: expandtab ft=python # selftest main code. @@ -95,8 +96,6 @@ def cmd_testonly(opt): env.FILTER_OPTIONS = '${FILTER_XFAIL} --strip-passed-output' else: env.FILTER_OPTIONS = '${FILTER_XFAIL}' -if not Options.options.FILTERED_SUBUNIT: -env.FILTER_OPTIONS += ' | ${FORMAT_TEST_OUTPUT}' if Options.options.VALGRIND: os.environ['VALGRIND'] = 'valgrind -q --num-callers=30' @@ -119,11 +118,19 @@ def cmd_testonly(opt): if os.path.exists(st_done): os.unlink(st_done) -cmd = '(${PERL} ../selftest/selftest.pl --prefix=${SELFTEST_PREFIX} --builddir=. --srcdir=. --exclude=./selftest/skip --testlist=./selftest/tests.sh| ${OPTIONS} --socket-wrapper ${TESTS} touch ${SELFTEST_PREFIX}/st_done) | ${FILTER_OPTIONS}' +cmd = '(${PERL} ../selftest/selftest.pl --prefix=${SELFTEST_PREFIX} --builddir=. --srcdir=. --exclude=./selftest/skip --testlist=./selftest/tests.sh| ${OPTIONS} --socket-wrapper ${TESTS} touch ${SELFTEST_PREFIX}/st_done) | ${FILTER_OPTIONS} | tee ${SELFTEST_PREFIX}/subunit' +if os.environ.get('RUN_FROM_BUILD_FARM') is None and not Options.options.FILTERED_SUBUNIT: +cmd += ' | ${FORMAT_TEST_OUTPUT}' cmd = EXPAND_VARIABLES(opt, cmd) print(test: running %s % cmd) ret = RUN_COMMAND(cmd, env=env) +if os.path.exists(.testrepository): +# testr load -q isn't +cmd = 'testr load -q ${SELFTEST_PREFIX}/subunit /dev/null' +cmd = EXPAND_VARIABLES(opt, cmd) +RUN_COMMAND(cmd, env=env) + if ret != 0: print(ERROR: test failed with exit code %d % ret) sys.exit(ret) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 163ed44... s4/drs: DsReplicaSync should search partition to Sync via e40635c... s4/utils: fix few 'net drs replicate' error messages via 0dd6a75... s4/drs-test: Tests Deleted objects replication from e0aa54d... selftest: Store the output of the last test run in st/subunit. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 163ed44903fd6d9bf3047d0987bcbb8f0a28e7e2 Author: Kamen Mazdrashki kame...@samba.org Date: Fri Jun 25 04:34:42 2010 +0300 s4/drs: DsReplicaSync should search partition to Sync by any valid DSName attribute given, be it - partition DN, partition GUID or partition SID commit e40635c48d4b5853cbf463455e2ec90178375100 Author: Kamen Mazdrashki kame...@samba.org Date: Fri Jun 25 04:31:41 2010 +0300 s4/utils: fix few 'net drs replicate' error messages mainly for the output to be more informative commit 0dd6a759ed41960500e0869bfe96d93b2d11f50a Author: Kamen Mazdrashki kame...@samba.org Date: Fri Jun 25 04:30:21 2010 +0300 s4/drs-test: Tests Deleted objects replication Tests how deleted objects are replicated between two DCs. Currently the test exploits following vulnerabilities: - DsReplicaSync is not correctly implemented - a 'deleted object' is restored (kind of) in case DC1 replicates from DC2 before the 'deleted object' is replicated --- Summary of changes: source4/dsdb/repl/drepl_out_pull.c | 29 source4/dsdb/repl/drepl_service.c | 15 +- source4/torture/drs/python/delete_object.py | 222 +++ source4/utils/net/drs/net_drs_replicate.c | 14 +- 4 files changed, 268 insertions(+), 12 deletions(-) create mode 100755 source4/torture/drs/python/delete_object.py Changeset truncated at 500 lines: diff --git a/source4/dsdb/repl/drepl_out_pull.c b/source4/dsdb/repl/drepl_out_pull.c index 329b298..c82b48d 100644 --- a/source4/dsdb/repl/drepl_out_pull.c +++ b/source4/dsdb/repl/drepl_out_pull.c @@ -32,6 +32,7 @@ #include librpc/gen_ndr/ndr_drsuapi.h #include librpc/gen_ndr/ndr_drsblobs.h #include libcli/composite/composite.h +#include libcli/security/dom_sid.h WERROR dreplsrv_schedule_partition_pull_source(struct dreplsrv_service *s, struct dreplsrv_partition_source_dsa *source, @@ -99,6 +100,34 @@ WERROR dreplsrv_schedule_partition_pull_by_guid(struct dreplsrv_service *s, TALL return WERR_NOT_FOUND; } +/* force an immediate of the specified partition by Naming Context */ +WERROR dreplsrv_schedule_partition_pull_by_nc(struct dreplsrv_service *s, TALLOC_CTX *mem_ctx, + struct drsuapi_DsReplicaObjectIdentifier *nc) +{ + struct dreplsrv_partition *p; + bool valid_sid, valid_guid; + struct dom_sid null_sid; + ZERO_STRUCT(null_sid); + + valid_sid = !dom_sid_equal(null_sid, nc-sid); + valid_guid = !GUID_all_zero(nc-guid); + + if (!valid_sid !valid_guid !nc-dn) { + return WERR_DS_DRA_INVALID_PARAMETER; + } + + for (p = s-partitions; p; p = p-next) { + if ((valid_guid GUID_equal(p-nc.guid, nc-guid)) + || strequal(p-nc.dn, nc-dn) + || (valid_sid dom_sid_equal(p-nc.sid, nc-sid))) { + return dreplsrv_schedule_partition_pull(s, p, mem_ctx); + } + } + + return WERR_DS_DRA_BAD_NC; +} + + static void dreplsrv_pending_op_callback(struct tevent_req *subreq) { struct dreplsrv_out_operation *op = tevent_req_callback_data(subreq, diff --git a/source4/dsdb/repl/drepl_service.c b/source4/dsdb/repl/drepl_service.c index 59436d6..e48ae3e 100644 --- a/source4/dsdb/repl/drepl_service.c +++ b/source4/dsdb/repl/drepl_service.c @@ -110,16 +110,19 @@ static NTSTATUS drepl_replica_sync(struct irpc_message *msg, { struct dreplsrv_service *service = talloc_get_type(msg-private_data, struct dreplsrv_service); - struct GUID *guid = r-in.req-req1.naming_context-guid; + struct drsuapi_DsReplicaObjectIdentifier *nc = r-in.req-req1.naming_context; - r-out.result = dreplsrv_schedule_partition_pull_by_guid(service, msg, guid); + r-out.result = dreplsrv_schedule_partition_pull_by_nc(service, msg, nc); if (W_ERROR_IS_OK(r-out.result)) { - DEBUG(3,(drepl_replica_sync: forcing sync of partition %s\n, -GUID_string(msg, guid))); + DEBUG(3,(drepl_replica_sync: forcing sync of partition (%s, %s)\n, +GUID_string(msg, nc-guid), +nc-dn)); dreplsrv_run_pending_ops(service); }