[Samba] krb ticket for the computer account

[Mustafa Kuscu]

Hi Samba community,

Here is a problem I could not solve. I would like to mount a cifs share to
my local Linux machine, which is bound to a windows domain using winbind.
The share needs to be mounted by the linux machine's computer account. Here
is what I do:

# su - DOMAIN\\computer$

[DOMAIN\computercomputer ~]$
 i think there is a problem with the bash prompt, skip it for now 

[DOMAIN\computercomputer ~]$ whoami
DOMAIN\computer$

[DOMAIN\computercomputer ~]$ sudo mount -o user=DOMAIN\\computer$,sec=krb5
//remotehost/remoteshare /mnt/localmount
mount error(126): Required key not available
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

[DOMAIN\computercomputer ~]$ klist -5
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_16777222)

[DOMAIN\computercomputer ~]$ kinit -5 compute...@domain.com
Password for comput...@domain.com:

As you know, computer account passwords are not supposed to be entered by
users under normal circumstances.
How can I obtain a krb5 ticket for the computer account?

Thanks in advance..

Regards,

Mustafa
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] 100% CPU using OSX client

[Ben XO]

Hi there,

Normally happy OSX (10.6.4) user here. I am accessing a samba share on
my Gentoo linux machine (i know, i know...) which is running
samba-3.4.9 at the moment.

When I try to copy files from a CD on my mac to the smb:// share,
after every few files the transfer will pause for a few seconds, and
during the pause the linux machine will use 100% cpu - the result is a
very obvious stop-start-stop-start on the CD drive.

However, when I copy the same files from the same CD to the same
share, using the same computer, but from Windows 7 instead of OSX,
there is no such slowness. Very bizarre.

I've tried one or two things I've found on Google such as turning on
or off delayed ACK on the OSX client (no difference) or adding or
removing tuning options in smb config such as TCP_NODELAY - again, no
change. Using my powers of educated guessing, I would say that the OSX
client is trying to do something with the samba share between each
file that Windows is not; but I really have no idea.

Any suggestions appreciated, thank you in advance.

--
Ben XO / Last.fm / Bassdrive / DI.FM
http://www.last.fm/user/ben-xo
http://twitter.com/benxo
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Trying to establish a unidirectional Trust between windows 2003 and samba 3

[Administrator]

Hi
i am trying to establish a unidirection trust between win2k3 and samba3. 
I followed 
http://msadfaq.de/wiki/ActiveDirectory/trust_relationship_samba_ad.
I want windows to trust samba so that i can access the windows shares 
with my samba-users.
The Linux system is CentOS 5.5 with samba3.x86_64 3.5.6-43.el5 from the 
sernet-samba repository. Accounts are stored in ldap with help of 
smbldap-tools.
The samba domain is MY_DOMAIN, server is platin. Win2k3's domain is 
MYDOM.local, server is messing.

What I did is:
start domain.msc, establish new trust, fill in the samba domain name 
MY_DOMAIN, say its unidirectioal outgoing/unidirektional ausgehend, 
mark that it is domain wide authentication/Domänenweite 
Authentifizierung, fill in a trust password not_24get and mark not 
confirm outgoing trust. The trust was succesfully created. A message 
dialog tells me that the SID-filter is activated, should i deactivate that?

On samba side:
net -I 172.18.0.1 rpc trustdom add messing not_24get 
-Uadministrator%not24getEither -d 1
returns no errors, acount messing$ is created. The Paramater -i 
172.18.0.1 is added because samba doesn't listen to localhost.
However when i try to check the status of the trust i get the error 
message:
The trust could not be confirmed, access denied/Die Bestätigung der 
Vertrauensstellung zwischen der Domäne MYDOM.local und MY_DOM konnte 
nicht einwandfrei durchgeführt werden. Grund: Zugriff verweigert. 
Entfernen Sie die Vertrauensstellung auf beiden Seiten, und fügen Sie 
sie erneut hinzu.


I set my log level = 2 in smb.conf but my server is busy and i see many 
messages. Searching for messing in the logfile gave no helpful hints.
Accessing shares from a samba domain memeber failes with trust between 
primary domain and trusting domain could not be established.


What did i do wrong? What can i do next to track down the error?

Thanks a lot
Malte Müller
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] krb ticket for the computer account

[Andreas Dan Larsson]

 
 [DOMAIN\computercomputer ~]$ klist -5
 klist: No credentials cache found (ticket cache
 FILE:/tmp/krb5cc_16777222)
 
 [DOMAIN\computercomputer ~]$ kinit -5 compute...@domain.com
 Password for comput...@domain.com:
 
 As you know, computer account passwords are not supposed to be entered
 by
 users under normal circumstances.
 How can I obtain a krb5 ticket for the computer account?
 

Hi Mustafa,

To be able to check out a ticket in that way you need to set userprincipialname 
on the computeraccount. I do that when I join with:

# net ads join createupn=host/hostname.domain@domain.tld

I then create a keytab file:

# net ads keytab create

You don't need a userprincipialname to have a keytab but you have to have upn 
set if you want to check out a ticket from a keytab to a ccache. 

There are some options in smb.conf about kerberos keytab that I guess you want 
to use. 

Regards,
Andreas Larsson

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba on domain member refuses to work after certain time has passed

[Konstantin Boyandin]

Hello,

The configuration files for PDC and the server in question are below. 
Both have Samba 3.5.6 installed, firewalls pass all smb/nmb traffic, 
CentOS 5.5.x86_64 runs on both.


The situation: after the server (DEVSERV in the example below) starts 
its Samba, it works fine for approx 1-1.5 days. After that it abruptly 
stops servicing any shared resources. The only cure is to stop Samba, 
erase *.tdb files from /etc/samba and /var/lib/samba, join the domain anew -


net rpc join -SPDC -Uroot

and restart the Samba. After that, it works perfectly for 1-1.5 days again.

I have noticed the following lines today in the DEVSERV's 
/var/log/samba/log.nmbd:


[2010/11/11 15:42:45.748362,  0] 
nmbd/nmbd_nameregister.c:137(register_name_response)
  register_name_response: WINS server at IP 10.1.0.10 rejected our name 
registration of DEVEL00 IP 10.1.0.12 with error code 5.
[2010/11/11 15:42:45.748439,  0] 
nmbd/nmbd_namelistdb.c:307(standard_fail_register)
  standard_fail_register: Failed to register/refresh name DEVEL00 on 
subnet UNICAST_SUBNET


May I ask for suggestions on what's to correct?

Thanks.

Configuration files:
PDC, IP 10.11.12.10
eth0's net is 10.11.12.0/24
There are eth0:0, eth0:1, eth:2 I do nto wish to use for Samba (this is 
why interfaces are mentioned)


-- PDC smb.conf below --
[global]
unix charset = UTF8
workgroup = MYDOMAIN
netbios name = PDC
server string = PDC for MYDOMAIN
passdb backend =ldapsam:ldap://10.11.12.1 ldap://10.11.12.10;
username map = /etc/samba/smbusers
interfaces = eth0 lo
bind interfaces only = yes
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 0
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
shutdown script = /var/lib/samba/scripts/shutdown.sh
abort shutdown script = /sbin/shutdown -c
logon script = %u.bat
logon drive = W:
logon home = \\%L\%u
logon path = \\%L\profiles\%u
domain logons = Yes
domain master = Yes
wins support = Yes
ldapsam:trusted = yes
ldap ssl = off
ldap suffix = dc=example,dc=com
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=sambaadmin,dc=example,dc=com
idmap backend = ldap://10.11.12.1
idmap uid = 1-2
idmap gid = 1-2
printer admin = root
printing = cups
-- PDC smb.conf above --

DEVSERV, IP 10.11.12.12

-- DEVSERV smb.conf below --
[global]
workgroup = MYDOMAIN
server string = DEVSERV server`
netbios name = DEVSERV
log file = /var/log/samba/log.%m
max log size = 50
unix extensions = no
security = domain
password server = 10.11.12.1
local master = no
os level = 33
preferred master = no
wins server = 10.11.12.10
dns proxy = yes
load printers = yes
cups options = raw
-- DEVSERV smb.conf above --

Sincerely,
Konstantin
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] SAMBA accessible with hostname only on local subnet

[*...@ppu]

hi all,

i have integrated SAMBA with active directory and everthing is working .
however  SAMBA server is accessible with hostname only on local
subnet. it is not opening in other subnets and opening with ipaddress.
it keeps on asking for password and saying access denied while using
net view \\testsamba corp.raju.ad.
command
any one faced the same problem ?? please help me out.


Regards
Appaji.p
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] krb ticket for the computer account

[Mustafa Kuscu]

  How can I obtain a krb5 ticket for the computer account?
 

 Hi Mustafa,

 To be able to check out a ticket in that way you need to set
 userprincipialname on the computeraccount. I do that when I join with:

 # net ads join createupn=host/hostname.domain@domain.tld

 I then create a keytab file:

 # net ads keytab create


Andreas, thanks, this helped me get a Kerberos ticket. In specific, added
   use kerberos keytab = yes
into /etc/smb.conf and restarted winbind.

However, mount is still not aware of the ticket. Here is the output:

[DOMAIN\computercomputer ~]$ sudo kinit -V -5  -k -t /etc/krb5.keytab
compute...@domain.com
Authenticated to Kerberos v5

[DOMAIN\computercomputer ~]$ sudo klist -5
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: compute...@domain.com

Valid starting ExpiresService principal
11/11/10 14:10:42  11/12/10 00:08:44  krbtgt/domain@domain.com
renew until 11/12/10 14:10:42

[DOMAIN\computercomputer ~]$ sudo mount -t cifs -o
user=DOMAIN\\COMPUTER\$,sec=krb5  //remotehost/remoteshare /mnt/localmount
mount error(126): Required key not available
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

[DOMAIN\computercomputer ~]$ sudo mount -t cifs -o sec=krb5
//remotehost/remoteshare /mnt/localmount
mount error(126): Required key not available
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

Any ideas on how to debug this further?

Regards,
Mustafa
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] krb ticket for the computer account

[Liam Gretton]

On 11/11/2010 12:18, Mustafa Kuscu wrote:


[DOMAIN\computercomputer ~]$ sudo mount -t cifs -o sec=krb5
//remotehost/remoteshare /mnt/localmount
mount error(126): Required key not available
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

Any ideas on how to debug this further?


I think you need to define KRB5CCNAME to point to your ticket cache file 
(/tmp/krb5cc_0) or have a /tmp/krb5cc_ file where  is the UID of 
the sudo user.


--
Liam Grettonliam.gret...@le.ac.uk
HPC Architect http://www.le.ac.uk/its
IT Services   Tel: +44 (0)116 2522254
University Of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] SAMBA accessible with hostname only on local subnet

[Aaron E.]

I would verify the routing table on the server. This sounds like the 
default gateway isn't set or the server doesn't know how to reach the 
other networks.


try # route
and examine the table.

On 11/11/2010 06:17 AM, *...@ppu wrote:

hi all,

i have integrated SAMBA with active directory and everthing is working .
however  SAMBA server is accessible with hostname only on local
subnet. it is not opening in other subnets and opening with ipaddress.
it keeps on asking for password and saying access denied while using
net view \\testsamba corp.raju.ad.
command
any one faced the same problem ?? please help me out.


Regards
Appaji.p


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] krb ticket for the computer account

[Mustafa Kuscu]

 Any ideas on how to debug this further?


 I think you need to define KRB5CCNAME to point to your ticket cache file
 (/tmp/krb5cc_0) or have a /tmp/krb5cc_ file where  is the UID of the
 sudo user.


Did not work. still getting the message:
mount error(126): Required key not available

Found out that
smbclient -k //remotehost/remoteshare
works  with my kerberos setup. I will go with it for now. Here is the
related thread:

http://lists.samba.org/archive/samba/2010-May/155517.html


Regards,

-- 

Mustafa
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] tree connect failed: NT_STATUS_BAD_NETWORK_NAME

[Ayo Adeyeri]

Bump

-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On 
Behalf Of Ayo Adeyeri
Sent: Wednesday, November 10, 2010 7:17 PM
To: samba@lists.samba.org
Subject: [Samba] tree connect failed: NT_STATUS_BAD_NETWORK_NAME

Let me start off by apologizing for this rambling post.  I have been working on 
this problem all day and have not gotten anywhere.
This is my first time working with samba and I have been tasked to set up a 
share that does not require a password for access.  I have been tinkering with 
the configuration file but I cannot get it to work.  Here is my current 
smb.conf file that I have:

global]
security = share
workgroup = somedomain.com
guest account = murex
log file = /var/log/samba/%m.log


[Murex]
comment = Murex pickup
path = /apps/murex/pickup
writable = yes
read only = no
guest ok = yes


[testdir]
comment = Troubleshooting area
path = /sambatest
writable = yes
read only = no
guest ok = yes
guest only = yes

When I try to access it either of the shares (Murex or testdir) using 
smbclient, I get the following:
# smbclient //localhost/murex
Password:
Domain=[SOMEDOMAIN.COM] OS=[Unix] Server=[Samba 3.0.28-0.el5.8]
Server not using user level security and no password supplied.
tree connect failed: NT_STATUS_BAD_NETWORK_NAME
#
Not sure why it is stating that no password was supplied because I entered a 
password.  I tried both the root password since that is what I was logged in as 
and the password for the user murex.  The murex user is a valid unix account.  
I also created a samba password for the murex user (I used smbpasswd -a murex). 
 This was done recently but it did not change anything.

I can see the shares from our windows clients but when I try and open up a 
share (by double clicking on it) or map a drive to the share I get the 
following errors in the log files:
[2010/11/10 18:49:35, 0] smbd/service.c:make_connection_snum(1003)
  '/apps/murex/pickup' does not exist or permission denied when connecting to 
[Murex] Error was Permission denied
[2010/11/10 18:49:36, 0] smbd/service.c:make_connection_snum(1003)
  '/sambatest' does not exist or permission denied when connecting to [testdir] 
Error was Permission denied

I also see these same errors in the log files when I run the smbclient command 
from above.  The unix permissions on these directories are set at 777.

This is driving me nuts because I think it has got be a pretty minor 
configuration error but I can't figure out what it is.  Does anyone have any 
ideas of what I am missing or doing wrong?

Thanks,
Ayo Adeyeri
InfoHedge Technologies LLC
747 Third Avenue, 4th Floor, New York, NY 10017
ayo.adey...@infohedge.netmailto:ayo.adey...@infohedge.net
Office: (212) 531-5835



This e-mail message, and any enclosures, is intended only for the persons to 
whom it is addressed, and may contain confidential information. Any use, 
distribution, modification, copying or disclosure by any other person is 
strictly prohibited. If you receive this message in error, please notify the 
sender by return e-mail and delete this message from your computer. InfoHedge 
disclaims all responsibility from and accepts no liability whatsoever for any 
incorrect, misleading or altered information contained herein, or for the 
consequences of any unauthorized person acting, or refraining from acting, on 
any information contained in this message.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

This e-mail message, and any enclosures, is intended only for the persons to 
whom it is addressed, and may contain confidential information. Any use, 
distribution, modification, copying or disclosure by any other person is 
strictly prohibited. If you receive this message in error, please notify the 
sender by return e-mail and delete this message from your computer.  InfoHedge 
disclaims all responsibility from and accepts no liability  whatsoever for any 
incorrect, misleading or altered information contained herein, or for the 
consequences of any unauthorized person acting, or refraining from acting, on 
any information contained in this message.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] tree connect failed: NT_STATUS_BAD_NETWORK_NAME

[John Drescher]

Network names with a . in them are not supported. Well unless you are
talking about an ads realm.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] tree connect failed: NT_STATUS_BAD_NETWORK_NAME

[Ayo Adeyeri]

Thanks John,

I just removed the . , changed the workgroup name to covecapcom but I am 
still getting the same errors in the log file when I attempt to connect to 
either of the shares from a windows client.

Thanks,
Ayo Adeyeri


-Original Message-
From: John Drescher [mailto:dresche...@gmail.com]
Sent: Thursday, November 11, 2010 9:30 AM
To: Ayo Adeyeri; samba
Subject: Re: [Samba] tree connect failed: NT_STATUS_BAD_NETWORK_NAME

Network names with a . in them are not supported. Well unless you are
talking about an ads realm.

John

This e-mail message, and any enclosures, is intended only for the persons to 
whom it is addressed, and may contain confidential information. Any use, 
distribution, modification, copying or disclosure by any other person is 
strictly prohibited. If you receive this message in error, please notify the 
sender by return e-mail and delete this message from your computer.  InfoHedge 
disclaims all responsibility from and accepts no liability  whatsoever for any 
incorrect, misleading or altered information contained herein, or for the 
consequences of any unauthorized person acting, or refraining from acting, on 
any information contained in this message.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba over internet slow with images/thumbnails

[Chris Weiss]

On Thu, Nov 11, 2010 at 1:13 AM, Stan Hoeppner s...@hardwarefreak.com wrote:
 Simply not the best experience.

yeah.  smb/cifs, and not just samba but windows too, is not really
well suited for large files over high latency links.  The exceptions
are office docs where the files are not read in entirety when opened.

If your image collection is dynamic and/or you need remote users to be
able to easily upload stuff, I'd have to recommend
http://gallery.menalto.com/.  I've been using it for years, it's not
hard to setup, has a decent users and permissions system, and some
pretty cool features like bulk import from folder or uploaded zip file
and full screen slideshow and optional user comments.  The new version
3 has some cool 3rd party plugins too.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] tree connect failed: NT_STATUS_BAD_NETWORK_NAME

[John Drescher]

On Thu, Nov 11, 2010 at 9:36 AM, Ayo Adeyeri ayo.adey...@infohedge.net wrote:
 Thanks John,

 I just removed the . , changed the workgroup name to covecapcom but I am 
 still getting the same errors in the log file when I attempt to connect to 
 either of the shares from a windows client.


Are the windows clients windows 7?

Also share level security is being discouraged for some time.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] getting users of a Active Directory group

[Oguz Yilmaz]

Hi all,

I try to form a file to include AD usernames with their group
memberships. I have no problems with joining and getent and wbinfo
stuff. All are working.

A user may have more then one group membership except Domain Users group.

One way is to run getent group and grep for the group I try to find
its members. After finding its GID I can search getent passwd output
for the users with this GID. However, in some servers getent passwd
only show GID for default Domain Users group which every user is a
member of.

Another way is to run getent group. In one of my servers (win2003),
getent group output will give users in the form of:
g_group1:*:10263:mr.smith,mrs.smith
Then I can conclude g_group1 has members mr.smith and mrs.smith.

However in another type of server (2008r2), getent group does not
list members as fourth field in the output. Also getent passwd lists
only domain users group GID.

I do want to now What can be the difference with those AD servers? Is
this about organizational hirarchy of AD?

Can you propose any other way to find members of a specific group?

Samba is samba3-3.5.1-43.el5, os is Centos 5 level.

Best Regards,


--
Oguz YILMAZ
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] troule switching winbind to use a new AD 2008

[John Stile]

I have been using 2003 AD servers for winbind for many years, and now
2008 is phasing in, but I can't authenticate using the new servers, and
I'm not sure what to do.  All advice very welcome.

This is a problem for me on both Gentoo (samba 3.0.33) and Debian Lenny
(samba 3.0.24).

For debugging, I ran winbind interactively and piped output to a file
(winbindd -d 3 -i).  

I have also posted the complete files to a pastebin: 
Working AD: http://pastebin.ca/1988167
Non-working AD: http://pastebin.ca/1988169

I did this for working and non-working ADs, and each time, I exercised
the winbind daemon with the same commands, and then diff'ed the files.

Both AD's behave the same for the following commands:
wbinfo -g
wbinfo -u
net ads info

However, the following commands do not work using the 2008 AD.
kinit john
  kinit(v5): KDC has no support for encryption type while getting initial 
credentials
wbinfo --all-domains
  empty
wbinfo -m
  Could not list trusted domains
wbinfo -t
  checking the trust secret via RPC calls succeeded
wbinfo -a MS+john%'mypasswd'
   plaintext password authentication failed
   error code was NT code 0x0721 (0x721)
   error messsage was: NT code 0x0721
   Could not authenticate user MS+john%mypasswd with plaintext password
   challenge/response password authentication failed
   error code was NT_STATUS_PIPE_DISCONNECTED (0xc0b0)
   error messsage was: Named pipe dicconnected
   Could not authenticate user MS+john with challenge/response

The winbind logs are long, and attaching to this email seems wrong, so I
have a difference summery below.  

---First:---
The working AD shows this:
get_dc_list: preferred server list: 192.168.50.11, 192.168.50.11
get_dc_list: preferred server list: 192.168.50.11, 192.168.50.11
Doing spnego session setup (blob length=104)

The non-working AD shows this:
get_dc_list: preferred server list: , 192.168.50.12
Connected to LDAP server 192.168.50.12
get_dc_list: preferred server list: , 192.168.50.12
Connected to LDAP server 192.168.50.12
get_dc_list: preferred server list: , 192.168.50.12
get_dc_list: preferred server list: , 192.168.50.12
get_dc_list: preferred server list: , 192.168.50.12
get_dc_list: preferred server list: , 192.168.50.12
get_dc_list: preferred server list: , 192.168.50.12
get_dc_list: preferred server list: , 192.168.50.12
Doing spnego session setup (blob length=136)
got OID=1 3 6 1 4 1 311 2 2 30

---Second:---
The working AD shows this:
got principal=a...@ms.mydomain.com

The non-working AD shows this:
got principal=not_defined_in_rfc4...@please_ignore
cli_session_setup_spnego: got a bad server principal, trying to
guess ...
cli_session_setup_spnego: guessed server principal=a...@ms.mydomain.com

---Third:---
The working AD shows this:
got principal=a...@ms.mydomain.com
Doing kerberos session setup
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Thu, 
11 Nov 2010 06:53:02 PST
rpc_pipe_bind: Remote machine ad1.ms.mydomain.com pipe \lsarpc fnum 0x4003 bind 
request returned ok.
rpc_pipe_bind: Remote machine ad1.ms.mydomain.com pipe \lsarpc fnum 0x4002 bind 
request returned ok.

The non-working AD shows this:
got principal=not_defined_in_rfc4...@please_ignore
Kinit failed: KDC has no support for encryption type
Doing spnego session setup (blob length=136)
got OID=1 3 6 1 4 1 311 2 2 30
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=not_defined_in_rfc4...@please_ignore
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
rpc_pipe_bind: Remote machine AD4.ms.mydomain.com pipe \lsarpc fnum 0x800d bind 
request returned ok.
rpc_pipe_bind: Remote machine AD4.ms.mydomain.com pipe \lsarpc fnum 0x800e bind 
request returned ok.

---Fourth:---
The working AD shows this:
[ 4325]: pam auth MS+john
[ 4318]: dual pam auth MS+john
[ 4325]: request misc info
[ 4325]: pam auth crap domain: [MS] user: john
[ 4318]: pam auth crap domain: MS user: john
[ 4327]: request interface version
[ 4327]: request location of privileged pipe
[ 4327]: check machine account
[ 4318]: check machine account
get_dc_list: preferred server list: 192.168.50.11, 192.168.50.11
get_dc_list: preferred server list: 192.168.50.11, 192.168.50.11
Doing spnego session setup (blob length=104)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=a...@ms.mydomain.com
Doing kerberos session setup
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Thu, 
11 Nov 2010 16:43:26 PST
rpc_pipe_bind: Remote machine ad1.ms.mydomain.com pipe \NETLOGON fnum 0x800c 
bind request returned ok.
rpc_pipe_bind: Remote machine ad1.ms.mydomain.com pipe \NETLOGON fnum 0x8008 
bind request returned ok.
secret is good
[ 4328]: request interface 

Re: [Samba] troule switching winbind to use a new AD 2008

[Ray Van Dolson]

On Thu, Nov 11, 2010 at 08:09:50AM -0800, John Stile wrote:
 I have been using 2003 AD servers for winbind for many years, and now
 2008 is phasing in, but I can't authenticate using the new servers, and
 I'm not sure what to do.  All advice very welcome.
 
 This is a problem for me on both Gentoo (samba 3.0.33) and Debian Lenny
 (samba 3.0.24).
 
 For debugging, I ran winbind interactively and piped output to a file
 (winbindd -d 3 -i).  
 
 I have also posted the complete files to a pastebin: 
 Working AD: http://pastebin.ca/1988167
 Non-working AD: http://pastebin.ca/1988169
 
 I did this for working and non-working ADs, and each time, I exercised
 the winbind daemon with the same commands, and then diff'ed the files.
 
 Both AD's behave the same for the following commands:
 wbinfo -g
 wbinfo -u
 net ads info
 
 However, the following commands do not work using the 2008 AD.
 kinit john
   kinit(v5): KDC has no support for encryption type while getting initial 
 credentials
 wbinfo --all-domains
   empty
 wbinfo -m
   Could not list trusted domains
 wbinfo -t
   checking the trust secret via RPC calls succeeded
 wbinfo -a MS+john%'mypasswd'
plaintext password authentication failed
error code was NT code 0x0721 (0x721)
error messsage was: NT code 0x0721
Could not authenticate user MS+john%mypasswd with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_PIPE_DISCONNECTED (0xc0b0)
error messsage was: Named pipe dicconnected
Could not authenticate user MS+john with challenge/response
 
 The winbind logs are long, and attaching to this email seems wrong, so I
 have a difference summery below.  
 
 ---First:---
 The working AD shows this:
 get_dc_list: preferred server list: 192.168.50.11, 192.168.50.11
 get_dc_list: preferred server list: 192.168.50.11, 192.168.50.11
 Doing spnego session setup (blob length=104)
 
 The non-working AD shows this:
 get_dc_list: preferred server list: , 192.168.50.12
 Connected to LDAP server 192.168.50.12
 get_dc_list: preferred server list: , 192.168.50.12
 Connected to LDAP server 192.168.50.12
 get_dc_list: preferred server list: , 192.168.50.12
 get_dc_list: preferred server list: , 192.168.50.12
 get_dc_list: preferred server list: , 192.168.50.12
 get_dc_list: preferred server list: , 192.168.50.12
 get_dc_list: preferred server list: , 192.168.50.12
 get_dc_list: preferred server list: , 192.168.50.12
 Doing spnego session setup (blob length=136)
 got OID=1 3 6 1 4 1 311 2 2 30
 
 ---Second:---
 The working AD shows this:
 got principal=a...@ms.mydomain.com
 
 The non-working AD shows this:
 got principal=not_defined_in_rfc4...@please_ignore
 cli_session_setup_spnego: got a bad server principal, trying to
 guess ...
 cli_session_setup_spnego: guessed server principal=a...@ms.mydomain.com
 
 ---Third:---
 The working AD shows this:
 got principal=a...@ms.mydomain.com
 Doing kerberos session setup
 ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration 
 Thu, 11 Nov 2010 06:53:02 PST
 rpc_pipe_bind: Remote machine ad1.ms.mydomain.com pipe \lsarpc fnum 0x4003 
 bind request returned ok.
 rpc_pipe_bind: Remote machine ad1.ms.mydomain.com pipe \lsarpc fnum 0x4002 
 bind request returned ok.
 
 The non-working AD shows this:
 got principal=not_defined_in_rfc4...@please_ignore
 Kinit failed: KDC has no support for encryption type
 Doing spnego session setup (blob length=136)
 got OID=1 3 6 1 4 1 311 2 2 30
 got OID=1 2 840 48018 1 2 2
 got OID=1 2 840 113554 1 2 2
 got OID=1 2 840 113554 1 2 2 3
 got OID=1 3 6 1 4 1 311 2 2 10
 got principal=not_defined_in_rfc4...@please_ignore
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898215
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x60088215
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x60088215
 rpc_pipe_bind: Remote machine AD4.ms.mydomain.com pipe \lsarpc fnum 0x800d 
 bind request returned ok.
 rpc_pipe_bind: Remote machine AD4.ms.mydomain.com pipe \lsarpc fnum 0x800e 
 bind request returned ok.
 
 ---Fourth:---
 The working AD shows this:
 [ 4325]: pam auth MS+john
 [ 4318]: dual pam auth MS+john
 [ 4325]: request misc info
 [ 4325]: pam auth crap domain: [MS] user: john
 [ 4318]: pam auth crap domain: MS user: john
 [ 4327]: request interface version
 [ 4327]: request location of privileged pipe
 [ 4327]: check machine account
 [ 4318]: check machine account
 get_dc_list: preferred server list: 192.168.50.11, 192.168.50.11
 get_dc_list: preferred server list: 192.168.50.11, 192.168.50.11
 Doing spnego session setup (blob length=104)
 got OID=1 2 840 48018 1 2 2
 got OID=1 2 840 113554 1 2 2
 got OID=1 2 840 113554 1 2 2 3
 got OID=1 3 6 1 4 1 311 2 2 10
 got principal=a...@ms.mydomain.com
 Doing kerberos session setup
 ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration 
 Thu, 11 Nov 2010 16:43:26 PST
 rpc_pipe_bind: Remote machine ad1.ms.mydomain.com pipe \NETLOGON 

Re: [Samba] troule switching winbind to use a new AD 2008

[John Stile]

I forgot to mention that this AD is 2008 R2, if that makes a difference.


On Thu, 2010-11-11 at 08:12 -0800, Ray Van Dolson wrote:
 On Thu, Nov 11, 2010 at 08:09:50AM -0800, John Stile wrote:
  I have been using 2003 AD servers for winbind for many years, and now
  2008 is phasing in, but I can't authenticate using the new servers, and
  I'm not sure what to do.  All advice very welcome.
  
  This is a problem for me on both Gentoo (samba 3.0.33) and Debian Lenny
  (samba 3.0.24).
  
  For debugging, I ran winbind interactively and piped output to a file
  (winbindd -d 3 -i).  
  
  I have also posted the complete files to a pastebin: 
  Working AD: http://pastebin.ca/1988167
  Non-working AD: http://pastebin.ca/1988169
  
  I did this for working and non-working ADs, and each time, I exercised
  the winbind daemon with the same commands, and then diff'ed the files.
  
  Both AD's behave the same for the following commands:
  wbinfo -g
  wbinfo -u
  net ads info
  
  However, the following commands do not work using the 2008 AD.
  kinit john
kinit(v5): KDC has no support for encryption type while getting initial 
  credentials
  wbinfo --all-domains
empty
  wbinfo -m
Could not list trusted domains
  wbinfo -t
checking the trust secret via RPC calls succeeded
  wbinfo -a MS+john%'mypasswd'
 plaintext password authentication failed
 error code was NT code 0x0721 (0x721)
 error messsage was: NT code 0x0721
 Could not authenticate user MS+john%mypasswd with plaintext password
 challenge/response password authentication failed
 error code was NT_STATUS_PIPE_DISCONNECTED (0xc0b0)
 error messsage was: Named pipe dicconnected
 Could not authenticate user MS+john with challenge/response
  
  The winbind logs are long, and attaching to this email seems wrong, so I
  have a difference summery below.  
  
  ---First:---
  The working AD shows this:
  get_dc_list: preferred server list: 192.168.50.11, 192.168.50.11
  get_dc_list: preferred server list: 192.168.50.11, 192.168.50.11
  Doing spnego session setup (blob length=104)
  
  The non-working AD shows this:
  get_dc_list: preferred server list: , 192.168.50.12
  Connected to LDAP server 192.168.50.12
  get_dc_list: preferred server list: , 192.168.50.12
  Connected to LDAP server 192.168.50.12
  get_dc_list: preferred server list: , 192.168.50.12
  get_dc_list: preferred server list: , 192.168.50.12
  get_dc_list: preferred server list: , 192.168.50.12
  get_dc_list: preferred server list: , 192.168.50.12
  get_dc_list: preferred server list: , 192.168.50.12
  get_dc_list: preferred server list: , 192.168.50.12
  Doing spnego session setup (blob length=136)
  got OID=1 3 6 1 4 1 311 2 2 30
  
  ---Second:---
  The working AD shows this:
  got principal=a...@ms.mydomain.com
  
  The non-working AD shows this:
  got principal=not_defined_in_rfc4...@please_ignore
  cli_session_setup_spnego: got a bad server principal, trying to
  guess ...
  cli_session_setup_spnego: guessed server principal=a...@ms.mydomain.com
  
  ---Third:---
  The working AD shows this:
  got principal=a...@ms.mydomain.com
  Doing kerberos session setup
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration 
  Thu, 11 Nov 2010 06:53:02 PST
  rpc_pipe_bind: Remote machine ad1.ms.mydomain.com pipe \lsarpc fnum 0x4003 
  bind request returned ok.
  rpc_pipe_bind: Remote machine ad1.ms.mydomain.com pipe \lsarpc fnum 0x4002 
  bind request returned ok.
  
  The non-working AD shows this:
  got principal=not_defined_in_rfc4...@please_ignore
  Kinit failed: KDC has no support for encryption type
  Doing spnego session setup (blob length=136)
  got OID=1 3 6 1 4 1 311 2 2 30
  got OID=1 2 840 48018 1 2 2
  got OID=1 2 840 113554 1 2 2
  got OID=1 2 840 113554 1 2 2 3
  got OID=1 3 6 1 4 1 311 2 2 10
  got principal=not_defined_in_rfc4...@please_ignore
  Got challenge flags:
  Got NTLMSSP neg_flags=0x62898215
  NTLMSSP: Set final flags:
  Got NTLMSSP neg_flags=0x60088215
  NTLMSSP Sign/Seal - Initialising with flags:
  Got NTLMSSP neg_flags=0x60088215
  rpc_pipe_bind: Remote machine AD4.ms.mydomain.com pipe \lsarpc fnum 0x800d 
  bind request returned ok.
  rpc_pipe_bind: Remote machine AD4.ms.mydomain.com pipe \lsarpc fnum 0x800e 
  bind request returned ok.
  
  ---Fourth:---
  The working AD shows this:
  [ 4325]: pam auth MS+john
  [ 4318]: dual pam auth MS+john
  [ 4325]: request misc info
  [ 4325]: pam auth crap domain: [MS] user: john
  [ 4318]: pam auth crap domain: MS user: john
  [ 4327]: request interface version
  [ 4327]: request location of privileged pipe
  [ 4327]: check machine account
  [ 4318]: check machine account
  get_dc_list: preferred server list: 192.168.50.11, 192.168.50.11
  get_dc_list: preferred server list: 192.168.50.11, 192.168.50.11
  Doing spnego session setup (blob length=104)
  got OID=1 2 840 48018 1 2 2
  got OID=1 2 840 113554 1 2 2
  got OID=1 2 840 113554 1 2 2 3
  got OID=1 3 

[Samba] Mandatory Profile

[Aaron E.]

I'm using samba 3.4 with ldap backend, I'm trying to get a mandatory 
profile working with 4 of my floor machines.


I can't seem to get the proper permissions in order for all 4 users to 
pull this profile. Only the owner of the profile can use even if I set 
the permissions to 777 on the profile... I've tried using different 
groups iee. guests, domusers, users, recursive all the way down the 
profile..


Is this possible? Or am I chasing an item that should be possible in 
theory but just won't work?


Thanks
Endo

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] FreeBSD 8.1 Samba4 alpha11 domain controller - cldapd bind problem

[Oeboema]

I've been trying to run samba4 alpha11 on a FreeBSD 8.1 system as a
domain controller but I'm having trouble starting the cldapd server.
For some reason it won't bind to the specified address or interface
whatever I specify in smb.conf. I managed running the provision script
without any trouble but I have no clue how to solve this problem in
order to start the samba server.

bitrot# samba4 -i -M single -d3
lp_load: refreshing parameters from /usr/local/etc/smb4.conf
params.c:pm_process() - Processing configuration file /usr/local/etc/smb4.conf
Processing section [globals]
Processing section [netlogon]
Processing section [sysvol]
adding hidden service IPC$
adding hidden service ADMIN$
samba version 4.0.0alpha11 started.
Copyright Andrew Tridgell and the Samba Team 1992-2010
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'ntlmssp' registered
NTPTR backend 'simple_ldb'
NTVFS backend 'simple' for type 1 registered
NTVFS backend 'cifs' for type 1 registered
NTVFS backend 'nbench' for type 1 registered
NTVFS backend 'unixuid' for type 1 registered
NTVFS backend 'unixuid' for type 3 registered
NTVFS backend 'unixuid' for type 2 registered
NTVFS backend 'cifsposix' for type 1 registered
NTVFS backend 'smb2' for type 1 registered
NTVFS backend 'default' for type 2 registered
NTVFS backend 'default' for type 3 registered
NTVFS backend 'default' for type 1 registered
NTVFS backend 'posix' for type 1 registered
PROCESS_MODEL 'standard' registered
PROCESS_MODEL 'prefork' registered
PROCESS_MODEL 'thread' registered
PROCESS_MODEL 'single' registered
AUTH backend 'winbind_samba3' registered
AUTH backend 'winbind' registered
AUTH backend 'winbind_wbclient' registered
AUTH backend 'server' registered
AUTH backend 'name_to_ntstatus' registered
AUTH backend 'fixed_challenge' registered
AUTH backend 'unix' registered
AUTH backend 'anonymous' registered
AUTH backend 'sam' registered
AUTH backend 'sam_ignoredomain' registered
SHARE backend [ldb] registered.
SHARE backend [classic] registered.
ldb_wrap open of sam.ldb
ldb_wrap open of privilege.ldb
ldb_wrap open of /usr/local/etc/samba/private/schannel.ldb
samba: using 'single' process model
added interface ip=192.168.162.2 nmask=255.255.255.0
DCERPC endpoint server 'wkssvc' registered
DCERPC endpoint server 'drsuapi' registered
DCERPC endpoint server 'spoolss' registered
DCERPC endpoint server 'winreg' registered
DCERPC endpoint server 'epmapper' registered
DCERPC endpoint server 'srvsvc' registered
DCERPC endpoint server 'netlogon' registered
DCERPC endpoint server 'browser' registered
DCERPC endpoint server 'rpcecho' registered
DCERPC endpoint server 'unixinfo' registered
DCERPC endpoint server 'samr' registered
DCERPC endpoint server 'remote' registered
DCERPC endpoint server 'dssetup' registered
DCERPC endpoint server 'lsarpc' registered
added interface ip=192.168.162.2 nmask=255.255.255.0
added interface ip=192.168.162.2 nmask=255.255.255.0
added interface ip=192.168.162.2 nmask=255.255.255.0
added interface ip=192.168.162.2 nmask=255.255.255.0
added interface ip=192.168.162.2 nmask=255.255.255.0
Failed to bind to ipv4:192.168.162.2:389 - NT_STATUS_INVALID_PARAMETER
task_server_terminate: [cldapd failed to setup interfaces]
samba_terminate: cldapd failed to setup interfaces
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] ntlm_auth = NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc000005e)

[Rowley, Mathew]

I had to downgrade samba on a rh5.5 instance due to ntlm_auth not working 
properly: https://bugzilla.redhat.com/show_bug.cgi?format=multipleid=561325

Now, when I add the computer to the domain ('net ads join –U Administrator') it 
seems to work, is visible on the AD interface, but the logs show an error:
Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22,  0] 
winbindd/idmap.c:idmap_alloc_init(589)
Nov 11 16:03:22 rhclient winbindd[4483]:   ERROR: Initialization failed for 
alloc backend, deferred!
Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22,  0] 
winbindd/idmap.c:smb_register_idmap_alloc(201)
Nov 11 16:03:22 rhclient winbindd[4483]:   idmap_alloc module ldap already 
registered!
Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22,  0] 
winbindd/idmap.c:smb_register_idmap_alloc(201)
Nov 11 16:03:22 rhclient winbindd[4483]:   idmap_alloc module tdb already 
registered!
Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22,  0] 
winbindd/idmap.c:smb_register_idmap(149)
Nov 11 16:03:22 rhclient winbindd[4483]:   Idmap module passdb already 
registered!
Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22,  0] 
winbindd/idmap.c:smb_register_idmap(149)
Nov 11 16:03:22 rhclient winbindd[4483]:   Idmap module nss already registered!
Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22,  0] 
winbindd/idmap.c:idmap_alloc_init(589)
Nov 11 16:03:22 rhclient winbindd[4483]:   ERROR: Initialization failed for 
alloc backend, deferred!
Nov 11 16:03:22 rhclient pcscd: winscard.c:304:SCardConnect() Reader E-Gate 0 0 
Not Found

And wbinfo gives me nothing – so I am assuming there is a problem:
[r...@rhclient samba]# wbinfo -u
[r...@rhclient samba]# wbinfo -g
[r...@rhclient samba]#

When trying to do a ntlm_auth, I get a funky error as well:
[r...@rhclient samba]# ntlm_auth --request-nt-key 
--domain=VMSECLAB.CABLE.COMCAST.COM --username=user
password:
NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc05e)

Yet, there is a login server in the samba.conf, and dns/reverse dns works:
[r...@rhclient samba]# grep 'password server' /etc/samba/smb.conf
password server = ad.vmseclab.cable.com
[r...@rhclient samba]# nslookup ad.vmseclab.cable.com
Server: 10.252.159.138
Address: 10.252.159.138#53

Name: ad.vmseclab.cable.com
Address: 10.252.159.138

[r...@rhclient samba]# nslookup 10.252.159.138
Server: 10.252.159.138
Address: 10.252.159.138#53

138.159.252.10.in-addr.arpa name = ad.vmseclab.cable.com.

The samba logs show this when trying to ntlm_auth:
== /var/log/samba/log.winbindd-dc-connect ==
[2010/11/11 16:16:55,  1] libads/cldap.c:recv_cldap_netlogon(157)
  no reply received to cldap netlogon
[2010/11/11 16:16:55,  1] libads/ldap.c:ads_find_dc(427)
  ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), 
trying to find another DC
[2010/11/11 16:16:55,  1] libads/ldap.c:ads_find_dc(427)
  ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), 
trying to find another DC
[2010/11/11 16:17:25,  1] libads/cldap.c:recv_cldap_netlogon(157)
  no reply received to cldap netlogon
[2010/11/11 16:17:25,  1] libads/ldap.c:ads_find_dc(427)
  ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), 
trying to find another DC
[2010/11/11 16:17:25,  1] libads/ldap.c:ads_find_dc(427)
  ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name), 
trying to find another DC


Has anyone seen this, or have any clue what could be happening? It seems like 
my DC does not have cldap open/working? What port does that run over? If its 
normal ldap(389), I can telnet to that fine.

I am out of ideas, any help would be appreciated.  Thanks.



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] ntlm_auth = NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc000005e)

[Aaron E.]

security = domain or security = user?

I had problems with winbind using security = user.. I can't remember 
properly it's been a while..


On 11/11/2010 04:22 PM, Rowley, Mathew wrote:

I had to downgrade samba on a rh5.5 instance due to ntlm_auth not working properly: 
https://bugzilla.redhat.com/show_bug.cgi?format=multipleid=561325

Now, when I add the computer to the domain ('net ads join –U Administrator') it 
seems to work, is visible on the AD interface, but the logs show an error:
Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22,  0] 
winbindd/idmap.c:idmap_alloc_init(589)
Nov 11 16:03:22 rhclient winbindd[4483]:   ERROR: Initialization failed for 
alloc backend, deferred!
Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22,  0] 
winbindd/idmap.c:smb_register_idmap_alloc(201)
Nov 11 16:03:22 rhclient winbindd[4483]:   idmap_alloc module ldap already 
registered!
Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22,  0] 
winbindd/idmap.c:smb_register_idmap_alloc(201)
Nov 11 16:03:22 rhclient winbindd[4483]:   idmap_alloc module tdb already 
registered!
Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22,  0] 
winbindd/idmap.c:smb_register_idmap(149)
Nov 11 16:03:22 rhclient winbindd[4483]:   Idmap module passdb already 
registered!
Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22,  0] 
winbindd/idmap.c:smb_register_idmap(149)
Nov 11 16:03:22 rhclient winbindd[4483]:   Idmap module nss already registered!
Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22,  0] 
winbindd/idmap.c:idmap_alloc_init(589)
Nov 11 16:03:22 rhclient winbindd[4483]:   ERROR: Initialization failed for 
alloc backend, deferred!
Nov 11 16:03:22 rhclient pcscd: winscard.c:304:SCardConnect() Reader E-Gate 0 0 
Not Found

And wbinfo gives me nothing – so I am assuming there is a problem:
[r...@rhclient samba]# wbinfo -u
[r...@rhclient samba]# wbinfo -g
[r...@rhclient samba]#

When trying to do a ntlm_auth, I get a funky error as well:
[r...@rhclient samba]# ntlm_auth --request-nt-key 
--domain=VMSECLAB.CABLE.COMCAST.COM --username=user
password:
NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc05e)

Yet, there is a login server in the samba.conf, and dns/reverse dns works:
[r...@rhclient samba]# grep 'password server' /etc/samba/smb.conf
password server = ad.vmseclab.cable.com
[r...@rhclient samba]# nslookup ad.vmseclab.cable.com
Server: 10.252.159.138
Address: 10.252.159.138#53

Name: ad.vmseclab.cable.com
Address: 10.252.159.138

[r...@rhclient samba]# nslookup 10.252.159.138
Server: 10.252.159.138
Address: 10.252.159.138#53

138.159.252.10.in-addr.arpa name = ad.vmseclab.cable.com.

The samba logs show this when trying to ntlm_auth:
==  /var/log/samba/log.winbindd-dc-connect==
[2010/11/11 16:16:55,  1] libads/cldap.c:recv_cldap_netlogon(157)
   no reply received to cldap netlogon
[2010/11/11 16:16:55,  1] libads/ldap.c:ads_find_dc(427)
   ads_find_dc: failed to find a valid DC on our site 
(Default-First-Site-Name), trying to find another DC
[2010/11/11 16:16:55,  1] libads/ldap.c:ads_find_dc(427)
   ads_find_dc: failed to find a valid DC on our site 
(Default-First-Site-Name), trying to find another DC
[2010/11/11 16:17:25,  1] libads/cldap.c:recv_cldap_netlogon(157)
   no reply received to cldap netlogon
[2010/11/11 16:17:25,  1] libads/ldap.c:ads_find_dc(427)
   ads_find_dc: failed to find a valid DC on our site 
(Default-First-Site-Name), trying to find another DC
[2010/11/11 16:17:25,  1] libads/ldap.c:ads_find_dc(427)
   ads_find_dc: failed to find a valid DC on our site 
(Default-First-Site-Name), trying to find another DC


Has anyone seen this, or have any clue what could be happening? It seems like 
my DC does not have cldap open/working? What port does that run over? If its 
normal ldap(389), I can telnet to that fine.

I am out of ideas, any help would be appreciated.  Thanks.





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] ntlm_auth = NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc000005e)

[Rowley, Mathew]

security = ads

I am really just trying to get ntlm_auth to work in order to proxy AD
requests with FreeRadius...
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO




On 11/11/10 2:26 PM, Aaron E. ssures...@gmail.com wrote:

security = domain or security = user?

I had problems with winbind using security = user.. I can't remember
properly it's been a while..

On 11/11/2010 04:22 PM, Rowley, Mathew wrote:
 I had to downgrade samba on a rh5.5 instance due to ntlm_auth not
working properly:
https://bugzilla.redhat.com/show_bug.cgi?format=multipleid=561325

 Now, when I add the computer to the domain ('net ads join ­U
Administrator') it seems to work, is visible on the AD interface, but
the logs show an error:
 Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22,  0]
winbindd/idmap.c:idmap_alloc_init(589)
 Nov 11 16:03:22 rhclient winbindd[4483]:   ERROR: Initialization failed
for alloc backend, deferred!
 Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22,  0]
winbindd/idmap.c:smb_register_idmap_alloc(201)
 Nov 11 16:03:22 rhclient winbindd[4483]:   idmap_alloc module ldap
already registered!
 Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22,  0]
winbindd/idmap.c:smb_register_idmap_alloc(201)
 Nov 11 16:03:22 rhclient winbindd[4483]:   idmap_alloc module tdb
already registered!
 Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22,  0]
winbindd/idmap.c:smb_register_idmap(149)
 Nov 11 16:03:22 rhclient winbindd[4483]:   Idmap module passdb already
registered!
 Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22,  0]
winbindd/idmap.c:smb_register_idmap(149)
 Nov 11 16:03:22 rhclient winbindd[4483]:   Idmap module nss already
registered!
 Nov 11 16:03:22 rhclient winbindd[4483]: [2010/11/11 16:03:22,  0]
winbindd/idmap.c:idmap_alloc_init(589)
 Nov 11 16:03:22 rhclient winbindd[4483]:   ERROR: Initialization failed
for alloc backend, deferred!
 Nov 11 16:03:22 rhclient pcscd: winscard.c:304:SCardConnect() Reader
E-Gate 0 0 Not Found

 And wbinfo gives me nothing ­ so I am assuming there is a problem:
 [r...@rhclient samba]# wbinfo -u
 [r...@rhclient samba]# wbinfo -g
 [r...@rhclient samba]#

 When trying to do a ntlm_auth, I get a funky error as well:
 [r...@rhclient samba]# ntlm_auth --request-nt-key
--domain=VMSECLAB.CABLE.COMCAST.COM --username=user
 password:
 NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc05e)

 Yet, there is a login server in the samba.conf, and dns/reverse dns
works:
 [r...@rhclient samba]# grep 'password server' /etc/samba/smb.conf
 password server = ad.vmseclab.cable.com
 [r...@rhclient samba]# nslookup ad.vmseclab.cable.com
 Server: 10.252.159.138
 Address: 10.252.159.138#53

 Name: ad.vmseclab.cable.com
 Address: 10.252.159.138

 [r...@rhclient samba]# nslookup 10.252.159.138
 Server: 10.252.159.138
 Address: 10.252.159.138#53

 138.159.252.10.in-addr.arpa name = ad.vmseclab.cable.com.

 The samba logs show this when trying to ntlm_auth:
 ==  /var/log/samba/log.winbindd-dc-connect==
 [2010/11/11 16:16:55,  1] libads/cldap.c:recv_cldap_netlogon(157)
no reply received to cldap netlogon
 [2010/11/11 16:16:55,  1] libads/ldap.c:ads_find_dc(427)
ads_find_dc: failed to find a valid DC on our site
(Default-First-Site-Name), trying to find another DC
 [2010/11/11 16:16:55,  1] libads/ldap.c:ads_find_dc(427)
ads_find_dc: failed to find a valid DC on our site
(Default-First-Site-Name), trying to find another DC
 [2010/11/11 16:17:25,  1] libads/cldap.c:recv_cldap_netlogon(157)
no reply received to cldap netlogon
 [2010/11/11 16:17:25,  1] libads/ldap.c:ads_find_dc(427)
ads_find_dc: failed to find a valid DC on our site
(Default-First-Site-Name), trying to find another DC
 [2010/11/11 16:17:25,  1] libads/ldap.c:ads_find_dc(427)
ads_find_dc: failed to find a valid DC on our site
(Default-First-Site-Name), trying to find another DC


 Has anyone seen this, or have any clue what could be happening? It
seems like my DC does not have cldap open/working? What port does that
run over? If its normal ldap(389), I can telnet to that fine.

 I am out of ideas, any help would be appreciated.  Thanks.




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] FreeBSD 8.1 Samba4 alpha11 domain controller - cldapd bind problem

[Michael Wood]

On 11 November 2010 22:57, Oeboema oebo...@sthuma.nl wrote:
 I've been trying to run samba4 alpha11 on a FreeBSD 8.1 system as a

Samba 4 Alpha 11 is pretty old now.  Have you tried Alpha 13?  I don't
know if it will fix the problem, of course, but I think it's worth a
try.

 domain controller but I'm having trouble starting the cldapd server.
 For some reason it won't bind to the specified address or interface
 whatever I specify in smb.conf. I managed running the provision script
 without any trouble but I have no clue how to solve this problem in
 order to start the samba server.

Are you specifying a particular interface/address in smb.conf?  Do you need to?

 bitrot# samba4 -i -M single -d3
 lp_load: refreshing parameters from /usr/local/etc/smb4.conf
 params.c:pm_process() - Processing configuration file 
 /usr/local/etc/smb4.conf
 Processing section [globals]
 Processing section [netlogon]
 Processing section [sysvol]
 adding hidden service IPC$
 adding hidden service ADMIN$
 samba version 4.0.0alpha11 started.
 Copyright Andrew Tridgell and the Samba Team 1992-2010
 GENSEC backend 'sasl-DIGEST-MD5' registered
 GENSEC backend 'krb5' registered
 GENSEC backend 'fake_gssapi_krb5' registered
 GENSEC backend 'schannel' registered
 GENSEC backend 'spnego' registered
 GENSEC backend 'gssapi_spnego' registered
 GENSEC backend 'gssapi_krb5' registered
 GENSEC backend 'gssapi_krb5_sasl' registered
 GENSEC backend 'ntlmssp' registered
 NTPTR backend 'simple_ldb'
 NTVFS backend 'simple' for type 1 registered
 NTVFS backend 'cifs' for type 1 registered
 NTVFS backend 'nbench' for type 1 registered
 NTVFS backend 'unixuid' for type 1 registered
 NTVFS backend 'unixuid' for type 3 registered
 NTVFS backend 'unixuid' for type 2 registered
 NTVFS backend 'cifsposix' for type 1 registered
 NTVFS backend 'smb2' for type 1 registered
 NTVFS backend 'default' for type 2 registered
 NTVFS backend 'default' for type 3 registered
 NTVFS backend 'default' for type 1 registered
 NTVFS backend 'posix' for type 1 registered
 PROCESS_MODEL 'standard' registered
 PROCESS_MODEL 'prefork' registered
 PROCESS_MODEL 'thread' registered
 PROCESS_MODEL 'single' registered
 AUTH backend 'winbind_samba3' registered
 AUTH backend 'winbind' registered
 AUTH backend 'winbind_wbclient' registered
 AUTH backend 'server' registered
 AUTH backend 'name_to_ntstatus' registered
 AUTH backend 'fixed_challenge' registered
 AUTH backend 'unix' registered
 AUTH backend 'anonymous' registered
 AUTH backend 'sam' registered
 AUTH backend 'sam_ignoredomain' registered
 SHARE backend [ldb] registered.
 SHARE backend [classic] registered.
 ldb_wrap open of sam.ldb
 ldb_wrap open of privilege.ldb
 ldb_wrap open of /usr/local/etc/samba/private/schannel.ldb
 samba: using 'single' process model
 added interface ip=192.168.162.2 nmask=255.255.255.0
 DCERPC endpoint server 'wkssvc' registered
 DCERPC endpoint server 'drsuapi' registered
 DCERPC endpoint server 'spoolss' registered
 DCERPC endpoint server 'winreg' registered
 DCERPC endpoint server 'epmapper' registered
 DCERPC endpoint server 'srvsvc' registered
 DCERPC endpoint server 'netlogon' registered
 DCERPC endpoint server 'browser' registered
 DCERPC endpoint server 'rpcecho' registered
 DCERPC endpoint server 'unixinfo' registered
 DCERPC endpoint server 'samr' registered
 DCERPC endpoint server 'remote' registered
 DCERPC endpoint server 'dssetup' registered
 DCERPC endpoint server 'lsarpc' registered
 added interface ip=192.168.162.2 nmask=255.255.255.0
 added interface ip=192.168.162.2 nmask=255.255.255.0
 added interface ip=192.168.162.2 nmask=255.255.255.0
 added interface ip=192.168.162.2 nmask=255.255.255.0
 added interface ip=192.168.162.2 nmask=255.255.255.0
 Failed to bind to ipv4:192.168.162.2:389 - NT_STATUS_INVALID_PARAMETER
 task_server_terminate: [cldapd failed to setup interfaces]
 samba_terminate: cldapd failed to setup interfaces

-- 
Michael Wood esiot...@gmail.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] FreeBSD 8.1 Samba4 alpha11 domain controller - cldapd bind problem

[Oeboema]

 Samba 4 Alpha 11 is pretty old now.  Have you tried Alpha 13?  I don't
 know if it will fix the problem, of course, but I think it's worth a
 try.

Alpha 11 is the latest version available in the FreeBSD ports. Because
of the amount of patches and the outstanding work of the port
maintainer I would l stick to this one. I will however try to compile
alpha 13 myself but this will take a lot of time...


 Are you specifying a particular interface/address in smb.conf?  Do you need 
 to?

Without any interface/address in smb.conf the same problem occurs.
You're correct that I do not have to specify any interface/address but
was hoping this would kickstart cldapd.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] tree connect failed: NT_STATUS_BAD_NETWORK_NAME

[Ayo Adeyeri]

I would like to thank everyone who assisted me with this problem.  It turns out 
that the problem was caused by the fact that we were running selinux on the 
server.  Once it was disabled the share was accessible.

Thanks
Ayo

-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On 
Behalf Of Ayo Adeyeri
Sent: Thursday, November 11, 2010 9:37 AM
To: John Drescher; samba
Subject: Re: [Samba] tree connect failed: NT_STATUS_BAD_NETWORK_NAME

Thanks John,

I just removed the . , changed the workgroup name to covecapcom but I am 
still getting the same errors in the log file when I attempt to connect to 
either of the shares from a windows client.

Thanks,
Ayo Adeyeri


-Original Message-
From: John Drescher [mailto:dresche...@gmail.com]
Sent: Thursday, November 11, 2010 9:30 AM
To: Ayo Adeyeri; samba
Subject: Re: [Samba] tree connect failed: NT_STATUS_BAD_NETWORK_NAME

Network names with a . in them are not supported. Well unless you are
talking about an ads realm.

John

This e-mail message, and any enclosures, is intended only for the persons to 
whom it is addressed, and may contain confidential information. Any use, 
distribution, modification, copying or disclosure by any other person is 
strictly prohibited. If you receive this message in error, please notify the 
sender by return e-mail and delete this message from your computer.  InfoHedge 
disclaims all responsibility from and accepts no liability  whatsoever for any 
incorrect, misleading or altered information contained herein, or for the 
consequences of any unauthorized person acting, or refraining from acting, on 
any information contained in this message.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] FreeBSD 8.1 Samba4 alpha11 domain controller - cldapd bind problem

[Daniel Müller]

Did you made a testparm -vv|grep cldap, then press enter
You may see this:

server services = smb, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind,
ntp_signd, kcc, dnsupdate
cldap port = 389

First of all server services must point to cldap
And the cldap port.

If you have another service running on the same port it will not work(ex.:
openldap does the same port)

Greetings
Daniel

---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---

-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Oeboema
Gesendet: Donnerstag, 11. November 2010 23:07
An: Michael Wood
Cc: samba@lists.samba.org; samba-techni...@lists.samba.org
Betreff: Re: [Samba] FreeBSD 8.1  Samba4 alpha11 domain controller - cldapd
bind problem

 Samba 4 Alpha 11 is pretty old now.  Have you tried Alpha 13?  I don't
 know if it will fix the problem, of course, but I think it's worth a
 try.

Alpha 11 is the latest version available in the FreeBSD ports. Because
of the amount of patches and the outstanding work of the port
maintainer I would l stick to this one. I will however try to compile
alpha 13 myself but this will take a lot of time...


 Are you specifying a particular interface/address in smb.conf?  Do you
need to?

Without any interface/address in smb.conf the same problem occurs.
You're correct that I do not have to specify any interface/address but
was hoping this would kickstart cldapd.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba and LDAP - which attributes are mandatory which optional

[Götz Reinicke - IT-Koordinator]

Hallo,

I'm asking myself, which LDAP attributes are mandatory which optional
for user and workstation accounts.

After using the smbldap-populate command there where different
attributes set than for adding users with the smbldap-useradd command.

--- snip ---

sambaAcctFlags:
sambaHomeDrive:
sambaHomePath:
sambaKickoffTime:
sambaLMPassword:
sambaLogoffTime:
sambaLogonScript:
sambaLogonTime:
sambaNTPassword:
sambaPrimaryGroupSID:
sambaProfilePath:
sambaPwdCanChange:
sambaPwdLastSet 
sambaPwdMustChange:

--- snap ---

Regards and Thanks for any help,

Götz
-- 
Götz Reinicke
IT-Koordinator

Tel. +49 7141 969 420
Fax  +49 7141 969 55 420
E-Mail goetz.reini...@filmakademie.de

Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de

Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzende des Aufsichtsrats:
Prof. Dr. Claudia Hübner

Geschäftsführer:
Prof. Thomas Schadt

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[SCM] Samba Shared Repository - branch master updated

[Matthias Dieter Wallnöfer]

The branch, master has been updated
   via  bb241f5 s4:pytevent.c - fix a discard const warning
   via  f036790 ldb:ldb_ldap.c rename operation - check for the RDN name 
and value
   via  feb00fe s4:dsdb - proof against empty RDN values where expected
   via  4fe63d9 Cannot create OU using custom Schema class
   via  e96c9df s4:objectclass LDB module - allow RDNs also to come from 
superclasses
   via  4f86f29 s4:passwords.py - add a test for the normal userPassword 
behaviour
   via  7f171a9 s4:password_hash and acl LDB modules - handle the 
userPassword attribute according to the dSHeuristics
   via  d6c78fb s4:password_hash LDB module - move 
samdb_msg_find_old_and_new_ldb_val into the password_hash LDB module
   via  eff1e8c s4:libnet/libnet_samsync_ldb.c - remove userPassword 
remove code
   via  39f8661 s4:local_password LDB module - remove schema checking code 
and fix some typos
   via  ed704c2 s4:ldb_modules/util.c - dsHeuristics - dSHeuristics
   via  79548f0 s4:selftest/tests.py - skip the passwords.py suite on 
Windows 2000 domain function level
   via  5ded90e s4:acl.py - two password change tests are expected to fails 
on Windows 2000 function level
   via  2403aaa s4:upgradehelpers.py - use clearTextPassword rather than 
userPassword
   via  7c59ece s4:speedtest.py - use unicodePwd for setting user's 
password
   via  0e94569 s4:speedtest.py - remove duplicated code
   via  0a29e55 s4:speedtest.py - fix script name in the help text
   via  ed1ca1c s4:speedtest.py - make it executable
   via  cc7f390 s4:python tests - fix script names in the help text
  from  ee50bdd s4-loadparm: fix the FLAG_DEFAULT settings on specially 
handled parameters

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit bb241f5cf8424c2576d5bc33ac149e5720b82068
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Wed Nov 10 16:21:41 2010 +0100

s4:pytevent.c - fix a discard const warning

Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org
Autobuild-Date: Thu Nov 11 09:47:55 UTC 2010 on sn-devel-104

commit f0367905d9a6db76712f1dcf9734f64fe5c5e1b3
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Wed Nov 10 16:20:38 2010 +0100

ldb:ldb_ldap.c rename operation - check for the RDN name and value

Make it more similar to ldb_ildap.c and also more save

commit feb00fe7cc238a78b3832c116cb4634936597735
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Wed Nov 10 16:05:16 2010 +0100

s4:dsdb - proof against empty RDN values where expected

This should prevent crashes as pointed out on the mailing list.

commit 4fe63d927e5e684d3e2bec9642a1e77b056ab2ed
Author: Zahari Zahariev zahari.zahar...@postpath.com
Date:   Tue Nov 9 14:55:32 2010 +0200

Cannot create OU using custom Schema class

If we define our own child class 'subClassOf' system Schema class
e.g. organizationalUnit then we cannot create OU in the Dafualt
Naming Context that has this custom Schama class in the objectClass
attribute.

commit e96c9df817326197a0866a18ad53621405b8bee8
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Wed Nov 10 15:12:02 2010 +0100

s4:objectclass LDB module - allow RDNs also to come from superclasses

Detected by a testcase written by Zahari Zahariev.

commit 4f86f297a22655067006f88eed5f6cb980742b81
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Tue Nov 9 15:04:47 2010 +0100

s4:passwords.py - add a test for the normal userPassword behaviour

Just to make sure that this works now too

commit 7f171a9e0f9b5945bd16a1330ba0908090659030
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Tue Nov 9 14:39:30 2010 +0100

s4:password_hash and acl LDB modules - handle the userPassword attribute 
according to the dSHeuristics

commit d6c78fbd3a88e9fc7b625a03d163e9b5098b94d6
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Tue Nov 9 14:45:18 2010 +0100

s4:password_hash LDB module - move samdb_msg_find_old_and_new_ldb_val 
into the password_hash LDB module

It's only used there and so I think it doesn't really belong in
dsdb/common/util.c (I first thought that it could be useful for ACL 
checking
but obviously it wasn't).

commit eff1e8cd5d17ca990341e463da03fb1075bdb0d0
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Tue Nov 9 18:46:37 2010 +0100

s4:libnet/libnet_samsync_ldb.c - remove userPassword remove code

It could also be a normal attribute with a normal content, and if it's not
like that then it's for sure empty.

commit 39f86619f5f30461d3c1896e88b6b3df2b51a26e
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Tue Nov 9 18:42:26 2010 +0100

s4:local_password LDB module - remove schema checking code and fix some 
typos

This is now done by the objectclass_attrs LDB 

[SCM] Samba Shared Repository - branch master updated

[Andrew Bartlett]

The branch, master has been updated
   via  ba127f9 heimdal Don't dereference NULL in error verify_checksum 
error path
   via  a9baabe s4-provision UTF16 encode the password in sam.ldb, not 
secrets.ldb
   via  78928f5 s4-dsdb Remove incorrectly declared ** variable used as *.
   via  eebbbea s4-dsdb Convert new krbtgt_xxx password into UTF16
   via  01d10c8 s4-dsdb Return an error if we can't convert UTF16MUNGED - 
UTF8
  from  bb241f5 s4:pytevent.c - fix a discard const warning

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit ba127f9849a1ac93c9bab3b8377a880264353b16
Author: Andrew Bartlett abart...@samba.org
Date:   Thu Nov 11 20:44:16 2010 +1100

heimdal Don't dereference NULL in error verify_checksum error path

Autobuild-User: Andrew Bartlett abart...@samba.org
Autobuild-Date: Thu Nov 11 10:37:03 UTC 2010 on sn-devel-104

commit a9baabed562fb6858bd82ee7312faa908283dde4
Author: Andrew Bartlett abart...@samba.org
Date:   Thu Nov 11 19:55:26 2010 +1100

s4-provision UTF16 encode the password in sam.ldb, not secrets.ldb

The password in secrets.ldb is UTF8, while clearTextPassword in
sam.ldb is UTF16.

This corrects commit bd5039546e520b6d6897a658bc0a358f0511f7c7, which
had these the wrong way around.

Andrew Bartlett

commit 78928f5956d1b593e92875fd46a7071a4c979640
Author: Andrew Bartlett abart...@samba.org
Date:   Thu Nov 11 18:36:06 2010 +1100

s4-dsdb Remove incorrectly declared ** variable used as *.

The cleartext_utf16_str variable was declared char **, but due to the
cast on convert_string_talloc() and the lack of type checking here and
on data_blob_const (due to void *) it was able to be used as if it was
a char *.

The simple solution seems to be to fill in cleartext_utf16 blob directly.

Andrew Bartlett

commit eebbbeac1489a1a6241b4c15064d8aaeeec810ae
Author: Andrew Bartlett abart...@samba.org
Date:   Thu Nov 11 18:33:14 2010 +1100

s4-dsdb Convert new krbtgt_xxx password into UTF16

The new stricter test on clearTextPassword values caught out that
we did not provide a utf16 password here.

Andrew Bartlett

commit 01d10c84134341c17e7b41e42bac8368c26d1201
Author: Andrew Bartlett abart...@samba.org
Date:   Thu Nov 11 17:59:16 2010 +1100

s4-dsdb Return an error if we can't convert UTF16MUNGED - UTF8

The UTF16MUNGED helper will map all invalid sequences (except odd
input length) to valid input sequences, per the rules.  Therefore if
it fails, we need to bail out, somehing serious is wrong.

Andrew Bartlett

---

Summary of changes:
 source4/dsdb/samdb/ldb_modules/password_hash.c |   15 ---
 source4/dsdb/samdb/ldb_modules/samldb.c|   13 -
 source4/heimdal/lib/krb5/crypto.c  |2 +-
 source4/scripting/python/samba/provision.py|4 ++--
 4 files changed, 23 insertions(+), 11 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c 
b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 9b6cf8c..1d09f4d 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1288,9 +1288,7 @@ static int setup_given_passwords(struct 
setup_password_fields_io *io,
ldb = ldb_module_get_ctx(io-ac-module);
 
if (g-cleartext_utf8) {
-   char **cleartext_utf16_str;
struct ldb_val *cleartext_utf16_blob;
-   size_t converted_pw_len;
 
cleartext_utf16_blob = talloc(io-ac, struct ldb_val);
if (!cleartext_utf16_blob) {
@@ -1300,15 +1298,14 @@ static int setup_given_passwords(struct 
setup_password_fields_io *io,
   CH_UTF8, CH_UTF16,
   g-cleartext_utf8-data,
   g-cleartext_utf8-length,
-  (void *)cleartext_utf16_str,
-  converted_pw_len, false)) {
+  (void *)cleartext_utf16_blob-data,
+  cleartext_utf16_blob-length,
+  false)) {
ldb_asprintf_errstring(ldb,
setup_password_fields: 
failed to generate UTF16 password from 
cleartext UTF8 password);
return LDB_ERR_OPERATIONS_ERROR;
}
-   *cleartext_utf16_blob = data_blob_const(cleartext_utf16_str,
-   converted_pw_len);
g-cleartext_utf16 = cleartext_utf16_blob;
} else if 

[SCM] Samba Shared Repository - branch v3-5-test updated

[Karolin Seeger]

The branch, v3-5-test has been updated
   via  7effd96 Fix bug 7409 - Thousands of reduce_name: couldn't get 
realpath.
  from  34aa6f4 WHATASNEW: Start 3.5.7 release notes.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -
commit 7effd963691f8a1307b658b029c4f7f255399bb6
Author: Jeremy Allison j...@samba.org
Date:   Mon Sep 13 16:51:59 2010 -0700

Fix bug 7409 - Thousands of reduce_name: couldn't get realpath.

Don't log this at level 1 - every EACCES will generate one.
Thanks to muehlf...@medizinische-genetik.de for pointing this out.

Jeremy.

---

Summary of changes:
 source3/smbd/vfs.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 0dd5bb9..00cf1e5 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -928,7 +928,7 @@ NTSTATUS check_reduced_name(connection_struct *conn, const 
char *fname)
break;
}
default:
-   DEBUG(1,(check_reduced_name: couldn't get 
+   DEBUG(3,(check_reduced_name: couldn't get 
 realpath for %s\n, fname));
return map_nt_error_from_unix(errno);
}


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-5-test updated

[Karolin Seeger]

The branch, v3-5-test has been updated
   via  8e46bff s3:librpc/ndr: use new strlen_m_ext_term() in 
ndr_charset_length(): fix bug #7594
   via  9fd5cc6 librpc/ndr: correctly implement ndr_charset_length()
   via  f7928a0 s3:lib/util_str: add strlen_m_ext_term() - variant of 
strlen_m_ext() counting terminator
   via  054cd7e s3:lib/util_str: add strlen_m_ext() that takes the dest 
charset as a parameter.
  from  7effd96 Fix bug 7409 - Thousands of reduce_name: couldn't get 
realpath.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -
commit 8e46bff8b88103f4a5b0d3920ab6e3901decaf22
Author: Michael Adam ob...@samba.org
Date:   Sun Oct 31 02:04:25 2010 +0200

s3:librpc/ndr: use new strlen_m_ext_term() in ndr_charset_length(): fix bug 
#7594

This fixes the calculation of needed space for destination unicode charset.

The last 4 patches address bug #7594 (wbinfo -u and wbinfo -g gives no
output (log=ndr_pull_error)).

commit 9fd5cc6d85d3179972d7567bad95538ab2873c30
Author: Stefan Metzmacher me...@samba.org
Date:   Wed Aug 25 10:05:15 2010 +0200

librpc/ndr: correctly implement ndr_charset_length()

Before we ignored the charset type.

metze

Signed-off-by: Michael Adam ob...@samba.org

commit f7928a0e0b2be27e83bf26644c45ac554c5acec2
Author: Michael Adam ob...@samba.org
Date:   Sun Oct 31 02:02:16 2010 +0200

s3:lib/util_str: add strlen_m_ext_term() - variant of strlen_m_ext() 
counting terminator

commit 054cd7ec30a3289443c97d36ea416d37f19d6b0b
Author: Michael Adam ob...@samba.org
Date:   Mon Nov 1 16:28:43 2010 +0100

s3:lib/util_str: add strlen_m_ext() that takes the dest charset as a 
parameter.

---

Summary of changes:
 source3/include/proto.h |2 +
 source3/lib/util_str.c  |   72 --
 source3/librpc/ndr/ndr_string.c |   16 +++-
 3 files changed, 76 insertions(+), 14 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 5064fdb..f7bfc2a 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1539,6 +1539,8 @@ char *strnrchr_m(const char *s, char c, unsigned int n);
 char *strstr_m(const char *src, const char *findstr);
 void strlower_m(char *s);
 void strupper_m(char *s);
+size_t strlen_m_ext(const char *s, const charset_t dst_charset);
+size_t strlen_m_ext_term(const char *s, const charset_t dst_charset);
 size_t strlen_m(const char *s);
 size_t strlen_m_term(const char *s);
 size_t strlen_m_term_null(const char *s);
diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c
index 9a0b12a..3da2b83 100644
--- a/source3/lib/util_str.c
+++ b/source3/lib/util_str.c
@@ -1454,12 +1454,12 @@ void strupper_m(char *s)
 }
 
 /**
- Count the number of UCS2 characters in a string. Normally this will
- be the same as the number of bytes in a string for single byte strings,
- but will be different for multibyte.
-**/
-
-size_t strlen_m(const char *s)
+ * Calculate the number of units (8 or 16-bit, depending on the
+ * destination charset), that would be needed to convert the input
+ * string which is expected to be in in CH_UNIX encoding to the
+ * destination charset (which should be a unicode charset).
+ */
+size_t strlen_m_ext(const char *s, const charset_t dst_charset)
 {
size_t count = 0;
 
@@ -1479,19 +1479,67 @@ size_t strlen_m(const char *s)
while (*s) {
size_t c_size;
codepoint_t c = next_codepoint(s, c_size);
-   if (c  0x1) {
-   /* Unicode char fits into 16 bits. */
+   s += c_size;
+
+   switch(dst_charset) {
+   case CH_UTF16LE:
+   case CH_UTF16BE:
+   case CH_UTF16MUNGED:
+   if (c  0x1) {
+   /* Unicode char fits into 16 bits. */
+   count += 1;
+   } else {
+   /* Double-width unicode char - 32 bits. */
+   count += 2;
+   }
+   break;
+   case CH_UTF8:
+   /*
+* this only checks ranges, and does not
+* check for invalid codepoints
+*/
+   if (c  0x80) {
+   count += 1;
+   } else if (c  0x800) {
+   count += 2;
+   } else if (c  0x1000) {
+   count += 3;
+   } else {
+   count += 4;
+   }
+   break;
+   default:
+   /*
+  

[SCM] Samba Shared Repository - branch v3-5-test updated

[Karolin Seeger]

The branch, v3-5-test has been updated
   via  c4421a2 s3: Attempt to fix bug 7665
  from  8e46bff s3:librpc/ndr: use new strlen_m_ext_term() in 
ndr_charset_length(): fix bug #7594

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -
commit c4421a287c7e613c0c8da188a6ae8db37e90c8fc
Author: Volker Lendecke v...@samba.org
Date:   Sat Oct 2 11:50:26 2010 +0200

s3: Attempt to fix bug 7665

Quite a few of our internal routines put stuff on talloc_tos() these days.
In top-level netapi routines, properly allocate a stackframe and clean it
again. Also, don't leak memory in the rpccli_ callers onto the libnetapi
context.

---

Summary of changes:
 source3/lib/netapi/file.c   |6 +-
 source3/lib/netapi/getdc.c  |4 +-
 source3/lib/netapi/group.c  |  112 ++--
 source3/lib/netapi/joindomain.c |   10 +-
 source3/lib/netapi/libnetapi.c  |  159 +++
 source3/lib/netapi/localgroup.c |   34 
 source3/lib/netapi/netlogon.c   |6 +-
 source3/lib/netapi/serverinfo.c |6 +-
 source3/lib/netapi/share.c  |   10 +-
 source3/lib/netapi/shutdown.c   |4 +-
 source3/lib/netapi/user.c   |   80 ++--
 11 files changed, 295 insertions(+), 136 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/lib/netapi/file.c b/source3/lib/netapi/file.c
index 1c3ef6d..6d76be0 100644
--- a/source3/lib/netapi/file.c
+++ b/source3/lib/netapi/file.c
@@ -42,7 +42,7 @@ WERROR NetFileClose_r(struct libnetapi_ctx *ctx,
goto done;
}
 
-   status = rpccli_srvsvc_NetFileClose(pipe_cli, ctx,
+   status = rpccli_srvsvc_NetFileClose(pipe_cli, talloc_tos(),
r-in.server_name,
r-in.fileid,
werr);
@@ -136,7 +136,7 @@ WERROR NetFileGetInfo_r(struct libnetapi_ctx *ctx,
goto done;
}
 
-   status = rpccli_srvsvc_NetFileGetInfo(pipe_cli, ctx,
+   status = rpccli_srvsvc_NetFileGetInfo(pipe_cli, talloc_tos(),
  r-in.server_name,
  r-in.fileid,
  r-in.level,
@@ -216,7 +216,7 @@ WERROR NetFileEnum_r(struct libnetapi_ctx *ctx,
break;
}
 
-   status = rpccli_srvsvc_NetFileEnum(pipe_cli, ctx,
+   status = rpccli_srvsvc_NetFileEnum(pipe_cli, talloc_tos(),
   r-in.server_name,
   r-in.base_path,
   r-in.user_name,
diff --git a/source3/lib/netapi/getdc.c b/source3/lib/netapi/getdc.c
index 9af01ce..b735b6a 100644
--- a/source3/lib/netapi/getdc.c
+++ b/source3/lib/netapi/getdc.c
@@ -52,7 +52,7 @@ WERROR NetGetDCName_r(struct libnetapi_ctx *ctx,
goto done;
}
 
-   status = rpccli_netr_GetDcName(pipe_cli, ctx,
+   status = rpccli_netr_GetDcName(pipe_cli, talloc_tos(),
   r-in.server_name,
   r-in.domain_name,
   (const char **)r-out.buffer,
@@ -92,7 +92,7 @@ WERROR NetGetAnyDCName_r(struct libnetapi_ctx *ctx,
goto done;
}
 
-   status = rpccli_netr_GetAnyDCName(pipe_cli, ctx,
+   status = rpccli_netr_GetAnyDCName(pipe_cli, talloc_tos(),
  r-in.server_name,
  r-in.domain_name,
  (const char **)r-out.buffer,
diff --git a/source3/lib/netapi/group.c b/source3/lib/netapi/group.c
index e707c0c..f5a7e77 100644
--- a/source3/lib/netapi/group.c
+++ b/source3/lib/netapi/group.c
@@ -105,7 +105,7 @@ WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx,
break;
}
 
-   status = rpccli_samr_CreateDomainGroup(pipe_cli, ctx,
+   status = rpccli_samr_CreateDomainGroup(pipe_cli, talloc_tos(),
   domain_handle,
   lsa_group_name,
   SEC_STD_DELETE |
@@ -124,7 +124,7 @@ WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx,
init_lsa_String(info.description,
info1-grpi1_comment);
 
-   status = rpccli_samr_SetGroupInfo(pipe_cli, ctx,
+   status = rpccli_samr_SetGroupInfo(pipe_cli, 
talloc_tos(),
  group_handle,
  

[SCM] Samba Shared Repository - branch v3-5-test updated

[Karolin Seeger]

The branch, v3-5-test has been updated
   via  02dd1fc Fix bug 7716 - acl_xattr and acl_tdb modules don't store 
unmodified copies of security descriptors.
  from  c4421a2 s3: Attempt to fix bug 7665

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -
commit 02dd1fc3c777a49e4fa51982956dcdcc8761e0c9
Author: Jeremy Allison j...@samba.org
Date:   Thu Oct 7 14:26:13 2010 -0700

Fix bug 7716 - acl_xattr and acl_tdb modules don't store unmodified copies 
of security descriptors.

As pointed out by an OEM, the code within smbd/posix_acl.c, even though 
passed
a const pointer to a security descriptor, still modifies the ACE entries 
within
it (which are not const pointers).

This means ACLs stored in the extended attribute by the acl_xattr module 
have
already been modified by the POSIX acl layer, and are not the original 
intent
of storing the unmodified ACL from the client.

Use dup_sec_desc to make a copy of the incoming ACL on talloc_tos() - that
is what is then modified inside smbd/posix_acl.c, leaving the original ACL
to be correctly stored in the xattr.

Jeremy.

---

Summary of changes:
 source3/smbd/posix_acls.c |   12 +++-
 1 files changed, 11 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index eac20d2..0e25ed5 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3822,7 +3822,7 @@ NTSTATUS append_parent_acl(files_struct *fsp,
  This should be the only external function needed for the UNIX style set ACL.
 /
 
-NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const 
SEC_DESC *psd)
+NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const 
SEC_DESC *psd_orig)
 {
connection_struct *conn = fsp-conn;
uid_t user = (uid_t)-1;
@@ -3837,6 +3837,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 
security_info_sent, const SEC_DESC
bool set_acl_as_root = false;
bool acl_set_support = false;
bool ret = false;
+   SEC_DESC *psd = NULL;
 
DEBUG(10,(set_nt_acl: called for file %s\n,
  fsp_str_dbg(fsp)));
@@ -3846,6 +3847,15 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 
security_info_sent, const SEC_DESC
return NT_STATUS_MEDIA_WRITE_PROTECTED;
}
 
+   if (!psd_orig) {
+   return NT_STATUS_INVALID_PARAMETER;
+   }
+
+   psd = dup_sec_desc(talloc_tos(), psd_orig);
+   if (!psd) {
+   return NT_STATUS_NO_MEMORY;
+   }
+
/*
 * Get the current state of the file.
 */


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-5-test updated

[Karolin Seeger]

The branch, v3-5-test has been updated
   via  f1b04a2 s3: Fix bug 7730 -- crash in winbindd_dsgetdcname.c
  from  02dd1fc Fix bug 7716 - acl_xattr and acl_tdb modules don't store 
unmodified copies of security descriptors.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -
commit f1b04a210074546d4e4347b62b4f7f5b879454d9
Author: Volker Lendecke v...@samba.org
Date:   Fri Oct 15 16:37:47 2010 +0200

s3: Fix bug 7730 -- crash in winbindd_dsgetdcname.c

---

Summary of changes:
 source3/winbindd/wb_dsgetdcname.c |4 
 1 files changed, 4 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/wb_dsgetdcname.c 
b/source3/winbindd/wb_dsgetdcname.c
index 994d14e..1334eb9 100644
--- a/source3/winbindd/wb_dsgetdcname.c
+++ b/source3/winbindd/wb_dsgetdcname.c
@@ -97,6 +97,10 @@ static void wb_dsgetdcname_done(struct tevent_req *subreq)
tevent_req_nterror(req, status);
return;
}
+   if (!NT_STATUS_IS_OK(result)) {
+   tevent_req_nterror(req, result);
+   return;
+   }
tevent_req_done(req);
 }
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-5-test updated

[Karolin Seeger]

The branch, v3-5-test has been updated
   via  6e9d95f Fix bug #7743 - Inconsistent use of system name lookup can 
cause a domain joined machine to fail to find users.
  from  f1b04a2 s3: Fix bug 7730 -- crash in winbindd_dsgetdcname.c

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -
commit 6e9d95f753b2b127268f1eb9a40d601002484bd1
Author: Jeremy Allison j...@samba.org
Date:   Wed Oct 20 11:22:57 2010 -0700

Fix bug #7743 - Inconsistent use of system name lookup can cause a domain 
joined machine to fail to find users.

Ensure all username lookups go through Get_Pwnam_alloc(), which is the
correct wrapper function. We were using it *some* of the time anyway,
so this just makes us properly consistent.

Jeremy.

---

Summary of changes:
 source3/auth/auth_util.c   |   10 +-
 source3/lib/util.c |2 +-
 source3/passdb/pdb_interface.c |4 ++--
 source3/passdb/pdb_smbpasswd.c |2 +-
 source3/passdb/util_unixsids.c |2 +-
 source3/smbd/password.c|2 +-
 source3/smbd/uid.c |2 +-
 source3/torture/pdbtest.c  |2 +-
 source3/utils/net_sam.c|4 ++--
 source3/web/cgi.c  |4 ++--
 10 files changed, 17 insertions(+), 17 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 3fa7224..4a7160a 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -575,7 +575,7 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info 
**server_info,
return NT_STATUS_NO_MEMORY;
}
 
-   if ( !(pwd = getpwnam_alloc(result, username)) ) {
+   if ( !(pwd = Get_Pwnam_alloc(result, username)) ) {
DEBUG(1, (User %s in passdb, but getpwnam() fails!\n,
  pdb_get_username(sampass)));
TALLOC_FREE(result);
@@ -903,14 +903,14 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, 
const char *username,
 * about the mapping of guest sid to lp_guestaccount()
 * username and will return the unix_pw info for a guest
 * user. Use it if it's there, else lookup the *uid details
-* using getpwnam_alloc(). See bug #6291 for details. JRA.
+* using Get_Pwnam_alloc(). See bug #6291 for details. JRA.
 */
 
/* We must always assign the *uid. */
if (sam_acct-unix_pw == NULL) {
-   struct passwd *pwd = getpwnam_alloc(sam_acct, 
*found_username );
+   struct passwd *pwd = Get_Pwnam_alloc(sam_acct, 
*found_username );
if (!pwd) {
-   DEBUG(10, (getpwnam_alloc failed for %s\n,
+   DEBUG(10, (Get_Pwnam_alloc failed for %s\n,
*found_username));
result = NT_STATUS_NO_SUCH_USER;
goto done;
@@ -1326,7 +1326,7 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX 
*mem_ctx,
struct passwd *pwd;
NTSTATUS status;
 
-   pwd = getpwnam_alloc(talloc_tos(), username);
+   pwd = Get_Pwnam_alloc(talloc_tos(), username);
if (pwd == NULL) {
return NT_STATUS_NO_SUCH_USER;
}
diff --git a/source3/lib/util.c b/source3/lib/util.c
index 50aa4b0..fad6c7a 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1407,7 +1407,7 @@ uid_t nametouid(const char *name)
char *p;
uid_t u;
 
-   pass = getpwnam_alloc(talloc_autofree_context(), name);
+   pass = Get_Pwnam_alloc(talloc_autofree_context(), name);
if (pass) {
u = pass-pw_uid;
TALLOC_FREE(pass);
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index de46254..e09ad97 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -254,7 +254,7 @@ bool guest_user_info( struct samu *user )
NTSTATUS result;
const char *guestname = lp_guestaccount();
 
-   if ( !(pwd = getpwnam_alloc(talloc_autofree_context(), guestname ) ) ) {
+   if ( !(pwd = Get_Pwnam_alloc(talloc_autofree_context(), guestname ) ) ) 
{
DEBUG(0,(guest_user_info: Unable to locate guest account 
[%s]!\n, 
guestname));
return False;
@@ -1423,7 +1423,7 @@ static NTSTATUS pdb_default_enum_group_memberships(struct 
pdb_methods *methods,
/* Ignore the primary group SID.  Honor the real Unix primary group.
   The primary group SID is only of real use to Windows clients */
 
-   if ( !(pw = getpwnam_alloc(mem_ctx, username)) ) {
+   if ( !(pw = Get_Pwnam_alloc(mem_ctx, username)) ) {
return 

[SCM] Samba Shared Repository - branch v3-5-test updated

[Karolin Seeger]

The branch, v3-5-test has been updated
   via  4784195 Fix bug #7744 - dfree cache time doesn't work.
  from  6e9d95f Fix bug #7743 - Inconsistent use of system name lookup can 
cause a domain joined machine to fail to find users.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -
commit 47841952936e28916a738105194d662207477285
Author: Jeremy Allison j...@samba.org
Date:   Wed Oct 20 13:58:15 2010 -0700

Fix bug #7744 - dfree cache time doesn't work.

There is a bug in processing the dfree cache time, which is associated with 
the
smbd idle timer. The idle timer call conn_idle_all(), which updates the
conn-lastused timestamp. The dfree cache time code in smbd/dfree.c depends 
on
conn-lastused being up to date to refresh the cached dfree value.

Unfortunately the conn_idle_all() returns early if any of the connection
structs is not idle, never updating any further conn-lastused timestamps. 
If
(as is common due to an IPC$ connection) there are more than one used
connection struct, then the conn-lastused timestamps after the IPC$ 
connection
in the connection list will never be updated.

Ensure we always update conn-lastused for all connections when calling
conn_idle_all().

Jeremy.

---

Summary of changes:
 source3/smbd/conn.c |9 ++---
 1 files changed, 6 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c
index 959fcd7..37c2311 100644
--- a/source3/smbd/conn.c
+++ b/source3/smbd/conn.c
@@ -197,6 +197,7 @@ bool conn_idle_all(struct smbd_server_connection 
*sconn,time_t t)
int deadtime = lp_deadtime()*60;
pipes_struct *plist = NULL;
connection_struct *conn;
+   bool ret = true;
 
if (deadtime = 0)
deadtime = DEFAULT_SMBD_TIMEOUT;
@@ -209,6 +210,7 @@ bool conn_idle_all(struct smbd_server_connection 
*sconn,time_t t)
if (conn-lastused != conn-lastused_count) {
conn-lastused = t;
conn-lastused_count = t;
+   age = 0;
}
 
/* close dirptrs on connections that are idle */
@@ -217,7 +219,7 @@ bool conn_idle_all(struct smbd_server_connection 
*sconn,time_t t)
}
 
if (conn-num_files_open  0 || age  deadtime) {
-   return False;
+   ret = false;
}
}
 
@@ -229,11 +231,12 @@ bool conn_idle_all(struct smbd_server_connection 
*sconn,time_t t)
for (plist = get_first_internal_pipe(); plist;
 plist = get_next_internal_pipe(plist)) {
if (num_pipe_handles(plist-pipe_handles) != 0) {
-   return False;
+   ret = false;
+   break;
}
}

-   return True;
+   return ret;
 }
 
 /


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-5-test updated

[Karolin Seeger]

The branch, v3-5-test has been updated
   via  d070359 s3: Fix a getgrent crash with many groups
  from  4784195 Fix bug #7744 - dfree cache time doesn't work.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -
commit d070359ca01c1b340a610dd2cf9ce60b33c256e4
Author: Volker Lendecke v...@samba.org
Date:   Wed Nov 3 13:08:37 2010 +0100

s3: Fix a getgrent crash with many groups

Fix bug #7774.

---

Summary of changes:
 source3/winbindd/winbindd_getgrent.c |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/winbindd_getgrent.c 
b/source3/winbindd/winbindd_getgrent.c
index a3ea8dd..21da75b 100644
--- a/source3/winbindd/winbindd_getgrent.c
+++ b/source3/winbindd/winbindd_getgrent.c
@@ -187,6 +187,7 @@ NTSTATUS winbindd_getgrent_recv(struct tevent_req *req,
if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
+   state-groups = (struct winbindd_gr *)result;
 
for (i=0; istate-num_groups; i++) {
memcpy(result + base_memberofs + state-groups[i].gr_mem_ofs,


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-5-test updated

[Karolin Seeger]

The branch, v3-5-test has been updated
   via  82e15a5 s3: Fix bug 7779, crash in expand_msdfs
  from  d070359 s3: Fix a getgrent crash with many groups

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -
commit 82e15a5ee335ac87ab473899b333056a02bf15b3
Author: Volker Lendecke v...@samba.org
Date:   Sat Nov 6 21:18:35 2010 +0100

s3: Fix bug 7779, crash in expand_msdfs

---

Summary of changes:
 source3/include/proto.h  |1 +
 source3/librpc/gen_ndr/ndr_secrets.c |2 --
 source3/rpc_server/srv_dfs_nt.c  |   12 +++-
 source3/smbd/msdfs.c |8 +---
 4 files changed, 13 insertions(+), 10 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/proto.h b/source3/include/proto.h
index f7bfc2a..3d06c31 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -6465,6 +6465,7 @@ bool is_msdfs_link(connection_struct *conn,
const char *path,
SMB_STRUCT_STAT *sbufp);
 NTSTATUS get_referred_path(TALLOC_CTX *ctx,
+   struct auth_serversupplied_info *server_info,
const char *dfs_path,
struct junction_map *jucn,
int *consumedcntp,
diff --git a/source3/librpc/gen_ndr/ndr_secrets.c 
b/source3/librpc/gen_ndr/ndr_secrets.c
index f9b6145..2b182db 100644
--- a/source3/librpc/gen_ndr/ndr_secrets.c
+++ b/source3/librpc/gen_ndr/ndr_secrets.c
@@ -24,7 +24,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_TRUSTED_DOM_PASS(struct 
ndr_push *ndr, int n
NDR_CHECK(ndr_push_trailer_align(ndr, 4));
}
if (ndr_flags  NDR_BUFFERS) {
-   NDR_CHECK(ndr_push_dom_sid(ndr, NDR_BUFFERS, 
r-domain_sid));
}
ndr-flags = _flags_save_STRUCT;
}
@@ -52,7 +51,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_TRUSTED_DOM_PASS(struct 
ndr_pull *ndr, int n
NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
}
if (ndr_flags  NDR_BUFFERS) {
-   NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_BUFFERS, 
r-domain_sid));
}
ndr-flags = _flags_save_STRUCT;
}
diff --git a/source3/rpc_server/srv_dfs_nt.c b/source3/rpc_server/srv_dfs_nt.c
index dfa33c2..2bfbe5e 100644
--- a/source3/rpc_server/srv_dfs_nt.c
+++ b/source3/rpc_server/srv_dfs_nt.c
@@ -70,7 +70,7 @@ WERROR _dfs_Add(pipes_struct *p, struct dfs_Add *r)
}
 
/* The following call can change the cwd. */
-   status = get_referred_path(ctx, r-in.path, jn,
+   status = get_referred_path(ctx, p-server_info, r-in.path, jn,
consumedcnt, self_ref);
if(!NT_STATUS_IS_OK(status)) {
return ntstatus_to_werror(status);
@@ -136,8 +136,9 @@ WERROR _dfs_Remove(pipes_struct *p, struct dfs_Remove *r)
r-in.dfs_entry_path, r-in.servername, 
r-in.sharename));
}
 
-   if(!NT_STATUS_IS_OK(get_referred_path(ctx, r-in.dfs_entry_path, jn,
-   consumedcnt, self_ref))) {
+   if(!NT_STATUS_IS_OK(get_referred_path(ctx, p-server_info,
+ r-in.dfs_entry_path, jn,
+ consumedcnt, self_ref))) {
return WERR_DFS_NO_SUCH_VOL;
}
 
@@ -358,8 +359,9 @@ WERROR _dfs_GetInfo(pipes_struct *p, struct dfs_GetInfo *r)
}
 
/* The following call can change the cwd. */
-   if(!NT_STATUS_IS_OK(get_referred_path(ctx, r-in.dfs_entry_path,
-   jn, consumedcnt, self_ref)) ||
+   if(!NT_STATUS_IS_OK(get_referred_path(ctx, p-server_info,
+ r-in.dfs_entry_path,
+ jn, consumedcnt, self_ref)) ||
consumedcnt  strlen(r-in.dfs_entry_path)) {
return WERR_DFS_NO_SUCH_VOL;
}
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index 6dfa886..6a2f756 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -795,6 +795,7 @@ static NTSTATUS self_ref(TALLOC_CTX *ctx,
 **/
 
 NTSTATUS get_referred_path(TALLOC_CTX *ctx,
+   struct auth_serversupplied_info *server_info,
const char *dfs_path,
struct junction_map *jucn,
int *consumedcntp,
@@ -916,7 +917,7 @@ NTSTATUS get_referred_path(TALLOC_CTX *ctx,
}
 
status = create_conn_struct(ctx, conn, snum, lp_pathname(snum),
-   NULL, oldpath);
+   server_info, oldpath);
if 

[SCM] Samba Shared Repository - branch master updated

[Anatoliy Atanasov]

The branch, master has been updated
   via  9cdb0b5 s4/test: Expand BindTest
   via  4574d49 s4/test: Add bind.py to make test
  from  ba127f9 heimdal Don't dereference NULL in error verify_checksum 
error path

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 9cdb0b5cee1210fc44d9e6f2f87ab63d263b4cc6
Author: Anatoliy Atanasov anatoliy.atana...@postpath.com
Date:   Mon Nov 8 08:11:11 2010 +0200

s4/test: Expand BindTest

The test now binds with u...@realm, domain\user, user dn, computer dn

Autobuild-User: Anatoliy Atanasov anatoliy.atana...@postpath.com
Autobuild-Date: Thu Nov 11 16:15:30 UTC 2010 on sn-devel-104

commit 4574d497ce306ef97c196221c1b3d34e478dde01
Author: Anatoliy Atanasov anatoliy.atana...@postpath.com
Date:   Fri Nov 5 09:27:48 2010 +0200

s4/test: Add bind.py to make test

bind.py is a place to have tests for ldb binding with different credentials.
For starter we have a simple bind with machine account.

---

Summary of changes:
 source4/auth/credentials/tests/bind.py |   80 
 source4/selftest/tests.py  |1 +
 2 files changed, 61 insertions(+), 20 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/auth/credentials/tests/bind.py 
b/source4/auth/credentials/tests/bind.py
index 231852c..7bfc1f5 100755
--- a/source4/auth/credentials/tests/bind.py
+++ b/source4/auth/credentials/tests/bind.py
@@ -7,6 +7,8 @@ import sys
 import base64
 import re
 import os
+import copy
+import time
 
 sys.path.append(bin/python)
 import samba
@@ -44,37 +46,44 @@ host = args[0]
 lp = sambaopts.get_loadparm()
 creds = credopts.get_credentials(lp)
 creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
-creds_machine = creds
+creds_machine = copy.deepcopy(creds)
+creds_user1 = copy.deepcopy(creds)
+creds_user2 = copy.deepcopy(creds)
+creds_user3 = copy.deepcopy(creds)
 
 class BindTests(samba.tests.TestCase):
+
+info_dc = None
+
+def setUp(self):
+super(BindTests, self).setUp()
+# fetch rootDSEs
+if self.info_dc is None:
+res = ldb.search(base=, expression=, scope=SCOPE_BASE, 
attrs=[*])
+self.assertEquals(len(res), 1)
+BindTests.info_dc = res[0]
+# cache some of RootDSE props
+self.schema_dn = self.info_dc[schemaNamingContext][0]
+self.domain_dn = self.info_dc[defaultNamingContext][0]
+self.config_dn = self.info_dc[configurationNamingContext][0]
+self.computer_dn = CN=centos53,CN=Computers,%s % self.domain_dn
+self.password = p...@ssw0rd
+self.username = BindTestUser_ + time.strftime(%s, time.gmtime())
+
 def delete_force(self, ldb, dn):
 try:
 ldb.delete(dn)
 except LdbError, (num, _):
 self.assertEquals(num, ERR_NO_SUCH_OBJECT)
 
-def find_basedn(self, ldb):
-res = ldb.search(base=, expression=, scope=SCOPE_BASE,
- attrs=[defaultNamingContext])
-self.assertEquals(len(res), 1)
-return res[0][defaultNamingContext][0]
-
-def setUp(self):
-super(BindTests, self).setUp()
-self.base_dn = self.find_basedn(ldb)
-
 def tearDown(self):
 super(BindTests, self).tearDown()
 
 def test_computer_account_bind(self):
 # create a computer acocount for the test
-self.user_dn = CN=centos53,CN=Computers,%s % self.base_dn
-self.password = p...@ssw0rd
-self.acc_name = centos53$
-
-self.delete_force(ldb, self.user_dn)
+self.delete_force(ldb, self.computer_dn)
 ldb.add_ldif(
-dn:  + self.user_dn + 
+dn:  + self.computer_dn + 
 cn: CENTOS53
 displayName: CENTOS53$
 name: CENTOS53
@@ -92,17 +101,48 @@ operatingSystemVersion: 5.2 (3790)
 operatingSystem: Windows Server 2003
 )
 ldb.modify_ldif(
-dn:  + self.user_dn + 
+dn:  + self.computer_dn + 
 changetype: modify
 replace: unicodePwd
 unicodePwd::  + base64.b64encode(\p...@ssw0rd\.encode('utf-16-le')) + 

 )
 
 # do a simple bind and search with the machine account
-creds_machine.set_bind_dn(self.user_dn)
+creds_machine.set_bind_dn(self.computer_dn)
 creds_machine.set_password(self.password)
+print BindTest with:  + creds_machine.get_bind_dn()
 ldb_machine = SamDB(host, credentials=creds_machine, 
session_info=system_session(), lp=lp)
-self.find_basedn(ldb_machine)
+res = ldb_machine.search(base=, expression=, scope=SCOPE_BASE, 
attrs=[*])
+
+def test_user_account_bind(self):
+# create user
+ldb.newuser(username=self.username, password=self.password)
+ldb_res = ldb.search(base=self.domain_dn,
+  scope=SCOPE_SUBTREE,
+  

[SCM] Samba Shared Repository - branch master updated

[Volker Lendecke]

The branch, master has been updated
   via  e7970c0 s3: Make cli_set_ea_fnum return NTSTATUS
   via  ddd33f0 s3: Make cli_set_ea_path return NTSTATUS
   via  1b13a4d s3: Remove two pointless variables
   via  9c664db s3: Convert cli_set_ea() to cli_trans()
   via  1d96161 s3: Convert cli_dfs_get_referral to cli_trans
   via  612ded1 s3: cli_dfs_check_error does not need to depend on 
cli-inbuf
   via  3a01edd s3: Make split_dfs_path return bool
   via  8a22fac s3: Remove some dead code
   via  d320ae7 s3: Untangle an if-expression
  from  9cdb0b5 s4/test: Expand BindTest

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit e7970c02f345a4a5d63ab43c120277de70624c19
Author: Volker Lendecke v...@samba.org
Date:   Thu Nov 11 15:58:34 2010 +0100

s3: Make cli_set_ea_fnum return NTSTATUS

Autobuild-User: Volker Lendecke vlen...@samba.org
Autobuild-Date: Thu Nov 11 16:59:27 UTC 2010 on sn-devel-104

commit ddd33f035199bce2fc9d8deb3c2c4ad627ad36d4
Author: Volker Lendecke v...@samba.org
Date:   Thu Nov 11 15:51:46 2010 +0100

s3: Make cli_set_ea_path return NTSTATUS

commit 1b13a4d22b3f0eca6926ab8ce61147784f6e993e
Author: Volker Lendecke v...@samba.org
Date:   Thu Nov 11 15:51:16 2010 +0100

s3: Remove two pointless variables

commit 9c664dbd8c46e54aae4a4cebfafac61d618dd4f2
Author: Volker Lendecke v...@samba.org
Date:   Thu Nov 11 15:40:06 2010 +0100

s3: Convert cli_set_ea() to cli_trans()

commit 1d9616113207775916c816708fe442fe84ad0369
Author: Volker Lendecke v...@samba.org
Date:   Thu Nov 11 14:54:25 2010 +0100

s3: Convert cli_dfs_get_referral to cli_trans

commit 612ded1abf15bfcc3569f061b18764bff66fe9b6
Author: Volker Lendecke v...@samba.org
Date:   Thu Nov 11 14:46:58 2010 +0100

s3: cli_dfs_check_error does not need to depend on cli-inbuf

commit 3a01edd60764723bccd742707153ab4cdf72c079
Author: Volker Lendecke v...@samba.org
Date:   Thu Nov 11 14:04:06 2010 +0100

s3: Make split_dfs_path return bool

commit 8a22fac3a01c31732ac843f903689e42cce3a5ae
Author: Volker Lendecke v...@samba.org
Date:   Thu Nov 11 13:45:00 2010 +0100

s3: Remove some dead code

commit d320ae7cbed565220529fa0da13ce22498d45096
Author: Volker Lendecke v...@samba.org
Date:   Thu Nov 11 13:44:28 2010 +0100

s3: Untangle an if-expression

---

Summary of changes:
 source3/client/client.c   |8 ++-
 source3/include/proto.h   |   10 +++-
 source3/libsmb/clidfs.c   |  128 +
 source3/libsmb/clifile.c  |   86 ++
 source3/torture/torture.c |   24 ++---
 5 files changed, 141 insertions(+), 115 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/client/client.c b/source3/client/client.c
index 5129268..062809d 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -3346,6 +3346,7 @@ static int cmd_setea(void)
char *eavalue = NULL;
char *targetname = NULL;
struct cli_state *targetcli;
+   NTSTATUS status;
 
if (!next_token_talloc(ctx, cmd_ptr, name, NULL)
|| !next_token_talloc(ctx, cmd_ptr, eaname, NULL)) {
@@ -3369,9 +3370,10 @@ static int cmd_setea(void)
return 1;
}
 
-   if (!cli_set_ea_path(targetcli, targetname, eaname, eavalue,
-strlen(eavalue))) {
-   d_printf(set_ea %s: %s\n, src, cli_errstr(cli));
+   status =  cli_set_ea_path(targetcli, targetname, eaname, eavalue,
+ strlen(eavalue));
+   if (!NT_STATUS_IS_OK(status)) {
+   d_printf(set_ea %s: %s\n, src, nt_errstr(status));
return 1;
}
 
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 38c5a6d..10409a4 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1689,7 +1689,7 @@ struct cli_state *cli_cm_open(TALLOC_CTX *ctx,
int port,
int name_type);
 void cli_cm_display(const struct cli_state *c);
-bool cli_dfs_get_referral(TALLOC_CTX *ctx,
+NTSTATUS cli_dfs_get_referral(TALLOC_CTX *ctx,
struct cli_state *cli,
const char *path,
struct client_dfs_referral **refs,
@@ -2077,8 +2077,12 @@ NTSTATUS cli_ctemp(struct cli_state *cli,
uint16_t *pfnum,
char **out_path);
 NTSTATUS cli_raw_ioctl(struct cli_state *cli, uint16_t fnum, uint32_t code, 
DATA_BLOB *blob);
-bool cli_set_ea_path(struct cli_state *cli, const char *path, const char 
*ea_name, const char *ea_val, size_t ea_len);
-bool cli_set_ea_fnum(struct cli_state *cli, uint16_t fnum, const char 
*ea_name, const char *ea_val, size_t ea_len);
+NTSTATUS cli_set_ea_path(struct cli_state *cli, 

[SCM] Samba Shared Repository - branch master updated

[Volker Lendecke]

The branch, master has been updated
   via  beaf14e s3: Well... Fix a stupid error
  from  e7970c0 s3: Make cli_set_ea_fnum return NTSTATUS

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit beaf14ec91708b827ac0760a2b23383a989e840f
Author: Volker Lendecke v...@samba.org
Date:   Thu Nov 11 19:08:20 2010 +0100

s3: Well... Fix a stupid error

Autobuild-User: Volker Lendecke vlen...@samba.org
Autobuild-Date: Thu Nov 11 18:54:00 UTC 2010 on sn-devel-104

---

Summary of changes:
 source3/libsmb/clifile.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c
index 20babbd..b40f7d1 100644
--- a/source3/libsmb/clifile.c
+++ b/source3/libsmb/clifile.c
@@ -4071,7 +4071,7 @@ static NTSTATUS cli_set_ea(struct cli_state *cli, 
uint16_t setup_val,
   const char *ea_name,
   const char *ea_val, size_t ea_len)
 {
-   uint16_t setup[0];
+   uint16_t setup[1];
unsigned int data_len = 0;
uint8_t *data = NULL;
char *p;


-- 
Samba Shared Repository

[SCM] build.samba.org - branch master updated

[Matthieu Patou]

The branch, master has been updated
   via  6e90a43 use the cached version of the build farm for the web 
interface
   via  95c6516 Introduce a cached variant of the build farm, correct 
cached build to handle correctly CachedUploadBuild class
   via  9d55ade Do not use cache for lcov in the non cached variant of the 
buildfarm class
  from  e7f5f8b Move lcov cache onto BuildFarm, simplify get_build.

http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master


- Log -
commit 6e90a43f98d85a0692bbade545ee85ae2ad321c1
Author: Matthieu Patou m...@matws.net
Date:   Thu Nov 11 22:17:52 2010 +0300

use the cached version of the build farm for the web interface

commit 95c65166b107b7366611750c020b190018393438
Author: Matthieu Patou m...@matws.net
Date:   Thu Nov 11 22:16:06 2010 +0300

Introduce a cached variant of the build farm, correct cached build to 
handle correctly CachedUploadBuild class

commit 9d55adeb51ca17348e42a22ca8145e7c85afada8
Author: Matthieu Patou m...@matws.net
Date:   Thu Nov 11 22:15:09 2010 +0300

Do not use cache for lcov in the non cached variant of the buildfarm class

---

Summary of changes:
 buildfarm/__init__.py |   78 ++--
 buildfarm/data.py |   10 +-
 web/build.py  |4 +-
 3 files changed, 71 insertions(+), 21 deletions(-)


Changeset truncated at 500 lines:

diff --git a/buildfarm/__init__.py b/buildfarm/__init__.py
index 85690e3..bf6b0b0 100644
--- a/buildfarm/__init__.py
+++ b/buildfarm/__init__.py
@@ -100,34 +100,18 @@ class BuildFarm(object):
 def lcov_status(self, tree):
 get status of build
 from buildfarm import data, util
-cachefile = os.path.join(self.cachedir, lcov.%s.%s.status % (
-self.LCOVHOST, tree))
 file = os.path.join(self.lcovdir, self.LCOVHOST, tree, index.html)
 try:
-st1 = os.stat(file)
+lcov_html = util.FileLoad(file)
 except OSError:
 # File does not exist
 raise data.NoSuchBuildError(tree, self.LCOVHOST, lcov)
-try:
-st2 = os.stat(cachefile)
-except OSError:
-# file does not exist
-st2 = None
 
-if st2 and st1.st_ctime = st2.st_mtime:
-ret = util.FileLoad(cachefile)
-if ret == :
-return None
-return ret
-
-lcov_html = util.FileLoad(file)
 perc = lcov_extract_percentage(lcov_html)
 if perc is None:
 ret = 
 else:
 ret = perc
-if self.readonly:
-util.FileSave(cachefile, ret)
 return perc
 
 def get_build(self, tree, host, compiler, rev=None):
@@ -148,3 +132,63 @@ class BuildFarm(object):
 yield self.upload_builds.get_build(host, tree, 
compiler)
 except data.NoSuchBuildError:
 continue
+
+
+class CachingBuildFarm(BuildFarm):
+
+def __init__(self, path=None, cachedirname=None):
+self.cachedir = None
+super(CachingBuildFarm, self).__init__(path)
+
+if cachedirname:
+self.cachedir = os.path.join(self.path, cachedirname)
+else:
+self.cachedir = os.path.join(self.path, toto)
+self.builds = self._open_build_results()
+self.upload_builds = self._open_upload_build_results()
+
+def _open_build_results(self):
+from buildfarm import data
+if not self.cachedir:
+return
+return data.CachingBuildResultStore(os.path.join(self.path, data, 
oldrevs),
+self.cachedir)
+
+def _open_upload_build_results(self):
+from buildfarm import data
+if not self.cachedir:
+return
+return data.CachingUploadBuildResultStore(os.path.join(self.path, 
data, upload),
+self.cachedir)
+
+def lcov_status(self, tree):
+get status of build
+from buildfarm import data, util
+cachefile = self.builds.get_lcov_cached_status(self.LCOVHOST, tree)
+file = os.path.join(self.lcovdir, self.LCOVHOST, tree, index.html)
+try:
+st1 = os.stat(file)
+except OSError:
+# File does not exist
+raise data.NoSuchBuildError(tree, self.LCOVHOST, lcov)
+try:
+st2 = os.stat(cachefile)
+except OSError:
+# file does not exist
+st2 = None
+
+if st2 and st1.st_ctime = st2.st_mtime:
+ret = util.FileLoad(cachefile)
+if ret == :
+return None
+return ret
+
+lcov_html = util.FileLoad(file)
+perc = lcov_extract_percentage(lcov_html)
+if perc is None:
+ret = 
+else:
+ret = perc
+if not self.readonly:

[SCM] build.samba.org - branch master updated

[Matthieu Patou]

The branch, master has been updated
   via  f3d059a change the name of the cache folder
  from  6e90a43 use the cached version of the build farm for the web 
interface

http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master


- Log -
commit f3d059a3b1d591b509dd1e21ee1002006a10ef43
Author: Matthieu Patou m...@matws.net
Date:   Thu Nov 11 22:33:49 2010 +0300

change the name of the cache folder

---

Summary of changes:
 buildfarm/__init__.py |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/buildfarm/__init__.py b/buildfarm/__init__.py
index bf6b0b0..147d0ff 100644
--- a/buildfarm/__init__.py
+++ b/buildfarm/__init__.py
@@ -143,7 +143,7 @@ class CachingBuildFarm(BuildFarm):
 if cachedirname:
 self.cachedir = os.path.join(self.path, cachedirname)
 else:
-self.cachedir = os.path.join(self.path, toto)
+self.cachedir = os.path.join(self.path, cache2)
 self.builds = self._open_build_results()
 self.upload_builds = self._open_upload_build_results()
 


-- 
build.samba.org

[SCM] Samba Shared Repository - branch master updated

[Kamen Mazdrashki]

The branch, master has been updated
   via  dcd346c s4-tests: Make repl_schema.py test part of Samba4 test suite
   via  0868a15 s4-repl: Propagate remote prefixMap in DRSUAPI data 
conversion functions
   via  2d0cb54 s4-dsdb_syntax: Warning message that we can't find 
requested ATTID in Schema Cache
   via  3ab7552 s4-prefixMap: dsdb_schema_pfm_oid_from_attid() to use const 
prefixMap
   via  e772518 s4-dsdb_syntax: Use remote prefixMap to handle generic 
cases in drsuapi_to_ldb conversions
   via  f65c840 s4-dsdb_syntax: Add remote prefixMap member for dsdb_syntax 
conversions
   via  a8495d3 s4-repl: dsdb_extended_replicated_objects_convert - 
dsdb_replicated_objects_convert/
   via  227e8dc s4-repl: dsdb_extended_replicated_objects_commit - 
dsdb_replicated_objects_commit
   via  28f41c1 s4-repl: dsdb_convert_object - dsdb_origin_object_convert
   via  7ada90e s4-test: repl_schema - Make sure LdbError and 
ERR_NO_SUCH_OBJECT are visible
  from  beaf14e s3: Well... Fix a stupid error

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit dcd346c0e541246260507c96283eefaef23edebb
Author: Kamen Mazdrashki kame...@samba.org
Date:   Wed Nov 10 06:14:20 2010 +0200

s4-tests: Make repl_schema.py test part of Samba4 test suite

Autobuild-User: Kamen Mazdrashki kame...@samba.org
Autobuild-Date: Thu Nov 11 19:38:18 UTC 2010 on sn-devel-104

commit 0868a1598220e2ed73aefcd9ec3517a38704ac9e
Author: Kamen Mazdrashki kame...@samba.org
Date:   Wed Nov 10 03:45:22 2010 +0200

s4-repl: Propagate remote prefixMap in DRSUAPI data conversion functions

commit 2d0cb54ceb8f568f233533ada007822ffb40ee3d
Author: Kamen Mazdrashki kame...@samba.org
Date:   Wed Nov 10 02:32:29 2010 +0200

s4-dsdb_syntax: Warning message that we can't find requested ATTID in 
Schema Cache

commit 3ab75524ee11f9121f41b3d4dd452ecdf9847e67
Author: Kamen Mazdrashki kame...@samba.org
Date:   Tue Nov 9 04:36:24 2010 +0200

s4-prefixMap: dsdb_schema_pfm_oid_from_attid() to use const prefixMap

It is not supposed to change supplied prefixMap

commit e772518a64f1f616ba6c00a8ee45cffd228bd8b3
Author: Kamen Mazdrashki kame...@samba.org
Date:   Tue Nov 9 04:12:57 2010 +0200

s4-dsdb_syntax: Use remote prefixMap to handle generic cases in 
drsuapi_to_ldb conversions

commit f65c8402998c0759aac1ff27234a5e841a3bba37
Author: Kamen Mazdrashki kame...@samba.org
Date:   Tue Nov 9 04:12:16 2010 +0200

s4-dsdb_syntax: Add remote prefixMap member for dsdb_syntax conversions

commit a8495d380ef93f8d236d521c8b1b8bf76f689acf
Author: Kamen Mazdrashki kame...@samba.org
Date:   Sun Nov 7 23:04:33 2010 +0200

s4-repl: dsdb_extended_replicated_objects_convert - 
dsdb_replicated_objects_convert/

It is part of dsdb_replicated_* family of functions

commit 227e8dcfcfeeb5721e4f23c2bc183fd63c5bbe30
Author: Kamen Mazdrashki kame...@samba.org
Date:   Sun Nov 7 22:51:11 2010 +0200

s4-repl: dsdb_extended_replicated_objects_commit - 
dsdb_replicated_objects_commit

It is part of dsdb_replicated_* family of functions

commit 28f41c166a77c0d69f0b1eb3e0d811fb66e696a4
Author: Kamen Mazdrashki kame...@samba.org
Date:   Sun Nov 7 21:47:39 2010 +0200

s4-repl: dsdb_convert_object - dsdb_origin_object_convert

It is used in dsdb_origin_objects_commit() func,
hence the dsdb_origin_ prefix

commit 7ada90ec2956fc8fc744676496e847f1a4d2f163
Author: Kamen Mazdrashki kame...@samba.org
Date:   Thu Nov 11 20:19:47 2010 +0200

s4-test: repl_schema - Make sure LdbError and ERR_NO_SUCH_OBJECT are visible

---

Summary of changes:
 source4/dsdb/repl/drepl_out_helpers.c |   28 ++--
 source4/dsdb/repl/replicated_objects.c|   66 ++---
 source4/dsdb/schema/schema.h  |3 +
 source4/dsdb/schema/schema_prefixmap.c|3 +-
 source4/dsdb/schema/schema_syntax.c   |   14 +-
 source4/libnet/libnet_vampire.c   |   60 +++---
 source4/selftest/tests.py |1 +
 source4/torture/drs/python/repl_schema.py |1 +
 source4/torture/drs/rpc/dssync.c  |   18 
 9 files changed, 117 insertions(+), 77 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dsdb/repl/drepl_out_helpers.c 
b/source4/dsdb/repl/drepl_out_helpers.c
index f83cdda..b99f126 100644
--- a/source4/dsdb/repl/drepl_out_helpers.c
+++ b/source4/dsdb/repl/drepl_out_helpers.c
@@ -580,17 +580,17 @@ static void 
dreplsrv_op_pull_source_apply_changes_trigger(struct tevent_req *req
return;
}
 
-   status = dsdb_extended_replicated_objects_convert(service-samdb,
- partition-nc.dn,
- mapping_ctr,
-

[SCM] build.samba.org - branch master updated

[Matthieu Patou]

The branch, master has been updated
   via  5500e51 remove useless declaration
   via  98e211d get_lcov_cached_status has been removed build the cachefile 
name for lcov in the cachedbuildfarm class directly
  from  f3d059a change the name of the cache folder

http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master


- Log -
commit 5500e513ebf163fed00a44509b20113edef41751
Author: Matthieu Patou m...@matws.net
Date:   Thu Nov 11 22:44:07 2010 +0300

remove useless declaration

commit 98e211d96871f92cfcdff20e0daf3876737c6fde
Author: Matthieu Patou m...@matws.net
Date:   Thu Nov 11 22:42:47 2010 +0300

get_lcov_cached_status has been removed build the cachefile name for lcov 
in the cachedbuildfarm class directly

---

Summary of changes:
 buildfarm/__init__.py |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/buildfarm/__init__.py b/buildfarm/__init__.py
index 147d0ff..823d51e 100644
--- a/buildfarm/__init__.py
+++ b/buildfarm/__init__.py
@@ -66,7 +66,6 @@ class BuildFarm(object):
 if path is None:
 path = os.path.abspath(os.path.join(os.path.dirname(__file__), 
..))
 self.path = path
-self.cachedir = os.path.join(self.path, cache)
 self.webdir = os.path.join(self.path, web)
 if not os.path.isdir(path):
 raise Exception(web directory %s does not exist % self.webdir)
@@ -164,7 +163,8 @@ class CachingBuildFarm(BuildFarm):
 def lcov_status(self, tree):
 get status of build
 from buildfarm import data, util
-cachefile = self.builds.get_lcov_cached_status(self.LCOVHOST, tree)
+cachefile = os.path.join(self.cachedir,
+lcov.%s.%s.status % (self.LCOVHOST, 
tree))
 file = os.path.join(self.lcovdir, self.LCOVHOST, tree, index.html)
 try:
 st1 = os.stat(file)


-- 
build.samba.org

[SCM] build.samba.org - branch master updated

[Matthieu Patou]

The branch, master has been updated
   via  c7004ea attribute readonly didn't exists (anymore ?)
  from  5500e51 remove useless declaration

http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master


- Log -
commit c7004ea666743b74f304aa8fd24f66551bb2a734
Author: Matthieu Patou m...@matws.net
Date:   Thu Nov 11 22:48:40 2010 +0300

attribute readonly didn't exists (anymore ?)

---

Summary of changes:
 buildfarm/__init__.py |1 -
 1 files changed, 0 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/buildfarm/__init__.py b/buildfarm/__init__.py
index 823d51e..51d4968 100644
--- a/buildfarm/__init__.py
+++ b/buildfarm/__init__.py
@@ -189,6 +189,5 @@ class CachingBuildFarm(BuildFarm):
 ret = 
 else:
 ret = perc
-if not self.readonly:
 util.FileSave(cachefile, ret)
 return perc


-- 
build.samba.org

[SCM] build.samba.org - branch master updated

[Matthieu Patou]

The branch, master has been updated
   via  d67fc5a Use the correct form for cmp
  from  c7004ea attribute readonly didn't exists (anymore ?)

http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master


- Log -
commit d67fc5a7b8da0e696c334f58000bbfe074624a0c
Author: Matthieu Patou m...@matws.net
Date:   Thu Nov 11 22:50:53 2010 +0300

Use the correct form for cmp

---

Summary of changes:
 web/build.py |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/web/build.py b/web/build.py
index 977f16e..b28eb85 100755
--- a/web/build.py
+++ b/web/build.py
@@ -264,7 +264,7 @@ def view_recent_builds(myself, tree, sort_by):
 host: lambda a, b: cmp(a[2], b[2]),
 platform: lambda a, b: cmp(a[1], b[1]),
 compiler: lambda a, b: cmp(a[3], b[3]),
-status: lambda a, b: a[6].cmp(b[6]),
+status: lambda a, b: cmp(a[6], b[6]),
 }
 
 assert tree in trees, not a build tree


-- 
build.samba.org

[SCM] build.samba.org - branch master updated

[Jelmer Vernooij]

The branch, master has been updated
   via  46d2d55 Reintroduce readonly parameter, remove unnecessary code.
  from  d67fc5a Use the correct form for cmp

http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master


- Log -
commit 46d2d555c366289981592c9b3e9df75d9f2b84c3
Author: Jelmer Vernooij jel...@samba.org
Date:   Thu Nov 11 22:17:21 2010 +0100

Reintroduce readonly parameter, remove unnecessary code.

---

Summary of changes:
 buildfarm/__init__.py |   22 +++---
 1 files changed, 7 insertions(+), 15 deletions(-)


Changeset truncated at 500 lines:

diff --git a/buildfarm/__init__.py b/buildfarm/__init__.py
index 51d4968..ea5ecbd 100644
--- a/buildfarm/__init__.py
+++ b/buildfarm/__init__.py
@@ -135,30 +135,26 @@ class BuildFarm(object):
 
 class CachingBuildFarm(BuildFarm):
 
-def __init__(self, path=None, cachedirname=None):
-self.cachedir = None
+def __init__(self, path=None, readonly=False, cachedirname=None):
 super(CachingBuildFarm, self).__init__(path)
 
 if cachedirname:
 self.cachedir = os.path.join(self.path, cachedirname)
 else:
-self.cachedir = os.path.join(self.path, cache2)
+self.cachedir = os.path.join(self.path, cache)
 self.builds = self._open_build_results()
 self.upload_builds = self._open_upload_build_results()
+self.readonly = readonly
 
 def _open_build_results(self):
 from buildfarm import data
-if not self.cachedir:
-return
 return data.CachingBuildResultStore(os.path.join(self.path, data, 
oldrevs),
-self.cachedir)
+self.cachedir, reaodnly=self.readonly)
 
 def _open_upload_build_results(self):
 from buildfarm import data
-if not self.cachedir:
-return
 return data.CachingUploadBuildResultStore(os.path.join(self.path, 
data, upload),
-self.cachedir)
+self.cachedir, readonly=self.readonly)
 
 def lcov_status(self, tree):
 get status of build
@@ -183,11 +179,7 @@ class CachingBuildFarm(BuildFarm):
 return None
 return ret
 
-lcov_html = util.FileLoad(file)
-perc = lcov_extract_percentage(lcov_html)
-if perc is None:
-ret = 
-else:
-ret = perc
+perc = super(CachingBuildFarm, self).lcov_status(tree)
+if not self.readonly:
 util.FileSave(cachefile, ret)
 return perc


-- 
build.samba.org

[SCM] build.samba.org - branch master updated

[Jelmer Vernooij]

The branch, master has been updated
   via  3de05b3 Add some more base buildfarm tests.
   via  23a0e49 Fix caching buildfarm.
   via  324bb02 make import-and-analyse executable.
  from  46d2d55 Reintroduce readonly parameter, remove unnecessary code.

http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master


- Log -
commit 3de05b3e869488cf6d8eb395a3086377254e3c35
Author: Jelmer Vernooij jel...@samba.org
Date:   Thu Nov 11 22:56:15 2010 +0100

Add some more base buildfarm tests.

commit 23a0e4992b633a6e44c0dcfdf24702e2456b4e4a
Author: Jelmer Vernooij jel...@samba.org
Date:   Thu Nov 11 22:41:46 2010 +0100

Fix caching buildfarm.

commit 324bb026c566f8ea0e796adaccf584e7bb8e7d23
Author: Jelmer Vernooij jel...@samba.org
Date:   Thu Nov 11 22:38:35 2010 +0100

make import-and-analyse executable.

---

Summary of changes:
 buildfarm/__init__.py |   21 
 buildfarm/tests/__init__.py   |   63 
 buildfarm/tests/test_buildfarm.py |   95 +
 3 files changed, 106 insertions(+), 73 deletions(-)
 create mode 100644 buildfarm/tests/test_buildfarm.py
 mode change 100644 = 100755 import-and-analyse.py


Changeset truncated at 500 lines:

diff --git a/buildfarm/__init__.py b/buildfarm/__init__.py
index ea5ecbd..fdb197c 100644
--- a/buildfarm/__init__.py
+++ b/buildfarm/__init__.py
@@ -49,6 +49,7 @@ def read_trees_from_conf(path):
 
 
 def lcov_extract_percentage(text):
+Extract the coverage percentage from the lcov file.
 m = re.search('\td 
class=headerItem.*?\Code\nbsp\;covered\:\\/td\.*?\n.*?\td 
class=headerValue.*?\([0-9.]+) \%', text)
 if m:
 return m.group(1)
@@ -102,7 +103,7 @@ class BuildFarm(object):
 file = os.path.join(self.lcovdir, self.LCOVHOST, tree, index.html)
 try:
 lcov_html = util.FileLoad(file)
-except OSError:
+except (OSError, IOError):
 # File does not exist
 raise data.NoSuchBuildError(tree, self.LCOVHOST, lcov)
 
@@ -136,30 +137,30 @@ class BuildFarm(object):
 class CachingBuildFarm(BuildFarm):
 
 def __init__(self, path=None, readonly=False, cachedirname=None):
+self._cachedirname = cachedirname
+self.readonly = readonly
 super(CachingBuildFarm, self).__init__(path)
 
-if cachedirname:
-self.cachedir = os.path.join(self.path, cachedirname)
+def _get_cachedir(self):
+if self._cachedirname is not None:
+return os.path.join(self.path, self._cachedirname)
 else:
-self.cachedir = os.path.join(self.path, cache)
-self.builds = self._open_build_results()
-self.upload_builds = self._open_upload_build_results()
-self.readonly = readonly
+return os.path.join(self.path, cache)
 
 def _open_build_results(self):
 from buildfarm import data
 return data.CachingBuildResultStore(os.path.join(self.path, data, 
oldrevs),
-self.cachedir, reaodnly=self.readonly)
+self._get_cachedir(), readonly=self.readonly)
 
 def _open_upload_build_results(self):
 from buildfarm import data
 return data.CachingUploadBuildResultStore(os.path.join(self.path, 
data, upload),
-self.cachedir, readonly=self.readonly)
+self._get_cachedir(), readonly=self.readonly)
 
 def lcov_status(self, tree):
 get status of build
 from buildfarm import data, util
-cachefile = os.path.join(self.cachedir,
+cachefile = os.path.join(self._get_cachedir(),
 lcov.%s.%s.status % (self.LCOVHOST, 
tree))
 file = os.path.join(self.lcovdir, self.LCOVHOST, tree, index.html)
 try:
diff --git a/buildfarm/tests/__init__.py b/buildfarm/tests/__init__.py
index c414bb1..65912f8 100644
--- a/buildfarm/tests/__init__.py
+++ b/buildfarm/tests/__init__.py
@@ -15,13 +15,10 @@
 #   along with this program; if not, write to the Free Software
 #   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
-from buildfarm import BuildFarm
-
 import os
 from testtools import TestCase
 import shutil
 import tempfile
-import testtools
 
 
 class BuildFarmTestCase(TestCase):
@@ -78,63 +75,3 @@ class BuildFarmTestCase(TestCase):
 def tearDown(self):
 shutil.rmtree(self.path)
 super(BuildFarmTestCase, self).tearDown()
-
-
-class ReadTreesFromConfTests(testtools.TestCase):
-
-def create_file(self, contents):
-(fd, path) = tempfile.mkstemp()
-f = os.fdopen(fd, 'w')
-self.addCleanup(os.remove, path)
-try:
-f.write(contents)
-finally:
-f.close()
-return path
-
-def test_read_trees_from_conf_ko(self):
-name = self.create_file(
-[foo]

[SCM] build.samba.org - branch master updated

[Jelmer Vernooij]

The branch, master has been updated
   via  6043bed Test both BuildFarm and CachingBuildFarm.
  from  3de05b3 Add some more base buildfarm tests.

http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master


- Log -
commit 6043bede719fb9eebab45f22e2fd1b51fee94981
Author: Jelmer Vernooij jel...@samba.org
Date:   Thu Nov 11 22:59:47 2010 +0100

Test both BuildFarm and CachingBuildFarm.

---

Summary of changes:
 buildfarm/tests/test_buildfarm.py |   21 ++---
 1 files changed, 18 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/buildfarm/tests/test_buildfarm.py 
b/buildfarm/tests/test_buildfarm.py
index 9132445..4cec0b7 100644
--- a/buildfarm/tests/test_buildfarm.py
+++ b/buildfarm/tests/test_buildfarm.py
@@ -17,6 +17,7 @@
 
 from buildfarm import (
 BuildFarm,
+CachingBuildFarm,
 data,
 read_trees_from_conf,
 )
@@ -73,13 +74,11 @@ branch = HEAD
 git)
 
 
-class BuildFarmTests(BuildFarmTestCase):
+class BuildFarmTestBase(object):
 
 def setUp(self):
-super(BuildFarmTests, self).setUp()
 self.write_compilers([cc])
 self.write_trees({trivial: { scm: git, repo: git://foo, 
branch: master }})
-self.x = BuildFarm(self.path)
 
 def test_get_new_builds_empty(self):
 self.assertEquals([], list(self.x.get_new_builds()))
@@ -93,3 +92,19 @@ class BuildFarmTests(BuildFarmTestCase):
 self.assertEquals(git, tree.scm)
 self.assertEquals(git://foo, tree.repo)
 self.assertEquals(master, tree.branch)
+
+
+class BuildFarmTests(BuildFarmTestBase, BuildFarmTestCase):
+
+def setUp(self):
+BuildFarmTestCase.setUp(self)
+BuildFarmTestBase.setUp(self)
+self.x = BuildFarm(self.path)
+
+
+class CachingBuildFarmTests(BuildFarmTestBase, BuildFarmTestCase):
+
+def setUp(self):
+BuildFarmTestCase.setUp(self)
+BuildFarmTestBase.setUp(self)
+self.x = CachingBuildFarm(self.path)


-- 
build.samba.org

[SCM] build.samba.org - branch master updated

[Jelmer Vernooij]

The branch, master has been updated
   via  d3fe741 Test both cache and non-cache versions.
  from  6043bed Test both BuildFarm and CachingBuildFarm.

http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master


- Log -
commit d3fe741c17f8401ae5dfe1d1fcd10992405ed7e7
Author: Jelmer Vernooij jel...@samba.org
Date:   Thu Nov 11 23:19:30 2010 +0100

Test both cache and non-cache versions.

---

Summary of changes:
 buildfarm/tests/test_data.py |   66 +
 1 files changed, 46 insertions(+), 20 deletions(-)


Changeset truncated at 500 lines:

diff --git a/buildfarm/tests/test_data.py b/buildfarm/tests/test_data.py
index d576fb3..9a5f867 100755
--- a/buildfarm/tests/test_data.py
+++ b/buildfarm/tests/test_data.py
@@ -17,7 +17,6 @@
 
 from cStringIO import StringIO
 import os
-import tempfile
 import testtools
 import time
 import unittest
@@ -34,25 +33,13 @@ class NonexistantTests(unittest.TestCase):
 Exception, data.BuildResultStore, somedirthatdoesn'texist, None)
 
 
-class BuildResultStoreTests(BuildFarmTestCase):
-
-def setUp(self):
-super(BuildResultStoreTests, self).setUp()
-
-self.x = data.CachingBuildResultStore(
-os.path.join(self.path, data, oldrevs),
-os.path.join(self.path, cache))
+class BuildResultStoreTestBase(object):
 
 def test_build_fname(self):
 self.assertEquals(
 self.x.build_fname(mytree, myhost, cc, 123),
 %s/data/oldrevs/build.mytree.myhost.cc-123 % self.path)
 
-def test_cache_fname(self):
-self.assertEquals(
-self.x.cache_fname(mytree, myhost, cc, 123),
-%s/cache/build.mytree.myhost.cc-123 % self.path)
-
 def test_build_age_mtime(self):
 path = self.create_mock_logfile(tdb, charis, cc, 12)
 # Set mtime to something in the past
@@ -119,6 +106,31 @@ error3)
 self.assertEquals(3, build.err_count())
 
 
+
+class BuildResultStoreTests(BuildFarmTestCase,BuildResultStoreTestBase):
+
+def setUp(self):
+super(BuildResultStoreTests, self).setUp()
+
+self.x = data.BuildResultStore(
+os.path.join(self.path, data, oldrevs))
+
+
+class CachingBuildResultStoreTests(BuildFarmTestCase,BuildResultStoreTestBase):
+
+def setUp(self):
+super(CachingBuildResultStoreTests, self).setUp()
+
+self.x = data.CachingBuildResultStore(
+os.path.join(self.path, data, oldrevs),
+os.path.join(self.path, cache))
+
+def test_cache_fname(self):
+self.assertEquals(
+self.x.cache_fname(mytree, myhost, cc, 123),
+%s/cache/build.mytree.myhost.cc-123 % self.path)
+
+
 class BuildStatusFromLogs(testtools.TestCase):
 
 def parse_logs(self, log, err):
@@ -252,21 +264,35 @@ class BuildStatusTest(testtools.TestCase):
 self.assertEquals(cmp(d, e), -1)
 
 
-class UploadBuildResultStoreTests(BuildFarmTestCase):
+class UploadBuildResultStoreTestBase(object):
+
+def test_build_fname(self):
+self.assertEquals(
+self.x.build_fname(mytree, myhost, cc),
+%s/data/upload/build.mytree.myhost.cc % self.path)
+
+
+class 
UploadBuildResultStoreTests(UploadBuildResultStoreTestBase,BuildFarmTestCase):
 
 def setUp(self):
 super(UploadBuildResultStoreTests, self).setUp()
 
+self.x = data.UploadBuildResultStore(
+os.path.join(self.path, data, upload))
+
+
+class 
CachingUploadBuildResultStoreTests(UploadBuildResultStoreTestBase,BuildFarmTestCase):
+
+def setUp(self):
+super(CachingUploadBuildResultStoreTests, self).setUp()
+
 self.x = data.CachingUploadBuildResultStore(
 os.path.join(self.path, data, upload),
 os.path.join(self.path, cache))
 
-def test_build_fname(self):
-self.assertEquals(
-self.x.build_fname(mytree, myhost, cc),
-%s/data/upload/build.mytree.myhost.cc % self.path)
-
 def test_cache_fname(self):
 self.assertEquals(
 self.x.cache_fname(mytree, myhost, cc),
 %s/cache/build.mytree.myhost.cc % self.path)
+
+


-- 
build.samba.org

[SCM] build.samba.org - branch master updated

[Jelmer Vernooij]

The branch, master has been updated
   via  0d80220 Add tests for BuildFarm.get_build().
  from  d3fe741 Test both cache and non-cache versions.

http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master


- Log -
commit 0d802201adfe505c31eb4b32be3e3d8337d692cd
Author: Jelmer Vernooij jel...@samba.org
Date:   Thu Nov 11 23:24:28 2010 +0100

Add tests for BuildFarm.get_build().

---

Summary of changes:
 buildfarm/tests/test_buildfarm.py |   18 ++
 1 files changed, 18 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/buildfarm/tests/test_buildfarm.py 
b/buildfarm/tests/test_buildfarm.py
index 4cec0b7..86e249a 100644
--- a/buildfarm/tests/test_buildfarm.py
+++ b/buildfarm/tests/test_buildfarm.py
@@ -93,6 +93,24 @@ class BuildFarmTestBase(object):
 self.assertEquals(git://foo, tree.repo)
 self.assertEquals(master, tree.branch)
 
+def test_get_build_rev(self):
+path = self.create_mock_logfile(tdb, charis, cc, 12,
+contents=This is what a log file looks like.)
+build = self.x.get_build(tdb, charis, cc, 12)
+self.assertEquals(tdb, build.tree)
+self.assertEquals(charis, build.host)
+self.assertEquals(cc, build.compiler)
+self.assertEquals(12, build.rev)
+
+def test_get_build_no_rev(self):
+path = self.create_mock_logfile(tdb, charis, cc, 
+contents=This is what a log file looks like.)
+build = self.x.get_build(tdb, charis, cc)
+self.assertEquals(tdb, build.tree)
+self.assertEquals(charis, build.host)
+self.assertEquals(cc, build.compiler)
+self.assertIs(None, build.rev)
+
 
 class BuildFarmTests(BuildFarmTestBase, BuildFarmTestCase):
 


-- 
build.samba.org

[SCM] build.samba.org - branch master updated

[Jelmer Vernooij]

The branch, master has been updated
   via  ed1f580 Test upload_build.
  from  0d80220 Add tests for BuildFarm.get_build().

http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master


- Log -
commit ed1f580fed5b2ca31fb0d879efdd291b4859084f
Author: Jelmer Vernooij jel...@samba.org
Date:   Fri Nov 12 00:21:28 2010 +0100

Test upload_build.

---

Summary of changes:
 buildfarm/__init__.py|8 ++--
 buildfarm/data.py|   34 +++---
 buildfarm/tests/test_data.py |   15 +++
 3 files changed, 40 insertions(+), 17 deletions(-)


Changeset truncated at 500 lines:

diff --git a/buildfarm/__init__.py b/buildfarm/__init__.py
index fdb197c..3bbfe4f 100644
--- a/buildfarm/__init__.py
+++ b/buildfarm/__init__.py
@@ -39,7 +39,11 @@ class Tree(object):
 
 
 def read_trees_from_conf(path):
-Read trees from a configuration file.
+Read trees from a configuration file.
+
+:param path: tree path
+:return: Dictionary with trees
+
 ret = {}
 cfp = ConfigParser.ConfigParser()
 cfp.readfp(open(path))
@@ -182,5 +186,5 @@ class CachingBuildFarm(BuildFarm):
 
 perc = super(CachingBuildFarm, self).lcov_status(tree)
 if not self.readonly:
-util.FileSave(cachefile, ret)
+util.FileSave(cachefile, perc)
 return perc
diff --git a/buildfarm/data.py b/buildfarm/data.py
index 0e09b13..26f2775 100644
--- a/buildfarm/data.py
+++ b/buildfarm/data.py
@@ -169,16 +169,13 @@ class Build(object):
 A single build of a tree on a particular host using a particular 
compiler.
 
 
-def __init__(self, store, tree, host, compiler, rev=None):
+def __init__(self, store, basename, tree, host, compiler, rev=None):
 self._store = store
+self.basename = basename
 self.tree = tree
 self.host = host
 self.compiler = compiler
 self.rev = rev
-if rev is None:
-self.basename = self._store.build_fname(self.tree, self.host, 
self.compiler)
-else:
-self.basename = self._store.build_fname(self.tree, self.host, 
self.compiler, self.rev)
 
 ###
 # the mtime age is used to determine if builds are still happening
@@ -365,10 +362,11 @@ class UploadBuildResultStore(object):
 return False
 
 def get_build(self, tree, host, compiler):
-logf = self.build_fname(tree, host, compiler) + .log
+basename = self.build_fname(tree, host, compiler)
+logf = %s.log % basename
 if not os.path.exists(logf):
 raise NoSuchBuildError(tree, host, compiler)
-return Build(self, tree, host, compiler)
+return Build(self, basename, tree, host, compiler)
 
 
 class CachingUploadBuildResultStore(UploadBuildResultStore):
@@ -386,10 +384,11 @@ class 
CachingUploadBuildResultStore(UploadBuildResultStore):
 return os.path.join(self.cachedir, build.%s.%s.%s % (tree, host, 
compiler))
 
 def get_build(self, tree, host, compiler):
-logf = self.build_fname(tree, host, compiler) + .log
+basename = self.build_fname(tree, host, compiler)
+logf = %s.log % basename
 if not os.path.exists(logf):
 raise NoSuchBuildError(tree, host, compiler)
-return CachingBuild(self, tree, host, compiler)
+return CachingBuild(self, basename, tree, host, compiler)
 
 
 class BuildResultStore(object):
@@ -403,10 +402,11 @@ class BuildResultStore(object):
 self.path = path
 
 def get_build(self, tree, host, compiler, rev):
-logf = self.build_fname(tree, host, compiler, rev) + .log
+basename = self.build_fname(tree, host, compiler, rev)
+logf = %s.log % basename
 if not os.path.exists(logf):
 raise NoSuchBuildError(tree, host, compiler, rev)
-return Build(self, tree, host, compiler, rev)
+return Build(self, basename, tree, host, compiler, rev)
 
 def build_fname(self, tree, host, compiler, rev):
 get the name of the build file
@@ -442,10 +442,13 @@ class BuildResultStore(object):
 if commit_rev is not None:
 rev = commit_rev
 
+if not rev:
+raise Exception(Unable to find revision in %r log % build)
+
 new_basename = self.build_fname(build.tree, build.host, 
build.compiler, rev)
-os.rename(build.basename+.log, new_basename+.log)
+os.link(build.basename+.log, new_basename+.log)
 if os.path.exists(build.basename+.err):
-os.rename(build.basename+.err, new_basename+.err)
+os.link(build.basename+.err, new_basename+.err)
 
 # FIXME:
 # $st = $dbh-prepare(INSERT INTO build (tree, revision, 
commit_revision, host, compiler, checksum, age, status) VALUES (?, ?, ?, ?, ?, 
?, ?, ?))
@@ -475,10 +478,11 @@ 

[SCM] build.samba.org - branch master updated

[Matthieu Patou]

The branch, master has been updated
   via  c1e3f3d print the return code value as it can help debug
  from  ed1f580 Test upload_build.

http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master


- Log -
commit c1e3f3d482138c9671d56e0ed11733dad7ac69e7
Author: Matthieu Patou m...@matws.net
Date:   Fri Nov 12 03:17:47 2010 +0300

print the return code value as it can help debug

---

Summary of changes:
 build_test.fns |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/build_test.fns b/build_test.fns
index 7ed0ed0..b5cb715 100644
--- a/build_test.fns
+++ b/build_test.fns
@@ -781,6 +781,7 @@ test_tree() {
 
if [ $action_status != 0 ]; then
echo ACTION FAILED: $action;
+   echo  return code $action_status $action;
else
echo ACTION PASSED: $action;
fi


-- 
build.samba.org

Build status as of Fri Nov 12 07:00:01 2010

[build]

URL: http://build.samba.org/

--- /home/build/master/cache/broken_results.txt.old 2010-11-11 
00:00:03.0 -0700
+++ /home/build/master/cache/broken_results.txt 2010-11-12 00:00:04.0 
-0700
@@ -1,4 +1,4 @@
-Build status as of Thu Nov 11 07:00:02 2010
+Build status as of Fri Nov 12 07:00:01 2010
 
 Build counts:
 Tree Total  Broken Panic 
@@ -13,10 +13,10 @@
 rsync37 15 0 
 samba-docs   0  0  0 
 samba-web0  0  0 
-samba_3_current 37 33 1 
+samba_3_current 37 27 1 
 samba_3_master 37 20 0 
-samba_3_next 37 35 0 
-samba_4_0_test 42 33 2 
+samba_3_next 37 36 0 
+samba_4_0_test 42 37 0 
 talloc   37 16 0 
 tdb  35 13 0