Re: [Samba] removing windows 2003 from samba4
Hello Alan, Hello! I've setup last version of samba on git repositories, Samba version 4.0.0alpha16-GIT-43ab5aa and joined a windows 2003 as a additional domain controller, but when i try to remove these domain controller with dcpromo command appears the following error on log.samba: [2011/06/07 00:18:55, 0] ../source4/dsdb/repl/drepl_out_helpers.c:765(dreplsrv_update_refs_done) UpdateRefs failed with WERR_DS_DRA_BUSY/NT code 0xc00020f6 for f34e07bd-b0b9-4398-84ca-b3f030a33ef9._msdcs.samba4.casa CN=Schema,CN=Configuration,DC=samba4,DC=casa Did you wait for a couple of minutes (1 or 2 hours maybe) for the sync to settle ? also did you transfer roles to the samba4 DC ? In anycase you should restart samba with a higher log level so that we can have more information. If needed pop up in #samba-technical for more real time support. Matthieu. -- Matthieu Patou Samba Teamhttp://samba.org Private repo http://git.samba.org/?p=mat/samba.git;a=summary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] On Samba4
Hi, I'm running Samba4 alpha 12 as the only DC and file server on my local network. It is working well. After the initial setup, everything can be managed from a Windows workstation. Functions I've tried so far: - Group policy objects - Adding / removing users - Roaming profiles - DNS updates Essentially the main functions you would expect from a Win 2k3 server will be there. It's been almost 10 months since I installed it, and it's been smooth sailing so far. Some features have been added / tweaked with the latest alpha 14, but I have not kept up to date. On Mon, Jun 6, 2011 at 6:20 PM, Mauricio Tavares raubvo...@gmail.comwrote: I keep hearing Samba 4 is not ready to be used. Can anyone elaborate on its current status? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] On Samba4
Em 07-06-2011 06:04, titantopp...@gmail.com escreveu: I'm running Samba4 alpha 12 as the only DC and file server on my local network. Pure Samba4 or the Franky (3 + 4) thing? It is working well. After the initial setup, everything can be managed from a Windows workstation. Functions I've tried so far: - Group policy objects - Adding / removing users - Roaming profiles - DNS updates Essentially the main functions you would expect from a Win 2k3 server will be there. It's been almost 10 months since I installed it, and it's been smooth sailing so far. On Mon, Jun 6, 2011 at 6:20 PM, Mauricio Tavaresraubvo...@gmail.comwrote: I keep hearing Samba 4 is not ready to be used. Can anyone elaborate on its current status? -- *Marcio Merlone* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] On Samba4
On 7 June 2011 12:57, Marcio Merlone marcio.merl...@a1.ind.br wrote: Em 07-06-2011 06:04, titantopp...@gmail.com escreveu: I'm running Samba4 alpha 12 as the only DC and file server on my local network. Pure Samba4 or the Franky (3 + 4) thing? If you build from current Git it compiles both Samba 3 and Samba 4. I believe the idea is that Samba 4 will be just the Active Directory functionality while Samba 3 will be the file/print server (and I suppose WINS). I have not tried this combined Samba, because my Samba 4 installation has been working fine for a few months. I am not using it for file/print sharing. Only authentication. I do not have any workstations joined to the domain (except for testing purposes). It is working well. After the initial setup, everything can be managed from a Windows workstation. Functions I've tried so far: - Group policy objects - Adding / removing users - Roaming profiles - DNS updates Essentially the main functions you would expect from a Win 2k3 server will be there. It's been almost 10 months since I installed it, and it's been smooth sailing so far. On Mon, Jun 6, 2011 at 6:20 PM, Mauricio Tavaresraubvo...@gmail.comwrote: I keep hearing Samba 4 is not ready to be used. Can anyone elaborate on its current status? -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Access problem: root Ok, but not home
I've just done an out-of-the-box RHEL6 (SL6, actually) install, but can't get the Samba config quite right. system-config-samba has gone in RHEL6, which hasn't helped. If I set up a root section: [root] comment = SL6 / path = / writeable = yes valid users = paul then I can access '/' from XP without problems. If I instead (or as well) set up a section for myself: [paul] comment = SL6 /home/paul path = /home/paul writeable = yes valid users = paul Then I can't access the 'paul' share from XP, even though I can access the 'root' share. When using the root share, I can see the contents of home, but I can't get into /home/paul. I've tried this both with and without the standard [Homes] section; no difference. smbusers contains the (extra) line 'paul = paul'. My username and password are identical on XP and SL6, and my smb password is the same. This is a small local workgroup; no domain. The samba logfile doesn't complain when I try to access the paul share: [2011/06/07 12:56:56.865835, 1] smbd/service.c:1070(make_connection_snum) puffin (:::192.168.1.105) connect to service paul initially as user paul (uid=500, gid=500) but when I double-click on the share from Windows explorer, I get a pop-up saying \\SL6\paul is not accessible, yada. Any ideas? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] WINS and browse list on multiple subnet architecture
Hello, As subject says I am working on browsing and access servers, which are dispatched on two subnet, in one workgroup named WORKGROUP. First here the network : ( I don' t use ASCI art 'cause I am not an expert on that and it may not be printed as it was emailed. ) So, there is five machine : - one, under debian 6, which is the gateway - two, under debian 6, samba server = one per subnet - two, under windows xp sp2, client and two network : - 192.168.52.0/24 - 192.168.53.0/24 The gateway is very simple, it just a fresh minimal install from a debian 6.0 business card CD with two network interface and the sysctl net.ipv4.ip_forward set to 1 in sysctl.conf. No firewall is running on this gateway so all packet (except broadcast) from subnet 1 to subnet 2 pass through and vice versa (tested with ping command). His IP address are 192.168.52.254 for subnet 1 et 192.168.53.254 for subnet 2. The two samba server : Both of then are fresh installed as the gateway but with only one network interface. Samba was installed with debian package and version is 3.5.6 IPv6 has been disable on those server with this method (wiki.debian.org/DebianIPv6#How_to_turn_off_IPv6) = /echo net.ipv6.conf.all.disable_ipv6=1 /etc/sysctl.d/disableipv6.conf/ They don' t server any printer or file share, configuration file include only global section. WINSGW is the wins server, domain master browser, local master browser. WINSGW2 is only local master browser. Des conseils sur : interfaces, remote announce, remote browse sync I understand this, may be I get it wrong ! Local Master Browser is the computer on each subnet which manage a list of computer by the help of broadcast message from all other computer on the same subnet. But it don't share this list. Domain Master Browser (WORKGROUP#1B) is used to share this list of computer for each workgroup and is also a local master browser for his subnet (if their isn't an other). Any LMB must talk to this DMB to sync their browse list. WINS server is used to resolve NetBIOS Name and their should be only one for the whole network. Only port 137, 138 and 139 are used to browse and get IP address. So when client boot up send using brodcast their server announcement (share, messenger, user logged) on the local subnet and the LMB interpret them. After they give their IP address to the WINS server. With no wins server (nor xp client, nor samba configuration) used each subnet can see (browse) and can access (sahre) all other computer on the same subnet. Now, the idea is to make computer on each subnet must see computer on the other one with the help of WINS and master roles. I don't make this works. I don' t know where to place remote announce, remote browse sync and which parameter for each and I am not shure about wins support, wins server and 'interfaces. interfaces only contain local IP, or they must contain network address of each subnet where the workgroup is ? In my case WINSGW2 can' t solve WORKGROUP#1B (DMB) to an IP address and can' t sync his browse list. Does the wins server should not run any king of master browser ? It seems that query a wins server about himself don' t generate answer. I would get advice about previous parameters to understand what they means, should done and how. Does any one has ever worked with this kind of architecture ? Thank you. Here extract of the log on WINSGW2 : [2011/06/07 11:48:57.039190, 0] nmbd/nmbd_browsesync.c:350(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name WORKGROUP1b for the workgroup WORKGROUP. Unable to sync browse lists in this workgroup. and [2011/06/07 11:49:58.747925, 3] nmbd/nmbd_incomingdgrams.c:378(process_master_browser_announce) process_master_browser_announce: Local master announce from WINSGW IP 192.168.52.253. [2011/06/07 11:49:58.747985, 0] nmbd/nmbd_incomingdgrams.c:382(process_master_browser_announce) process_master_browser_announce: Not configured as domain master - ignoring master announce. Here are configuration of samba server and XP client. WINSGW address = 192.168.52.253 netmask = 255.255.255.0 gateway = 192.168.52.254 Global section : workgroup = WORKGROUP server string = %h server wins support = yes remote browse sync = 192.168.53.253 dns proxy = no name resolve order = wins lmhosts host bcast interfaces = 127.0.0.0/8 192.168.52.253/24 local master = yes domain master = yes domain logons = no preferred master = yes os level = 65 log level = 3 log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 security = user encrypt passwords = true passdb backend = tdbsam WINSGW2 address = 192.168.53.253 netmask = 255.255.255.0 gateway = 192.168.53.254 Global section : workgroup = WORKGROUP server string = %h server wins support = no
Re: [Samba] Samba vs Linux file permissions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/03/2011 03:55 PM, Robert W. Smith wrote: John, Were you using Samba 3.4.6 prior to this? If so, here is the release note for 3.4.7: No, I started with 3.4.7. ... Unfortunately as I do not have an Ubuntu Server 10.04 I can not experiment with this to help pinpoint an answer for you. Sorry. Thanks for considering it. I'm experimenting with as many scenarios as I can think of. I've just learned that all of my problems are related to MY account. When I use any other user (test accounts, real users) it works fine. So, it looks like Samba is probably behaving properly and that my LDAP account or something to do with PAM (grabbing at anything here) is the problem. Thanks for trying to help. John - -- * - - - - * - - - - * - - - - * - - - - * - - - - * - - - - * - - - - * John Maher Senior Systems and Network Administrator Department of Biochemistry Molecular Biology and Department of Chemistry University of Massachusetts - Amherst voice: 413-577-3120 fax: 413-545-4490 OpenPGP Key ID: 0x2970A144 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3uNHcACgkQG+X1pClwoUTx/QCfUMGBktyPTOHQss6Eit/8WqvP KQ0AoMMvjKjelklobh5vi//sUUsuVnfR =SrHa -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] On Samba4
On Tue, Jun 7, 2011 at 5:04 AM, titantopp...@gmail.com wrote: Hi, I'm running Samba4 alpha 12 as the only DC and file server on my local network. It is working well. After the initial setup, everything can be managed from a Windows workstation. Functions I've tried so far: - Group policy objects - Adding / removing users - Roaming profiles - DNS updates Essentially the main functions you would expect from a Win 2k3 server will be there. It's been almost 10 months since I installed it, and it's been smooth sailing so far. Some features have been added / tweaked with the latest alpha 14, but I have not kept up to date. What you have there is exactly all I want to do. I might need to harass you for any details. My main question right now has to do with DNS and DHCP: since the box is running bind, must it be the master for that zone? After all, I already have a happy dns/dhcp server. Can I get away making the samba4 box a slave bind box and just add the relevant options (netbios-whatever) to my current dhcp? On Mon, Jun 6, 2011 at 6:20 PM, Mauricio Tavares raubvo...@gmail.comwrote: I keep hearing Samba 4 is not ready to be used. Can anyone elaborate on its current status? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] On Samba4
Hi, I'd be most happy to answer any questions you may have, though fair warning: my version of Samba is kind of outdated (alpha 12), so what worked for me might not work for you. I'm not too familiar with offloading the DNS service to another computer; as you may have surmised, my setup has the DNS on the Samba server. I think the main thing about having a DNS server is getting it to accept updates from clients (dynamic DNS updates for browsing). I believe I am running a pure S4 setup; I recall that the S3+S4 thing confused me mightily at the beginning. I'd have to check to make sure though; how can I do this? On Tue, Jun 7, 2011 at 10:35 PM, Mauricio Tavares raubvo...@gmail.comwrote: On Tue, Jun 7, 2011 at 5:04 AM, titantopp...@gmail.com wrote: Hi, I'm running Samba4 alpha 12 as the only DC and file server on my local network. It is working well. After the initial setup, everything can be managed from a Windows workstation. Functions I've tried so far: - Group policy objects - Adding / removing users - Roaming profiles - DNS updates Essentially the main functions you would expect from a Win 2k3 server will be there. It's been almost 10 months since I installed it, and it's been smooth sailing so far. Some features have been added / tweaked with the latest alpha 14, but I have not kept up to date. What you have there is exactly all I want to do. I might need to harass you for any details. My main question right now has to do with DNS and DHCP: since the box is running bind, must it be the master for that zone? After all, I already have a happy dns/dhcp server. Can I get away making the samba4 box a slave bind box and just add the relevant options (netbios-whatever) to my current dhcp? On Mon, Jun 6, 2011 at 6:20 PM, Mauricio Tavares raubvo...@gmail.com wrote: I keep hearing Samba 4 is not ready to be used. Can anyone elaborate on its current status? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7/Vista problem with offline files synchronization - samba 3.5.4 domain controller
While using SAMBA 3.5.4 as a primary domain controller for Windows Workstations I have problems with offline files synchronization. While using Windows XP everything works great, there is still no problems with machines with XP. Problems started with Vista Business, there is a lot of synchronization conflicts. Windows 7 also have problems with proper offline files synchronization. Most synchro errors states The process cannot access the file because it is being used by another process or some other strange synchro conflicts. Here is my output of smb.conf and smb-homes.conf files. Anyone with working synchronization with Vista Windows 7 please help, it's very important to me to get it to work. Please examine this configuration and try to discover witch specific Win7/Vista options are missed or misconfigured. ---smb.conf [global] # basic configuration workgroup = WORK netbios name = company server string = file server security = user max smbd processes = 1000 max open files = 164040 # settings for Windows 98 lanman auth = yes client lanman auth = yes client plaintext auth = yes # logs log file = /var/log/samba/samba.%m log level = 1 max log size = 1024 # primary WINS server wins support = yes # Primary Domain Controller domain master = yes domain logons = yes local master = yes preferred master = yes os level = 65 logon script = %U.bat # Polish character encoding unix charset = UTF8 display charset = UTF8 dos charset = CP852 # password backend passdb backend = tdbsam # printers printing = bsd printcap name = /dev/null load printers = no disable spoolss = yes # optimalization wide links = no # managing users add user script = /usr/sbin/useradd -d /dev/null -s /bin/false -g pdc-users '%u' delete user script = /usr/sbin/userdel '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/bin/gpasswd -a '%u' '%g' delete user from group script = /usr/bin/gpasswd -d '%u' '%g' set primary group script = /usr/sbin/usermod -g '%g' '%u' add machine script = /usr/sbin/useradd -g machines -c Komputer -d /dev/null -s /bin/false '%u' [netlogon] path = /home/samba-netlogon writeable = no browseable = no guest ok = no [profiles] path = /home/samba-profiles writeable = yes browseable = no guest ok = no [programs] comment = programs, updates, drivers... writeable = no browseable = yes guest ok = yes write list = @pdc-admins create mode = 666 directory mode = 777 path = /home/samba-software [cut...] ---smb-homes.conf [user1-xp] writeable = no browseable = no path = /home/samba-homes/user1-xp valid users = @pdc-admins user1-xp write list = @pdc-admins user1-xp create mode = 660 directory mode = 770 [user2-win7] writeable = no browseable = no path = /home/samba-homes/user2-win7 valid users = @pdc-admins user2-win7 write list = @pdc-admins user2-win7 create mode = 660 directory mode = 770 [user3-vista] writeable = no browseable = no path = /home/samba-homes/user3-vista valid users = @pdc-admins user3-vista write list = @pdc-admins user3-vista create mode = 660 directory mode = 770 [cut...] --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] On Samba4
On Tue, Jun 7, 2011 at 10:56 AM, titantopp...@gmail.com wrote: Hi, I'd be most happy to answer any questions you may have, though fair warning: my version of Samba is kind of outdated (alpha 12), so what worked for me might not work for you. Well, I am ashamed to say I too am running right now alpha 12 because that is what came in ubuntu 10.10. So, hopefully I should be able to duplicate your stuff ;) I'm not too familiar with offloading the DNS service to another computer; as you may have surmised, my setup has the DNS on the Samba server. I think the main thing about having a DNS server is getting it to accept updates from clients (dynamic DNS updates for browsing). Right now my normal DNS server can do the dynamic dns updates. I am, however, wondering which other things I need to provide. For instance, I would expect stuff like netbios-node-type and netbios-name-servers can be provided by my current dhcp server without hurting the samba4 AD behaviour. I could be wrong... I believe I am running a pure S4 setup; I recall that the S3+S4 thing confused me mightily at the beginning. I'd have to check to make sure though; how can I do this? Let me know because I too would like to know in my own setup. On Tue, Jun 7, 2011 at 10:35 PM, Mauricio Tavares raubvo...@gmail.comwrote: On Tue, Jun 7, 2011 at 5:04 AM, titantopp...@gmail.com wrote: Hi, I'm running Samba4 alpha 12 as the only DC and file server on my local network. It is working well. After the initial setup, everything can be managed from a Windows workstation. Functions I've tried so far: - Group policy objects - Adding / removing users - Roaming profiles - DNS updates Essentially the main functions you would expect from a Win 2k3 server will be there. It's been almost 10 months since I installed it, and it's been smooth sailing so far. Some features have been added / tweaked with the latest alpha 14, but I have not kept up to date. What you have there is exactly all I want to do. I might need to harass you for any details. My main question right now has to do with DNS and DHCP: since the box is running bind, must it be the master for that zone? After all, I already have a happy dns/dhcp server. Can I get away making the samba4 box a slave bind box and just add the relevant options (netbios-whatever) to my current dhcp? On Mon, Jun 6, 2011 at 6:20 PM, Mauricio Tavares raubvo...@gmail.com wrote: I keep hearing Samba 4 is not ready to be used. Can anyone elaborate on its current status? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Disk free space, quotas and GPFS
I am migrating the main file servers at work onto a new storage platform based on GPFS. I am using RHEL 5.6 with the samba3x packages (aka 3.5.4) recompiled to get the vfs_gpfs and tsmsm modules, with a couple of extra patches to vfs_gpfs module to bring it 3.5.8 level. It is running with ctdb against Windows AD 2008 R2 domain controllers with all the idmapping been held in the AD. In order to get robust and frankly usable quotas we are making extensive use of filesets (think directory quotas and you won't go far wrong). Basically every share is in a fileset of it's own including all the users home directories. All the filesets have a quota attached to them. What I would like is to have the disk size and usage reported by windows to be quota limit and usage for the fileset, rather than for the entire file system as at over 100TB it is somewhat misleading. I thought I would be able to use the dfree command option of smb.conf to report the correct information gathered through a script of some description. Unfortunately even with a simple shell script that echos a couple of numbers is owned by root and has permissions 700 does nothing (I still see numbers for the entire file system not the specific share) and I can see nothing in the samba logs even at log level 5. Am I doing something wrong or is this bust? I tried making it work with a plain CentOS 5.6 with straight samba packages on ext3 with similar results. Alternatively would it be possible to add some quota support to vfs_gpfs to make this work? There are plenty of errors of the form [2011/06/07 15:53:15.672182, 3] lib/sysquotas.c:453(sys_get_quota) sys_get_vfs_quota() failed for mntpath[/lifesci] bdev[/dev/lifesci] qtype[2] id[9651]: No such device I am guessing that standard quota calls don't work on GPFS file systems. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] WINS and browse list on multiple subnet architecture
From: samba tmpmbox samba-l...@tmpmbox.no-ip.org Date: Tue, 07 Jun 2011 16:00:48 +0200 (snip) Now, the idea is to make computer on each subnet must see computer on the other one with the help of WINS and master roles. I don't make this works. Simply to set below and try: WINSGW Global section : workgroup = WORKGROUP wins support = yes #remote browse sync = 192.168.53.253 local master = yes domain master = yes domain logons = no preferred master = yes os level = 65 WINSGW2 Global section : workgroup = WORKGROUP wins server = 193.168.52.253 #remote browse sync = 192.168.52.253 #remote announce = 192.168.52.253/WORKGROUP local master = yes domain master = no domain logons = no preferred master = yes os level = 65 You do not need to set remote browse sync nor remote announce. Several years ago I examined this setting against Samba 3.0.x (perlaps 3.0.7) and worked well, although I have not yet examined with Samba 3.5.6. Remember that you need to configure that Samba server (not Windows) must be a LMB on each subnet or set DMB as PDC to set domain logons = yes. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Disk free space, quotas and GPFS
On Tue, Jun 07, 2011 at 04:10:43PM +0100, Jonathan Buzzard wrote: I am migrating the main file servers at work onto a new storage platform based on GPFS. I am using RHEL 5.6 with the samba3x packages (aka 3.5.4) recompiled to get the vfs_gpfs and tsmsm modules, with a couple of extra patches to vfs_gpfs module to bring it 3.5.8 level. It is running with ctdb against Windows AD 2008 R2 domain controllers with all the idmapping been held in the AD. In order to get robust and frankly usable quotas we are making extensive use of filesets (think directory quotas and you won't go far wrong). Basically every share is in a fileset of it's own including all the users home directories. All the filesets have a quota attached to them. What I would like is to have the disk size and usage reported by windows to be quota limit and usage for the fileset, rather than for the entire file system as at over 100TB it is somewhat misleading. I thought I would be able to use the dfree command option of smb.conf to report the correct information gathered through a script of some description. Unfortunately even with a simple shell script that echos a couple of numbers is owned by root and has permissions 700 does nothing (I still see numbers for the entire file system not the specific share) and I can see nothing in the samba logs even at log level 5. dfree should work fine. I'd persue this avenue. Am I doing something wrong or is this bust? I tried making it work with a plain CentOS 5.6 with straight samba packages on ext3 with similar results. Alternatively would it be possible to add some quota support to vfs_gpfs to make this work? There are plenty of errors of the form [2011/06/07 15:53:15.672182, 3] lib/sysquotas.c:453(sys_get_quota) sys_get_vfs_quota() failed for mntpath[/lifesci] bdev[/dev/lifesci] qtype[2] id[9651]: No such device I am guessing that standard quota calls don't work on GPFS file systems. Probably true. If you know how GPFS reports quotas we can add the code for a later release. We have quota hooks in the Samba VFS, so we could add this to the gpfs vfs module. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] On Samba4
While Samba 4 is still alpha, the samba-technical list is more appropriate for this sort of discussion. I have copied my reply there. On 7 June 2011 17:12, Mauricio Tavares raubvo...@gmail.com wrote: On Tue, Jun 7, 2011 at 10:56 AM, titantopp...@gmail.com wrote: Hi, I'd be most happy to answer any questions you may have, though fair warning: my version of Samba is kind of outdated (alpha 12), so what worked for me might not work for you. Well, I am ashamed to say I too am running right now alpha 12 because that is what came in ubuntu 10.10. So, hopefully I should be able to duplicate your stuff ;) I'm not too familiar with offloading the DNS service to another computer; as you may have surmised, my setup has the DNS on the Samba server. I think the main thing about having a DNS server is getting it to accept updates from clients (dynamic DNS updates for browsing). Right now my normal DNS server can do the dynamic dns updates. I am, however, wondering which other things I need to provide. For instance, I would expect stuff like netbios-node-type and netbios-name-servers can be provided by my current dhcp server without hurting the samba4 AD behaviour. I could be wrong... I believe I am running a pure S4 setup; I recall that the S3+S4 thing confused me mightily at the beginning. I'd have to check to make sure though; how can I do this? Let me know because I too would like to know in my own setup. On Tue, Jun 7, 2011 at 10:35 PM, Mauricio Tavares raubvo...@gmail.comwrote: On Tue, Jun 7, 2011 at 5:04 AM, titantopp...@gmail.com wrote: Hi, I'm running Samba4 alpha 12 as the only DC and file server on my local network. It is working well. After the initial setup, everything can be managed from a Windows workstation. Functions I've tried so far: - Group policy objects - Adding / removing users - Roaming profiles - DNS updates Essentially the main functions you would expect from a Win 2k3 server will be there. It's been almost 10 months since I installed it, and it's been smooth sailing so far. Some features have been added / tweaked with the latest alpha 14, but I have not kept up to date. What you have there is exactly all I want to do. I might need to harass you for any details. My main question right now has to do with DNS and DHCP: since the box is running bind, must it be the master for that zone? After all, I already have a happy dns/dhcp server. Can I get away making the samba4 box a slave bind box and just add the relevant options (netbios-whatever) to my current dhcp? On Mon, Jun 6, 2011 at 6:20 PM, Mauricio Tavares raubvo...@gmail.com wrote: I keep hearing Samba 4 is not ready to be used. Can anyone elaborate on its current status? -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba Digest, Vol 102, Issue 7
I am currently on annual leave. I will be back in the office on Friday 10th June 2011. If you have an urgent matter needing attention, it may be prudent to contact the ITSC main number 01236 757600. Thanks. -- Andrew McNaughton ICT Network Support Officer Learning Leisure Services North Lanarkshire Council ** ICT TECHNICAL SERVICES CENTRE (ITSC) Towers Road, Airdrie, North Lanarkshire ML6 8PG email: and...@nleducation.org.uk ** --- This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error, please notify the System Manager and thereafter delete the e-mail from your system. The System Manager may be contacted at postmas...@nleducation.org.uk E-mail transmission is not secure and information can be intercepted, corrupted, lost, destroyed, delayed or incomplete. The sender does not accept any liability for errors or omissions arising as a result of e-mail transmission or interception. Please note that incoming e-mails are routinely scanned for the purpose of detecting offensive or inappropriate materials. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] On Samba4
On 07/06/2011 19:12, Mauricio Tavares wrote: On Tue, Jun 7, 2011 at 10:56 AM,titantopp...@gmail.com wrote: Hi, I'd be most happy to answer any questions you may have, though fair warning: my version of Samba is kind of outdated (alpha 12), so what worked for me might not work for you. Well, I am ashamed to say I too am running right now alpha 12 because that is what came in ubuntu 10.10. So, hopefully I should be able to duplicate your stuff ;) Well I could just recommend you not to do so, there is more recent packages: https://launchpad.net/~samba-team/+archive/ppa I would really advocate to follow them or even better to get a very recent and build your own .deb based on the ppa package. Alpha 12 is _really_ old now, you'll miss a lot of new features like protected storage, dirsync, and a lot of bug fixes on replication, on password management and fixes on scalability (serving more than 1 LDAP request at a time ...). I'm not too familiar with offloading the DNS service to another computer; as you may have surmised, my setup has the DNS on the Samba server. I think the main thing about having a DNS server is getting it to accept updates from clients (dynamic DNS updates for browsing). Right now my normal DNS server can do the dynamic dns updates. I am, however, wondering which other things I need to provide. For instance, I would expect stuff like netbios-node-type and netbios-name-servers can be provided by my current dhcp server without hurting the samba4 AD behaviour. I could be wrong... So offloading DHCP on another server is not a problem at all, when it comes to DNS it's more problematic although you can cope with it. Why not creating a sub domain for your AD realm ? (ie. ad.mycompany.com). Matthieu. -- Matthieu Patou Samba Teamhttp://samba.org Private repo http://git.samba.org/?p=mat/samba.git;a=summary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Announce] Samba 3.6.0rc2 Available for Download
Release Announcements - This is the second release candidate of Samba 3.6.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Major enhancements in Samba 3.6.0 include: Changed security defaults - Samba 3.6 has adopted a number of improved security defaults that will impact on existing users of Samba. client ntlmv2 auth = yes client use spnego principal = no send spnego principal = no The impact of 'client ntlmv2 auth = yes' is that by default we will not use NTLM authentication as a client. This applies to the Samba client tools such as smbclient and winbind, but does not change the separately released in-kernel CIFS client. To re-enable the poorer NTLM encryption set '--option=clientusentlmv2auth=no' on your smbclient command line, or set 'client ntlmv2 auth = no' in your smb.conf The impact of 'client use spnego principal = no' is that we may be able to use Kerberos to communicate with a server less often in smbclient, winbind and other Samba client tools. We may fall back to NTLMSSP in more situations where we would previously rely on the insecure indication from the 'NegProt' CIFS packet. This mostly occursed when connecting to a name alias not recorded as a servicePrincipalName for the server. This indication is not available from Windows 2008 or later in any case, and is not used by modern Windows clients, so this makes Samba's behaviour consistent with other clients and against all servers. The impact of 'send spnego principal = no' is to match Windows 2008 and not to send this principal, making existing clients give more consistent behaviour (more likely to fall back to NTLMSSP) between Samba and Windows 2008, and between Windows versions that did and no longer use this insecure hint. SMB2 support SMB2 support in 3.6.0 is fully functional (with one omission), and can be enabled by setting: max protocol = SMB2 in the [global] section of your smb.conf and re-starting Samba. All features should work over SMB2 except the modification of user quotas using the Windows quota management tools. As this is the first release containing what we consider to be a fully featured SMB2 protocol, we are not enabling this by default, but encourage users to enable SMB2 and test it. Once we have enough confirmation from Samba users and OEMs that SMB2 support is stable in wide user testing we will enable SMB2 by default in a future Samba release. Internal Winbind passdb changes --- Winbind has been changed to use the internal samr and lsa rpc pipe to get local user and group information instead of calling passdb functions. The reason is to use more of our infrastructure and test this infrastructure by using it. With this approach more code in Winbind is shared. New Spoolss code The spoolss and the old RAP printing code have been completely overhauled and refactored. All calls from lanman/printing code has been changed to go through the spoolss RPC interfaces, this allows us to keep all checks in one place and avoid special cases in the main printing code. Printing code has been therefore confined within the spoolss code. All the printing code, including the spoolss RPC interfaces has been changed to use the winreg RPC interfaces to store all data. All data has been migrated from custom, arbitrary TDB files to the registry interface. This transition allow us to present correct data to windows client accessing the server registry through the winreg RPC interfaces to query for printer data. Data is served out from a real registry implementation and therefore arguably 100% forward compatible. Migration code from the previous TDB files formats is provided. This code is automatically invoked the first time the new code is run on the server. Although manual migration is also available using the 'net printer migrate' command. These changes not only make all the spoolss code much more closer to the spec, it also greatly improves our internal testing of both spoolss and winreg interfaces, and reduces overall code duplication. As part of this work, new tests have been also added to increase coverage. This code will also allow, in future, an easy transition to split out the spooling functions into a separate daemon for those OEMs that do not need printing functionality in their appliances, reducing the code footprint. ID Mapping Changes -- The id mapping configuration has been a source of much grief in the past. For this release, id mapping has been rewritten yet again with the goal of making the configuration more simple and more coherent while keeping the needed flexibility and even adding to the flexibility in some respects. The major change that implies the configuration simplifications is at the heart of the id mapping system: The
Re: [Samba] idmap backend = tdb2 is broken in Ubuntu / Debian
Quoting Christian PERRIER (bubu...@debian.org): The fix has been committed in the Debian package SVN. It will reach Debian unstable, then Ubuntu, when we upload a new release. A new package fixing this was uploaded in Debian unstable on Sunday June 5th. Package version is 2:3.5.8~dfsg-5. For Ubuntu, a resync with Debian unstable should fix the problem in the currently developed version whatever funky name it might have (I can't cope with Ubuntu release names!). A fix is probably needed for Ubuntu 11.04. I think that the diff between Debian 2:3.5.8~dfsg-4 and -5 should be OK. I'm not sure whether the problem is also in the current Ubuntu LTS. I'm awaiting for the Debian release managers approval for a fix to be uploaded for Debian stable. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Moving PDC
Hi all, We currently have a Fedora 11 machine (about to be upgraded to Fedora 15 though) running Samba 3.4.7 as our PDC and multiple BDC home servers running various versions of samba and OS. What I am needing is a fail proof way to migrate the PDC function off the current machine and onto another new fresh install. Currently our PDC is also the home server for one of our groups of employees. I want to migrate this off onto a separate BDC if possible leaving the PDC functions to be the only thing that machine does. The last time I attempted this it did not work correctly but that is only because I thought I could simply copy the config file over and start up samba. That was incorrect. What I need is a fool proof way to just make it work with minimal downtime for any of our users. We use OpenLDAP for domain authentication if that makes any difference. Before I have read that you demote and promote certain DC's to whatever function but not sure if that is the best way to do this. We have approximately 9 BDC home servers that are a mix of on our campus and some remote (all on our network though). I need the best way to not disrupt any of them if possible. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Reshare of a Samba mount
Hi, I am running a samba server that has two shares: i) Local directory ii) samba mount on NetApp Filer. The samba server is running on RHEL 5. There is a large transfer speed difference between the local directory and samba mount. I have run some tests and determined this is due to RHEL5 reshare of the samba. Does anyone have suggestions so that I can make this faster ? Thanks Will -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Reshare of a Samba mount
On Tue, Jun 7, 2011 at 3:27 PM, will ryder wjry...@me.com wrote: Hi, I am running a samba server that has two shares: i) Local directory ii) samba mount on NetApp Filer. The samba server is running on RHEL 5. There is a large transfer speed difference between the local directory and samba mount. I have run some tests and determined this is due to RHEL5 reshare of the samba. Does anyone have suggestions so that I can make this faster ? use a DFS link so that clients access the netapp cifs directly. re-sharing is always going to cause some sort of problems, performance is usually the least of them. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Reshare of a Samba mount
you should copy the list and yes. On Tue, Jun 7, 2011 at 3:47 PM, will ryder wjry...@me.com wrote: Can you have a DFS link and local directory shared ? Will On Jun 7, 2011, at 9:44 PM, Chris Weiss wrote: I think so On Tue, Jun 7, 2011 at 3:42 PM, will ryder wjry...@me.com wrote: Hi, Is this is the correct Manual to read : http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/msdfs.html On Jun 7, 2011, at 9:39 PM, Chris Weiss wrote: On Tue, Jun 7, 2011 at 3:27 PM, will ryder wjry...@me.com wrote: Hi, I am running a samba server that has two shares: i) Local directory ii) samba mount on NetApp Filer. The samba server is running on RHEL 5. There is a large transfer speed difference between the local directory and samba mount. I have run some tests and determined this is due to RHEL5 reshare of the samba. Does anyone have suggestions so that I can make this faster ? use a DFS link so that clients access the netapp cifs directly. re-sharing is always going to cause some sort of problems, performance is usually the least of them. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fwd: Reshare of a Samba mount
Begin forwarded message: From: Chris Weiss cwe...@gmail.com Date: June 7, 2011 9:48:47 PM GMT+01:00 To: samba samba@lists.samba.org Subject: Re: [Samba] Reshare of a Samba mount you should copy the list and yes. On Tue, Jun 7, 2011 at 3:47 PM, will ryder wjry...@me.com wrote: Can you have a DFS link and local directory shared ? Will On Jun 7, 2011, at 9:44 PM, Chris Weiss wrote: I think so On Tue, Jun 7, 2011 at 3:42 PM, will ryder wjry...@me.com wrote: Hi, Is this is the correct Manual to read : http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/msdfs.html On Jun 7, 2011, at 9:39 PM, Chris Weiss wrote: On Tue, Jun 7, 2011 at 3:27 PM, will ryder wjry...@me.com wrote: Hi, I am running a samba server that has two shares: i) Local directory ii) samba mount on NetApp Filer. The samba server is running on RHEL 5. There is a large transfer speed difference between the local directory and samba mount. I have run some tests and determined this is due to RHEL5 reshare of the samba. Does anyone have suggestions so that I can make this faster ? use a DFS link so that clients access the netapp cifs directly. re-sharing is always going to cause some sort of problems, performance is usually the least of them. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Creating users batch mode sooooo slow
Hi! I have a Samba as PDC now I need to add my users. The problem is that I have 3500 users. I have a script using smbldap-adduser but it takes 6 hours to create all users. I read the file and one by one I create the user.There is any way to be faster ? 2-) If I want to delete the users I need to do this one user at time ? *---* *-Edwin Quijada *-Developer DataBase *-JQ Microsistemas *-Soporte PostgreSQL *-www.jqmicrosistemas.com *-809-849-8087 *---* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Moving PDC
If everything is an LDAP backend that makes it simpler. installing the new machine as BDC then promoting it should be easy enough.In my environment, the each DC was also a LDAP server (in a multi-master replication topology.) You may to make sure that when you switch a machine from PDC to BDC (or vice versa) that you enable/disable ldap read-only in smb.conf. How do you handle idmapping? In my environment, we use LDAP for the underlying unix accounts as well so this keeps unix uid's and gid's for the accounts consistent. A windows client generally doesn't care if it uses a PDC or BDC- it will give preference to a BDC.But if it already is authenticated to a particular DC I don't think it changing mode will matter. I don't know if you have to restart samba to change from PDC to BDC (or vice versa)- that might cause problems for people who were logged in with open files on that server. Do you have trusts set up with other domains?I switched which machine was the PDC and also found I had to make the new PDC the WINS server as well. FC14 has samba 3.5.x. I am sure there are some config changes between 3.4. and 3.5 that may be gotchas. Altho so far for me going from 3.4 to 3.5.x doesn't seem to have broken anything (at least anything else- some things that didn't work under properly 3.4. still don't work for me.) On 06/07/2011 02:57 PM, Donny Brooks wrote: Hi all, We currently have a Fedora 11 machine (about to be upgraded to Fedora 15 though) running Samba 3.4.7 as our PDC and multiple BDC home servers running various versions of samba and OS. What I am needing is a fail proof way to migrate the PDC function off the current machine and onto another new fresh install. Currently our PDC is also the home server for one of our groups of employees. I want to migrate this off onto a separate BDC if possible leaving the PDC functions to be the only thing that machine does. The last time I attempted this it did not work correctly but that is only because I thought I could simply copy the config file over and start up samba. That was incorrect. What I need is a fool proof way to just make it work with minimal downtime for any of our users. We use OpenLDAP for domain authentication if that makes any difference. Before I have read that you demote and promote certain DC's to whatever function but not sure if that is the best way to do this. We have approximately 9 BDC home servers that are a mix of on our campus and some remote (all on our network though). I need the best way to not disrupt any of them if possible. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Moving PDC
On 6/7/2011 4:35 PM, Gaiseric Vandal wrote: If everything is an LDAP backend that makes it simpler. installing the new machine as BDC then promoting it should be easy enough.In my environment, the each DC was also a LDAP server (in a multi-master replication topology.) You may to make sure that when you switch a machine from PDC to BDC (or vice versa) that you enable/disable ldap read-only in smb.conf. How do you handle idmapping? In my environment, we use LDAP for the underlying unix accounts as well so this keeps unix uid's and gid's for the accounts consistent. A windows client generally doesn't care if it uses a PDC or BDC- it will give preference to a BDC.But if it already is authenticated to a particular DC I don't think it changing mode will matter. I don't know if you have to restart samba to change from PDC to BDC (or vice versa)- that might cause problems for people who were logged in with open files on that server. Do you have trusts set up with other domains?I switched which machine was the PDC and also found I had to make the new PDC the WINS server as well. FC14 has samba 3.5.x. I am sure there are some config changes between 3.4. and 3.5 that may be gotchas. Altho so far for me going from 3.4 to 3.5.x doesn't seem to have broken anything (at least anything else- some things that didn't work under properly 3.4. still don't work for me.) On 06/07/2011 02:57 PM, Donny Brooks wrote: Hi all, We currently have a Fedora 11 machine (about to be upgraded to Fedora 15 though) running Samba 3.4.7 as our PDC and multiple BDC home servers running various versions of samba and OS. What I am needing is a fail proof way to migrate the PDC function off the current machine and onto another new fresh install. Currently our PDC is also the home server for one of our groups of employees. I want to migrate this off onto a separate BDC if possible leaving the PDC functions to be the only thing that machine does. The last time I attempted this it did not work correctly but that is only because I thought I could simply copy the config file over and start up samba. That was incorrect. What I need is a fool proof way to just make it work with minimal downtime for any of our users. We use OpenLDAP for domain authentication if that makes any difference. Before I have read that you demote and promote certain DC's to whatever function but not sure if that is the best way to do this. We have approximately 9 BDC home servers that are a mix of on our campus and some remote (all on our network though). I need the best way to not disrupt any of them if possible. Thanks in advance. Thanks for the reply. Our layout currently is as follows: 1 PDC w/ LDAP (primary) also the home server for some users 1 BDC w/ LDAP (backup) no users on this machine 8 BDC w/o LDAP (all point to the primary) and all home servers The idmapping is all done in ldap. Pretty much all user, machine, and group accounts are in ldap. We only have the one domain so no other trust relationships are setup. Hopefully when I do this I will be able to get everyone to log off their workstations before going home and do this after hours to reduce the risk of open files. So basically just make sure the configs jive between versions and I should be able to migrate via the promote/demote method correct? Just making sure as I do NOT want to make this an all weekend ordeal. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] On Samba4
Hi, Matthieu: So offloading DHCP on another server is not a problem at all, when it comes to DNS it's more problematic although you can cope with it. Why not creating a sub domain for your AD realm ? (ie. ad.mycompany.com). What is this setup you're referring to? Do you mean that the main DNS server delegates authority for the ad.mycompany.com subdomain to the DC, and the domain for the Samba network be on ad.mycompany.com? On Wed, Jun 8, 2011 at 2:37 AM, Matthieu Patou m...@samba.org wrote: On 07/06/2011 19:12, Mauricio Tavares wrote: On Tue, Jun 7, 2011 at 10:56 AM,titantopp...@gmail.com wrote: Hi, I'd be most happy to answer any questions you may have, though fair warning: my version of Samba is kind of outdated (alpha 12), so what worked for me might not work for you. Well, I am ashamed to say I too am running right now alpha 12 because that is what came in ubuntu 10.10. So, hopefully I should be able to duplicate your stuff ;) Well I could just recommend you not to do so, there is more recent packages: https://launchpad.net/~samba-team/+archive/ppa I would really advocate to follow them or even better to get a very recent and build your own .deb based on the ppa package. Alpha 12 is _really_ old now, you'll miss a lot of new features like protected storage, dirsync, and a lot of bug fixes on replication, on password management and fixes on scalability (serving more than 1 LDAP request at a time ...). I'm not too familiar with offloading the DNS service to another computer; as you may have surmised, my setup has the DNS on the Samba server. I think the main thing about having a DNS server is getting it to accept updates from clients (dynamic DNS updates for browsing). Right now my normal DNS server can do the dynamic dns updates. I am, however, wondering which other things I need to provide. For instance, I would expect stuff like netbios-node-type and netbios-name-servers can be provided by my current dhcp server without hurting the samba4 AD behaviour. I could be wrong... So offloading DHCP on another server is not a problem at all, when it comes to DNS it's more problematic although you can cope with it. Why not creating a sub domain for your AD realm ? (ie. ad.mycompany.com). Matthieu. -- Matthieu Patou Samba Teamhttp://samba.org Private repo http://git.samba.org/?p=mat/samba.git;a=summary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fwd: removing windows 2003 from samba4In-Reply-To=4dedc91a.3080...@samba.org
Hello Matthieu, Did you wait for a couple of minutes (1 or 2 hours maybe) for the sync to settle ? also did you transfer roles to the samba4 DC ? In anycase you should restart samba with a higher log level so that we can have more information. If needed pop up in #samba-technical for more real time support. Matthieu. I've restarted samba with log level 5, above is what i've see ( full log is to big ) sync appears to be doing fine, i think: /usr/local/samba/sbin/samba_dnsupdate: schema_fsmo_init: we are master: yes Child /usr/local/samba/sbin/samba_spnupdate exited with status 0 - Success Completed SPN update check OK Child /usr/local/samba/sbin/samba_dnsupdate exited with status 0 - Success Completed DNS update check OK and dreplsrv_notify: DsReplicaSync OK for c0f2d2cc-eab6-4704-9046-1b9566ed85e3._msdcs.samba4.casa if i understood right, my samba already have the right roles too ldb: pdc_fsmo_init: we are master: yes ldb: naming_fsmo_init: we are master: yes - and that appeared when i run dcpromo to remove windows DC: dreplsrv_periodic_run(): run pending_ops memory=110 dreplsrv_periodic_schedule(300) scheduled for: Tue Jun 7 17:16:15 2011 BRT Schema load pass 1: 0/1 of 1 objects left to be converted. ldb: start ldb transaction (nesting: 0) ldb: replmd_extended_replicated_objects ... ldb: replmd_modify ldb: commit ldb transaction (nesting: 1) ldb: commit ldb transaction (nesting: 0) schema_fsmo_init: we are master: yes Replicated 1 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=samba4,DC=casa UpdateRefs failed with WERR_DS_DRA_BUSY/NT code 0xc00020f6 for f34e07bd-b0b9-4398-84ca-b3f030a33ef9._msdcs.samba4.casa CN=Schema,CN=Configuration,DC=samba4,DC=casa dreplsrv_op_pull_source(WERR_DS_DRA_BUSY) for CN=Schema,CN=Configuration,DC=samba4,DC=casa ldb: start ldb transaction (nesting: 0) ldb: objectclass_modify thanks in advance. -- Alan Morais -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 632f672 s4-cldap: fixed the CLDAP response for IPv6 clients via 285293c s4-ipv6: fixed a crash in the IPv6 DNS code via a58e69a s4-dns: fixed samba_tool - samba-tool via 6ea8db1 s4-build: install a build link bin/provision from 78a0195 selftest: Fix 'make quicktest' on systems without LDAP development support http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 632f672b0859cee995788a00ecd464a0a8d5c74a Author: Andrew Tridgell tri...@samba.org Date: Tue Jun 7 15:46:17 2011 +1000 s4-cldap: fixed the CLDAP response for IPv6 clients Autobuild-User: Andrew Tridgell tri...@samba.org Autobuild-Date: Tue Jun 7 08:57:48 CEST 2011 on sn-devel-104 commit 285293c8b5d85383aa5af9968dc73fba5beb9de0 Author: Andrew Tridgell tri...@samba.org Date: Tue Jun 7 14:10:38 2011 +1000 s4-ipv6: fixed a crash in the IPv6 DNS code commit a58e69a734085f9963b60042be3d9a33a90616a7 Author: Andrew Tridgell tri...@samba.org Date: Tue Jun 7 13:46:24 2011 +1000 s4-dns: fixed samba_tool - samba-tool commit 6ea8db1bd418aa5308a042d59e3288b68312739b Author: Andrew Tridgell tri...@samba.org Date: Tue Jun 7 13:15:15 2011 +1000 s4-build: install a build link bin/provision --- Summary of changes: source4/cldap_server/netlogon.c| 14 -- source4/libcli/resolve/dns_ex.c|2 +- source4/scripting/bin/setup_dns.sh |2 +- source4/setup/wscript_build|2 ++ 4 files changed, 12 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 92f7a4a..77f50ff 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -37,6 +37,7 @@ #include param/param.h #include ../lib/tsocket/tsocket.h #include libds/common/flag_mapping.h +#include lib/util/util_net.h /* fill in the cldap netlogon union for a given version @@ -292,16 +293,17 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, src_address, NULL); NT_STATUS_HAVE_NO_MEMORY(client_site); load_interface_list(mem_ctx, lp_ctx, ifaces); - /* -* TODO: the caller should pass the address which the client -* used to trigger this call, as the client is able to reach -* this ip. -*/ + if (src_address) { pdc_ip = iface_list_best_ip(ifaces, src_address); } else { pdc_ip = iface_list_first_v4(ifaces); } + if (pdc_ip == NULL || !is_ipaddress_v4(pdc_ip)) { + /* this matches windows behaviour */ + pdc_ip = 127.0.0.1; + } + ZERO_STRUCTP(netlogon); /* check if either of these bits is present */ @@ -325,7 +327,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, netlogon-data.nt5_ex.server_site = server_site; netlogon-data.nt5_ex.client_site = client_site; if (version NETLOGON_NT_VERSION_5EX_WITH_IP) { - /* Clearly this needs to be fixed up for IPv6 */ + /* note that this is always a IPV4 address */ extra_flags = NETLOGON_NT_VERSION_5EX_WITH_IP; netlogon-data.nt5_ex.sockaddr.sockaddr_family= 2; netlogon-data.nt5_ex.sockaddr.pdc_ip = pdc_ip; diff --git a/source4/libcli/resolve/dns_ex.c b/source4/libcli/resolve/dns_ex.c index cb2d2c3..1d56a4b 100644 --- a/source4/libcli/resolve/dns_ex.c +++ b/source4/libcli/resolve/dns_ex.c @@ -267,7 +267,7 @@ static void run_child_dns_lookup(struct dns_ex_state *state, int fd) port = state-port; } - switch (rr-type) { + switch (addrs_rr[i]-type) { case rk_ns_t_a: if (inet_ntop(AF_INET, addrs_rr[i]-u.a, addrstr, sizeof(addrstr)) == NULL) { diff --git a/source4/scripting/bin/setup_dns.sh b/source4/scripting/bin/setup_dns.sh index 646ee81..bc2ae96 100755 --- a/source4/scripting/bin/setup_dns.sh +++ b/source4/scripting/bin/setup_dns.sh @@ -13,7 +13,7 @@ IP=$3 RSUFFIX=$(echo $DOMAIN | sed s/[\.]/,DC=/g) [ -z $PRIVATEDIR ] { -PRIVATEDIR=$(bin/samba_tool testparm --section-name=global --parameter-name='private dir' --suppress-prompt 2 /dev/null) +PRIVATEDIR=$(bin/samba-tool testparm --section-name=global --parameter-name='private dir' --suppress-prompt 2 /dev/null) } OBJECTGUID=$(bin/ldbsearch -s base -H $PRIVATEDIR/sam.ldb -b CN=NTDS Settings,CN=$HOSTNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=$RSUFFIX objectguid|grep ^objectGUID| cut -d:
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 13eb6f4 WHATSNEW: Add another change since rc1. via 92248f6 Fix bug #8197 - winbind does not properly detect when a DC connection is dead. via 017f84a Add the same fix to the S3 event backend as the previous commit added to the tevent poll backend. via 4da2f8a Fix the poll() backend to correctly respond to POLLHUP|POLLERR returns on a fd selected for TEVENT_FD_WRITE only. from df4a86e WHATSNEW: Update changes since 3.6.0rc1. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 13eb6f4cd91d0be1208523b47a4ac7c8d9bd91d5 Author: Karolin Seeger ksee...@samba.org Date: Tue Jun 7 09:15:38 2011 +0200 WHATSNEW: Add another change since rc1. Karolin commit 92248f6e51f1e46de8c1a1304b2d48914f21e841 Author: Jeremy Allison j...@samba.org Date: Fri Jun 3 10:22:44 2011 -0700 Fix bug #8197 - winbind does not properly detect when a DC connection is dead. Only waiting for writability doesn't get fd errors back with poll. So always begin by selecting for readability, and if we get it then see if bytes were available to read or it really is an error condition. If bytes were available, remove the select on read as we know we will retrieve the error when we've finished writing and start reading the reply (or the write will timeout or fail). Metze and Volker please check. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Mon Jun 6 21:53:16 CEST 2011 on sn-devel-104 (cherry picked from commit 0efcc94fb834aeb03e8edc3034aa0cdeefdc0985) commit 017f84a07dedf700c25da253ac7247633b616056 Author: Jeremy Allison j...@samba.org Date: Fri Jun 3 12:55:19 2011 -0700 Add the same fix to the S3 event backend as the previous commit added to the tevent poll backend. Metze please check ! Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Sat Jun 4 00:27:37 CEST 2011 on sn-devel-104 (cherry picked from commit 3c9b3b2befc524f21c59f46ea9be1602b4b1bfe8) commit 4da2f8a8c578568d1e9a4770166c46240fce6664 Author: Jeremy Allison j...@samba.org Date: Fri Jun 3 12:31:11 2011 -0700 Fix the poll() backend to correctly respond to POLLHUP|POLLERR returns on a fd selected for TEVENT_FD_WRITE only. Don't trigger the write handler and remove the POLLOUT flag for this fd. Report errors on TEVENT_FD_READ requests only. Metze please check ! Jeremy. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Fri Jun 3 22:53:52 CEST 2011 on sn-devel-104 (cherry picked from commit dbcdf3e39c359241b743a9455ae695e14a30caa9) --- Summary of changes: WHATSNEW.txt |1 + lib/async_req/async_sock.c | 38 -- lib/tevent/tevent_poll.c | 14 +- source3/lib/events.c | 15 ++- 4 files changed, 60 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 2827bbe..ec1d3fa 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -268,6 +268,7 @@ o Jeremy Allison j...@samba.org * BUG 8163: Fix our asn.1 parser to handle negative numbers. * BUG 8191: Split the ACE flag mapping between nfs4 and Windows into two separate functions. +* BUG 8197: Winbind does not properly detect when a DC connection is dead. o Christian Ambach a...@samba.org diff --git a/lib/async_req/async_sock.c b/lib/async_req/async_sock.c index 7ea66f5..2c90b6d 100644 --- a/lib/async_req/async_sock.c +++ b/lib/async_req/async_sock.c @@ -385,6 +385,7 @@ struct writev_state { int count; size_t total_size; uint16_t flags; + bool err_on_readability; }; static void writev_trigger(struct tevent_req *req, void *private_data); @@ -412,10 +413,8 @@ struct tevent_req *writev_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, if (state-iov == NULL) { goto fail; } - state-flags = TEVENT_FD_WRITE; - if (err_on_readability) { - state-flags |= TEVENT_FD_READ; - } + state-flags = TEVENT_FD_WRITE|TEVENT_FD_READ; + state-err_on_readability = err_on_readability; if (queue == NULL) { struct tevent_fd *fde; @@ -461,8 +460,35 @@ static void writev_handler(struct tevent_context *ev, struct tevent_fd *fde, to_write = 0; if ((state-flags TEVENT_FD_READ) (flags TEVENT_FD_READ)) { - tevent_req_error(req, EPIPE); - return; + int ret, value; + + if (state-err_on_readability) { + /* Readable and the caller wants an error on read. */ + tevent_req_error(req, EPIPE); + return; +
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 838d69b s3-docs Add documentation for ncalrpc dir from 13eb6f4 WHATSNEW: Add another change since rc1. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 838d69be074dab8ba9626b50916c7d14f7c4954e Author: Andrew Bartlett abart...@samba.org Date: Tue Jun 7 09:47:26 2011 +1000 s3-docs Add documentation for ncalrpc dir --- Summary of changes: docs-xml/smbdotconf/misc/ncalrpcdir.xml | 13 + 1 files changed, 13 insertions(+), 0 deletions(-) create mode 100644 docs-xml/smbdotconf/misc/ncalrpcdir.xml Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/misc/ncalrpcdir.xml b/docs-xml/smbdotconf/misc/ncalrpcdir.xml new file mode 100644 index 000..6ef3957 --- /dev/null +++ b/docs-xml/smbdotconf/misc/ncalrpcdir.xml @@ -0,0 +1,13 @@ +samba:parameter name=ncalrpc dir + context=G + advanced=1 developer=1 +type=string + xmlns:samba=http://www.samba.org/samba/DTD/samba-doc; +description + paraThis directory will hold a series of named pipes to allow RPC over inter-process communication. /para. + paraThis will allow Samba and other unix processes to interact over DCE/RPC without using TCP/IP. Additionally a sub-directory 'np' has restricted permissions, and allows a trusted communication channel between Samba processes/para +/description + +value type=default${prefix}/var/ncalrpc/value +value type=example/var/run/samba/ncalrpc/value +/samba:parameter -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 6df3ff2 Fix bug 8196 - Many (newer) header files don't have copyright / GPL header comments. from 838d69b s3-docs Add documentation for ncalrpc dir http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 6df3ff20620b3262ff232a478312c61a207ed4ff Author: Jeremy Allison j...@samba.org Date: Mon Jun 6 16:25:08 2011 -0700 Fix bug 8196 - Many (newer) header files don't have copyright / GPL header comments. Add missing GPL headers and (C) statements. --- Summary of changes: auth/auth_sam_reply.h | 19 examples/libsmbclient/get_auth_data_fn.h |3 + lib/compression/mszip.h |3 + lib/crypto/arcfour.h | 19 lib/crypto/crc32.h| 22 + lib/crypto/md4.h | 22 + lib/crypto/md5.h | 19 lib/replace/hdr_replace.h | 25 +++ lib/replace/replace-test.h| 19 lib/replace/system/readline.h |2 + lib/replace/win32_replace.h | 19 lib/talloc/talloc_testsuite.h | 19 lib/util/data_blob.h |2 + lib/util/time.h |2 + lib/util/util_ldb.h | 18 lib/util/util_tdb.h | 19 lib/util/wrap_xattr.h | 19 libcli/auth/libcli_auth.h |2 + libcli/auth/msrpc_parse.h | 19 libcli/auth/proto.h | 19 libcli/ldap/ldap_ndr.h| 19 libcli/nbt/nbt_proto.h| 19 libcli/netlogon/ndr_netlogon_proto.h | 19 libcli/netlogon/netlogon_proto.h | 19 libcli/smbreadline/smbreadline.h | 19 libcli/util/error.h |2 + libds/common/flag_mapping.h | 19 librpc/idl/idl_types.h| 23 ++ librpc/ndr/ndr_backupkey.h| 22 + librpc/ndr/ndr_compression.h | 19 librpc/ndr/ndr_dns.h | 23 ++ librpc/ndr/ndr_spoolss_buf.h | 19 librpc/ndr/ndr_table.h| 19 nsswitch/pam_winbind.h| 22 +- nsswitch/winbind_client.h | 22 + source3/auth/proto.h | 35 +++ source3/groupdb/proto.h | 26 +++ source3/include/ads.h | 20 + source3/include/krb5_env.h| 23 ++ source3/include/krb5_protos.h | 23 ++ source3/include/mangle.h | 20 + source3/include/smb_krb5.h| 19 source3/include/smb_ldap.h| 19 source3/intl/lang_tdb.h | 22 + source3/lib/eventlog/proto.h | 26 +++ source3/lib/idmap_cache.h | 24 ++ source3/lib/netapi/examples/common.h | 23 +- source3/lib/netapi/libnetapi.h| 19 source3/lib/privileges.h | 23 ++ source3/libads/ads_ldap_protos.h | 23 ++ source3/libads/ads_proto.h| 35 +++ source3/libads/ads_status.h | 19 source3/libads/cldap.h| 23 ++ source3/libads/kerberos_proto.h | 33 ++ source3/libads/ldap_schema.h | 23 ++ source3/libgpo/gpo_proto.h| 23 ++ source3/libnet/libnet_join.h | 23 ++ source3/librpc/ndr/util.h | 21 + source3/libsmb/clidgram.h | 23 ++ source3/libsmb/errormap_wbc.h | 23 ++ source3/libsmb/libsmb.h |2 + source3/libsmb/nmblib.h | 23 ++ source3/libsmb/proto.h|2 + source3/locking/proto.h | 25
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via f8e1eea Fix bug #8175 - smbd deadlock. from 6df3ff2 Fix bug 8196 - Many (newer) header files don't have copyright / GPL header comments. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit f8e1eea238a332ce503c40108d59862b32f83fee Author: Jeremy Allison j...@samba.org Date: Wed Jun 1 12:11:53 2011 -0700 Fix bug #8175 - smbd deadlock. Force the open operation (which is the expensive one anyway) to acquire and release locks in a way compatible with the more common do_lock check. Jeremy. --- Summary of changes: source3/smbd/open.c | 98 +-- 1 files changed, 71 insertions(+), 27 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/open.c b/source3/smbd/open.c index e537d0f..aea25fe 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1056,18 +1056,8 @@ static bool delay_for_exclusive_oplocks(files_struct *fsp, return false; } -static bool file_has_brlocks(files_struct *fsp) -{ - struct byte_range_lock *br_lck; - - br_lck = brl_get_locks_readonly(fsp); - if (!br_lck) - return false; - - return br_lck-num_locks 0 ? true : false; -} - static void grant_fsp_oplock_type(files_struct *fsp, + const struct byte_range_lock *br_lck, int oplock_request, bool got_level2_oplock, bool got_a_none_oplock) @@ -1085,7 +1075,7 @@ static void grant_fsp_oplock_type(files_struct *fsp, DEBUG(10,(grant_fsp_oplock_type: oplock type 0x%x on file %s\n, fsp-oplock_type, fsp_str_dbg(fsp))); return; - } else if (lp_locking(fsp-conn-params) file_has_brlocks(fsp)) { + } else if (br_lck br_lck-num_locks 0) { DEBUG(10,(grant_fsp_oplock_type: file %s has byte range locks\n, fsp_str_dbg(fsp))); fsp-oplock_type = NO_OPLOCK; @@ -1563,6 +1553,55 @@ void remove_deferred_open_entry(struct file_id id, uint64_t mid, } } +/ + Ensure we get the brlock lock followed by the share mode lock + in the correct order to prevent deadlocks if other smbd's are + using the brlock database on this file simultaneously with this open + (that code also gets the locks in brlock - share mode lock order). +/ + +static bool acquire_ordered_locks(TALLOC_CTX *mem_ctx, + files_struct *fsp, + const struct file_id id, + const char *connectpath, + const struct smb_filename *smb_fname, + const struct timespec *p_old_write_time, + struct share_mode_lock **p_lck, + struct byte_range_lock **p_br_lck) +{ + /* Ordering - we must get the br_lck for this + file before the share mode. */ + if (lp_locking(fsp-conn-params)) { + *p_br_lck = brl_get_locks_readonly(fsp); + if (*p_br_lck == NULL) { + DEBUG(0, (Could not get br_lock\n)); + return false; + } + /* Note - we don't need to free the returned + br_lck explicitly as it was allocated on talloc_tos() + and so will be autofreed (and release the lock) + once the frame context disappears. + + If it was set to fsp-brlock_rec then it was + talloc_move'd to hang off the fsp pointer and + in this case is guarenteed to not be holding the + lock on the brlock database. */ + } + + *p_lck = get_share_mode_lock(mem_ctx, + id, + connectpath, + smb_fname, + p_old_write_time); + + if (*p_lck == NULL) { + DEBUG(0, (Could not get share mode lock\n)); + TALLOC_FREE(*p_br_lck); + return false; + } + return true; +} + / Open a file with a share mode. Passed in an already created files_struct *. / @@ -1907,6 +1946,7 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, } if (file_existed) { + struct byte_range_lock *br_lck = NULL; struct
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 5b5ef7f Fix bug #8203 - winbindd needs to reset the DC connection if an RPC times out. from f8e1eea Fix bug #8175 - smbd deadlock. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 5b5ef7f20d34f4c6c1d3d02530ac7b13e051c960 Author: Jeremy Allison j...@samba.org Date: Fri Jun 3 14:28:33 2011 -0700 Fix bug #8203 - winbindd needs to reset the DC connection if an RPC times out. Based on Volker's original code. --- Summary of changes: source3/winbindd/winbindd_dual_srv.c | 81 +++-- 1 files changed, 66 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c index f42682e..f8316ce 100644 --- a/source3/winbindd/winbindd_dual_srv.c +++ b/source3/winbindd/winbindd_dual_srv.c @@ -35,6 +35,17 @@ void _wbint_Ping(struct pipes_struct *p, struct wbint_Ping *r) *r-out.out_data = r-in.in_data; } +static bool reset_cm_connection_on_error(struct winbindd_domain *domain, + NTSTATUS status) +{ + if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) { + invalidate_cm_connection(domain-conn); + /* We invalidated the connection. */ + return true; + } + return false; +} + NTSTATUS _wbint_LookupSid(struct pipes_struct *p, struct wbint_LookupSid *r) { struct winbindd_domain *domain = wb_child_domain(); @@ -49,6 +60,7 @@ NTSTATUS _wbint_LookupSid(struct pipes_struct *p, struct wbint_LookupSid *r) status = domain-methods-sid_to_name(domain, p-mem_ctx, r-in.sid, dom_name, name, type); + reset_cm_connection_on_error(domain, status); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -62,6 +74,7 @@ NTSTATUS _wbint_LookupSid(struct pipes_struct *p, struct wbint_LookupSid *r) NTSTATUS _wbint_LookupSids(struct pipes_struct *p, struct wbint_LookupSids *r) { struct winbindd_domain *domain = wb_child_domain(); + NTSTATUS status; if (domain == NULL) { return NT_STATUS_REQUEST_NOT_ACCEPTED; @@ -73,21 +86,26 @@ NTSTATUS _wbint_LookupSids(struct pipes_struct *p, struct wbint_LookupSids *r) * and winbindd_ad call into lsa_lookupsids anyway. Caching is * done at the wbint RPC layer. */ - return rpc_lookup_sids(p-mem_ctx, domain, r-in.sids, - r-out.domains, r-out.names); + status = rpc_lookup_sids(p-mem_ctx, domain, r-in.sids, +r-out.domains, r-out.names); + reset_cm_connection_on_error(domain, status); + return status; } NTSTATUS _wbint_LookupName(struct pipes_struct *p, struct wbint_LookupName *r) { struct winbindd_domain *domain = wb_child_domain(); + NTSTATUS status; if (domain == NULL) { return NT_STATUS_REQUEST_NOT_ACCEPTED; } - return domain-methods-name_to_sid( + status = domain-methods-name_to_sid( domain, p-mem_ctx, r-in.domain, r-in.name, r-in.flags, r-out.sid, r-out.type); + reset_cm_connection_on_error(domain, status); + return status; } NTSTATUS _wbint_Sid2Uid(struct pipes_struct *p, struct wbint_Sid2Uid *r) @@ -251,53 +269,65 @@ NTSTATUS _wbint_AllocateGid(struct pipes_struct *p, struct wbint_AllocateGid *r) NTSTATUS _wbint_QueryUser(struct pipes_struct *p, struct wbint_QueryUser *r) { struct winbindd_domain *domain = wb_child_domain(); + NTSTATUS status; if (domain == NULL) { return NT_STATUS_REQUEST_NOT_ACCEPTED; } - return domain-methods-query_user(domain, p-mem_ctx, r-in.sid, - r-out.info); + status = domain-methods-query_user(domain, p-mem_ctx, r-in.sid, +r-out.info); + reset_cm_connection_on_error(domain, status); + return status; } NTSTATUS _wbint_LookupUserAliases(struct pipes_struct *p, struct wbint_LookupUserAliases *r) { struct winbindd_domain *domain = wb_child_domain(); + NTSTATUS status; if (domain == NULL) { return NT_STATUS_REQUEST_NOT_ACCEPTED; } - return domain-methods-lookup_useraliases( + status = domain-methods-lookup_useraliases( domain, p-mem_ctx, r-in.sids-num_sids, r-in.sids-sids, r-out.rids-num_rids, r-out.rids-rids); + reset_cm_connection_on_error(domain, status); + return status; } NTSTATUS _wbint_LookupUserGroups(struct pipes_struct *p,
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via d9ea6a1 s3:lib/access: normalize IPv4 mapped IPv6 addresses in both directions (bug #7383) from 7e307ac WHATSNEW: Add more changes since 3.5.8. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit d9ea6a10a8ba84e8a5a5a65c903ed96f9aa59aa5 Author: Stefan Metzmacher me...@samba.org Date: Sun Apr 24 21:20:19 2011 +0200 s3:lib/access: normalize IPv4 mapped IPv6 addresses in both directions (bug #7383) metze (cherry picked from commit 4bfe2d5655d97fbc7e65744425b5a098e77f5ba1) (cherry picked from commit 62b2083c627abeb8a2fb7e5adc793c630d0d561c) Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: source3/lib/access.c | 31 +-- 1 files changed, 17 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/access.c b/source3/lib/access.c index 0b09e83..8fd0fbf 100644 --- a/source3/lib/access.c +++ b/source3/lib/access.c @@ -178,29 +178,32 @@ static bool string_match(const char *tok,const char *s) bool client_match(const char *tok, const void *item) { const char **client = (const char **)item; + const char *tok_addr = tok; + const char *cli_addr = client[ADDR_INDEX]; + + /* +* tok and client[ADDR_INDEX] can be an IPv4 mapped to IPv6, +* we try and match the IPv4 part of address only. +* Bug #5311 and #7383. +*/ + + if (strnequal(tok_addr, :::,7)) { + tok_addr += 7; + } + + if (strnequal(cli_addr,:::,7)) { + cli_addr += 7; + } /* * Try to match the address first. If that fails, try to match the host * name if available. */ - if (string_match(tok, client[ADDR_INDEX])) { + if (string_match(tok_addr, cli_addr)) { return true; } - if (strnequal(client[ADDR_INDEX],:::,7) - !strnequal(tok, :::,7)) { - /* client[ADDR_INDEX] is an IPv4 mapped to IPv6, but -* the list item is not. Try and match the IPv4 part of -* address only. This will happen a lot on IPv6 enabled -* systems with IPv4 allow/deny lists in smb.conf. -* Bug #5311. JRA. -*/ - if (string_match(tok, (client[ADDR_INDEX])+7)) { - return true; - } - } - if (client[NAME_INDEX][0] != 0) { if (string_match(tok, client[NAME_INDEX])) { return true; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 5c19b41 s3:idmap_ldap: allow creation of ldap stored mappings for explicitly configured domains. via 4a40ad0 s3:idmap_ldap: rename idmap_ldap_get_new_id to idmap_ldap_allocate_id via bf75cac s3:idmap_ldap: rename idmap_ldap_allocate_id to idmap_ldap_allocate_id_internal from 5b5ef7f Fix bug #8203 - winbindd needs to reset the DC connection if an RPC times out. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 5c19b41e2b844fddbb88fea8b7cd16bc0e830cfd Author: Michael Adam ob...@samba.org Date: Wed Jun 1 00:30:11 2011 +0200 s3:idmap_ldap: allow creation of ldap stored mappings for explicitly configured domains. After the preparations, this is achieved by using idmap_ldap_allocate_id_internal() as get_new_id rw method instead of idmap_ldap_allocate_id(). (cherry picked from commit 74cd06b3dff42bda4dd0a0f3fd250a975d0258ed) The last 3 patches address bug #8200 (Add Support for multiple writable ldap idmap domains). commit 4a40ad004896ce30a997b5142fa73b50ab2762f3 Author: Michael Adam ob...@samba.org Date: Wed Jun 1 00:25:23 2011 +0200 s3:idmap_ldap: rename idmap_ldap_get_new_id to idmap_ldap_allocate_id This is in preparation of allowing allocating ldap based domain-specific configs. (cherry picked from commit dea3ef1ab689a3d01846147d2a83377b09335f8f) commit bf75cacae075a503c08d60f04e2a858271d8b923 Author: Michael Adam ob...@samba.org Date: Wed Jun 1 00:25:23 2011 +0200 s3:idmap_ldap: rename idmap_ldap_allocate_id to idmap_ldap_allocate_id_internal This is in preparation of allowing allocating ldap based domain-specific configs. (cherry picked from commit 2de65b97b98e2c8cc218b60da749ac17195d8413) --- Summary of changes: source3/winbindd/idmap_ldap.c | 18 +- 1 files changed, 9 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c index 7195912..a9cb4fc 100644 --- a/source3/winbindd/idmap_ldap.c +++ b/source3/winbindd/idmap_ldap.c @@ -232,8 +232,8 @@ done: Allocate a new uid or gid / -static NTSTATUS idmap_ldap_allocate_id(struct idmap_domain *dom, - struct unixid *xid) +static NTSTATUS idmap_ldap_allocate_id_internal(struct idmap_domain *dom, + struct unixid *xid) { TALLOC_CTX *mem_ctx; NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; @@ -391,21 +391,21 @@ done: * For now this is for the default idmap domain only. * Should be extended later on. */ -static NTSTATUS idmap_ldap_get_new_id(struct idmap_domain *dom, - struct unixid *id) +static NTSTATUS idmap_ldap_allocate_id(struct idmap_domain *dom, + struct unixid *id) { NTSTATUS ret; if (!strequal(dom-name, *)) { - DEBUG(3, (idmap_ldap_get_new_id: + DEBUG(3, (idmap_ldap_allocate_id: Refusing allocation of a new unixid for domain'%s'. - Currently only supported for the default + This is only supported for the default domain \*\.\n, dom-name)); return NT_STATUS_NOT_IMPLEMENTED; } - ret = idmap_ldap_allocate_id(dom, id); + ret = idmap_ldap_allocate_id_internal(dom, id); return ret; } @@ -484,7 +484,7 @@ static NTSTATUS idmap_ldap_db_init(struct idmap_domain *dom) ctx-rw_ops = talloc_zero(ctx, struct idmap_rw_ops); CHECK_ALLOC_DONE(ctx-rw_ops); - ctx-rw_ops-get_new_id = idmap_ldap_get_new_id; + ctx-rw_ops-get_new_id = idmap_ldap_allocate_id_internal; ctx-rw_ops-set_mapping = idmap_ldap_set_mapping; ret = smbldap_init(ctx, winbind_event_context(), ctx-url, @@ -1144,7 +1144,7 @@ static struct idmap_methods idmap_ldap_methods = { .init = idmap_ldap_db_init, .unixids_to_sids = idmap_ldap_unixids_to_sids, .sids_to_unixids = idmap_ldap_sids_to_unixids, - .allocate_id = idmap_ldap_get_new_id, + .allocate_id = idmap_ldap_allocate_id, }; NTSTATUS idmap_ldap_init(void); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via cd8dc47 s3:idmap_autorid: fail initialization if the domain is not * via 95d35dd s3:docs: fix the example in the idmap_autorid manpage to use idmap config * : rangesize via b0b0b62 s3:idmap_autorid: use idmap config DOMAIN : rangesize instead of autorid:rangesize via 65490ea s3:idmap_autorid: add a talloc_stackframe() to idmap_autorid_initialize() from 632f672 s4-cldap: fixed the CLDAP response for IPv6 clients http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cd8dc47bf17d2cdb1558dc6ab49320ba12af8f34 Author: Michael Adam ob...@samba.org Date: Tue Jun 7 15:53:49 2011 +0200 s3:idmap_autorid: fail initialization if the domain is not * autorid can only be used as a backend for the default idmap configuration. Autobuild-User: Michael Adam ob...@samba.org Autobuild-Date: Tue Jun 7 19:13:18 CEST 2011 on sn-devel-104 commit 95d35dde9cecac120c0a9bcd06957cd3748b15a0 Author: Michael Adam ob...@samba.org Date: Tue Jun 7 15:21:34 2011 +0200 s3:docs: fix the example in the idmap_autorid manpage to use idmap config * : rangesize commit b0b0b625b588057c8c97371934bf21eb1fd985d8 Author: Michael Adam ob...@samba.org Date: Tue Jun 7 13:02:04 2011 +0200 s3:idmap_autorid: use idmap config DOMAIN : rangesize instead of autorid:rangesize commit 65490ea4e67bf82cf8fb0b8e4e74047c3f63c509 Author: Michael Adam ob...@samba.org Date: Tue Jun 7 15:16:24 2011 +0200 s3:idmap_autorid: add a talloc_stackframe() to idmap_autorid_initialize() --- Summary of changes: docs-xml/manpages-3/idmap_autorid.8.xml |2 +- source3/winbindd/idmap_autorid.c| 29 +++-- 2 files changed, 24 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/idmap_autorid.8.xml b/docs-xml/manpages-3/idmap_autorid.8.xml index ac66384..b5a9bde 100644 --- a/docs-xml/manpages-3/idmap_autorid.8.xml +++ b/docs-xml/manpages-3/idmap_autorid.8.xml @@ -109,7 +109,7 @@ idmap config * : backend = autorid idmap config * : range = 100-1999 - autorid:rangesize = 100 + idmap config * : rangesize = 100 idmap config TRUSTED : backend = ad idmap config TRUSTED : range= 5 - 9 diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c index 1f4af33..80d8ed1 100644 --- a/source3/winbindd/idmap_autorid.c +++ b/source3/winbindd/idmap_autorid.c @@ -435,11 +435,22 @@ static NTSTATUS idmap_autorid_initialize(struct idmap_domain *dom) struct autorid_global_config *storedconfig = NULL; NTSTATUS status; uint32_t hwm; + TALLOC_CTX *frame = talloc_stackframe(); + char *config_option = NULL; - config = TALLOC_ZERO_P(dom, struct autorid_global_config); + if (!strequal(dom-name, *)) { + DEBUG(0, (idmap_autorid_initialize: Error: autorid configured + for domain '%s'. But autorid can only be used for + the default idmap configuration.\n, dom-name)); + status = NT_STATUS_INVALID_PARAMETER; + goto error; + } + + config = TALLOC_ZERO_P(frame, struct autorid_global_config); if (!config) { DEBUG(0, (Out of memory!\n)); - return NT_STATUS_NO_MEMORY; + status = NT_STATUS_NO_MEMORY; + goto error; } status = idmap_autorid_db_init(); @@ -447,8 +458,15 @@ static NTSTATUS idmap_autorid_initialize(struct idmap_domain *dom) goto error; } + config_option = talloc_asprintf(frame, idmap config %s, dom-name); + if (config_option == NULL) { + DEBUG(0, (Out of memory!\n)); + status = NT_STATUS_NO_MEMORY; + goto error; + } + config-minvalue = dom-low_id; - config-rangesize = lp_parm_int(-1, autorid, rangesize, 10); + config-rangesize = lp_parm_int(-1, config_option, rangesize, 10); if (config-rangesize 2000) { DEBUG(1, (autorid rangesize must be at least 2000\n)); @@ -480,7 +498,7 @@ static NTSTATUS idmap_autorid_initialize(struct idmap_domain *dom) config-minvalue, config-rangesize, config-maxranges)); /* read previously stored config and current HWM */ - storedconfig = idmap_autorid_loadconfig(talloc_tos()); + storedconfig = idmap_autorid_loadconfig(frame); if (!dbwrap_fetch_uint32(autorid_db, HWM, hwm)) { DEBUG(1, (Fatal error while fetching current @@ -530,8 +548,7 @@ static NTSTATUS idmap_autorid_initialize(struct idmap_domain *dom) return NT_STATUS_OK; error: - talloc_free(config); -
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 664e45a Revert Fix bug 8196 - Many (newer) header files don't have copyright / GPL header comments. from 5c19b41 s3:idmap_ldap: allow creation of ldap stored mappings for explicitly configured domains. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 664e45ad111ed67b16c0e07b7c2362457d5312c2 Author: Karolin Seeger ksee...@samba.org Date: Tue Jun 7 19:52:06 2011 +0200 Revert Fix bug 8196 - Many (newer) header files don't have copyright / GPL header comments. This reverts commit 6df3ff20620b3262ff232a478312c61a207ed4ff. --- Summary of changes: auth/auth_sam_reply.h | 19 examples/libsmbclient/get_auth_data_fn.h |3 - lib/compression/mszip.h |3 - lib/crypto/arcfour.h | 19 lib/crypto/crc32.h| 22 - lib/crypto/md4.h | 22 - lib/crypto/md5.h | 19 lib/replace/hdr_replace.h | 25 --- lib/replace/replace-test.h| 19 lib/replace/system/readline.h |2 - lib/replace/win32_replace.h | 19 lib/talloc/talloc_testsuite.h | 19 lib/util/data_blob.h |2 - lib/util/time.h |2 - lib/util/util_ldb.h | 18 lib/util/util_tdb.h | 19 lib/util/wrap_xattr.h | 19 libcli/auth/libcli_auth.h |2 - libcli/auth/msrpc_parse.h | 19 libcli/auth/proto.h | 19 libcli/ldap/ldap_ndr.h| 19 libcli/nbt/nbt_proto.h| 19 libcli/netlogon/ndr_netlogon_proto.h | 19 libcli/netlogon/netlogon_proto.h | 19 libcli/smbreadline/smbreadline.h | 19 libcli/util/error.h |2 - libds/common/flag_mapping.h | 19 librpc/idl/idl_types.h| 23 -- librpc/ndr/ndr_backupkey.h| 22 - librpc/ndr/ndr_compression.h | 19 librpc/ndr/ndr_dns.h | 23 -- librpc/ndr/ndr_spoolss_buf.h | 19 librpc/ndr/ndr_table.h| 19 nsswitch/pam_winbind.h| 22 +- nsswitch/winbind_client.h | 22 - source3/auth/proto.h | 35 --- source3/groupdb/proto.h | 26 --- source3/include/ads.h | 20 - source3/include/krb5_env.h| 23 -- source3/include/krb5_protos.h | 23 -- source3/include/mangle.h | 20 - source3/include/smb_krb5.h| 19 source3/include/smb_ldap.h| 19 source3/intl/lang_tdb.h | 22 - source3/lib/eventlog/proto.h | 26 --- source3/lib/idmap_cache.h | 24 -- source3/lib/netapi/examples/common.h | 23 +- source3/lib/netapi/libnetapi.h| 19 source3/lib/privileges.h | 23 -- source3/libads/ads_ldap_protos.h | 23 -- source3/libads/ads_proto.h| 35 --- source3/libads/ads_status.h | 19 source3/libads/cldap.h| 23 -- source3/libads/kerberos_proto.h | 33 -- source3/libads/ldap_schema.h | 23 -- source3/libgpo/gpo_proto.h| 23 -- source3/libnet/libnet_join.h | 23 -- source3/librpc/ndr/util.h | 21 - source3/libsmb/clidgram.h | 23 -- source3/libsmb/errormap_wbc.h | 23 -- source3/libsmb/libsmb.h |2 - source3/libsmb/nmblib.h | 23 -- source3/libsmb/proto.h
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 8db38ec WHATSNEW: Update changes since rc1. from 664e45a Revert Fix bug 8196 - Many (newer) header files don't have copyright / GPL header comments. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 8db38ec99bcecd80b892f26cf676acb13292c20e Author: Karolin Seeger ksee...@samba.org Date: Tue Jun 7 20:12:24 2011 +0200 WHATSNEW: Update changes since rc1. Karolin --- Summary of changes: WHATSNEW.txt |6 ++ 1 files changed, 6 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index ec1d3fa..c3c514c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -255,6 +255,10 @@ o Andreas Schneider a...@samba.org Changes since 3.6.0rc1 -- +o Michael Adam ob...@samba.org +* BUG 8200: Add support for multiple writeable ldap idmap domains. + + o Jeremy Allison j...@samba.org * BUG 6911: Fix Kerberos authentication from Vista to Samba. * BUG 7054: Fix X account flag when pwdlastset is 0. @@ -266,9 +270,11 @@ o Jeremy Allison j...@samba.org * BUG 8156: Fix 'net ads join' using the user's Kerberos ticket. * BUG 8157: Fix parsing a cups printcap file. * BUG 8163: Fix our asn.1 parser to handle negative numbers. +* BUG 8175: Fix smbd deadlock. * BUG 8191: Split the ACE flag mapping between nfs4 and Windows into two separate functions. * BUG 8197: Winbind does not properly detect when a DC connection is dead. +* BUG 8203: Winbind needs to reset the DC connection if an RPC times out. o Christian Ambach a...@samba.org -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag release-3-6-0rc2 created
The annotated tag, release-3-6-0rc2 has been created at cfd35c40cee3adbb17743b98f0f7038077c2861e (tag) tagging 314f161c00cfe3957f10b0f6f24adab737dfbe88 (commit) replaces release-3-6-0rc1 tagged by Karolin Seeger on Tue Jun 7 20:15:09 2011 +0200 - Log - tag release-3-6-0rc2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) iD8DBQBN7msSbzORW2Vot+oRAgjOAJ97H2XlWAwsicLBvoXcNBihkpdwZACgiYlA iRvvnlcL0mMrH4CGF600szY= =m2mH -END PGP SIGNATURE- Andreas Schneider (1): s3-epmapper: Fixed endpoint registration. Andrew Bartlett (7): ncalrpc: Force ncalrpc dir to be mode 755 in all users docs: Rewrite 'password server' documentation docs: Clarify the 'security=server' fails for NTLMv2 s3-param Deprecate a number of security parameters for 3.6 s3-param Depricate 'password server = foo:12389' syntax s3-testparm Warn about incorrect use of 'password server' s3-docs Add documentation for ncalrpc dir Benjamin Brunner (1): s3-docs: Fix some typos. Björn Jacke (1): replace: remove waring if IOV_MAX is not defined Christian Ambach (1): Fix Bug 8152 - smbd crash in release_ip() Gregor Beck (3): s3:smbcacls: fix parsing of multiple flags nfs4_acls: pass ACE_FLAG_INHERITED_ACE up to the client nfs4_acls: pass ACE_FLAG_INHERITED_ACE down from the client Holger Hetterich (2): Make protocol version 2 the default protocol, and only run on version 1 if V1 is explcitly given as a module option. Actually make use of the SMBTA_SUBRELEASE define in smb_traffic_analyzer.h. This will allow to introduce new features or fixes into the protocol after the 3.6.0 release. The client software is designed to take care for the subrelease number. Jeremy Allison (16): Fix bug #8144 - touch /mnt/newfile fails to set timestamp with CIFS client. Fix bug 8153 found when building on an IPv6-only system by Kai Blin. Optimization. If the attributes passed to can_rename() include both FILE_ATTRIBUTE_HIDDEN and FILE_ATTRIBUTE_SYSTEM then there's no point in reading the source DOS attribute, as we're not going to deny the rename on attribute match. Fix bug 8133 - strange behavior for the file (whose filename first character is period ) in SMB2 case. Patch for bug #8156 - net ads join fails to use the user's kerberos ticket. Fix bug #8157 - std_pcap_cache_reload() fails to parse a cups printcap file correctly. Fix bug #8150 - Ban 'dos charset = utf8' Fix bug #7054 - X account flag does not work when pwdlastset is 0. Fix our asn.1 parser to handle negative numbers. Fix bug #6911 - Kerberos authentication from vista to samba fails when security blob size is greater than 16 kB Split the ACE flag mapping between nfs4 and Windows into two separate functions rather than trying to do it inline. Allows us to carefully control what flags are mapped to what in one place. Modification to bug #8191 - vfs_gpfs dosn't honor ACE_FLAG_INHERITED_ACE Fix the poll() backend to correctly respond to POLLHUP|POLLERR returns on a fd selected for TEVENT_FD_WRITE only. Add the same fix to the S3 event backend as the previous commit added to the tevent poll backend. Fix bug #8197 - winbind does not properly detect when a DC connection is dead. Fix bug #8175 - smbd deadlock. Fix bug #8203 - winbindd needs to reset the DC connection if an RPC times out. Jim McDonough (1): s3-winbind: BUG 8166 - Don't lockout users when offline. Karolin Seeger (8): VERSION: Bump version up to 3.6.0rc2. WHATSNEW: Start release notes. WHATSNEW: Start adding changes since rc1. WHATSNEW: Update changes since rc1. s3-docs: Fix version. WHATSNEW: Update changes since 3.6.0rc1. WHATSNEW: Add another change since rc1. WHATSNEW: Update changes since rc1. Luk Claes (23): idmap_ad.8: use new syntax in ad backend example idmap_adex.8: Use new syntax in adex backend example idmap_hash.8: Use new syntax for hash backend idmap_nss.8: Use new syntax for nss backend idmap_rid.8: Use new syntax in rid backend example idmap_autorid.8: Use new syntax in autorid backend examples idmap_autorid.8: Avoid confusion with idmap uid and idmap gid options wbinfo.1: Avoid confusion with idmap uid option winbindd.8: Use new syntax in example idmap_tdb2.8: Use new syntax in example idmap_tdb2.8: Remove part about alloc backend idmap_tdb2.8: Avoid confusion with idmap uid and idmap gid options idmap_tdb2.8: Remove mentioning of deprecated idmap uid and idmap gid options as fallback idmap_ldap.8: Rework example to use new idmap syntax idmap_ldap.8: Remove references to idmap alloc backend idmap_ldap.8: Backend is not only used for searching idmap_ldap.8:
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c3ac298 s3:libsmb/cli_np_tstream: use larger buffers to avoid a bug NT4 servers (bug #8195) from cd8dc47 s3:idmap_autorid: fail initialization if the domain is not * http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c3ac298a1fe4f5cada6d09376e2d4a3df271a093 Author: Stefan Metzmacher me...@samba.org Date: Tue Jun 7 18:27:41 2011 +0200 s3:libsmb/cli_np_tstream: use larger buffers to avoid a bug NT4 servers (bug #8195) NT4 servers return NT_STATUS_PIPE_BUSY if we try a SMBtrans and the SMBwriteX before hasn't transmited the whole DCERPC fragment. W2K and above is happy with that. As a result we try to match the behavior of Windows and older Samba clients, they use write and read buffers of 4280 bytes instead of 1024 bytes. On Windows only the SMBtrans based read uses 1024 (while we also use 4280 there). metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Tue Jun 7 20:25:32 CEST 2011 on sn-devel-104 --- Summary of changes: source3/libsmb/cli_np_tstream.c | 19 +-- 1 files changed, 17 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/cli_np_tstream.c b/source3/libsmb/cli_np_tstream.c index ba37ea5..5e11a92 100644 --- a/source3/libsmb/cli_np_tstream.c +++ b/source3/libsmb/cli_np_tstream.c @@ -28,9 +28,24 @@ static const struct tstream_context_ops tstream_cli_np_ops; /* - * Window uses 1024 hardcoded for read size and trans max data + * Windows uses 4280 (the max xmit/recv size negotiated on DCERPC). + * This is fits into the max_xmit negotiated at the SMB layer. + * + * On the sending side they may use SMBtranss if the request does not + * fit into a single SMBtrans call. + * + * Windows uses 1024 as max data size of a SMBtrans request and then + * possibly reads the rest of the DCERPC fragment (up to 3256 bytes) + * via a SMBreadX. + * + * For now we just ask for the full 4280 bytes (max data size) in the SMBtrans + * request to get the whole fragment at once (like samba 3.5.x and below did. + * + * It is important that we use do SMBwriteX with the size of a full fragment, + * otherwise we may get NT_STATUS_PIPE_BUSY on the SMBtrans request + * from NT4 servers. (See bug #8195) */ -#define TSTREAM_CLI_NP_BUF_SIZE 1024 +#define TSTREAM_CLI_NP_BUF_SIZE 4280 struct tstream_cli_np { struct cli_state *cli; -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via d8da42e Announce Samba 3.6.0rc2. from a3e4abb Added Univention entry to verdors list. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit d8da42ed967bfe5f2e16ccabd48cc7c211a4a175 Author: Karolin Seeger ksee...@samba.org Date: Tue Jun 7 20:39:57 2011 +0200 Announce Samba 3.6.0rc2. Karolin --- Summary of changes: generated_news/latest_10_bodies.html| 35 +- generated_news/latest_10_headlines.html |4 +- generated_news/latest_2_bodies.html | 26 +++--- 3 files changed, 35 insertions(+), 30 deletions(-) Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index 50f4a51..5b45b32 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,23 @@ + h5a name=3.6.0rc27 June 2011/a/h5 + p class=headlineSamba 3.6.0rc2 Available for Download/p + pSamba 3.6.0rc2 is available for download. This is the + first release candidate of the next upgrade production release version of Samba 3.6.0. + It is intended for btesting purposes only/b. Please test and + a href=https://bugzilla.samba.org/;report any bugs that you + find/a. Please read the changes in the + a href=http://samba.org/samba/ftp/rc/WHATSNEW-3-6-0rc2.txt;Release Notes/a + for details on new features and difference in behavior from + previous releases./p + + pThe a href=http://samba.org/samba/ftp/rc/samba-3.6.0rc2.tar.gz;Samba 3.6.0rc2 + source code/a can be downloaded now. The a + href=http://samba.org/samba/ftp/rc/samba-3.6.0rc2.tar.asc;GnuPG + signature is for the emun/emcompressed tarball/a. + Precompiled packages will + be made available on a volunteer basis and can be found in the + a href=http://samba.org/samba/ftp/Binary_Packages/;Binary_Packages download area/a./p + + h5a name=3.6.0rc117 May 2011/a/h5 p class=headlineSamba 3.6.0rc1 Available for Download/p pSamba 3.6.0rc1 is available for download. This is the @@ -123,18 +143,3 @@ against Samba 3.4.10/a is also available. See a href=http://samba.org/samba/history/samba-3.4.11.html;the release notes for more info/a./p - - -h5a name=3.4.10 22 January 2011/a/h5 -p class=headlineSamba 3.4.10 Available for Download/p -pThis is the latest stable release of the Samba 3.4 series./p - -pThe uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -a href=http://samba.org/samba/ftp/stable/samba-3.4.10.tar.gz;downloaded -now/a. A a -href=http://samba.org/samba/ftp/patches/patch-3.4.9-3.4.10.diffs.gz;patch -against -Samba 3.4.9/a is also available. See a -href=http://samba.org/samba/history/samba-3.4.10.html;the -release notes for more info/a./p diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html index e80df71..e91199c 100644 --- a/generated_news/latest_10_headlines.html +++ b/generated_news/latest_10_headlines.html @@ -1,4 +1,6 @@ ul + li 7 June 2011 a href=#3.6.0rc2Samba 3.6.0rc2 Available for Download/a/li + li 17 May 2011 a href=#3.6.0rc1Samba 3.6.0rc1 Available for Download/a/li li 26 April 2011 a href=#3.6.0pre3Samba 3.6.0pre3 Available for Download/a/li @@ -16,6 +18,4 @@ li 28 February 2011 a href=#3.3.15Samba 3.3.15 Available for Download/a/li li 23 January 2011 a href=#3.4.11Samba 3.4.11 Available for Download/a/li - - li 22 January 2011 a href=#3.4.10Samba 3.4.10 Available for Download/a/li /ul diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index 368bd1c..97b91b1 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -1,36 +1,36 @@ - h5a name=3.6.0rc117 May 2011/a/h5 - p class=headlineSamba 3.6.0rc1 Available for Download/p - pSamba 3.6.0rc1 is available for download. This is the + h5a name=3.6.0rc27 June 2011/a/h5 + p class=headlineSamba 3.6.0rc2 Available for Download/p + pSamba 3.6.0rc2 is available for download. This is the first release candidate of the next upgrade production release version of Samba 3.6.0. It is intended for btesting purposes only/b. Please test and a href=https://bugzilla.samba.org/;report any bugs that you find/a. Please read the changes in the - a href=http://samba.org/samba/ftp/rc/WHATSNEW-3-6-0rc1.txt;Release Notes/a + a href=http://samba.org/samba/ftp/rc/WHATSNEW-3-6-0rc2.txt;Release Notes/a for details on new features and difference in behavior from previous releases./p - pThe a href=http://samba.org/samba/ftp/rc/samba-3.6.0rc1.tar.gz;Samba 3.6.0rc1 + pThe a
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via aff6c52 Fix re-opened bug 8083 - inherit owner = yes doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module. from c3ac298 s3:libsmb/cli_np_tstream: use larger buffers to avoid a bug NT4 servers (bug #8195) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit aff6c52370f853d447fc089796b0e4aa29c24d75 Author: Jeremy Allison j...@samba.org Date: Tue Jun 7 11:54:35 2011 -0700 Fix re-opened bug 8083 - inherit owner = yes doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module. Fix incorrect interaction when all of inherit permissions = yes inherit acls = yes inherit owner = yes are set. Found by Björn Jacke. Thanks Björn ! Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Tue Jun 7 22:32:18 CEST 2011 on sn-devel-104 --- Summary of changes: source3/modules/vfs_acl_common.c | 21 + 1 files changed, 17 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index a177146..fc9c3cd 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -448,10 +448,14 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, struct security_descriptor *psd = NULL; struct dom_sid *owner_sid = NULL; struct dom_sid *group_sid = NULL; + uint32_t security_info_sent = (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL); bool inherit_owner = lp_inherit_owner(SNUM(handle-conn)); + bool inheritable_components = sd_has_inheritable_components(parent_desc, + is_directory); size_t size; - if (!sd_has_inheritable_components(parent_desc, is_directory)) { + if (!inheritable_components !inherit_owner) { + /* Nothing to inherit and not setting owner. */ return NT_STATUS_OK; } @@ -487,6 +491,17 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, return status; } + /* If inheritable_components == false, + se_create_child_secdesc() + creates a security desriptor with a NULL dacl + entry, but with SEC_DESC_DACL_PRESENT. We need + to remove that flag. */ + + if (!inheritable_components) { + security_info_sent = ~SECINFO_DACL; + psd-type = ~SEC_DESC_DACL_PRESENT; + } + if (DEBUGLEVEL = 10) { DEBUG(10,(inherit_new_acl: child acl for %s is:\n, fsp_str_dbg(fsp) )); @@ -498,9 +513,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, become_root(); } status = SMB_VFS_FSET_NT_ACL(fsp, - (SECINFO_OWNER | -SECINFO_GROUP | -SECINFO_DACL), + security_info_sent, psd); if (inherit_owner) { unbecome_root(); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5fb2781 Part 3 of bugfix for #8211 - inherit owner = yes doesn't interact correctly with inherit permissions = yes and POSIX ACLs via 40c54a7 Part 2 of bugfix for #8211 - inherit owner = yes doesn't interact correctly with inherit permissions = yes and POSIX ACLs via cabed2f Part 1 of bugfix for #8211 - inherit owner = yes doesn't interact correctly with inherit permissions = yes and POSIX ACLs from aff6c52 Fix re-opened bug 8083 - inherit owner = yes doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5fb27814ad5566b264acf0f014d1721afc39b176 Author: Jeremy Allison j...@samba.org Date: Tue Jun 7 16:55:20 2011 -0700 Part 3 of bugfix for #8211 - inherit owner = yes doesn't interact correctly with inherit permissions = yes and POSIX ACLs When changing ownership on a new file make sure we must have a valid stat struct before making the inheritance calls (as they may look at it), and if we make changes we must have a valid stat struct after them. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Wed Jun 8 03:07:04 CEST 2011 on sn-devel-104 commit 40c54a736dff751dcdc66d6cd5c5d2307aeda75c Author: Jeremy Allison j...@samba.org Date: Tue Jun 7 16:48:14 2011 -0700 Part 2 of bugfix for #8211 - inherit owner = yes doesn't interact correctly with inherit permissions = yes and POSIX ACLs When changing ownership on a new file make sure we also change the returned stat struct to have the correct uid. commit cabed2fb179ea38ac93f8b9872dc3be7825d13f8 Author: Jeremy Allison j...@samba.org Date: Tue Jun 7 16:42:02 2011 -0700 Part 1 of bugfix for #8211 - inherit owner = yes doesn't interact correctly with inherit permissions = yes and POSIX ACLs When changing ownership on a new directory make sure we also change the returned stat struct to have the correct uid. --- Summary of changes: source3/smbd/open.c | 64 +- 1 files changed, 47 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/open.c b/source3/smbd/open.c index d4b0934..3603a81 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -241,6 +241,8 @@ void change_file_owner_to_parent(connection_struct *conn, DEBUG(10,(change_file_owner_to_parent: changed new file %s to parent directory uid %u.\n, fsp_str_dbg(fsp), (unsigned int)smb_fname_parent-st.st_ex_uid)); + /* Ensure the uid entry is updated. */ + fsp-fsp_name-st.st_ex_uid = smb_fname_parent-st.st_ex_uid; } TALLOC_FREE(smb_fname_parent); @@ -350,6 +352,8 @@ NTSTATUS change_dir_owner_to_parent(connection_struct *conn, DEBUG(10,(change_dir_owner_to_parent: changed ownership of new directory %s to parent directory uid %u.\n, fname, (unsigned int)smb_fname_parent-st.st_ex_uid )); + /* Ensure the uid entry is updated. */ + psbuf-st_ex_uid = smb_fname_parent-st.st_ex_uid; } chdir: @@ -378,6 +382,7 @@ static NTSTATUS open_file(files_struct *fsp, int accmode = (flags O_ACCMODE); int local_flags = flags; bool file_existed = VALID_STAT(fsp-fsp_name-st); + bool file_created = false; fsp-fh-fd = -1; errno = EPERM; @@ -477,23 +482,7 @@ static NTSTATUS open_file(files_struct *fsp, } if ((local_flags O_CREAT) !file_existed) { - - /* Inherit the ACL if required */ - if (lp_inherit_perms(SNUM(conn))) { - inherit_access_posix_acl(conn, parent_dir, -smb_fname-base_name, -unx_mode); - } - - /* Change the owner if required. */ - if (lp_inherit_owner(SNUM(conn))) { - change_file_owner_to_parent(conn, parent_dir, - fsp); - } - - notify_fname(conn, NOTIFY_ACTION_ADDED, -FILE_NOTIFY_CHANGE_FILE_NAME, -smb_fname-base_name); + file_created = true; } } else { @@ -603,6 +592,47 @@ static NTSTATUS open_file(files_struct *fsp, fd_close(fsp); return status; } + + if (file_created) { +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c790213 s4-gensec bring GSS_S_CONTEXT_EXPIRED into it's own error handler via 9cf686f s4-credentials Don't use expired Kerberos or GSSAPI credentials via 8dbab93 s4-credentials Allow use of file-based credentials caches for debugging. from 5fb2781 Part 3 of bugfix for #8211 - inherit owner = yes doesn't interact correctly with inherit permissions = yes and POSIX ACLs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c79021382b3feda518440f7627a78959b96d0619 Author: Andrew Bartlett abart...@samba.org Date: Wed Jun 8 08:55:19 2011 +1000 s4-gensec bring GSS_S_CONTEXT_EXPIRED into it's own error handler This allows us to print much more debugging in this critical situation. Andrew Bartlett Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Wed Jun 8 04:19:58 CEST 2011 on sn-devel-104 commit 9cf686f56fa50932a67f80a455c36025ca3470db Author: Andrew Bartlett abart...@samba.org Date: Wed Jun 8 08:53:16 2011 +1000 s4-credentials Don't use expired Kerberos or GSSAPI credentials In a long-lived credentials cache situation, we may need to refetch the ticket after (say) 10 hours. This code should help that happen, by checking the lifetime before returning any credentials cache or GSSAPI credentials. Andrew Bartlett commit 8dbab93f28d8ddbce8f44116f45a107a05a59a15 Author: Andrew Bartlett abart...@samba.org Date: Wed Jun 8 08:51:56 2011 +1000 s4-credentials Allow use of file-based credentials caches for debugging. This means that we will leave a slew of file based credentials caches in /tmp, which should give some clues to the administrator or developer via klist as to what has gone wrong. Andrew Bartlett --- Summary of changes: source4/auth/credentials/credentials_krb5.c | 73 --- source4/auth/gensec/gensec_gssapi.c | 59 + 2 files changed, 125 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c index bfba167..26fa809 100644 --- a/source4/auth/credentials/credentials_krb5.c +++ b/source4/auth/credentials/credentials_krb5.c @@ -235,9 +235,15 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred, if (!ccache_name) { must_free_cc_name = true; - ccache_name = talloc_asprintf(ccc, MEMORY:%p, - ccc); - + + if (lpcfg_parm_bool(lp_ctx, NULL, credentials, krb5_cc_file, false)) { + ccache_name = talloc_asprintf(ccc, FILE:/tmp/krb5_cc_samba_%u_%p, + (unsigned int)getpid(), ccc); + } else { + ccache_name = talloc_asprintf(ccc, MEMORY:%p, + ccc); + } + if (!ccache_name) { talloc_free(ccc); (*error_string) = strerror(ENOMEM); @@ -288,8 +294,38 @@ _PUBLIC_ int cli_credentials_get_named_ccache(struct cli_credentials *cred, if (cred-ccache_obtained = cred-ccache_threshold cred-ccache_obtained CRED_UNINITIALISED) { - *ccc = cred-ccache; - return 0; + time_t lifetime; + bool expired = false; + ret = krb5_cc_get_lifetime(cred-ccache-smb_krb5_context-krb5_context, + cred-ccache-ccache, lifetime); + if (ret == KRB5_CC_END) { + /* If we have a particular ccache set, without +* an initial ticket, then assume there is a +* good reason */ + } else if (ret == 0) { + if (lifetime == 0) { + DEBUG(3, (Ticket in credentials cache for %s expired, will refresh\n, + cli_credentials_get_principal(cred, cred))); + expired = true; + } else if (lifetime 300) { + DEBUG(3, (Ticket in credentials cache for %s will shortly expire (%u secs), will refresh\n, + cli_credentials_get_principal(cred, cred), (unsigned int)lifetime)); + expired = true; + } + } else { + (*error_string) = talloc_asprintf(cred, failed to get ccache lifetime: %s\n, +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4afe426 s4-ipv6: fill in pdc_ip in DsRGetDCNameEx2 via e14538d s4-wins: ensure we only use IPv4 for WINS owner via 79ef434 s4-interface: raise the debug level for interface discovery from c790213 s4-gensec bring GSS_S_CONTEXT_EXPIRED into it's own error handler http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4afe426877fed3ed4d1dae4a8d96dce3f4983b91 Author: Andrew Tridgell tri...@samba.org Date: Wed Jun 8 11:49:24 2011 +1000 s4-ipv6: fill in pdc_ip in DsRGetDCNameEx2 this may be different from the CLDAP response, as it can be IPv6 Autobuild-User: Andrew Tridgell tri...@samba.org Autobuild-Date: Wed Jun 8 06:07:29 CEST 2011 on sn-devel-104 commit e14538d9394fc5d21a5e3ec34574b9fb5c468ba2 Author: Andrew Tridgell tri...@samba.org Date: Wed Jun 8 10:42:02 2011 +1000 s4-wins: ensure we only use IPv4 for WINS owner commit 79ef434b900288f23f352dcce083c37308baef2d Author: Andrew Tridgell tri...@samba.org Date: Wed Jun 8 10:41:38 2011 +1000 s4-interface: raise the debug level for interface discovery --- Summary of changes: source4/lib/socket/interface.c|6 +++--- source4/nbt_server/wins/wins_ldb.c|2 +- source4/nbt_server/wins/winsserver.c |2 +- source4/rpc_server/netlogon/dcerpc_netlogon.c | 15 --- 4 files changed, 17 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/lib/socket/interface.c b/source4/lib/socket/interface.c index 9cb8f5e..d5b610f 100644 --- a/source4/lib/socket/interface.c +++ b/source4/lib/socket/interface.c @@ -116,18 +116,18 @@ static void add_interface(TALLOC_CTX *mem_ctx, const struct iface_struct *ifs, s /* keep string versions too, to avoid people tripping over the implied static in inet_ntoa() */ print_sockaddr(addr, sizeof(addr), iface-ip); - DEBUG(2,(added interface %s ip=%s , + DEBUG(4,(added interface %s ip=%s , iface-name, addr)); iface-ip_s = talloc_strdup(iface, addr); print_sockaddr(addr, sizeof(addr), iface-bcast); - DEBUG(2,(bcast=%s , addr)); + DEBUG(4,(bcast=%s , addr)); iface-bcast_s = talloc_strdup(iface, addr); print_sockaddr(addr, sizeof(addr), iface-netmask); - DEBUG(2,(netmask=%s\n, addr)); + DEBUG(4,(netmask=%s\n, addr)); iface-nmask_s = talloc_strdup(iface, addr); /* diff --git a/source4/nbt_server/wins/wins_ldb.c b/source4/nbt_server/wins/wins_ldb.c index 6519f9e..304c98d 100644 --- a/source4/nbt_server/wins/wins_ldb.c +++ b/source4/nbt_server/wins/wins_ldb.c @@ -93,7 +93,7 @@ static int wins_ldb_init(struct ldb_module *module) if (!owner) { struct interface *ifaces; load_interface_list(module, lp_ctx, ifaces); - owner = iface_list_n_ip(ifaces, 0); + owner = iface_list_first_v4(ifaces); if (!owner) { owner = 0.0.0.0; } diff --git a/source4/nbt_server/wins/winsserver.c b/source4/nbt_server/wins/winsserver.c index 604c86e..5f1f417 100644 --- a/source4/nbt_server/wins/winsserver.c +++ b/source4/nbt_server/wins/winsserver.c @@ -1058,7 +1058,7 @@ NTSTATUS nbtd_winsserver_init(struct nbtd_server *nbtsrv) if (owner == NULL) { struct interface *ifaces; load_interface_list(nbtsrv-task, nbtsrv-task-lp_ctx, ifaces); - owner = iface_list_n_ip(ifaces, 0); + owner = iface_list_first_v4(ifaces); } nbtsrv-winssrv-wins_db = winsdb_connect(nbtsrv-winssrv, nbtsrv-task-event_ctx, diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 8964c1d..d5a7eeb 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -37,6 +37,7 @@ #include lib/tsocket/tsocket.h #include librpc/gen_ndr/ndr_netlogon.h #include librpc/gen_ndr/ndr_irpc.h +#include lib/socket/netif.h struct netlogon_server_pipe_state { struct netr_Credential client_challenge; @@ -1233,6 +1234,7 @@ static NTSTATUS dcesrv_netr_NetrEnumerateTrustedDomains(struct dcesrv_call_state static NTSTATUS dcesrv_netr_LogonGetCapabilities(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct netr_LogonGetCapabilities *r) { + /* we don't support AES yet */ return NT_STATUS_NOT_IMPLEMENTED; } @@ -1710,6 +1712,8 @@ static WERROR dcesrv_netr_DsRGetDCNameEx2(struct dcesrv_call_state *dce_call, NTSTATUS status; const char *dc_name = NULL; const char *domain_name = NULL; + struct
[SCM] CTDB repository - branch 1.2 updated - ctdb-1.9.1-440-gbfffe06
The branch, 1.2 has been updated via bfffe067a8152145ef54482dccb49529c6a4827f (commit) via d7ab0958609264df36b7db5591d7013c0d9f95d2 (commit) via 8f75f620f97672ad9ee65cb8d9c10d1916413ffb (commit) via 9051032bc1bdb1d26902800409a248c44836da58 (commit) via a9caac9eeed27d6d5efd22926a962a25d1a5ef7f (commit) via 19a41fdc40fada29046d102de34d6fbe0c7a3768 (commit) via 8df10dfdbd9b19514caadf236c34eadcb07419f7 (commit) from ee5e90f5ad43be8e3b0b3f0aa00e6fc0be982099 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.2 - Log - commit bfffe067a8152145ef54482dccb49529c6a4827f Author: Martin Schwenke mar...@meltin.net Date: Mon May 23 15:33:12 2011 +1000 onnode: fix natgwlist nodespec This hasn't worked for a while if ever. We treat this case specially because the output has 2 works on the 1st line. We also handle the error case where /etc/ctdb_natgw_nodes exists but none of the other $NATGW_* configuration is done. Signed-off-by: Martin Schwenke mar...@meltin.net commit d7ab0958609264df36b7db5591d7013c0d9f95d2 Author: Martin Schwenke mar...@meltin.net Date: Mon May 23 15:24:52 2011 +1000 onnode: fix get_nodes_with_status() Setting IFS and looping though items with colons in them doesn't work. Change this to read through the output line by line. The header line needs to be thrown away by throwing away everything up to the 1st newline. Keep stderr from the ctdb status command, otherwise debugging is impossible. On error, append any output from ctdb to onnode's error message. Signed-off-by: Martin Schwenke mar...@meltin.net commit 8f75f620f97672ad9ee65cb8d9c10d1916413ffb Author: Martin Schwenke mar...@meltin.net Date: Tue May 17 14:26:55 2011 +1000 onnode: Remove an unnecessary comment. The comment about $CTDB_NODES_SOCKETS is meaningless. The code ti refers to works just find with $CTDB_NODES_SOCKETS. Signed-off-by: Martin Schwenke mar...@meltin.net commit 9051032bc1bdb1d26902800409a248c44836da58 Author: Martin Schwenke mar...@meltin.net Date: Tue May 17 14:24:30 2011 +1000 onnode: Future-proof get_nodes_with_status(). The current code requires knowledge of the number of status bits output by ctdb status -Y. This changes the code to be completely general. Signed-off-by: Martin Schwenke mar...@meltin.net commit a9caac9eeed27d6d5efd22926a962a25d1a5ef7f Author: Martin Schwenke mar...@meltin.net Date: Tue May 17 13:25:08 2011 +1000 onnode: Exit with error for unknown command-line flags. Use of local was masking errors in command-line processing. Signed-off-by: Martin Schwenke mar...@meltin.net commit 19a41fdc40fada29046d102de34d6fbe0c7a3768 Author: Martin Schwenke mar...@meltin.net Date: Tue May 17 13:20:51 2011 +1000 onnode: Be defensive when listing IPs of nodes with designated status. The current version gives the last item left after stripping the known fields. If an insufficent number of status fields is stripped then this would return a residual status field value, which turned out to be a valid IP address for localhost... so no error occurs. This change means that the node number is stripped and any residual status field value will stay appended, causing an error the first time this command is tested. Signed-off-by: Martin Schwenke mar...@meltin.net commit 8df10dfdbd9b19514caadf236c34eadcb07419f7 Author: Martin Schwenke mar...@meltin.net Date: Tue May 17 13:18:11 2011 +1000 onnode - Fix long standing bug in onnode healthy/ok/connected/con. When the output of ctdb status -Y changed to add an extra status column we didn't fix onnode. This adds a match for the extra column. Signed-off-by: Martin Schwenke mar...@meltin.net --- Summary of changes: tools/onnode | 93 +++-- 1 files changed, 57 insertions(+), 36 deletions(-) Changeset truncated at 500 lines: diff --git a/tools/onnode b/tools/onnode index fa61b47..804ab09 100755 --- a/tools/onnode +++ b/tools/onnode @@ -70,7 +70,9 @@ parse_options () # $POSIXLY_CORRECT means that the command passed to onnode can # take options and getopt won't reorder things to make them # options ot onnode. -local temp=$(POSIXLY_CORRECT=1 getopt -n $prog -o cf:hno:pqv -l help -- $@) +local temp +# Not on the previous line - local returns 0! +temp=$(POSIXLY_CORRECT=1 getopt -n $prog -o cf:hno:pqv -l help -- $@) [ $? != 0 ] usage @@ -136,44 +138,47 @@ get_nodes_with_status () local all_nodes=$1 local status=$2 -local bits -case $status in - healthy) - bits=0:0:0:0:0 -