Re: [Samba] Samba4 and sysvol share

2011-11-07 Thread felix 
 Hello Felix,

 Sorry for the very late answer,

 Well I remade a test today, in gpmc.msc (group policy management
console), I have no errors from Windows about the ACLs of the folders for
my policies.

Thanks a lot for your answers, Matthieu and Christopher. It makes me happy
to know that you guys don't forget to answer the questions of samba users.

My first solution was changing the permissions of the sysvol directory in
my linux box to 755 (I think 644 could work too) after defining the
policies I needed for my domain.

I'm a newbie in Linux and in Samba that's why at the begining I didn't
realize that my filesystem did not support the user_xattr option and I had
skipped that part of the HowTo. I'm so sorry for taking some of your
precious time.

Now I'm learning how to compile a kernel to include the needed options and
I'm pretty sure that will fix my issue.

For beginners, I would like to contribute with the steps I followed to
make Bind, Ntp and Samba4 work together on Debian Lenny. How can I do it?

My best wishes for the Samba team and users.
Felix.








-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] win 7 no logon servers available error [SOLVED]

2011-11-07 Thread steve 
On Monday 07 Nov 2011 07:39:10 steve wrote:
 On Sunday 06 Nov 2011 23:08:27 you wrote:
   -Original Message-
   From: samba-boun...@lists.samba.org [mailto:samba-
   boun...@lists.samba.org] On Behalf Of steve
   Sent: Sunday, November 06, 2011 6:55 AM
   To: samba@lists.samba.org
   Subject: Re: [Samba] win 7 no logon servers available error
   
   On Sunday 06 Nov 2011 00:06:17 steve wrote:
Hi
I have joined a win 7 computer to my samba domain. Logging in gives
   
   me:
'There are currently no logon servers available to service the logon
request.'

Hi

After much work I realised that the name of my Linux box was hh1.com and I had 
chosen HH1 for the Samba domain name. THat seems sensible enough no? But it 
seems that that is not allowed. I can't find anywhere in the documentation 
which warns against this.

I changed the Samba domain to HH2, removed the old ldap machine objects, 
unjoined the domain HH1 and rejoined HH2.

Everything now works as expected except that at first logon from windows 7, 
the profile isn't saved. You have to log out and back in again. Then the 
profile is saved.

With XP clients you don't have to relogin.

Hope this helps us all toward a single sighn on. It's going to make our lan 
much more bearable.

Thanks to everyone for their time.
Steve.

For completeness, here is the nmbd log:

Nov  7 14:28:58 hh1 nmbd[8308]: [2011/11/07 14:28:58.757742,  0] 
nmbd/nmbd.c:71(terminate)
Nov  7 14:28:58 hh1 nmbd[8308]:   Got SIGTERM: going down...
Nov  7 14:28:59 hh1 nmbd[9167]: [2011/11/07 14:28:59.350165,  0] 
nmbd/nmbd_logonnames.c:160(add_logon_names)
Nov  7 14:28:59 hh1 nmbd[9167]:   add_domain_logon_names:
Nov  7 14:28:59 hh1 nmbd[9167]:   Attempting to become logon server for 
workgroup HH2 on subnet 192.168.1.2
Nov  7 14:28:59 hh1 nmbd[9167]: [2011/11/07 14:28:59.351132,  0] 
nmbd/nmbd_become_dmb.c:292(become_domain_master_browser_bcast)
Nov  7 14:28:59 hh1 nmbd[9167]:   become_domain_master_browser_bcast:
Nov  7 14:28:59 hh1 nmbd[9167]:   Attempting to become domain master browser 
on workgroup HH2 on subnet 192.168.1.2
Nov  7 14:28:59 hh1 nmbd[9167]: [2011/11/07 14:28:59.351253,  0] 
nmbd/nmbd_become_dmb.c:305(become_domain_master_browser_bcast)
Nov  7 14:28:59 hh1 nmbd[9167]:   become_domain_master_browser_bcast: querying 
subnet 192.168.1.2 for domain master browser on workgroup HH2
Nov  7 14:29:03 hh1 nmbd[9167]: [2011/11/07 14:29:03.372639,  0] 
nmbd/nmbd_logonnames.c:121(become_logon_server_success)
Nov  7 14:29:03 hh1 nmbd[9167]:   become_logon_server_success: Samba is now a 
logon server for workgroup HH2 on subnet 192.168.1.2
Nov  7 14:29:05 hh1 smbd[9191]: [2011/11/07 14:29:05.626119,  0] 
smbd/server.c:501(smbd_open_one_socket)
Nov  7 14:29:05 hh1 smbd[9191]:   smbd_open_once_socket: open_socket_in: 
Address already in use
Nov  7 14:29:05 hh1 smbd[9191]: [2011/11/07 14:29:05.628884,  0] 
smbd/server.c:501(smbd_open_one_socket)
Nov  7 14:29:05 hh1 smbd[9191]:   smbd_open_once_socket: open_socket_in: 
Address already in use
Nov  7 14:29:07 hh1 nmbd[9167]: [2011/11/07 14:29:07.380575,  0] 
nmbd/nmbd_become_dmb.c:110(become_domain_master_stage2)
Nov  7 14:29:07 hh1 nmbd[9167]:   *
Nov  7 14:29:07 hh1 nmbd[9167]:   
Nov  7 14:29:07 hh1 nmbd[9167]:   Samba server HH1 is now a domain master 
browser for workgroup HH2 on subnet 192.168.1.2
Nov  7 14:29:07 hh1 nmbd[9167]:   
Nov  7 14:29:07 hh1 nmbd[9167]:   *
Nov  7 14:29:22 hh1 nmbd[9167]: [2011/11/07 14:29:22.398976,  0] 
nmbd/nmbd_become_lmb.c:395(become_local_master_stage2)
Nov  7 14:29:22 hh1 nmbd[9167]:   *
Nov  7 14:29:22 hh1 nmbd[9167]:   
Nov  7 14:29:22 hh1 nmbd[9167]:   Samba name server HH1 is now a local master 
browser for workgroup HH2 on subnet 192.168.1.2
Nov  7 14:29:22 hh1 nmbd[9167]:   
Nov  7 14:29:22 hh1 nmbd[9167]:   *
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba with ldap+TLS

2011-11-07 Thread steve 
Hi

I know Linux clients need a CA certificate to authenticate via LDAP using TLS. 
What about win 7 and XP clients using a Samba server?

Thanks
Steve
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba with ldap+TLS

2011-11-07 Thread Bruno MACADRE 

Hi,

No, you don't need CA certificate on win clients 'cause they don't 
connect directly to the LDAP. Only your Samba server need CA certificate 
to connect to the LDAP using TLS.


Regards,
Bruno

Le 07/11/2011 18:18, steve a écrit :

Hi

I know Linux clients need a CA certificate to authenticate via LDAP using TLS.
What about win 7 and XP clients using a Samba server?

Thanks
Steve


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] getent passwd not returning users/groups

2011-11-07 Thread James Chase 
I tried a second install of CentOS with X, thinking perhaps the GUI 
setup might do something that I was missing in terms of getting samba 
connected to active directory. However I still can't get this to work 
(now wbinfo doesn't seem to work either) in CentOS. I also tried Fedora 14.


Then I tried a Ubuntu 11 install and followed their instructions from 
the wiki: https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto


And it worked! I tried to apply the same settings to CentOS setup but I 
still get no output from 'getent passwd'.


Ubuntu is running version 3.5.11 while CentoS is 3.5.4. Think my best 
bet is building from source and trying 3.5.11 or 3.5.12 on CentOS? Are 
there any critical flags that need to be set during the configuration to 
make sure samba will work with active directory/winbind?


James


I'm trying to get my CentOS 5.6 machine setup as a Active Directory 
Domain Member with Windows 2008 level domain and samba 3.5. I haven't 
tried this before.


I can successfully join the domain and return users using 'wbinfo -u' 
and groups with 'wbinfo -g' but when I try 'getent passwd' I only get 
the local users. I'm not sure what element that indicates is failing 
in the process. I'm not confident in my pam.d/ setup since different 
guides show different methods of setting this up. The 
/etc/nsswitch.conf file has been edited to include winbind as a source 
for passwd/shadow/group.


The only insightful error message I see in the samba logs is this 
(repeated over and over in all the logs) but I haven't found the 
solution. Is this the cause of my problems? How do I disable 
spinlocks? I'm using a prebuilt package from sernet


[2011/11/01 16:46:19.979981,  1] lib/util_tdb.c:385(tdb_log)
  tdb(unnamed): tdb_open_ex: spinlocks no longer supported

Here is my samba configuration dumped from smbtest:

[root@sambatest ~]# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section [test]
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[global]
workgroup = SHAMOFFICE
realm = SHAMBHALA-OFFICE.LOCAL
interfaces = 127.0.0.1, eth0
bind interfaces only = Yes
security = ADS
printcap name = cups
idmap backend = ad
idmap uid = 1-2
idmap gid = 3-4
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap config SHAMOFFICE : schema_mode = rfc2307
idmap config SHAMOFFICE : range = 4000-5000
idmap config SHAMOFFICE : backend = ad
idmap config * : range = 2000-3000
idmap config * : backend = tdb

[test]
comment = Directory for storing pictures by jims users
path = /local/test
read only = No
guest ok = Yes






--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Permissions in printer share

2011-11-07 Thread Orlando Irrazabal 

Hi everyone,


I'm trying to migrate my print server to Samba. All is working well 
except security. In my domain, some groups are able to print to certain 
printers and others to other printers. I tried with write list = 
@group but it doesn't worked. How do I configure the permissions on 
samba's printers, for a user group can print to only certain printers?



Here is my smb.conf file:

[global]
workgroup = MYDOMAIN
server string = Samba Server
security = DOMAIN
password server = PASS1 PASS2
log file = /var/log/samba/log.%m
max log size = 50
idmap uid = 15000-2
idmap gid = 15000-2
template homedir = /homes/%D/%U
template shell = /sbin/nologin
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
hosts allow = 127., 192.168.23.
cups options = raw

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

[prnhpp3015]
comment = HP LaserJet P3015
path = /var/spool/samba/rcprnhpp3015
write list = @group1
printable = Yes




Thanks in advance


Orlando
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba3 ADMT, cannot migrate SIDs

2011-11-07 Thread Adam Tauno Williams 
I'm attempting to migrate a Samba 3.x / NT domain to Active Directory.
I have a Windows 2003 SE host and ADMT.  I've established trusts between
the Samba 3 domain and the Windows 2003 AD domain.  I can use User
Account Migration Wizard up to the Account Transition Options.  Then
of I check the option to Migrate SIDs it fails with - 

Could not verify auditing and TcpipClientSupport on domains. Will not
be able to migrate Sids. The system cannot find the file specified.

Is there something that can be done to enable SID migration from S3?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Permissions in printer share

2011-11-07 Thread Dale Schroeder 

On 11/07/2011 2:13 PM, Orlando Irrazabal wrote:

Hi everyone,


I'm trying to migrate my print server to Samba. All is working well 
except security. In my domain, some groups are able to print to 
certain printers and others to other printers. I tried with write 
list = @group but it doesn't worked. How do I configure the 
permissions on samba's printers, for a user group can print to only 
certain printers?



Here is my smb.conf file:

[global]
workgroup = MYDOMAIN
server string = Samba Server
security = DOMAIN
password server = PASS1 PASS2
log file = /var/log/samba/log.%m
max log size = 50
idmap uid = 15000-2
idmap gid = 15000-2
template homedir = /homes/%D/%U
template shell = /sbin/nologin
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
hosts allow = 127., 192.168.23.
cups options = raw

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

[prnhpp3015]
comment = HP LaserJet P3015
path = /var/spool/samba/rcprnhpp3015
write list = @group1
printable = Yes

Try replacing write list = @group1
with valid users = @group1

Dale


Thanks in advance

Orlando

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Permissions in printer share

2011-11-07 Thread TAKAHASHI Motonobu 
From: Dale Schroeder d...@briannassaladdressing.com
Date: Mon, 07 Nov 2011 15:30:05 -0600

 On 11/07/2011 2:13 PM, Orlando Irrazabal wrote:
  Hi everyone,
 
  I'm trying to migrate my print server to Samba. All is working well 
  except security. In my domain, some groups are able to print to 
  certain printers and others to other printers. I tried with write 
  list = @group but it doesn't worked. How do I configure the 
  permissions on samba's printers, for a user group can print to only 
  certain printers?

(snip)

 Try replacing write list = @group1
 with valid users = @group1
 
 Dale

If you use Winbind, you have to specify @domain\group style by
default. Also you can configure printers' permissions by ACL via
Windows.

---
TAKAHASHI Motonobu mo...@samba.gr.jp
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Permissions in printer share

2011-11-07 Thread Christ Schlacta 

On 11/7/2011 14:59, TAKAHASHI Motonobu wrote:

From: Dale Schroederd...@briannassaladdressing.com
Date: Mon, 07 Nov 2011 15:30:05 -0600


On 11/07/2011 2:13 PM, Orlando Irrazabal wrote:

Hi everyone,

I'm trying to migrate my print server to Samba. All is working well
except security. In my domain, some groups are able to print to
certain printers and others to other printers. I tried with write
list = @group but it doesn't worked. How do I configure the
permissions on samba's printers, for a user group can print to only
certain printers?

(snip)


Try replacing write list = @group1
with valid users = @group1

Dale

If you use Winbind, you have to specify @domain\group style by
default. Also you can configure printers' permissions by ACL via
Windows.

---
TAKAHASHI Motonobumo...@samba.gr.jp
I have a similar setup and use the windows printer permissions ACL.  it 
works perfectly now, no complaints.  If you experience any issues, make 
certain your samba is up to date, as some combinations of old-samba and 
printer have issues.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Raising domain functionality level with samba-tool fails with uncaught exception errors from Python

2011-11-07 Thread curriegrad2004 
Hey all,

I just downloaded the latest samba4 git and provisioned an Active
Directory domain following the directions on the wiki. However, when I
wanted to raise the default domain's functionality level from Windows
Server 2003 to 2008 R2, I'm getting errors from samba-tool with
something to do with Python's uncaught exception:

--forest-level

ERROR(type 'exceptions.AttributeError'): uncaught exception -
'module' object has no attribute 'get_config_basedn'
  File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py,
line 167, in _run
return self.run(*args, **kwargs)
  File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py,
line 326, in run
m.dn = ldb.Dn(samdb, CN=Partitions,%s % ldb.get_config_basedn())

--domain-level

ERROR(type 'exceptions.AttributeError'): uncaught exception -
'module' object has no attribute 'get_config_basedn'
  File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py,
line 167, in _run
return self.run(*args, **kwargs)
  File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py,
line 301, in run
+ ,CN=Partitions,%s % ldb.get_config_basedn())


What can be causing this issue? Is it the python included with
Scientific Linux 6.0 the one to blame or did I compile samba4
incorrectly in any way?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[SCM] Samba Shared Repository - branch master updated

2011-11-07 Thread Stefan Metzmacher 
The branch, master has been updated
   via  230cd1e s3:libsmb: return NT_STATUS_OK for if a request is not the 
last one in the chain
   via  597f2ae s3:libsmb: make sure have_andx_command() returns false for 
non AndX commands
   via  b20775f s3:libsmb: remember the seqnum on all chained requests
   via  20fe765 s3:libsmb: get cmd of the chained request before changing 
wct_ofs
  from  384eaba s4: samba-tool user --help documenation improvements 
Signed-off-by: Theresa Halloran thall...@linux.vnet.ibm.com

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 230cd1e276f9661f290b3eaeecca005303a68efb
Author: Stefan Metzmacher me...@samba.org
Date:   Mon Nov 7 08:55:20 2011 +0100

s3:libsmb: return NT_STATUS_OK for if a request is not the last one in the 
chain

metze

Autobuild-User: Stefan Metzmacher me...@samba.org
Autobuild-Date: Mon Nov  7 11:38:05 CET 2011 on sn-devel-104

commit 597f2ae3423ce70f84e41ed3293f049920fa0758
Author: Stefan Metzmacher me...@samba.org
Date:   Mon Nov 7 08:54:40 2011 +0100

s3:libsmb: make sure have_andx_command() returns false for non AndX commands

metze

commit b20775fb3b3c86c4aab913e5cbae19cf4e0e71d3
Author: Stefan Metzmacher me...@samba.org
Date:   Mon Nov 7 08:44:39 2011 +0100

s3:libsmb: remember the seqnum on all chained requests

This is needed in order to verify the incoming signature
correctly.

metze

commit 20fe7658a779c24c9a4e0b66da844fd117a97319
Author: Stefan Metzmacher me...@samba.org
Date:   Sat Nov 5 12:29:23 2011 +0100

s3:libsmb: get cmd of the chained request before changing wct_ofs

metze

---

Summary of changes:
 source3/libsmb/async_smb.c |   25 -
 1 files changed, 20 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c
index 79194f5..08b6c35 100644
--- a/source3/libsmb/async_smb.c
+++ b/source3/libsmb/async_smb.c
@@ -51,11 +51,15 @@ static NTSTATUS cli_pull_raw_error(const uint8_t *buf)
  * @retval Is there a command following?
  */
 
-static bool have_andx_command(const char *buf, uint16_t ofs)
+static bool have_andx_command(const char *buf, uint16_t ofs, uint8_t cmd)
 {
uint8_t wct;
size_t buflen = talloc_get_size(buf);
 
+   if (!is_andx_req(cmd)) {
+   return false;
+   }
+
if ((ofs == buflen-1) || (ofs == buflen)) {
return false;
}
@@ -870,7 +874,7 @@ NTSTATUS cli_smb_recv(struct tevent_req *req,
}
}
 
-   if (!have_andx_command((char *)state-inbuf, wct_ofs)) {
+   if (!have_andx_command((char *)state-inbuf, wct_ofs, cmd)) {
/*
 * This request was not completed because a previous
 * request in the chain had received an error.
@@ -878,6 +882,7 @@ NTSTATUS cli_smb_recv(struct tevent_req *req,
return NT_STATUS_REQUEST_ABORTED;
}
 
+   cmd = CVAL(state-inbuf, wct_ofs + 1);
wct_ofs = SVAL(state-inbuf, wct_ofs + 3);
 
/*
@@ -889,8 +894,6 @@ NTSTATUS cli_smb_recv(struct tevent_req *req,
if (wct_ofs+2  talloc_get_size(state-inbuf)) {
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
-
-   cmd = CVAL(state-inbuf, wct_ofs + 1);
}
 
state-cli-raw_status = cli_pull_raw_error(state-inbuf);
@@ -908,7 +911,7 @@ NTSTATUS cli_smb_recv(struct tevent_req *req,
status = state-cli-raw_status;
}
 
-   if (!have_andx_command((char *)state-inbuf, wct_ofs)) {
+   if (!have_andx_command((char *)state-inbuf, wct_ofs, cmd)) {
 
if ((cmd == SMBsesssetupX)
 NT_STATUS_EQUAL(
@@ -928,6 +931,12 @@ NTSTATUS cli_smb_recv(struct tevent_req *req,
 */
return status;
}
+   } else {
+   /*
+* Only the last request in the chain get the returned
+* status.
+*/
+   status = NT_STATUS_OK;
}
 
 no_err:
@@ -1092,6 +1101,12 @@ NTSTATUS cli_smb_chain_send(struct tevent_req **reqs, 
int num_reqs)
return status;
}
 
+   for (i=0; i  (num_reqs - 1); i++) {
+   state = tevent_req_data(reqs[i], struct cli_smb_state);
+
+   state-seqnum = last_state-seqnum;
+   }
+
return NT_STATUS_OK;
 }
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

2011-11-07 Thread Stefan Metzmacher 
The branch, master has been updated
   via  b9e6c48 s3-wafbuild: Fix inotify detection (bug 8580)
   via  8468098 s3-build: Fix inotify detection (bug 8580)
  from  230cd1e s3:libsmb: return NT_STATUS_OK for if a request is not the 
last one in the chain

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit b9e6c48678624ba5335d00906c558ea9e0086699
Author: Björn Baumbach b...@sernet.de
Date:   Mon Nov 7 14:24:40 2011 +0100

s3-wafbuild: Fix inotify detection (bug 8580)

Enable inotify if sys or kernel inotify is available.

Signed-off-by: Stefan Metzmacher me...@samba.org

Autobuild-User: Stefan Metzmacher me...@samba.org
Autobuild-Date: Mon Nov  7 16:28:38 CET 2011 on sn-devel-104

commit 846809853acd53a733fa6057436c6e51843d8fab
Author: Björn Baumbach b...@sernet.de
Date:   Mon Nov 7 12:42:28 2011 +0100

s3-build: Fix inotify detection (bug 8580)

Enable inotify if sys or kernel inotify is available.

Signed-off-by: Stefan Metzmacher me...@samba.org

---

Summary of changes:
 source3/configure.in |6 --
 source3/wscript  |5 +++--
 2 files changed, 7 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/configure.in b/source3/configure.in
index 7780603..a415900 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -2832,8 +2832,10 @@ samba_cv_HAVE_INOTIFY=yes,
 samba_cv_HAVE_INOTIFY=no,
 samba_cv_HAVE_INOTIFY=cross)
 
-if test x$ac_cv_func_inotify_init = xyes -a 
x$ac_cv_header_linux_inotify_h = xyes; then
-AC_DEFINE(HAVE_INOTIFY,1,[Whether kernel has inotify support])
+if test x$ac_cv_func_inotify_init = xyes; then
+if test  x$ac_cv_header_sys_inotify_h = xyes -o 
x$ac_cv_header_linux_inotify_h = xyes; then
+AC_DEFINE(HAVE_INOTIFY,1,[Whether kernel or sys has inotify support])
+fi
 fi
 
 #
diff --git a/source3/wscript b/source3/wscript
index 26152f5..c329cbf 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -117,8 +117,9 @@ long ret = splice(0,0,1,0,400,0);
 # Check for inotify support
 conf.CHECK_HEADERS('linux/inotify.h asm/unistd.h sys/inotify.h')
 conf.CHECK_FUNCS('inotify_init')
-if HAVE_LINUX_INOTIFY_H in conf.env and HAVE_INOTIFY_INIT in conf.env:
-conf.DEFINE('HAVE_INOTIFY', 1)
+if HAVE_INOTIFY_INIT in conf.env:
+if HAVE_LINUX_INOTIFY_H in conf.env or HAVE_SYS_INOTIFY_H in 
conf.env:
+conf.DEFINE('HAVE_INOTIFY', 1)
 
 # Check for kernel change notify support
 conf.CHECK_CODE('''


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

2011-11-07 Thread Matthias Dieter Wallnöfer 
The branch, master has been updated
   via  ce8b5d5 s4:samba-tool - fix Gémes Géza patch regarding parameter 
handling
   via  1d9ff23 Add a --random-password option to user create command.
  from  b9e6c48 s3-wafbuild: Fix inotify detection (bug 8580)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit ce8b5d520bafe10fb048f5c61197c840263decb6
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Mon Nov 7 17:57:52 2011 +0100

s4:samba-tool - fix Gémes Géza patch regarding parameter handling

The new random-password parameter has not been evaluated correctly.

Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org
Autobuild-Date: Mon Nov  7 19:35:05 CET 2011 on sn-devel-104

commit 1d9ff23f8ea22d0a9b5efc4ed2565bfc0dc6d92e
Author: Gémes Géza g...@kzsdabas.hu
Date:   Wed Nov 2 15:33:35 2011 +0100

Add a --random-password option to user create command.

Signed-Off-By: Jelmer Vernooij jel...@samba.org
Signed-off-by: Matthias Dieter Wallnöfer m...@samba.org

---

Summary of changes:
 source4/scripting/python/samba/netcmd/user.py |   21 +
 1 files changed, 17 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/scripting/python/samba/netcmd/user.py 
b/source4/scripting/python/samba/netcmd/user.py
index cf0a1e7..0ac4b23 100644
--- a/source4/scripting/python/samba/netcmd/user.py
+++ b/source4/scripting/python/samba/netcmd/user.py
@@ -25,7 +25,7 @@ import sys, ldb
 from getpass import getpass
 from samba.auth import system_session
 from samba.samdb import SamDB
-from samba import gensec
+from samba import gensec, generate_random_password
 from samba.net import Net
 
 from samba.netcmd import (
@@ -71,6 +71,9 @@ Example3 shows how to create a new user in the OrgUnit 
organizational unit.
 Option(--must-change-at-next-login,
 help=Force password to be changed on next login,
 action=store_true),
+Option(--random-password,
+help=Generate random password,
+action=store_true),
 Option(--use-username-as-cn,
 help=Force use of username as user's CN,
 action=store_true),
@@ -97,12 +100,15 @@ Example3 shows how to create a new user in the OrgUnit 
organizational unit.
 takes_args = [username, password?]
 
 def run(self, username, password=None, credopts=None, sambaopts=None,
-versionopts=None, H=None, must_change_at_next_login=None,
+versionopts=None, H=None, must_change_at_next_login=None, 
random_password=None,
 use_username_as_cn=None, userou=None, surname=None, 
given_name=None, initials=None,
 profile_path=None, script_path=None, home_drive=None, 
home_directory=None,
 job_title=None, department=None, company=None, description=None,
 mail_address=None, internet_address=None, telephone_number=None, 
physical_delivery_office=None):
 
+if random_password is True:
+password = generate_random_password(128, 255)
+
 while 1:
 if password is not None and password is not '':
 break
@@ -382,17 +388,24 @@ Example3 shows how an administrator would reset TestUser3 
user's password to pas
 Option(--must-change-at-next-login,
help=Force password to be changed on next login,
action=store_true),
+Option(--random-password,
+help=Generate random password,
+action=store_true),
 ]
 
 takes_args = [username?]
 
 def run(self, username=None, filter=None, credopts=None, sambaopts=None,
 versionopts=None, H=None, newpassword=None,
-must_change_at_next_login=None):
+must_change_at_next_login=None, random_password=None):
 if filter is None and username is None:
 raise CommandError(Either the username or '--filter' must be 
specified!)
 
-password = newpassword
+if random_password is True:
+password = generate_random_password(128, 255)
+else:
+password = newpassword
+
 while 1:
 if password is not None and password is not '':
 break


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

2011-11-07 Thread Jeremy Allison 
The branch, master has been updated
   via  60b7dae Add the SEC_DIR_LIST check to dptr_create().
  from  ce8b5d5 s4:samba-tool - fix Gémes Géza patch regarding parameter 
handling

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 60b7dae3fad482c2dabd6c0569e99cd23838d824
Author: Jeremy Allison j...@samba.org
Date:   Fri Nov 4 16:46:47 2011 -0700

Add the SEC_DIR_LIST check to dptr_create().

Autobuild-User: Jeremy Allison j...@samba.org
Autobuild-Date: Mon Nov  7 21:11:03 CET 2011 on sn-devel-104

---

Summary of changes:
 source3/smbd/dir.c |   27 +++
 1 files changed, 27 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index a11c131..322c2fe 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -452,6 +452,33 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct 
*fsp,
}
dir_hnd = OpenDir_fsp(NULL, conn, fsp, wcard, attr);
} else {
+   int ret;
+   struct smb_filename *smb_dname = NULL;
+   NTSTATUS status = create_synthetic_smb_fname(talloc_tos(),
+   path,
+   NULL,
+   NULL,
+   smb_dname);
+   if (!NT_STATUS_IS_OK(status)) {
+   return status;
+   }
+   if (lp_posix_pathnames()) {
+   ret = SMB_VFS_LSTAT(conn, smb_dname);
+   } else {
+   ret = SMB_VFS_STAT(conn, smb_dname);
+   }
+   if (ret == -1) {
+   return map_nt_error_from_unix(errno);
+   }
+   if (!S_ISDIR(smb_dname-st.st_ex_mode)) {
+   return NT_STATUS_NOT_A_DIRECTORY;
+   }
+   status = smbd_check_access_rights(conn,
+   smb_dname,
+   SEC_DIR_LIST);
+   if (!NT_STATUS_IS_OK(status)) {
+   return status;
+   }
dir_hnd = OpenDir(NULL, conn, path, wcard, attr);
}
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

2011-11-07 Thread Amitay Isaacs 
The branch, master has been updated
   via  5104abd s4-dnsserver: Test forward zones are not listed in reverse 
zone search
   via  8b33c48 s4-dnsserver: Fix enumeration of zones in ComplexOperation 
RPC call
  from  60b7dae Add the SEC_DIR_LIST check to dptr_create().

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 5104abd57322ad989244d25b0d9e7c4e367ba448
Author: Amitay Isaacs ami...@gmail.com
Date:   Mon Nov 7 14:40:06 2011 +1100

s4-dnsserver: Test forward zones are not listed in reverse zone search

Autobuild-User: Amitay Isaacs ami...@samba.org
Autobuild-Date: Tue Nov  8 01:26:43 CET 2011 on sn-devel-104

commit 8b33c48ba5fb73c2fd7a6849c690202d9863c0c2
Author: Amitay Isaacs ami...@gmail.com
Date:   Thu Nov 3 16:59:23 2011 +1100

s4-dnsserver: Fix enumeration of zones in ComplexOperation RPC call

zone_request_flags are interpreted in different groups rather than
a single group. This correctly returns 0 zones when there are no
reverse zones and DNS_ZONE_REQUEST_REVERSE is set in zone_request_flags.

---

Summary of changes:
 source4/rpc_server/dnsserver/dcerpc_dnsserver.c|  133 ---
 .../python/samba/tests/dcerpc/dnsserver.py |   17 +++-
 2 files changed, 99 insertions(+), 51 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c 
b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
index fd0c977..e1966fa 100644
--- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
+++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c
@@ -1105,7 +1105,7 @@ static WERROR dnsserver_complex_operate_server(struct 
dnsserver_state *dsstate,
int valid_operation = 0;
struct dnsserver_zone *z, **zlist;
int zcount;
-   bool found;
+   bool found1, found2, found3, found4;
int i;
 
if (strcasecmp(operation, QueryDwordProperty) == 0) {
@@ -1124,74 +1124,109 @@ static WERROR dnsserver_complex_operate_server(struct 
dnsserver_state *dsstate,
zcount = 0;
zlist = talloc_zero_array(mem_ctx, struct dnsserver_zone *, 0);
for (z = dsstate-zones; z; z = z-next) {
-   found = false;
-   if (rin-Dword  DNS_ZONE_REQUEST_PRIMARY) {
-   if (z-zoneinfo-dwZoneType  
DNS_ZONE_TYPE_PRIMARY) {
-   found = true;
+
+   /* Match the flags in groups
+*
+* Group1 : PRIMARY, SECONDARY, CACHE, AUTO
+* Group2 : FORWARD, REVERSE, FORWARDER, STUB
+* Group3 : DS, NON_DS, DOMAIN_DP, FOREST_DP
+* Group4 : CUSTOM_DP, LEGACY_DP
+*/
+   
+   /* Group 1 */
+   found1 = false;
+   if (rin-Dword  0x000f) {
+   if (rin-Dword  DNS_ZONE_REQUEST_PRIMARY) {
+   if (z-zoneinfo-dwZoneType == 
DNS_ZONE_TYPE_PRIMARY) {
+   found1 = true;
+   }
}
-   }
-   if (rin-Dword  DNS_ZONE_REQUEST_SECONDARY) {
-   if (z-zoneinfo-dwZoneType  
DNS_ZONE_TYPE_SECONDARY) {
-   found = true;
+   if (rin-Dword  DNS_ZONE_REQUEST_SECONDARY) {
+   if (z-zoneinfo-dwZoneType == 
DNS_ZONE_TYPE_SECONDARY) {
+   found1 = true;
+   }
}
-   }
-   if (rin-Dword  DNS_ZONE_REQUEST_CACHE) {
-   if (z-zoneinfo-dwZoneType  
DNS_ZONE_TYPE_CACHE) {
-   found = true;
+   if (rin-Dword  DNS_ZONE_REQUEST_CACHE) {
+   if (z-zoneinfo-dwZoneType == 
DNS_ZONE_TYPE_CACHE) {
+   found1 = true;
+   }
}
-   }
-   if (rin-Dword  DNS_ZONE_REQUEST_AUTO) {
-   if (z-zoneinfo-fAutoCreated || 
z-zoneinfo-dwDpFlags  DNS_DP_AUTOCREATED) {
-   found = true;
+   if (rin-Dword  DNS_ZONE_REQUEST_AUTO) {
+   if (z-zoneinfo-fAutoCreated 
+   || z-zoneinfo-dwDpFlags  
DNS_DP_AUTOCREATED) {
+

[SCM] CTDB repository - branch 1.2 updated - ctdb-1.9.1-489-g6568fee

2011-11-07 Thread Ronnie Sahlberg 
The branch, 1.2 has been updated
   via  6568feec47b705a39c404bb1a5ff35db265aea6a (commit)
  from  418313dce4b0142d12aa73aeb5e98333055bdbf0 (commit)

http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.2


- Log -
commit 6568feec47b705a39c404bb1a5ff35db265aea6a
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date:   Tue Nov 8 06:55:46 2011 +1100

Record Fetch Collapse: Collapse multiple fetch request into one single 
request.

When multiple clients fetch the same record concurrently, send only one 
single
fetch across the network and deferr all other fetches locally.
This improves performance for hot records and reduces cpu load on ctdb.

---

Summary of changes:
 include/ctdb_private.h|4 +
 server/ctdb_daemon.c  |  207 +
 server/ctdb_ltdb_server.c |   11 +++
 3 files changed, 222 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/include/ctdb_private.h b/include/ctdb_private.h
index 675ea49..f0050fb 100644
--- a/include/ctdb_private.h
+++ b/include/ctdb_private.h
@@ -523,6 +523,10 @@ struct ctdb_db_context {
  struct ctdb_ltdb_header *header,
  TDB_DATA data);
 
+   /* used to track which records we are currently fetching
+  so we can avoid sending duplicate fetch requests
+   */
+   struct trbt_tree *deferred_fetch;
 };
 
 
diff --git a/server/ctdb_daemon.c b/server/ctdb_daemon.c
index f0c7ec9..b2a03aa 100644
--- a/server/ctdb_daemon.c
+++ b/server/ctdb_daemon.c
@@ -27,6 +27,7 @@
 #include system/wait.h
 #include ../include/ctdb_client.h
 #include ../include/ctdb_private.h
+#include ../common/rb_tree.h
 #include sys/socket.h
 
 struct ctdb_client_pid_list {
@@ -358,6 +359,190 @@ static void daemon_incoming_packet_wrap(void *p, struct 
ctdb_req_header *hdr)
daemon_incoming_packet(client, hdr);
 }
 
+struct ctdb_deferred_fetch_call {
+   struct ctdb_deferred_fetch_call *next, *prev;
+   struct ctdb_req_call *c;
+   struct ctdb_daemon_packet_wrap *w;
+};
+
+struct ctdb_deferred_fetch_queue {
+   struct ctdb_deferred_fetch_call *deferred_calls;
+};
+
+struct ctdb_deferred_requeue {
+   struct ctdb_deferred_fetch_call *dfc;
+   struct ctdb_client *client;
+};
+
+/* called from a timer event and starts reprocessing the deferred call.*/
+static void reprocess_deferred_call(struct event_context *ev, struct 
timed_event *te, 
+  struct timeval t, void *private_data)
+{
+   struct ctdb_deferred_requeue *dfr = (struct ctdb_deferred_requeue 
*)private_data;
+   struct ctdb_client *client = dfr-client;
+
+   talloc_steal(client, dfr-dfc-c);
+   daemon_incoming_packet(client, (struct ctdb_req_header *)dfr-dfc-c);
+   talloc_free(dfr);
+}
+
+/* the referral context is destroyed either after a timeout or when the initial
+   fetch-lock has finished.
+   at this stage, immediately start reprocessing the queued up deferred
+   calls so they get reprocessed immediately (and since we are dmaster at
+   this stage, trigger the waiting smbd processes to pick up and aquire the
+   record right away.
+*/
+static int deferred_fetch_queue_destructor(struct ctdb_deferred_fetch_queue 
*dfq)
+{
+
+   /* need to reprocess the packets from the queue explicitely instead of
+  just using a normal destructor since we want, need, to
+  call the clients in the same oder as the requests queued up
+   */
+   while (dfq-deferred_calls != NULL) {
+   struct ctdb_client *client;
+   struct ctdb_deferred_fetch_call *dfc = dfq-deferred_calls;
+   struct ctdb_deferred_requeue *dfr;
+
+   DLIST_REMOVE(dfq-deferred_calls, dfc);
+
+   client = ctdb_reqid_find(dfc-w-ctdb, dfc-w-client_id, 
struct ctdb_client);
+   if (client == NULL) {
+   DEBUG(DEBUG_ERR,(__location__  Packet for disconnected 
client %u\n,
+dfc-w-client_id));
+   continue;
+   }
+
+   /* process it by pushing it back onto the eventloop */
+   dfr = talloc(client, struct ctdb_deferred_requeue);
+   if (dfr == NULL) {
+   DEBUG(DEBUG_ERR,(Failed to allocate deferred fetch 
requeue structure\n));
+   continue;
+   }
+
+   dfr-dfc= talloc_steal(dfr, dfc);
+   dfr-client = client;
+
+   event_add_timed(dfc-w-ctdb-ev, client, timeval_zero(), 
reprocess_deferred_call, dfr);
+   }
+
+   return 0;
+}
+
+/* insert the new deferral context into the rb tree.
+   there should never be a pre-existing context here, but check for it
+   warn and destroy the previous

[SCM] CTDB repository - branch master updated - ctdb-1.11-99-gd772743

2011-11-07 Thread Ronnie Sahlberg 
The branch, master has been updated
   via  d772743e9a4d4d40eb95cd8d5178708e77057b79 (commit)
   via  8ab0c63ad36cfbbb1e5fed46a1f4c47b1fdb581f (commit)
  from  f24e943eb7d8b86ce6b32ae37e3884ec4af0f7df (commit)

http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master


- Log -
commit d772743e9a4d4d40eb95cd8d5178708e77057b79
Merge: f24e943eb7d8b86ce6b32ae37e3884ec4af0f7df 
8ab0c63ad36cfbbb1e5fed46a1f4c47b1fdb581f
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date:   Tue Nov 8 14:01:22 2011 +1100

Merge branch 'master' of 10.1.1.27:/shared/ctdb/ctdb-master

commit 8ab0c63ad36cfbbb1e5fed46a1f4c47b1fdb581f
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date:   Wed Nov 2 13:33:28 2011 +1100

RB_TREE: Add mechanism to abort a traverse

This patch changes the callback signature for traversal
functions to allow a client to abort a traverse before it finishes.
Updates to all callers and examples as well as rb-test tool.

---

Summary of changes:
 common/rb_tree.c|   53 +++---
 common/rb_tree.h|9 ++-
 server/ctdb_serverids.c |   12 ++
 server/ctdb_takeover.c  |8 --
 server/ctdb_vacuum.c|   13 ++-
 tests/src/rb_test.c |   39 ++
 tools/ctdb.c|6 +++-
 tools/ctdb_vacuum.c |   18 ---
 8 files changed, 110 insertions(+), 48 deletions(-)


Changeset truncated at 500 lines:

diff --git a/common/rb_tree.c b/common/rb_tree.c
index b2c2ee8..8458c51 100644
--- a/common/rb_tree.c
+++ b/common/rb_tree.c
@@ -916,13 +916,17 @@ trbt_lookuparray32(trbt_tree_t *tree, uint32_t keylen, 
uint32_t *key)
 
 
 /* traverse a tree starting at node */
-static void 
+static int
 trbt_traversearray32_node(trbt_node_t *node, uint32_t keylen, 
-   void (*callback)(void *param, void *data), 
+   int (*callback)(void *param, void *data), 
void *param)
 {
if (node-left) {
-   trbt_traversearray32_node(node-left, keylen, callback, param);
+   int ret;
+   ret = trbt_traversearray32_node(node-left, keylen, callback, 
param);
+   if (ret != 0) {
+   return ret;
+   }
}
 
/* this is the smallest node in this subtree
@@ -930,35 +934,52 @@ trbt_traversearray32_node(trbt_node_t *node, uint32_t 
keylen,
   otherwise we must pull the next subtree and traverse that one as well
*/
if (keylen == 0) {
-   callback(param, node-data);
+   int ret;
+
+   ret = callback(param, node-data);
+   if (ret != 0) {
+   return ret;
+   }
} else {
-   trbt_traversearray32(node-data, keylen, callback, param);
+   int ret;
+
+   ret = trbt_traversearray32(node-data, keylen, callback, param);
+   if (ret != 0) {
+   return ret;
+   }
}
 
if (node-right) {
-   trbt_traversearray32_node(node-right, keylen, callback, param);
+   int ret;
+
+   ret = trbt_traversearray32_node(node-right, keylen, callback, 
param);
+   if (ret != 0) {
+   return ret;
+   }
}
+
+   return 0;
 }

 
 /* traverse the tree using an array of uint32 as a key */
-void 
+int 
 trbt_traversearray32(trbt_tree_t *tree, uint32_t keylen, 
-   void (*callback)(void *param, void *data), 
+   int (*callback)(void *param, void *data), 
void *param)
 {
trbt_node_t *node;
 
if (tree == NULL) {
-   return;
+   return 0;
}
 
node=tree-root;
if (node == NULL) {
-   return;
+   return 0;
}
 
-   trbt_traversearray32_node(node, keylen-1, callback, param);
+   return trbt_traversearray32_node(node, keylen-1, callback, param);
 }
 
 
@@ -999,7 +1020,7 @@ trbt_findfirstarray32(trbt_tree_t *tree, uint32_t keylen)
 }
 
 
-#if 0
+#if TEST_RB_TREE
 static void printtree(trbt_node_t *node, int levels)
 {
int i;
@@ -1007,7 +1028,7 @@ static void printtree(trbt_node_t *node, int levels)
printtree(node-left, levels+1);
 
for(i=0;ilevels;i++)printf();
-   printf(key:%d COLOR:%s (node:0x%08x parent:0x%08x left:0x%08x 
right:0x%08x)\n,node-key32,node-rb_color==TRBT_BLACK?BLACK:RED,(int)node,(int)node-parent,
 (int)node-left,(int)node-right);
+   printf(key:%d COLOR:%s (node:%p parent:%p left:%p 
right:%p)\n,node-key32,node-rb_color==TRBT_BLACK?BLACK:RED, node, 
node-parent, node-left, node-right);
 
printtree(node-right, levels+1);
printf(\n);
@@ -1021,13 +1042,11 @@ void print_tree(trbt_tree_t *tree)
}

[SCM] CTDB repository - branch master updated - ctdb-1.11-106-g7c02d24

2011-11-07 Thread Ronnie Sahlberg 
The branch, master has been updated
   via  7c02d242af552aa732f5c70ea4eeefbc8a8542e2 (commit)
   via  9a6f918bf6db79c1f8c53c0df23d47b73c117ea2 (commit)
   via  574091d5aced5e87aefad52f8bc47aa75c25fbf6 (commit)
   via  1d26e7cff6292fcbf63efc4628ffbb63b6f1f73c (commit)
   via  ed83604da82ebe566d6eb330ab7119e861e853c8 (commit)
   via  a97f19d1281eaf9874e64995a43524aeed315515 (commit)
   via  75718c5768b5bb5c0bcd7dd90e0327c6ed22a63d (commit)
  from  d772743e9a4d4d40eb95cd8d5178708e77057b79 (commit)

http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master


- Log -
commit 7c02d242af552aa732f5c70ea4eeefbc8a8542e2
Merge: d772743e9a4d4d40eb95cd8d5178708e77057b79 
9a6f918bf6db79c1f8c53c0df23d47b73c117ea2
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date:   Tue Nov 8 14:06:30 2011 +1100

Merge remote branch 'martins/lcp2fix'

commit 9a6f918bf6db79c1f8c53c0df23d47b73c117ea2
Author: Martin Schwenke mar...@meltin.net
Date:   Tue Nov 1 20:56:50 2011 +1100

Tests - IP allocation - add some extra output due to recent fix

A recent fix made the LCP2 algorithm try harder find a candidate
source node.  The debug output shows extra output because it is trying
harder so we accommodate that.

Signed-off-by: Martin Schwenke mar...@meltin.net

commit 574091d5aced5e87aefad52f8bc47aa75c25fbf6
Author: Martin Schwenke mar...@meltin.net
Date:   Tue Nov 1 20:52:57 2011 +1100

LCP IP allocation algorithm - try harder to find a candidate source node

There's a bug in LCP2.  Selecting the node with the highest imbalance
doesn't always work.  Some nodes can have a high imbalance metric
because they have a lot of IPs.  However, these nodes can be part of a
group that is perfectly balanced.  Nodes in another group with less
IPs might actually be imbalanced.

Instead of just trying the source node with the highest imbalance this
tries them in descending order of imbalance until it finds one where
an IP can be moved to another node.

Signed-off-by: Martin Schwenke mar...@meltin.net

commit 1d26e7cff6292fcbf63efc4628ffbb63b6f1f73c
Author: Martin Schwenke mar...@meltin.net
Date:   Tue Nov 1 19:59:29 2011 +1100

Tests - IP allocation - new test that shows current LCP2 failure

There are 4 IPs across 2 nodes and 2 addresses across 2 other nodes.
If one of the latter nodes is unhealthy and then becomes healthy
again, an IP isn't failed back.  This is because the nodes in the 1st
group are = unbalanced then the nodes in the 2nd group.

Signed-off-by: Martin Schwenke mar...@meltin.net

commit ed83604da82ebe566d6eb330ab7119e861e853c8
Author: Martin Schwenke mar...@meltin.net
Date:   Tue Nov 1 19:54:28 2011 +1100

Tests - Allow some tests in ctdb_takover_tests to specify allowed nodes

This mainly applies to ctdb_takeover_run_core when you might want to
specify that some IPs can only be hosted by some nodes.

Syntax on each line is now:

IP current_pnn  allowed_pnns

where allowed_pnns is a comma-separated list.

allowed_pnns is optional.  If not specified then address can be
assigned to all nodes that aren't included in an allowed_pnns list.
Just think of it as all PNNs and that the behaviour is undefined when
you only specify allowed_pnns for some IPs.  ;-)

current_pnn is optional and defaults to -1.

Signed-off-by: Martin Schwenke mar...@meltin.net

commit a97f19d1281eaf9874e64995a43524aeed315515
Author: Martin Schwenke mar...@meltin.net
Date:   Tue Nov 1 19:54:01 2011 +1100

Tests - IP allocation tests - must export CTDB_LCP2.

Signed-off-by: Martin Schwenke mar...@meltin.net

commit 75718c5768b5bb5c0bcd7dd90e0327c6ed22a63d
Author: Martin Schwenke mar...@meltin.net
Date:   Tue Nov 1 19:49:38 2011 +1100

LCP IP allocation algorithm - new function lcp2_failback_candidate()

There's a bug in LCP2.  Selecting the node with the highest imbalance
doesn't always work.  Some nodes can have a high imbalance metric
because they have a lot of IPs.  However, these nodes can be part of a
group that is perfectly balanced.  Nodes in another group with less
IPs might actually be imbalanced.

Factor out the code from lcp2_failback() that actually takes a node
and decides which address should be moved to which node.

This is the first step in fixing the above bug.

Signed-off-by: Martin Schwenke mar...@meltin.net

---

Summary of changes:
 server/ctdb_takeover.c   |  150 +++-
 tests/src/ctdb_takeover_tests.c  |  184 ++
 tests/takeover/common.sh |2 +-
 tests/takeover/testcases/lcp2.005.sh |   18 
 tests/takeover/testcases/lcp2.010.sh |   32 ++
 5

[SCM] Samba Shared Repository - branch master updated

2011-11-07 Thread Andrew Bartlett 
The branch, master has been updated
   via  696a70c s4-provision Remove options for LDAP backend to reduce user 
confusion
   via  d61d28b s4-s3-upgrade Add my copyright
   via  7af51ca param: Remove duplicate initialization of 'share backend' 
parameter
   via  56e760f s4-smb_server No longer follow the security=share smb.conf 
directive
   via  862b817 selftest: Remove the 'all' environment as it is just too 
slow to start up
  from  5104abd s4-dnsserver: Test forward zones are not listed in reverse 
zone search

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 696a70c9faac27bcd473b6c2f1444abd267ae6e6
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Nov 4 09:07:17 2011 +1100

s4-provision Remove options for LDAP backend to reduce user confusion

We do not support the LDAP backend any more, but keep the code in case 
someone
comes up with an interesting use case that could leverage this in a very
particular situation.  In order to keep the code, we must test it, so
we keep just this much of the support around.

Andrew Bartlett

Autobuild-User: Andrew Bartlett abart...@samba.org
Autobuild-Date: Tue Nov  8 04:33:49 CET 2011 on sn-devel-104

commit d61d28bcccd7079b2de7cbadd7254820e6ae9149
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Nov 1 12:59:02 2011 +1100

s4-s3-upgrade Add my copyright

commit 7af51ca936072823ed4fe51e410818cf15b0e89b
Author: Amitay Isaacs ami...@gmail.com
Date:   Tue Nov 1 16:29:41 2011 +1100

param: Remove duplicate initialization of 'share backend' parameter

commit 56e760f8f16f41c7879e792b20f53bce11f6e721
Author: Andrew Bartlett abart...@samba.org
Date:   Wed Nov 2 07:43:43 2011 +1100

s4-smb_server No longer follow the security=share smb.conf directive

By ignoring the value of security= from the smb.conf, we can allow this
to instead set the value of 'server role' in a manner compatible
with the Samba 3.x release stream.

Andrew Bartlett

commit 862b81791e24e179cfb3419e331d8d2605475bee
Author: Andrew Bartlett abart...@samba.org
Date:   Sat Sep 24 11:26:48 2011 -0700

selftest: Remove the 'all' environment as it is just too slow to start up

Instead we start the 'dc' environment, and other environments are available 
as:
make testenv SELFTEST_TESTENV=fl2003dc

Andrew Bartlett

---

Summary of changes:
 lib/param/loadparm.c   |2 -
 selftest/selftest.pl   |2 +-
 selftest/target/Samba4.pm  |   59 
 .../scripting/python/samba/provision/__init__.py   |   22 +++-
 .../scripting/python/samba/provision/backend.py|6 +-
 source4/scripting/python/samba/upgrade.py  |1 +
 source4/scripting/python/samba/upgradehelpers.py   |6 +-
 source4/setup/provision|   25 +
 source4/setup/tests/blackbox_provision-backend.sh  |   10 ++--
 source4/smb_server/session.c   |3 -
 source4/smb_server/smb/negprot.c   |   11 +---
 source4/smb_server/smb/receive.c   |   10 +---
 source4/smb_server/smb2/receive.c  |1 -
 source4/smb_server/smb_server.h|1 -
 14 files changed, 25 insertions(+), 134 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index e8993a2..2a251c1 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -3280,8 +3280,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX 
*mem_ctx)
 
lpcfg_do_global_parameter(lp_ctx, share backend, classic);
 
-   lpcfg_do_global_parameter(lp_ctx, share backend, classic);
-
lpcfg_do_global_parameter(lp_ctx, server role, standalone);
 
/* options that can be set on the command line must be initialised via
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index f41ff33..379d7f8 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -487,7 +487,7 @@ if ($opt_target eq samba) {
if ($opt_socket_wrapper and `$bindir/smbd -b | grep SOCKET_WRAPPER` eq 
) {
die(You must include --enable-socket-wrapper when compiling 
Samba in order to execute 'make test'.  Exiting);
}
-   $testenv_default = all;
+   $testenv_default = dc;
require target::Samba;
$target = new Samba($bindir, \%binary_mapping, $ldap, $srcdir, $exeext, 
$server_maxtime);
 } elsif ($opt_target eq samba3) {
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 029629d..017a277 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1426,65 +1426,6 @@ sub setup_env($$$)
return $target3-setup_admember($path/s3member, 
$self-{vars}-{dc},

[SCM] Samba Shared Repository - branch master updated

2011-11-07 Thread Amitay Isaacs 
The branch, master has been updated
   via  7dbd2ec s4-provision: site is passed as an argument to 
setup_ad_dns()
  from  696a70c s4-provision Remove options for LDAP backend to reduce user 
confusion

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 7dbd2ec757b8f00fecb41587784e25997b657952
Author: Amitay Isaacs ami...@gmail.com
Date:   Tue Nov 8 13:58:45 2011 +1100

s4-provision: site is passed as an argument to setup_ad_dns()

Autobuild-User: Amitay Isaacs ami...@samba.org
Autobuild-Date: Tue Nov  8 06:07:46 CET 2011 on sn-devel-104

---

Summary of changes:
 .../scripting/python/samba/provision/sambadns.py   |1 -
 1 files changed, 0 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/scripting/python/samba/provision/sambadns.py 
b/source4/scripting/python/samba/provision/sambadns.py
index c45e04f..d7d75cd 100644
--- a/source4/scripting/python/samba/provision/sambadns.py
+++ b/source4/scripting/python/samba/provision/sambadns.py
@@ -720,7 +720,6 @@ def setup_ad_dns(samdb, secretsdb, names, paths, lp, 
logger, dns_backend,
 dnsforest = dnsdomain
 
 hostname = names.netbiosname.lower()
-site = names.sitename
 
 domainguid = get_domainguid(samdb, domaindn)
 ntdsguid = get_ntdsguid(samdb, domaindn)


-- 
Samba Shared Repository

[SCM] CTDB repository - annotated tag ctdb-1.12 created - ctdb-1.12

2011-11-07 Thread Ronnie Sahlberg 
The annotated tag, ctdb-1.12 has been created
at  c124e5fe32d30bf3842dcfa279ad4950ebfe63c4 (tag)
   tagging  bda24b7f313289404b68ce8b9177fbd6b6a05dd7 (commit)
  replaces  ctdb-1.11
 tagged by  Ronnie Sahlberg
on  Tue Nov 8 16:45:04 2011 +1100

- Log -
Tag for 1.12
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAABAgAGBQJOuMHoAAoJEB6eS+vwPaeGEw8H/A3hsQhupn3ttGMB0bAQvk+H
O619Qk98Llom+8DofuI4S5EpmeeWJOXFKjN3BgVrSl9WxtOEHvvSuWdYYJrNN9Qk
SFqFjZnABv7/1Rbbm1rsYkc/hHGJYFFicSFHwsEZKA6ZaouWgabx4vYQD5x/OrIQ
Yy4Sh/b12UTaQOSFR6blPOUE1V/bCyIBeZqRXiMBTBz/a/1QwgIxjGylRvSNL78z
EyCQT5C+0BhYOnZX2nV/RTCeR48N+aIxtUSYik5NebKiDrd2EwNwpgFiY/D2TOse
iS4cVoVBSxJO2C9TiANQIf+iyoW88q/cNGyJeu5lYLaMvKh1F1y5J2HcBA2IRJM=
=xtPw
-END PGP SIGNATURE-

David Disseldorp (10):
  client: add req timeout argument to ctdb_cmdline_client
  client: add timeout argument to ctdb_attach
  client: flag local node in ctdb -Y status output
  pmda: Initial ctdb pmda check-in
  pmda: Attempt reconnects while ctdbd is unavailable
  pmda: Pull ctdb statistics once per fetch
  pmda: Use CTDB_PATH macro for default socket path
  pmda: document in README how to add a new metric
  pmda: handle struct latency_counter and add num_recoveries
  pmda: Use upstream assigned PCP domain id

Gregor Beck (1):
  ltdbtool: ignore empty (deleted) records per default.

Martin Schwenke (12):
  Tests - IP allocation - allow more interesting node states to be specified
  Tests - IP allocation - initial unit tests
  Tests - simple integration - do a ctdb sync after restarting the cluster
  Make ctdb_diagnostics more resilient to uncontactable nodes.
  Web - add me as a developer.  :-)
  onnode: unset EXTRA_SSH_OPTS when using fakessh
  LCP IP allocation algorithm - new function lcp2_failback_candidate()
  Tests - IP allocation tests - must export CTDB_LCP2.
  Tests - Allow some tests in ctdb_takover_tests to specify allowed nodes
  Tests - IP allocation - new test that shows current LCP2 failure
  LCP IP allocation algorithm - try harder to find a candidate source node
  Tests - IP allocation - add some extra output due to recent fix

Mathieu Parent (5):
  Fix broken readdir
  Less verbosity when there is no public addresses file
  apache's service name is not always httpd
  Typo deamon - daemon
  Fix bashism in 40.fs_use

Michael Adam (4):
  tools/ctdb: fix a typo in a debug message
  Add a tunable AllowClientDBAttach with default value 1.
  Fix a typo in a message in ctdb backupdb.
  doc: update compiled manpages of ctdb.1 after change to xml

Ronnie Sahlberg (75):
  ReadOnly records: Add a new RPC function FETCH_WITH_HEADER.
  ReadOnly: Add helper functions to manipulate a TDB_DATA as a bitmap for 
nodes that we are tracking as having a readonly delegation
  ReadOnly: Add test tool to validate the functions to manipulate and 
enumerate the bitmap of nodes to where we have readonly delegations
  ReadOnly: Add clientside functions to send the UPDATE_RECORD control
  ReadOnly: add a new test tool that does a fetchlock on a record, then 
bunps the RSN by 10 and writes the new content to the record as sprintf(%d, 
rsn)
  ReadOnly: Add 4 new record flags to handle read only delegation and 
revoking of delegations
  ReadOnly: Add printing of the record flags when we are traversing a 
database to print its content.
  ReadOnly: Add a new command 'ctdb cattdb'. This fucntion differs from 
'ctdb catdb' in that 'cattdb' will always traverse the local tdb file only, 
while 'catdb' does a cluster traverse.
  Add the missing persistent argument to db_exist()
  ReadOnly: After performing a recovery, clear out all flags related to 
readonly delegations and revoke
  ReadOnly: Add readonly flag to the ctdb_db_context to indicate if this 
database supports readonly operations or not. Add a private lock-less tdb file 
to the ctdb_db_context to use for tracking delegarions for records
  ReadOnly: After recovering all databases, make sure to clear out the 
tracking database used to track delegations and revoke. This is because the 
recovery will implicitely result in a revoke of all delegations.
  ReadOnly: Add an extra flag to ctdb_call_local to specify whether we want 
to write the record and header back to the tdb (for example we do when 
performing dmaster migrations)
  ReadOnly: Add functions to register CALLs to a context used to handle 
deferal of processing of CALL commands.
  ReadOnly: Add a function to start a revoke of all delegations for a 
record.
  ReadOnly: Add a new flag to call request packet to indicate that the 
client wants a readonly delegation
  ReadOnly: When releasing all deferred calls that blocked during revoke of 
all previous delegations, add a 1 second grace/delay for

[SCM] CTDB repository - branch master updated - ctdb-1.12-3-gb6a9dac

2011-11-07 Thread Ronnie Sahlberg 
The branch, master has been updated
   via  b6a9dacefd8f031677702f0fbf6b321beb4c4d54 (commit)
   via  1341329f6125d491b82c873f793af819e677f714 (commit)
   via  56160eccb62178f645b017b1257677a1e854b2bc (commit)
  from  bda24b7f313289404b68ce8b9177fbd6b6a05dd7 (commit)

http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master


- Log -
commit b6a9dacefd8f031677702f0fbf6b321beb4c4d54
Author: Mathieu Parent math.par...@gmail.com
Date:   Sat Oct 15 19:50:12 2011 +0200

config can be in /etc/default/ instead of /etc/sysconfig/ (ctdb_gnostics 
part)

commit 1341329f6125d491b82c873f793af819e677f714
Author: Mathieu Parent math.par...@gmail.com
Date:   Sat Oct 15 19:42:45 2011 +0200

config can be in /etc/default/ instead of /etc/sysconfig/

... on Debian system and derivated.

(ctdb_diagnostics still hardcodes /etc/sysconfig/)

commit 56160eccb62178f645b017b1257677a1e854b2bc
Author: Mathieu Parent math.par...@gmail.com
Date:   Thu Oct 13 20:26:05 2011 +0200

config/functions: CTDB_VARDIR is /var/lib/ctdb on Debian-like systems

---

Summary of changes:
 config/ctdb-crash-cleanup.sh   |2 +-
 config/functions   |6 +-
 tests/complex/31_nfs_tickle.sh |8 +++-
 tests/eventscripts/common.sh   |8 +++-
 tools/ctdb_diagnostics |7 +--
 5 files changed, 25 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/config/ctdb-crash-cleanup.sh b/config/ctdb-crash-cleanup.sh
index 420db76..f7ccfc8 100755
--- a/config/ctdb-crash-cleanup.sh
+++ b/config/ctdb-crash-cleanup.sh
@@ -22,7 +22,7 @@ ctdb status 2/dev/null  {
 exit 0
 }
 
-(cat /etc/sysconfig/ctdb | egrep ^CTDB_NATGW_PUBLIC_IP | sed -e s/.*=// -e 
s/\/.*//;cat $CTDB_PUBLIC_ADDRESSES | cut -d/ -f1) | while read _IP; do
+(cat /etc/{sysconfig,default}/ctdb | egrep ^CTDB_NATGW_PUBLIC_IP | sed -e 
s/.*=// -e s/\/.*//;cat $CTDB_PUBLIC_ADDRESSES | cut -d/ -f1) | while 
read _IP; do
_IP_HELD=`/sbin/ip addr show | grep inet $_IP/`
[ -z $_IP_HELD ] || {
_IFACE=`echo $_IP_HELD | sed -e s/.*\s//`
diff --git a/config/functions b/config/functions
index c1891ba..7c5c1c2 100755
--- a/config/functions
+++ b/config/functions
@@ -5,7 +5,11 @@
 PATH=/bin:/usr/bin:/usr/sbin:/sbin:$PATH
 
 [ -z $CTDB_VARDIR ]  {
-export CTDB_VARDIR=/var/ctdb
+if [ -d /var/lib/ctdb ] ; then
+   export CTDB_VARDIR=/var/lib/ctdb
+else
+   export CTDB_VARDIR=/var/ctdb
+fi
 }
 [ -z $CTDB_ETCDIR ]  {
 export CTDB_ETCDIR=/etc
diff --git a/tests/complex/31_nfs_tickle.sh b/tests/complex/31_nfs_tickle.sh
index 030e34f..dcbd4d7 100755
--- a/tests/complex/31_nfs_tickle.sh
+++ b/tests/complex/31_nfs_tickle.sh
@@ -83,7 +83,13 @@ sleep_for ${out#*= }
 
 if try_command_on_node any test -r /etc/ctdb/events.d/61.nfstickle ; then
 echo Trying to determine NFS_TICKLE_SHARED_DIRECTORY...
-f=/etc/sysconfig/nfs
+if [ -f /etc/sysconfig/nfs ]; then
+   f=/etc/sysconfig/nfs
+elif [ -f /etc/default/nfs ]; then
+   f=/etc/default/nfs
+elif [ -f /etc/ctdb/sysconfig/nfs ]; then
+   f=/etc/ctdb/sysconfig/nfs
+fi
 try_command_on_node -v any [ -r $f ]   sed -n -e 
s@^NFS_TICKLE_SHARED_DIRECTORY=@@p $f || true
 
 nfs_tickle_shared_directory=${out:-/gpfs/.ctdb/nfs-tickles}
diff --git a/tests/eventscripts/common.sh b/tests/eventscripts/common.sh
index 9003b39..a79c293 100644
--- a/tests/eventscripts/common.sh
+++ b/tests/eventscripts/common.sh
@@ -460,7 +460,13 @@ rpc_set_service_failure_response ()
 # the flexibility to set the number of failures.
 _numfails=${2:-${iteration}}
 
-_c=${CTDB_ETCDIR}/sysconfig/nfs
+if [ -f /etc/sysconfig/nfs ]; then
+   _c=${CTDB_ETCDIR}/sysconfig/nfs
+elif [ -f /etc/default/nfs ]; then
+   _c=${CTDB_ETCDIR}/default/nfs
+elif [ -f /etc/ctdb/sysconfig/nfs ]; then
+   _c=${CTDB_ETCDIR}/ctdb/sysconfig/nfs
+fi
 if [ -r $_c ] ; then
. $_c
 fi
diff --git a/tools/ctdb_diagnostics b/tools/ctdb_diagnostics
index 117def8..e2efb53 100755
--- a/tools/ctdb_diagnostics
+++ b/tools/ctdb_diagnostics
@@ -71,7 +71,11 @@ PATH=$PATH:/sbin:/usr/sbin:/usr/lpp/mmfs/bin
 
 # list of config files that must exist and that we check are the same 
 # on the nodes
-CONFIG_FILES_MUST=/etc/krb5.conf /etc/hosts /etc/ctdb/nodes 
/etc/sysconfig/ctdb /etc/resolv.conf /etc/nsswitch.conf /etc/sysctl.conf 
/etc/samba/smb.conf /etc/fstab /etc/multipath.conf /etc/pam.d/system-auth 
/etc/sysconfig/nfs /etc/exports /etc/vsftpd/vsftpd.conf
+if [ -d /etc/sysconfig ] ; then
+CONFIG_FILES_MUST=/etc/krb5.conf /etc/hosts /etc/ctdb/nodes 
/etc/sysconfig/ctdb /etc/resolv.conf /etc/nsswitch.conf /etc/sysctl.conf 
/etc/samba/smb.conf /etc/fstab /etc/multipath.conf /etc/pam.d/system-auth 
/etc/sysconfig/nfs /etc/exports /etc/vsftpd/vsftpd.conf
+else
+

[SCM] CTDB repository - branch master updated - ctdb-1.12-4-gdf1ac1c

2011-11-07 Thread Ronnie Sahlberg 
The branch, master has been updated
   via  df1ac1cfd65f32743ca2588edfdad46ce5a4f03f (commit)
  from  b6a9dacefd8f031677702f0fbf6b321beb4c4d54 (commit)

http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master


- Log -
commit df1ac1cfd65f32743ca2588edfdad46ce5a4f03f
Author: Mathieu Parent math.par...@gmail.com
Date:   Sat Nov 5 16:39:55 2011 +0100

Nagios plugin for CTDB

This plugin is GPL2 or greater as generally found in Nagios.
(this is obviously compatible with GPL3 or greater).

---

Summary of changes:
 utils/nagios/README |   56 ++
 utils/nagios/check_ctdb |  259 +++
 2 files changed, 315 insertions(+), 0 deletions(-)
 create mode 100644 utils/nagios/README
 create mode 100644 utils/nagios/check_ctdb


Changeset truncated at 500 lines:

diff --git a/utils/nagios/README b/utils/nagios/README
new file mode 100644
index 000..99fa6dc
--- /dev/null
+++ b/utils/nagios/README
@@ -0,0 +1,56 @@
+check_ctdb 0.3
+
+This nagios plugin is free software, and comes with ABSOLUTELY NO WARRANTY. 
+It may be used, redistributed and/or modified under the terms of the GNU 
+General Public Licence (see http://www.fsf.org/licensing/licenses/gpl.txt).
+
+CTDB plugin
+
+Usage: check_ctdb -i info
+[ -t timeout ] [ -w warn_range ] [ -c crit_range ]
+[ -H host ] [-s] [ -l login_name ]
+[ -V ] [ -h ]
+
+ -?, --usage
+   Print usage information
+ -h, --help
+   Print detailed help screen
+ -V, --version
+   Print version information
+ --extra-opts=[section][@file]
+   Read options from an ini file. See http://nagiosplugins.org/extra-opts for 
usage
+ -i, --info=info
+   Information: One of scriptstatus or ping.
+ -H, --hostname=login_name
+   Host name or IP Address.
+ -s, --sudo
+   Use sudo.
+ -l, --login=host
+   The user to log in as on the remote machine.
+ -w, --warning=THRESHOLD
+   Warning threshold. See
+   http://nagiosplug.sourceforge.net/developer-guidelines.html#THRESHOLDFORMAT
+   for the threshold format.
+ -c, --critical=THRESHOLD
+   Critical threshold. See
+   http://nagiosplug.sourceforge.net/developer-guidelines.html#THRESHOLDFORMAT
+   for the threshold format.
+ -t, --timeout=INTEGER
+   Seconds before plugin times out (default: 30)
+ -v, --verbose
+   Show details for command-line debugging (can repeat up to 3 times)
+Supported commands:
+* scriptstatus :
+check the ctdb scriptstatus command and return CRITICAL if one of the
+scripts fails.
+Perfdata count the number of scripts by state (ok, disabled, error,
+total).
+* ping :
+check the ctdb ping command.
+Perfdata count the number of nodes, the total ping time and the number
+of clients.
+Thresholds are checked against the number of nodes.
+
+
+Copyright (c) 2011 Nantes Metropole
+
diff --git a/utils/nagios/check_ctdb b/utils/nagios/check_ctdb
new file mode 100644
index 000..9430333
--- /dev/null
+++ b/utils/nagios/check_ctdb
@@ -0,0 +1,259 @@
+#!/usr/bin/perl -w
+# Nagios plugin to monitor CTDB (Clustered Trivial Database)
+#
+# License: GPL
+# Copyright (c) 2011 Nantes Metropole
+# Author: Mathieu Parent math.par...@gmail.com
+# Contributor(s): -
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see http://www.gnu.org/licenses/.
+#
+
+use strict;
+use warnings;
+use vars qw($PROGNAME $VERSION $output $values $result);
+use Nagios::Plugin;
+use File::Basename;
+
+$PROGNAME = basename($0);
+$VERSION = '0.3';
+
+my $np = Nagios::Plugin-new(
+  usage = Usage: %s -i info\n
+. [ -t timeout ] [ -w warn_range ] [ -c crit_range ]\n
+. [ -H host ] [-s] [ -l login_name ]\n
+. '[ -V ] [ -h ]',
+  version = $VERSION,
+  plugin  = $PROGNAME,
+  shortname = uc($PROGNAME),
+  blurb = 'CTDB plugin',
+  extra   = Supported commands:\n
+. * scriptstatus :\n
+. check the ctdb scriptstatus command and return CRITICAL if one 
of the\n
+. scripts fails.\n
+. Perfdata count the number of scripts by state (ok, disabled, 
error,\n
+. total).\n
+. * ping :\n
+. check the ctdb ping command.\n
+. Perfdata count the number of nodes, the total ping time and the 
number\n
+. of clients.\n
+. Thresholds are checked against the number of nodes.\n
+.