Re: [Samba] Samba4 and sysvol share
Hello Felix, Sorry for the very late answer, Well I remade a test today, in gpmc.msc (group policy management console), I have no errors from Windows about the ACLs of the folders for my policies. Thanks a lot for your answers, Matthieu and Christopher. It makes me happy to know that you guys don't forget to answer the questions of samba users. My first solution was changing the permissions of the sysvol directory in my linux box to 755 (I think 644 could work too) after defining the policies I needed for my domain. I'm a newbie in Linux and in Samba that's why at the begining I didn't realize that my filesystem did not support the user_xattr option and I had skipped that part of the HowTo. I'm so sorry for taking some of your precious time. Now I'm learning how to compile a kernel to include the needed options and I'm pretty sure that will fix my issue. For beginners, I would like to contribute with the steps I followed to make Bind, Ntp and Samba4 work together on Debian Lenny. How can I do it? My best wishes for the Samba team and users. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] win 7 no logon servers available error [SOLVED]
On Monday 07 Nov 2011 07:39:10 steve wrote: On Sunday 06 Nov 2011 23:08:27 you wrote: -Original Message- From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of steve Sent: Sunday, November 06, 2011 6:55 AM To: samba@lists.samba.org Subject: Re: [Samba] win 7 no logon servers available error On Sunday 06 Nov 2011 00:06:17 steve wrote: Hi I have joined a win 7 computer to my samba domain. Logging in gives me: 'There are currently no logon servers available to service the logon request.' Hi After much work I realised that the name of my Linux box was hh1.com and I had chosen HH1 for the Samba domain name. THat seems sensible enough no? But it seems that that is not allowed. I can't find anywhere in the documentation which warns against this. I changed the Samba domain to HH2, removed the old ldap machine objects, unjoined the domain HH1 and rejoined HH2. Everything now works as expected except that at first logon from windows 7, the profile isn't saved. You have to log out and back in again. Then the profile is saved. With XP clients you don't have to relogin. Hope this helps us all toward a single sighn on. It's going to make our lan much more bearable. Thanks to everyone for their time. Steve. For completeness, here is the nmbd log: Nov 7 14:28:58 hh1 nmbd[8308]: [2011/11/07 14:28:58.757742, 0] nmbd/nmbd.c:71(terminate) Nov 7 14:28:58 hh1 nmbd[8308]: Got SIGTERM: going down... Nov 7 14:28:59 hh1 nmbd[9167]: [2011/11/07 14:28:59.350165, 0] nmbd/nmbd_logonnames.c:160(add_logon_names) Nov 7 14:28:59 hh1 nmbd[9167]: add_domain_logon_names: Nov 7 14:28:59 hh1 nmbd[9167]: Attempting to become logon server for workgroup HH2 on subnet 192.168.1.2 Nov 7 14:28:59 hh1 nmbd[9167]: [2011/11/07 14:28:59.351132, 0] nmbd/nmbd_become_dmb.c:292(become_domain_master_browser_bcast) Nov 7 14:28:59 hh1 nmbd[9167]: become_domain_master_browser_bcast: Nov 7 14:28:59 hh1 nmbd[9167]: Attempting to become domain master browser on workgroup HH2 on subnet 192.168.1.2 Nov 7 14:28:59 hh1 nmbd[9167]: [2011/11/07 14:28:59.351253, 0] nmbd/nmbd_become_dmb.c:305(become_domain_master_browser_bcast) Nov 7 14:28:59 hh1 nmbd[9167]: become_domain_master_browser_bcast: querying subnet 192.168.1.2 for domain master browser on workgroup HH2 Nov 7 14:29:03 hh1 nmbd[9167]: [2011/11/07 14:29:03.372639, 0] nmbd/nmbd_logonnames.c:121(become_logon_server_success) Nov 7 14:29:03 hh1 nmbd[9167]: become_logon_server_success: Samba is now a logon server for workgroup HH2 on subnet 192.168.1.2 Nov 7 14:29:05 hh1 smbd[9191]: [2011/11/07 14:29:05.626119, 0] smbd/server.c:501(smbd_open_one_socket) Nov 7 14:29:05 hh1 smbd[9191]: smbd_open_once_socket: open_socket_in: Address already in use Nov 7 14:29:05 hh1 smbd[9191]: [2011/11/07 14:29:05.628884, 0] smbd/server.c:501(smbd_open_one_socket) Nov 7 14:29:05 hh1 smbd[9191]: smbd_open_once_socket: open_socket_in: Address already in use Nov 7 14:29:07 hh1 nmbd[9167]: [2011/11/07 14:29:07.380575, 0] nmbd/nmbd_become_dmb.c:110(become_domain_master_stage2) Nov 7 14:29:07 hh1 nmbd[9167]: * Nov 7 14:29:07 hh1 nmbd[9167]: Nov 7 14:29:07 hh1 nmbd[9167]: Samba server HH1 is now a domain master browser for workgroup HH2 on subnet 192.168.1.2 Nov 7 14:29:07 hh1 nmbd[9167]: Nov 7 14:29:07 hh1 nmbd[9167]: * Nov 7 14:29:22 hh1 nmbd[9167]: [2011/11/07 14:29:22.398976, 0] nmbd/nmbd_become_lmb.c:395(become_local_master_stage2) Nov 7 14:29:22 hh1 nmbd[9167]: * Nov 7 14:29:22 hh1 nmbd[9167]: Nov 7 14:29:22 hh1 nmbd[9167]: Samba name server HH1 is now a local master browser for workgroup HH2 on subnet 192.168.1.2 Nov 7 14:29:22 hh1 nmbd[9167]: Nov 7 14:29:22 hh1 nmbd[9167]: * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba with ldap+TLS
Hi I know Linux clients need a CA certificate to authenticate via LDAP using TLS. What about win 7 and XP clients using a Samba server? Thanks Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba with ldap+TLS
Hi, No, you don't need CA certificate on win clients 'cause they don't connect directly to the LDAP. Only your Samba server need CA certificate to connect to the LDAP using TLS. Regards, Bruno Le 07/11/2011 18:18, steve a écrit : Hi I know Linux clients need a CA certificate to authenticate via LDAP using TLS. What about win 7 and XP clients using a Samba server? Thanks Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent passwd not returning users/groups
I tried a second install of CentOS with X, thinking perhaps the GUI setup might do something that I was missing in terms of getting samba connected to active directory. However I still can't get this to work (now wbinfo doesn't seem to work either) in CentOS. I also tried Fedora 14. Then I tried a Ubuntu 11 install and followed their instructions from the wiki: https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto And it worked! I tried to apply the same settings to CentOS setup but I still get no output from 'getent passwd'. Ubuntu is running version 3.5.11 while CentoS is 3.5.4. Think my best bet is building from source and trying 3.5.11 or 3.5.12 on CentOS? Are there any critical flags that need to be set during the configuration to make sure samba will work with active directory/winbind? James I'm trying to get my CentOS 5.6 machine setup as a Active Directory Domain Member with Windows 2008 level domain and samba 3.5. I haven't tried this before. I can successfully join the domain and return users using 'wbinfo -u' and groups with 'wbinfo -g' but when I try 'getent passwd' I only get the local users. I'm not sure what element that indicates is failing in the process. I'm not confident in my pam.d/ setup since different guides show different methods of setting this up. The /etc/nsswitch.conf file has been edited to include winbind as a source for passwd/shadow/group. The only insightful error message I see in the samba logs is this (repeated over and over in all the logs) but I haven't found the solution. Is this the cause of my problems? How do I disable spinlocks? I'm using a prebuilt package from sernet [2011/11/01 16:46:19.979981, 1] lib/util_tdb.c:385(tdb_log) tdb(unnamed): tdb_open_ex: spinlocks no longer supported Here is my samba configuration dumped from smbtest: [root@sambatest ~]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section [test] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = SHAMOFFICE realm = SHAMBHALA-OFFICE.LOCAL interfaces = 127.0.0.1, eth0 bind interfaces only = Yes security = ADS printcap name = cups idmap backend = ad idmap uid = 1-2 idmap gid = 3-4 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config SHAMOFFICE : schema_mode = rfc2307 idmap config SHAMOFFICE : range = 4000-5000 idmap config SHAMOFFICE : backend = ad idmap config * : range = 2000-3000 idmap config * : backend = tdb [test] comment = Directory for storing pictures by jims users path = /local/test read only = No guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Permissions in printer share
Hi everyone, I'm trying to migrate my print server to Samba. All is working well except security. In my domain, some groups are able to print to certain printers and others to other printers. I tried with write list = @group but it doesn't worked. How do I configure the permissions on samba's printers, for a user group can print to only certain printers? Here is my smb.conf file: [global] workgroup = MYDOMAIN server string = Samba Server security = DOMAIN password server = PASS1 PASS2 log file = /var/log/samba/log.%m max log size = 50 idmap uid = 15000-2 idmap gid = 15000-2 template homedir = /homes/%D/%U template shell = /sbin/nologin winbind separator = + winbind enum users = Yes winbind enum groups = Yes hosts allow = 127., 192.168.23. cups options = raw [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [prnhpp3015] comment = HP LaserJet P3015 path = /var/spool/samba/rcprnhpp3015 write list = @group1 printable = Yes Thanks in advance Orlando -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba3 ADMT, cannot migrate SIDs
I'm attempting to migrate a Samba 3.x / NT domain to Active Directory. I have a Windows 2003 SE host and ADMT. I've established trusts between the Samba 3 domain and the Windows 2003 AD domain. I can use User Account Migration Wizard up to the Account Transition Options. Then of I check the option to Migrate SIDs it fails with - Could not verify auditing and TcpipClientSupport on domains. Will not be able to migrate Sids. The system cannot find the file specified. Is there something that can be done to enable SID migration from S3? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permissions in printer share
On 11/07/2011 2:13 PM, Orlando Irrazabal wrote: Hi everyone, I'm trying to migrate my print server to Samba. All is working well except security. In my domain, some groups are able to print to certain printers and others to other printers. I tried with write list = @group but it doesn't worked. How do I configure the permissions on samba's printers, for a user group can print to only certain printers? Here is my smb.conf file: [global] workgroup = MYDOMAIN server string = Samba Server security = DOMAIN password server = PASS1 PASS2 log file = /var/log/samba/log.%m max log size = 50 idmap uid = 15000-2 idmap gid = 15000-2 template homedir = /homes/%D/%U template shell = /sbin/nologin winbind separator = + winbind enum users = Yes winbind enum groups = Yes hosts allow = 127., 192.168.23. cups options = raw [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [prnhpp3015] comment = HP LaserJet P3015 path = /var/spool/samba/rcprnhpp3015 write list = @group1 printable = Yes Try replacing write list = @group1 with valid users = @group1 Dale Thanks in advance Orlando -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permissions in printer share
From: Dale Schroeder d...@briannassaladdressing.com Date: Mon, 07 Nov 2011 15:30:05 -0600 On 11/07/2011 2:13 PM, Orlando Irrazabal wrote: Hi everyone, I'm trying to migrate my print server to Samba. All is working well except security. In my domain, some groups are able to print to certain printers and others to other printers. I tried with write list = @group but it doesn't worked. How do I configure the permissions on samba's printers, for a user group can print to only certain printers? (snip) Try replacing write list = @group1 with valid users = @group1 Dale If you use Winbind, you have to specify @domain\group style by default. Also you can configure printers' permissions by ACL via Windows. --- TAKAHASHI Motonobu mo...@samba.gr.jp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permissions in printer share
On 11/7/2011 14:59, TAKAHASHI Motonobu wrote: From: Dale Schroederd...@briannassaladdressing.com Date: Mon, 07 Nov 2011 15:30:05 -0600 On 11/07/2011 2:13 PM, Orlando Irrazabal wrote: Hi everyone, I'm trying to migrate my print server to Samba. All is working well except security. In my domain, some groups are able to print to certain printers and others to other printers. I tried with write list = @group but it doesn't worked. How do I configure the permissions on samba's printers, for a user group can print to only certain printers? (snip) Try replacing write list = @group1 with valid users = @group1 Dale If you use Winbind, you have to specify @domain\group style by default. Also you can configure printers' permissions by ACL via Windows. --- TAKAHASHI Motonobumo...@samba.gr.jp I have a similar setup and use the windows printer permissions ACL. it works perfectly now, no complaints. If you experience any issues, make certain your samba is up to date, as some combinations of old-samba and printer have issues. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Raising domain functionality level with samba-tool fails with uncaught exception errors from Python
Hey all, I just downloaded the latest samba4 git and provisioned an Active Directory domain following the directions on the wiki. However, when I wanted to raise the default domain's functionality level from Windows Server 2003 to 2008 R2, I'm getting errors from samba-tool with something to do with Python's uncaught exception: --forest-level ERROR(type 'exceptions.AttributeError'): uncaught exception - 'module' object has no attribute 'get_config_basedn' File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 167, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py, line 326, in run m.dn = ldb.Dn(samdb, CN=Partitions,%s % ldb.get_config_basedn()) --domain-level ERROR(type 'exceptions.AttributeError'): uncaught exception - 'module' object has no attribute 'get_config_basedn' File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 167, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py, line 301, in run + ,CN=Partitions,%s % ldb.get_config_basedn()) What can be causing this issue? Is it the python included with Scientific Linux 6.0 the one to blame or did I compile samba4 incorrectly in any way? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 230cd1e s3:libsmb: return NT_STATUS_OK for if a request is not the last one in the chain via 597f2ae s3:libsmb: make sure have_andx_command() returns false for non AndX commands via b20775f s3:libsmb: remember the seqnum on all chained requests via 20fe765 s3:libsmb: get cmd of the chained request before changing wct_ofs from 384eaba s4: samba-tool user --help documenation improvements Signed-off-by: Theresa Halloran thall...@linux.vnet.ibm.com http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 230cd1e276f9661f290b3eaeecca005303a68efb Author: Stefan Metzmacher me...@samba.org Date: Mon Nov 7 08:55:20 2011 +0100 s3:libsmb: return NT_STATUS_OK for if a request is not the last one in the chain metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Mon Nov 7 11:38:05 CET 2011 on sn-devel-104 commit 597f2ae3423ce70f84e41ed3293f049920fa0758 Author: Stefan Metzmacher me...@samba.org Date: Mon Nov 7 08:54:40 2011 +0100 s3:libsmb: make sure have_andx_command() returns false for non AndX commands metze commit b20775fb3b3c86c4aab913e5cbae19cf4e0e71d3 Author: Stefan Metzmacher me...@samba.org Date: Mon Nov 7 08:44:39 2011 +0100 s3:libsmb: remember the seqnum on all chained requests This is needed in order to verify the incoming signature correctly. metze commit 20fe7658a779c24c9a4e0b66da844fd117a97319 Author: Stefan Metzmacher me...@samba.org Date: Sat Nov 5 12:29:23 2011 +0100 s3:libsmb: get cmd of the chained request before changing wct_ofs metze --- Summary of changes: source3/libsmb/async_smb.c | 25 - 1 files changed, 20 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c index 79194f5..08b6c35 100644 --- a/source3/libsmb/async_smb.c +++ b/source3/libsmb/async_smb.c @@ -51,11 +51,15 @@ static NTSTATUS cli_pull_raw_error(const uint8_t *buf) * @retval Is there a command following? */ -static bool have_andx_command(const char *buf, uint16_t ofs) +static bool have_andx_command(const char *buf, uint16_t ofs, uint8_t cmd) { uint8_t wct; size_t buflen = talloc_get_size(buf); + if (!is_andx_req(cmd)) { + return false; + } + if ((ofs == buflen-1) || (ofs == buflen)) { return false; } @@ -870,7 +874,7 @@ NTSTATUS cli_smb_recv(struct tevent_req *req, } } - if (!have_andx_command((char *)state-inbuf, wct_ofs)) { + if (!have_andx_command((char *)state-inbuf, wct_ofs, cmd)) { /* * This request was not completed because a previous * request in the chain had received an error. @@ -878,6 +882,7 @@ NTSTATUS cli_smb_recv(struct tevent_req *req, return NT_STATUS_REQUEST_ABORTED; } + cmd = CVAL(state-inbuf, wct_ofs + 1); wct_ofs = SVAL(state-inbuf, wct_ofs + 3); /* @@ -889,8 +894,6 @@ NTSTATUS cli_smb_recv(struct tevent_req *req, if (wct_ofs+2 talloc_get_size(state-inbuf)) { return NT_STATUS_INVALID_NETWORK_RESPONSE; } - - cmd = CVAL(state-inbuf, wct_ofs + 1); } state-cli-raw_status = cli_pull_raw_error(state-inbuf); @@ -908,7 +911,7 @@ NTSTATUS cli_smb_recv(struct tevent_req *req, status = state-cli-raw_status; } - if (!have_andx_command((char *)state-inbuf, wct_ofs)) { + if (!have_andx_command((char *)state-inbuf, wct_ofs, cmd)) { if ((cmd == SMBsesssetupX) NT_STATUS_EQUAL( @@ -928,6 +931,12 @@ NTSTATUS cli_smb_recv(struct tevent_req *req, */ return status; } + } else { + /* +* Only the last request in the chain get the returned +* status. +*/ + status = NT_STATUS_OK; } no_err: @@ -1092,6 +1101,12 @@ NTSTATUS cli_smb_chain_send(struct tevent_req **reqs, int num_reqs) return status; } + for (i=0; i (num_reqs - 1); i++) { + state = tevent_req_data(reqs[i], struct cli_smb_state); + + state-seqnum = last_state-seqnum; + } + return NT_STATUS_OK; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b9e6c48 s3-wafbuild: Fix inotify detection (bug 8580) via 8468098 s3-build: Fix inotify detection (bug 8580) from 230cd1e s3:libsmb: return NT_STATUS_OK for if a request is not the last one in the chain http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b9e6c48678624ba5335d00906c558ea9e0086699 Author: Björn Baumbach b...@sernet.de Date: Mon Nov 7 14:24:40 2011 +0100 s3-wafbuild: Fix inotify detection (bug 8580) Enable inotify if sys or kernel inotify is available. Signed-off-by: Stefan Metzmacher me...@samba.org Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Mon Nov 7 16:28:38 CET 2011 on sn-devel-104 commit 846809853acd53a733fa6057436c6e51843d8fab Author: Björn Baumbach b...@sernet.de Date: Mon Nov 7 12:42:28 2011 +0100 s3-build: Fix inotify detection (bug 8580) Enable inotify if sys or kernel inotify is available. Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: source3/configure.in |6 -- source3/wscript |5 +++-- 2 files changed, 7 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index 7780603..a415900 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -2832,8 +2832,10 @@ samba_cv_HAVE_INOTIFY=yes, samba_cv_HAVE_INOTIFY=no, samba_cv_HAVE_INOTIFY=cross) -if test x$ac_cv_func_inotify_init = xyes -a x$ac_cv_header_linux_inotify_h = xyes; then -AC_DEFINE(HAVE_INOTIFY,1,[Whether kernel has inotify support]) +if test x$ac_cv_func_inotify_init = xyes; then +if test x$ac_cv_header_sys_inotify_h = xyes -o x$ac_cv_header_linux_inotify_h = xyes; then +AC_DEFINE(HAVE_INOTIFY,1,[Whether kernel or sys has inotify support]) +fi fi # diff --git a/source3/wscript b/source3/wscript index 26152f5..c329cbf 100644 --- a/source3/wscript +++ b/source3/wscript @@ -117,8 +117,9 @@ long ret = splice(0,0,1,0,400,0); # Check for inotify support conf.CHECK_HEADERS('linux/inotify.h asm/unistd.h sys/inotify.h') conf.CHECK_FUNCS('inotify_init') -if HAVE_LINUX_INOTIFY_H in conf.env and HAVE_INOTIFY_INIT in conf.env: -conf.DEFINE('HAVE_INOTIFY', 1) +if HAVE_INOTIFY_INIT in conf.env: +if HAVE_LINUX_INOTIFY_H in conf.env or HAVE_SYS_INOTIFY_H in conf.env: +conf.DEFINE('HAVE_INOTIFY', 1) # Check for kernel change notify support conf.CHECK_CODE(''' -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ce8b5d5 s4:samba-tool - fix Gémes Géza patch regarding parameter handling via 1d9ff23 Add a --random-password option to user create command. from b9e6c48 s3-wafbuild: Fix inotify detection (bug 8580) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ce8b5d520bafe10fb048f5c61197c840263decb6 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Mon Nov 7 17:57:52 2011 +0100 s4:samba-tool - fix Gémes Géza patch regarding parameter handling The new random-password parameter has not been evaluated correctly. Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org Autobuild-Date: Mon Nov 7 19:35:05 CET 2011 on sn-devel-104 commit 1d9ff23f8ea22d0a9b5efc4ed2565bfc0dc6d92e Author: Gémes Géza g...@kzsdabas.hu Date: Wed Nov 2 15:33:35 2011 +0100 Add a --random-password option to user create command. Signed-Off-By: Jelmer Vernooij jel...@samba.org Signed-off-by: Matthias Dieter Wallnöfer m...@samba.org --- Summary of changes: source4/scripting/python/samba/netcmd/user.py | 21 + 1 files changed, 17 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/netcmd/user.py b/source4/scripting/python/samba/netcmd/user.py index cf0a1e7..0ac4b23 100644 --- a/source4/scripting/python/samba/netcmd/user.py +++ b/source4/scripting/python/samba/netcmd/user.py @@ -25,7 +25,7 @@ import sys, ldb from getpass import getpass from samba.auth import system_session from samba.samdb import SamDB -from samba import gensec +from samba import gensec, generate_random_password from samba.net import Net from samba.netcmd import ( @@ -71,6 +71,9 @@ Example3 shows how to create a new user in the OrgUnit organizational unit. Option(--must-change-at-next-login, help=Force password to be changed on next login, action=store_true), +Option(--random-password, +help=Generate random password, +action=store_true), Option(--use-username-as-cn, help=Force use of username as user's CN, action=store_true), @@ -97,12 +100,15 @@ Example3 shows how to create a new user in the OrgUnit organizational unit. takes_args = [username, password?] def run(self, username, password=None, credopts=None, sambaopts=None, -versionopts=None, H=None, must_change_at_next_login=None, +versionopts=None, H=None, must_change_at_next_login=None, random_password=None, use_username_as_cn=None, userou=None, surname=None, given_name=None, initials=None, profile_path=None, script_path=None, home_drive=None, home_directory=None, job_title=None, department=None, company=None, description=None, mail_address=None, internet_address=None, telephone_number=None, physical_delivery_office=None): +if random_password is True: +password = generate_random_password(128, 255) + while 1: if password is not None and password is not '': break @@ -382,17 +388,24 @@ Example3 shows how an administrator would reset TestUser3 user's password to pas Option(--must-change-at-next-login, help=Force password to be changed on next login, action=store_true), +Option(--random-password, +help=Generate random password, +action=store_true), ] takes_args = [username?] def run(self, username=None, filter=None, credopts=None, sambaopts=None, versionopts=None, H=None, newpassword=None, -must_change_at_next_login=None): +must_change_at_next_login=None, random_password=None): if filter is None and username is None: raise CommandError(Either the username or '--filter' must be specified!) -password = newpassword +if random_password is True: +password = generate_random_password(128, 255) +else: +password = newpassword + while 1: if password is not None and password is not '': break -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 60b7dae Add the SEC_DIR_LIST check to dptr_create(). from ce8b5d5 s4:samba-tool - fix Gémes Géza patch regarding parameter handling http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 60b7dae3fad482c2dabd6c0569e99cd23838d824 Author: Jeremy Allison j...@samba.org Date: Fri Nov 4 16:46:47 2011 -0700 Add the SEC_DIR_LIST check to dptr_create(). Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Mon Nov 7 21:11:03 CET 2011 on sn-devel-104 --- Summary of changes: source3/smbd/dir.c | 27 +++ 1 files changed, 27 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index a11c131..322c2fe 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -452,6 +452,33 @@ NTSTATUS dptr_create(connection_struct *conn, files_struct *fsp, } dir_hnd = OpenDir_fsp(NULL, conn, fsp, wcard, attr); } else { + int ret; + struct smb_filename *smb_dname = NULL; + NTSTATUS status = create_synthetic_smb_fname(talloc_tos(), + path, + NULL, + NULL, + smb_dname); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + if (lp_posix_pathnames()) { + ret = SMB_VFS_LSTAT(conn, smb_dname); + } else { + ret = SMB_VFS_STAT(conn, smb_dname); + } + if (ret == -1) { + return map_nt_error_from_unix(errno); + } + if (!S_ISDIR(smb_dname-st.st_ex_mode)) { + return NT_STATUS_NOT_A_DIRECTORY; + } + status = smbd_check_access_rights(conn, + smb_dname, + SEC_DIR_LIST); + if (!NT_STATUS_IS_OK(status)) { + return status; + } dir_hnd = OpenDir(NULL, conn, path, wcard, attr); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5104abd s4-dnsserver: Test forward zones are not listed in reverse zone search via 8b33c48 s4-dnsserver: Fix enumeration of zones in ComplexOperation RPC call from 60b7dae Add the SEC_DIR_LIST check to dptr_create(). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5104abd57322ad989244d25b0d9e7c4e367ba448 Author: Amitay Isaacs ami...@gmail.com Date: Mon Nov 7 14:40:06 2011 +1100 s4-dnsserver: Test forward zones are not listed in reverse zone search Autobuild-User: Amitay Isaacs ami...@samba.org Autobuild-Date: Tue Nov 8 01:26:43 CET 2011 on sn-devel-104 commit 8b33c48ba5fb73c2fd7a6849c690202d9863c0c2 Author: Amitay Isaacs ami...@gmail.com Date: Thu Nov 3 16:59:23 2011 +1100 s4-dnsserver: Fix enumeration of zones in ComplexOperation RPC call zone_request_flags are interpreted in different groups rather than a single group. This correctly returns 0 zones when there are no reverse zones and DNS_ZONE_REQUEST_REVERSE is set in zone_request_flags. --- Summary of changes: source4/rpc_server/dnsserver/dcerpc_dnsserver.c| 133 --- .../python/samba/tests/dcerpc/dnsserver.py | 17 +++- 2 files changed, 99 insertions(+), 51 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c index fd0c977..e1966fa 100644 --- a/source4/rpc_server/dnsserver/dcerpc_dnsserver.c +++ b/source4/rpc_server/dnsserver/dcerpc_dnsserver.c @@ -1105,7 +1105,7 @@ static WERROR dnsserver_complex_operate_server(struct dnsserver_state *dsstate, int valid_operation = 0; struct dnsserver_zone *z, **zlist; int zcount; - bool found; + bool found1, found2, found3, found4; int i; if (strcasecmp(operation, QueryDwordProperty) == 0) { @@ -1124,74 +1124,109 @@ static WERROR dnsserver_complex_operate_server(struct dnsserver_state *dsstate, zcount = 0; zlist = talloc_zero_array(mem_ctx, struct dnsserver_zone *, 0); for (z = dsstate-zones; z; z = z-next) { - found = false; - if (rin-Dword DNS_ZONE_REQUEST_PRIMARY) { - if (z-zoneinfo-dwZoneType DNS_ZONE_TYPE_PRIMARY) { - found = true; + + /* Match the flags in groups +* +* Group1 : PRIMARY, SECONDARY, CACHE, AUTO +* Group2 : FORWARD, REVERSE, FORWARDER, STUB +* Group3 : DS, NON_DS, DOMAIN_DP, FOREST_DP +* Group4 : CUSTOM_DP, LEGACY_DP +*/ + + /* Group 1 */ + found1 = false; + if (rin-Dword 0x000f) { + if (rin-Dword DNS_ZONE_REQUEST_PRIMARY) { + if (z-zoneinfo-dwZoneType == DNS_ZONE_TYPE_PRIMARY) { + found1 = true; + } } - } - if (rin-Dword DNS_ZONE_REQUEST_SECONDARY) { - if (z-zoneinfo-dwZoneType DNS_ZONE_TYPE_SECONDARY) { - found = true; + if (rin-Dword DNS_ZONE_REQUEST_SECONDARY) { + if (z-zoneinfo-dwZoneType == DNS_ZONE_TYPE_SECONDARY) { + found1 = true; + } } - } - if (rin-Dword DNS_ZONE_REQUEST_CACHE) { - if (z-zoneinfo-dwZoneType DNS_ZONE_TYPE_CACHE) { - found = true; + if (rin-Dword DNS_ZONE_REQUEST_CACHE) { + if (z-zoneinfo-dwZoneType == DNS_ZONE_TYPE_CACHE) { + found1 = true; + } } - } - if (rin-Dword DNS_ZONE_REQUEST_AUTO) { - if (z-zoneinfo-fAutoCreated || z-zoneinfo-dwDpFlags DNS_DP_AUTOCREATED) { - found = true; + if (rin-Dword DNS_ZONE_REQUEST_AUTO) { + if (z-zoneinfo-fAutoCreated + || z-zoneinfo-dwDpFlags DNS_DP_AUTOCREATED) { +
[SCM] CTDB repository - branch 1.2 updated - ctdb-1.9.1-489-g6568fee
The branch, 1.2 has been updated via 6568feec47b705a39c404bb1a5ff35db265aea6a (commit) from 418313dce4b0142d12aa73aeb5e98333055bdbf0 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.2 - Log - commit 6568feec47b705a39c404bb1a5ff35db265aea6a Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Tue Nov 8 06:55:46 2011 +1100 Record Fetch Collapse: Collapse multiple fetch request into one single request. When multiple clients fetch the same record concurrently, send only one single fetch across the network and deferr all other fetches locally. This improves performance for hot records and reduces cpu load on ctdb. --- Summary of changes: include/ctdb_private.h|4 + server/ctdb_daemon.c | 207 + server/ctdb_ltdb_server.c | 11 +++ 3 files changed, 222 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/include/ctdb_private.h b/include/ctdb_private.h index 675ea49..f0050fb 100644 --- a/include/ctdb_private.h +++ b/include/ctdb_private.h @@ -523,6 +523,10 @@ struct ctdb_db_context { struct ctdb_ltdb_header *header, TDB_DATA data); + /* used to track which records we are currently fetching + so we can avoid sending duplicate fetch requests + */ + struct trbt_tree *deferred_fetch; }; diff --git a/server/ctdb_daemon.c b/server/ctdb_daemon.c index f0c7ec9..b2a03aa 100644 --- a/server/ctdb_daemon.c +++ b/server/ctdb_daemon.c @@ -27,6 +27,7 @@ #include system/wait.h #include ../include/ctdb_client.h #include ../include/ctdb_private.h +#include ../common/rb_tree.h #include sys/socket.h struct ctdb_client_pid_list { @@ -358,6 +359,190 @@ static void daemon_incoming_packet_wrap(void *p, struct ctdb_req_header *hdr) daemon_incoming_packet(client, hdr); } +struct ctdb_deferred_fetch_call { + struct ctdb_deferred_fetch_call *next, *prev; + struct ctdb_req_call *c; + struct ctdb_daemon_packet_wrap *w; +}; + +struct ctdb_deferred_fetch_queue { + struct ctdb_deferred_fetch_call *deferred_calls; +}; + +struct ctdb_deferred_requeue { + struct ctdb_deferred_fetch_call *dfc; + struct ctdb_client *client; +}; + +/* called from a timer event and starts reprocessing the deferred call.*/ +static void reprocess_deferred_call(struct event_context *ev, struct timed_event *te, + struct timeval t, void *private_data) +{ + struct ctdb_deferred_requeue *dfr = (struct ctdb_deferred_requeue *)private_data; + struct ctdb_client *client = dfr-client; + + talloc_steal(client, dfr-dfc-c); + daemon_incoming_packet(client, (struct ctdb_req_header *)dfr-dfc-c); + talloc_free(dfr); +} + +/* the referral context is destroyed either after a timeout or when the initial + fetch-lock has finished. + at this stage, immediately start reprocessing the queued up deferred + calls so they get reprocessed immediately (and since we are dmaster at + this stage, trigger the waiting smbd processes to pick up and aquire the + record right away. +*/ +static int deferred_fetch_queue_destructor(struct ctdb_deferred_fetch_queue *dfq) +{ + + /* need to reprocess the packets from the queue explicitely instead of + just using a normal destructor since we want, need, to + call the clients in the same oder as the requests queued up + */ + while (dfq-deferred_calls != NULL) { + struct ctdb_client *client; + struct ctdb_deferred_fetch_call *dfc = dfq-deferred_calls; + struct ctdb_deferred_requeue *dfr; + + DLIST_REMOVE(dfq-deferred_calls, dfc); + + client = ctdb_reqid_find(dfc-w-ctdb, dfc-w-client_id, struct ctdb_client); + if (client == NULL) { + DEBUG(DEBUG_ERR,(__location__ Packet for disconnected client %u\n, +dfc-w-client_id)); + continue; + } + + /* process it by pushing it back onto the eventloop */ + dfr = talloc(client, struct ctdb_deferred_requeue); + if (dfr == NULL) { + DEBUG(DEBUG_ERR,(Failed to allocate deferred fetch requeue structure\n)); + continue; + } + + dfr-dfc= talloc_steal(dfr, dfc); + dfr-client = client; + + event_add_timed(dfc-w-ctdb-ev, client, timeval_zero(), reprocess_deferred_call, dfr); + } + + return 0; +} + +/* insert the new deferral context into the rb tree. + there should never be a pre-existing context here, but check for it + warn and destroy the previous
[SCM] CTDB repository - branch master updated - ctdb-1.11-99-gd772743
The branch, master has been updated via d772743e9a4d4d40eb95cd8d5178708e77057b79 (commit) via 8ab0c63ad36cfbbb1e5fed46a1f4c47b1fdb581f (commit) from f24e943eb7d8b86ce6b32ae37e3884ec4af0f7df (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit d772743e9a4d4d40eb95cd8d5178708e77057b79 Merge: f24e943eb7d8b86ce6b32ae37e3884ec4af0f7df 8ab0c63ad36cfbbb1e5fed46a1f4c47b1fdb581f Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Tue Nov 8 14:01:22 2011 +1100 Merge branch 'master' of 10.1.1.27:/shared/ctdb/ctdb-master commit 8ab0c63ad36cfbbb1e5fed46a1f4c47b1fdb581f Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Nov 2 13:33:28 2011 +1100 RB_TREE: Add mechanism to abort a traverse This patch changes the callback signature for traversal functions to allow a client to abort a traverse before it finishes. Updates to all callers and examples as well as rb-test tool. --- Summary of changes: common/rb_tree.c| 53 +++--- common/rb_tree.h|9 ++- server/ctdb_serverids.c | 12 ++ server/ctdb_takeover.c |8 -- server/ctdb_vacuum.c| 13 ++- tests/src/rb_test.c | 39 ++ tools/ctdb.c|6 +++- tools/ctdb_vacuum.c | 18 --- 8 files changed, 110 insertions(+), 48 deletions(-) Changeset truncated at 500 lines: diff --git a/common/rb_tree.c b/common/rb_tree.c index b2c2ee8..8458c51 100644 --- a/common/rb_tree.c +++ b/common/rb_tree.c @@ -916,13 +916,17 @@ trbt_lookuparray32(trbt_tree_t *tree, uint32_t keylen, uint32_t *key) /* traverse a tree starting at node */ -static void +static int trbt_traversearray32_node(trbt_node_t *node, uint32_t keylen, - void (*callback)(void *param, void *data), + int (*callback)(void *param, void *data), void *param) { if (node-left) { - trbt_traversearray32_node(node-left, keylen, callback, param); + int ret; + ret = trbt_traversearray32_node(node-left, keylen, callback, param); + if (ret != 0) { + return ret; + } } /* this is the smallest node in this subtree @@ -930,35 +934,52 @@ trbt_traversearray32_node(trbt_node_t *node, uint32_t keylen, otherwise we must pull the next subtree and traverse that one as well */ if (keylen == 0) { - callback(param, node-data); + int ret; + + ret = callback(param, node-data); + if (ret != 0) { + return ret; + } } else { - trbt_traversearray32(node-data, keylen, callback, param); + int ret; + + ret = trbt_traversearray32(node-data, keylen, callback, param); + if (ret != 0) { + return ret; + } } if (node-right) { - trbt_traversearray32_node(node-right, keylen, callback, param); + int ret; + + ret = trbt_traversearray32_node(node-right, keylen, callback, param); + if (ret != 0) { + return ret; + } } + + return 0; } /* traverse the tree using an array of uint32 as a key */ -void +int trbt_traversearray32(trbt_tree_t *tree, uint32_t keylen, - void (*callback)(void *param, void *data), + int (*callback)(void *param, void *data), void *param) { trbt_node_t *node; if (tree == NULL) { - return; + return 0; } node=tree-root; if (node == NULL) { - return; + return 0; } - trbt_traversearray32_node(node, keylen-1, callback, param); + return trbt_traversearray32_node(node, keylen-1, callback, param); } @@ -999,7 +1020,7 @@ trbt_findfirstarray32(trbt_tree_t *tree, uint32_t keylen) } -#if 0 +#if TEST_RB_TREE static void printtree(trbt_node_t *node, int levels) { int i; @@ -1007,7 +1028,7 @@ static void printtree(trbt_node_t *node, int levels) printtree(node-left, levels+1); for(i=0;ilevels;i++)printf(); - printf(key:%d COLOR:%s (node:0x%08x parent:0x%08x left:0x%08x right:0x%08x)\n,node-key32,node-rb_color==TRBT_BLACK?BLACK:RED,(int)node,(int)node-parent, (int)node-left,(int)node-right); + printf(key:%d COLOR:%s (node:%p parent:%p left:%p right:%p)\n,node-key32,node-rb_color==TRBT_BLACK?BLACK:RED, node, node-parent, node-left, node-right); printtree(node-right, levels+1); printf(\n); @@ -1021,13 +1042,11 @@ void print_tree(trbt_tree_t *tree) }
[SCM] CTDB repository - branch master updated - ctdb-1.11-106-g7c02d24
The branch, master has been updated via 7c02d242af552aa732f5c70ea4eeefbc8a8542e2 (commit) via 9a6f918bf6db79c1f8c53c0df23d47b73c117ea2 (commit) via 574091d5aced5e87aefad52f8bc47aa75c25fbf6 (commit) via 1d26e7cff6292fcbf63efc4628ffbb63b6f1f73c (commit) via ed83604da82ebe566d6eb330ab7119e861e853c8 (commit) via a97f19d1281eaf9874e64995a43524aeed315515 (commit) via 75718c5768b5bb5c0bcd7dd90e0327c6ed22a63d (commit) from d772743e9a4d4d40eb95cd8d5178708e77057b79 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit 7c02d242af552aa732f5c70ea4eeefbc8a8542e2 Merge: d772743e9a4d4d40eb95cd8d5178708e77057b79 9a6f918bf6db79c1f8c53c0df23d47b73c117ea2 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Tue Nov 8 14:06:30 2011 +1100 Merge remote branch 'martins/lcp2fix' commit 9a6f918bf6db79c1f8c53c0df23d47b73c117ea2 Author: Martin Schwenke mar...@meltin.net Date: Tue Nov 1 20:56:50 2011 +1100 Tests - IP allocation - add some extra output due to recent fix A recent fix made the LCP2 algorithm try harder find a candidate source node. The debug output shows extra output because it is trying harder so we accommodate that. Signed-off-by: Martin Schwenke mar...@meltin.net commit 574091d5aced5e87aefad52f8bc47aa75c25fbf6 Author: Martin Schwenke mar...@meltin.net Date: Tue Nov 1 20:52:57 2011 +1100 LCP IP allocation algorithm - try harder to find a candidate source node There's a bug in LCP2. Selecting the node with the highest imbalance doesn't always work. Some nodes can have a high imbalance metric because they have a lot of IPs. However, these nodes can be part of a group that is perfectly balanced. Nodes in another group with less IPs might actually be imbalanced. Instead of just trying the source node with the highest imbalance this tries them in descending order of imbalance until it finds one where an IP can be moved to another node. Signed-off-by: Martin Schwenke mar...@meltin.net commit 1d26e7cff6292fcbf63efc4628ffbb63b6f1f73c Author: Martin Schwenke mar...@meltin.net Date: Tue Nov 1 19:59:29 2011 +1100 Tests - IP allocation - new test that shows current LCP2 failure There are 4 IPs across 2 nodes and 2 addresses across 2 other nodes. If one of the latter nodes is unhealthy and then becomes healthy again, an IP isn't failed back. This is because the nodes in the 1st group are = unbalanced then the nodes in the 2nd group. Signed-off-by: Martin Schwenke mar...@meltin.net commit ed83604da82ebe566d6eb330ab7119e861e853c8 Author: Martin Schwenke mar...@meltin.net Date: Tue Nov 1 19:54:28 2011 +1100 Tests - Allow some tests in ctdb_takover_tests to specify allowed nodes This mainly applies to ctdb_takeover_run_core when you might want to specify that some IPs can only be hosted by some nodes. Syntax on each line is now: IP current_pnn allowed_pnns where allowed_pnns is a comma-separated list. allowed_pnns is optional. If not specified then address can be assigned to all nodes that aren't included in an allowed_pnns list. Just think of it as all PNNs and that the behaviour is undefined when you only specify allowed_pnns for some IPs. ;-) current_pnn is optional and defaults to -1. Signed-off-by: Martin Schwenke mar...@meltin.net commit a97f19d1281eaf9874e64995a43524aeed315515 Author: Martin Schwenke mar...@meltin.net Date: Tue Nov 1 19:54:01 2011 +1100 Tests - IP allocation tests - must export CTDB_LCP2. Signed-off-by: Martin Schwenke mar...@meltin.net commit 75718c5768b5bb5c0bcd7dd90e0327c6ed22a63d Author: Martin Schwenke mar...@meltin.net Date: Tue Nov 1 19:49:38 2011 +1100 LCP IP allocation algorithm - new function lcp2_failback_candidate() There's a bug in LCP2. Selecting the node with the highest imbalance doesn't always work. Some nodes can have a high imbalance metric because they have a lot of IPs. However, these nodes can be part of a group that is perfectly balanced. Nodes in another group with less IPs might actually be imbalanced. Factor out the code from lcp2_failback() that actually takes a node and decides which address should be moved to which node. This is the first step in fixing the above bug. Signed-off-by: Martin Schwenke mar...@meltin.net --- Summary of changes: server/ctdb_takeover.c | 150 +++- tests/src/ctdb_takeover_tests.c | 184 ++ tests/takeover/common.sh |2 +- tests/takeover/testcases/lcp2.005.sh | 18 tests/takeover/testcases/lcp2.010.sh | 32 ++ 5
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 696a70c s4-provision Remove options for LDAP backend to reduce user confusion via d61d28b s4-s3-upgrade Add my copyright via 7af51ca param: Remove duplicate initialization of 'share backend' parameter via 56e760f s4-smb_server No longer follow the security=share smb.conf directive via 862b817 selftest: Remove the 'all' environment as it is just too slow to start up from 5104abd s4-dnsserver: Test forward zones are not listed in reverse zone search http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 696a70c9faac27bcd473b6c2f1444abd267ae6e6 Author: Andrew Bartlett abart...@samba.org Date: Fri Nov 4 09:07:17 2011 +1100 s4-provision Remove options for LDAP backend to reduce user confusion We do not support the LDAP backend any more, but keep the code in case someone comes up with an interesting use case that could leverage this in a very particular situation. In order to keep the code, we must test it, so we keep just this much of the support around. Andrew Bartlett Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Tue Nov 8 04:33:49 CET 2011 on sn-devel-104 commit d61d28bcccd7079b2de7cbadd7254820e6ae9149 Author: Andrew Bartlett abart...@samba.org Date: Tue Nov 1 12:59:02 2011 +1100 s4-s3-upgrade Add my copyright commit 7af51ca936072823ed4fe51e410818cf15b0e89b Author: Amitay Isaacs ami...@gmail.com Date: Tue Nov 1 16:29:41 2011 +1100 param: Remove duplicate initialization of 'share backend' parameter commit 56e760f8f16f41c7879e792b20f53bce11f6e721 Author: Andrew Bartlett abart...@samba.org Date: Wed Nov 2 07:43:43 2011 +1100 s4-smb_server No longer follow the security=share smb.conf directive By ignoring the value of security= from the smb.conf, we can allow this to instead set the value of 'server role' in a manner compatible with the Samba 3.x release stream. Andrew Bartlett commit 862b81791e24e179cfb3419e331d8d2605475bee Author: Andrew Bartlett abart...@samba.org Date: Sat Sep 24 11:26:48 2011 -0700 selftest: Remove the 'all' environment as it is just too slow to start up Instead we start the 'dc' environment, and other environments are available as: make testenv SELFTEST_TESTENV=fl2003dc Andrew Bartlett --- Summary of changes: lib/param/loadparm.c |2 - selftest/selftest.pl |2 +- selftest/target/Samba4.pm | 59 .../scripting/python/samba/provision/__init__.py | 22 +++- .../scripting/python/samba/provision/backend.py|6 +- source4/scripting/python/samba/upgrade.py |1 + source4/scripting/python/samba/upgradehelpers.py |6 +- source4/setup/provision| 25 + source4/setup/tests/blackbox_provision-backend.sh | 10 ++-- source4/smb_server/session.c |3 - source4/smb_server/smb/negprot.c | 11 +--- source4/smb_server/smb/receive.c | 10 +--- source4/smb_server/smb2/receive.c |1 - source4/smb_server/smb_server.h|1 - 14 files changed, 25 insertions(+), 134 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index e8993a2..2a251c1 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -3280,8 +3280,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lpcfg_do_global_parameter(lp_ctx, share backend, classic); - lpcfg_do_global_parameter(lp_ctx, share backend, classic); - lpcfg_do_global_parameter(lp_ctx, server role, standalone); /* options that can be set on the command line must be initialised via diff --git a/selftest/selftest.pl b/selftest/selftest.pl index f41ff33..379d7f8 100755 --- a/selftest/selftest.pl +++ b/selftest/selftest.pl @@ -487,7 +487,7 @@ if ($opt_target eq samba) { if ($opt_socket_wrapper and `$bindir/smbd -b | grep SOCKET_WRAPPER` eq ) { die(You must include --enable-socket-wrapper when compiling Samba in order to execute 'make test'. Exiting); } - $testenv_default = all; + $testenv_default = dc; require target::Samba; $target = new Samba($bindir, \%binary_mapping, $ldap, $srcdir, $exeext, $server_maxtime); } elsif ($opt_target eq samba3) { diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 029629d..017a277 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -1426,65 +1426,6 @@ sub setup_env($$$) return $target3-setup_admember($path/s3member, $self-{vars}-{dc},
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7dbd2ec s4-provision: site is passed as an argument to setup_ad_dns() from 696a70c s4-provision Remove options for LDAP backend to reduce user confusion http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7dbd2ec757b8f00fecb41587784e25997b657952 Author: Amitay Isaacs ami...@gmail.com Date: Tue Nov 8 13:58:45 2011 +1100 s4-provision: site is passed as an argument to setup_ad_dns() Autobuild-User: Amitay Isaacs ami...@samba.org Autobuild-Date: Tue Nov 8 06:07:46 CET 2011 on sn-devel-104 --- Summary of changes: .../scripting/python/samba/provision/sambadns.py |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/provision/sambadns.py b/source4/scripting/python/samba/provision/sambadns.py index c45e04f..d7d75cd 100644 --- a/source4/scripting/python/samba/provision/sambadns.py +++ b/source4/scripting/python/samba/provision/sambadns.py @@ -720,7 +720,6 @@ def setup_ad_dns(samdb, secretsdb, names, paths, lp, logger, dns_backend, dnsforest = dnsdomain hostname = names.netbiosname.lower() -site = names.sitename domainguid = get_domainguid(samdb, domaindn) ntdsguid = get_ntdsguid(samdb, domaindn) -- Samba Shared Repository
[SCM] CTDB repository - annotated tag ctdb-1.12 created - ctdb-1.12
The annotated tag, ctdb-1.12 has been created at c124e5fe32d30bf3842dcfa279ad4950ebfe63c4 (tag) tagging bda24b7f313289404b68ce8b9177fbd6b6a05dd7 (commit) replaces ctdb-1.11 tagged by Ronnie Sahlberg on Tue Nov 8 16:45:04 2011 +1100 - Log - Tag for 1.12 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAABAgAGBQJOuMHoAAoJEB6eS+vwPaeGEw8H/A3hsQhupn3ttGMB0bAQvk+H O619Qk98Llom+8DofuI4S5EpmeeWJOXFKjN3BgVrSl9WxtOEHvvSuWdYYJrNN9Qk SFqFjZnABv7/1Rbbm1rsYkc/hHGJYFFicSFHwsEZKA6ZaouWgabx4vYQD5x/OrIQ Yy4Sh/b12UTaQOSFR6blPOUE1V/bCyIBeZqRXiMBTBz/a/1QwgIxjGylRvSNL78z EyCQT5C+0BhYOnZX2nV/RTCeR48N+aIxtUSYik5NebKiDrd2EwNwpgFiY/D2TOse iS4cVoVBSxJO2C9TiANQIf+iyoW88q/cNGyJeu5lYLaMvKh1F1y5J2HcBA2IRJM= =xtPw -END PGP SIGNATURE- David Disseldorp (10): client: add req timeout argument to ctdb_cmdline_client client: add timeout argument to ctdb_attach client: flag local node in ctdb -Y status output pmda: Initial ctdb pmda check-in pmda: Attempt reconnects while ctdbd is unavailable pmda: Pull ctdb statistics once per fetch pmda: Use CTDB_PATH macro for default socket path pmda: document in README how to add a new metric pmda: handle struct latency_counter and add num_recoveries pmda: Use upstream assigned PCP domain id Gregor Beck (1): ltdbtool: ignore empty (deleted) records per default. Martin Schwenke (12): Tests - IP allocation - allow more interesting node states to be specified Tests - IP allocation - initial unit tests Tests - simple integration - do a ctdb sync after restarting the cluster Make ctdb_diagnostics more resilient to uncontactable nodes. Web - add me as a developer. :-) onnode: unset EXTRA_SSH_OPTS when using fakessh LCP IP allocation algorithm - new function lcp2_failback_candidate() Tests - IP allocation tests - must export CTDB_LCP2. Tests - Allow some tests in ctdb_takover_tests to specify allowed nodes Tests - IP allocation - new test that shows current LCP2 failure LCP IP allocation algorithm - try harder to find a candidate source node Tests - IP allocation - add some extra output due to recent fix Mathieu Parent (5): Fix broken readdir Less verbosity when there is no public addresses file apache's service name is not always httpd Typo deamon - daemon Fix bashism in 40.fs_use Michael Adam (4): tools/ctdb: fix a typo in a debug message Add a tunable AllowClientDBAttach with default value 1. Fix a typo in a message in ctdb backupdb. doc: update compiled manpages of ctdb.1 after change to xml Ronnie Sahlberg (75): ReadOnly records: Add a new RPC function FETCH_WITH_HEADER. ReadOnly: Add helper functions to manipulate a TDB_DATA as a bitmap for nodes that we are tracking as having a readonly delegation ReadOnly: Add test tool to validate the functions to manipulate and enumerate the bitmap of nodes to where we have readonly delegations ReadOnly: Add clientside functions to send the UPDATE_RECORD control ReadOnly: add a new test tool that does a fetchlock on a record, then bunps the RSN by 10 and writes the new content to the record as sprintf(%d, rsn) ReadOnly: Add 4 new record flags to handle read only delegation and revoking of delegations ReadOnly: Add printing of the record flags when we are traversing a database to print its content. ReadOnly: Add a new command 'ctdb cattdb'. This fucntion differs from 'ctdb catdb' in that 'cattdb' will always traverse the local tdb file only, while 'catdb' does a cluster traverse. Add the missing persistent argument to db_exist() ReadOnly: After performing a recovery, clear out all flags related to readonly delegations and revoke ReadOnly: Add readonly flag to the ctdb_db_context to indicate if this database supports readonly operations or not. Add a private lock-less tdb file to the ctdb_db_context to use for tracking delegarions for records ReadOnly: After recovering all databases, make sure to clear out the tracking database used to track delegations and revoke. This is because the recovery will implicitely result in a revoke of all delegations. ReadOnly: Add an extra flag to ctdb_call_local to specify whether we want to write the record and header back to the tdb (for example we do when performing dmaster migrations) ReadOnly: Add functions to register CALLs to a context used to handle deferal of processing of CALL commands. ReadOnly: Add a function to start a revoke of all delegations for a record. ReadOnly: Add a new flag to call request packet to indicate that the client wants a readonly delegation ReadOnly: When releasing all deferred calls that blocked during revoke of all previous delegations, add a 1 second grace/delay for
[SCM] CTDB repository - branch master updated - ctdb-1.12-3-gb6a9dac
The branch, master has been updated via b6a9dacefd8f031677702f0fbf6b321beb4c4d54 (commit) via 1341329f6125d491b82c873f793af819e677f714 (commit) via 56160eccb62178f645b017b1257677a1e854b2bc (commit) from bda24b7f313289404b68ce8b9177fbd6b6a05dd7 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit b6a9dacefd8f031677702f0fbf6b321beb4c4d54 Author: Mathieu Parent math.par...@gmail.com Date: Sat Oct 15 19:50:12 2011 +0200 config can be in /etc/default/ instead of /etc/sysconfig/ (ctdb_gnostics part) commit 1341329f6125d491b82c873f793af819e677f714 Author: Mathieu Parent math.par...@gmail.com Date: Sat Oct 15 19:42:45 2011 +0200 config can be in /etc/default/ instead of /etc/sysconfig/ ... on Debian system and derivated. (ctdb_diagnostics still hardcodes /etc/sysconfig/) commit 56160eccb62178f645b017b1257677a1e854b2bc Author: Mathieu Parent math.par...@gmail.com Date: Thu Oct 13 20:26:05 2011 +0200 config/functions: CTDB_VARDIR is /var/lib/ctdb on Debian-like systems --- Summary of changes: config/ctdb-crash-cleanup.sh |2 +- config/functions |6 +- tests/complex/31_nfs_tickle.sh |8 +++- tests/eventscripts/common.sh |8 +++- tools/ctdb_diagnostics |7 +-- 5 files changed, 25 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/config/ctdb-crash-cleanup.sh b/config/ctdb-crash-cleanup.sh index 420db76..f7ccfc8 100755 --- a/config/ctdb-crash-cleanup.sh +++ b/config/ctdb-crash-cleanup.sh @@ -22,7 +22,7 @@ ctdb status 2/dev/null { exit 0 } -(cat /etc/sysconfig/ctdb | egrep ^CTDB_NATGW_PUBLIC_IP | sed -e s/.*=// -e s/\/.*//;cat $CTDB_PUBLIC_ADDRESSES | cut -d/ -f1) | while read _IP; do +(cat /etc/{sysconfig,default}/ctdb | egrep ^CTDB_NATGW_PUBLIC_IP | sed -e s/.*=// -e s/\/.*//;cat $CTDB_PUBLIC_ADDRESSES | cut -d/ -f1) | while read _IP; do _IP_HELD=`/sbin/ip addr show | grep inet $_IP/` [ -z $_IP_HELD ] || { _IFACE=`echo $_IP_HELD | sed -e s/.*\s//` diff --git a/config/functions b/config/functions index c1891ba..7c5c1c2 100755 --- a/config/functions +++ b/config/functions @@ -5,7 +5,11 @@ PATH=/bin:/usr/bin:/usr/sbin:/sbin:$PATH [ -z $CTDB_VARDIR ] { -export CTDB_VARDIR=/var/ctdb +if [ -d /var/lib/ctdb ] ; then + export CTDB_VARDIR=/var/lib/ctdb +else + export CTDB_VARDIR=/var/ctdb +fi } [ -z $CTDB_ETCDIR ] { export CTDB_ETCDIR=/etc diff --git a/tests/complex/31_nfs_tickle.sh b/tests/complex/31_nfs_tickle.sh index 030e34f..dcbd4d7 100755 --- a/tests/complex/31_nfs_tickle.sh +++ b/tests/complex/31_nfs_tickle.sh @@ -83,7 +83,13 @@ sleep_for ${out#*= } if try_command_on_node any test -r /etc/ctdb/events.d/61.nfstickle ; then echo Trying to determine NFS_TICKLE_SHARED_DIRECTORY... -f=/etc/sysconfig/nfs +if [ -f /etc/sysconfig/nfs ]; then + f=/etc/sysconfig/nfs +elif [ -f /etc/default/nfs ]; then + f=/etc/default/nfs +elif [ -f /etc/ctdb/sysconfig/nfs ]; then + f=/etc/ctdb/sysconfig/nfs +fi try_command_on_node -v any [ -r $f ] sed -n -e s@^NFS_TICKLE_SHARED_DIRECTORY=@@p $f || true nfs_tickle_shared_directory=${out:-/gpfs/.ctdb/nfs-tickles} diff --git a/tests/eventscripts/common.sh b/tests/eventscripts/common.sh index 9003b39..a79c293 100644 --- a/tests/eventscripts/common.sh +++ b/tests/eventscripts/common.sh @@ -460,7 +460,13 @@ rpc_set_service_failure_response () # the flexibility to set the number of failures. _numfails=${2:-${iteration}} -_c=${CTDB_ETCDIR}/sysconfig/nfs +if [ -f /etc/sysconfig/nfs ]; then + _c=${CTDB_ETCDIR}/sysconfig/nfs +elif [ -f /etc/default/nfs ]; then + _c=${CTDB_ETCDIR}/default/nfs +elif [ -f /etc/ctdb/sysconfig/nfs ]; then + _c=${CTDB_ETCDIR}/ctdb/sysconfig/nfs +fi if [ -r $_c ] ; then . $_c fi diff --git a/tools/ctdb_diagnostics b/tools/ctdb_diagnostics index 117def8..e2efb53 100755 --- a/tools/ctdb_diagnostics +++ b/tools/ctdb_diagnostics @@ -71,7 +71,11 @@ PATH=$PATH:/sbin:/usr/sbin:/usr/lpp/mmfs/bin # list of config files that must exist and that we check are the same # on the nodes -CONFIG_FILES_MUST=/etc/krb5.conf /etc/hosts /etc/ctdb/nodes /etc/sysconfig/ctdb /etc/resolv.conf /etc/nsswitch.conf /etc/sysctl.conf /etc/samba/smb.conf /etc/fstab /etc/multipath.conf /etc/pam.d/system-auth /etc/sysconfig/nfs /etc/exports /etc/vsftpd/vsftpd.conf +if [ -d /etc/sysconfig ] ; then +CONFIG_FILES_MUST=/etc/krb5.conf /etc/hosts /etc/ctdb/nodes /etc/sysconfig/ctdb /etc/resolv.conf /etc/nsswitch.conf /etc/sysctl.conf /etc/samba/smb.conf /etc/fstab /etc/multipath.conf /etc/pam.d/system-auth /etc/sysconfig/nfs /etc/exports /etc/vsftpd/vsftpd.conf +else +
[SCM] CTDB repository - branch master updated - ctdb-1.12-4-gdf1ac1c
The branch, master has been updated via df1ac1cfd65f32743ca2588edfdad46ce5a4f03f (commit) from b6a9dacefd8f031677702f0fbf6b321beb4c4d54 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit df1ac1cfd65f32743ca2588edfdad46ce5a4f03f Author: Mathieu Parent math.par...@gmail.com Date: Sat Nov 5 16:39:55 2011 +0100 Nagios plugin for CTDB This plugin is GPL2 or greater as generally found in Nagios. (this is obviously compatible with GPL3 or greater). --- Summary of changes: utils/nagios/README | 56 ++ utils/nagios/check_ctdb | 259 +++ 2 files changed, 315 insertions(+), 0 deletions(-) create mode 100644 utils/nagios/README create mode 100644 utils/nagios/check_ctdb Changeset truncated at 500 lines: diff --git a/utils/nagios/README b/utils/nagios/README new file mode 100644 index 000..99fa6dc --- /dev/null +++ b/utils/nagios/README @@ -0,0 +1,56 @@ +check_ctdb 0.3 + +This nagios plugin is free software, and comes with ABSOLUTELY NO WARRANTY. +It may be used, redistributed and/or modified under the terms of the GNU +General Public Licence (see http://www.fsf.org/licensing/licenses/gpl.txt). + +CTDB plugin + +Usage: check_ctdb -i info +[ -t timeout ] [ -w warn_range ] [ -c crit_range ] +[ -H host ] [-s] [ -l login_name ] +[ -V ] [ -h ] + + -?, --usage + Print usage information + -h, --help + Print detailed help screen + -V, --version + Print version information + --extra-opts=[section][@file] + Read options from an ini file. See http://nagiosplugins.org/extra-opts for usage + -i, --info=info + Information: One of scriptstatus or ping. + -H, --hostname=login_name + Host name or IP Address. + -s, --sudo + Use sudo. + -l, --login=host + The user to log in as on the remote machine. + -w, --warning=THRESHOLD + Warning threshold. See + http://nagiosplug.sourceforge.net/developer-guidelines.html#THRESHOLDFORMAT + for the threshold format. + -c, --critical=THRESHOLD + Critical threshold. See + http://nagiosplug.sourceforge.net/developer-guidelines.html#THRESHOLDFORMAT + for the threshold format. + -t, --timeout=INTEGER + Seconds before plugin times out (default: 30) + -v, --verbose + Show details for command-line debugging (can repeat up to 3 times) +Supported commands: +* scriptstatus : +check the ctdb scriptstatus command and return CRITICAL if one of the +scripts fails. +Perfdata count the number of scripts by state (ok, disabled, error, +total). +* ping : +check the ctdb ping command. +Perfdata count the number of nodes, the total ping time and the number +of clients. +Thresholds are checked against the number of nodes. + + +Copyright (c) 2011 Nantes Metropole + diff --git a/utils/nagios/check_ctdb b/utils/nagios/check_ctdb new file mode 100644 index 000..9430333 --- /dev/null +++ b/utils/nagios/check_ctdb @@ -0,0 +1,259 @@ +#!/usr/bin/perl -w +# Nagios plugin to monitor CTDB (Clustered Trivial Database) +# +# License: GPL +# Copyright (c) 2011 Nantes Metropole +# Author: Mathieu Parent math.par...@gmail.com +# Contributor(s): - +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# + +use strict; +use warnings; +use vars qw($PROGNAME $VERSION $output $values $result); +use Nagios::Plugin; +use File::Basename; + +$PROGNAME = basename($0); +$VERSION = '0.3'; + +my $np = Nagios::Plugin-new( + usage = Usage: %s -i info\n +. [ -t timeout ] [ -w warn_range ] [ -c crit_range ]\n +. [ -H host ] [-s] [ -l login_name ]\n +. '[ -V ] [ -h ]', + version = $VERSION, + plugin = $PROGNAME, + shortname = uc($PROGNAME), + blurb = 'CTDB plugin', + extra = Supported commands:\n +. * scriptstatus :\n +. check the ctdb scriptstatus command and return CRITICAL if one of the\n +. scripts fails.\n +. Perfdata count the number of scripts by state (ok, disabled, error,\n +. total).\n +. * ping :\n +. check the ctdb ping command.\n +. Perfdata count the number of nodes, the total ping time and the number\n +. of clients.\n +. Thresholds are checked against the number of nodes.\n +.