Re: [Samba] Samba 4 WBC_ERR_DOMAIN_NOT_FOUND [broken again]

[steve]

On 21/12/11 07:18, David Roid wrote:

Hi Steve,

Do you have

idmap config * : backend = ...
idmap config * : range = ...

in your smb.conf (besides domain specific backend and range)?

Regards
-David

Hi
No. I just followed the samba howto in the wiki.
I have:

cat /usr/local/samba/etc/smb.conf
# Global parameters

server role = domain controller
workgroup = CACTUS
realm = hh3.site
netbios name = HH3
passdb backend = samba4

[netlogon]
path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts
read only = No

[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No

[home]
path = /home/CACTUS
read only = No

I'm wondering if this maybe a hardware issue. I'm testing on an 8 year 
old acer laptop with 512Mb and a 16Gb usb memory as hard disk. Now, for 
example it's working. But in 5 minutes maybe not.


Should I have the idmap stuff you mention?

e.g. a user I created has this:

CACTUS\steve2:*:306:100::/home/CACTUS/steve2:/bin/false

Thanks for the reply.
Steve.



2011/12/21 steve st...@steve-ss.com mailto:st...@steve-ss.com

Works for a while, then falls over:

 wbinfo -u
hh3$
administrator
dns-hh3
krbtgt
guest
lynn2

wbinfo -i lynn2
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user lynn2

Here is the log:

hh3:/home/steve # winbindd -i -S -d=4
winbindd version 4.0.0alpha18-GIT-bfc7481 started.
Copyright Andrew Tridgell and the Samba Team 1992-2011
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
(16384)
params.c:pm_process() - Processing configuration file
/usr/local/samba/etc/smb.conf
Processing section [global]
doing parameter server role = domain controller
doing parameter workgroup = SITE
doing parameter realm = hh3.site
doing parameter netbios name = HH3
doing parameter passdb backend = samba4
pm_process() returned Yes
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
(16384)
params.c:pm_process() - Processing configuration file
/usr/local/samba/etc/smb.conf
Processing section [global]
doing parameter server role = domain controller
doing parameter workgroup = SITE
doing parameter realm = hh3.site
doing parameter netbios name = HH3
doing parameter passdb backend = samba4
pm_process() returned Yes
added interface eth1 ip=192.168.1.3 bcast=192.168.1.255
netmask=255.255.255.0
added interface eth1 ip=192.168.1.3 bcast=192.168.1.255
netmask=255.255.255.0
TimeInit: Serverzone is -3600
initialize_winbindd_cache: clearing cache and re-creating with
version number 2
ldb_wrap open of idmap.ldb
Added domain BUILTIN  S-1-5-32
Added domain SITE  S-1-5-21-821565856-2698423283-2299657328
Home server: hh3
Home server: hh3
get_privileges: No privileges assigned to SID [S-1-22-1-0]
get_privileges: No privileges assigned to SID [S-1-22-2-0]
get_privileges: No privileges assigned to SID [S-1-5-2]
get_privileges: No privileges assigned to SID [S-1-5-11]
child daemon request 51
Finished processing child request 51
child daemon request 20
[ 3378]: list trusted domains
samr: trusted domains
Create pipe requested \lsarpc
Created internal pipe \lsarpc
_lsa_OpenPolicy2: ACCESS should be DENIED  (requested: 0x000f0fff)
but overritten by euid == sec_initial_uid()
_lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted:
0x000f0fff)
Opened policy hnd[1] [] 00 00 00 00 01 00 00 00   00 00 00 00
F1 4E 3D 0D    .N=.
[0010] 34 0D 00 00   4...
Found policy hnd[0] [] 00 00 00 00 01 00 00 00   00 00 00 00
F1 4E 3D 0D    .N=.
[0010] 34 0D 00 00   4...
Found policy hnd[0] [] 00 00 00 00 01 00 00 00   00 00 00 00
F1 4E 3D 0D    .N=.
[0010] 34 0D 00 00   4...
Found policy hnd[0] [] 00 00 00 00 01 00 00 00   00 00 00 00
F1 4E 3D 0D    .N=.
[0010] 34 0D 00 00   4...
Closed policy
Finished processing child request 20
[ 3381]: request interface version
[ 3381]: request location of privileged pipe
getpwnam lynn2
child daemon request 59
sam_name_to_sid
Create pipe requested \lsarpc
Created internal pipe \lsarpc
_lsa_OpenPolicy2: ACCESS should be DENIED  (requested: 0x000f0fff)
but overritten by euid == sec_initial_uid()
_lsa_OpenPolicy2: access GRANTED (requested: 0x000f0fff, granted:
0x000f0fff)
Opened policy hnd[1] [] 00 00 00 

[Samba] auth_ntlm_winbind_module causes 401 without any errors.

[Magicloud Magiclouds]

Hi,
  I am using samba 3.6.1 on centos 5.6, and joined a domain controlled
by windows 2008.
  `ntlm_auth --username=magicloud` returns NT__SUCCESS. So I
assumed that everything is OK.
  Then I configured auth_ntlm_winbind_module for apache 2.2, which
worked before with auth_kerb.
LoadModule auth_ntlm_winbind_module
/usr/lib64/httpd/modules/mod_auth_ntlm_winbind.so

LocationMatch ^/.*$
AuthName DOMAIN
AuthType NTLM
AuthType Negotiate
NTLMAuth on
NTLMAuthHelper /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp -d10
#   NTLMBasicAuthoritative on
NegotiateAuth on
NegotiateAuthHelper /usr/bin/ntlm_auth
--helper-protocol=gss-spnego -d10
Require valid-user
/LocationMatch

  Using IE to access the site, it said cannot connect. But in logs:
  error_log said nothing about this connection.
  access_log said a few 401 error.
  Without any further and useful information.

  What should I do?
-- 
竹密岂妨流水过
山高哪阻野云飞
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Panic or segfault in Samba 3.6.1 - Debian testing

[Jeremy Allison]

On Wed, Dec 21, 2011 at 10:04:18AM -0600, Dale Schroeder wrote:
 Since upgrading to 3.6.1 in Debian testing, I receive a
 panic/segfault message with each print job.  Printing succeeds and
 continues to work, but an email with the info below is sent each
 time.
 The system is standalone.  Kernel is 3.1.0-1-686-pae, and the system
 is fully updated.  testparm returns no errors.
 
 Does this mean anything to anyone?

This is bug #8384 - fixed in v3-6-test with the following
patch (attached). This will be in 3.6.2.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Panic or segfault in Samba 3.6.1 - Debian testing

[Jeremy Allison]

On Wed, Dec 21, 2011 at 10:16:32AM -0800, Jeremy Allison wrote:
 On Wed, Dec 21, 2011 at 10:04:18AM -0600, Dale Schroeder wrote:
  Since upgrading to 3.6.1 in Debian testing, I receive a
  panic/segfault message with each print job.  Printing succeeds and
  continues to work, but an email with the info below is sent each
  time.
  The system is standalone.  Kernel is 3.1.0-1-686-pae, and the system
  is fully updated.  testparm returns no errors.
  
  Does this mean anything to anyone?
 
 This is bug #8384 - fixed in v3-6-test with the following
 patch (attached). This will be in 3.6.2.

Arg - patch got stripped. Can be found by :

git diff 
b01b1faafe32fbb88739ae8aaaf9f2fe5e1dcdcf..cb6795bea659e884e23173960e68a2f970fc5dd3

in branch v3-6-test.

(inline - although it may get mangled).

diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c 
b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index c886f34..bfec3cc 100644
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -295,6 +295,7 @@ static void srv_spoolss_replycloseprinter(int snum,
 
if (prn_hnd-notify.cli_chan) {
prn_hnd-notify.cli_chan-active_connections--;
+   prn_hnd-notify.cli_chan = NULL;
}
 }


Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Winbind authentication and wbinfo -i user no longer work after uprading to 3.6.1

[Dale Schroeder]

Originally filed by Robert LeBlanc as Debian Bug # 652679 - 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652679


Quote

Package: winbind
Version: 2:3.6.1-3
Severity: important

Dear Maintainer,

After upgrading to 3.6.1 I am no longer able to login to Debian using my Active 
Directory account.
'winbind -u', 'winbind -g', 'winbind -t' and many others work fine, but 
'winbind -i user' returns
'failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for 
user user'. Changing
the verbosity of the logs, I find 'winbindd/winbindd_dual.c:1306 
(fork_domain_child) fork_domain_child
called without domain.'. The previous wbint_Sid2Uid struct printout shows that 
dom_name is NULL,
but has the correct domain SID. I believe the problem may exist around there. I 
did upgrade the
'idmap backend = hash' to the new format 'idmap config * : backend = hash' as 
specifed in the man
page without any luck. Name to SID and SID to name works along with 
user-domgroups, but user-groups
does not work. 'wbinifo --group-info=group' fails with a similar error as 
'wbinfo -i user'. I'm
going to try to get back to 3.5.11.

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages winbind depends on:
ii  adduser   3.113
ii  libc6 2.13-21
ii  libcap2   1:2.22-1
ii  libcomerr21.42-1
ii  libgssapi-krb5-2  1.10+dfsg~alpha1-6
ii  libk5crypto3  1.10+dfsg~alpha1-6
ii  libkrb5-3 1.10+dfsg~alpha1-6
ii  libldap-2.4-2 2.4.25-4+b1
ii  libpam0g  1.1.3-6
ii  libpopt0  1.16-1
ii  libtalloc22.0.7-3
ii  libtdb1   1.2.9-4+b1
ii  libwbclient0  2:3.6.1-3
ii  lsb-base  3.2-28
ii  samba-common  2:3.6.1-3
ii  zlib1g1:1.2.3.4.dfsg-3

Versions of packages winbind recommends:
ii  libpam-winbind  2:3.6.1-3

winbind suggests no packages.

-- no debconf information

/Quote

I also have this error, and reported as follows:

Robert,

Same problem here, and I have not seen anyone mention this on the Samba
list.  Systems are fully updated and testparm does not return any
errors.  idmap backend is rid notated in the new format.  All deprecated
parameters have been removed.

On my systems, I have found that full functionality returns after a
reboot; however, if samba/winbind processes are restarted for any
reason, AD authentication again no longer works.  As with you, wbinfo
-u/-g continues to work, as does getent passwd.  getent group only
returns linux groups.  Another reboot will return winbind once again to
full functionality.

Even at log level 10, error messages have been hard to find among the
many winbind logs.  At the time of failure, the one I consistently find
is in syslog:
winbindd[4186]:  ads_ranged_search failed with: Time limit exceeded.

--

This morning, I recreated the error by restarting Samba/winbind at 07:47.
The only suspicious level 10 log entries found from that timeframe are:

syslog
Dec 21 07:47:25 debinsp3200 winbindd[3489]: [2011/12/21 07:47:25.660769,  0] 
winbindd/winbindd_ads.c:1068(lookup_groupmem)
Dec 21 07:47:25 debinsp3200 winbindd[3489]:   ads_ranged_search failed with: 
Time limit exceeded

smbd
[2011/12/21 07:47:10.102879,  1] lib/serverid.c:197(serverid_deregister)
  Deleting serverid.tdb record failed: NT_STATUS_NOT_FOUND
[2011/12/21 07:47:10.103603,  1] smbd/server.c:303(remove_child_pid)
  Could not remove pid 3491 from serverid.tdb
[2011/12/21 07:47:10.104114,  1] smbd/server.c:317(remove_child_pid)
  Could not find child 3491 -- ignoring

[2011/12/21 07:48:10.174369,  1] lib/serverid.c:197(serverid_deregister)
  Deleting serverid.tdb record failed: NT_STATUS_NOT_FOUND
[2011/12/21 07:48:10.175075,  1] smbd/server.c:303(remove_child_pid)
  Could not remove pid 3499 from serverid.tdb
[2011/12/21 07:48:10.490994,  1] smbd/server.c:317(remove_child_pid)
  Could not find child 3499 -- ignoring

net ads testjoin indicates that the join is good.

[global]
workgroup = DOMAIN
realm = DOMAIN.COM
server string = %h server
security = ADS
map untrusted to domain = Yes
allow trusted domains = No
map to guest = Bad User
obey pam restrictions = Yes
password server = *
passdb backend = tdbsam
username map = /etc/samba/users.map
lanman auth = No
log level = 10
log file =/var/log/samba/%m
name resolve order = wins hosts bcast
deadtime = 15
printcap name = cups
preferred master = No
wins server = 192.168.1.xyz
panic action = /usr/share/samba/panic-action %d
ldap ssl = No
#
idmap config * : backend= tdb
idmap 

Re: [Samba] SAMBA4: Changing DC's IP address (Bind 9.8.x) for testing

[Adam Tauno Williams]

On Wed, 2011-12-07 at 21:37 +0100, Gémes Géza wrote:
 2011-12-07 15:41 keltezéssel, Adam Tauno Williams írta:
  I upgraded by S3 domain to S4 using the upgrade script.  To do that i
  had to have the S4 test box connected to the production network.  Now I
  want to take it to the test network.  But the Bind 9.8.x instance using
  the DLZ still has the old address... dynamic dns update doesn't work
  because the tool can't find the KDC because DNS returns the wrong IP
  address.
  Can I modify the DNS zone using an ldb tool [ldbmodify]? To change the
  IP of the DC (the only address in DNS at this point, everything seems to
  CNAME back to the address).
  Under the older Bind config I just changed the one or two lines in the
  text zone file when I moved the VM from production to testing.
 samba-tool dns is your friend here.


Okay, I can change the IP of the host entry for the DC.

samba-tool dns update 127.0.0.1 micore.us barbel A 172.16.0.128
192.168.5.2

Works great.

But how can I change the name of the root . entry of the domain.  That
also holds an A record I don't seem to be able to change.

samba-tool dns query 127.0.0.1 micore.us @ ALL
Password for [administra...@micore.us]: **8
  Name=, Records=3, Children=0
SOA: serial=5, refresh=900, retry=600, expire=86400,
ns=barbel.micore.us., email=hostmaster.micore.us. (flags=60f0,
serial=5, ttl=3600)
NS: barbel.micore.us. (flags=60f0, serial=1, ttl=900)
A: 192.168.231.132 (flags=60f0, serial=1, ttl=900)
  Name=_msdcs, Records=0, Children=0
  Name=_sites, Records=0, Children=1
  Name=_tcp, Records=0, Children=4
  Name=_udp, Records=0, Children=2
  Name=barbel, Records=1, Children=0
A: 192.168.5.2 (flags=f0, serial=3, ttl=900)
  Name=DomainDnsZones, Records=0, Children=2
  Name=ForestDnsZones, Records=0, Children=2

But what is the value for name in samba-tool dns update 127.0.0.1
micore.us name A 192.168.231.132 192.168.5.2 in order to modify that
entry.  I've tried , ., @  none of which map to a record in
the LDB, thus yielding -

ERROR(runtime): uncaught exception - (9701,
'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST')

-- 
System  Network Administrator [ LPI  NCLA ]
http://www.whitemiceconsulting.com
OpenGroupware Developer http://www.opengroupware.us
Adam Tauno Williams

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Migrate Users from existing Samba4 Domain?

[Charles Tryon]

I've been using one Samba4 server based on a Fedora14 distro, but because
of my continuing issues with Bind 9.7 and dynamic DNS updates, I'm trying
to move to a Fedora 16 base, which includes Bind 9.8 by default (not to
mention a bucketload of other updates).

My question: What is the best way to pull the current domain data from the
first server to the second one?  In particular, I'm looking at users,
groups and computer accounts.



-- 
Charles Tryon
_
  It's the job that's never started that takes longest to finish.
 -- Samwise Gamgee
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 DNS Update failing and crashing Bind

[Kai Blin]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 2011-12-11 16:39, Alex MacCuish wrote:

 Dec 11 15:21:23 CNSRV01 named[3457]: samba_dlz: starting 
 transaction on zone carlyle.internal Dec 11 15:21:23 CNSRV01 
 named[3457]: client 192.168.1.114#61086: update 
 'carlyle.internal/IN' denied Dec 11 15:21:23 CNSRV01 named[3457]: 
 samba_dlz: cancelling transaction on zone carlyle.internal

It seems like some policy disallows the update, and you're seeing a
crash during the cleanup.

Are you using the DNS server for anything besides AD? If not, you
might want to give the samba internal DNS server a go. That's still
pretty new and experimental, but likely easier for me to debug than
the DLZ module. :)

Cheers,
Kai

- -- 
Kai Blin
Worldforge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk7ybo0ACgkQEKXX/bF2FpQE2ACbBVP53DfrkW2eUw2h5NUv6LRr
yMcAmwcXXAOB0yOVOEHXxkYFZNBWdHgC
=VFMB
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Winbind authentication and wbinfo -i user no longer work after uprading to 3.6.1

[David Roid]

Been there, you can try to add either idmap config DOMAIN : default =
yes, or use old-fashion idmap backend = ... + idmap uid = ... + idmap
gid = ... to replace idmap config * : ..., I don't know which one
actually fixed it.

2011/12/22 Dale Schroeder d...@briannassaladdressing.com

 Originally filed by Robert LeBlanc as Debian Bug # 652679 - 
 http://bugs.debian.org/cgi-**bin/bugreport.cgi?bug=652679http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652679
 

 Quote

 Package: winbind
 Version: 2:3.6.1-3
 Severity: important

 Dear Maintainer,

 After upgrading to 3.6.1 I am no longer able to login to Debian using my
 Active Directory account.
 'winbind -u', 'winbind -g', 'winbind -t' and many others work fine, but
 'winbind -i user' returns
 'failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info
 for user user'. Changing
 the verbosity of the logs, I find 'winbindd/winbindd_dual.c:1306
 (fork_domain_child) fork_domain_child
 called without domain.'. The previous wbint_Sid2Uid struct printout shows
 that dom_name is NULL,
 but has the correct domain SID. I believe the problem may exist around
 there. I did upgrade the
 'idmap backend = hash' to the new format 'idmap config * : backend = hash'
 as specifed in the man
 page without any luck. Name to SID and SID to name works along with
 user-domgroups, but user-groups
 does not work. 'wbinifo --group-info=group' fails with a similar error as
 'wbinfo -i user'. I'm
 going to try to get back to 3.5.11.

 -- System Information:
 Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
 Architecture: amd64 (x86_64)

 Kernel: Linux 3.1.0-1-amd64 (SMP w/8 CPU cores)
 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
 Shell: /bin/sh linked to /bin/dash

 Versions of packages winbind depends on:
 ii  adduser   3.113
 ii  libc6 2.13-21
 ii  libcap2   1:2.22-1
 ii  libcomerr21.42-1
 ii  libgssapi-krb5-2  1.10+dfsg~alpha1-6
 ii  libk5crypto3  1.10+dfsg~alpha1-6
 ii  libkrb5-3 1.10+dfsg~alpha1-6
 ii  libldap-2.4-2 2.4.25-4+b1
 ii  libpam0g  1.1.3-6
 ii  libpopt0  1.16-1
 ii  libtalloc22.0.7-3
 ii  libtdb1   1.2.9-4+b1
 ii  libwbclient0  2:3.6.1-3
 ii  lsb-base  3.2-28
 ii  samba-common  2:3.6.1-3
 ii  zlib1g1:1.2.3.4.dfsg-3

 Versions of packages winbind recommends:
 ii  libpam-winbind  2:3.6.1-3

 winbind suggests no packages.

 -- no debconf information

 /Quote

 I also have this error, and reported as follows:

 Robert,

 Same problem here, and I have not seen anyone mention this on the Samba
 list.  Systems are fully updated and testparm does not return any
 errors.  idmap backend is rid notated in the new format.  All deprecated
 parameters have been removed.

 On my systems, I have found that full functionality returns after a
 reboot; however, if samba/winbind processes are restarted for any
 reason, AD authentication again no longer works.  As with you, wbinfo
 -u/-g continues to work, as does getent passwd.  getent group only
 returns linux groups.  Another reboot will return winbind once again to
 full functionality.

 Even at log level 10, error messages have been hard to find among the
 many winbind logs.  At the time of failure, the one I consistently find
 is in syslog:
winbindd[4186]:  ads_ranged_search failed with: Time limit exceeded.

 --**--**--

 This morning, I recreated the error by restarting Samba/winbind at 07:47.
 The only suspicious level 10 log entries found from that timeframe are:

 syslog
 Dec 21 07:47:25 debinsp3200 winbindd[3489]: [2011/12/21 07:47:25.660769,
  0] winbindd/winbindd_ads.c:1068(**lookup_groupmem)
 Dec 21 07:47:25 debinsp3200 winbindd[3489]:   ads_ranged_search failed
 with: Time limit exceeded

 smbd
 [2011/12/21 07:47:10.102879,  1] lib/serverid.c:197(serverid_**deregister)
  Deleting serverid.tdb record failed: NT_STATUS_NOT_FOUND
 [2011/12/21 07:47:10.103603,  1] smbd/server.c:303(remove_**child_pid)
  Could not remove pid 3491 from serverid.tdb
 [2011/12/21 07:47:10.104114,  1] smbd/server.c:317(remove_**child_pid)
  Could not find child 3491 -- ignoring

 [2011/12/21 07:48:10.174369,  1] lib/serverid.c:197(serverid_**deregister)
  Deleting serverid.tdb record failed: NT_STATUS_NOT_FOUND
 [2011/12/21 07:48:10.175075,  1] smbd/server.c:303(remove_**child_pid)
  Could not remove pid 3499 from serverid.tdb
 [2011/12/21 07:48:10.490994,  1] smbd/server.c:317(remove_**child_pid)
  Could not find child 3499 -- ignoring

 net ads testjoin indicates that the join is good.

 [global]
workgroup = DOMAIN
realm = DOMAIN.COM
server string = %h server
security = ADS
map untrusted to domain = Yes
allow trusted domains = No
map to guest = Bad User
obey pam restrictions = Yes
password server = *
passdb backend = tdbsam

Re: [Samba] Migrate Users from existing Samba4 Domain?

[Gémes Géza]

2011-12-21 23:59 keltezéssel, Charles Tryon írta:
 I've been using one Samba4 server based on a Fedora14 distro, but because
 of my continuing issues with Bind 9.7 and dynamic DNS updates, I'm trying
 to move to a Fedora 16 base, which includes Bind 9.8 by default (not to
 mention a bucketload of other updates).

 My question: What is the best way to pull the current domain data from the
 first server to the second one?  In particular, I'm looking at users,
 groups and computer accounts.



Hi,

Considering the default (source distribution) paths you would need to
copy /usr/local/samba/etc, /usr/local/samba/private and
/usr/local/samba/var dirs to your new server.

Regards

Geza
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[SCM] Samba Shared Repository - branch master updated

[Volker Lendecke]

The branch, master has been updated
   via  53d54f9 idl: Avoid c++ style comments
  from  5767224 tdb: don't free old recovery area when expanding if already 
at EOF.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 53d54f99b0ddf7fff6ba9bbe5dfcd1adeada90f9
Author: Volker Lendecke v...@samba.org
Date:   Wed Dec 21 11:29:38 2011 +0100

idl: Avoid c++ style comments

Autobuild-User: Volker Lendecke vlen...@samba.org
Autobuild-Date: Wed Dec 21 13:36:01 CET 2011 on sn-devel-104

---

Summary of changes:
 librpc/idl/dnsserver.idl |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/librpc/idl/dnsserver.idl b/librpc/idl/dnsserver.idl
index 306414e..0502270 100644
--- a/librpc/idl/dnsserver.idl
+++ b/librpc/idl/dnsserver.idl
@@ -1101,7 +1101,7 @@ import misc.idl, dnsp.idl;
DNS_RPC_ZONE_CREATE_INFO_LONGHORN;
 #define DNS_RPC_ZONE_CREATE_INFO DNS_RPC_ZONE_CREATE_INFO_LONGHORN
 
-   //   Zone export
+   /* Zone export */
typedef struct {
DWORD   dwRpcStructureVersion;
DWORD   dwReserved0;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Günther Deschner]

The branch, master has been updated
   via  bfbb389 s3-dns: prevent from potentially doing wrong SRV DNS 
lookups.
  from  53d54f9 idl: Avoid c++ style comments

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit bfbb3893325b0a0a47d49c3a1ad83f047f42e361
Author: Günther Deschner g...@samba.org
Date:   Wed Dec 21 15:47:35 2011 +0100

s3-dns: prevent from potentially doing wrong SRV DNS lookups.

With an empty sitename we asked for e.g.
_ldap._tcp.._sites.dc._msdcs.AD.EXAMPLE.COM

Guenther

Autobuild-User: Günther Deschner g...@samba.org
Autobuild-Date: Wed Dec 21 17:23:25 CET 2011 on sn-devel-104

---

Summary of changes:
 source3/libads/dns.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libads/dns.c b/source3/libads/dns.c
index 5eae10e..39454fc 100644
--- a/source3/libads/dns.c
+++ b/source3/libads/dns.c
@@ -756,7 +756,7 @@ static NTSTATUS ads_dns_query_internal(TALLOC_CTX *ctx,
   int *numdcs )
 {
char *name;
-   if (sitename) {
+   if (sitename  strlen(sitename)) {
name = talloc_asprintf(ctx, %s._tcp.%s._sites.%s._msdcs.%s,
   servicename, sitename,
   dc_pdc_gc_domains, realm);


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Volker Lendecke]

The branch, master has been updated
   via  a42de3b s3: There's no reason not to at least build winbind on 
darwin
  from  bfbb389 s3-dns: prevent from potentially doing wrong SRV DNS 
lookups.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit a42de3b5f0b11aaa4fa54604200f3c455ee8ffc4
Author: Volker Lendecke v...@samba.org
Date:   Wed Dec 21 22:38:00 2011 +0100

s3: There's no reason not to at least build winbind on darwin

It does not necessarily do nsswitch services, but as a NETLOGON proxy
it should work fine

Autobuild-User: Volker Lendecke vlen...@samba.org
Autobuild-Date: Thu Dec 22 00:16:44 CET 2011 on sn-devel-104

---

Summary of changes:
 source3/configure.in |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/configure.in b/source3/configure.in
index 46c98aa..cbea99d 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -6370,6 +6370,8 @@ case $host_os in
WINBIND_NSS=../nsswitch/WINBIND
WINBIND_WINS_NSS=
;;
+   *darwin*)
+   ;;
*)
HAVE_WINBIND=no
winbind_no_reason=, unsupported on $host_os


-- 
Samba Shared Repository

[SCM] build.samba.org - branch master updated

[Andrew Bartlett]

The branch, master has been updated
   via  3af7f62 remove old s3-waf build from host tridge
   via  f718dfe python-2.6 devel libraries installed on tridge (ppc64 box)
  from  2fb8a4d Support uxsuccess.

http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master


- Log -
commit 3af7f627f3b9bfc1940d5273f181180791e41f9b
Author: Andrew Bartlett abart...@samba.org
Date:   Thu Dec 22 14:43:09 2011 +1100

remove old s3-waf build from host tridge

commit f718dfe7518e81e9f4379d453dd969266ec3
Author: Amitay Isaacs ami...@gmail.com
Date:   Wed Dec 21 15:37:27 2011 +1100

python-2.6 devel libraries installed on tridge (ppc64 box)

No need for local copy of python.

---

Summary of changes:
 tridge.fns |2 --
 1 files changed, 0 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/tridge.fns b/tridge.fns
index 03f5d9d..f598200 100644
--- a/tridge.fns
+++ b/tridge.fns
@@ -2,7 +2,6 @@ per_run_hook
 
 global_lock
 
-. install_python.fns
 compilers=gcc
 
 for compiler in $compilers; do
@@ -13,7 +12,6 @@ for compiler in $compilers; do
test_tree samba_3_current source3 $compiler
test_tree samba_3_next source3 $compiler
test_tree samba_3_master source3 $compiler
-   test_tree samba_3_waf source3 $compiler
 done
 
 global_unlock


-- 
build.samba.org

[SCM] Samba Shared Repository - branch master updated

[Amitay Isaacs]

The branch, master has been updated
   via  cd772e9 param: Fix the data type for bAvailable
  from  a42de3b s3: There's no reason not to at least build winbind on 
darwin

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit cd772e9bd8b1607a171338845e0de305497c1c07
Author: Amitay Isaacs ami...@gmail.com
Date:   Wed Dec 21 14:08:02 2011 +1100

param: Fix the data type for bAvailable

This causes the copy_service() to not copy bAvailable boolean on
big endian machines causing tests to fail.

Autobuild-User: Amitay Isaacs ami...@samba.org
Autobuild-Date: Thu Dec 22 05:30:49 CET 2011 on sn-devel-104

---

Summary of changes:
 lib/param/loadparm.h |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/param/loadparm.h b/lib/param/loadparm.h
index a50384d..f0e747b 100644
--- a/lib/param/loadparm.h
+++ b/lib/param/loadparm.h
@@ -126,7 +126,7 @@ struct parm_struct {
char *szService;\
char *szInclude;\
bool bWidelinks;\
-   int bAvailable; \
+   bool bAvailable;
\
struct parmlist_entry *param_opt;   \
struct bitmap *copymap; \
char dummy[3];  /* for alignment */


-- 
Samba Shared Repository