Re: [Samba] Samba network shares over VPN

2012-02-23 Thread Daniel Müller 
This is a windows7 bug and not a openvpn.
I solve this by just connecting with openvpn and then running a script to
map the drives with interact username and password.
If you use openvpn in brige mode you do not need the scripts.



---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---
-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von Fernando Lozano
Gesendet: Mittwoch, 22. Februar 2012 14:47
An: samba@lists.samba.org
Betreff: [Samba] Samba network shares over VPN

Hi there,

I have two computers, one Windows XP other Windows 7 (actually a dozen
each) which are members of a Samba domain. Users have no problem login in to
the domain, running the login script to map network drives and accesssing
files on them, for both computers.

I want to give users remote access using a VPN (OpenVPN to be exact).
The idea is to login on a disconnected computer using a domain account
cached profie, then connnect to the VPN, then map network drives.
OpenVPN allows running a batch file on connection sucessfull and I use this
to run the user login script from the PDC netlogon share.

The Windows XP computer does this fine. Happy remote users.

But the Windows 7 doesn't. It asks for user login and password for each
server (network drives are on different samba member servers)

Someone told me the problem should to be related to the fact the TAP adapter
(the VPN virtual network adapter) is considered by windows as an unknown
network and classified as a public network. But I could not find a way to
turn this into a home / work or domain network location.

I already tried customising and disabling windows firewall, no changes.

Any ideas on how to transparently access network shares from domain member
servers over a vpn using windows 7?


[]s, Fernnado Lozano
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 3.5 to 3.6

2012-02-23 Thread marco . schaerfke 

Dear reader,
I tried to switch my server from samba 3.5 to 3.6. Unfortunately I was 
not successful.


The smb.conf below  works without any problems under 3.5


With 3.6.3 I get the following error:

[2012/02/23 09:32:21.669389,  1] auth/server_info.c:391(samu_to_SamInfo3)
  The primary group domain 
sid(S-1-5-21-463168302-511420122-2937072671-513) does not match the 
domain sid(S-1-5-21-706331994-863180292-319919955) for 
mos(S-1-5-21-706331994-863180292-319919955-5019)

[2012/02/23 09:32:21.669528,  0] auth/check_samsec.c:491(check_sam_security)
  check_sam_security: make_server_info_sam() failed with 
'NT_STATUS_UNSUCCESSFUL'




Any ideas ?

Cheers

Marco





[global]
workgroup = PSF
netbios name = rhea
server string = Test

local master = no
domain master = no
preferred master = no
os level = 100

load printers = no
security = user
passdb backend = ldapsam:ldap://XXX ldap://YYY;
guest account = Gast
map acl inherit = yes
ldap suffix = dc=XXX
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=People
ldap admin dn = XXX
ldap ssl = start tls
ldap passwd sync = yes
ldap delete dn = no
socket options = TCP_NODELAY

interfaces = br0
bind interfaces only = Yes

wins support = no
wins server = 10.199.0.248
dns proxy = yes

keep alive = 60
deadtime = 15
log level = 1
read raw = yes
write raw = yes
oplocks = yes
kernel oplocks = yes
max xmit = 65535
getwd cache = yes

create mode = 0666
directory mask = 0777
short preserve case = no
preserve case = yes

name resolve order = host bcast
name cache timeout = 600
enable privileges = yes

Follow symlinks = yes
write cache size = 262144
strict allocate = yes
use sendfile = yes
encrypt passwords = true

unix charset = UTF-8
display charset = ISO8859-1
dos charset = 850

vfs objects = fileid
fileid:algorithm = fsid

[MyShare]
comment = Test
path = /data/local/samba
public = yes
guest ok = yes
writeable = yes
create mask = 0777
directory mask = 0777
force group = +Mitarbeiter
oplocks = yes
level2 oplocks = yes
inherit acls = yes






--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3.5.6 as PDC LDAP - roaming profile problem

2012-02-23 Thread steve 
I googled few days I tryed all what I can find but with no luck. It will 
be great if somebody could help me with this because I have no idea what 
is a root cause of my issue.

Hi
The cause is usually because of wrong permissions on the profiles 
folder. Try the big hammer first:

Backup /profiles
chmod -R 0777 /profiles
comment out:
create mask = 0600
directory mask = 0700
create a new user
login as the new user. That user should have his profile OK.

Then put the security back one stage at a time until it doesn't work again.
HTH
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba 3.5.6 as PDC LDAP - roaming profile problem

2012-02-23 Thread Adam Sienkiewicz 
Hi;

It didn't help. Now for /profiles I have permissions:

drwxrwxrwt 13 root root  4096 Feb 17 20:05 profiles

and if user login to domain firth time its profile dir is created but
nothing else ...

Now /profiles looks lie:

/profiles
├── [drwx-- czarus   Domain U]  czarus
├── [drwx-- domainad domainad]  domainadm
├── [drwxrwxrwx jas  Domain A]  jas
├── [drwx-- root root]  root
├── [drwx-- sambaroo Domain U]  sambaroot2
├── [drwx-- sambaroo Domain U]  sambaroot2.V2
├── [drwx-- sambaroo Domain U]  sambaroot3
├── [drwx-- sambaroo Domain U]  sambaroot3.V2
├── [drwx-- test2Domain U]  test2
│   └── [drwx-- test2Domain U]  dfd
├── [drwx-- test5domainad]  test5



2012/2/23 steve st...@steve-ss.com

 I googled few days I tryed all what I can find but with no luck. It will
 be great if somebody could help me with this because I have no idea what is
 a root cause of my issue.
 Hi
 The cause is usually because of wrong permissions on the profiles folder.
 Try the big hammer first:
 Backup /profiles
 chmod -R 0777 /profiles
 comment out:

 create mask = 0600
 directory mask = 0700
 create a new user
 login as the new user. That user should have his profile OK.

 Then put the security back one stage at a time until it doesn't work again.
 HTH
 Steve
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  
 https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 3.5 to 3.6

2012-02-23 Thread Christian Ambach 

On 02/23/2012 11:38 AM, marco.schaer...@proteomics.com wrote:

[2012/02/23 09:32:21.669389, 1] auth/server_info.c:391(samu_to_SamInfo3)
The primary group domain
sid(S-1-5-21-463168302-511420122-2937072671-513) does not match the
domain sid(S-1-5-21-706331994-863180292-319919955) for
mos(S-1-5-21-706331994-863180292-319919955-5019)
[2012/02/23 09:32:21.669528, 0] auth/check_samsec.c:491(check_sam_security)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_UNSUCCESSFUL'


The entries for the domain and the users/groups are inconsistent.
Newer Samba versions added some more consistency checks.

So the primary group has domain SID
S-1-5-21-463168302-511420122-2937072671
while user mos has domain SID of
S-1-5-21-706331994-863180292-319919955

The domain SIDs need to be in sync to pass the semantical checks in Samba.

Cheers,
Christian
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Error accessing others domains in forest

2012-02-23 Thread NdK 
Hello all.

After last update (from winbind-3.5.3 and krb5-1.8.1 to winbind-3.5.10
and krb5-1.9.1) users from a trusted domain can't authenticate any more.

Machines are joined to domain PERSONALE, and users from domain STUDENTI
aren't recognized. Domains are handled by W2k8 or W2k8r2 (I have no
control on these).

Last lines from /var/log/samba/log.wb-STUDENTI report:
[2012/02/23 10:42:20.205656,  3] libads/sasl.c:793(ads_sasl_spnego_bind)
  ads_sasl_spnego_bind: got server principal name =
edge$@STUDENTI.DIR.UNIBO.IT
[2012/02/23 10:42:20.239823,  1] libsmb/clikrb5.c:789(ads_krb5_mk_req)
  ads_krb5_mk_req: smb_krb5_get_credentials failed for
ldap/edge.studenti.dir.unibo...@studenti.dir.unibo.it (Realm not local
to KDC)
[2012/02/23 10:42:20.311687,  1] libsmb/clikrb5.c:789(ads_krb5_mk_req)
  ads_krb5_mk_req: smb_krb5_get_credentials failed for
ldap/edge.studenti.dir.unibo...@studenti.dir.unibo.it (Realm not local
to KDC)
[2012/02/23 10:42:20.311765,  0] libads/sasl.c:823(ads_sasl_spnego_bind)
  kinit succeeded but ads_sasl_spnego_krb5_bind failed: Realm not local
to KDC
[2012/02/23 10:42:20.312246,  1]
winbindd/winbindd_ads.c:126(ads_cached_connection)
  ads_connect for domain STUDENTI failed: Realm not local to KDC
[2012/02/23 11:04:15.428341,  3]
winbindd/winbindd_dual.c:53(child_read_request)
  child_read_request: read_data failed: NT_STATUS_END_OF_FILE

'edge' is one of the DCs of the STUDENTI domain, but it seems the PC
can't acquire a ticket for that domain.

Machine is correctly joined, and actually my employee account works. But
not the student one :(

[root@str00160-bibl4 ~]# wbinfo -i studenti\\diego.zuccato2
Could not get info for user studenti\diego.zuccato2
[root@str00160-bibl4 ~]# wbinfo -i diego.zuccato
diego.zuccato:*:108036:100013:Mat032398:/home/PERSONALE/diego.zuccato:/bin/bash

I already tried deleting all .tdb files (in /etc/samba and
/var/cache/samba ) and rejoining (some hickups here, but net ads
testjoin reports join is OK).

My /etc/samba/smb.conf is the same that worked for a couple of years:
[global]
workgroup = PERSONALE
realm  = PERSONALE.DIR.UNIBO.IT
server string = %v
security = ADS
encrypt passwords = Yes
#password server = atu.personale.dir.unibo.it
log file = /var/log/samba/log.%m
log level = 3
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = No
dns proxy = No

#winbind separator = -
winbind enum users = No
winbind enum groups = No
winbind offline logon = Yes
winbind nested groups = Yes
winbind normalize names = Yes
winbind refresh tickets = Yes
winbind use default domain = yes
winbind uid = 10-1
winbind gid = 10-1

idmap config PERSONALE:backend = rid
idmap config PERSONALE:base_rid  = 500
idmap config PERSONALE:range = 10 - 4999
idmap config STUDENTI:backend = rid
idmap config STUDENTI:base_rid  = 500
idmap config STUDENTI:range = 5000 - 

template homedir = /home/local/%D/%U
template shell = /bin/bash

And the same for my /etc/krb5.conf (but I think this one gets ignored):
[logging]
 default = FILE:/var/log/kerberos/krb5libs.log
 kdc = FILE:/var/log/kerberos/krb5kdc.log
 admin_server = FILE:/var/log/kerberos/kadmind.log

[libdefaults]
 ticket_lifetime = 24000
 default_realm = PERSONALE.DIR.UNIBO.IT
 dns_lookup_realm = true
 dns_lookup_kdc = true

[realms]
 PERSONALE.DIR.UNIBO.IT = {
  kdc = aki.PERSONALE.DIR.UNIBO.IT:88
  admin_server = aki.PERSONALE.DIR.UNIBO.IT:749
  default_domain = PERSONALE.DIR.UNIBO.IT
 }

[domain_realm]
 .PERSONALE.DIR.UNIBO.IT = PERSONALE.DIR.UNIBO.IT

[kdc]
 profile = /etc/kerberos/krb5kdc/kdc.conf

[login]
 krb4_convert = false
 krb4_get_tickets = false

[appdefaults]
pam = {
debug = true
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = true
mappings = ([a-z\.]*)@studio.unibo.it STUDENTI-$1
}

Too bad I already upgraded more than 60 machines to the new packages...
What can I do to fix it? Next week students start coming to the lab...

TIA!

BYtE,
 Diego.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] system freeze with message CIFS VFS: Unexpected lookup error -88

2012-02-23 Thread Denis Cardon 

Hi everyone,

I have had a few system freezes in the recent months (debian squeeze 
with vmlinuz-2.6.32-5-686-bigmem), with the following message in dmesg :


CIFS VFS: Unexpected lookup error -88
CIFS VFS: Send error in SessSetup = -88

It is the same symptoms as in the redhat bugzilla :

https://bugzilla.redhat.com/show_bug.cgi?id=711400

It it mentionned that it is patched in redhat kernel 
kernel-2.6.32-170.el6, but I have not found any information if that 
patch was sent upstream, and if yes, in which cifs module version.


If anyone has information on this one, I'd be glad to hear.

Cheers,

Denis Cardon
--
Denis Cardon
Tranquil IT Systems
44 bvd des pas enchantés
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.57
http://www.tranquil-it-systems.fr

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Is there a startup script for ubuntu 10.04.1 lts for samba4 alpha 18?

2012-02-23 Thread Aaron E. 
I just took the smb3 init script and edited / commented out what wasn't 
relevent..


On 02/23/2012 02:04 AM, Michael Wood wrote:

On 22 February 2012 23:13, timothy mcdanieltimnb...@gmail.com  wrote:

Is there a startup script for ubuntu 10.04.1 LTS for samba4 alpha 18?
Please could someone please give me a script so that samba4 is automaticly
started up when my server starts up?


You can try the attached script.  (Let's hope the mailing list doesn't
strip it.)

Move it to /etc/init.d/samba4 and make sure it is executable.  Then run:

update-rc.d samba4 defaults







--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] V4 - New Install - Missing Zone File

2012-02-23 Thread Jeremy Davis 

On Thu, Feb 23, 2012 at 4:33 PM, Jeremy Davisjdavis4...@gmail.com  wrote:



I forgot to mention that nsupdate command should also include -g 
flag to

force
secure (kerberos) updates.

nsupdate command = /path/to/nsupdate -g

dlz_bind9 module only allows secure dynamic updates.

Amitay.

I added the -g to the smb.conf and restarted samba and named but it 
doesn't

seem to do anything. Could this be an issue with kerberos? I am able to
authenticate with my Windows machine and via the command line using the
tests on the samba4 wiki. Any ideas as to what this could be?

What happens when you run samba_dnsupdate --verbose?
What's the output from BIND?

Amitay.

Well, the samba_dnsupdate logs are the same but bind is now showing a 
little different error.

samba-dnsupdate:

IPs: ['2002:4b46:c8ad:0:a00:27ff:fe14:5491', 
'fe80::a00:27ff:fe14:5491%eth0', 'fe80::a00:27ff:fee5:5840%eth1', 
'192.168.7.30', '192.168.30.1']

Looking for DNS entry A bob-dc.com 192.168.7.30 as bob-dc.com.
Looking for DNS entry A dc1.bob-dc.com 192.168.7.30 as dc1.bob-dc.com.
Looking for DNS entry  bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491 as bob-dc.com.
Failed to find matching DNS entry  bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Looking for DNS entry  dc1.bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491 as dc1.bob-dc.com.
Failed to find matching DNS entry  dc1.bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Looking for DNS entry A gc._msdcs.bob-dc.com 192.168.7.30 as 
gc._msdcs.bob-dc.com.
Looking for DNS entry  gc._msdcs.bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491 as gc._msdcs.bob-dc.com.
Failed to find matching DNS entry  gc._msdcs.bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Looking for DNS entry CNAME 
48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com dc1.bob-dc.com 
as 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com.
Looking for DNS entry SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 
as _kpasswd._tcp.bob-dc.com.
Checking 0 100 464 dc1.bob-dc.com. against SRV 
_kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464
Looking for DNS entry SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 
as _kpasswd._udp.bob-dc.com.
Checking 0 100 464 dc1.bob-dc.com. against SRV 
_kpasswd._udp.bob-dc.com dc1.bob-dc.com 464
Looking for DNS entry SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 
as _kerberos._tcp.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV 
_kerberos._tcp.bob-dc.com dc1.bob-dc.com 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 88 as _kerberos._tcp.dc._msdcs.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV 
_kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88
Looking for DNS entry SRV 
_kerberos._tcp.default-first-site-name._sites.bob-dc.com 
dc1.bob-dc.com 88 as 
_kerberos._tcp.default-first-site-name._sites.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV 
_kerberos._tcp.default-first-site-name._sites.bob-dc.com 
dc1.bob-dc.com 88
Looking for DNS entry SRV 
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 88 as 
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV 
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 88
Looking for DNS entry SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 
as _kerberos._udp.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV 
_kerberos._udp.bob-dc.com dc1.bob-dc.com 88
Looking for DNS entry SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 as 
_ldap._tcp.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.bob-dc.com 
dc1.bob-dc.com 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 389 as _ldap._tcp.dc._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV 
_ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.bob-dc.com 
dc1.bob-dc.com 3268 as _ldap._tcp.gc._msdcs.bob-dc.com.
Checking 0 100 3268 dc1.bob-dc.com. against SRV 
_ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.bob-dc.com 
dc1.bob-dc.com 389 as _ldap._tcp.pdc._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV 
_ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389
Looking for DNS entry SRV 
_ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 
389 as _ldap._tcp.default-first-site-name._sites.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV 
_ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389
Looking for DNS entry SRV 
_ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 389 as 
_ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV 
_ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 389
Looking for DNS entry SRV 
_ldap._tcp.default-first-site-name._sites.gc._msdcs.bob-dc.com 
dc1.bob-dc.com

[Samba] wbinfo -u not showing domain users

2012-02-23 Thread Samba User 
Hi,

One of my customers is trying to get his AD integrated with samba 3.5.8 he is 
running with an older version of CentOs.

His domain consist of 1 PDC, 1 BDC  and onother DC that replicates the PDC in a 
remote location.

The join to the domain seem to be successful. When I run the command net ads 
testjoin I get a OK message.
I can see the users of the domain, when I run the command net ads user.
However wbinfo -u does not show me the user list. When I run wbinfo 
--online-status, the domain I have joined to
is not shown. Only the BUILTIN and the host name is output. The winbindd logs 
say that the domain is not known when I
run the command wbinfo --domain=DOMAIN -u. 


How can this happen? How can I get winbindd to recognize the domain?

Thanks in advance
Pete
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] A couple of quick questions

2012-02-23 Thread NdK 
Il 20/02/2012 17:20, Daniel Patrick Sullivan ha scritto:

 The first is;
 1) Is it possible to deterministically set the domain name that will
 be used when the winbind use default domain = Yes option is
 configured in /etc/samba/smb.conf?  I want to set a default domain,
 however I do not want the default domain to reflect the domain
 membership of the server.  I do not see this in the documentation,
 although I admittedly haven't looked *that* hard.
That would be useful to me, too.
I tried setting idmap config STUDENTI:default = yes w/o results
(machine is joined to PERSONALE domain).

 2) I am using a configuration line such as the following to restrict access;
 winbind use default domain = Yes
 authrequisite pam_succeed_if.so user ingroup
 AD\org_cri_cri_galaxy_administrators debug
 This is working all fine and good, although I would like to actually
 have another group.  It seems that whenever I add another similar line
 the pam auth bombs out after the first failure.  Is it possible to
 restrict authorization to multiple groups in this manner?
I think it can check only one group, but that's not a problem: just
create a group (whose membership you'll check) that contains the other
groups you want to enable access. I usually do that for users allowed to
access a machine: a 'machinename-authorized' group that contains
'lab-administrators' group and users/groups allowed to access that
machine. This way I can be sure 'lab-administrators' are allowed access.

BYtE,
 Diego.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] slow creating files

2012-02-23 Thread Jeremy Allison 
On Wed, Feb 08, 2012 at 05:12:14PM +0400, Gankov Aleksey wrote:
 We tried to migrate from old Windows fileserver (p4, single HDD) to
 Samba (FedoraCore15, Samba 3.5.12-72.fc15, ext4 volume, xeon,
 raid5).
 Our pipeline is so, that some special software generates files on
 that fileserver.
 The typical filesize ~50 mbytes.
 On the old hardware, software (win2k3 server) the time of single
 file creation was about 10 seconds. On the new configuration it
 takes 20-25 seconds.
 Copying of large files to\from samba server is ok (more than 80
 mbytes\sec).
 It was default Samba installation.
 The usual tuning doesn't help at all (TCPNODELAY etc...)
 
 Is there any idea for tuning?
 
 Also, I wrote easy test that confused me:
 
 #include stdio.h
 #include stdlib.h
 #include time.h
 void main(int argc, char *argv[])
 {
 int fsize=4000;
 int i=0;
 FILE *to;
 char 
 str[]=0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890;
 time_t start, end;
 double diff;
 
 time(start);
 to=fopen(argv[1], w+);
 for(i=0; i  fsize/100; i++)
 {
 fprintf(to, \n%7d-%s,i, str);
 fflush(to); // makes it slow!
 }
 fclose(to);
 time(end);
 diff=difftime(end,start);
 printf(\n \t time_diff =  %.2lf, diff);
 }
 
 This was started on Win7 client PC, It creates about 40 mbytes size
 file in pointed path.
 Comparing timings on our samba share and win2k3 share gives: ~40
 seconds on Samba and on  3-4 seconds win2k3!
 That means that fflush cause dramatically slow down of fileshare.

Ensure you're setting strict allocate = yes
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] V4 - New Install - Missing Zone File

2012-02-23 Thread Jeremy Davis 

Hello All,

On 02/23/2012 09:31 AM, Jeremy Davis wrote:
On Thu, Feb 23, 2012 at 4:33 PM, Jeremy Davisjdavis4...@gmail.com  
wrote:



I forgot to mention that nsupdate command should also include -g 
flag to

force
secure (kerberos) updates.

nsupdate command = /path/to/nsupdate -g

dlz_bind9 module only allows secure dynamic updates.

Amitay.

I added the -g to the smb.conf and restarted samba and named but it 
doesn't
seem to do anything. Could this be an issue with kerberos? I am 
able to
authenticate with my Windows machine and via the command line using 
the

tests on the samba4 wiki. Any ideas as to what this could be?

What happens when you run samba_dnsupdate --verbose?
What's the output from BIND?

Amitay.

Well, the samba_dnsupdate logs are the same but bind is now showing a 
little different error.

samba-dnsupdate:

IPs: ['2002:4b46:c8ad:0:a00:27ff:fe14:5491', 
'fe80::a00:27ff:fe14:5491%eth0', 'fe80::a00:27ff:fee5:5840%eth1', 
'192.168.7.30', '192.168.30.1']

Looking for DNS entry A bob-dc.com 192.168.7.30 as bob-dc.com.
Looking for DNS entry A dc1.bob-dc.com 192.168.7.30 as dc1.bob-dc.com.
Looking for DNS entry  bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491 as bob-dc.com.
Failed to find matching DNS entry  bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Looking for DNS entry  dc1.bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491 as dc1.bob-dc.com.
Failed to find matching DNS entry  dc1.bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Looking for DNS entry A gc._msdcs.bob-dc.com 192.168.7.30 as 
gc._msdcs.bob-dc.com.
Looking for DNS entry  gc._msdcs.bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491 as gc._msdcs.bob-dc.com.
Failed to find matching DNS entry  gc._msdcs.bob-dc.com 
2002:4b46:c8ad:0:a00:27ff:fe14:5491
Looking for DNS entry CNAME 
48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com dc1.bob-dc.com 
as 48c0fc0c-dcc1-425d-bcb2-a229d40ab48c._msdcs.bob-dc.com.
Looking for DNS entry SRV _kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464 
as _kpasswd._tcp.bob-dc.com.
Checking 0 100 464 dc1.bob-dc.com. against SRV 
_kpasswd._tcp.bob-dc.com dc1.bob-dc.com 464
Looking for DNS entry SRV _kpasswd._udp.bob-dc.com dc1.bob-dc.com 464 
as _kpasswd._udp.bob-dc.com.
Checking 0 100 464 dc1.bob-dc.com. against SRV 
_kpasswd._udp.bob-dc.com dc1.bob-dc.com 464
Looking for DNS entry SRV _kerberos._tcp.bob-dc.com dc1.bob-dc.com 88 
as _kerberos._tcp.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV 
_kerberos._tcp.bob-dc.com dc1.bob-dc.com 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 88 as _kerberos._tcp.dc._msdcs.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV 
_kerberos._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 88
Looking for DNS entry SRV 
_kerberos._tcp.default-first-site-name._sites.bob-dc.com 
dc1.bob-dc.com 88 as 
_kerberos._tcp.default-first-site-name._sites.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV 
_kerberos._tcp.default-first-site-name._sites.bob-dc.com 
dc1.bob-dc.com 88
Looking for DNS entry SRV 
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 88 as 
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV 
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 88
Looking for DNS entry SRV _kerberos._udp.bob-dc.com dc1.bob-dc.com 88 
as _kerberos._udp.bob-dc.com.
Checking 0 100 88 dc1.bob-dc.com. against SRV 
_kerberos._udp.bob-dc.com dc1.bob-dc.com 88
Looking for DNS entry SRV _ldap._tcp.bob-dc.com dc1.bob-dc.com 389 as 
_ldap._tcp.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV _ldap._tcp.bob-dc.com 
dc1.bob-dc.com 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 389 as _ldap._tcp.dc._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV 
_ldap._tcp.dc._msdcs.bob-dc.com dc1.bob-dc.com 389
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.bob-dc.com 
dc1.bob-dc.com 3268 as _ldap._tcp.gc._msdcs.bob-dc.com.
Checking 0 100 3268 dc1.bob-dc.com. against SRV 
_ldap._tcp.gc._msdcs.bob-dc.com dc1.bob-dc.com 3268
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.bob-dc.com 
dc1.bob-dc.com 389 as _ldap._tcp.pdc._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV 
_ldap._tcp.pdc._msdcs.bob-dc.com dc1.bob-dc.com 389
Looking for DNS entry SRV 
_ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 
389 as _ldap._tcp.default-first-site-name._sites.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV 
_ldap._tcp.default-first-site-name._sites.bob-dc.com dc1.bob-dc.com 389
Looking for DNS entry SRV 
_ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 389 as 
_ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com.
Checking 0 100 389 dc1.bob-dc.com. against SRV 
_ldap._tcp.default-first-site-name._sites.dc._msdcs.bob-dc.com 
dc1.bob-dc.com 389
Looking for DNS entry SRV

[Samba] rid/autorid issues 3.6.2

2012-02-23 Thread dack 
I'm having issues with idmap autorid and rid on 3.6.2.  If I use tdb 
backend, it works fine.


If I do wbinfo -i testuser when using rid/autorid, I get this:
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user testuser

The same command with tdb returns the info as expected.

wbinfo -u and wbinfo -g work fine under all configurations.

I could not find anything relevant on bugzilla either.  Anyone have any 
ideas?


Here's my settings:

#with tdb (this works perfectly)
idmap config MYDOMAIN : range = 2 - 2000
idmap config MYDOMAIN : backend = tdb

#with rid (does not work)
idmap config MYDOMAIN : range = 2 - 2000
idmap config MYDOMAIN : backend = rid

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[SCM] Samba Shared Repository - branch master updated

2012-02-23 Thread Andrew Bartlett 
The branch, master has been updated
   via  6f8f24c selftest: Do not skip environments that fail to start up
   via  c623b4b s4-provision: Fix typo in 
9b9fdeefb47f2657c9bb4c2f48318550da510209
   via  b0798cc s3-libads: Remove unused ads_set_machine_password()
   via  a6aa244 s3-libads: Remove unused ads_pull_sids_from_extendeddn()
   via  1c7725a s3-utils: Remove unused connect_to_ipc_krb5()
   via  7724533 wintest: Change to a new Win2008R2 VM
   via  bea0515 s3-libsmb: Remove unused spnego functions
   via  757c9b7 s3-rpc_server Remove unused function 
auth_generic_server_start()
  from  fe24ab4 s4:smbcli:smb2: add a random GUID to the transport 
connection in smb2_transport_init()

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 6f8f24c5f2564cf0d0f742af556e3f641803efbd
Author: Andrew Bartlett abart...@samba.org
Date:   Thu Feb 23 16:34:47 2012 +1100

selftest: Do not skip environments that fail to start up

This is a regression in 70f4a96c68e91e407651e2487cc3c66a80262fa2.

Andrew Bartlett

Autobuild-User: Andrew Bartlett abart...@samba.org
Autobuild-Date: Thu Feb 23 10:55:20 CET 2012 on sn-devel-104

commit c623b4bbb8963baf82d1582abe29b7d54d09397c
Author: Andrew Bartlett abart...@samba.org
Date:   Thu Feb 23 16:36:33 2012 +1100

s4-provision: Fix typo in 9b9fdeefb47f2657c9bb4c2f48318550da510209

This was not found to to a bug in the selftest system.

Andrew Bartlett

commit b0798cc0131df4abc314317e43f597c328deaceb
Author: Andrew Bartlett abart...@samba.org
Date:   Thu Feb 9 15:59:38 2012 +1100

s3-libads: Remove unused ads_set_machine_password()

Found by callcatcher.

Andrew Bartlett

commit a6aa24428add3faeb38461929576dc28670c25c6
Author: Andrew Bartlett abart...@samba.org
Date:   Thu Feb 9 16:04:30 2012 +1100

s3-libads: Remove unused ads_pull_sids_from_extendeddn()

Found by callcatcher.

Andrew Bartlett

commit 1c7725ae8a4ed3270720ce71de08f4949aa83ea7
Author: Andrew Bartlett abart...@samba.org
Date:   Thu Feb 9 16:07:06 2012 +1100

s3-utils: Remove unused connect_to_ipc_krb5()

Found by callcatcher.

Andrew Bartlett

commit 7724533d8065a2cd78573e6a07fcad9879296c71
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Feb 21 11:55:50 2012 +1100

wintest: Change to a new Win2008R2 VM

commit bea05159e4239e04dc5e8782b881ed7f70b231fc
Author: Andrew Bartlett abart...@samba.org
Date:   Mon Feb 20 17:03:25 2012 +1100

s3-libsmb: Remove unused spnego functions

commit 757c9b79ea1b2a599d9db1f6e686534777abd3a7
Author: Andrew Bartlett abart...@samba.org
Date:   Mon Feb 20 16:42:20 2012 +1100

s3-rpc_server Remove unused function auth_generic_server_start()

---

Summary of changes:
 selftest/selftest.pl   |2 +-
 selftest/target/Samba.pm   |8 +-
 source3/include/proto.h|   11 --
 source3/libads/ads_ldap_protos.h   |7 --
 source3/libads/ads_proto.h |3 -
 source3/libads/kerberos_util.c |   30 --
 source3/libads/ldap.c  |   55 --
 source3/libsmb/clispnego.c |  109 
 source3/rpc_server/dcesrv_auth_generic.c   |   53 --
 source3/rpc_server/dcesrv_auth_generic.h   |   10 --
 source3/utils/net_proto.h  |4 -
 source3/utils/net_util.c   |   53 --
 .../scripting/python/samba/provision/sambadns.py   |6 +-
 wintest/conf/abartlet.conf |   12 +-
 14 files changed, 16 insertions(+), 347 deletions(-)


Changeset truncated at 500 lines:

diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 4625172..72e9ddf 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -888,7 +888,7 @@ sub setup_env($$)
$testenv_vars-{target} = $target;
}
if (not defined($testenv_vars)) {
-   warn($opt_target can't provide environment 
'$envname');
+   warn($opt_target can't start up known environment 
'$envname');
}
}
 
diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm
index eea1987..445cbb2 100644
--- a/selftest/target/Samba.pm
+++ b/selftest/target/Samba.pm
@@ -31,7 +31,7 @@ sub setup_env($$$)
if (not defined($env-{target})) {
$env-{target} = $self-{samba4};
}
-   } else {
+   } elsif (defined($env) and $env eq UNKNOWN) {
$env = $self-{samba3}-setup_env($envname, $path);
if (defined($env) and $env ne UNKNOWN) {
if (not

autobuild: intermittent test failure detected

2012-02-23 Thread autobuild 
The autobuild test system has detected an intermittent failing test in 
the current master tree.

The autobuild log of the failure is available here:

   http://git.samba.org/autobuild.flakey/2012-02-23-1110/flakey.log

The samba3 build logs are available here:

   http://git.samba.org/autobuild.flakey/2012-02-23-1110/samba3.stderr
   http://git.samba.org/autobuild.flakey/2012-02-23-1110/samba3.stdout

The source4 build logs are available here:

   http://git.samba.org/autobuild.flakey/2012-02-23-1110/samba4.stderr
   http://git.samba.org/autobuild.flakey/2012-02-23-1110/samba4.stdout
  
The top commit at the time of the failure was:

commit fe24ab4e53cde22e6b72d6073592cd3e31dc97f0
Author: Michael Adam ob...@samba.org
Date:   Wed Feb 22 15:29:26 2012 +0100

s4:smbcli:smb2: add a random GUID to the transport connection in 
smb2_transport_init()

This GUID is used in the smb2 negprot when max protocol is bigger than 
0x0202.
According to section 2.2.3 of the MS-SMB2 document, the Client GUID filed 
in the
SMB2 negotiate request must be filled with a (non-zero) GUID if there are 
other
dialects than 0x0202 in the dialects field.

http://msdn.microsoft.com/en-us/library/cc246543%28v=prot.13%29.aspx

Apart from corresponding to the docs, this change makes some of our 
durable-open
tests (e.g reopen2 and open-oplock) _not_ hang when running against windows 
8
preview (which might be still buggy).

Pair-Programmed-With: Gregor Beck gb...@sernet.de

Autobuild-User: Michael Adam ob...@samba.org
Autobuild-Date: Thu Feb 23 03:23:57 CET 2012 on sn-devel-104

[SCM] Samba Shared Repository - branch master updated

2012-02-23 Thread Volker Lendecke 
The branch, master has been updated
   via  f1dc8b2 s3: smb_request-vwv can be const
  from  6f8f24c selftest: Do not skip environments that fail to start up

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit f1dc8b28b7323aa5d44df6bd8d1fbcece91cc397
Author: Volker Lendecke v...@samba.org
Date:   Thu Feb 23 10:50:46 2012 +0100

s3: smb_request-vwv can be const

Autobuild-User: Volker Lendecke v...@samba.org
Autobuild-Date: Thu Feb 23 12:37:23 CET 2012 on sn-devel-104

---

Summary of changes:
 source3/include/smb.h  |2 +-
 source3/smbd/process.c |2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/smb.h b/source3/include/smb.h
index 7dd77ec..10e4798 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -452,7 +452,7 @@ struct smb_request {
uint16 vuid;
uint16 tid;
uint8  wct;
-   uint16_t *vwv;
+   const uint16_t *vwv;
uint16_t buflen;
const uint8_t *buf;
const uint8 *inbuf;
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index 139f1f0..3cb44c4 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -529,7 +529,7 @@ static bool init_smb_request(struct smb_request *req,
req-vuid   = SVAL(inbuf, smb_uid);
req-tid= SVAL(inbuf, smb_tid);
req-wct= CVAL(inbuf, smb_wct);
-   req-vwv= discard_const_p(uint16_t, (inbuf+smb_vwv));
+   req-vwv= (const uint16_t *)(inbuf+smb_vwv);
req-buflen = smb_buflen(inbuf);
req-buf= (const uint8_t *)smb_buf_const(inbuf);
req-unread_bytes = unread_bytes;


-- 
Samba Shared Repository

autobuild: intermittent test failure detected

2012-02-23 Thread autobuild 
The autobuild test system has detected an intermittent failing test in 
the current master tree.

The autobuild log of the failure is available here:

   http://git.samba.org/autobuild.flakey/2012-02-23-1852/flakey.log

The samba3 build logs are available here:

   http://git.samba.org/autobuild.flakey/2012-02-23-1852/samba3.stderr
   http://git.samba.org/autobuild.flakey/2012-02-23-1852/samba3.stdout

The source4 build logs are available here:

   http://git.samba.org/autobuild.flakey/2012-02-23-1852/samba4.stderr
   http://git.samba.org/autobuild.flakey/2012-02-23-1852/samba4.stdout
  
The top commit at the time of the failure was:

commit f25d1f5006c627892b97c72b77cd3e1398cde7a7
Author: Jelmer Vernooij jel...@samba.org
Date:   Thu Feb 23 14:51:00 2012 +0100

dcerpc_server: Add 'modulesdir' variable to pkg-config file.

Autobuild-User: Jelmer Vernooij jel...@samba.org
Autobuild-Date: Thu Feb 23 16:26:25 CET 2012 on sn-devel-104

[SCM] Samba Shared Repository - branch master updated

2012-02-23 Thread Matthias Dieter Wallnöfer 
The branch, master has been updated
   via  101bd18 s3:smbd/utmp.c - fix the build on FreeBSD 9 without utmp.h
  from  f25d1f5 dcerpc_server: Add 'modulesdir' variable to pkg-config file.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 101bd184d1a007b36e4fb889434e3013bdd3d1ea
Author: Matthias Dieter Wallnöfer m...@samba.org
Date:   Thu Feb 23 11:41:11 2012 +0100

s3:smbd/utmp.c - fix the build on FreeBSD 9 without utmp.h

https://bugzilla.samba.org/show_bug.cgi?id=8709

Reviewed-by: Jelmer

Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org
Autobuild-Date: Thu Feb 23 19:17:25 CET 2012 on sn-devel-104

---

Summary of changes:
 source3/smbd/utmp.c |2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/utmp.c b/source3/smbd/utmp.c
index 47462f6..6837c07 100644
--- a/source3/smbd/utmp.c
+++ b/source3/smbd/utmp.c
@@ -126,7 +126,9 @@ void sys_utmp_yield(const char *username, const char 
*hostname,
 
 #else /* WITH_UTMP */
 
+#ifdef HAVE_UTMP_H
 #include utmp.h
+#endif
 
 #ifdef HAVE_UTMPX_H
 #include utmpx.h


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

2012-02-23 Thread Andreas Schneider 
The branch, master has been updated
   via  aed0735 waf: Make sure libraries are installed with the execute 
flag set.
   via  8ba8267 s4-heimdal: Remove the execute flag of cfx.c.
  from  101bd18 s3:smbd/utmp.c - fix the build on FreeBSD 9 without utmp.h

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit aed0735862f9517c49918bb4e4b27d924b2e
Author: Andreas Schneider a...@samba.org
Date:   Thu Feb 23 11:05:09 2012 +0100

waf: Make sure libraries are installed with the execute flag set.

There are two reasons for that. The first is that libraries are
executables and can have main functions (see libc). The second reason is
that rpm script to extract debuginfo are looking for executables and
then check if it is the right file to extract the info.

Autobuild-User: Andreas Schneider a...@cryptomilk.org
Autobuild-Date: Thu Feb 23 20:57:11 CET 2012 on sn-devel-104

commit 8ba82673084fcc1c6beaf630da5a1d42f6d84f1c
Author: Andreas Schneider a...@samba.org
Date:   Thu Feb 23 09:24:02 2012 +0100

s4-heimdal: Remove the execute flag of cfx.c.

The scripts which are extracting debuginfo are looking for files with
the executable bit and find cfx.c which isn't a executable.

---

Summary of changes:
 buildtools/wafsamba/samba_install.py  |3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)
 mode change 100755 = 100644 source4/heimdal/lib/gssapi/krb5/cfx.c


Changeset truncated at 500 lines:

diff --git a/buildtools/wafsamba/samba_install.py 
b/buildtools/wafsamba/samba_install.py
index 26d0a37..5e53989 100644
--- a/buildtools/wafsamba/samba_install.py
+++ b/buildtools/wafsamba/samba_install.py
@@ -134,7 +134,8 @@ def install_library(self):
 
 # tell waf to install the library
 bld.install_as(os.path.join(install_path, install_name),
-   os.path.join(self.path.abspath(bld.env), inst_name))
+   os.path.join(self.path.abspath(bld.env), inst_name),
+   chmod=MODE_755)
 if install_link and install_link != install_name:
 # and the symlink if needed
 bld.symlink_as(os.path.join(install_path, install_link), 
os.path.basename(install_name))
diff --git a/source4/heimdal/lib/gssapi/krb5/cfx.c 
b/source4/heimdal/lib/gssapi/krb5/cfx.c
old mode 100755
new mode 100644


-- 
Samba Shared Repository

[SCM] Samba Website Repository - branch master updated

2012-02-23 Thread Lars Müller 
The branch, master has been updated
   via  7e39675 Add draft of CVE-2012-0870 annoucement.
  from  7a4f50b Replace no longer existing sfconservancy web host

http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -
commit 7e396756df36ae8893ad93e7df035be929308121
Author: Lars Müller l...@samba.org
Date:   Thu Feb 23 22:20:06 2012 +0100

Add draft of CVE-2012-0870 annoucement.

---

Summary of changes:
 security/CVE-2012-0870.html |   73 +++
 1 files changed, 73 insertions(+), 0 deletions(-)
 create mode 100644 security/CVE-2012-0870.html


Changeset truncated at 500 lines:

diff --git a/security/CVE-2012-0870.html b/security/CVE-2012-0870.html
new file mode 100644
index 000..452eebf
--- /dev/null
+++ b/security/CVE-2012-0870.html
@@ -0,0 +1,73 @@
+!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN
+http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;
+html xmlns=http://www.w3.org/1999/xhtml;
+
+head
+titleSamba - Security Announcement Archive/title
+/head
+
+body
+
+   H2CVE-2012-0870:/H2
+
+p
+pre
+===
+== Subject: Remote code execution vulnerability in smbd
+==
+== CVE ID#: CVE-2012-0870
+==
+== Versions:Samba pre-3.4.0
+==
+== Summary: Ensure AndX offsets are increasing strictly monotonically
+in pre-3.4 versions
+==
+===
+
+===
+Description
+===
+
+Samba versions up to 3.4.0 do not ensure that AndX offsets of the smb daemon
+(smbd) are increasing strictly monotonically.
+
+Therefore a remote code execution vulnerability exists in the service.
+A remote attacker could use the vulnerability to launch an exploit over a
+network connection 
+
+==
+Workaround
+==
+
+None.
+
+==
+Patch Availability
+==
+
+A patch addressing this defect has been posted to
+
+  http://www.samba.org/samba/security/
+
+As all pre-3.4.0 versions are discontinued at least since August 9, 2011 even
+for security patches, the patches are provided as an extra service to our
+community, users, and verndors.
+
+===
+Credits
+===
+
+The vulnerability was discovered by Andy Davis of NGS Secure¹ and reported by
+Greg Kinasewitz of Research In Motion².  Patches were written by Volker
+Lendecke of the Samba Team.
+
+==
+References
+==
+
+¹ http://www.ngssecure.com/research/research-overview.aspx
+² http://www.blackberry.com/btsc/KB29565
+
+/pre
+/body
+/html


-- 
Samba Website Repository

[SCM] Samba Website Repository - branch master updated

2012-02-23 Thread Lars Müller 
The branch, master has been updated
   via  55e304c Smaller typo fixes and cleanup.
  from  7e39675 Add draft of CVE-2012-0870 annoucement.

http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -
commit 55e304cd7d0807f8f906fbb9ba7928731af3a0a6
Author: Lars Müller l...@samba.org
Date:   Thu Feb 23 22:38:48 2012 +0100

Smaller typo fixes and cleanup.

---

Summary of changes:
 security/CVE-2012-0870.html |6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/security/CVE-2012-0870.html b/security/CVE-2012-0870.html
index 452eebf..3c1ef3d 100644
--- a/security/CVE-2012-0870.html
+++ b/security/CVE-2012-0870.html
@@ -31,9 +31,9 @@ Description
 Samba versions up to 3.4.0 do not ensure that AndX offsets of the smb daemon
 (smbd) are increasing strictly monotonically.
 
-Therefore a remote code execution vulnerability exists in the service.
+Therefore a remote code execution vulnerability exists in the smbd service.
 A remote attacker could use the vulnerability to launch an exploit over a
-network connection 
+network connection.
 
 ==
 Workaround
@@ -51,7 +51,7 @@ A patch addressing this defect has been posted to
 
 As all pre-3.4.0 versions are discontinued at least since August 9, 2011 even
 for security patches, the patches are provided as an extra service to our
-community, users, and verndors.
+community, users, and vendors.
 
 ===
 Credits


-- 
Samba Website Repository

[SCM] Samba Website Repository - branch master updated

2012-02-23 Thread Lars Müller 
The branch, master has been updated
   via  44d414c Add CVE-2012-0870 to the security overview
  from  55e304c Smaller typo fixes and cleanup.

http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -
commit 44d414c67d610b8ee3c15a96c96e70e0ed99d279
Author: Lars Müller l...@samba.org
Date:   Thu Feb 23 23:09:38 2012 +0100

Add CVE-2012-0870 to the security overview

---

Summary of changes:
 history/security.html |   14 ++
 1 files changed, 14 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/history/security.html b/history/security.html
index ab6d93f..4439835 100755
--- a/history/security.html
+++ b/history/security.html
@@ -22,6 +22,20 @@ link to full release notes for each release./p
   /tr
 
 tr
+   td23 Feb 2012/td
+   tda href=/samba/ftp/patches/security/samba-3.0-CVE-2012-0870.patch
+   patch for Samba 3.0/a
+   a href=/samba/ftp/patches/security/samba-3.2-CVE-2012-0870.patch
+   patch for Samba 3.2/a
+   a href=/samba/ftp/patches/security/samba-3.3-CVE-2012-0870.patch
+   patch for Samba 3.3/a
+   tdRemote code execution vulnerability in smbd/td
+   tdpre-3.4/td
+   tda 
href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0870;CVE-2012-0870/a/td
+   tda href=/samba/security/CVE-2012-0870Announcement/a/td
+/tr
+
+tr
td29 Jan 2012/td
tda 
href=/samba/ftp/patches/security/samba-3.6.2-CVE-2012-0817.patch
patch for Samba 3.6.2/a


-- 
Samba Website Repository

[SCM] Samba Website Repository - branch master updated

2012-02-23 Thread Lars Müller 
The branch, master has been updated
   via  78c6523 Add missing == chars
  from  44d414c Add CVE-2012-0870 to the security overview

http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -
commit 78c652387997132604fc6903dc258e62ddcdc7a9
Author: Lars Müller l...@samba.org
Date:   Thu Feb 23 23:17:46 2012 +0100

Add missing == chars

---

Summary of changes:
 security/CVE-2012-0870.html |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/security/CVE-2012-0870.html b/security/CVE-2012-0870.html
index 3c1ef3d..1bc834b 100644
--- a/security/CVE-2012-0870.html
+++ b/security/CVE-2012-0870.html
@@ -20,7 +20,7 @@
 == Versions:Samba pre-3.4.0
 ==
 == Summary: Ensure AndX offsets are increasing strictly monotonically
-in pre-3.4 versions
+==  in pre-3.4 versions
 ==
 ===
 


-- 
Samba Website Repository

[SCM] Samba Website Repository - branch master updated

2012-02-23 Thread Lars Müller 
The branch, master has been updated
   via  97ffa8e Update latest bodies and headlines regarding CVE-2012-0870
  from  78c6523 Add missing == chars

http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -
commit 97ffa8e11345dc26c69b52a84155a76a7b227148
Author: Lars Müller l...@samba.org
Date:   Thu Feb 23 23:36:10 2012 +0100

Update latest bodies and headlines regarding CVE-2012-0870

---

Summary of changes:
 generated_news/latest_10_bodies.html|   14 ++
 generated_news/latest_10_headlines.html |4 ++--
 generated_news/latest_2_bodies.html |   15 ++-
 3 files changed, 14 insertions(+), 19 deletions(-)


Changeset truncated at 500 lines:

diff --git a/generated_news/latest_10_bodies.html 
b/generated_news/latest_10_bodies.html
index 06268ce..c1cd654 100644
--- a/generated_news/latest_10_bodies.html
+++ b/generated_news/latest_10_bodies.html
@@ -1,3 +1,9 @@
+   h5a name=CVE-2012-087023 February 2012/a/h5
+   p class=headlineSamba pre-3.4 Security Issue/p
+   pPatches for a 
href=http://www.samba.org/samba/ftp/patches/security/samba-3.0-CVE-2012-0870.patch;3.0/a,
 a 
href=http://www.samba.org/samba/ftp/patches/security/samba-3.2-CVE-2012-0870.patch;3.2/a,
 a 
href=http://www.samba.org/samba/ftp/patches/security/samba-3.3-CVE-2012-0870.patch;and
 3.3/a got released in order to address a 
href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-CVE-2012-0870;CVE-2012-0870
 (Remote code execution vulnerability in smbd)/a./p
+
+pSee a href=http://www.samba.org/samba/security/CVE-2012-0870.html;the 
security announcement for more details/a./p
+
h5a name=3.6.329 January 2012/a/h5
p class=headlineSamba 3.6.3 Security Release Available for 
Download/p
pThis is a security release in order to address a 
href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-CVE-2012-0817;CVE-2012-0817
 (Memory leak/Denial of service)/a./p
@@ -83,11 +89,3 @@ enhanced library components./p
 a href=/samba/news/releases/3.6.0.htmlhighlights of 3.6/a?/p
 
 
-   h5a name=3.6.009 August 2011/a/h5
-   p class=headlineSamba 3.6.0 Available for Download/p
-   pThis is the latest stable release of the Samba 3.6 series./p
-
-pThe uncompressed tarballs and patch files have been signed
-using GnuPG (ID 6568B7EA).  The source code can be
-a href=http://samba.org/samba/ftp/stable/samba-3.6.0.tar.gz;downloaded
-now/a. A a 
href=http://samba.org/samba/ftp/patches/patch-3.5.11-3.6.0.diffs.gz;patch 
against Samba 3.5.11/a is also available. See a 
href=http://samba.org/samba/history/samba-3.6.0.html;the release notes for 
more info/a./p
diff --git a/generated_news/latest_10_headlines.html 
b/generated_news/latest_10_headlines.html
index f8b235c..7740819 100644
--- a/generated_news/latest_10_headlines.html
+++ b/generated_news/latest_10_headlines.html
@@ -1,4 +1,6 @@
 ul
+   li 23 February 2012 a href=#CVE-2012-0870Samba pre-3.4 Security 
Issue/a/li
+
li 29 January 2012 a href=#3.6.3Samba 3.6.3 Security Release 
Available for Download/a/li
 
li 25 January 2012 a href=#3.6.2Samba 3.6.2 Available for 
Download/a/li
@@ -16,6 +18,4 @@
li 23 August 2011 a href=#3.4.15Samba 3.4.15 Available for 
Download/a/li
 
li 09 August 2011 a href=/samba/news/releases/3.6.0.htmlThe 
highlights of Samba 3.6/a/li
-
-   li 09 August 2011 a href=#3.6.0Samba 3.6.0 Available for 
Download/a/li
 /ul
diff --git a/generated_news/latest_2_bodies.html 
b/generated_news/latest_2_bodies.html
index 7376bf6..f0dbcea 100644
--- a/generated_news/latest_2_bodies.html
+++ b/generated_news/latest_2_bodies.html
@@ -1,3 +1,9 @@
+   h5a name=CVE-2012-087023 February 2012/a/h5
+   p class=headlineSamba pre-3.4 Security Issue/p
+   pPatches for a 
href=http://www.samba.org/samba/ftp/patches/security/samba-3.0-CVE-2012-0870.patch;3.0/a,
 a 
href=http://www.samba.org/samba/ftp/patches/security/samba-3.2-CVE-2012-0870.patch;3.2/a,
 a 
href=http://www.samba.org/samba/ftp/patches/security/samba-3.3-CVE-2012-0870.patch;and
 3.3/a got released in order to address a 
href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-CVE-2012-0870;CVE-2012-0870
 (Remote code execution vulnerability in smbd)/a./p
+
+pSee a href=http://www.samba.org/samba/security/CVE-2012-0870.html;the 
security announcement for more details/a./p
+
h5a name=3.6.329 January 2012/a/h5
p class=headlineSamba 3.6.3 Security Release Available for 
Download/p
pThis is a security release in order to address a 
href=http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-CVE-2012-0817;CVE-2012-0817
 (Memory leak/Denial of service)/a./p
@@ -6,12 +12,3 @@
 using GnuPG (ID 6568B7EA).  The source code can be
 a href=http://samba.org/samba/ftp/stable/samba-3.6.3.tar.gz;downloaded
 now/a. A a

[SCM] Samba Shared Repository - branch master updated

2012-02-23 Thread Andrew Bartlett 
The branch, master has been updated
   via  f14dffa s3-selftest: Verify GK and GF flag behaviour
   via  b947d84 s3-selftest: run ntlm_auth against winbindd in make test
   via  111d9f3 auth: Remove plugable password-check functions from 
gensec_ntlmssp
   via  83810f8 auth: consolidate gensec_ntlmssp_server wrapper functions
   via  a61298e s3-libsmb: Remove unused ntlmssp_server_start()
   via  9de7fb8 s3-ntlm_auth: Convert ntlm_auth to use gensec_ntlmssp 
server-side
   via  4478f31 s3-auth: Provide helper routine to check password and 
return session_info
   via  e3cebef auth: Rename some elements of auth4_context
   via  8a9b6fe s3-auth: Add a way to get an auth4_context from the auth 
stack
  from  aed0735 waf: Make sure libraries are installed with the execute 
flag set.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit f14dffa815b47af4061cf1d0c35e0237d35c07a9
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Feb 24 12:19:27 2012 +1100

s3-selftest: Verify GK and GF flag behaviour

At least this ensures that the helper has not crashed, it will require
a little more to ensure that the values are correct.

Andrew Bartlett

Autobuild-User: Andrew Bartlett abart...@samba.org
Autobuild-Date: Fri Feb 24 03:53:38 CET 2012 on sn-devel-104

commit b947d84c88d1fcc3bdd75f3002bb38b673cbecd3
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Feb 24 12:12:48 2012 +1100

s3-selftest: run ntlm_auth against winbindd in make test

commit 111d9f3eb20ad0c3e3b6a7a01f7c997111c660d9
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Feb 7 17:47:42 2012 +1100

auth: Remove plugable password-check functions from gensec_ntlmssp

The auth4_context layer now provides the plugability here.

Andrew Bartlett

commit 83810f8afad85818edb7a21428dbbef305147b8c
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Feb 7 17:12:19 2012 +1100

auth: consolidate gensec_ntlmssp_server wrapper functions

commit a61298e8028574d10358e2d53c956f74ab641ef4
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Feb 7 17:07:52 2012 +1100

s3-libsmb: Remove unused ntlmssp_server_start()

commit 9de7fb8706d3314951ddc1fc6c919b4872f2ea92
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Feb 7 17:02:14 2012 +1100

s3-ntlm_auth: Convert ntlm_auth to use gensec_ntlmssp server-side

This uses the common gensec_ntlmssp server code for ntlm_auth, removing
the last non-gensec use of the NTLMSSP server.

Andrew Bartlett

commit 4478f315e6cb178b53114033e1247e265f82ab8f
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Feb 3 23:32:26 2012 +1100

s3-auth: Provide helper routine to check password and return session_info

commit e3cebef0cf93ddade8e698ea292d2c03cf005a7b
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Feb 3 16:33:44 2012 +1100

auth: Rename some elements of auth4_context

These operate on NTLM authentication, so make that clear.

Andrew Bartlett

commit 8a9b6fe26dc347afd6dc17570354e0af391b351d
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Feb 3 16:14:42 2012 +1100

s3-auth: Add a way to get an auth4_context from the auth stack

This will allow us to use the same layer that auth_ntlmssp does
in the non-SPNEGO session setup, which will in turn make the
authentication code more consistent in the AD server case.

Andrew Bartlett

---

Summary of changes:
 auth/common_auth.h|   14 +-
 auth/ntlmssp/gensec_ntlmssp_server.c  |  180 
 auth/ntlmssp/ntlmssp.c|   33 ++-
 auth/ntlmssp/ntlmssp.h|   54 +
 auth/ntlmssp/ntlmssp_client.c |8 -
 auth/ntlmssp/ntlmssp_server.c |  139 --
 source3/auth/auth.c   |6 +-
 source3/auth/auth_generic.c   |   84 +-
 source3/auth/auth_samba4.c|   54 
 source3/auth/proto.h  |6 +
 source3/include/auth.h|7 +-
 source3/libsmb/ntlmssp.c  |  121 
 source3/script/tests/test_ntlm_auth_s3.sh |8 +-
 source3/selftest/tests.py |2 +-
 source3/torture/test_ntlm_auth.py |   37 +++-
 source3/utils/ntlm_auth.c |  426 ++---
 source4/auth/ntlm/auth.c  |6 +-
 17 files changed, 659 insertions(+), 526 deletions(-)


Changeset truncated at 500 lines:

diff --git a/auth/common_auth.h b/auth/common_auth.h
index c0fd6b6..cf21543 100644
--- a/auth/common_auth.h
+++ b/auth/common_auth.h
@@ -105,17 +105,17 @@ struct auth4_context {
/* Private data for the callbacks on this auth context */
void *private_data;
 
-   NTSTATUS

[SCM] Samba Shared Repository - branch master updated

2012-02-23 Thread Andrew Bartlett 
The branch, master has been updated
   via  0cf7a36 on our way with Samba 4.0alpha19
   via  0a4827f prepare WHATSNEW for Samba 4.0alpha18 release and mark as 
release.
   via  cab24da s3-libsmb: Remove unused spnego_parse_auth_and_mic
  from  f14dffa s3-selftest: Verify GK and GF flag behaviour

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 0cf7a3680aee282dd6c1a012401df83e2e111a2d
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Feb 24 15:24:00 2012 +1100

on our way with Samba 4.0alpha19

Autobuild-User: Andrew Bartlett abart...@samba.org
Autobuild-Date: Fri Feb 24 07:20:10 CET 2012 on sn-devel-104

commit 0a4827f594c87e5f0866999e8cfcae29c72ce675
Author: Andrew Bartlett abart...@samba.org
Date:   Thu Feb 16 16:45:10 2012 +1100

prepare WHATSNEW for Samba 4.0alpha18 release and mark as release.

commit cab24da68dbebc419efaaf660b20994b71e42203
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Feb 24 12:36:23 2012 +1100

s3-libsmb: Remove unused spnego_parse_auth_and_mic

---

Summary of changes:
 VERSION|2 +-
 WHATSNEW.txt   |   94 +++
 source3/include/proto.h|2 -
 source3/libsmb/clispnego.c |   40 ---
 upgrading-samba4.txt   |8 
 5 files changed, 51 insertions(+), 95 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 866376e..952ff93 100644
--- a/VERSION
+++ b/VERSION
@@ -57,7 +57,7 @@ SAMBA_VERSION_TP_RELEASE=
 # e.g. SAMBA_VERSION_ALPHA_RELEASE=1   #
 #  -  4.0.0alpha1   #
 
-SAMBA_VERSION_ALPHA_RELEASE=18
+SAMBA_VERSION_ALPHA_RELEASE=19
 
 
 # For 'pre' releases the version will be   #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 3fac360..a9258b0 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,4 @@
-What's new in Samba 4 alpha17
+What's new in Samba 4 alpha18
 =
 
 Samba 4.0 will be the next version of the Samba suite and incorporates
@@ -10,7 +10,7 @@ and above.
 WARNINGS
 
 
-Samba4 alpha17 is not a final Samba release, however we are now making
+Samba4 alpha18 is not a final Samba release, however we are now making
 good progress towards a Samba 4.0 release, of which this is a preview.
 Be aware the this release contains both the technology of Samba 3.6
 (that you can reasonably expect to upgrade existing Samba 3.x releases
@@ -55,84 +55,74 @@ programs to interface to Samba's internals, and many tools 
and
 internal workings of the DC code is now implemented in python.
 
 
-CHANGES SINCE alpha16
+CHANGES SINCE alpha17
 =
 
-For a list of changes since alpha 15, please see the git log.
+For a list of changes since alpha 17, please see the git log.
 
 $ git clone git://git.samba.org/samba.git
 $ cd samba.git
-$ git log release-4-0-0alpha16..release-4-0-0alpha17
+$ git log samba-4.0.0alpha17..samba-4.0.0alpha18
 
 Some major user-visible changes include:
 
-samba-tool dbcheck
---
+Improvements to DNS servers.  Samba4 now has 3 options for the
+handling of DNS:  The default option is to use the BIND 9.8 DLZ plugin,
+which stores the information about the DNS zone in the directory.
+There is also an internal DNS server (but which does not support
+secure DNS updates at this time) and the flat file BIND 9.8 backend
+(storing the data in traditional zone files).
 
-We now have an fsck-like tool for Samba's internal sam.ldb database.
-Run samba-tool dbcheck after installation to check your database for
-self-consistency.  Any database created with a previous Samba4 alpha
-will have a very large number of consistency errors, which this tool
-can fix.
+To migrate from zone files to directory based DNS servers, a migration
+tool (upgradedns) has been added.
 
-See also the -H option to point dbcheck at a different database to the
-default, and the --fix and --yes options to make changes and to not
-prompt about those changes. 
+samba-tool dns commands to manage DNS records stored in directory.
 
-After upgrading Samba, it is suggested that you do the following:
+smbwrapper (a user-space file system based on LD_PRELOAD) has been
+removed.  
 
-  - stop samba
-  - take a backup copy of your sam.ldb and sam.ldb.d/* database files
-  - run samba-tool dbcheck --cross-ncs --fix
-  - use 'all' to say yes to fixing each type of error found
-  - after it has finished, run dbcheck again to ensure it reports no
-errors
+Improvement to the upgrade process between Samba 3.x domains and Samba
+4.0 AD domains (samba-tool domain samba3upgrade).
 
-There will be a lot of errors fixed, particularly related to
-bad/missing

[SCM] Samba Shared Repository - annotated tag samba-4.0.0alpha18 created

2012-02-23 Thread Andrew Bartlett 
The annotated tag, samba-4.0.0alpha18 has been created
at  b9298b97efc6350d9ed363463c1bc4b90cecac25 (tag)
   tagging  0a4827f594c87e5f0866999e8cfcae29c72ce675 (commit)
  replaces  tevent-0.9.15
 tagged by  Andrew Bartlett
on  Fri Feb 24 17:25:48 2012 +1100

- Log -
samba4: tag release samba-4.0.0alpha18
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQBPRy1sz4A8Wyi0NrsRAjQRAJ4jl04XY4v/JTQaBrQ9pM0O5NXafgCfYIlX
QozBS2tInhNmApae6Tu/7w8=
=2XFz
-END PGP SIGNATURE-

Amitay Isaacs (20):
  mkversion: Add quotes around various version strings
  s4-dsdb: Check if metadata.tdb exists, before trying to open it
  lib/tdb2: Do not include config.h in (to-be) public library, use replace.
  lib/tdb2: Mark public function as such
  lib/tdb2: Fix wscript
  lib/tdb2: Convert tdb2 to a standalone library
  lib/tdb2: 2.0.0 ABI
  dlz_bind9: Do not remove LDB record in subrdataset and delrdataset
  samba-tool: dns: Add MXRecord type to add/update mx records
  samba-tool: dns: Convert dns data in a string to DNS record
  samba-tool: dns: Convert dns data into a dns record for comparison
  samba-tool: dns: Add support to add/update/delete MX and SRV records
  samba-tool: dns: Add extra references for string objects as workaround
  samba-tool: dns: Fix the output display of DNS records
  samba-tool: dns: Update the copyright
  dlz_bind9: Fix the log message level
  s4-provision: dns: Refactor population of dns data code
  s4-provision: dns: Do not re-calculate ntdsguid, use from names
  s4-provision: dns: Add txt DNS record
  upgradedns: Upgrade DNS provision from BIND9_FLATFILE to AD based DNS

Andreas Schneider (4):
  s3-net: Don't use an internal krb5 for kdc lookup.
  s3-libsmb: Remove obsolete smb_krb5_locate_kdc.
  s4-heimdal: Remove the execute flag of cfx.c.
  waf: Make sure libraries are installed with the execute flag set.

Andrew Bartlett (129):
  credentials: Show returned error_string in debug message
  heimdal: Re-run lexyacc.sh
  heimdal_build: omit #line statments
  heimdal: Re-run lexyacc.sh to remove #line statements
  build: Add --enable-coverage option to build with gcov support
  charset: Remove unused iconv_talloc()
  s3-charcnv: Remove unused pull_string_fn
  s3-registry: Remove unused prs_uint8()
  s3-lib: Remove unused pid_path()
  s4-cmdline: Remove unused popt_common_dont_ask()
  s4-lib/tls: remove unused tls_support()
  charset: Remove unused strcmp_w()
  lib/util: Remove unused str_format_nbt_domain()
  s4-lib/samba3: Remove unused smbpasswd_decode_acb_info()
  s3-param: Remove unused share_defined()
  s3-libsmb: Remove unused smb_krb5_mk_error()
  s3-charcnv: Remove unused rpcstr_push()
  s3-lib: Remove unused is_myworkgroup()
  s3-libsmb: Remove unused kerberos_compatible_enctypes
  s3-libsmb: Remove unused kerberos_set_creds_enctype()
  s4-nbt_server: remove unused winsdb_get_seqnumber()
  Revert gensec: Fix a memory corruption in gensec_use_kerberos_mechs
  gensec: set flag to continue in outer for loop in 
gensec_use_kerberos_mechs
  gensec: explain gensec_use_kerberos_mechs() logic
  auth: Pass in the SMB username (for %U) into generate_session_info
  s3-lib/addns: Move to system/kerberos.h and HAVE_KRB5
  s3-libads: Move to using only the HAVE_KRB5 define
  s3-build: expliticly require gssapi for HAVE_KRB5 and remove HAVE_GSSAPI
  selftest: Allow setup_env() to signal that an environment name is unknown
  s3-selftest: Do not assume $USERNAME is the same as $DC_USERNAME
  s3-nmbd: Initialise newly non-static variables
  wintest: connect to correct hostname in test_net_use
  wintest: Retry joining the domain a few times
  wintest: Allow access denied when turning off the firewall
  wintest: Update VM used for W2K8R2A
  wintest: s3 moved smb.conf to /etc
  wintest: Cope with nc not timing out even when -w 1 is specified
  wintest: Samba is now all version 4.0
  wintest: Give the Windows VM a little more time to start back up
  wintest: Change Windows 7 VM
  wintest: update WinXP-1 snapshot
  selftest: Make plugin_s4_dc set the cached environment correctly
  selftest: Do not start up an already-running test environment
  s3-selftest: Require SMB signing for ktest environment
  selftest: skip targets that are not compiled in if we do not have ADS
  selftest: Run nsstest against more environments
  selftest: skip plugin_s4_dc if we do not have ADS
  s3-smbd: Avoid starting log lines with the word 'error'
  selftest: Remove 'if have_ads_support:' from tests.py
  s3-selftest: Remove .posix_s3 from s3 test names
  s3-librpc: make gensec result handling more generic
  s3-librpc: Remove unused bool