Re: [Samba] samba4(git) user log on to workstation not work
admin pak - select an OU - right click on a user name - properties - account - Log On to - checked (the following computer) - add (site9 ) On Wed, Mar 7, 2012 at 10:58 AM, Mohammad Ebrahim Abravi lamp@gmail.com wrote: Hi set the following setting on samba 4 but user can not login to site9 !, what? user - properties - account - Log On to - checked (the following computer) - add (site9 ) Note : On samba 4.0.11 this setting work -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Change password (like smbpasswd) from Windows?
From Linux I can use smbpasswd -r 192.168.1.123 -U jack to change the password I use to map network drives. How can I do the same from Windows? I configured a Samba share that several folks connect to from their personal (Windows) laptops. They want to be able to change the passwords they use to connect to this share -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] smbldap-tools 0.9.8 released
Hi, I've released smbldap-tools 0.9.8: http://download.gna.org/smbldap-tools/ChangeLog http://download.gna.org/smbldap-tools/sources/?C=MO=D http://download.gna.org/smbldap-tools/packages/ This release fixed a grave bug that smbldap-useradd -u UID does not work, and fixed some minor bugs. Regards, -- -- Name: SATOH Fumiyasu (fumiyas @ osstech co jp) -- Business Home: http://www.OSSTech.co.jp/ -- Personal Home: http://www.SFO.jp/blog/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change password (like smbpasswd) from Windows?
On Wed, 2012-03-07 at 00:25 -0800, Jack Bates wrote: From Linux I can use smbpasswd -r 192.168.1.123 -U jack to change the password I use to map network drives. How can I do the same from Windows I configured a Samba share that several folks connect to from their personal (Windows) laptops. They want to be able to change the passwords they use to connect to this share Assuming: since you say personal laptops that these machines are *not* members of a domain and thus are participating in a workgroup [however adhoc that workgroup may be] I'm not aware of any way to change an account/share password from a Windows client when operating in workgroup mode; this is regardless of if the server is Samba or Windows. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Change password (like smbpasswd) from Windows?
On Wed, Mar 07, 2012 at 06:15:41AM -0500, Adam Tauno Williams wrote: On Wed, 2012-03-07 at 00:25 -0800, Jack Bates wrote: From Linux I can use smbpasswd -r 192.168.1.123 -U jack to change the password I use to map network drives. How can I do the same from Windows I configured a Samba share that several folks connect to from their personal (Windows) laptops. They want to be able to change the passwords they use to connect to this share Assuming: since you say personal laptops that these machines are *not* members of a domain and thus are participating in a workgroup [however adhoc that workgroup may be] I'm not aware of any way to change an account/share password from a Windows client when operating in workgroup mode; this is regardless of if the server is Samba or Windows. Ctrl-Alt-Del, Change Password, and as username type in SERVERNAME\user. That always worked for me, even in Win7. But YMMV. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Shares from Windows 2008 R2 machine joined to Samba 3.5.10 domain
Greetings, We host a Samba domain and have a Windows 2008 R2 server joined to it. On this Windows server, we want to create shares using the net share command, however we are getting a The trust relationship between this workstation and the primary domain failed. error when we try and do this. Does samba 3.5 even allow Windows 2008 R2 to share directories on its domain in this fashion? If so, what changes to Windows need to me made to accommodate this? Thanks! Zach. The information in this communication is intended solely for the individual or entity to whom it is addressed. It may contain confidential or legally privileged information. If you are not the intended recipient, any disclosure, copying, distribution or reliance on the contents of this information is strictly prohibited, and may be unlawful. If you have received this communication in error, please notify us immediately by responding to the sender of this email, and then delete it from your system. Taylor University is not liable for the inaccurate or improper transmission of the information contained in this communication or for any delay in its receipt. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Directory appears different dependent on access path
I'm very confused by a recent home directory inconsistency and am hoping someone can give me a clue where to look for the problem. It started when I used Adobe Illustrator to write a file to my home directory on a Samba share. Illustrator writes a new file by creating a temporary file, completing the write, and then renaming the file to the user-specified name. What I see as the final result is inconsistent: from the Windows machine that created the file I see what I would expect -- the name I specified exists. On the Samba host I see the temporary file name, with the correct contents, and the rename appears never to have happened. All the evidence I have points to some persistent state on the Windows machine that causes it to transform the temporary name to the user-specified one, though that seems unlikely. * This behavior persists after rebooting both the Windows machine and the Samba server. * Looking through the path used to rename the file (e.g. \\foo\bar) consistently shows the renamed file. * Looking from Windows through another path resolving to the same directory (e.g. \\foo\users\bar) shows the temporary name. * Looking through the fully qualified host name (e.g. \\foo.com\bar) shows the temporary name. * Looking through \\foo\bar from some other Windows machine shows the temporary name. The only place I see the renamed file is on the machine that created it using only the exact share name used when creating it. To add some complexity: Samba 3.6.3 is running on FreeBSD 9 with ZFS. I looked in all the ZFS snapshots for the file system and didn't find any instance of a snapshot with the renamed file name. All the ZFS state I can find has only the temporary name. Any advice on where to look, what state might be corrupt or what I might try to flush would be appreciated. Thank you, -Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] allow trusted domains
Colleagues, Is there a way to map all trusted domain users to the guest account? As if they were nonexistent users or users from untrusted domains. If I could maintain a list of domains for the samba server to trust, it would be fine too. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Kerberos password annoyance
Hi Samba4 How can I change this: http://db.tt/9mV49vvV So that it warns me say, 4 days before. Instead of every time I login? openSUSE 12.1 server and clients. Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Kerberos password annoyance
On Wed, 2012-03-07 at 16:03 +0100, steve wrote: Samba4 How can I change this: http://db.tt/9mV49vvV So that it warns me say, 4 days before. Instead of every time I login? This is a domain policy setting. I always thought the default was 14 days, but maybe it changed. You can set it the same way you set any other policy. -- System Network Administrator [ LPI NCLA ] http://www.whitemiceconsulting.com OpenGroupware Developer http://www.opengroupware.us Adam Tauno Williams -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Kerberos password annoyance
On 03/07/2012 04:10 PM, Adam Tauno Williams wrote: On Wed, 2012-03-07 at 16:03 +0100, steve wrote: Samba4 How can I change this: http://db.tt/9mV49vvV So that it warns me say, 4 days before. Instead of every time I login? This is a domain policy setting. I always thought the default was 14 days, but maybe it changed. You can set it the same way you set any other policy. Hi It must be set to 4 days. The win7 users get the 4 day warning but openSUSE clients get it every day they log in. I can't get at a win box at the moment. Is there a samba-tool or PAM way I could try? Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Directory appears different dependent on access path
On Mon, Mar 05, 2012 at 09:50:46AM -0500, Michael Adler wrote: I'm very confused by a recent home directory inconsistency and am hoping someone can give me a clue where to look for the problem. It started when I used Adobe Illustrator to write a file to my home directory on a Samba share. Illustrator writes a new file by creating a temporary file, completing the write, and then renaming the file to the user-specified name. What I see as the final result is inconsistent: from the Windows machine that created the file I see what I would expect -- the name I specified exists. On the Samba host I see the temporary file name, with the correct contents, and the rename appears never to have happened. Does the Windows client actually request the rename ? Check the smbd logs. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Directory appears different dependent on access path
Jeremy Allison jra at samba.org writes: On Mon, Mar 05, 2012 at 09:50:46AM -0500, Michael Adler wrote: I'm very confused by a recent home directory inconsistency and am hoping someone can give me a clue where to look for the problem. It started when I used Adobe Illustrator to write a file to my home directory on a Samba share. Illustrator writes a new file by creating a temporary file, completing the write, and then renaming the file to the user-specified name. What I see as the final result is inconsistent: from the Windows machine that created the file I see what I would expect -- the name I specified exists. On the Samba host I see the temporary file name, with the correct contents, and the rename appears never to have happened. Does the Windows client actually request the rename ? Check the smbd logs. No. On the share with the failures I see just opening and closing the temporary file and almost no other activity, yet from the perspective of the Windows machine everything does complete. On the share with no failures, resolving to the same Unix drive, I see a lot of activity, including the file rename. The apparent states of \\foo\homes and \\foo\user when logged in as the user are different: one has the temporary files, the other the renamed ones! This all from the same Windows machine. The Windows box is behaving as though there is cached state for the directory, when viewed as a particular share name, that is never flushed and is persistent across reboots. I've only seen this in the top level directory. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Local group auth not working for domain members with SECURITY=ADS
I have a Samba 3.5.10 (Cent 6) server succesfully joined to the domain. Domain logins and domain group control are working. I have a share configured with valid users = +unixgroup that my domain user cannot access but my local unix user can. The only group related error message is coming from string_to_sid(), which I am confident is a red-herring. My goal in this experiment is to try and get NSS based group access working, so that I can expand to non-AD group lists. I have a rather convoluted auth backend that I'm trying to glue Samba onto, and I don't control the AD servers. I have tried net sam mapunixgroup unixgroup but that did not change the result. I did not try adding users to the group via net sam as that is not a workable solution for my end goal. My question at this time is if this is behavior is expected. Will Samba check the NSS groups for domain members? Also, I see samba calls getgrouplist() samba3/lib/from system_smbd.c. Is this code executed for domain member lookups? Thanks in advance. -- Tom Noonan II ESL Technician - Randstad -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Directory appears different dependent on access path
On Wed, Mar 07, 2012 at 10:37:59PM +, Michael Adler wrote: Jeremy Allison jra at samba.org writes: On Mon, Mar 05, 2012 at 09:50:46AM -0500, Michael Adler wrote: I'm very confused by a recent home directory inconsistency and am hoping someone can give me a clue where to look for the problem. It started when I used Adobe Illustrator to write a file to my home directory on a Samba share. Illustrator writes a new file by creating a temporary file, completing the write, and then renaming the file to the user-specified name. What I see as the final result is inconsistent: from the Windows machine that created the file I see what I would expect -- the name I specified exists. On the Samba host I see the temporary file name, with the correct contents, and the rename appears never to have happened. Does the Windows client actually request the rename ? Check the smbd logs. No. On the share with the failures I see just opening and closing the temporary file and almost no other activity, yet from the perspective of the Windows machine everything does complete. On the share with no failures, resolving to the same Unix drive, I see a lot of activity, including the file rename. The apparent states of \\foo\homes and \\foo\user when logged in as the user are different: one has the temporary files, the other the renamed ones! This all from the same Windows machine. The Windows box is behaving as though there is cached state for the directory, when viewed as a particular share name, that is never flushed and is persistent across reboots. I've only seen this in the top level directory. This with SMB2 ? I'm wondering if the new MS-client directory caching is causing problems. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] User audit logging
Hi I have setup user auditing with extd_audit and its working fine , i have it logging to log file = /var/log/samba/%U.%m.log and that is great for identifying the users and machines ...But the syslog entries don't have a username or host information and I want to use syslog to ship the logs to a central logging server. Can I configure it to log username and hostname (or ip) to syslog with each log line ? Thanks G -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User audit logging
On Thursday 08 March 2012 00:56:12 Gregory Machin wrote: Hi I have setup user auditing with extd_audit and its working fine , i have it logging to log file = /var/log/samba/%U.%m.log and that is great for identifying the users and machines ...But the syslog entries don't have a username or host information and I want to use syslog to ship the logs to a central logging server. Can I configure it to log username and hostname (or ip) to syslog with each log line ? Thanks G afaik - you can't specify that for syslog. There is another vfs called vfs_full_audit: http://www.samba.org/samba/docs/man/manpages-3/vfs_full_audit.8.html see also: http://moiristo.wordpress.com/2009/08/10/samba-logging-user-activity/ That one does _only_ log to syslog, but is very flexible and powerful. For debugging purpose i used in the past: full_audit:prefix = %u|%I|%m|%S Cheers, Günter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b47959a s4-libcli: pysmb: Fix typo in secinfo_flags from 8ad1986 lib/tdb2: add --valgrind, --valgrind-log options. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b47959a5c5577b4a6fb3003c7d4c3caf5c46ab93 Author: Amitay Isaacs ami...@gmail.com Date: Wed Mar 7 16:40:23 2012 +1100 s4-libcli: pysmb: Fix typo in secinfo_flags Autobuild-User: Amitay Isaacs ami...@samba.org Autobuild-Date: Wed Mar 7 10:56:09 CET 2012 on sn-devel-104 --- Summary of changes: source4/libcli/pysmb.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/libcli/pysmb.c b/source4/libcli/pysmb.c index 31d163c..2f9a579 100644 --- a/source4/libcli/pysmb.c +++ b/source4/libcli/pysmb.c @@ -340,7 +340,7 @@ static PyObject *py_smb_getacl(pytalloc_Object *self, PyObject *args, PyObject * SECINFO_DACL | SECINFO_PROTECTED_DACL | SECINFO_UNPROTECTED_DACL | - SECINFO_DACL | + SECINFO_SACL | SECINFO_PROTECTED_SACL | SECINFO_UNPROTECTED_SACL; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0eaf91f selftest: mark samba4.smb2.getinfo.getinfo as knownfail via ee6cd3b s4:torture: smb2.getinfo test return status of stream creation via aa993a8 s4:torture/smb2: add simple smb2.session.reauth test via 7e9a4c6 s4:libcli/smb2: allow smb2_session_setup_spnego to handle reauth from b47959a s4-libcli: pysmb: Fix typo in secinfo_flags http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0eaf91ffb8138a6faee7c5cc446b8e348d76cd2d Author: Stefan Metzmacher me...@samba.org Date: Tue Mar 6 21:23:52 2012 +0100 selftest: mark samba4.smb2.getinfo.getinfo as knownfail Samba4 seems to have problems with streams on directories. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Wed Mar 7 12:44:10 CET 2012 on sn-devel-104 commit ee6cd3b84e712e754bc5c6b7b8fdf1e2f170a0f7 Author: Gregor Beck gb...@sernet.de Date: Tue Mar 6 11:48:52 2012 +0100 s4:torture: smb2.getinfo test return status of stream creation Signed-off-by: Stefan Metzmacher me...@samba.org commit aa993a89f0fc3be18da5d4c342447dacf88e65d9 Author: Gregor Beck gb...@sernet.de Date: Tue Mar 6 15:46:48 2012 +0100 s4:torture/smb2: add simple smb2.session.reauth test Pair-Programmed-With: Stefan Metzmacher me...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit 7e9a4c6c11b90a27b570158e33b37efed3a4998e Author: Gregor Beck gb...@sernet.de Date: Tue Mar 6 15:45:37 2012 +0100 s4:libcli/smb2: allow smb2_session_setup_spnego to handle reauth Pair-Programmed-With: Stefan Metzmacher me...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: selftest/knownfail |1 + source4/libcli/smb2/session.c | 12 source4/torture/smb2/getinfo.c |8 - source4/torture/smb2/session.c | 57 4 files changed, 76 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/knownfail b/selftest/knownfail index 455ff5a..3bfe490 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -129,6 +129,7 @@ ^samba4.smb2.oplock.batch9$ # samba 4 oplocks are a mess ^samba4.smb2.oplock.batch10$ # samba 4 oplocks are a mess ^samba4.smb2.oplock.batch20$ # samba 4 oplocks are a mess +^samba4.smb2.getinfo.getinfo # streams on directories does not work ^samba4.ntvfs.cifs.krb5.base.createx_access.createx_access$ ^samba4.ldap.acl.*.AclSearchTests.test_search_anonymous3$ # ACL search behaviour not enabled by default ^samba4.ldap.acl.*.AclSearchTests.test_search1$ # ACL search behaviour not enabled by default diff --git a/source4/libcli/smb2/session.c b/source4/libcli/smb2/session.c index d727d55..2657266 100644 --- a/source4/libcli/smb2/session.c +++ b/source4/libcli/smb2/session.c @@ -76,6 +76,7 @@ struct smb2_session_setup_spnego_state { struct smb2_session *session; struct cli_credentials *credentials; uint64_t previous_session_id; + bool reauth; NTSTATUS gensec_status; DATA_BLOB in_secblob; DATA_BLOB out_secblob; @@ -95,6 +96,7 @@ struct tevent_req *smb2_session_setup_spnego_send( { struct tevent_req *req; struct smb2_session_setup_spnego_state *state; + uint64_t current_session_id; const char *chosen_oid; struct tevent_req *subreq; NTSTATUS status; @@ -114,6 +116,11 @@ struct tevent_req *smb2_session_setup_spnego_send( state-credentials = credentials; state-previous_session_id = previous_session_id; + current_session_id = smb2cli_session_current_id(state-session-smbXcli); + if (current_session_id != 0) { + state-reauth = true; + } + server_gss_blob = smbXcli_conn_server_gss_blob(session-transport-conn); if (server_gss_blob) { negprot_secblob = *server_gss_blob; @@ -219,6 +226,11 @@ static void smb2_session_setup_spnego_done(struct tevent_req *subreq) if (NT_STATUS_IS_OK(peer_status) NT_STATUS_IS_OK(state-gensec_status)) { DATA_BLOB session_key; + if (state-reauth) { + tevent_req_done(req); + return; + } + status = gensec_session_key(session-gensec, state, session_key); if (tevent_req_nterror(req, status)) { diff --git a/source4/torture/smb2/getinfo.c b/source4/torture/smb2/getinfo.c index 2e30190..16db715 100644 --- a/source4/torture/smb2/getinfo.c +++ b/source4/torture/smb2/getinfo.c @@ -196,13 +196,17 @@ bool torture_smb2_getinfo(struct torture_context *torture) torture_assert_ntstatus_ok(torture, status,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 54d3609 s3-rpc_server: Do not register embedded ncacn_np endpoints by default via 78f85b2 s3-rpc_server: Register embedded RPC services after starting lsasd and spoolssd via 781bb36 s4-smb_server: Put error from share_get_config() into the logs via 8466b3c s3-rpc_server: Do not setup ncalrpc pipes and TCP for embedded rpc servers via 716a6c3 selftest: Only run s3dc with a forked lsasd via 008648a s3-smbd make change_to_user_by_session static from 0eaf91f selftest: mark samba4.smb2.getinfo.getinfo as knownfail http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 54d36099ec0c4e2739a954fb712a48fe2fbb7d1b Author: Andrew Bartlett abart...@samba.org Date: Wed Mar 7 21:39:14 2012 +1100 s3-rpc_server: Do not register embedded ncacn_np endpoints by default The end point mapper is primarily in support of lsasd, and the key SAMR, LSA and NETLOGON services being accessed over TCP/IP. The end point mapper does not appear to be used for the well-known mappings to named pipes, and we have a problem with how to safely register the embedded pipes. For now, disable this to avoid re-registration storms in production, until we sort out a better way. Andrew Bartlett Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Wed Mar 7 14:27:38 CET 2012 on sn-devel-104 commit 78f85b282ec52a320d0605c58cc51b7133bc0774 Author: Andrew Bartlett abart...@samba.org Date: Wed Mar 7 21:24:01 2012 +1100 s3-rpc_server: Register embedded RPC services after starting lsasd and spoolssd This ensures that these services are not accidentally registered in these child processes. Andrew Bartlett commit 781bb3617b9cf28dd001b919f970e60e74aac91d Author: Andrew Bartlett abart...@samba.org Date: Tue Mar 6 07:34:16 2012 +1100 s4-smb_server: Put error from share_get_config() into the logs commit 8466b3c85e4b835e57e41776853093f4a0edc8b8 Author: Andrew Bartlett abart...@samba.org Date: Tue Mar 6 22:11:06 2012 +1100 s3-rpc_server: Do not setup ncalrpc pipes and TCP for embedded rpc servers Embedded RPC services are those not launched in the preforked lsasd and spoolssd children. The reason that these child processes were created is that is is not possible to correctly listen for ncalrpc and TCP connections without creating a child process. Therefore, we should not have these embedded RPC services to listen on these sockets just because the endpoint mapper has been enabled. Andrew Bartlett commit 716a6c314c1d855b6e80850ffe7a8ca1ea4096d5 Author: Andrew Bartlett abart...@samba.org Date: Tue Mar 6 22:04:55 2012 +1100 selftest: Only run s3dc with a forked lsasd This ensures that we run ktest, member and s3member in the default configuration, to try and cover both code paths. (This does not change the tests being run, but at least the initialisation code will be checked, plus whatever the rpcclient test can cover). Andrew Bartlett commit 008648a034755d30900cce1ec04fba9ea18381c5 Author: Andrew Bartlett abart...@samba.org Date: Tue Mar 6 22:25:50 2012 +1100 s3-smbd make change_to_user_by_session static --- Summary of changes: selftest/target/Samba3.pm | 22 +++--- source3/rpc_server/rpc_service_setup.c | 155 ++-- source3/smbd/proto.h |2 - source3/smbd/server.c |8 +- source3/smbd/uid.c |4 +- source4/smb_server/smb/service.c |2 +- 6 files changed, 64 insertions(+), 129 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 797ae71..7e4e601 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -188,6 +188,17 @@ sub setup_s3dc($$) domain master = yes domain logons = yes lanman auth = yes + + rpc_server:epmapper = external + rpc_server:spoolss = external + rpc_server:lsarpc = external + rpc_server:samr = external + rpc_server:netlogon = external + rpc_server:register_embedded_np = yes + + rpc_daemon:epmd = fork + rpc_daemon:spoolssd = fork + rpc_daemon:lsasd = fork ; my $vars = $self-provision($path, @@ -943,17 +954,6 @@ sub provision($$) lpq cache time = 0 ncalrpc dir = $prefix_abs/ncalrpc - rpc_server:epmapper = external - rpc_server:spoolss = external - rpc_server:lsarpc = external - rpc_server:samr = external - rpc_server:netlogon = external - rpc_server:tcpip = yes - - rpc_daemon:epmd = fork - rpc_daemon:spoolssd = fork -
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7b1fb08 s4:librpc/rpc: make dcerpc_bh_raw_call_* more robust against disconnects and timeouts via 01c404a s4:librpc/rpc: make dcerpc_bh_is_connected() more robust from 54d3609 s3-rpc_server: Do not register embedded ncacn_np endpoints by default http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7b1fb088421565f1752acde02377237e4ca19248 Author: Stefan Metzmacher me...@samba.org Date: Wed Mar 7 16:54:18 2012 +0100 s4:librpc/rpc: make dcerpc_bh_raw_call_* more robust against disconnects and timeouts Using tevent_req_defer_callback() should make the situation a bit better, until we have a common robust low level dcerpc library. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Wed Mar 7 18:44:24 CET 2012 on sn-devel-104 commit 01c404a67c3321c8959b47841db5c1900b4ebac4 Author: Stefan Metzmacher me...@samba.org Date: Wed Mar 7 16:52:57 2012 +0100 s4:librpc/rpc: make dcerpc_bh_is_connected() more robust metze --- Summary of changes: source4/librpc/rpc/dcerpc.c | 23 +++ 1 files changed, 23 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index caf421b..599ad78 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -165,6 +165,14 @@ static bool dcerpc_bh_is_connected(struct dcerpc_binding_handle *h) return false; } + if (!hs-p-conn) { + return false; + } + + if (hs-p-conn-dead) { + return false; + } + return true; } @@ -186,6 +194,7 @@ static uint32_t dcerpc_bh_set_timeout(struct dcerpc_binding_handle *h, } struct dcerpc_bh_raw_call_state { + struct tevent_context *ev; struct dcerpc_binding_handle *h; DATA_BLOB in_data; DATA_BLOB out_data; @@ -215,6 +224,7 @@ static struct tevent_req *dcerpc_bh_raw_call_send(TALLOC_CTX *mem_ctx, if (req == NULL) { return NULL; } + state-ev = ev; state-h = h; state-in_data.data = discard_const_p(uint8_t, in_data); state-in_data.length = in_length; @@ -260,6 +270,19 @@ static void dcerpc_bh_raw_call_done(struct rpc_request *subreq) if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { status = dcerpc_fault_to_nt_status(fault_code); } + + /* +* We trigger the callback in the next event run +* because the code in this file might trigger +* multiple request callbacks from within a single +* while loop. +* +* In order to avoid segfaults from within +* dcerpc_connection_dead() we call +* tevent_req_defer_callback(). +*/ + tevent_req_defer_callback(req, state-ev); + if (!NT_STATUS_IS_OK(status)) { tevent_req_nterror(req, status); return; -- Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-03-07-2224/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-03-07-2224/samba3.stderr http://git.samba.org/autobuild.flakey/2012-03-07-2224/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-03-07-2224/samba4.stderr http://git.samba.org/autobuild.flakey/2012-03-07-2224/samba4.stdout The top commit at the time of the failure was: commit 7b1fb088421565f1752acde02377237e4ca19248 Author: Stefan Metzmacher me...@samba.org Date: Wed Mar 7 16:54:18 2012 +0100 s4:librpc/rpc: make dcerpc_bh_raw_call_* more robust against disconnects and timeouts Using tevent_req_defer_callback() should make the situation a bit better, until we have a common robust low level dcerpc library. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Wed Mar 7 18:44:24 CET 2012 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9788d6a Change default protocol to SMB2_02. via 0c3474b s3: piddir creation fix part 2. via e19cf64 addns: Fix the Solaris/Illumos build. via 25fbf90 s3: piddir creation fix. from 7b1fb08 s4:librpc/rpc: make dcerpc_bh_raw_call_* more robust against disconnects and timeouts http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9788d6a3489ff5df0de43ce9fabc35b20df52bb1 Author: Jeremy Allison j...@samba.org Date: Wed Mar 7 11:58:51 2012 -0800 Change default protocol to SMB2_02. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Wed Mar 7 22:41:21 CET 2012 on sn-devel-104 commit 0c3474b45e9ed8ad85bc524fa131033123da2d51 Author: Ira Cooper i...@samba.org Date: Tue Mar 6 20:58:37 2012 -0500 s3: piddir creation fix part 2. Since the piddir got moved from the lockdir by default, the default piddir wasn't getting created, stopping some configurations from running. Signed-off-by: Jeremy Allison j...@samba.org commit e19cf64356580b965c257f0b3b6ef9ca5b03ed62 Author: Ira Cooper i...@samba.org Date: Tue Mar 6 19:22:46 2012 -0500 addns: Fix the Solaris/Illumos build. uuid_t is not defined without including sys/uuid.h, configure+waf checks added. Signed-off-by: Jeremy Allison j...@samba.org commit 25fbf907e90a70e167c56dd63b44b0f5ff1d27a7 Author: Ira Cooper i...@samba.org Date: Tue Mar 6 19:25:16 2012 -0500 s3: piddir creation fix. Since the piddir got moved from the lockdir by default, the default piddir wasn't getting created stopping some configurations from running. Signed-off-by: Jeremy Allison j...@samba.org --- Summary of changes: docs-xml/smbdotconf/protocol/maxprotocol.xml | 20 +--- lib/addns/dnsutils.c |4 lib/addns/wscript|6 ++ source3/configure.in |1 + source3/nmbd/nmbd.c |4 source3/param/loadparm.c |2 +- source3/smbd/server.c|3 +++ source3/winbindd/winbindd.c |4 wscript |1 + 9 files changed, 41 insertions(+), 4 deletions(-) create mode 100644 lib/addns/wscript Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/protocol/maxprotocol.xml b/docs-xml/smbdotconf/protocol/maxprotocol.xml index 3648a5e..2ecf846 100644 --- a/docs-xml/smbdotconf/protocol/maxprotocol.xml +++ b/docs-xml/smbdotconf/protocol/maxprotocol.xml @@ -35,8 +35,22 @@ /listitem listitem paraconstantSMB2/constant: Re-implementation of the SMB protocol. - Used by Windows Vista and newer. The Samba implementation of SMB2 is - currently marked experimental!/para + Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available./para + itemizedlist + listitem + paraconstantSMB2_02/constant: The earliest SMB2 version./para + /listitem + listitem + paraconstantSMB2_10/constant: Windows 7 SMB2 version./para + /listitem + listitem + paraconstantSMB2_22/constant: Early Windows 8 SMB2 version./para + /listitem + listitem + paraconstantSMB2_24/constant: Windows 8 SMB2 version./para + /listitem + /itemizedlist + paraBy default SMB2 selects the SMB2_02 varient./para /listitem /itemizedlist @@ -48,6 +62,6 @@ relatedmin protocol/related synonymprotocol/synonym -value type=defaultNT1/value +value type=defaultSMB2/value value type=exampleLANMAN1/value /samba:parameter diff --git a/lib/addns/dnsutils.c b/lib/addns/dnsutils.c index 43305a9..5a63c61 100644 --- a/lib/addns/dnsutils.c +++ b/lib/addns/dnsutils.c @@ -25,6 +25,10 @@ #include dns.h #include ctype.h +#ifdef HAVE_SYS_UUID_H +#include sys/uuid.h +#endif + static DNS_ERROR LabelList( TALLOC_CTX *mem_ctx, const char *name, struct dns_domain_label **presult ) diff --git a/lib/addns/wscript b/lib/addns/wscript new file mode 100644 index 000..99e9358 --- /dev/null +++ b/lib/addns/wscript @@ -0,0 +1,6 @@ +#!/usr/bin/env python + +import Options + +def configure(conf): +conf.CHECK_HEADERS('sys/uuid.h') diff --git a/source3/configure.in b/source3/configure.in index 8c069a0..3736dcb 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -749,6 +749,7 @@ AC_CHECK_HEADERS(langinfo.h locale.h) AC_CHECK_HEADERS(xfs/libxfs.h) AC_CHECK_HEADERS(netgroup.h)
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 256e2df s4-selftest: create the st/provision if it didn't exists already via ddbca1c s4-upgradeprovision: Add options to do a DB backup only and not to fix acls in sysvol from 9788d6a Change default protocol to SMB2_02. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 256e2df9dc147b6d98afb4fa2ccdf5f65eaef30c Author: Matthieu Patou m...@matws.net Date: Tue Mar 6 23:22:54 2012 -0800 s4-selftest: create the st/provision if it didn't exists already Autobuild-User: Matthieu Patou m...@samba.org Autobuild-Date: Thu Mar 8 00:25:24 CET 2012 on sn-devel-104 commit ddbca1cde6e1f1f0a362506527322383c4dd5685 Author: Matthieu Patou m...@matws.net Date: Tue Mar 6 21:44:45 2012 -0800 s4-upgradeprovision: Add options to do a DB backup only and not to fix acls in sysvol --- Summary of changes: source4/scripting/bin/upgradeprovision | 43 +- source4/setup/tests/blackbox_upgradeprovision.sh |2 + 2 files changed, 28 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision index 7003717..4986f8a 100755 --- a/source4/scripting/bin/upgradeprovision +++ b/source4/scripting/bin/upgradeprovision @@ -161,8 +161,12 @@ parser.add_option(--debugall, action=store_true, help=Print all available information (very verbose)) parser.add_option(--resetfileacl, action=store_true, help=Force a reset on filesystem acls in sysvol / netlogon share) +parser.add_option(--nontaclfix, action=store_true, + help=In full upgrade mode do not try to upgrade sysvol / netlogon acls) parser.add_option(--fixntacl, action=store_true, help=Only fix NT ACLs in sysvol / netlogon share) +parser.add_option(--db_backup_only, action=store_true, + help=Do the backup of the database in the provision, skip the sysvol / netlogon shares) parser.add_option(--full, action=store_true, help=Perform full upgrade of the samdb (schema, configuration, new objects, ...) @@ -1464,14 +1468,15 @@ def update_samdb(ref_samdb, samdb, names, provisionUSNs, schema, prereloadfunc): return 0 -def backup_provision(paths, dir): +def backup_provision(paths, dir, only_db): This function backup the provision files so that a rollback is possible :param paths: Paths to different objects :param dir: Directory where to store the backup +:param only_db: Skip sysvol for users with big sysvol -if paths.sysvol: +if paths.sysvol and not only_db: copytree_with_xattrs(paths.sysvol, os.path.join(dir, sysvol)) shutil.copy2(paths.samdb, dir) shutil.copy2(paths.secrets, dir) @@ -1649,6 +1654,9 @@ def sync_calculated_attributes(samdb, names): if __name__ == '__main__': global defSDmodified defSDmodified = False + +if opts.nontaclfix and opts.fixntacl: +message(SIMPLE, nontaclfix and fixntacl are mutally exclusive) # From here start the big steps of the program # 1) First get files paths paths = get_paths(param, smbconf=smbconf) @@ -1662,7 +1670,7 @@ if __name__ == '__main__': ldbs = get_ldbs(paths, creds, session, lp) backupdir = tempfile.mkdtemp(dir=paths.private_dir, prefix=backupprovision) -backup_provision(paths, backupdir) +backup_provision(paths, backupdir, opts.db_backup_only) try: ldbs.startTransactions() @@ -1889,20 +1897,21 @@ if __name__ == '__main__': update_provision_usn(ldbs.sam, minUSN, maxUSN, names.invocation) if opts.full and (names.policyid is None or names.policyid_dc is None): update_policyids(names, ldbs.sam) -if opts.full or opts.resetfileacl or opts.fixntacl: -try: -update_gpo(paths, ldbs.sam, names, lp, message, 1) -except ProvisioningError, e: -message(ERROR, The policy for domain controller is missing. -You should restart upgradeprovision with --full) -except IOError, e: -message(ERROR, Setting ACL not supported on your filesystem) -else: -try: -update_gpo(paths, ldbs.sam, names, lp, message, 0) -except ProvisioningError, e: -message(ERROR, The policy for domain controller is missing. -You should restart upgradeprovision with --full) +if opts.nontaclfix: +if opts.full or opts.resetfileacl or opts.fixntacl: +try: +update_gpo(paths, ldbs.sam, names, lp, message, 1) +except
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-03-08-0029/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-03-08-0029/samba3.stderr http://git.samba.org/autobuild.flakey/2012-03-08-0029/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-03-08-0029/samba4.stderr http://git.samba.org/autobuild.flakey/2012-03-08-0029/samba4.stdout The top commit at the time of the failure was: commit 9788d6a3489ff5df0de43ce9fabc35b20df52bb1 Author: Jeremy Allison j...@samba.org Date: Wed Mar 7 11:58:51 2012 -0800 Change default protocol to SMB2_02. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Wed Mar 7 22:41:21 CET 2012 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b442e37 failtest: don't assume FD_SETSIZE is maximum runtime fd. from 256e2df s4-selftest: create the st/provision if it didn't exists already http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b442e375256d93637b38f997a78e330ba4774c43 Author: Rusty Russell ru...@rustcorp.com.au Date: Thu Mar 8 14:14:22 2012 +1030 failtest: don't assume FD_SETSIZE is maximum runtime fd. This breaks when rlimit is less. Unfortunately, valgrind (32 bit x86, 3.7.0.SVN, Ubuntu) fails to set the file limit properly on the test: reducing it to the obvious getrlimit/setrlimit/getrlimit works fine, so leaving diagnostics for another day. Signed-off-by: Rusty Russell ru...@rustcorp.com.au (Imported from CCAN commit a85a809bb17af6b6cf6fa31b300c6622f64ee700) Autobuild-User: Rusty Russell ru...@rustcorp.com.au Autobuild-Date: Thu Mar 8 06:30:48 CET 2012 on sn-devel-104 --- Summary of changes: lib/ccan/failtest/_info |3 ++ lib/ccan/failtest/failtest.c | 17 -- lib/ccan/failtest/test/run-with-fdlimit.c | 51 + 3 files changed, 68 insertions(+), 3 deletions(-) create mode 100644 lib/ccan/failtest/test/run-with-fdlimit.c Changeset truncated at 500 lines: diff --git a/lib/ccan/failtest/_info b/lib/ccan/failtest/_info index 14dcb78..4a5b97c 100644 --- a/lib/ccan/failtest/_info +++ b/lib/ccan/failtest/_info @@ -54,6 +54,9 @@ * * License: LGPL * Author: Rusty Russell ru...@rustcorp.com.au + * Ccanlint: + * // valgrind seems to mess up rlimit. + * tests_pass_valgrind test/run-with-fdlimit.c:FAIL */ int main(int argc, char *argv[]) { diff --git a/lib/ccan/failtest/failtest.c b/lib/ccan/failtest/failtest.c index 701586e..5f68394 100644 --- a/lib/ccan/failtest/failtest.c +++ b/lib/ccan/failtest/failtest.c @@ -14,6 +14,7 @@ #include sys/stat.h #include sys/time.h #include sys/mman.h +#include sys/resource.h #include signal.h #include assert.h #include ccan/time/time.h @@ -194,11 +195,21 @@ static struct failtest_call *add_history_(enum failtest_call_type type, static int move_fd_to_high(int fd) { int i; + struct rlimit lim; + int max; - for (i = FD_SETSIZE - 1; i = 0; i--) { + if (getrlimit(RLIMIT_NOFILE, lim) == 0) { + max = lim.rlim_cur; + printf(Max is %i\n, max); + } else + max = FD_SETSIZE; + + for (i = max - 1; i fd; i--) { if (fcntl(i, F_GETFL) == -1 errno == EBADF) { - if (dup2(fd, i) == -1) - err(1, Failed to dup fd %i to %i, fd, i); + if (dup2(fd, i) == -1) { + warn(Failed to dup fd %i to %i, fd, i); + continue; + } close(fd); return i; } diff --git a/lib/ccan/failtest/test/run-with-fdlimit.c b/lib/ccan/failtest/test/run-with-fdlimit.c new file mode 100644 index 000..6b4483f --- /dev/null +++ b/lib/ccan/failtest/test/run-with-fdlimit.c @@ -0,0 +1,51 @@ +/* Include the C files directly. */ +#include ccan/failtest/failtest.c +#include stdlib.h +#include err.h +#include ccan/tap/tap.h + +int main(void) +{ + int fd, pfd[2], ecode; + struct rlimit lim; + + if (getrlimit(RLIMIT_NOFILE, lim) != 0) + err(1, getrlimit RLIMIT_NOFILE fail?); + + printf(rlimit = %lu/%lu (inf=%lu)\n, + (long)lim.rlim_cur, (long)lim.rlim_max, + (long)RLIM_INFINITY); + lim.rlim_cur /= 2; + if (lim.rlim_cur 8) + errx(1, getrlimit limit %li too low, (long)lim.rlim_cur); + if (setrlimit(RLIMIT_NOFILE, lim) != 0) + err(1, setrlimit RLIMIT_NOFILE (%li/%li), + (long)lim.rlim_cur, (long)lim.rlim_max); + + plan_tests(2); + failtest_init(0, NULL); + + if (pipe(pfd)) + abort(); + + fd = failtest_open(run-with-fdlimit-scratch, run-with_fdlimit.c, 1, + O_RDWR|O_CREAT, 0600); + if (fd == -1) { + /* We are the child: write error code for parent to check. */ + ecode = errno; + if (write(pfd[1], ecode, sizeof(ecode)) != sizeof(ecode)) + abort(); + failtest_exit(0); + } + + /* Check child got correct errno. */ + ok1(read(pfd[0], ecode, sizeof(ecode)) == sizeof(ecode)); + ok1(ecode == EACCES); + + /* Clean up. */ + failtest_close(fd, run-open.c, 1); + close(pfd[0]); + close(pfd[1]); + + return exit_status(); +} -- Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-03-08-0827/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-03-08-0827/samba3.stderr http://git.samba.org/autobuild.flakey/2012-03-08-0827/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-03-08-0827/samba4.stderr http://git.samba.org/autobuild.flakey/2012-03-08-0827/samba4.stdout The top commit at the time of the failure was: commit b442e375256d93637b38f997a78e330ba4774c43 Author: Rusty Russell ru...@rustcorp.com.au Date: Thu Mar 8 14:14:22 2012 +1030 failtest: don't assume FD_SETSIZE is maximum runtime fd. This breaks when rlimit is less. Unfortunately, valgrind (32 bit x86, 3.7.0.SVN, Ubuntu) fails to set the file limit properly on the test: reducing it to the obvious getrlimit/setrlimit/getrlimit works fine, so leaving diagnostics for another day. Signed-off-by: Rusty Russell ru...@rustcorp.com.au (Imported from CCAN commit a85a809bb17af6b6cf6fa31b300c6622f64ee700) Autobuild-User: Rusty Russell ru...@rustcorp.com.au Autobuild-Date: Thu Mar 8 06:30:48 CET 2012 on sn-devel-104