Re: [Samba] UID/GID mapping consistency across at least two Linux machines
Thanks! But how is this related to my problem? is there any pitfalls when some user is a member of many groups? is their uid idepends on their group membership ? -- View this message in context: http://samba.2283325.n4.nabble.com/UID-GID-mapping-consistency-across-at-least-two-Linux-machines-tp4543255p4551082.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Restricting access to [homes]
Hi all. Is it just me or there's no way to restrict access to [homes] share to members of an AD group? Or is it treated like an ordinary Unix group via Winbind mapping? If I use valid users = %S (to give access to the home only to the owner), every domain user (worse: every user in any trusted domain) can access his/her own share... if path exists. That leads to the second problem: is it possible to automatically create the home dir if it's missing (w/o requiring the user to log on the server)? Sort of pam_mkhomedir for shares... I have to handle laboratories w/ a lot of students, and pre-creating homes would be impractical, while giving access to everybody in the university is a waste of resources... TIA, Diego. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.6.4 segfaults on guest authentication
Hi, I recently updated to Samba 3.6.4 from 3.6.0 (on Solaris 10 x86). Since then, passwordless guest authentication makes smbd crash with a segfault. I run the following command to test if the Samba server is available via Nagios: smbclient -U guest -N -L smb-serv Since the update, it returns with: session setup failed: NT_STATUS_PIPE_BROKEN Server side level 10 log and a stacktrace of the resulting coredump are attached. Any help with this would be appreciated. Regards, Christian Manal core 'core' of 15868: /services/samba/sbin/smbd -D fe90bb17 _lwp_kill (1, 6) + 7 fe8b365f raise(6) + 1f fe892961 abort(6, 0, 8a7afc7, 8a7afeb, 8b41f1c, 8a7a122) + cd 084f7168 (8a7dbf6, 3dfc, 0, 8a7adb8, 0, 8046014) 085094b4 log_stack_trace (8a7adb8, 0, 8a7ada9, 8a7b005, fe97e000, fe3d2a00) 084f6a3a sig_fault (b, 0, 80460a0, fe8f5ac3, 8046058, fe8f5ac3) 084f6a4b sig_fault (b, 0, 80460f8) + 11 fe908e9f __sighndlr (b, 0, 80460f8, 84f6a3a) + f fe8feb7f call_user_handler (b, 0, 80460f8) + 22b fe8fecc0 sigacthandler (b, 0, 80460f8) + 7c --- called from signal handler with signal 11 (SIGSEGV) --- fe8863dc strlen (891dc3b, 80471b4, 80470b0, 0) + c fe8e4953 vsnprintf (80470f0, 80, 891dc08, 80471b4) + 73 fe8e0d60 vasprintf (8047190, 891dc08, 80471b4, 2, 0, 80471b4) + 34 084f62b1 dbgtext (891dc08, 8b68f60, 0, 891e0cf, 891dba3, 100) + 3e 080f60b4 register_existing_vuid (8b64de0, 64, 0, 8b69a58, 0, 80473a4) + 1fd 081330f9 reply_sesssetup_and_X (8bad0e8, 1, 8bad058, 5c, 27, 0) + 15b5 081792f6 switch_message (73, 8bad0e8, 5c, 0, 0, 0) + 686 0817947f construct_reply (8b64de0, 0, 5c, 0, 0, 0) + 17b 081797b2 process_smb (8b64de0, 8bad058, 5c, 0, 0, 0) + 1ed 0817aaac smbd_server_connection_read_handler (8b64de0, 19, 3b, f300d, 8b64e2c, 8b64e2c) + 218 0817ab1f smbd_server_connection_handler (8b64d68, 8b92e48, 1, 8b64de0, 0, 8bab4c8) + 68 0851c991 run_events_poll (8b64d68, 1, 8ba4d28, 2, 8047810, fea2c230) + 630 08178835 smbd_server_connection_loop_once (8047874, 8b64de0, 19, 1, 817aab7, 8b64de0) + 115 0817d273 smbd_process (8b64de0, , 9cf1f71a, 584cec60, 33, 9cf1f71a) + c72 0890dd7f smbd_accept_connection (8b64d68, 8ba7c38, 1, 8ba7660, 0, 8047e14) + 416 0851c991 run_events_poll (8b64d68, 1, 8b6c098, 5, 8047bf4, 84dc1ac) + 630 0851cc1f s3_event_loop_once (8b64d68, 8b30e50, 8b647c0, 85222b1, 8ba4960, 8b41f1c) + 14e 0851dbcc _tevent_loop_once (8b64d68, 8b30e50, 8b30e25, 8b3149d, 0, 8b31485) + dd 0890eaa1 smbd_parent_loop (8bad990, 8b31485, 0, 8b31401, , 2e0b57be) + 85 0890fc1f main (80d9c60, 2, 8047e98) + 1106 080d9c60 _start (2, 8047f24, 8047f3e, 0, 8047f41, 8047f59) + 80 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.4 segfaults on guest authentication
On Thu, Apr 12, 2012 at 10:52:48AM +0200, Christian Manal wrote: Hi, I recently updated to Samba 3.6.4 from 3.6.0 (on Solaris 10 x86). Since then, passwordless guest authentication makes smbd crash with a segfault. I run the following command to test if the Samba server is available via Nagios: smbclient -U guest -N -L smb-serv Since the update, it returns with: session setup failed: NT_STATUS_PIPE_BROKEN Server side level 10 log and a stacktrace of the resulting coredump are attached. Any help with this would be appreciated. Sorry, but I do not see the level 10 log. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.4 segfaults on guest authentication
On 12.04.2012 11:38, Volker Lendecke wrote: On Thu, Apr 12, 2012 at 10:52:48AM +0200, Christian Manal wrote: Hi, I recently updated to Samba 3.6.4 from 3.6.0 (on Solaris 10 x86). Since then, passwordless guest authentication makes smbd crash with a segfault. I run the following command to test if the Samba server is available via Nagios: smbclient -U guest -N -L smb-serv Since the update, it returns with: session setup failed: NT_STATUS_PIPE_BROKEN Server side level 10 log and a stacktrace of the resulting coredump are attached. Any help with this would be appreciated. Sorry, but I do not see the level 10 log. Volker Hmm, seems like it got swallowed somewhere along the way. The attachment is there in my outgoing mail folder. Second try. Regards, Christian Manal [2012/04/12 10:41:18.762778, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /services/samba/etc/smb.conf - /services/samba/etc/smb.conf last mod_time: Thu Apr 12 10:41:12 2012 [2012/04/12 10:41:18.762908, 5] auth/auth_util.c:110(make_user_info_map) Mapping user [WORKGROUP]\[guest] from workstation [CLIENT] [2012/04/12 10:41:18.762969, 5] auth/auth_util.c:131(make_user_info_map) Mapped domain from [WORKGROUP] to [SMB-SERV] for user [guest] from workstation [CLIENT] [2012/04/12 10:41:18.763007, 5] auth/user_info.c:59(make_user_info) attempting to make a user_info for guest (guest) [2012/04/12 10:41:18.763042, 5] auth/user_info.c:70(make_user_info) making strings for guest's user_info struct [2012/04/12 10:41:18.763079, 5] auth/user_info.c:87(make_user_info) making blobs for guest's user_info struct [2012/04/12 10:41:18.763115, 10] auth/user_info.c:123(make_user_info) made a user_info for guest (guest) [2012/04/12 10:41:18.763149, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [WORKGROUP]\[guest]@[CLIENT] with the new password interface [2012/04/12 10:41:18.763186, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [SMB-SERV]\[guest]@[CLIENT] [2012/04/12 10:41:18.763221, 10] auth/auth.c:231(check_ntlm_password) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2012/04/12 10:41:18.763256, 10] auth/auth.c:233(check_ntlm_password) challenge is: [2012/04/12 10:41:18.763289, 5] ../lib/util/util.c:415(dump_data) [] D2 C1 61 CD 4E BB 7A 50..a.N.zP [2012/04/12 10:41:18.763364, 10] auth/auth_builtin.c:44(check_guest_security) Check auth for: [guest] [2012/04/12 10:41:18.763398, 10] auth/auth.c:259(check_ntlm_password) check_ntlm_password: guest had nothing to say [2012/04/12 10:41:18.763443, 10] auth/auth_sam.c:75(auth_samstrict_auth) Check auth for: [guest] [2012/04/12 10:41:18.763478, 8] lib/util.c:1521(is_myname) is_myname(SMB-SERV) returns 1 [2012/04/12 10:41:18.763516, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/04/12 10:41:18.763566, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/04/12 10:41:18.763602, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/04/12 10:41:18.763636, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/04/12 10:41:18.763671, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/04/12 10:41:18.763806, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base = [dc=example,dc=com], filter = [((uid=guest)(objectclass=sambaSamAccount))], scope = [2] [2012/04/12 10:41:18.764930, 5] lib/smbldap.c:1341(smbldap_close) The connection to the LDAP server was closed [2012/04/12 10:41:18.764998, 10] lib/smbldap.c:819(smb_ldap_setup_conn) smb_ldap_setup_connection: ldap://ldap.example.com/ [2012/04/12 10:41:18.788259, 3] lib/smbldap.c:803(smb_ldap_start_tls) StartTLS issued: using a TLS connection [2012/04/12 10:41:18.788373, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2012/04/12 10:41:18.788411, 10] lib/smbldap.c:1194(smbldap_connect_system) ldap_connect_system: Binding to ldap server ldap://ldap.example.com/ as cn=samba,dc=example,dc=com [2012/04/12 10:41:18.789588, 3] lib/smbldap.c:1240(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2012/04/12 10:41:18.789653, 4] lib/smbldap.c:1319(smbldap_open) The LDAP server is successfully connected [2012/04/12 10:41:18.791015, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [guest] count=0 [2012/04/12 10:41:18.791085, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/04/12 10:41:18.791122, 3] auth/check_samsec.c:399(check_sam_security)
Re: [Samba] Restricting access to [homes]
On Thu, 2012-04-12 at 11:21 +0200, NdK wrote: Hi all. Is it just me or there's no way to restrict access to [homes] share to members of an AD group? Or is it treated like an ordinary Unix group via Winbind mapping? If I use valid users = %S (to give access to the home only to the owner), every domain user (worse: every user in any trusted domain) can access his/her own share... if path exists. That leads to the second problem: is it possible to automatically create the home dir if it's missing (w/o requiring the user to log on the server)? Sort of pam_mkhomedir for shares... Use the exec option for the share to call out a script to create the home directory and set ownership etc. correctly. Note if no home directory exists then you cannot access the share, so your script to create their home directory automatically can test to see if they are a member of a suitable group. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.4 segfaults on guest authentication
On Thu, Apr 12, 2012 at 11:41:14AM +0200, Christian Manal wrote:
On 12.04.2012 11:38, Volker Lendecke wrote:
On Thu, Apr 12, 2012 at 10:52:48AM +0200, Christian Manal wrote:
Hi,
I recently updated to Samba 3.6.4 from 3.6.0 (on Solaris 10 x86). Since
then, passwordless guest authentication makes smbd crash with a segfault.
I run the following command to test if the Samba server is available via
Nagios:
smbclient -U guest -N -L smb-serv
Since the update, it returns with:
session setup failed: NT_STATUS_PIPE_BROKEN
Does the attached patch help?
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kont...@sernet.de
From 911cb5448c4ce197eadd7c83b512f867d4fbf14e Mon Sep 17 00:00:00 2001
From: Volker Lendecke v...@samba.org
Date: Thu, 12 Apr 2012 12:15:50 +0200
Subject: [PATCH] s3: Fix a segfault with debug level 3 on Solaris
printf can not deal with NULL strings
---
source3/smbd/password.c |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index ddc7ad1..f032a56 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -294,7 +294,8 @@ int register_existing_vuid(struct smbd_server_connection
*sconn,
DEBUG(3, (register_existing_vuid: User name: %s\t
Real name: %s\n, vuser-session_info-unix_name,
- vuser-session_info-info3-base.full_name.string));
+ vuser-session_info-info3-base.full_name.string ?
+ vuser-session_info-info3-base.full_name.string : ));
if (!vuser-session_info-security_token) {
DEBUG(1, (register_existing_vuid: session_info does not
--
1.7.5.4
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.4 segfaults on guest authentication
On 12.04.2012 12:18, Volker Lendecke wrote: On Thu, Apr 12, 2012 at 11:41:14AM +0200, Christian Manal wrote: On 12.04.2012 11:38, Volker Lendecke wrote: On Thu, Apr 12, 2012 at 10:52:48AM +0200, Christian Manal wrote: Hi, I recently updated to Samba 3.6.4 from 3.6.0 (on Solaris 10 x86). Since then, passwordless guest authentication makes smbd crash with a segfault. I run the following command to test if the Samba server is available via Nagios: smbclient -U guest -N -L smb-serv Since the update, it returns with: session setup failed: NT_STATUS_PIPE_BROKEN Does the attached patch help? Volker Looks good. Thank you! Regards, Christian Manal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] user map Problem with security= ADS after upgrade form 3.5.13 to 3.6.4
Hi we are running samba on Linux as an AD member. Linux is integrated into the AD with Vintella Authentification services. The normal AD Users are unix enabled and available on the linux system using nss/vas. Therefore we used idmap config DLR: backend = nss idmap config DLR: readonly = yes In the AD we have some administrative accounts which are not unix enabled (like username-adm) Up to samba 3.5.13 we have been able to map this administrative accounts to root on the samba server root = DLR\username-adm With 3.6.4 this does not work any more If I connect form a workstation logged in as DOMAIN\username-adm I get a password prompt It seems that the mapping is ok Kerberos ticket principal name is [username-...@intra.dlr.de] [2012/04/12 13:33:35.920072, 3] auth/user_util.c:402(map_username) Mapped user DLR\username-adm to root but with 3.6.4 ist seems that even a user ist mapped to root a unix account is required for the original user Failed to find authenticated user DLR\username-adm via getpwnam(), denying access. Of cource we can unix enable an adm-account, but before doing so, I want to now, if there might be another solution Regards Hansjörg [2012/04/12 13:33:35.870906, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/04/12 13:33:35.871057, 2] smbd/sesssetup.c:1279(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/04/12 13:33:35.871282, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/04/12 13:33:35.871472, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[Windows Server 2003 3790 Service Pack 2] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 5.2] [2012/04/12 13:33:35.871698, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 6731 [2012/04/12 13:33:35.876804, 3] libads/authdata.c:332(decode_pac_data) Found account name from PAC: username-adm [username-adm] [2012/04/12 13:33:35.877386, 3] auth/user_krb5.c:50(get_user_from_kerberos_info) Kerberos ticket principal name is [username-...@intra.dlr.de] [2012/04/12 13:33:35.877609, 3] auth/user_util.c:402(map_username) Mapped user DLR\username-adm to root [2012/04/12 13:33:35.896434, 3] auth/auth_util.c:1028(check_account) Failed to find authenticated user DLR\username-adm via getpwnam(), denying access. [2012/04/12 13:33:35.896609, 1] auth/user_krb5.c:211(make_server_info_krb5) make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER! [2012/04/12 13:33:35.896794, 1] smbd/sesssetup.c:379(reply_spnego_kerberos) make_server_info_krb5 failed! [2012/04/12 13:33:35.896975, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(383) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2012/04/12 13:33:35.898900, 3] smbd/server_exit.c:180(exit_server_common) Server exit (failed to receive smb request) [2012/04/12 13:33:35.911450, 3] smbd/negprot.c:419(reply_nt1) using SPNEGO [2012/04/12 13:33:35.911651, 3] smbd/negprot.c:704(reply_negprot) Selected protocol NT LM 0.12 [2012/04/12 13:33:35.912998, 3] smbd/process.c:1662(process_smb) Transaction 1 of length 6992 (0 toread) [2012/04/12 13:33:35.913232, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 4861) conn 0x0 [2012/04/12 13:33:35.913366, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/04/12 13:33:35.913530, 2] smbd/sesssetup.c:1279(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/04/12 13:33:35.913647, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/04/12 13:33:35.913803, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[Windows Server 2003 3790 Service Pack 2] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 5.2] [2012/04/12 13:33:35.914000, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 6731 [2012/04/12 13:33:35.919423, 3] libads/authdata.c:332(decode_pac_data) Found account name from PAC: username-adm [username-adm] [2012/04/12 13:33:35.919825, 3] auth/user_krb5.c:50(get_user_from_kerberos_info) Kerberos ticket principal name is [username-...@intra.dlr.de] [2012/04/12 13:33:35.920072, 3] auth/user_util.c:402(map_username) Mapped user DLR\username-adm to root [2012/04/12 13:33:35.931919, 3] auth/auth_util.c:1028(check_account) Failed to find authenticated user DLR\username-adm via getpwnam(), denying access. [2012/04/12 13:33:35.932087, 1] auth/user_krb5.c:211(make_server_info_krb5) make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER! [2012/04/12 13:33:35.932385, 1] smbd/sesssetup.c:379(reply_spnego_kerberos) make_server_info_krb5 failed! [2012/04/12 13:33:35.932603, 3] smbd/error.c:81(error_packet_set) error packet at
[Samba] Samba 3.6.4 on Solaris - groups for user inconsistent
Hi all, I'm having an issue with Samba 3.6.4 on Solaris using Active Directory with a Windows Server 2008 domain controller. I should state early on that I do not believe this is a manifestation of the Solaris 16 group limit - the number of groups is well below 16. Winbind seems to be working fine - I can use wbinfo -r to check the groups that a user is a member of, it returns the list of Active Directory groups that the userid belongs to: # /opt/samba/bin/wbinfo -r triddel 5000 10501 1 10586 20001 (You'll note that the above list differs from the lists below - this is because some of the groups have no NIS domain defined in AD.) What I see is smbd panicking when initialising groups for a user, it seems to be trying (and failing) to set one of the groups to -1: [2012/04/12 18:01:20.950498, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 11 supplementary groups Group[ 0]: 5000 Group[ 1]: -1 Group[ 2]: 10501 Group[ 3]: 1 Group[ 4]: 10586 Group[ 5]: 10590 Group[ 6]: 10505 Group[ 7]: 20002 Group[ 8]: 20003 Group[ 9]: 20004 Group[ 10]: 20001 The corresponding truss output looks like this: 6114: setgroups(11, 0x08933B50) Err#22 EINVAL 6114: 5000-1 10501 1 10586 10590 10505 20002 20003 20004 6114:20001 The group with gid -1 corresponds to a group defined in /etc/group, the rest come from Active Directory. Occasionally smbd works correctly, and I see this in the log: [2012/04/12 17:57:58.790716, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 10 supplementary groups Group[ 0]: 5000 Group[ 1]: 10501 Group[ 2]: 1 Group[ 3]: 10586 Group[ 4]: 10590 Group[ 5]: 10505 Group[ 6]: 20002 Group[ 7]: 20003 Group[ 8]: 20004 Group[ 9]: 20001 This may not be relevant, but I also see the list of groups being shuffled: [2012/04/12 18:01:17.915485, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 11 supplementary groups Group[ 0]: 5000 Group[ 1]: 10501 Group[ 2]: 1 Group[ 3]: 10586 Group[ 4]: -1 Group[ 5]: 10590 Group[ 6]: 10505 Group[ 7]: 20002 Group[ 8]: 20003 Group[ 9]: 20004 Group[ 10]: 20001 The Samba config. looks like this: [global] disable spoolss = Yes disable netbios = yes show add printer wizard = No security = ADS log level = 10 realm = FOO.BAR.COM password server = * kerberos method = system keytab workgroup = INTRA client lanman auth = no client ntlmv2 auth = yes max protocol = SMB2 winbind enum users = yes winbind enum groups = yes winbind separator = + winbind use default domain = yes winbind nss info = rfc2307 winbind refresh tickets = yes winbind cache time = 15 idmap config * : range = 2-3 idmap config * : backend = tdb idmap config INTRA : backend = ad idmap config INTRA : range = 1000-2 idmap config INTRA : schema_mode = rfc3207 [foo] path = /live/home/triddel read only = no force create mode = 0600 force directory mode = 2700 browsable = no Can anyone shed any light on this? Thanks. Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can mkdir on samba share but not copy directory from local disk to samba share
Hi We are running a large samba servers within an NT4.0 domain (yes, I know) The samba version is 3.5.10: smbd -b|less Build environment: Built by:root@sfw10-patch Built on:Wed Oct 26 11:23:15 PDT 2011 Built using: /ws/on10-tools/SUNWspro/SS12/bin/cc Build host: SunOS sfw10-patch 5.10 Generic sun4u sparc SUNW,Sun-Fire-V210 SRCDIR: /sfw10/builds/build/sfw10-patch/usr/src/cmd/samba/samba-3.5.10/source3 BUILDDIR: /sfw10/builds/build/sfw10-patch/usr/src/cmd/samba/samba-3.5.10/source3 (...) running on Solaris (Sparc:) uname -a SunOS XX 5.10 Generic_147440-13 sun4u sparc SUNW,Sun-Fire-V440 File system is ZFS. The system has been recently moved from older OS and samba versions. (I'm not the primary admin but the guy supposed to know about the samba part.) I've found now that since we moved there is trouble with some file operations: I can create directories on the share with mkdir (from Win XP) just fine, but copying directories from a local file system to a samba share with xcopy ... /e fails. xcopy from samba share to samba share works, as well as xcopy'ing files. Where should I start to dig? Here's my configuration [global] workgroup = Y netbios name = XXX server string = Samba Server %v, Solaris 10 (ZFS) security = DOMAIN allow trusted domains = No username level = 1 log level = 1 log file = /var/samba/log/clients/%m_%I max log size = 512 load printers = No printcap name = /dev/null dns proxy = No wins server = z winbind trusted domains only = Yes hosts allow = 137.248., 192.168. nt acl support = No printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j [homes] comment = Home Directories read only = No create mask = 0740 directory mask = 0750 veto files = /public_html/ hide files = /desktop.ini/ browseable = No volume = HOME [public_html] comment = User Webspace path = %H/public_html read only = No hide dot files = No mangled names = No [ntprofiles] comment = Benutzerprofile path = /WinNT-Profiles read only = No create mask = 0740 directory mask = 0750 hide files = /desktop.ini/ browseable = No csc policy = disable Kind regards Wolfgang -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.4 on Solaris - groups for user inconsistent
From the Solaris man page of
http://docs.oracle.com/cd/E19963-01/html/821-1463/getgroups-2.html
...
The setgroups() function will fail if:
EINVAL
The value of /ngroups/ is greater than {NGROUPS_MAX}.
...
According to your truss setgroups returns EINVAL.
Solaris (10) no longer has the 16 group limitation
Starting from Solaris 10 Update 10 or starting with the patch bundle
144500-07 http://wesunsolve.net/patch/id/144500-07 (sparc) / 144501-07
http://wesunsolve.net/patch/id/144501-07 (x86)
one can set ngroups_max up to 1024 in /etc/system.(a reboot is required)
I recommend you to upgrade to Solaris 10 update 10.
HTH,
Bart
On 12/04/12 19:21, Toby Riddell wrote:
Hi all,
I'm having an issue with Samba 3.6.4 on Solaris using Active Directory
with a Windows Server 2008 domain controller. I should state early on
that I do not believe this is a manifestation of the Solaris 16 group
limit - the number of groups is well below 16.
Winbind seems to be working fine - I can use wbinfo -r to check the
groups that a user is a member of, it returns the list of Active
Directory groups that the userid belongs to:
# /opt/samba/bin/wbinfo -r triddel
5000
10501
1
10586
20001
(You'll note that the above list differs from the lists below - this
is because some of the groups have no NIS domain defined in AD.)
What I see is smbd panicking when initialising groups for a user, it
seems to be trying (and failing) to set one of the groups to -1:
[2012/04/12 18:01:20.950498, 10] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 10017
Primary group is 5000 and contains 11 supplementary groups
Group[ 0]: 5000
Group[ 1]: -1
Group[ 2]: 10501
Group[ 3]: 1
Group[ 4]: 10586
Group[ 5]: 10590
Group[ 6]: 10505
Group[ 7]: 20002
Group[ 8]: 20003
Group[ 9]: 20004
Group[ 10]: 20001
The corresponding truss output looks like this:
6114: setgroups(11, 0x08933B50) Err#22 EINVAL
6114: 5000-1 10501 1 10586 10590 10505 20002 20003 20004
6114:20001
The group with gid -1 corresponds to a group defined in /etc/group,
the rest come from Active Directory.
Occasionally smbd works correctly, and I see this in the log:
[2012/04/12 17:57:58.790716, 10] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 10017
Primary group is 5000 and contains 10 supplementary groups
Group[ 0]: 5000
Group[ 1]: 10501
Group[ 2]: 1
Group[ 3]: 10586
Group[ 4]: 10590
Group[ 5]: 10505
Group[ 6]: 20002
Group[ 7]: 20003
Group[ 8]: 20004
Group[ 9]: 20001
This may not be relevant, but I also see the list of groups being shuffled:
[2012/04/12 18:01:17.915485, 10] auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 10017
Primary group is 5000 and contains 11 supplementary groups
Group[ 0]: 5000
Group[ 1]: 10501
Group[ 2]: 1
Group[ 3]: 10586
Group[ 4]: -1
Group[ 5]: 10590
Group[ 6]: 10505
Group[ 7]: 20002
Group[ 8]: 20003
Group[ 9]: 20004
Group[ 10]: 20001
The Samba config. looks like this:
[global]
disable spoolss = Yes
disable netbios = yes
show add printer wizard = No
security = ADS
log level = 10
realm = FOO.BAR.COM
password server = *
kerberos method = system keytab
workgroup = INTRA
client lanman auth = no
client ntlmv2 auth = yes
max protocol = SMB2
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
winbind use default domain = yes
winbind nss info = rfc2307
winbind refresh tickets = yes
winbind cache time = 15
idmap config * : range = 2-3
idmap config * : backend = tdb
idmap config INTRA : backend = ad
idmap config INTRA : range = 1000-2
idmap config INTRA : schema_mode = rfc3207
[foo]
path = /live/home/triddel
read only = no
force create mode = 0600
force directory mode = 2700
browsable = no
Can anyone shed any light on this?
Thanks.
Toby
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.4 on Solaris - groups for user inconsistent
Can you add a group mapping for your unix group to a Windows group? (net groupmap add ) If you do a groups triddel on the unix command line, how many groups are you in?Unix groups mapped to Windows groups get double-counted, which can push you over 16 groups.My environment is Samba 3.x. PDC's so not the same as yours. FYI The latest (as of a few months back) Solaris 10 kernels finally let you set ngroups_max=1024. 147441-10 (x86_84) 147440-10 (sparc) Most previous ones allowed ngroups_max=32. Except 147441-09 /147441-09 actually rolled it back to ngroups_max=16. On 04/12/12 13:21, Toby Riddell wrote: Hi all, I'm having an issue with Samba 3.6.4 on Solaris using Active Directory with a Windows Server 2008 domain controller. I should state early on that I do not believe this is a manifestation of the Solaris 16 group limit - the number of groups is well below 16. Winbind seems to be working fine - I can use wbinfo -r to check the groups that a user is a member of, it returns the list of Active Directory groups that the userid belongs to: # /opt/samba/bin/wbinfo -r triddel 5000 10501 1 10586 20001 (You'll note that the above list differs from the lists below - this is because some of the groups have no NIS domain defined in AD.) What I see is smbd panicking when initialising groups for a user, it seems to be trying (and failing) to set one of the groups to -1: [2012/04/12 18:01:20.950498, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 11 supplementary groups Group[ 0]: 5000 Group[ 1]: -1 Group[ 2]: 10501 Group[ 3]: 1 Group[ 4]: 10586 Group[ 5]: 10590 Group[ 6]: 10505 Group[ 7]: 20002 Group[ 8]: 20003 Group[ 9]: 20004 Group[ 10]: 20001 The corresponding truss output looks like this: 6114: setgroups(11, 0x08933B50) Err#22 EINVAL 6114: 5000-1 10501 1 10586 10590 10505 20002 20003 20004 6114:20001 The group with gid -1 corresponds to a group defined in /etc/group, the rest come from Active Directory. Occasionally smbd works correctly, and I see this in the log: [2012/04/12 17:57:58.790716, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 10 supplementary groups Group[ 0]: 5000 Group[ 1]: 10501 Group[ 2]: 1 Group[ 3]: 10586 Group[ 4]: 10590 Group[ 5]: 10505 Group[ 6]: 20002 Group[ 7]: 20003 Group[ 8]: 20004 Group[ 9]: 20001 This may not be relevant, but I also see the list of groups being shuffled: [2012/04/12 18:01:17.915485, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 11 supplementary groups Group[ 0]: 5000 Group[ 1]: 10501 Group[ 2]: 1 Group[ 3]: 10586 Group[ 4]: -1 Group[ 5]: 10590 Group[ 6]: 10505 Group[ 7]: 20002 Group[ 8]: 20003 Group[ 9]: 20004 Group[ 10]: 20001 The Samba config. looks like this: [global] disable spoolss = Yes disable netbios = yes show add printer wizard = No security = ADS log level = 10 realm = FOO.BAR.COM password server = * kerberos method = system keytab workgroup = INTRA client lanman auth = no client ntlmv2 auth = yes max protocol = SMB2 winbind enum users = yes winbind enum groups = yes winbind separator = + winbind use default domain = yes winbind nss info = rfc2307 winbind refresh tickets = yes winbind cache time = 15 idmap config * : range = 2-3 idmap config * : backend = tdb idmap config INTRA : backend = ad idmap config INTRA : range = 1000-2 idmap config INTRA : schema_mode = rfc3207 [foo] path = /live/home/triddel read only = no force create mode = 0600 force directory mode = 2700 browsable = no Can anyone shed any light on this? Thanks. Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.4 on Solaris - groups for user inconsistent
I'd like to avoid adding a group mapping if possible. groups triddel returns 6 groups. The strange this is that with version Samba 3.5.8 everything was working fine... On 12 April 2012 22:00, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Can you add a group mapping for your unix group to a Windows group? (net groupmap add ) If you do a groups triddel on the unix command line, how many groups are you in? Unix groups mapped to Windows groups get double-counted, which can push you over 16 groups. My environment is Samba 3.x. PDC's so not the same as yours. FYI The latest (as of a few months back) Solaris 10 kernels finally let you set ngroups_max=1024. 147441-10 (x86_84) 147440-10 (sparc) Most previous ones allowed ngroups_max=32. Except 147441-09 /147441-09 actually rolled it back to ngroups_max=16. On 04/12/12 13:21, Toby Riddell wrote: Hi all, I'm having an issue with Samba 3.6.4 on Solaris using Active Directory with a Windows Server 2008 domain controller. I should state early on that I do not believe this is a manifestation of the Solaris 16 group limit - the number of groups is well below 16. Winbind seems to be working fine - I can use wbinfo -r to check the groups that a user is a member of, it returns the list of Active Directory groups that the userid belongs to: # /opt/samba/bin/wbinfo -r triddel 5000 10501 1 10586 20001 (You'll note that the above list differs from the lists below - this is because some of the groups have no NIS domain defined in AD.) What I see is smbd panicking when initialising groups for a user, it seems to be trying (and failing) to set one of the groups to -1: [2012/04/12 18:01:20.950498, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 11 supplementary groups Group[ 0]: 5000 Group[ 1]: -1 Group[ 2]: 10501 Group[ 3]: 1 Group[ 4]: 10586 Group[ 5]: 10590 Group[ 6]: 10505 Group[ 7]: 20002 Group[ 8]: 20003 Group[ 9]: 20004 Group[ 10]: 20001 The corresponding truss output looks like this: 6114: setgroups(11, 0x08933B50) Err#22 EINVAL 6114: 5000 -1 10501 1 10586 10590 10505 20002 20003 20004 6114: 20001 The group with gid -1 corresponds to a group defined in /etc/group, the rest come from Active Directory. Occasionally smbd works correctly, and I see this in the log: [2012/04/12 17:57:58.790716, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 10 supplementary groups Group[ 0]: 5000 Group[ 1]: 10501 Group[ 2]: 1 Group[ 3]: 10586 Group[ 4]: 10590 Group[ 5]: 10505 Group[ 6]: 20002 Group[ 7]: 20003 Group[ 8]: 20004 Group[ 9]: 20001 This may not be relevant, but I also see the list of groups being shuffled: [2012/04/12 18:01:17.915485, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 11 supplementary groups Group[ 0]: 5000 Group[ 1]: 10501 Group[ 2]: 1 Group[ 3]: 10586 Group[ 4]: -1 Group[ 5]: 10590 Group[ 6]: 10505 Group[ 7]: 20002 Group[ 8]: 20003 Group[ 9]: 20004 Group[ 10]: 20001 The Samba config. looks like this: [global] disable spoolss = Yes disable netbios = yes show add printer wizard = No security = ADS log level = 10 realm = FOO.BAR.COM password server = * kerberos method = system keytab workgroup = INTRA client lanman auth = no client ntlmv2 auth = yes max protocol = SMB2 winbind enum users = yes winbind enum groups = yes winbind separator = + winbind use default domain = yes winbind nss info = rfc2307 winbind refresh tickets = yes winbind cache time = 15 idmap config * : range = 2-3 idmap config * : backend = tdb idmap config INTRA : backend = ad idmap config INTRA : range = 1000-2 idmap config INTRA : schema_mode = rfc3207 [foo] path = /live/home/triddel read only = no force create mode = 0600 force directory mode = 2700 browsable = no Can anyone shed any light on this? Thanks. Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.4 on Solaris - groups for user inconsistent
Bart,
Thanks for the reply.
However I don't think I'm hitting NGROUPS_MAX. As can be seen in the
snippet of truss output, ngroups is 11.
However, it looks like it might be time for an upgrade just to see if
it fixes the problem.
Regards,
Toby
On 12 April 2012 19:44, Bart Janssens biajanss...@gmail.com wrote:
From the Solaris man page of
http://docs.oracle.com/cd/E19963-01/html/821-1463/getgroups-2.html
...
The setgroups() function will fail if:
EINVAL
The value of /ngroups/ is greater than {NGROUPS_MAX}.
...
According to your truss setgroups returns EINVAL.
Solaris (10) no longer has the 16 group limitation
Starting from Solaris 10 Update 10 or starting with the patch bundle
144500-07 http://wesunsolve.net/patch/id/144500-07 (sparc) / 144501-07
http://wesunsolve.net/patch/id/144501-07 (x86)
one can set ngroups_max up to 1024 in /etc/system.(a reboot is required)
I recommend you to upgrade to Solaris 10 update 10.
HTH,
Bart
On 12/04/12 19:21, Toby Riddell wrote:
Hi all,
I'm having an issue with Samba 3.6.4 on Solaris using Active Directory
with a Windows Server 2008 domain controller. I should state early on
that I do not believe this is a manifestation of the Solaris 16 group
limit - the number of groups is well below 16.
Winbind seems to be working fine - I can use wbinfo -r to check the
groups that a user is a member of, it returns the list of Active
Directory groups that the userid belongs to:
# /opt/samba/bin/wbinfo -r triddel
5000
10501
1
10586
20001
(You'll note that the above list differs from the lists below - this
is because some of the groups have no NIS domain defined in AD.)
What I see is smbd panicking when initialising groups for a user, it
seems to be trying (and failing) to set one of the groups to -1:
[2012/04/12 18:01:20.950498, 10]
auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 10017
Primary group is 5000 and contains 11 supplementary groups
Group[ 0]: 5000
Group[ 1]: -1
Group[ 2]: 10501
Group[ 3]: 1
Group[ 4]: 10586
Group[ 5]: 10590
Group[ 6]: 10505
Group[ 7]: 20002
Group[ 8]: 20003
Group[ 9]: 20004
Group[ 10]: 20001
The corresponding truss output looks like this:
6114: setgroups(11, 0x08933B50) Err#22 EINVAL
6114: 5000 -1 10501 1 10586 10590 10505 20002 20003
20004
6114: 20001
The group with gid -1 corresponds to a group defined in /etc/group,
the rest come from Active Directory.
Occasionally smbd works correctly, and I see this in the log:
[2012/04/12 17:57:58.790716, 10]
auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 10017
Primary group is 5000 and contains 10 supplementary groups
Group[ 0]: 5000
Group[ 1]: 10501
Group[ 2]: 1
Group[ 3]: 10586
Group[ 4]: 10590
Group[ 5]: 10505
Group[ 6]: 20002
Group[ 7]: 20003
Group[ 8]: 20004
Group[ 9]: 20001
This may not be relevant, but I also see the list of groups being
shuffled:
[2012/04/12 18:01:17.915485, 10]
auth/token_util.c:527(debug_unix_user_token)
UNIX token of user 10017
Primary group is 5000 and contains 11 supplementary groups
Group[ 0]: 5000
Group[ 1]: 10501
Group[ 2]: 1
Group[ 3]: 10586
Group[ 4]: -1
Group[ 5]: 10590
Group[ 6]: 10505
Group[ 7]: 20002
Group[ 8]: 20003
Group[ 9]: 20004
Group[ 10]: 20001
The Samba config. looks like this:
[global]
disable spoolss = Yes
disable netbios = yes
show add printer wizard = No
security = ADS
log level = 10
realm = FOO.BAR.COM
password server = *
kerberos method = system keytab
workgroup = INTRA
client lanman auth = no
client ntlmv2 auth = yes
max protocol = SMB2
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
winbind use default domain = yes
winbind nss info = rfc2307
winbind refresh tickets = yes
winbind cache time = 15
idmap config * : range = 2-3
idmap config * : backend = tdb
idmap config INTRA : backend = ad
idmap config INTRA : range = 1000-2
idmap config INTRA : schema_mode = rfc3207
[foo]
path = /live/home/triddel
read only = no
force create mode = 0600
force directory mode = 2700
browsable = no
Can anyone shed any light on this?
Thanks.
Toby
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via bcc16f1 s4-libnet: split export_keytab in a separate python module
to avoid pulling in HDB dependency
via dda0531 WAF: Add support for stopping processing before end of
wscript{_*}
via 1f1e427 clikrb5: Move pure krb wrapper functions from libads to
clikrb5.
via 46ab219 gse: Remove unnecessary header.
via a925c2c srv_keytab: Pass krb5_context directly, it's all we use
anyways.
via c13c065 krb5_wrap: krb5_string_to_key / krb5_encrypt_block are
deprecated.
via 70c303a auth-krb: Move pac related util functions in a single place.
via 3fd6ded auth-krb: Make functions static.
via d857e39 auth-krb: Use simpler method to extract keytype.
via 88d5d5c auth-krb: Nove oid packet check to gensec_util.
via f116262 s4-auth-krb: Remove dependency on credentials too.
via a46e465 s4-auth-krb: Remove unneded dependency on kerberos_util.
via aedbd6b s4-auth-krb: Simplify salt_princ handling.
via 6de578a s4-auth-krb: Move function to db-glue.c and make it static.
via b226955 s4-auth-krb: Move keytab functions in a separate file.
via 7d203f7 s4-auth-krb: Streamline and cleanup code to make it
readable.
via 23d54e7 s4-auth-krb: streamline and rename enctype functions
via 6f7fa0b s4-auth-krb: Make kerberos_enctype_bitmap_to_enctype static.
via 60905c8 s4-auth-krb: Make kerberos_enctype_bitmap_to_enctypes
static.
via 670dbde s4-auth-krb: Move function into more appropriate header.
via 70f1cd6 s4-auth-krb: Make
cli_credentials_invalidate_client_gss_creds static.
via b574e7c s4-auth-krb: Make impersonate_principal_from_credentials
static.
via 93aa451 gensec_gssapi: keep private header file close to the actual
code
via 6ab0dfe krb5_wrap: remove duplicate declaration and dead ifdef
via c761654 s4-ldb: use KRB5_KEY macros to access key elements.
via 011540b wafsamba: point out that local heimdal paths are not
included when USING_SYSTEM_KRB5 gets set.
via 1fedb0a waf: when USING_SYSTEM_KRB5 environment variable is set,
dont configure local heimdal.
via d82aab6 waf: when building with system krb5, we do not need to
build local heimdal.
via 60f192a s3-waf: remove requirement of having --enable-developer for
running system krb5 checks.
from 81d1749 Remove overly complex attemt to define blkcnt_t and
blksize_t. AC_CHECK_TYPE should just do it.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit bcc16f191175740f200c12925b63d45478f06454
Author: Alexander Bokovoy a...@samba.org
Date: Tue Apr 10 12:09:20 2012 +0300
s4-libnet: split export_keytab in a separate python module to avoid pulling
in HDB dependency
Signed-off-by: Andreas Schneider a...@samba.org
Autobuild-User: Andreas Schneider a...@cryptomilk.org
Autobuild-Date: Thu Apr 12 15:23:19 CEST 2012 on sn-devel-104
commit dda0531aae70e78e815fda8c594213369e76a847
Author: Alexander Bokovoy a...@samba.org
Date: Tue Apr 3 11:22:15 2012 +0300
WAF: Add support for stopping processing before end of wscript{_*}
WAF scripts are written in Python and Python has no simple way
to stop program execution other than using exceptions.
This change adds WscriptCheckSkipped exception and its handling in
core WAF code. When any of wscript{_*} throws WscriptCheckSkipped
exception, WAF simply continues to process next wscript in queue
rather than breaking build.
WscriptCheckSkipped exception can be used to perform early bail out
of configuration/build target checks if certain dependency is not available
when the default checks are way more numerous than a check for this
particular dependency. This is to avoid 'if ...' indenting for large
blocks of existing code which also muddens git history for nothing.
Signed-off-by: Andreas Schneider a...@samba.org
commit 1f1e4275b5fafbad1b5719f5efba7ee66f6d3037
Author: Simo Sorce i...@samba.org
Date: Mon Apr 2 23:41:32 2012 -0400
clikrb5: Move pure krb wrapper functions from libads to clikrb5.
Signed-off-by: Andreas Schneider a...@samba.org
commit 46ab21900555ba2f6ef06417095d50f14a2be676
Author: Simo Sorce i...@samba.org
Date: Mon Apr 2 10:20:24 2012 -0400
gse: Remove unnecessary header.
Signed-off-by: Andreas Schneider a...@samba.org
commit a925c2c48d07cd4f074325954d933e194b4704d8
Author: Simo Sorce i...@samba.org
Date: Sun Apr 1 19:08:15 2012 -0400
srv_keytab: Pass krb5_context directly, it's all we use anyways.
Signed-off-by: Andreas Schneider a...@samba.org
commit c13c065a9b92c1abf17e999649ea6bb620615d6f
Author: Simo Sorce i...@samba.org
Date: Sun Apr 1 17:28:19 2012 -0400
krb5_wrap: krb5_string_to_key / krb5_encrypt_block are
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via f6328b1 s3: Fix a typo
via 6742aa1 s3: Fix a segfault with debug level 3 on Solaris
from bcc16f1 s4-libnet: split export_keytab in a separate python module
to avoid pulling in HDB dependency
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit f6328b14c8d5fbc36d4597ebd52f74bfd60d92fc
Author: Volker Lendecke v...@samba.org
Date: Thu Apr 12 21:59:31 2012 +0200
s3: Fix a typo
Autobuild-User: Volker Lendecke v...@samba.org
Autobuild-Date: Thu Apr 12 23:38:24 CEST 2012 on sn-devel-104
commit 6742aa1fb62bdb70ee5e89d243b4058ba6b5e73a
Author: Volker Lendecke v...@samba.org
Date: Thu Apr 12 12:15:50 2012 +0200
s3: Fix a segfault with debug level 3 on Solaris
printf can not deal with NULL strings
---
Summary of changes:
source3/modules/vfs_aio_linux.c |2 +-
source3/smbd/password.c |3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_aio_linux.c b/source3/modules/vfs_aio_linux.c
index f6fa80a..d49dc49 100644
--- a/source3/modules/vfs_aio_linux.c
+++ b/source3/modules/vfs_aio_linux.c
@@ -98,7 +98,7 @@ static bool init_aio_linux(struct vfs_handle_struct *handle)
return true;
}
- /* Shedule a shutdown event for 30 seconds from now. */
+ /* Schedule a shutdown event for 30 seconds from now. */
te = tevent_add_timer(server_event_context(),
NULL,
timeval_current_ofs(30, 0),
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 39cde15..2a76d83 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -286,7 +286,8 @@ int register_existing_vuid(struct smbd_server_connection
*sconn,
DEBUG(3, (register_existing_vuid: User name: %s\t
Real name: %s\n, vuser-session_info-unix_info-unix_name,
- vuser-session_info-info-full_name));
+ vuser-session_info-info-full_name ?
+ vuser-session_info-info-full_name : ));
if (!vuser-session_info-security_token) {
DEBUG(1, (register_existing_vuid: session_info does not
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via b8dea7e Wrong assertion/comparison: Compare value not pointer
via da786cd We never cancel SMB1 aio, only SMB2 aio - and in this case
we always return a value.
via d399af3 Remove cancel_aio_by_fsp(). It can never work and could
lead to memory corruption as outstanding IO's complete. Also we never have any
aio's on a call to close_normal_file() with close_type ERROR_CLOSE.
via fd38486 Fix return_fn when aio was cancelled. We need to return -1,
errno = ECANCELED.
via 9583910 Move the counting of outstanding_aio_calls into the
lifecycle of the aio_extra struct. This way we can't end up with a mismatch
between outstanding events and the counter.
via 80a4e38 Fix the same bug reported by Kirill Malkin
kirill.mal...@starboardstorage.com and fixed by Volker for vfs_aio_fork as
ref 0aacdbfada46329e0ad9dacfa90041a1c7dbf3e8.
from f6328b1 s3: Fix a typo
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit b8dea7e82d0acb9e55e8bfe9a089c250d7380102
Author: Olaf Flebbe o.fle...@science-computing.de
Date: Thu Apr 12 11:29:41 2012 +0200
Wrong assertion/comparison: Compare value not pointer
Signed-off-by: Jeremy Allison j...@samba.org
Autobuild-User: Jeremy Allison j...@samba.org
Autobuild-Date: Fri Apr 13 02:23:36 CEST 2012 on sn-devel-104
commit da786cddd68d8777cad5e3d6c6fe5a3beac2a1a7
Author: Jeremy Allison j...@samba.org
Date: Thu Apr 12 15:11:22 2012 -0700
We never cancel SMB1 aio, only SMB2 aio - and in this case we always return
a value.
So pass_cancel is no longer needed.
commit d399af30c183663f487bf4d086ec4377f84725b0
Author: Jeremy Allison j...@samba.org
Date: Thu Apr 12 15:04:42 2012 -0700
Remove cancel_aio_by_fsp(). It can never work and could lead to memory
corruption
as outstanding IO's complete. Also we never have any aio's on a call to
close_normal_file()
with close_type ERROR_CLOSE.
commit fd3848636498fa357ff0085a126e374a3e91d14b
Author: Jeremy Allison j...@samba.org
Date: Thu Apr 12 15:04:08 2012 -0700
Fix return_fn when aio was cancelled. We need to return -1, errno =
ECANCELED.
commit 95839102ad9c1b052924a99ee938991a305d1add
Author: Jeremy Allison j...@samba.org
Date: Thu Apr 12 13:48:29 2012 -0700
Move the counting of outstanding_aio_calls into the lifecycle of the
aio_extra struct.
This way we can't end up with a mismatch between outstanding events and the
counter.
We may still have problems with canceling and not correctly freeing the aio
struct, but at least the counter won't get out of sync anymore.
commit 80a4e38d6465d8ae47ca113027421af852d34316
Author: Jeremy Allison j...@samba.org
Date: Thu Apr 12 13:15:23 2012 -0700
Fix the same bug reported by Kirill Malkin
kirill.mal...@starboardstorage.com and
fixed by Volker for vfs_aio_fork as ref
0aacdbfada46329e0ad9dacfa90041a1c7dbf3e8.
From that change:
aio_suspend does not signal the main process with a signal, it just
waits. The
aio_fork module does not use the signal at all, it directly calls back
into the
main smbd by calling smbd_aio_complete_aio_ex. This is an abstraction
violation, but the alternative would have been to use signals where
they are
not needed. However, in wait_for_aio_completion this bites us: With
aio_fork we
call handle_aio_completed twice on the same aio_ex struct: Once from
the call
to handle_aio_completion within the aio_fork module and once from the
code in
wait_for_aio_completion.
Fix this differently here by not calling directly back into smbd,
but using a new function aio_linux_setup_returns() to setup the
return values that wait_for_aio_completion() in the main smbd
will pick up by calling handle_aio_completd().
---
Summary of changes:
source3/modules/vfs_aio_fork.c|5 +++
source3/modules/vfs_aio_linux.c | 33 --
source3/modules/vfs_aio_pthread.c |5 +++
source3/registry/reg_parse.c |4 +-
source3/smbd/aio.c| 66 ++---
source3/smbd/close.c | 21 +---
source3/smbd/proto.h |1 -
7 files changed, 68 insertions(+), 67 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_aio_fork.c b/source3/modules/vfs_aio_fork.c
index d10cc9f..f3e8f7f 100644
--- a/source3/modules/vfs_aio_fork.c
+++ b/source3/modules/vfs_aio_fork.c
@@ -710,6 +710,11 @@ static ssize_t aio_fork_return_fn(struct vfs_handle_struct
*handle,
child-aiocb = NULL;
+ if (child-cancelled) {
+ errno = ECANCELED;
+ return -1;
+ }
+
if (child-retval.size == -1) {
errno
