Re: [Samba] UID/GID mapping consistency across at least two Linux machines
Thanks! But how is this related to my problem? is there any pitfalls when some user is a member of many groups? is their uid idepends on their group membership ? -- View this message in context: http://samba.2283325.n4.nabble.com/UID-GID-mapping-consistency-across-at-least-two-Linux-machines-tp4543255p4551082.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Restricting access to [homes]
Hi all. Is it just me or there's no way to restrict access to [homes] share to members of an AD group? Or is it treated like an ordinary Unix group via Winbind mapping? If I use valid users = %S (to give access to the home only to the owner), every domain user (worse: every user in any trusted domain) can access his/her own share... if path exists. That leads to the second problem: is it possible to automatically create the home dir if it's missing (w/o requiring the user to log on the server)? Sort of pam_mkhomedir for shares... I have to handle laboratories w/ a lot of students, and pre-creating homes would be impractical, while giving access to everybody in the university is a waste of resources... TIA, Diego. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.6.4 segfaults on guest authentication
Hi, I recently updated to Samba 3.6.4 from 3.6.0 (on Solaris 10 x86). Since then, passwordless guest authentication makes smbd crash with a segfault. I run the following command to test if the Samba server is available via Nagios: smbclient -U guest -N -L smb-serv Since the update, it returns with: session setup failed: NT_STATUS_PIPE_BROKEN Server side level 10 log and a stacktrace of the resulting coredump are attached. Any help with this would be appreciated. Regards, Christian Manal core 'core' of 15868: /services/samba/sbin/smbd -D fe90bb17 _lwp_kill (1, 6) + 7 fe8b365f raise(6) + 1f fe892961 abort(6, 0, 8a7afc7, 8a7afeb, 8b41f1c, 8a7a122) + cd 084f7168 (8a7dbf6, 3dfc, 0, 8a7adb8, 0, 8046014) 085094b4 log_stack_trace (8a7adb8, 0, 8a7ada9, 8a7b005, fe97e000, fe3d2a00) 084f6a3a sig_fault (b, 0, 80460a0, fe8f5ac3, 8046058, fe8f5ac3) 084f6a4b sig_fault (b, 0, 80460f8) + 11 fe908e9f __sighndlr (b, 0, 80460f8, 84f6a3a) + f fe8feb7f call_user_handler (b, 0, 80460f8) + 22b fe8fecc0 sigacthandler (b, 0, 80460f8) + 7c --- called from signal handler with signal 11 (SIGSEGV) --- fe8863dc strlen (891dc3b, 80471b4, 80470b0, 0) + c fe8e4953 vsnprintf (80470f0, 80, 891dc08, 80471b4) + 73 fe8e0d60 vasprintf (8047190, 891dc08, 80471b4, 2, 0, 80471b4) + 34 084f62b1 dbgtext (891dc08, 8b68f60, 0, 891e0cf, 891dba3, 100) + 3e 080f60b4 register_existing_vuid (8b64de0, 64, 0, 8b69a58, 0, 80473a4) + 1fd 081330f9 reply_sesssetup_and_X (8bad0e8, 1, 8bad058, 5c, 27, 0) + 15b5 081792f6 switch_message (73, 8bad0e8, 5c, 0, 0, 0) + 686 0817947f construct_reply (8b64de0, 0, 5c, 0, 0, 0) + 17b 081797b2 process_smb (8b64de0, 8bad058, 5c, 0, 0, 0) + 1ed 0817aaac smbd_server_connection_read_handler (8b64de0, 19, 3b, f300d, 8b64e2c, 8b64e2c) + 218 0817ab1f smbd_server_connection_handler (8b64d68, 8b92e48, 1, 8b64de0, 0, 8bab4c8) + 68 0851c991 run_events_poll (8b64d68, 1, 8ba4d28, 2, 8047810, fea2c230) + 630 08178835 smbd_server_connection_loop_once (8047874, 8b64de0, 19, 1, 817aab7, 8b64de0) + 115 0817d273 smbd_process (8b64de0, , 9cf1f71a, 584cec60, 33, 9cf1f71a) + c72 0890dd7f smbd_accept_connection (8b64d68, 8ba7c38, 1, 8ba7660, 0, 8047e14) + 416 0851c991 run_events_poll (8b64d68, 1, 8b6c098, 5, 8047bf4, 84dc1ac) + 630 0851cc1f s3_event_loop_once (8b64d68, 8b30e50, 8b647c0, 85222b1, 8ba4960, 8b41f1c) + 14e 0851dbcc _tevent_loop_once (8b64d68, 8b30e50, 8b30e25, 8b3149d, 0, 8b31485) + dd 0890eaa1 smbd_parent_loop (8bad990, 8b31485, 0, 8b31401, , 2e0b57be) + 85 0890fc1f main (80d9c60, 2, 8047e98) + 1106 080d9c60 _start (2, 8047f24, 8047f3e, 0, 8047f41, 8047f59) + 80 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.4 segfaults on guest authentication
On Thu, Apr 12, 2012 at 10:52:48AM +0200, Christian Manal wrote: Hi, I recently updated to Samba 3.6.4 from 3.6.0 (on Solaris 10 x86). Since then, passwordless guest authentication makes smbd crash with a segfault. I run the following command to test if the Samba server is available via Nagios: smbclient -U guest -N -L smb-serv Since the update, it returns with: session setup failed: NT_STATUS_PIPE_BROKEN Server side level 10 log and a stacktrace of the resulting coredump are attached. Any help with this would be appreciated. Sorry, but I do not see the level 10 log. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.4 segfaults on guest authentication
On 12.04.2012 11:38, Volker Lendecke wrote: On Thu, Apr 12, 2012 at 10:52:48AM +0200, Christian Manal wrote: Hi, I recently updated to Samba 3.6.4 from 3.6.0 (on Solaris 10 x86). Since then, passwordless guest authentication makes smbd crash with a segfault. I run the following command to test if the Samba server is available via Nagios: smbclient -U guest -N -L smb-serv Since the update, it returns with: session setup failed: NT_STATUS_PIPE_BROKEN Server side level 10 log and a stacktrace of the resulting coredump are attached. Any help with this would be appreciated. Sorry, but I do not see the level 10 log. Volker Hmm, seems like it got swallowed somewhere along the way. The attachment is there in my outgoing mail folder. Second try. Regards, Christian Manal [2012/04/12 10:41:18.762778, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /services/samba/etc/smb.conf - /services/samba/etc/smb.conf last mod_time: Thu Apr 12 10:41:12 2012 [2012/04/12 10:41:18.762908, 5] auth/auth_util.c:110(make_user_info_map) Mapping user [WORKGROUP]\[guest] from workstation [CLIENT] [2012/04/12 10:41:18.762969, 5] auth/auth_util.c:131(make_user_info_map) Mapped domain from [WORKGROUP] to [SMB-SERV] for user [guest] from workstation [CLIENT] [2012/04/12 10:41:18.763007, 5] auth/user_info.c:59(make_user_info) attempting to make a user_info for guest (guest) [2012/04/12 10:41:18.763042, 5] auth/user_info.c:70(make_user_info) making strings for guest's user_info struct [2012/04/12 10:41:18.763079, 5] auth/user_info.c:87(make_user_info) making blobs for guest's user_info struct [2012/04/12 10:41:18.763115, 10] auth/user_info.c:123(make_user_info) made a user_info for guest (guest) [2012/04/12 10:41:18.763149, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [WORKGROUP]\[guest]@[CLIENT] with the new password interface [2012/04/12 10:41:18.763186, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [SMB-SERV]\[guest]@[CLIENT] [2012/04/12 10:41:18.763221, 10] auth/auth.c:231(check_ntlm_password) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2012/04/12 10:41:18.763256, 10] auth/auth.c:233(check_ntlm_password) challenge is: [2012/04/12 10:41:18.763289, 5] ../lib/util/util.c:415(dump_data) [] D2 C1 61 CD 4E BB 7A 50..a.N.zP [2012/04/12 10:41:18.763364, 10] auth/auth_builtin.c:44(check_guest_security) Check auth for: [guest] [2012/04/12 10:41:18.763398, 10] auth/auth.c:259(check_ntlm_password) check_ntlm_password: guest had nothing to say [2012/04/12 10:41:18.763443, 10] auth/auth_sam.c:75(auth_samstrict_auth) Check auth for: [guest] [2012/04/12 10:41:18.763478, 8] lib/util.c:1521(is_myname) is_myname(SMB-SERV) returns 1 [2012/04/12 10:41:18.763516, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/04/12 10:41:18.763566, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/04/12 10:41:18.763602, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/04/12 10:41:18.763636, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/04/12 10:41:18.763671, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/04/12 10:41:18.763806, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base = [dc=example,dc=com], filter = [((uid=guest)(objectclass=sambaSamAccount))], scope = [2] [2012/04/12 10:41:18.764930, 5] lib/smbldap.c:1341(smbldap_close) The connection to the LDAP server was closed [2012/04/12 10:41:18.764998, 10] lib/smbldap.c:819(smb_ldap_setup_conn) smb_ldap_setup_connection: ldap://ldap.example.com/ [2012/04/12 10:41:18.788259, 3] lib/smbldap.c:803(smb_ldap_start_tls) StartTLS issued: using a TLS connection [2012/04/12 10:41:18.788373, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2012/04/12 10:41:18.788411, 10] lib/smbldap.c:1194(smbldap_connect_system) ldap_connect_system: Binding to ldap server ldap://ldap.example.com/ as cn=samba,dc=example,dc=com [2012/04/12 10:41:18.789588, 3] lib/smbldap.c:1240(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2012/04/12 10:41:18.789653, 4] lib/smbldap.c:1319(smbldap_open) The LDAP server is successfully connected [2012/04/12 10:41:18.791015, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [guest] count=0 [2012/04/12 10:41:18.791085, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/04/12 10:41:18.791122, 3] auth/check_samsec.c:399(check_sam_security)
Re: [Samba] Restricting access to [homes]
On Thu, 2012-04-12 at 11:21 +0200, NdK wrote: Hi all. Is it just me or there's no way to restrict access to [homes] share to members of an AD group? Or is it treated like an ordinary Unix group via Winbind mapping? If I use valid users = %S (to give access to the home only to the owner), every domain user (worse: every user in any trusted domain) can access his/her own share... if path exists. That leads to the second problem: is it possible to automatically create the home dir if it's missing (w/o requiring the user to log on the server)? Sort of pam_mkhomedir for shares... Use the exec option for the share to call out a script to create the home directory and set ownership etc. correctly. Note if no home directory exists then you cannot access the share, so your script to create their home directory automatically can test to see if they are a member of a suitable group. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.4 segfaults on guest authentication
On Thu, Apr 12, 2012 at 11:41:14AM +0200, Christian Manal wrote: On 12.04.2012 11:38, Volker Lendecke wrote: On Thu, Apr 12, 2012 at 10:52:48AM +0200, Christian Manal wrote: Hi, I recently updated to Samba 3.6.4 from 3.6.0 (on Solaris 10 x86). Since then, passwordless guest authentication makes smbd crash with a segfault. I run the following command to test if the Samba server is available via Nagios: smbclient -U guest -N -L smb-serv Since the update, it returns with: session setup failed: NT_STATUS_PIPE_BROKEN Does the attached patch help? Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de From 911cb5448c4ce197eadd7c83b512f867d4fbf14e Mon Sep 17 00:00:00 2001 From: Volker Lendecke v...@samba.org Date: Thu, 12 Apr 2012 12:15:50 +0200 Subject: [PATCH] s3: Fix a segfault with debug level 3 on Solaris printf can not deal with NULL strings --- source3/smbd/password.c |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/source3/smbd/password.c b/source3/smbd/password.c index ddc7ad1..f032a56 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -294,7 +294,8 @@ int register_existing_vuid(struct smbd_server_connection *sconn, DEBUG(3, (register_existing_vuid: User name: %s\t Real name: %s\n, vuser-session_info-unix_name, - vuser-session_info-info3-base.full_name.string)); + vuser-session_info-info3-base.full_name.string ? + vuser-session_info-info3-base.full_name.string : )); if (!vuser-session_info-security_token) { DEBUG(1, (register_existing_vuid: session_info does not -- 1.7.5.4 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.4 segfaults on guest authentication
On 12.04.2012 12:18, Volker Lendecke wrote: On Thu, Apr 12, 2012 at 11:41:14AM +0200, Christian Manal wrote: On 12.04.2012 11:38, Volker Lendecke wrote: On Thu, Apr 12, 2012 at 10:52:48AM +0200, Christian Manal wrote: Hi, I recently updated to Samba 3.6.4 from 3.6.0 (on Solaris 10 x86). Since then, passwordless guest authentication makes smbd crash with a segfault. I run the following command to test if the Samba server is available via Nagios: smbclient -U guest -N -L smb-serv Since the update, it returns with: session setup failed: NT_STATUS_PIPE_BROKEN Does the attached patch help? Volker Looks good. Thank you! Regards, Christian Manal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] user map Problem with security= ADS after upgrade form 3.5.13 to 3.6.4
Hi we are running samba on Linux as an AD member. Linux is integrated into the AD with Vintella Authentification services. The normal AD Users are unix enabled and available on the linux system using nss/vas. Therefore we used idmap config DLR: backend = nss idmap config DLR: readonly = yes In the AD we have some administrative accounts which are not unix enabled (like username-adm) Up to samba 3.5.13 we have been able to map this administrative accounts to root on the samba server root = DLR\username-adm With 3.6.4 this does not work any more If I connect form a workstation logged in as DOMAIN\username-adm I get a password prompt It seems that the mapping is ok Kerberos ticket principal name is [username-...@intra.dlr.de] [2012/04/12 13:33:35.920072, 3] auth/user_util.c:402(map_username) Mapped user DLR\username-adm to root but with 3.6.4 ist seems that even a user ist mapped to root a unix account is required for the original user Failed to find authenticated user DLR\username-adm via getpwnam(), denying access. Of cource we can unix enable an adm-account, but before doing so, I want to now, if there might be another solution Regards Hansjörg [2012/04/12 13:33:35.870906, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/04/12 13:33:35.871057, 2] smbd/sesssetup.c:1279(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/04/12 13:33:35.871282, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/04/12 13:33:35.871472, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[Windows Server 2003 3790 Service Pack 2] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 5.2] [2012/04/12 13:33:35.871698, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 6731 [2012/04/12 13:33:35.876804, 3] libads/authdata.c:332(decode_pac_data) Found account name from PAC: username-adm [username-adm] [2012/04/12 13:33:35.877386, 3] auth/user_krb5.c:50(get_user_from_kerberos_info) Kerberos ticket principal name is [username-...@intra.dlr.de] [2012/04/12 13:33:35.877609, 3] auth/user_util.c:402(map_username) Mapped user DLR\username-adm to root [2012/04/12 13:33:35.896434, 3] auth/auth_util.c:1028(check_account) Failed to find authenticated user DLR\username-adm via getpwnam(), denying access. [2012/04/12 13:33:35.896609, 1] auth/user_krb5.c:211(make_server_info_krb5) make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER! [2012/04/12 13:33:35.896794, 1] smbd/sesssetup.c:379(reply_spnego_kerberos) make_server_info_krb5 failed! [2012/04/12 13:33:35.896975, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(383) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2012/04/12 13:33:35.898900, 3] smbd/server_exit.c:180(exit_server_common) Server exit (failed to receive smb request) [2012/04/12 13:33:35.911450, 3] smbd/negprot.c:419(reply_nt1) using SPNEGO [2012/04/12 13:33:35.911651, 3] smbd/negprot.c:704(reply_negprot) Selected protocol NT LM 0.12 [2012/04/12 13:33:35.912998, 3] smbd/process.c:1662(process_smb) Transaction 1 of length 6992 (0 toread) [2012/04/12 13:33:35.913232, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 4861) conn 0x0 [2012/04/12 13:33:35.913366, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/04/12 13:33:35.913530, 2] smbd/sesssetup.c:1279(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/04/12 13:33:35.913647, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/04/12 13:33:35.913803, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[Windows Server 2003 3790 Service Pack 2] NativeLanMan=[] PrimaryDomain=[Windows Server 2003 5.2] [2012/04/12 13:33:35.914000, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 6731 [2012/04/12 13:33:35.919423, 3] libads/authdata.c:332(decode_pac_data) Found account name from PAC: username-adm [username-adm] [2012/04/12 13:33:35.919825, 3] auth/user_krb5.c:50(get_user_from_kerberos_info) Kerberos ticket principal name is [username-...@intra.dlr.de] [2012/04/12 13:33:35.920072, 3] auth/user_util.c:402(map_username) Mapped user DLR\username-adm to root [2012/04/12 13:33:35.931919, 3] auth/auth_util.c:1028(check_account) Failed to find authenticated user DLR\username-adm via getpwnam(), denying access. [2012/04/12 13:33:35.932087, 1] auth/user_krb5.c:211(make_server_info_krb5) make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER! [2012/04/12 13:33:35.932385, 1] smbd/sesssetup.c:379(reply_spnego_kerberos) make_server_info_krb5 failed! [2012/04/12 13:33:35.932603, 3] smbd/error.c:81(error_packet_set) error packet at
[Samba] Samba 3.6.4 on Solaris - groups for user inconsistent
Hi all, I'm having an issue with Samba 3.6.4 on Solaris using Active Directory with a Windows Server 2008 domain controller. I should state early on that I do not believe this is a manifestation of the Solaris 16 group limit - the number of groups is well below 16. Winbind seems to be working fine - I can use wbinfo -r to check the groups that a user is a member of, it returns the list of Active Directory groups that the userid belongs to: # /opt/samba/bin/wbinfo -r triddel 5000 10501 1 10586 20001 (You'll note that the above list differs from the lists below - this is because some of the groups have no NIS domain defined in AD.) What I see is smbd panicking when initialising groups for a user, it seems to be trying (and failing) to set one of the groups to -1: [2012/04/12 18:01:20.950498, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 11 supplementary groups Group[ 0]: 5000 Group[ 1]: -1 Group[ 2]: 10501 Group[ 3]: 1 Group[ 4]: 10586 Group[ 5]: 10590 Group[ 6]: 10505 Group[ 7]: 20002 Group[ 8]: 20003 Group[ 9]: 20004 Group[ 10]: 20001 The corresponding truss output looks like this: 6114: setgroups(11, 0x08933B50) Err#22 EINVAL 6114: 5000-1 10501 1 10586 10590 10505 20002 20003 20004 6114:20001 The group with gid -1 corresponds to a group defined in /etc/group, the rest come from Active Directory. Occasionally smbd works correctly, and I see this in the log: [2012/04/12 17:57:58.790716, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 10 supplementary groups Group[ 0]: 5000 Group[ 1]: 10501 Group[ 2]: 1 Group[ 3]: 10586 Group[ 4]: 10590 Group[ 5]: 10505 Group[ 6]: 20002 Group[ 7]: 20003 Group[ 8]: 20004 Group[ 9]: 20001 This may not be relevant, but I also see the list of groups being shuffled: [2012/04/12 18:01:17.915485, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 11 supplementary groups Group[ 0]: 5000 Group[ 1]: 10501 Group[ 2]: 1 Group[ 3]: 10586 Group[ 4]: -1 Group[ 5]: 10590 Group[ 6]: 10505 Group[ 7]: 20002 Group[ 8]: 20003 Group[ 9]: 20004 Group[ 10]: 20001 The Samba config. looks like this: [global] disable spoolss = Yes disable netbios = yes show add printer wizard = No security = ADS log level = 10 realm = FOO.BAR.COM password server = * kerberos method = system keytab workgroup = INTRA client lanman auth = no client ntlmv2 auth = yes max protocol = SMB2 winbind enum users = yes winbind enum groups = yes winbind separator = + winbind use default domain = yes winbind nss info = rfc2307 winbind refresh tickets = yes winbind cache time = 15 idmap config * : range = 2-3 idmap config * : backend = tdb idmap config INTRA : backend = ad idmap config INTRA : range = 1000-2 idmap config INTRA : schema_mode = rfc3207 [foo] path = /live/home/triddel read only = no force create mode = 0600 force directory mode = 2700 browsable = no Can anyone shed any light on this? Thanks. Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can mkdir on samba share but not copy directory from local disk to samba share
Hi We are running a large samba servers within an NT4.0 domain (yes, I know) The samba version is 3.5.10: smbd -b|less Build environment: Built by:root@sfw10-patch Built on:Wed Oct 26 11:23:15 PDT 2011 Built using: /ws/on10-tools/SUNWspro/SS12/bin/cc Build host: SunOS sfw10-patch 5.10 Generic sun4u sparc SUNW,Sun-Fire-V210 SRCDIR: /sfw10/builds/build/sfw10-patch/usr/src/cmd/samba/samba-3.5.10/source3 BUILDDIR: /sfw10/builds/build/sfw10-patch/usr/src/cmd/samba/samba-3.5.10/source3 (...) running on Solaris (Sparc:) uname -a SunOS XX 5.10 Generic_147440-13 sun4u sparc SUNW,Sun-Fire-V440 File system is ZFS. The system has been recently moved from older OS and samba versions. (I'm not the primary admin but the guy supposed to know about the samba part.) I've found now that since we moved there is trouble with some file operations: I can create directories on the share with mkdir (from Win XP) just fine, but copying directories from a local file system to a samba share with xcopy ... /e fails. xcopy from samba share to samba share works, as well as xcopy'ing files. Where should I start to dig? Here's my configuration [global] workgroup = Y netbios name = XXX server string = Samba Server %v, Solaris 10 (ZFS) security = DOMAIN allow trusted domains = No username level = 1 log level = 1 log file = /var/samba/log/clients/%m_%I max log size = 512 load printers = No printcap name = /dev/null dns proxy = No wins server = z winbind trusted domains only = Yes hosts allow = 137.248., 192.168. nt acl support = No printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j [homes] comment = Home Directories read only = No create mask = 0740 directory mask = 0750 veto files = /public_html/ hide files = /desktop.ini/ browseable = No volume = HOME [public_html] comment = User Webspace path = %H/public_html read only = No hide dot files = No mangled names = No [ntprofiles] comment = Benutzerprofile path = /WinNT-Profiles read only = No create mask = 0740 directory mask = 0750 hide files = /desktop.ini/ browseable = No csc policy = disable Kind regards Wolfgang -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.4 on Solaris - groups for user inconsistent
From the Solaris man page of http://docs.oracle.com/cd/E19963-01/html/821-1463/getgroups-2.html ... The setgroups() function will fail if: EINVAL The value of /ngroups/ is greater than {NGROUPS_MAX}. ... According to your truss setgroups returns EINVAL. Solaris (10) no longer has the 16 group limitation Starting from Solaris 10 Update 10 or starting with the patch bundle 144500-07 http://wesunsolve.net/patch/id/144500-07 (sparc) / 144501-07 http://wesunsolve.net/patch/id/144501-07 (x86) one can set ngroups_max up to 1024 in /etc/system.(a reboot is required) I recommend you to upgrade to Solaris 10 update 10. HTH, Bart On 12/04/12 19:21, Toby Riddell wrote: Hi all, I'm having an issue with Samba 3.6.4 on Solaris using Active Directory with a Windows Server 2008 domain controller. I should state early on that I do not believe this is a manifestation of the Solaris 16 group limit - the number of groups is well below 16. Winbind seems to be working fine - I can use wbinfo -r to check the groups that a user is a member of, it returns the list of Active Directory groups that the userid belongs to: # /opt/samba/bin/wbinfo -r triddel 5000 10501 1 10586 20001 (You'll note that the above list differs from the lists below - this is because some of the groups have no NIS domain defined in AD.) What I see is smbd panicking when initialising groups for a user, it seems to be trying (and failing) to set one of the groups to -1: [2012/04/12 18:01:20.950498, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 11 supplementary groups Group[ 0]: 5000 Group[ 1]: -1 Group[ 2]: 10501 Group[ 3]: 1 Group[ 4]: 10586 Group[ 5]: 10590 Group[ 6]: 10505 Group[ 7]: 20002 Group[ 8]: 20003 Group[ 9]: 20004 Group[ 10]: 20001 The corresponding truss output looks like this: 6114: setgroups(11, 0x08933B50) Err#22 EINVAL 6114: 5000-1 10501 1 10586 10590 10505 20002 20003 20004 6114:20001 The group with gid -1 corresponds to a group defined in /etc/group, the rest come from Active Directory. Occasionally smbd works correctly, and I see this in the log: [2012/04/12 17:57:58.790716, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 10 supplementary groups Group[ 0]: 5000 Group[ 1]: 10501 Group[ 2]: 1 Group[ 3]: 10586 Group[ 4]: 10590 Group[ 5]: 10505 Group[ 6]: 20002 Group[ 7]: 20003 Group[ 8]: 20004 Group[ 9]: 20001 This may not be relevant, but I also see the list of groups being shuffled: [2012/04/12 18:01:17.915485, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 11 supplementary groups Group[ 0]: 5000 Group[ 1]: 10501 Group[ 2]: 1 Group[ 3]: 10586 Group[ 4]: -1 Group[ 5]: 10590 Group[ 6]: 10505 Group[ 7]: 20002 Group[ 8]: 20003 Group[ 9]: 20004 Group[ 10]: 20001 The Samba config. looks like this: [global] disable spoolss = Yes disable netbios = yes show add printer wizard = No security = ADS log level = 10 realm = FOO.BAR.COM password server = * kerberos method = system keytab workgroup = INTRA client lanman auth = no client ntlmv2 auth = yes max protocol = SMB2 winbind enum users = yes winbind enum groups = yes winbind separator = + winbind use default domain = yes winbind nss info = rfc2307 winbind refresh tickets = yes winbind cache time = 15 idmap config * : range = 2-3 idmap config * : backend = tdb idmap config INTRA : backend = ad idmap config INTRA : range = 1000-2 idmap config INTRA : schema_mode = rfc3207 [foo] path = /live/home/triddel read only = no force create mode = 0600 force directory mode = 2700 browsable = no Can anyone shed any light on this? Thanks. Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.4 on Solaris - groups for user inconsistent
Can you add a group mapping for your unix group to a Windows group? (net groupmap add ) If you do a groups triddel on the unix command line, how many groups are you in?Unix groups mapped to Windows groups get double-counted, which can push you over 16 groups.My environment is Samba 3.x. PDC's so not the same as yours. FYI The latest (as of a few months back) Solaris 10 kernels finally let you set ngroups_max=1024. 147441-10 (x86_84) 147440-10 (sparc) Most previous ones allowed ngroups_max=32. Except 147441-09 /147441-09 actually rolled it back to ngroups_max=16. On 04/12/12 13:21, Toby Riddell wrote: Hi all, I'm having an issue with Samba 3.6.4 on Solaris using Active Directory with a Windows Server 2008 domain controller. I should state early on that I do not believe this is a manifestation of the Solaris 16 group limit - the number of groups is well below 16. Winbind seems to be working fine - I can use wbinfo -r to check the groups that a user is a member of, it returns the list of Active Directory groups that the userid belongs to: # /opt/samba/bin/wbinfo -r triddel 5000 10501 1 10586 20001 (You'll note that the above list differs from the lists below - this is because some of the groups have no NIS domain defined in AD.) What I see is smbd panicking when initialising groups for a user, it seems to be trying (and failing) to set one of the groups to -1: [2012/04/12 18:01:20.950498, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 11 supplementary groups Group[ 0]: 5000 Group[ 1]: -1 Group[ 2]: 10501 Group[ 3]: 1 Group[ 4]: 10586 Group[ 5]: 10590 Group[ 6]: 10505 Group[ 7]: 20002 Group[ 8]: 20003 Group[ 9]: 20004 Group[ 10]: 20001 The corresponding truss output looks like this: 6114: setgroups(11, 0x08933B50) Err#22 EINVAL 6114: 5000-1 10501 1 10586 10590 10505 20002 20003 20004 6114:20001 The group with gid -1 corresponds to a group defined in /etc/group, the rest come from Active Directory. Occasionally smbd works correctly, and I see this in the log: [2012/04/12 17:57:58.790716, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 10 supplementary groups Group[ 0]: 5000 Group[ 1]: 10501 Group[ 2]: 1 Group[ 3]: 10586 Group[ 4]: 10590 Group[ 5]: 10505 Group[ 6]: 20002 Group[ 7]: 20003 Group[ 8]: 20004 Group[ 9]: 20001 This may not be relevant, but I also see the list of groups being shuffled: [2012/04/12 18:01:17.915485, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 11 supplementary groups Group[ 0]: 5000 Group[ 1]: 10501 Group[ 2]: 1 Group[ 3]: 10586 Group[ 4]: -1 Group[ 5]: 10590 Group[ 6]: 10505 Group[ 7]: 20002 Group[ 8]: 20003 Group[ 9]: 20004 Group[ 10]: 20001 The Samba config. looks like this: [global] disable spoolss = Yes disable netbios = yes show add printer wizard = No security = ADS log level = 10 realm = FOO.BAR.COM password server = * kerberos method = system keytab workgroup = INTRA client lanman auth = no client ntlmv2 auth = yes max protocol = SMB2 winbind enum users = yes winbind enum groups = yes winbind separator = + winbind use default domain = yes winbind nss info = rfc2307 winbind refresh tickets = yes winbind cache time = 15 idmap config * : range = 2-3 idmap config * : backend = tdb idmap config INTRA : backend = ad idmap config INTRA : range = 1000-2 idmap config INTRA : schema_mode = rfc3207 [foo] path = /live/home/triddel read only = no force create mode = 0600 force directory mode = 2700 browsable = no Can anyone shed any light on this? Thanks. Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.4 on Solaris - groups for user inconsistent
I'd like to avoid adding a group mapping if possible. groups triddel returns 6 groups. The strange this is that with version Samba 3.5.8 everything was working fine... On 12 April 2012 22:00, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Can you add a group mapping for your unix group to a Windows group? (net groupmap add ) If you do a groups triddel on the unix command line, how many groups are you in? Unix groups mapped to Windows groups get double-counted, which can push you over 16 groups. My environment is Samba 3.x. PDC's so not the same as yours. FYI The latest (as of a few months back) Solaris 10 kernels finally let you set ngroups_max=1024. 147441-10 (x86_84) 147440-10 (sparc) Most previous ones allowed ngroups_max=32. Except 147441-09 /147441-09 actually rolled it back to ngroups_max=16. On 04/12/12 13:21, Toby Riddell wrote: Hi all, I'm having an issue with Samba 3.6.4 on Solaris using Active Directory with a Windows Server 2008 domain controller. I should state early on that I do not believe this is a manifestation of the Solaris 16 group limit - the number of groups is well below 16. Winbind seems to be working fine - I can use wbinfo -r to check the groups that a user is a member of, it returns the list of Active Directory groups that the userid belongs to: # /opt/samba/bin/wbinfo -r triddel 5000 10501 1 10586 20001 (You'll note that the above list differs from the lists below - this is because some of the groups have no NIS domain defined in AD.) What I see is smbd panicking when initialising groups for a user, it seems to be trying (and failing) to set one of the groups to -1: [2012/04/12 18:01:20.950498, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 11 supplementary groups Group[ 0]: 5000 Group[ 1]: -1 Group[ 2]: 10501 Group[ 3]: 1 Group[ 4]: 10586 Group[ 5]: 10590 Group[ 6]: 10505 Group[ 7]: 20002 Group[ 8]: 20003 Group[ 9]: 20004 Group[ 10]: 20001 The corresponding truss output looks like this: 6114: setgroups(11, 0x08933B50) Err#22 EINVAL 6114: 5000 -1 10501 1 10586 10590 10505 20002 20003 20004 6114: 20001 The group with gid -1 corresponds to a group defined in /etc/group, the rest come from Active Directory. Occasionally smbd works correctly, and I see this in the log: [2012/04/12 17:57:58.790716, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 10 supplementary groups Group[ 0]: 5000 Group[ 1]: 10501 Group[ 2]: 1 Group[ 3]: 10586 Group[ 4]: 10590 Group[ 5]: 10505 Group[ 6]: 20002 Group[ 7]: 20003 Group[ 8]: 20004 Group[ 9]: 20001 This may not be relevant, but I also see the list of groups being shuffled: [2012/04/12 18:01:17.915485, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 11 supplementary groups Group[ 0]: 5000 Group[ 1]: 10501 Group[ 2]: 1 Group[ 3]: 10586 Group[ 4]: -1 Group[ 5]: 10590 Group[ 6]: 10505 Group[ 7]: 20002 Group[ 8]: 20003 Group[ 9]: 20004 Group[ 10]: 20001 The Samba config. looks like this: [global] disable spoolss = Yes disable netbios = yes show add printer wizard = No security = ADS log level = 10 realm = FOO.BAR.COM password server = * kerberos method = system keytab workgroup = INTRA client lanman auth = no client ntlmv2 auth = yes max protocol = SMB2 winbind enum users = yes winbind enum groups = yes winbind separator = + winbind use default domain = yes winbind nss info = rfc2307 winbind refresh tickets = yes winbind cache time = 15 idmap config * : range = 2-3 idmap config * : backend = tdb idmap config INTRA : backend = ad idmap config INTRA : range = 1000-2 idmap config INTRA : schema_mode = rfc3207 [foo] path = /live/home/triddel read only = no force create mode = 0600 force directory mode = 2700 browsable = no Can anyone shed any light on this? Thanks. Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.6.4 on Solaris - groups for user inconsistent
Bart, Thanks for the reply. However I don't think I'm hitting NGROUPS_MAX. As can be seen in the snippet of truss output, ngroups is 11. However, it looks like it might be time for an upgrade just to see if it fixes the problem. Regards, Toby On 12 April 2012 19:44, Bart Janssens biajanss...@gmail.com wrote: From the Solaris man page of http://docs.oracle.com/cd/E19963-01/html/821-1463/getgroups-2.html ... The setgroups() function will fail if: EINVAL The value of /ngroups/ is greater than {NGROUPS_MAX}. ... According to your truss setgroups returns EINVAL. Solaris (10) no longer has the 16 group limitation Starting from Solaris 10 Update 10 or starting with the patch bundle 144500-07 http://wesunsolve.net/patch/id/144500-07 (sparc) / 144501-07 http://wesunsolve.net/patch/id/144501-07 (x86) one can set ngroups_max up to 1024 in /etc/system.(a reboot is required) I recommend you to upgrade to Solaris 10 update 10. HTH, Bart On 12/04/12 19:21, Toby Riddell wrote: Hi all, I'm having an issue with Samba 3.6.4 on Solaris using Active Directory with a Windows Server 2008 domain controller. I should state early on that I do not believe this is a manifestation of the Solaris 16 group limit - the number of groups is well below 16. Winbind seems to be working fine - I can use wbinfo -r to check the groups that a user is a member of, it returns the list of Active Directory groups that the userid belongs to: # /opt/samba/bin/wbinfo -r triddel 5000 10501 1 10586 20001 (You'll note that the above list differs from the lists below - this is because some of the groups have no NIS domain defined in AD.) What I see is smbd panicking when initialising groups for a user, it seems to be trying (and failing) to set one of the groups to -1: [2012/04/12 18:01:20.950498, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 11 supplementary groups Group[ 0]: 5000 Group[ 1]: -1 Group[ 2]: 10501 Group[ 3]: 1 Group[ 4]: 10586 Group[ 5]: 10590 Group[ 6]: 10505 Group[ 7]: 20002 Group[ 8]: 20003 Group[ 9]: 20004 Group[ 10]: 20001 The corresponding truss output looks like this: 6114: setgroups(11, 0x08933B50) Err#22 EINVAL 6114: 5000 -1 10501 1 10586 10590 10505 20002 20003 20004 6114: 20001 The group with gid -1 corresponds to a group defined in /etc/group, the rest come from Active Directory. Occasionally smbd works correctly, and I see this in the log: [2012/04/12 17:57:58.790716, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 10 supplementary groups Group[ 0]: 5000 Group[ 1]: 10501 Group[ 2]: 1 Group[ 3]: 10586 Group[ 4]: 10590 Group[ 5]: 10505 Group[ 6]: 20002 Group[ 7]: 20003 Group[ 8]: 20004 Group[ 9]: 20001 This may not be relevant, but I also see the list of groups being shuffled: [2012/04/12 18:01:17.915485, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10017 Primary group is 5000 and contains 11 supplementary groups Group[ 0]: 5000 Group[ 1]: 10501 Group[ 2]: 1 Group[ 3]: 10586 Group[ 4]: -1 Group[ 5]: 10590 Group[ 6]: 10505 Group[ 7]: 20002 Group[ 8]: 20003 Group[ 9]: 20004 Group[ 10]: 20001 The Samba config. looks like this: [global] disable spoolss = Yes disable netbios = yes show add printer wizard = No security = ADS log level = 10 realm = FOO.BAR.COM password server = * kerberos method = system keytab workgroup = INTRA client lanman auth = no client ntlmv2 auth = yes max protocol = SMB2 winbind enum users = yes winbind enum groups = yes winbind separator = + winbind use default domain = yes winbind nss info = rfc2307 winbind refresh tickets = yes winbind cache time = 15 idmap config * : range = 2-3 idmap config * : backend = tdb idmap config INTRA : backend = ad idmap config INTRA : range = 1000-2 idmap config INTRA : schema_mode = rfc3207 [foo] path = /live/home/triddel read only = no force create mode = 0600 force directory mode = 2700 browsable = no Can anyone shed any light on this? Thanks. Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via bcc16f1 s4-libnet: split export_keytab in a separate python module to avoid pulling in HDB dependency via dda0531 WAF: Add support for stopping processing before end of wscript{_*} via 1f1e427 clikrb5: Move pure krb wrapper functions from libads to clikrb5. via 46ab219 gse: Remove unnecessary header. via a925c2c srv_keytab: Pass krb5_context directly, it's all we use anyways. via c13c065 krb5_wrap: krb5_string_to_key / krb5_encrypt_block are deprecated. via 70c303a auth-krb: Move pac related util functions in a single place. via 3fd6ded auth-krb: Make functions static. via d857e39 auth-krb: Use simpler method to extract keytype. via 88d5d5c auth-krb: Nove oid packet check to gensec_util. via f116262 s4-auth-krb: Remove dependency on credentials too. via a46e465 s4-auth-krb: Remove unneded dependency on kerberos_util. via aedbd6b s4-auth-krb: Simplify salt_princ handling. via 6de578a s4-auth-krb: Move function to db-glue.c and make it static. via b226955 s4-auth-krb: Move keytab functions in a separate file. via 7d203f7 s4-auth-krb: Streamline and cleanup code to make it readable. via 23d54e7 s4-auth-krb: streamline and rename enctype functions via 6f7fa0b s4-auth-krb: Make kerberos_enctype_bitmap_to_enctype static. via 60905c8 s4-auth-krb: Make kerberos_enctype_bitmap_to_enctypes static. via 670dbde s4-auth-krb: Move function into more appropriate header. via 70f1cd6 s4-auth-krb: Make cli_credentials_invalidate_client_gss_creds static. via b574e7c s4-auth-krb: Make impersonate_principal_from_credentials static. via 93aa451 gensec_gssapi: keep private header file close to the actual code via 6ab0dfe krb5_wrap: remove duplicate declaration and dead ifdef via c761654 s4-ldb: use KRB5_KEY macros to access key elements. via 011540b wafsamba: point out that local heimdal paths are not included when USING_SYSTEM_KRB5 gets set. via 1fedb0a waf: when USING_SYSTEM_KRB5 environment variable is set, dont configure local heimdal. via d82aab6 waf: when building with system krb5, we do not need to build local heimdal. via 60f192a s3-waf: remove requirement of having --enable-developer for running system krb5 checks. from 81d1749 Remove overly complex attemt to define blkcnt_t and blksize_t. AC_CHECK_TYPE should just do it. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit bcc16f191175740f200c12925b63d45478f06454 Author: Alexander Bokovoy a...@samba.org Date: Tue Apr 10 12:09:20 2012 +0300 s4-libnet: split export_keytab in a separate python module to avoid pulling in HDB dependency Signed-off-by: Andreas Schneider a...@samba.org Autobuild-User: Andreas Schneider a...@cryptomilk.org Autobuild-Date: Thu Apr 12 15:23:19 CEST 2012 on sn-devel-104 commit dda0531aae70e78e815fda8c594213369e76a847 Author: Alexander Bokovoy a...@samba.org Date: Tue Apr 3 11:22:15 2012 +0300 WAF: Add support for stopping processing before end of wscript{_*} WAF scripts are written in Python and Python has no simple way to stop program execution other than using exceptions. This change adds WscriptCheckSkipped exception and its handling in core WAF code. When any of wscript{_*} throws WscriptCheckSkipped exception, WAF simply continues to process next wscript in queue rather than breaking build. WscriptCheckSkipped exception can be used to perform early bail out of configuration/build target checks if certain dependency is not available when the default checks are way more numerous than a check for this particular dependency. This is to avoid 'if ...' indenting for large blocks of existing code which also muddens git history for nothing. Signed-off-by: Andreas Schneider a...@samba.org commit 1f1e4275b5fafbad1b5719f5efba7ee66f6d3037 Author: Simo Sorce i...@samba.org Date: Mon Apr 2 23:41:32 2012 -0400 clikrb5: Move pure krb wrapper functions from libads to clikrb5. Signed-off-by: Andreas Schneider a...@samba.org commit 46ab21900555ba2f6ef06417095d50f14a2be676 Author: Simo Sorce i...@samba.org Date: Mon Apr 2 10:20:24 2012 -0400 gse: Remove unnecessary header. Signed-off-by: Andreas Schneider a...@samba.org commit a925c2c48d07cd4f074325954d933e194b4704d8 Author: Simo Sorce i...@samba.org Date: Sun Apr 1 19:08:15 2012 -0400 srv_keytab: Pass krb5_context directly, it's all we use anyways. Signed-off-by: Andreas Schneider a...@samba.org commit c13c065a9b92c1abf17e999649ea6bb620615d6f Author: Simo Sorce i...@samba.org Date: Sun Apr 1 17:28:19 2012 -0400 krb5_wrap: krb5_string_to_key / krb5_encrypt_block are
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f6328b1 s3: Fix a typo via 6742aa1 s3: Fix a segfault with debug level 3 on Solaris from bcc16f1 s4-libnet: split export_keytab in a separate python module to avoid pulling in HDB dependency http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f6328b14c8d5fbc36d4597ebd52f74bfd60d92fc Author: Volker Lendecke v...@samba.org Date: Thu Apr 12 21:59:31 2012 +0200 s3: Fix a typo Autobuild-User: Volker Lendecke v...@samba.org Autobuild-Date: Thu Apr 12 23:38:24 CEST 2012 on sn-devel-104 commit 6742aa1fb62bdb70ee5e89d243b4058ba6b5e73a Author: Volker Lendecke v...@samba.org Date: Thu Apr 12 12:15:50 2012 +0200 s3: Fix a segfault with debug level 3 on Solaris printf can not deal with NULL strings --- Summary of changes: source3/modules/vfs_aio_linux.c |2 +- source3/smbd/password.c |3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_aio_linux.c b/source3/modules/vfs_aio_linux.c index f6fa80a..d49dc49 100644 --- a/source3/modules/vfs_aio_linux.c +++ b/source3/modules/vfs_aio_linux.c @@ -98,7 +98,7 @@ static bool init_aio_linux(struct vfs_handle_struct *handle) return true; } - /* Shedule a shutdown event for 30 seconds from now. */ + /* Schedule a shutdown event for 30 seconds from now. */ te = tevent_add_timer(server_event_context(), NULL, timeval_current_ofs(30, 0), diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 39cde15..2a76d83 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -286,7 +286,8 @@ int register_existing_vuid(struct smbd_server_connection *sconn, DEBUG(3, (register_existing_vuid: User name: %s\t Real name: %s\n, vuser-session_info-unix_info-unix_name, - vuser-session_info-info-full_name)); + vuser-session_info-info-full_name ? + vuser-session_info-info-full_name : )); if (!vuser-session_info-security_token) { DEBUG(1, (register_existing_vuid: session_info does not -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b8dea7e Wrong assertion/comparison: Compare value not pointer via da786cd We never cancel SMB1 aio, only SMB2 aio - and in this case we always return a value. via d399af3 Remove cancel_aio_by_fsp(). It can never work and could lead to memory corruption as outstanding IO's complete. Also we never have any aio's on a call to close_normal_file() with close_type ERROR_CLOSE. via fd38486 Fix return_fn when aio was cancelled. We need to return -1, errno = ECANCELED. via 9583910 Move the counting of outstanding_aio_calls into the lifecycle of the aio_extra struct. This way we can't end up with a mismatch between outstanding events and the counter. via 80a4e38 Fix the same bug reported by Kirill Malkin kirill.mal...@starboardstorage.com and fixed by Volker for vfs_aio_fork as ref 0aacdbfada46329e0ad9dacfa90041a1c7dbf3e8. from f6328b1 s3: Fix a typo http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b8dea7e82d0acb9e55e8bfe9a089c250d7380102 Author: Olaf Flebbe o.fle...@science-computing.de Date: Thu Apr 12 11:29:41 2012 +0200 Wrong assertion/comparison: Compare value not pointer Signed-off-by: Jeremy Allison j...@samba.org Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Fri Apr 13 02:23:36 CEST 2012 on sn-devel-104 commit da786cddd68d8777cad5e3d6c6fe5a3beac2a1a7 Author: Jeremy Allison j...@samba.org Date: Thu Apr 12 15:11:22 2012 -0700 We never cancel SMB1 aio, only SMB2 aio - and in this case we always return a value. So pass_cancel is no longer needed. commit d399af30c183663f487bf4d086ec4377f84725b0 Author: Jeremy Allison j...@samba.org Date: Thu Apr 12 15:04:42 2012 -0700 Remove cancel_aio_by_fsp(). It can never work and could lead to memory corruption as outstanding IO's complete. Also we never have any aio's on a call to close_normal_file() with close_type ERROR_CLOSE. commit fd3848636498fa357ff0085a126e374a3e91d14b Author: Jeremy Allison j...@samba.org Date: Thu Apr 12 15:04:08 2012 -0700 Fix return_fn when aio was cancelled. We need to return -1, errno = ECANCELED. commit 95839102ad9c1b052924a99ee938991a305d1add Author: Jeremy Allison j...@samba.org Date: Thu Apr 12 13:48:29 2012 -0700 Move the counting of outstanding_aio_calls into the lifecycle of the aio_extra struct. This way we can't end up with a mismatch between outstanding events and the counter. We may still have problems with canceling and not correctly freeing the aio struct, but at least the counter won't get out of sync anymore. commit 80a4e38d6465d8ae47ca113027421af852d34316 Author: Jeremy Allison j...@samba.org Date: Thu Apr 12 13:15:23 2012 -0700 Fix the same bug reported by Kirill Malkin kirill.mal...@starboardstorage.com and fixed by Volker for vfs_aio_fork as ref 0aacdbfada46329e0ad9dacfa90041a1c7dbf3e8. From that change: aio_suspend does not signal the main process with a signal, it just waits. The aio_fork module does not use the signal at all, it directly calls back into the main smbd by calling smbd_aio_complete_aio_ex. This is an abstraction violation, but the alternative would have been to use signals where they are not needed. However, in wait_for_aio_completion this bites us: With aio_fork we call handle_aio_completed twice on the same aio_ex struct: Once from the call to handle_aio_completion within the aio_fork module and once from the code in wait_for_aio_completion. Fix this differently here by not calling directly back into smbd, but using a new function aio_linux_setup_returns() to setup the return values that wait_for_aio_completion() in the main smbd will pick up by calling handle_aio_completd(). --- Summary of changes: source3/modules/vfs_aio_fork.c|5 +++ source3/modules/vfs_aio_linux.c | 33 -- source3/modules/vfs_aio_pthread.c |5 +++ source3/registry/reg_parse.c |4 +- source3/smbd/aio.c| 66 ++--- source3/smbd/close.c | 21 +--- source3/smbd/proto.h |1 - 7 files changed, 68 insertions(+), 67 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_aio_fork.c b/source3/modules/vfs_aio_fork.c index d10cc9f..f3e8f7f 100644 --- a/source3/modules/vfs_aio_fork.c +++ b/source3/modules/vfs_aio_fork.c @@ -710,6 +710,11 @@ static ssize_t aio_fork_return_fn(struct vfs_handle_struct *handle, child-aiocb = NULL; + if (child-cancelled) { + errno = ECANCELED; + return -1; + } + if (child-retval.size == -1) { errno