Re: [Samba] Samba4 LDAP: how to write to idmap.ldb

[Matthieu Patou]

On 05/13/2012 07:49 PM, Andrew Bartlett wrote:

On Sun, 2012-05-13 at 10:40 -0700, Matthieu Patou wrote:

On 05/12/2012 11:30 PM, steve wrote:

Hi everyone

I can change a mapping in idmap.ldb according to the samba4 wiki:
https://wiki.samba.org/index.php/Samba4/HOWTO#Managing_Samba_4_Active_Directory_From_Windows_XP_Pro


But if I delete an object via ldbmodify or ldbedit, it doesn't delete
the entry in idmap.ldb. We have users who we deleted long ago still
present there. Over a period of time, this could amount to a lot of
wasted space.


No the space used in idmap for a user mapping is ridiculously small if
you don't have removed ~ 10 000 users it's not worth to worry about

Would it be possible that samba-tool user deletex  and samba-tool
group deletey  also delete the corresponding entry in idmap.ldb?


Yeah it could be file an request in bugzilla explaining this, it's an
enhancement and I think it has a pretty low priority.

In the same time you should ask also for an expunge command so that if
you removed the user/group from ADCU we could remove all inactive groups.

But that's very very very low priority to me but should be rather easy
to do.

The reason not to do this at all is that just as the SID is never
re-used, the UID should not be re-used.
The thing is that we keep track of the latest usn (at least in s4 idmap) 
so even if we purge removed users we won't cycle on already affected 
UID/GID.



Additionally, if that UID or SID were to be found on a file ACL, it is
critically important that we continue to map it in the same way (as the
acl_xattr check-hash on the SD for posix/NT consistency is done on the
mapped-from-posix NT ACL).

Oh I didn't knew that.




--
Matthieu Patou
Samba Team
http://samba.org

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Quota

[CARLOS COLOMBO]

Please, can anybody help us with that? 

Thanks

- Mensagem original -
De: CARLOS COLOMBO ccolo...@univates.br
Para: samba@lists.samba.org
Enviadas: Terça-feira, 8 de Maio de 2012 11:33:22
Assunto: [Samba] Quota

Hi,

On our servers we have configured an enviroment with LDAP + Samba + Quotas. 
Working properly for windows hosts in wich are configured shared homes. The 
same works on Linux hosts with only one exception, the homes are shared with 
NFS.

Now because of security issues we have decided to use samba on both 
enviroments. And so came the problem:

The users of the shares were informed of their quota every day via 
notifications. And they grew accostumed to this. 

But...we can't find, by any means, a way to show the same information to the 
users.


ii  samba  2:3.4.7~dfsg-1ubuntu3.2 
SMB/CIFS file, print, and login server for U
ii  samba-common   2:3.4.7~dfsg-1ubuntu3.2 
common files used by both the Samba server a
ii  samba-common-bin   2:3.4.7~dfsg-1ubuntu3.2 
common files used by both the Samba server a
ii  samba-doc  2:3.4.7~dfsg-1ubuntu3.2 
Samba documentation


Thanks in advance!

Carlos Colombo
Solis - Cooperativa de Soluções Livres
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Quota

[Dennis Leeuw]

This is not a samba problem. The quota notifications are probably done 
by some script running from cron that calls repquota. So this is a quota 
question, and probably the reason you didn't receive an answer from the 
samba list.


Greetings,

Dennis

On 05/14/2012 12:42 PM, CARLOS COLOMBO wrote:

Please, can anybody help us with that?

Thanks

- Mensagem original -
De: CARLOS COLOMBOccolo...@univates.br
Para: samba@lists.samba.org
Enviadas: Terça-feira, 8 de Maio de 2012 11:33:22
Assunto: [Samba] Quota

Hi,

On our servers we have configured an enviroment with LDAP + Samba + Quotas. 
Working properly for windows hosts in wich are configured shared homes. The 
same works on Linux hosts with only one exception, the homes are shared with 
NFS.

Now because of security issues we have decided to use samba on both 
enviroments. And so came the problem:

The users of the shares were informed of their quota every day via 
notifications. And they grew accostumed to this.

But...we can't find, by any means, a way to show the same information to the 
users.


ii  samba  2:3.4.7~dfsg-1ubuntu3.2 
SMB/CIFS file, print, and login server for U
ii  samba-common   2:3.4.7~dfsg-1ubuntu3.2 
common files used by both the Samba server a
ii  samba-common-bin   2:3.4.7~dfsg-1ubuntu3.2 
common files used by both the Samba server a
ii  samba-doc  2:3.4.7~dfsg-1ubuntu3.2 
Samba documentation


Thanks in advance!

Carlos Colombo
Solis - Cooperativa de Soluções Livres


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows 7 often creates new user profiles

[Donny Brooks]

 
 
 
On Saturday, May 12, 2012 04:48 PM CDT, Christian Meier ch2...@arcor.de 
wrote: 
 
 On Sat, 12 May 2012 17:47:02 +0200
 Christian Meier ch2...@arcor.de wrote:
 
  Windows 7 clients often create new roaming profiles for existing
  users for no identifiable reason. Windows XP isn't affected.
 
 Some reasons for this behavior I googled:
 
 1. insufficient permissions for profile-folder
 2. trust relationship between this workstation and the primary domain
 failed. -- dis-join and rejoin the workstation
 3. .bak is appended in registry at HKEY_LOCAL_MACHINE\Software\Microsoft
 \Windows NT\CurrentVersion\ProfileList. Remove the other SIDs and the
 .bak extension.
 4. do not use roaming profiles. (But there are other problems with
 folder redirection [1].)
 
 [1]
 http://wiki.samba.org/index.php/Samba__Windows_Profiles#Folder_Redirection
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba

We too have seen this behavior but only on one of our pc's. It is not the 
server side that gets the rename as someone else mentioned  but rather on the 
PC side. If you look in C:\Users\ you will see:

username
username.DOMAIN
username.DOMAIN.000
username.DOMAIN.001
username.DOMAIN.002
etc

The profile seems to be pulling/writing to the server just fine. We have tried 
removing all the entries in the registry for all users on the machine except 
the local administrator one, removing/rejoining the pc to the domain, and 
double checking permissions all to no avail. It will do right for a few weeks 
and then it will start doing the multiple profiles again. To this date we have 
not found a way to fix the issue. 
-- 
Donny B. 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba home folder share

[Muhammad Yousuf Khan]

On Sun, May 13, 2012 at 9:38 PM, Jorell jore...@fastmail.net wrote:
 On 5/10/2012 11:19 PM, Muhammad Yousuf Khan wrote:

 i am u sing AD integrated Samba with winbind,I need to share a samba
 home folder for every single user in my Active directory. since i dont
 wanna create every user's directory i want samba to manage it. however
 i dont wanna place the home folders on default path as the boot drive
 (/dev/sda) is very small to store the data, beside that,  i do have
 storage /nas/users which is a mount point of my raid array. so
 specifically every user's home folder should be created on /nas/users
 and this is my home share details in samba.

 [homes]
    comment = Home Directories
    browseable = yes
    writeable = yes
    create mask = 0700
    directory mask = 0700
    valid users = %S

 after sharing i can see two folders on the samba share
 1. admin (which is my valid user and i was expecting this)
 2. home ( this is some thing making me confuse, it shouldn't  suppose
 to be there )

 however, when i click on both folders it gives me an error

 you might not have permission to use this network resource ..
 Blah blah blah[global]

        workgroup = 
        realm = .COM
        netbios name = nasbox
        server string = %h server
        security = ADS
        obey pam restrictions = Yes
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\s*\spassword:* %n\n
 *Retype\snew\s*\spassword:* %n\n *password\supd$
        unix password sync = Yes
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        dns proxy = No
        panic action = /usr/share/samba/panic-action %d
        idmap uid = 1-2
        idmap gid = 1-2
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
 .

 further, all other shares are working fine. here is my samba global.





 Thanks


 here is what I use in my conf
 [ProfileShare]
 ...
 root preexec = /root/pdc/smbmkhomedir.sh %D %U
 ...


  smbmkhomedir.sh 
 #!/bin/bash
 if [ ! -e /home/$1/$2 ]; then
    mkdir -p /home/$1/$2
    chown $2:Domain Users /home/$1/$2
    chmod 4711 /home/$1/$2
    setfacl --set=d:u::rwx,d:g::--x,d:o::---,d:u:$2:rwx,d:g:'domain
 users':--x /home/$1/$2
 fi
 exit 0


can you please share a bit more

[global]
?
[profileshare]
?

that would be very helpful.

Thank you,


 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba home folder share

[Jorell]

On 5/14/2012 6:42 AM, Muhammad Yousuf Khan wrote:

On Sun, May 13, 2012 at 9:38 PM, Jorelljore...@fastmail.net  wrote:

On 5/10/2012 11:19 PM, Muhammad Yousuf Khan wrote:


i am u sing AD integrated Samba with winbind,I need to share a samba
home folder for every single user in my Active directory. since i dont
wanna create every user's directory i want samba to manage it. however
i dont wanna place the home folders on default path as the boot drive
(/dev/sda) is very small to store the data, beside that,  i do have
storage /nas/users which is a mount point of my raid array. so
specifically every user's home folder should be created on /nas/users
and this is my home share details in samba.

[homes]
comment = Home Directories
browseable = yes
writeable = yes
create mask = 0700
directory mask = 0700
valid users = %S

after sharing i can see two folders on the samba share
1. admin (which is my valid user and i was expecting this)
2. home ( this is some thing making me confuse, it shouldn't  suppose
to be there )

however, when i click on both folders it gives me an error

you might not have permission to use this network resource ..
Blah blah blah[global]

workgroup = 
realm = .COM
netbios name = nasbox
server string = %h server
security = ADS
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supd$
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
panic action = /usr/share/samba/panic-action %d
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
.

further, all other shares are working fine. here is my samba global.





Thanks



here is what I use in my conf
[ProfileShare]
...
root preexec = /root/pdc/smbmkhomedir.sh %D %U
...


  smbmkhomedir.sh
#!/bin/bash
if [ ! -e /home/$1/$2 ]; then
mkdir -p /home/$1/$2
chown $2:Domain Users /home/$1/$2
chmod 4711 /home/$1/$2
setfacl --set=d:u::rwx,d:g::--x,d:o::---,d:u:$2:rwx,d:g:'domain
users':--x /home/$1/$2
fi
exit 0



can you please share a bit more

[global]
?
[profileshare]
?

that would be very helpful.

Thank you,



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



On my partition it mounts with acl,user_xattr


[global]
workgroup = MIDEARTH
netbios name = FRODO
realm = MIDEARTH.REALM
server string = %D server (samba %v)
security = ADS
map to guest = Bad User
encrypt passwords = Yes
lanman auth = No
ntlm auth = No
client NTLMv2 auth = Yes
printcap name = cups
printing = cups
disable spoolss = No
show add printer wizard = No
log file = /var/log/samba/log.%m
max log size = 512
syslog = 0
map archive = No
map system = No
map hidden = No
map readonly = No
store dos attributes = Yes
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap backend = tdb
idmap uid = 1-1
idmap gid = 1-1
idmap config MIDEARTH : backend = ad
idmap config MIDEARTH : range = 2-2

[ProfileShare]
comment = Roaming Profile Share
path = /home/%D/%U
valid users = %U
read only = No
guest ok = No
browseable = No
root preexec = /root/pdc/smbmkhomedir.sh %D %U
create mask = 4711
directory mask = 4711
map acl inherit = Yes
profile acls = Yes
store dos attributes = Yes
map archive = No
map system = No
map hidden = No
map readonly = no

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows 7 often creates new user profiles

[Ben Metcalfe]

There's a thread here:

http://social.technet.microsoft.com/Forums/en/winserverDS/thread/a9ef96fb-1e20-469c-b1ea-306846f46181

...that implicates the winlogon process, and indicates a few possible fixes
and troubleshooting options. Aside from the ideas mentioned, I've had good
results in similar situations logging access/activity with Mark
Russinovich's (sysinternals) Process Monitor and ADinsight:

http://technet.microsoft.com/en-us/sysinternals/bb897539

Best of luck.

On 14 May 2012 13:54, Donny Brooks dbro...@mdah.state.ms.us wrote:




 On Saturday, May 12, 2012 04:48 PM CDT, Christian Meier ch2...@arcor.de
 wrote:

  On Sat, 12 May 2012 17:47:02 +0200
  Christian Meier ch2...@arcor.de wrote:
 
   Windows 7 clients often create new roaming profiles for existing
   users for no identifiable reason. Windows XP isn't affected.
 
  Some reasons for this behavior I googled:
 
  1. insufficient permissions for profile-folder
  2. trust relationship between this workstation and the primary domain
  failed. -- dis-join and rejoin the workstation
  3. .bak is appended in registry at HKEY_LOCAL_MACHINE\Software\Microsoft
  \Windows NT\CurrentVersion\ProfileList. Remove the other SIDs and the
  .bak extension.
  4. do not use roaming profiles. (But there are other problems with
  folder redirection [1].)
 
  [1]
 
 http://wiki.samba.org/index.php/Samba__Windows_Profiles#Folder_Redirection
  --
  To unsubscribe from this list go to the following URL and read the
  instructions:  https://lists.samba.org/mailman/options/samba

 We too have seen this behavior but only on one of our pc's. It is not the
 server side that gets the rename as someone else mentioned  but rather on
 the PC side. If you look in C:\Users\ you will see:

 username
 username.DOMAIN
 username.DOMAIN.000
 username.DOMAIN.001
 username.DOMAIN.002
 etc

 The profile seems to be pulling/writing to the server just fine. We have
 tried removing all the entries in the registry for all users on the machine
 except the local administrator one, removing/rejoining the pc to the
 domain, and double checking permissions all to no avail. It will do right
 for a few weeks and then it will start doing the multiple profiles again.
 To this date we have not found a way to fix the issue.
 --
 Donny B.

 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba home folder share

[Muhammad Yousuf Khan]

On Mon, May 14, 2012 at 7:04 PM, Jorell jore...@fastmail.net wrote:
 On 5/14/2012 6:42 AM, Muhammad Yousuf Khan wrote:

 On Sun, May 13, 2012 at 9:38 PM, Jorelljore...@fastmail.net  wrote:

 On 5/10/2012 11:19 PM, Muhammad Yousuf Khan wrote:


 i am u sing AD integrated Samba with winbind,I need to share a samba
 home folder for every single user in my Active directory. since i dont
 wanna create every user's directory i want samba to manage it. however
 i dont wanna place the home folders on default path as the boot drive
 (/dev/sda) is very small to store the data, beside that,  i do have
 storage /nas/users which is a mount point of my raid array. so
 specifically every user's home folder should be created on /nas/users
 and this is my home share details in samba.

 [homes]
    comment = Home Directories
    browseable = yes
    writeable = yes
    create mask = 0700
    directory mask = 0700
    valid users = %S

 after sharing i can see two folders on the samba share
 1. admin (which is my valid user and i was expecting this)
 2. home ( this is some thing making me confuse, it shouldn't  suppose
 to be there )

 however, when i click on both folders it gives me an error

 you might not have permission to use this network resource ..
 Blah blah blah[global]

        workgroup = 
        realm = .COM
        netbios name = nasbox
        server string = %h server
        security = ADS
        obey pam restrictions = Yes
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\s*\spassword:* %n\n
 *Retype\snew\s*\spassword:* %n\n *password\supd$
        unix password sync = Yes
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        dns proxy = No
        panic action = /usr/share/samba/panic-action %d
        idmap uid = 1-2
        idmap gid = 1-2
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
 .

 further, all other shares are working fine. here is my samba global.





 Thanks



 here is what I use in my conf
 [ProfileShare]
 ...
 root preexec = /root/pdc/smbmkhomedir.sh %D %U
 ...


   smbmkhomedir.sh
 #!/bin/bash
 if [ ! -e /home/$1/$2 ]; then
    mkdir -p /home/$1/$2
    chown $2:Domain Users /home/$1/$2
    chmod 4711 /home/$1/$2
    setfacl --set=d:u::rwx,d:g::--x,d:o::---,d:u:$2:rwx,d:g:'domain
 users':--x /home/$1/$2
 fi
 exit 0



 can you please share a bit more

 [global]
 ?
 [profileshare]
 ?

 that would be very helpful.

 Thank you,


 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba



 On my partition it mounts with acl,user_xattr


yes exactly that is making me confuse becuase i am have never used an
ACL. anyways. ill try this stuff next day since my office is closing
and need to leave ill update the status soon Thanks,


 [global]
 workgroup = MIDEARTH
 netbios name = FRODO
 realm = MIDEARTH.REALM
 server string = %D server (samba %v)
 security = ADS
 map to guest = Bad User
 encrypt passwords = Yes
 lanman auth = No
 ntlm auth = No
 client NTLMv2 auth = Yes
 printcap name = cups
 printing = cups
 disable spoolss = No
 show add printer wizard = No
 log file = /var/log/samba/log.%m
 max log size = 512
 syslog = 0
 map archive = No
 map system = No
 map hidden = No
 map readonly = No
 store dos attributes = Yes

 winbind enum users = Yes
 winbind enum groups = Yes
 winbind use default domain = Yes
 idmap backend = tdb
 idmap uid = 1-1
 idmap gid = 1-1
 idmap config MIDEARTH : backend = ad
 idmap config MIDEARTH : range = 2-2

 [ProfileShare]
 comment = Roaming Profile Share
 path = /home/%D/%U
 valid users = %U
 read only = No
 guest ok = No
 browseable = No

 root preexec = /root/pdc/smbmkhomedir.sh %D %U
 create mask = 4711
 directory mask = 4711
 map acl inherit = Yes
 profile acls = Yes
 store dos attributes = Yes
 map archive = No
 map system = No
 map hidden = No
 map readonly = no


 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] idmap_ad partially stopped working after upgrading Samba from 3.4.3 to 3.6.3

[Javier Conti]

Dear list,

upgrading from SLES11 SP1 to SLES11 SP2, I upgraded Samba from 3.4.3
to 3.6.3. I was successfully using idmap_ad to authenticate users but
after the upgrade it stopped working and users are not seen by the OS.
Obviously the users I want to see on the Linux server have all RFC2307
attributes populated and are seen by all other SLES11 SP1 servers.

I checked everything (I know) from the Samba point of view, and it almost
seems ok, but wbinfo -i fails as follows:

  # wbinfo -i myuser
  failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
  Could not get info for user myuser

Using the same user, for example, I can do:

  # wbinfo -n myuser
  S-1-5-21-828208052-1092558876-1846952604-22794 SID_USER (1)
  # wbinfo -n Domain Users
  S-1-5-21-828208052-1092558876-1846952604-513 SID_DOM_GROUP (2)

  # wbinfo -s S-1-5-21-828208052-1092558876-1846952604-22794
  MYDOMAIN\myuser 1
  # wbinfo -s S-1-5-21-828208052-1092558876-1846952604-513
  MYDOMAIN\Domain Users

  # net -Uadminuser user info myuser |head
  Enter adminuser's password:
  domain users
  [...]
  # net -Uadminuser ads user  |grep myuser
  Enter adminuser's password:
  myuser

Obviously, id(1) and getent(1) fail. What I get is:

[2012/05/14 16:50:47.958484,  6] winbindd/winbindd.c:792(new_connection)
  accepted socket 25
[2012/05/14 16:50:47.958604, 10] winbindd/winbindd.c:642(process_request)
  process_request: request fn INTERFACE_VERSION
[2012/05/14 16:50:47.958644,  3]
winbindd/winbindd_misc.c:384(winbindd_interface_version)
  [ 5756]: request interface version
[2012/05/14 16:50:47.958705, 10]
winbindd/winbindd.c:738(winbind_client_response_written)
  winbind_client_response_written[5756:INTERFACE_VERSION]: delivered
response to client
[2012/05/14 16:50:47.958771, 10] winbindd/winbindd.c:642(process_request)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2012/05/14 16:50:47.958808,  3]
winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir)
  [ 5756]: request location of privileged pipe
[2012/05/14 16:50:47.958870, 10]
winbindd/winbindd.c:738(winbind_client_response_written)
  winbind_client_response_written[5756:WINBINDD_PRIV_PIPE_DIR]:
delivered response to client
[2012/05/14 16:50:47.958939,  6] winbindd/winbindd.c:792(new_connection)
  accepted socket 26
[2012/05/14 16:50:47.958995,  6]
winbindd/winbindd.c:840(winbind_client_request_read)
  closing socket 25, client exited
[2012/05/14 16:50:47.959058, 10] winbindd/winbindd.c:615(process_request)
  process_request: Handling async request 5756:GETPWNAM
[2012/05/14 16:50:47.959097,  3]
winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
  getpwnam myuser
[2012/05/14 16:50:47.959135,  1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
   wbint_LookupName: struct wbint_LookupName
  in: struct wbint_LookupName
  domain   : *
  domain   : 'MYDOMAIN'
  name : *
  name : 'MYUSER'
  flags: 0x0008 (8)
[2012/05/14 16:50:47.959276,  1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
   wbint_LookupName: struct wbint_LookupName
  out: struct wbint_LookupName
  type : *
  type : SID_NAME_USER (1)
  sid  : *
  sid  :
S-1-5-21-828208052-1092558876-1846952604-22794
  result   : NT_STATUS_OK
[2012/05/14 16:50:47.959404,  1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
   wbint_QueryUser: struct wbint_QueryUser
  in: struct wbint_QueryUser
  sid  : *
  sid  :
S-1-5-21-828208052-1092558876-1846952604-22794
[2012/05/14 16:50:47.959499,  1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
   wbint_QueryUser: struct wbint_QueryUser
  out: struct wbint_QueryUser
  info : *
  info: struct wbint_userinfo
  acct_name: *
  acct_name: 'myuser'
  full_name: *
  full_name: 'Lastname Firstname'
  homedir  : *
  homedir  : '/home/myuser'
  shell: *
  shell: '/bin/bash'
  primary_gid  : 0x2710 (1)
  user_sid :
S-1-5-21-828208052-1092558876-1846952604-22794
  group_sid:
S-1-5-21-828208052-1092558876-1846952604-513
  result   : NT_STATUS_OK
[2012/05/14 16:50:47.959686, 10] winbindd/wb_sid2uid.c:56(wb_sid2uid_send)
  idmap_cache_find_sid2uid found 10106
[2012/05/14 

Re: [Samba] idmap_ad partially stopped working after upgrading Samba from 3.4.3 to 3.6.3

[David Disseldorp]

Hi Javier,

On Mon, 14 May 2012 17:48:09 +0200
Javier Conti javier.co...@gmail.com wrote:

 upgrading from SLES11 SP1 to SLES11 SP2, I upgraded Samba from 3.4.3
 to 3.6.3. I was successfully using idmap_ad to authenticate users but
 after the upgrade it stopped working and users are not seen by the OS.
 Obviously the users I want to see on the Linux server have all RFC2307
 attributes populated and are seen by all other SLES11 SP1 servers.
 
 I checked everything (I know) from the Samba point of view, and it almost
 seems ok, but wbinfo -i fails as follows:
 
   # wbinfo -i myuser
   failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
   Could not get info for user myuser

Thanks for your report. As this version of Samba is vendor supported,
I'd encourage you to raise this issue at bugzilla.novell.com.

Do you also encounter this error with winbind use default domain = no
configured, running wbinfo -i MYDOMAIN\\myuser?

Cheers, David
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[SCM] Samba Shared Repository - branch master updated

[Volker Lendecke]

The branch, master has been updated
   via  46a41d0 s3: Fix Coverity ID 241320 Array compared against 0
   via  87542e1 s3: Make SMB_QUERY_FILE_UNIX_BASIC's devno work for files
  from  e945511 move the dbwrap library to the top level

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 46a41d0fbdd7b4524313c9299851ad7a63244763
Author: Volker Lendecke v...@samba.org
Date:   Wed May 9 16:36:55 2012 +0200

s3: Fix Coverity ID 241320 Array compared against 0

domain-alt_name is an array, not a pointer

Autobuild-User: Volker Lendecke v...@samba.org
Autobuild-Date: Mon May 14 15:11:47 CEST 2012 on sn-devel-104

commit 87542e1310cfa90e5af0b00d77def969c7b38aef
Author: Volker Lendecke v...@samba.org
Date:   Fri May 11 13:31:36 2012 +0200

s3: Make SMB_QUERY_FILE_UNIX_BASIC's devno work for files

According to susv3, st_rdev is valid exactly for char and block devices. 
Normal
files have st_dev set.

---

Summary of changes:
 source3/smbd/trans2.c|   11 +--
 source3/winbindd/winbindd_misc.c |2 +-
 2 files changed, 10 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 5cfbc31..590ee5b 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -3959,6 +3959,7 @@ static char *store_file_unix_basic(connection_struct 
*conn,
const SMB_STRUCT_STAT *psbuf)
 {
uint64_t file_index = get_FileIndex(conn, psbuf);
+   dev_t devno;
 
DEBUG(10,(store_file_unix_basic: SMB_QUERY_FILE_UNIX_BASIC\n));
DEBUG(4,(store_file_unix_basic: st_mode=%o\n,(int)psbuf-st_ex_mode));
@@ -3985,11 +3986,17 @@ static char *store_file_unix_basic(connection_struct 
*conn,
SIVAL(pdata,0,unix_filetype(psbuf-st_ex_mode));
pdata += 4;
 
-   SIVAL(pdata,0,unix_dev_major(psbuf-st_ex_rdev));   /* Major device 
number if type is device */
+   if (S_ISBLK(psbuf-st_ex_mode) || S_ISCHR(psbuf-st_ex_mode)) {
+   devno = psbuf-st_ex_rdev;
+   } else {
+   devno = psbuf-st_ex_dev;
+   }
+
+   SIVAL(pdata,0,unix_dev_major(devno));   /* Major device number if type 
is device */
SIVAL(pdata,4,0);
pdata += 8;
 
-   SIVAL(pdata,0,unix_dev_minor(psbuf-st_ex_rdev));   /* Minor device 
number if type is device */
+   SIVAL(pdata,0,unix_dev_minor(devno));   /* Minor device number if type 
is device */
SIVAL(pdata,4,0);
pdata += 8;
 
diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c
index 6f87302..4759a17 100644
--- a/source3/winbindd/winbindd_misc.c
+++ b/source3/winbindd/winbindd_misc.c
@@ -200,7 +200,7 @@ enum winbindd_result 
winbindd_dual_list_trusted_domains(struct winbindd_domain *
if (state-request-data.list_all_domains  !have_own_domain) {
extra_data = talloc_asprintf_append_buffer(
extra_data, %s\\%s\\%s\n, domain-name,
-   domain-alt_name ? domain-alt_name : domain-name,
+   domain-alt_name[0] ? domain-alt_name : domain-name,
sid_string_talloc(state-mem_ctx, domain-sid));
}
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Stefan Metzmacher]

The branch, master has been updated
   via  aca64f6 libcli/smb: move smb2cli_logoff_* from source3 to the top 
level
   via  ce0d6d8 libcli/smb: git mv smb2_session.c smb2cli_session.c
   via  bf6b2fa s3:libsmb: s/\event_context/tevent_context/gc in 
smb2cli_write.c
   via  2a39c5f s3:libsmb: s/\event_context/tevent_context/gc in 
smb2cli_session.c
   via  640154c s3:libsmb: s/\event_context/tevent_context/gc in 
smb2cli_read.c
   via  1395e46 s3:libsmb: s/\event_context/tevent_context/gc in 
smb2cli_query_directory.c
   via  f88c60b s3:libsmb: s/\event_context/tevent_context/gc in 
smb2cli_ioctl.c
   via  132 s3:libsmb: s/\event_context/tevent_context/gc in 
smb2cli_flush.c
   via  820160c s3:libsmb: s/\event_context/tevent_context/gc in 
smb2cli_create.c
   via  b2dcc7a s3:libsmb: s/\event_context/tevent_context/gc in 
smb2cli_close.c
   via  0cb1fda s3:libsmb: s/\event_context/tevent_context/gc in 
smb2cli_tcon.c
   via  b2c9fe4 lib/util: move tevent_req_poll_ntstatus() to 
tevent_ntstatus.c
   via  23887fa s3:torture: add #include lib/util/tevent_ntstatus.h to 
test_addrchange.c
   via  05e4f24 s3:lib/util: use map_nt_error_from_unix_common() in 
tevent_req_poll_ntstatus()
   via  b4f2184 lib/util: add missing 'errors' dependency to 'tevent-util'
   via  bf8829b5 s4:lib/events: no longer define TEVENT_COMPAT_DEFINES
   via  d41db72 s4:lib/events: remove unused event_context_find() prototype
   via  99a72e9 libcli/nbt: no longer use old 'event_' tevent compat symbols
   via  e05b54e lib/tevent/testsuite: no longer use 'compat' symbols
   via  e7e6796 s3:smb2_close: make the top level code async using
   via  b8d999c s3:smb2_close: add add smbd_smb2_close_send/recv as wrapper
   via  643e648 s3:smb2_close: don't do any marshalling in 
smbd_smb2_close() let the caller to it
   via  302f767 s3:smb2_tcon: make the top level code async using
   via  b19a9db s3:smb2_tcon: add smbd_smb2_tree_connect_send/recv as 
wrapper
  from  46a41d0 s3: Fix Coverity ID 241320 Array compared against 0

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit aca64f642da78e777b113a6b25342f18fc18c502
Author: Stefan Metzmacher me...@samba.org
Date:   Mon May 14 09:47:05 2012 +0200

libcli/smb: move smb2cli_logoff_* from source3 to the top level

metze

Autobuild-User: Stefan Metzmacher me...@samba.org
Autobuild-Date: Mon May 14 17:02:46 CEST 2012 on sn-devel-104

commit ce0d6d89eebf7747b1e8e6489400752287f4bec1
Author: Stefan Metzmacher me...@samba.org
Date:   Mon May 14 09:41:10 2012 +0200

libcli/smb: git mv smb2_session.c smb2cli_session.c

metze

commit bf6b2fa96bc3668cfaf3d28e8a377c6b7cac950a
Author: Stefan Metzmacher me...@samba.org
Date:   Mon May 14 09:56:47 2012 +0200

s3:libsmb: s/\event_context/tevent_context/gc in smb2cli_write.c

metze

commit 2a39c5f51358889d02e7b949ae32598e320b4182
Author: Stefan Metzmacher me...@samba.org
Date:   Mon May 14 09:56:47 2012 +0200

s3:libsmb: s/\event_context/tevent_context/gc in smb2cli_session.c

metze

commit 640154c4346400ca50a3268d3fc41a4a23856dd5
Author: Stefan Metzmacher me...@samba.org
Date:   Mon May 14 09:56:47 2012 +0200

s3:libsmb: s/\event_context/tevent_context/gc in smb2cli_read.c

metze

commit 1395e46a8c0a6362df13ad552660e80540dcfa3c
Author: Stefan Metzmacher me...@samba.org
Date:   Mon May 14 09:56:47 2012 +0200

s3:libsmb: s/\event_context/tevent_context/gc in smb2cli_query_directory.c

metze

commit f88c60bc70af4430cb27167d90d4dadb7346c4d1
Author: Stefan Metzmacher me...@samba.org
Date:   Mon May 14 09:56:47 2012 +0200

s3:libsmb: s/\event_context/tevent_context/gc in smb2cli_ioctl.c

metze

commit 1324528f5fc15340cda89c778a813768fb46
Author: Stefan Metzmacher me...@samba.org
Date:   Mon May 14 09:56:47 2012 +0200

s3:libsmb: s/\event_context/tevent_context/gc in smb2cli_flush.c

metze

commit 820160ca0d97446d52499c8a5c5951967476a8ed
Author: Stefan Metzmacher me...@samba.org
Date:   Mon May 14 09:56:47 2012 +0200

s3:libsmb: s/\event_context/tevent_context/gc in smb2cli_create.c

metze

commit b2dcc7a061cb7438a51f886d7cd649b4c577ae04
Author: Stefan Metzmacher me...@samba.org
Date:   Mon May 14 09:56:47 2012 +0200

s3:libsmb: s/\event_context/tevent_context/gc in smb2cli_close.c

metze

commit 0cb1fdac4ee89eb02a4c5772bec8796d136f3026
Author: Stefan Metzmacher me...@samba.org
Date:   Mon May 14 09:55:42 2012 +0200

s3:libsmb: s/\event_context/tevent_context/gc in smb2cli_tcon.c

metze

commit b2c9fe4ad18fd4ecb04bc2e3c2896e06418efed0
Author: Stefan Metzmacher me...@samba.org
Date:   Mon May 14 10:02:24 2012 +0200

lib/util: move tevent_req_poll_ntstatus() to tevent_ntstatus.c

metze

commit 

[SCM] Samba Shared Repository - branch master updated

[Volker Lendecke]

The branch, master has been updated
   via  997da4a s3: talloc_zero is not needed for structs we ndr_pull into
  from  aca64f6 libcli/smb: move smb2cli_logoff_* from source3 to the top 
level

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 997da4a28bad4b60cdf429ef98e381fa9af63502
Author: Volker Lendecke v...@samba.org
Date:   Mon May 7 11:26:39 2012 +0200

s3: talloc_zero is not needed for structs we ndr_pull into

Autobuild-User: Volker Lendecke v...@samba.org
Autobuild-Date: Mon May 14 18:59:07 CEST 2012 on sn-devel-104

---

Summary of changes:
 source3/locking/share_mode_lock.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/locking/share_mode_lock.c 
b/source3/locking/share_mode_lock.c
index de8cc3c..f28332c 100644
--- a/source3/locking/share_mode_lock.c
+++ b/source3/locking/share_mode_lock.c
@@ -124,7 +124,7 @@ static struct share_mode_data *parse_share_modes(TALLOC_CTX 
*mem_ctx,
enum ndr_err_code ndr_err;
DATA_BLOB blob;
 
-   d = talloc_zero(mem_ctx, struct share_mode_data);
+   d = talloc(mem_ctx, struct share_mode_data);
if (d == NULL) {
DEBUG(0, (talloc failed\n));
goto fail;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Amitay Isaacs]

The branch, master has been updated
   via  747e539 samba-upgradedns: Use the correct magic incantation of 
sys.path.insert()
  from  997da4a s3: talloc_zero is not needed for structs we ndr_pull into

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 747e539ad04f4a4781c388d86f4d6110331a0f3f
Author: Amitay Isaacs ami...@gmail.com
Date:   Tue May 15 10:56:21 2012 +1000

samba-upgradedns: Use the correct magic incantation of sys.path.insert()

This replaces bin/python with the correct path for python libraries. The
pattern requires double quotes () instead of single quotes (').

Autobuild-User: Amitay Isaacs ami...@samba.org
Autobuild-Date: Tue May 15 05:19:46 CEST 2012 on sn-devel-104

---

Summary of changes:
 source4/scripting/bin/samba_upgradedns |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/scripting/bin/samba_upgradedns 
b/source4/scripting/bin/samba_upgradedns
index bd6a8b9..831b81d 100755
--- a/source4/scripting/bin/samba_upgradedns
+++ b/source4/scripting/bin/samba_upgradedns
@@ -26,7 +26,7 @@ import grp
 from base64 import b64encode
 import shlex
 
-sys.path.insert(0, 'bin/python')
+sys.path.insert(0, bin/python)
 
 import ldb
 import samba


-- 
Samba Shared Repository