Re: [Samba] would like to use samba3 pdc, no ldap account backend db, but use ldap for authN
On Tue, May 15, 2012 at 04:54:37PM -0500, Jon Detert wrote: I'd like to: 1) use samba3 as a PDC, and 2) not use LDAP as the account backend database, and 3) specify samba to use but use encrypt passwords = true, and 4) use an ldap server as the authentication source for samba. Is that possible? I'd assumed it would be given that samba is pam-aware, and I can tell pam to use ldap for authN. However, the man page for smb.conf seems to say no, as it says that obey pam restrictions = true will be ignored when encrypt password is set to true. Am I understanding this correctly? Is there a work-around? I don't want to add the samba schema to my existing ldap server, but I do want to use my existing ldap server for authN. No, this is not possible. Samba never sees the plain text password which is required for authentication via PAM. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] idmap_ad partially stopped working after upgrading Samba from 3.4.3 to 3.6.3
On 15 May 2012 23:29, Michael Adam ob...@samba.org wrote: Hi Javier, Javier Conti wrote: Dear list, upgrading from SLES11 SP1 to SLES11 SP2, I upgraded Samba from 3.4.3 to 3.6.3. I was successfully using idmap_ad to authenticate users but after the upgrade it stopped working and users are not seen by the OS. Obviously the users I want to see on the Linux server have all RFC2307 attributes populated and are seen by all other SLES11 SP1 servers. Although I tried many changes to the config, according to some hints found on the web, this is what I was using with Samba 3.4.3: [global] workgroup = MYDOMAIN realm = MYREALM security = ADS idmap backend = idmap_ad idmap uid = 64000 - 64999 idmap gid = 64000 - 64999 idmap config MYDOMAIN : default = yes idmap config MYDOMAIN : backend = ad idmap config MYDOMAIN : range = 1000-5 idmap config MYDOMAIN : schema_mode = rfc2307 winbind use default domain = yes winbind nss info = rfc2307 winbind offline logon = yes winbind refresh tickets = yes [...] Any hints on what has changed with Samba 3.6.3 and/or what to change to adapt the configuration to 3.6.3 (if necessary)? Some comments: The above config makes no real sense for me, neither for 3.4 nor for 3.6: * The parameter idmap config DOMAIN : default = yes/no has been removed in samba 3.3. It only existed from 3.0.25 to 3.2. (http://www.samba.org/samba/history/samba-3.3.0.html) * You are using the backend ad (or idmap_ad which is a deprecated synonym) both in idmap config MYDOMAIN : backend and in idmap backend. Both with different ranges. This does not seem to make sense to me. It is necessary to specify a writable backend for the catch all default idmap configuration, e.g. tdb or ldap. In 3.6, the idmap backend has been replaced by idmap config * : backend, etc. A valid config for 3.4 would be: ~ [global] workgroup = MYDOMAIN idmap backend = tdb idmap uid = x-y idmap gid = x-y idmap config MYDOMAIN : backend = ad idmap config MYDOMAIN : range = 1000-5 idmap config MYDOMAIN : schema mode = rfc2370 ~ The corresponding for 3.6: ~ [global] workgroup = MYDOMAIN idmap config * : backend = tdb idmap config * : range = x-y idmap config MYDOMAIN : backend = ad idmap config MYDOMAIN : range = 1000-5 idmap config MYDOMAIN : schema mode = rfc2370 ~ Hi Michael, thanks for your input. The latter is indeed the configuration I'm running lately. I checked everything (I know) from the Samba point of view, and it almost seems ok, but wbinfo -i fails as follows: # wbinfo -i myuser failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user myuser Using the same user, for example, I can do: # wbinfo -n myuser S-1-5-21-828208052-1092558876-1846952604-22794 SID_USER (1) # wbinfo -n Domain Users S-1-5-21-828208052-1092558876-1846952604-513 SID_DOM_GROUP (2) # wbinfo -s S-1-5-21-828208052-1092558876-1846952604-22794 MYDOMAIN\myuser 1 # wbinfo -s S-1-5-21-828208052-1092558876-1846952604-513 MYDOMAIN\Domain Users # net -Uadminuser user info myuser |head Enter adminuser's password: domain users [...] # net -Uadminuser ads user |grep myuser Enter adminuser's password: myuser Obviously, id(1) and getent(1) fail. What I get is: [2012/05/14 16:50:47.958484, 6] winbindd/winbindd.c:792(new_connection) accepted socket 25 [2012/05/14 16:50:47.958604, 10] winbindd/winbindd.c:642(process_request) process_request: request fn INTERFACE_VERSION [2012/05/14 16:50:47.958644, 3] winbindd/winbindd_misc.c:384(winbindd_interface_version) [ 5756]: request interface version [2012/05/14 16:50:47.958705, 10] winbindd/winbindd.c:738(winbind_client_response_written) winbind_client_response_written[5756:INTERFACE_VERSION]: delivered response to client [2012/05/14 16:50:47.958771, 10] winbindd/winbindd.c:642(process_request) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2012/05/14 16:50:47.958808, 3] winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir) [ 5756]: request location of privileged pipe [2012/05/14 16:50:47.958870, 10] winbindd/winbindd.c:738(winbind_client_response_written) winbind_client_response_written[5756:WINBINDD_PRIV_PIPE_DIR]: delivered response to client [2012/05/14 16:50:47.958939, 6] winbindd/winbindd.c:792(new_connection) accepted socket 26 [2012/05/14 16:50:47.958995, 6] winbindd/winbindd.c:840(winbind_client_request_read) closing socket 25, client exited [2012/05/14 16:50:47.959058, 10]
Re: [Samba] Mac to windows File name conversion
Thanks Volker. We have an application to transfer file from mac to windows using smb(JCIFS) and another application in windows to handle these files. But when there is a invalid character like \ / : * ?| in filename , it will get converted to another character. This creates issue in filename comparison issues, since we are saving actual filename in database. How smb converts these filenames? Is there any specific rule for this character conversion, so that we can use that converted characters in database? Regards, Roy Mathew On 15 May 2012 19:07, Volker Lendecke volker.lende...@sernet.de wrote: On Tue, May 15, 2012 at 07:05:02PM +0530, Roy Mathew wrote: Hi All, How Samba handles invalid characters like '/' while transferring file from Mac to Windows? When I tested with '/' it got converted to unicode F022 in windows. How is it happening? Last time I tested it was Finder magic. And it differed between Finder and Terminal. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Mac to windows File name conversion
On Wed, May 16, 2012 at 02:31:46PM +0530, Roy Mathew wrote: Thanks Volker. We have an application to transfer file from mac to windows using smb(JCIFS) and another application in windows to handle these files. But when there is a invalid character like \ / : * ?| in filename , it will get converted to another character. This creates issue in filename comparison issues, since we are saving actual filename in database. How smb converts these filenames? Is there any specific rule for this character conversion, so that we can use that converted characters in database? I do not see Samba in the picture jcifs-Windows. Please contact the jcifs developers about this question. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] idmap_ad partially stopped working after upgrading Samba from 3.4.3 to 3.6.3
Hi Javier, Javier Conti wrote: On 15 May 2012 23:29, Michael Adam ob...@samba.org wrote: Hi Javier, Javier Conti wrote: Dear list, upgrading from SLES11 SP1 to SLES11 SP2, I upgraded Samba from 3.4.3 to 3.6.3. I was successfully using idmap_ad to authenticate users but after the upgrade it stopped working and users are not seen by the OS. Obviously the users I want to see on the Linux server have all RFC2307 attributes populated and are seen by all other SLES11 SP1 servers. Although I tried many changes to the config, according to some hints found on the web, this is what I was using with Samba 3.4.3: [global] workgroup = MYDOMAIN realm = MYREALM security = ADS idmap backend = idmap_ad idmap uid = 64000 - 64999 idmap gid = 64000 - 64999 idmap config MYDOMAIN : default = yes idmap config MYDOMAIN : backend = ad idmap config MYDOMAIN : range = 1000-5 idmap config MYDOMAIN : schema_mode = rfc2307 winbind use default domain = yes winbind nss info = rfc2307 winbind offline logon = yes winbind refresh tickets = yes [...] Any hints on what has changed with Samba 3.6.3 and/or what to change to adapt the configuration to 3.6.3 (if necessary)? Some comments: The above config makes no real sense for me, neither for 3.4 nor for 3.6: * The parameter idmap config DOMAIN : default = yes/no has been removed in samba 3.3. It only existed from 3.0.25 to 3.2. (http://www.samba.org/samba/history/samba-3.3.0.html) * You are using the backend ad (or idmap_ad which is a deprecated synonym) both in idmap config MYDOMAIN : backend and in idmap backend. Both with different ranges. This does not seem to make sense to me. It is necessary to specify a writable backend for the catch all default idmap configuration, e.g. tdb or ldap. In 3.6, the idmap backend has been replaced by idmap config * : backend, etc. A valid config for 3.4 would be: ~ [global] workgroup = MYDOMAIN idmap backend = tdb idmap uid = x-y idmap gid = x-y idmap config MYDOMAIN : backend = ad idmap config MYDOMAIN : range = 1000-5 idmap config MYDOMAIN : schema mode = rfc2370 ~ The corresponding for 3.6: ~ [global] workgroup = MYDOMAIN idmap config * : backend = tdb idmap config * : range = x-y idmap config MYDOMAIN : backend = ad idmap config MYDOMAIN : range = 1000-5 idmap config MYDOMAIN : schema mode = rfc2370 ~ Hi Michael, thanks for your input. The latter is indeed the configuration I'm running lately. Ok, so you _are_ running the default domain with the tdb idmap backend. -- Good. Could you please check with the more low level wbinfo commands the results of the commands for id mapping: wbinfo -S S-1-5-21-828208052-1092558876-1846952604-22794 == should give a uid That works and gives me 10106. wbinfo -Y S-1-5-21-828208052-1092558876-1846952604-22794 == should fail That fails with WBC_ERR_DOMAIN_NOT_FOUND. wbinfo -S S-1-5-21-828208052-1092558876-1846952604-513 == should fail That fails with WBC_ERR_DOMAIN_NOT_FOUND. wbinfo -Y S-1-5-21-828208052-1092558876-1846952604-513 == should give a gid That fails with WBC_ERR_DOMAIN_NOT_FOUND. Ok, the error messages seem to be bogus. But from what you have written below, the behaviour is correct. I don't know if it's related to that, but in the RFC2307 fields of the 10106 user I put as primary group 1, which is not Domain Users, but S-1-5-21-828208052-1092558876-1846952604-51 is actually Domain Users. The group Domain Users has no RFC2307 gid attribute. We didn't populate it since it's not used at all in the Unix environment. Ah! That explains the above results. If I get the SID of the user primary group (i.e. the one I see using id(1) on a 3.4.3 client) and then perform a sid-to-gid (wbinfo -Y) it works. If you don't have a gid associated to the domain users group in AD, but you configured the idmap backend ad for this domain, then you should get no gid for this group out of winbindd: If the older version 3.4 falls back to allocating one from the default range, then this is a bug in 3.4, and 3.6 is correct. The other thing is what is to be done with the primary gid field from the ad unix schema extensions, can be a bug in samba. I am personally not certain that it is a good idea to use this at all. I'd rather suggest to use the primary group sid and give it a mapping. Then you have the same view under windows and under linux/samba. To be perfectly clear:
[Samba] Samba4 winbind and .gvfs share mounting in Nautilus problem
Hi everyone I have S4 with winbind working fine with s3fs. Fine that is only when logging in where it auto-mounts my own /home folder. When I log in, my /home folder is correctly mounted automatically: gvfs-fuse-daemon on /home/CACTUS/steve/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=CACTUS\steve2) When I attempt to access another share by e.g. smb://server/reports (or any other share) The share is _sometimes_ mounted and works _almost_ (*) as expected, but normally the process hangs with top showing gvfs taking up the top 10 slots and consuming 99% CPU. (*) file locking doesn't work and permissions and ACL's are not set correctly on the mounted share. What is the correct method for mounting shares from s3fs in Samba4 after you have logged in successfully? Cheers, Steve /etc/nsswitch.conf passwd: compat winbind group: compat winbind wbinfo -i steve2 CACTUS\steve2:*:308:20513::/home/CACTUS/steve2:/bin/bash /usr/local/samba/etc/smb.conf # Global parameters [global] server role = domain controller workgroup = CACTUS realm = polop.site netbios name = SAM4DC passdb backend = samba4 dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, s3fs template shell = /bin/bash [netlogon] path = /usr/local/samba/var/locks/sysvol/polop.site/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [homes] read only = No browseable = Yes [home] path = /home2/CACTUS read only = No [profiles] path = /home2/CACTUS/profiles read only = No [data] path = /data read only = No browseable = Yes [reports] path = /data/reports #Valid Users =@CACTUS\staff read only = No #browseable = Yes #create mode = 0770 #force group = staff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Backup
Thanks Aaron I can restore backup succeful, but when I check this command say me it ./smbclient: error while loading shared libraries: libreadline.so.5: cannot open shared object file: No such file or directory What mean it? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] mount.cifs Is it possible to have a file owned by the user who creates the file?
Hi e.g. mount.cifs //192.168.1.6/reports /mnt -o rw,setuids,nodev,user=steve2 Any file created in the share is always owned by steve2 (or the person who mounted the share). According to man cifs(8), the setuids overrides this but doesn't seem to work for us. We'd like it to be the same behavior as nfs if that's possible. Version 4.0.0alpha21-GIT-46a41d0 with s3fs Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] would like to use samba3 pdc, no ldap account backend db, but use ldap for authN
- Original Message - From: Volker Lendecke volker.lende...@sernet.de To: Jon Detert jdet...@infinityhealthcare.com Cc: samba@lists.samba.org Sent: Wednesday, May 16, 2012 1:28:51 AM Subject: Re: [Samba] would like to use samba3 pdc, no ldap account backend db, but use ldap for authN On Tue, May 15, 2012 at 04:54:37PM -0500, Jon Detert wrote: I'd like to: 1) use samba3 as a PDC, and 2) not use LDAP as the account backend database, and 3) specify samba to use but use encrypt passwords = true, and 4) use an ldap server as the authentication source for samba. Is that possible? -- snip -- work-around? I don't want to add the samba schema to my existing ldap server, but I do want to use my existing ldap server for authN. No, this is not possible. Samba never sees the plain text password which is required for authentication via PAM. Volker How then does it work when using ldap as the account backend database? Does the schema include an attribute for the LMAN hashed password? -- Jon Detert Sr. Systems Administrator Infinity Healthcare Milwaukee, Wisconsin 414-290-6759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] would like to use samba3 pdc, no ldap account backend db, but use ldap for authN
On 05/16/12 09:24, Jon Detert wrote: - Original Message - From: Volker Lendecke volker.lende...@sernet.de To: Jon Detert jdet...@infinityhealthcare.com Cc: samba@lists.samba.org Sent: Wednesday, May 16, 2012 1:28:51 AM Subject: Re: [Samba] would like to use samba3 pdc, no ldap account backend db, but use ldap for authN On Tue, May 15, 2012 at 04:54:37PM -0500, Jon Detert wrote: I'd like to: 1) use samba3 as a PDC, and 2) not use LDAP as the account backend database, and 3) specify samba to use but use encrypt passwords = true, and 4) use an ldap server as the authentication source for samba. Is that possible? -- snip -- work-around? I don't want to add the samba schema to my existing ldap server, but I do want to use my existing ldap server for authN. No, this is not possible. Samba never sees the plain text password which is required for authentication via PAM. Volker How then does it work when using ldap as the account backend database? Does the schema include an attribute for the LMAN hashed password? LDAP has attributes for both unix and windows passwords. Since samba can reset the unix password when you change your windows password, it lets it appear to be a single password (even if both, neither, or only one system uses LDAP backend.)If you are going to use LDAP for unix authentication, the incremental effort for samba authentication isn't that much.I think it makes for a cleaner IT environment if you can consolidate your account backends. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] would like to use samba3 pdc, no ldap account backend db, but use ldap for authN
On Wed, May 16, 2012 at 08:24:11AM -0500, Jon Detert wrote: How then does it work when using ldap as the account backend database? Does the schema include an attribute for the LMAN hashed password? sambaLMPassword and sambaNTPassword. smbd will read those to do its job. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Installing Samba on RedHat Linux 5.3
Glad to hear that you succeeded in getting Samba installed. Next steps to getting it to work are: 1) edit your /etc/samba/smb.conf file to fit the needs of your network. 2) use testparm (without the quotes) to verify that your smb.conf file is correct. 3) start your samba services with: service smb start service winbind start (if you need winbind) 4) connect to a samba share with a Windows client If everything tests out OK, configure Samba to start at boot time with chkconfig. If not, stop the samba services with service smb stop; service winbind stop (again, without the quotes). Adjust your smb.conf file then repeat steps 2 through 4. Good luck. T references: http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html http://www.samba.org/samba/docs/man/manpages-3/testparm.1.html http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/install.html http://linux.die.net/man/8/chkconfig --- CONFIDENTIALITY WARNING: Pseudo-legal disclaimers do not buy you or your employer any legal recourse for leaked information. E-mail messages should never contain privileged or confidential information. Always treat e-mail as public. -Original Message- From: Johansson, Ronnie [mailto:ronnie_johans...@europ-assistance.co.uk] Sent: Wednesday, May 16, 2012 2:54 AM To: Hoover, Tony Subject: RE: [Samba] Installing Samba on RedHat Linux 5.3 Hi Tony, Many thanks for your help! Today we've got connected to RHN and I followed your three steps and Samba was installed on our Linux server. How do I go on? Best regards Ronnie -Original Message- From: Hoover, Tony [mailto:hoo...@sal.ksu.edu] Sent: den 29 april 2012 15:46 To: Johansson, Ronnie; sa...@samba.org Subject: RE: [Samba] Installing Samba on RedHat Linux 5.3 first, configure yum to use the sernet samba repos. (you will need to be root) - cd /etc/yum.repos.d - wget http://ftp.sernet.de/pub/samba/3.6/rhel/5/sernet-samba.repo - yum install samba3 a periodic yum update (we use a cron job) will keep your system up to date, including Samba if you use the yum repos instead of brute-forcing RPM to install individual packages. -Original Message- From: samba-boun...@lists.samba.org on behalf of Johansson, Ronnie Sent: Thu 4/12/2012 11:22 AM To: sa...@samba.org Subject: [Samba] Installing Samba on RedHat Linux 5.3 Hi there, I am a real Linux newbie and need help how to install these samba files. Red Hat Enterprise Linux Server release 5.3 (Tikanga) Kernel 2.6.18-128.el5 on an x86_64 $ ls libsmbclient0-3.6.4-44.el5.x86_64.rpm libsmbclient-devel-3.6.4-44.el5.x86_64.rpm libwbclient0-32bit-3.6.4-44.el5.i386.rpm libwbclient0-3.6.4-44.el5.x86_64.rpm libwbclient-devel-3.6.4-44.el5.x86_64.rpm samba3-3.6.4-44.el5.x86_64.rpm samba3-client-3.6.4-44.el5.x86_64.rpm samba3-debuginfo-3.6.4-44.el5.x86_64.rpm samba3-doc-3.6.4-44.el5.x86_64.rpm samba3-utils-3.6.4-44.el5.x86_64.rpm samba3-winbind-32bit-3.6.4-44.el5.i386.rpm samba3-winbind-3.6.4-44.el5.x86_64.rpm $ uname -a Linux euapg-db005 2.6.18-128.el5 #1 SMP Wed Dec 17 11:41:38 EST 2008 x86_64 x86x $ rpm -qa | grep release redhat-release-notes-5Server-25 redhat-release-5Server-5.3.0.3 $ Please help me with this as soon as possible. Many thanks Ronnie This email and any files transmitted with it contain information which may be confidential and which may also be privileged and are intended solely for the use of the individual or entity to whom they are addressed. Unless you are the intended recipient you may not copy or use it, or disclose it to anyone else. Any opinions expressed are that of the individual and not necessarily that of Europ Assistance Holdings Ltd or any of its subsidiaries. If you have received this email in error please notify mailto:postmas...@europ-assistance.co.uk Europ Assistance Holdings Limited Registered Office: Sussex House, Perrymount Road, Haywards Heath, West Sussex, RH16 1DN. Registered in England No: 758979. Europ Assistance Holdings Limited is authorised and regulated by the Financial Services Authority. (FSA Registered number 311883) This footnote also confirms that this email message has been swept by Sophos Anti-Virus for the presence of computer viruses. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] idmap_ad partially stopped working after upgrading Samba from 3.4.3 to 3.6.3
On 16 May 2012 13:19, Michael Adam ob...@samba.org wrote: Hi Javier, Javier Conti wrote: On 15 May 2012 23:29, Michael Adam ob...@samba.org wrote: Hi Javier, Javier Conti wrote: Dear list, upgrading from SLES11 SP1 to SLES11 SP2, I upgraded Samba from 3.4.3 to 3.6.3. I was successfully using idmap_ad to authenticate users but after the upgrade it stopped working and users are not seen by the OS. Obviously the users I want to see on the Linux server have all RFC2307 attributes populated and are seen by all other SLES11 SP1 servers. Although I tried many changes to the config, according to some hints found on the web, this is what I was using with Samba 3.4.3: [global] workgroup = MYDOMAIN realm = MYREALM security = ADS idmap backend = idmap_ad idmap uid = 64000 - 64999 idmap gid = 64000 - 64999 idmap config MYDOMAIN : default = yes idmap config MYDOMAIN : backend = ad idmap config MYDOMAIN : range = 1000-5 idmap config MYDOMAIN : schema_mode = rfc2307 winbind use default domain = yes winbind nss info = rfc2307 winbind offline logon = yes winbind refresh tickets = yes [...] Any hints on what has changed with Samba 3.6.3 and/or what to change to adapt the configuration to 3.6.3 (if necessary)? Some comments: The above config makes no real sense for me, neither for 3.4 nor for 3.6: * The parameter idmap config DOMAIN : default = yes/no has been removed in samba 3.3. It only existed from 3.0.25 to 3.2. (http://www.samba.org/samba/history/samba-3.3.0.html) * You are using the backend ad (or idmap_ad which is a deprecated synonym) both in idmap config MYDOMAIN : backend and in idmap backend. Both with different ranges. This does not seem to make sense to me. It is necessary to specify a writable backend for the catch all default idmap configuration, e.g. tdb or ldap. In 3.6, the idmap backend has been replaced by idmap config * : backend, etc. A valid config for 3.4 would be: ~ [global] workgroup = MYDOMAIN idmap backend = tdb idmap uid = x-y idmap gid = x-y idmap config MYDOMAIN : backend = ad idmap config MYDOMAIN : range = 1000-5 idmap config MYDOMAIN : schema mode = rfc2370 ~ The corresponding for 3.6: ~ [global] workgroup = MYDOMAIN idmap config * : backend = tdb idmap config * : range = x-y idmap config MYDOMAIN : backend = ad idmap config MYDOMAIN : range = 1000-5 idmap config MYDOMAIN : schema mode = rfc2370 ~ Hi Michael, thanks for your input. The latter is indeed the configuration I'm running lately. Ok, so you _are_ running the default domain with the tdb idmap backend. -- Good. Could you please check with the more low level wbinfo commands the results of the commands for id mapping: wbinfo -S S-1-5-21-828208052-1092558876-1846952604-22794 == should give a uid That works and gives me 10106. wbinfo -Y S-1-5-21-828208052-1092558876-1846952604-22794 == should fail That fails with WBC_ERR_DOMAIN_NOT_FOUND. wbinfo -S S-1-5-21-828208052-1092558876-1846952604-513 == should fail That fails with WBC_ERR_DOMAIN_NOT_FOUND. wbinfo -Y S-1-5-21-828208052-1092558876-1846952604-513 == should give a gid That fails with WBC_ERR_DOMAIN_NOT_FOUND. Ok, the error messages seem to be bogus. But from what you have written below, the behaviour is correct. I don't know if it's related to that, but in the RFC2307 fields of the 10106 user I put as primary group 1, which is not Domain Users, but S-1-5-21-828208052-1092558876-1846952604-51 is actually Domain Users. The group Domain Users has no RFC2307 gid attribute. We didn't populate it since it's not used at all in the Unix environment. Ah! That explains the above results. If I get the SID of the user primary group (i.e. the one I see using id(1) on a 3.4.3 client) and then perform a sid-to-gid (wbinfo -Y) it works. If you don't have a gid associated to the domain users group in AD, but you configured the idmap backend ad for this domain, then you should get no gid for this group out of winbindd: If the older version 3.4 falls back to allocating one from the default range, then this is a bug in 3.4, and 3.6 is correct. In 3.4 I don't have a gid for Domain Users. This has never been a problem since the Domain Users group is not used at all on Unix machines. If I perform a getent(1) on group Domain Users I get nothing, if I perform a getent(1) on group unixgroup I get the expected results. The other thing is
Re: [Samba] Backup
On 5/15/2012 12:36 PM, Aaron E. wrote: You can copy /usr/local/samba/private and /usr/local/samba/etc directories to the new machine with the new samba compiled install. You will also need to rsync /usr/local/samba/var/locks/sysvol to the new machine but you need to do this with ntacl support using rsync I have found works as it is provisioned with specific permissions and it's a bitch to get them back to normal.. That being said samba ships with a backup script /usr/local/src/samba-master/source4/scripting/bin/samba_backup .. you can tailor for your environment.. I stopped it from backing up the sysvol as it wasn't backing up the ntacls.. On 05/15/2012 02:50 PM, sandy.napo...@eccmg.cupet.cu wrote: Hello list, I have to change the PC where run my samba4 as PDC, the cause is that this PC will change all hardware, if i copy the /usr/local/samba to new pc everything work succeful? or I must make other change? thanks upgradeprovision has the option --fixntacl 'Only fix NT ACLs in sysvol / netlogon share'. It has a few other items that might also be of intrest. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs Is it possible to have a file owned by the user who creates the file?
On 05/16/2012 02:56 PM, steve wrote: Hi e.g. mount.cifs //192.168.1.6/reports /mnt -o rw,setuids,nodev,user=steve2 Any file created in the share is always owned by steve2 (or the person who mounted the share). According to man cifs(8), the setuids overrides this but doesn't seem to work for us. We'd like it to be the same behavior as nfs if that's possible. Version 4.0.0alpha21-GIT-46a41d0 with s3fs Cheers, Steve CORRECTION: It _looks_ as though it's owned by the person specified as user _when in the share_ but the actual file (the unmounted file) is always owned by root. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Backup
Thanks Aaron I can restore backup succeful, but when I check this command say me it ./smbclient: error while loading shared libraries: libreadline.so.5: cannot open shared object file: No such file or directory What mean it? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Backup
On 05/16/2012 07:15 PM, sandy.napo...@eccmg.cupet.cu wrote: Thanks Aaron I can restore backup succeful, but when I check this command say me it ./smbclient: error while loading shared libraries: libreadline.so.5: cannot open shared object file: No such file or directory What mean it? Hi Sandy Maybe it was built with an old version of libreadline? e.g. on Ubuntu 11.10 and 12.04 we needed: libreadline-gplv2-dev Merece la pena compobarlo. Salu2, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Backup
On 05/16/2012 11:19 AM, Jorell wrote: On 5/15/2012 12:36 PM, Aaron E. wrote: You can copy /usr/local/samba/private and /usr/local/samba/etc directories to the new machine with the new samba compiled install. You will also need to rsync /usr/local/samba/var/locks/sysvol to the new machine but you need to do this with ntacl support using rsync I have found works as it is provisioned with specific permissions and it's a bitch to get them back to normal.. That being said samba ships with a backup script /usr/local/src/samba-master/source4/scripting/bin/samba_backup .. you can tailor for your environment.. I stopped it from backing up the sysvol as it wasn't backing up the ntacls.. On 05/15/2012 02:50 PM, sandy.napo...@eccmg.cupet.cu wrote: Hello list, I have to change the PC where run my samba4 as PDC, the cause is that this PC will change all hardware, if i copy the /usr/local/samba to new pc everything work succeful? or I must make other change? thanks upgradeprovision has the option --fixntacl 'Only fix NT ACLs in sysvol / netlogon share'. It has a few other items that might also be of intrest. This is an item I would have been smarter for having known 3 weeks ago lol.. Thanks for the tip.. I never would have thought to look at the upgrade provision script for this .. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Trouble with mount.cifs while smbclient works (Ubuntu 12.04)
I just upgraded from Ubuntu 11.04 to 12.04 and am working to restore access to the windows shares I use at work. smbclient connects immediately: sudo smbclient //server/share -A /etc/.smb_creds.txt mount.cifs fails (with mount error(13): Permission denied): sudo mount.cifs //server/share /mnt/ -o credentials=/etc/.smb_creds.txt my credentials file is as follows (with the proper values, of course): username=mynamehere password=password domain=MyDomain I remember on a previous occasion having resolved a problem by including a mount option noserverino. I've tried that to no effect. I've also tried sec=ntlmv2 The syslog contains this message in response to each failed attempt: CIFS VFS: cifs_mount failed w/return code = -13 Whatever this glitch is, it seems pervasive. smbclient is the ONLY way I've been able to successfully connect to my shares so far. Failed methods attempted include: * mounting with mount -t cifs ... * mounting with mount -t smbfs ... * mounting directly with mount.cifs ... * configuring smbnetfs (supposed to make the windows network browsable from a single mountpoint -- I could see the servers and shares, but not directories on the shares) * configuring fusesmb * Nautilus' Connect to Server functionality * Nautilus' smb:///... browsing It seems like smbclient is handling authentication in one way (working) and everything else is doing it in some different way. I'm baffled and appreciative of any suggestions you can provide. Thanks in advance. Scott Purcell Dell | GSD Learning Development Scott Purcell Content Development: Linux, Virtualization, and Cloud Solutions Dell | GSD Learning Development All about me on PeopleSearchhttp://peoplesearch.dell.com/pages/profile.aspx?accountname=AMERICAS\SCOTT_PURCELL | Follow me on Chatterhttps://na7.salesforce.com/_ui/core/userprofile/UserProfilePage?u=005A000buOq -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [SOLVED]
I did have a problem after backup/restore my domain with samba4 alpha 20 in debian 6, the problem was to run the command smbclient --version it did say ./smbclient: error while loading shared libraries: libreadline.so.5: Thanks to Steve a follow the answer On debian6/maverick/natty, install libreadline5-dev (replacing any libreadline6-dev already there): sudo apt-get install libreadline5-dev That is all Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trouble with mount.cifs while smbclient works (Ubuntu 12.04)
On 05/16/2012 10:52 PM, scott_purc...@dell.com wrote: I just upgraded from Ubuntu 11.04 to 12.04 and am working to restore access to the windows shares I use at work. smbclient connects immediately: sudo smbclient //server/share -A /etc/.smb_creds.txt mount.cifs fails (with mount error(13): Permission denied): sudo mount.cifs //server/share /mnt/ -o credentials=/etc/.smb_creds.txt Hi Do you have the cifs-utils package installed? sudo apt-get install cifs-utils Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trouble with mount.cifs while smbclient works (Ubuntu 12.04)
Steve said: Do you have the cifs-utils package installed? cifs-utils is installed (2:5.1-1ubuntu1) Shirish said: What is the Windows server? I don't really have visibility into the specifics here -- it is a NAS appliance of some kind managed by our IT and not under my control. However, smbclient identifies it as: OS=[EMC-SNAS:T5.6.50.205] Server=[NT1] Can you try a command like mount -t cifs //servername/sharename mount_point -o sec=ntlmsspi, user=username,pass=password ntlmsspi results in operation not supported but it doesn't seem to object to either the default ntlm or ntlmv2 as specified below: $ sudo mount -t cifs //pc.com/D**NAS2 /mnt/temp --verbose -o domain=a**as,user=scott_purcell,password='**!***',uid=scott,gid=scott,rw,sec=ntlmv2 mount.cifs kernel mount options: ip=10.30.25.221,unc=\\pc.com/D**NAS2,sec=ntlmv2,uid=1000,gid=1000,ver=1,user=scott_purcell,domain=a**as,pass= mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) You can paste your smb.conf that smbclient uses as well. With comments and blank lines stripped: $ grep -v ^# /etc/samba/smb.conf |grep -v ^$ |grep -v ^\; [global] workgroup = WORKGROUP server string = %h server (Samba, Ubuntu) dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = yes [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no I can invoke smbclient successfully by either referring it to my credentials file: $ sudo smbclient //pc.com/D**NAS2 -A /etc/.smb_creds.txt Domain=[A*S] OS=[EMC-SNAS:T5.6.50.205] Server=[NT1] smb: \ ls training/ NT_STATUS_ACCESS_DENIED listing \training\ smb: \ cd training smb: \training\ ls . DA0 Tue Jan 10 13:17:11 2012 .. DA0 Thu Sep 1 11:54:48 2011 Enterprise DA0 Fri Oct 21 07:03:08 2011 enterprise_services_offering DA0 Mon Jun 13 16:31:21 2011 Flash_Beta DA0 Wed Apr 14 13:46:40 2010 Functions DA0 Sat Feb 27 09:47:17 2010 GCSS DA0 Wed Apr 14 13:46:49 2010 Or by specifying my authentication at the command line: $ sudo smbclient //pc.com/D**NAS2 --workgroup=a**as --user=scott_purcell Enter scott_purcell's password: Domain=[A**AS] OS=[EMC-SNAS:T5.6.50.205] Server=[NT1] smb: \ cd training smb: \training\ ls . DA0 Tue Jan 10 13:17:11 2012 .. DA0 Thu Sep 1 11:54:48 2011 Enterprise DA0 Fri Oct 21 07:03:08 2011 enterprise_services_offering DA0 Mon Jun 13 16:31:21 2011 Flash_Beta DA0 Wed Apr 14 13:46:40 2010 Functions DA0 Sat Feb 27 09:47:17 2010 GCSS DA0 Wed Apr 14 13:46:49 2010 Hope that helps... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs Is it possible to have a file owned by the user who creates the file?
On Wed, 16 May 2012 17:30:23 +0200 steve st...@steve-ss.com wrote: On 05/16/2012 02:56 PM, steve wrote: Hi e.g. mount.cifs //192.168.1.6/reports /mnt -o rw,setuids,nodev,user=steve2 Any file created in the share is always owned by steve2 (or the person who mounted the share). According to man cifs(8), the setuids overrides this but doesn't seem to work for us. We'd like it to be the same behavior as nfs if that's possible. Version 4.0.0alpha21-GIT-46a41d0 with s3fs Cheers, Steve CORRECTION: It _looks_ as though it's owned by the person specified as user _when in the share_ but the actual file (the unmounted file) is always owned by root. Steve Sadly, permissions enforcement and handling in cifs.ko are badly broken by default. The only way to do this properly is to switch to using multiuser mounts. Have a look at the multiuser option in mount.cifs(8) and cifscreds(1). Cheers, -- Jeff Layton jlay...@samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trouble with mount.cifs while smbclient works (Ubuntu 12.04)
On Wed, May 16, 2012 at 5:29 PM, scott_purc...@dell.com wrote: Steve said: Do you have the cifs-utils package installed? cifs-utils is installed (2:5.1-1ubuntu1) Shirish said: What is the Windows server? I don't really have visibility into the specifics here -- it is a NAS appliance of some kind managed by our IT and not under my control. However, smbclient identifies it as: OS=[EMC-SNAS:T5.6.50.205] Server=[NT1] Can you try a command like mount -t cifs //servername/sharename mount_point -o sec=ntlmsspi, user=username,pass=password ntlmsspi results in operation not supported but it doesn't seem to object to either the default ntlm or ntlmv2 as specified below: $ sudo mount -t cifs //pc.com/D**NAS2 /mnt/temp --verbose -o domain=a**as,user=scott_purcell,password='**!***',uid=scott,gid=scott,rw,sec=ntlmv2 mount.cifs kernel mount options: ip=10.30.25.221,unc=\\pc.com/D**NAS2,sec=ntlmv2,uid=1000,gid=1000,ver=1,user=scott_purcell,domain=a**as,pass= mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) You can paste your smb.conf that smbclient uses as well. With comments and blank lines stripped: $ grep -v ^# /etc/samba/smb.conf |grep -v ^$ |grep -v ^\; [global] workgroup = WORKGROUP server string = %h server (Samba, Ubuntu) dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = yes [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no I can invoke smbclient successfully by either referring it to my credentials file: $ sudo smbclient //pc.com/D**NAS2 -A /etc/.smb_creds.txt Domain=[A*S] OS=[EMC-SNAS:T5.6.50.205] Server=[NT1] smb: \ ls training/ NT_STATUS_ACCESS_DENIED listing \training\ smb: \ cd training smb: \training\ ls . DA 0 Tue Jan 10 13:17:11 2012 .. DA 0 Thu Sep 1 11:54:48 2011 Enterprise DA 0 Fri Oct 21 07:03:08 2011 enterprise_services_offering DA 0 Mon Jun 13 16:31:21 2011 Flash_Beta DA 0 Wed Apr 14 13:46:40 2010 Functions DA 0 Sat Feb 27 09:47:17 2010 GCSS DA 0 Wed Apr 14 13:46:49 2010 Or by specifying my authentication at the command line: $ sudo smbclient //pc.com/D**NAS2 --workgroup=a**as --user=scott_purcell Enter scott_purcell's password: Domain=[A**AS] OS=[EMC-SNAS:T5.6.50.205] Server=[NT1] smb: \ cd training smb: \training\ ls . DA 0 Tue Jan 10 13:17:11 2012 .. DA 0 Thu Sep 1 11:54:48 2011 Enterprise DA 0 Fri Oct 21 07:03:08 2011 enterprise_services_offering DA 0 Mon Jun 13 16:31:21 2011 Flash_Beta DA 0 Wed Apr 14 13:46:40 2010 Functions DA 0 Sat Feb 27 09:47:17 2010 GCSS DA 0 Wed Apr 14 13:46:49 2010 Hope that helps... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Scott, you can try sec=ntlmssp instead. Perhaps the NAS box does not support smb signing. What would also help is either a wireshark trace or tcpdump output in both the cases, smbclient and cifs client. tcpdump -s 0 -w filename.pcap can be used to gather the data. Regards, Shirish -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trouble with mount.cifs while smbclient works (Ubuntu 12.04)
Hallo, Scott_Purcell, Du meintest am 16.05.12: mount.cifs fails (with mount error(13): Permission denied): sudo mount.cifs //server/share /mnt/ -o credentials=/etc/.smb_creds.txt Just try sudo mount.cifs -o ... //server/share ... mount.cifs needs the options early. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trouble with mount.cifs while smbclient works (Ubuntu 12.04)
Am Donnerstag, 17. Mai 2012, 05:19:09 schrieb Shirish Pargaonkar: On Wed, May 16, 2012 at 5:29 PM, scott_purc...@dell.com wrote: Steve said: Do you have the cifs-utils package installed? cifs-utils is installed (2:5.1-1ubuntu1) Shirish said: What is the Windows server? I don't really have visibility into the specifics here -- it is a NAS appliance of some kind managed by our IT and not under my control. However, smbclient identifies it as: OS=[EMC-SNAS:T5.6.50.205] Server=[NT1] Can you try a command like mount -t cifs //servername/sharename mount_point -o sec=ntlmsspi, user=username,pass=password ntlmsspi results in operation not supported but it doesn't seem to object to either the default ntlm or ntlmv2 as specified below: $ sudo mount -t cifs //pc.com/D**NAS2 /mnt/temp --verbose -o domain=a**as,user=scott_purcell,password='**!***',uid=scott,gid =scott,rw,sec=ntlmv2 mount.cifs kernel mount options: ip=10.30.25.221,unc=\\pc.com/D**NAS2,sec=ntlmv2,uid=1000 ,gid=1000,ver=1,user=scott_purcell,domain=a**as,pass= mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) You can paste your smb.conf that smbclient uses as well. With comments and blank lines stripped: $ grep -v ^# /etc/samba/smb.conf |grep -v ^$ |grep -v ^\; [global] workgroup = WORKGROUP server string = %h server (Samba, Ubuntu) dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = yes [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no I can invoke smbclient successfully by either referring it to my credentials file: $ sudo smbclient //pc.com/D**NAS2 -A /etc/.smb_creds.txt Domain=[A*S] OS=[EMC-SNAS:T5.6.50.205] Server=[NT1] smb: \ ls training/ NT_STATUS_ACCESS_DENIED listing \training\ smb: \ cd training smb: \training\ ls . DA0 Tue Jan 10 13:17:11 2012 .. DA0 Thu Sep 1 11:54:48 2011 Enterprise DA0 Fri Oct 21 07:03:08 2011 enterprise_services_offering DA0 Mon Jun 13 16:31:21 2011 Flash_Beta DA0 Wed Apr 14 13:46:40 2010 Functions DA0 Sat Feb 27 09:47:17 2010 GCSS DA0 Wed Apr 14 13:46:49 2010 Or by specifying my authentication at the command line: $ sudo smbclient //pc.com/D**NAS2 --workgroup=a**as --user=scott_purcell Enter scott_purcell's password: Domain=[A**AS] OS=[EMC-SNAS:T5.6.50.205] Server=[NT1] smb: \ cd training smb: \training\ ls . DA0 Tue Jan 10 13:17:11 2012 .. DA0 Thu Sep 1 11:54:48 2011 Enterprise DA0 Fri Oct 21 07:03:08 2011 enterprise_services_offering DA0 Mon Jun 13 16:31:21 2011 Flash_Beta DA0 Wed Apr 14 13:46:40 2010 Functions DA0 Sat Feb 27 09:47:17 2010 GCSS DA0 Wed Apr 14 13:46:49 2010 Hope that helps... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Scott, you can try sec=ntlmssp instead. Perhaps the NAS box does not support smb signing. What would also help is either a wireshark trace or tcpdump output in both the cases, smbclient and cifs client. tcpdump -s 0 -w filename.pcap can be used to gather the data. Regards, Shirish i also guess using sec=ntlmssp could solve the issue. Using defaults - current cifs vfs does not offer the extended security negotiation bit in flags2 during negprot... So atm sec=... stuff is needed. Cheers, Günter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] spoolss not found Samba S4FS install.
I'm trying to connect to a samba printer from windows 7 and I get a Windows cannot connect to printer Details are Operation failed with error 0x002e In the log.smbd it get: [2012/05/15 14:04:41.461293, 5] ../lib/util/modules.c:174(do_smb_load_module) Probing module 'spoolss' [2012/05/15 14:04:41.461323, 5] ../lib/util/modules.c:188(do_smb_load_module) Probing module 'spoolss': Trying to load from /usr/lib/samba/rpc/spoolss.so [2012/05/15 14:04:41.462560, 5] ../lib/util/modules.c:56(load_module) Error loading module '/usr/lib/samba/rpc/spoolss.so': /usr/lib/samba/liberrors.so: version `SAMBA_4.0.0ALPHA21_GIT_31DB7D2' not found (required by /usr/lib/samba/rpc/spoolss.so) I find a spoolss.so in /usr/lib/samba/spoolss.so so I tried to link it... /usr/lib/samba/rpc# ln -s /usr/lib/samba/spoolss.so spoolss.so That doesn't make a difference. The samba version is SAMBA_4.0.0ALPHA21_GIT_31DB7D2 and the os is Ubuntu 12.04. I'm not sure if this matters, but I'm not using cups. I'm using bsd/lpd. Ed -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 70be41c s3:onefs: remove all onefs related code as it not maintained anymore from bfe4a2b Fix the overwriting of errno before use in a DEBUG statement and use the return value from store_acl_blob_fsp rather than ignoring it. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 70be41c772d69d36ea8f434187be8bfd6b5f38a0 Author: Stefan Metzmacher me...@samba.org Date: Wed May 16 09:26:12 2012 +0200 s3:onefs: remove all onefs related code as it not maintained anymore See https://lists.samba.org/archive/samba-technical/2012-May/083631.html for the discussion. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Wed May 16 11:23:05 CEST 2012 on sn-devel-104 --- Summary of changes: source3/Makefile.in | 20 +- source3/configure.in| 24 - source3/include/oplock_onefs.h | 50 - source3/modules/onefs.h | 185 --- source3/modules/onefs_acl.c | 979 -- source3/modules/onefs_cbrl.c| 593 - source3/modules/onefs_config.c | 278 source3/modules/onefs_config.h | 160 --- source3/modules/onefs_dir.c | 622 - source3/modules/onefs_notify.c | 682 -- source3/modules/onefs_open.c| 2200 --- source3/modules/onefs_shadow_copy.c | 783 --- source3/modules/onefs_shadow_copy.h | 32 - source3/modules/onefs_streams.c | 771 --- source3/modules/onefs_system.c | 782 --- source3/modules/perfcount_onefs.c | 481 --- source3/modules/vfs_onefs.c | 299 - source3/modules/vfs_onefs_shadow_copy.c | 685 -- source3/modules/wscript_build | 28 - source3/smbd/oplock.c |3 - source3/smbd/oplock_onefs.c | 733 -- source3/smbd/proto.h|4 - source3/wscript_build |3 +- 23 files changed, 2 insertions(+), 10395 deletions(-) delete mode 100644 source3/include/oplock_onefs.h delete mode 100644 source3/modules/onefs.h delete mode 100644 source3/modules/onefs_acl.c delete mode 100644 source3/modules/onefs_cbrl.c delete mode 100644 source3/modules/onefs_config.c delete mode 100644 source3/modules/onefs_config.h delete mode 100644 source3/modules/onefs_dir.c delete mode 100644 source3/modules/onefs_notify.c delete mode 100644 source3/modules/onefs_open.c delete mode 100644 source3/modules/onefs_shadow_copy.c delete mode 100644 source3/modules/onefs_shadow_copy.h delete mode 100644 source3/modules/onefs_streams.c delete mode 100644 source3/modules/onefs_system.c delete mode 100644 source3/modules/perfcount_onefs.c delete mode 100644 source3/modules/vfs_onefs.c delete mode 100644 source3/modules/vfs_onefs_shadow_copy.c delete mode 100644 source3/smbd/oplock_onefs.c Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index dce7f77..486ec72 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -833,8 +833,7 @@ PROFILES_OBJ = utils/profiles.o \ $(POPT_LIB_OBJ) \ $(REGFIO_OBJ) -OPLOCK_OBJ = smbd/oplock.o smbd/oplock_irix.o smbd/oplock_linux.o \ -smbd/oplock_onefs.o +OPLOCK_OBJ = smbd/oplock.o smbd/oplock_irix.o smbd/oplock_linux.o NOTIFY_OBJ = smbd/notify.o smbd/notify_inotify.o smbd/notify_internal.o \ librpc/gen_ndr/ndr_notify.o @@ -884,11 +883,6 @@ VFS_SYNCOPS_OBJ = modules/vfs_syncops.o VFS_ACL_XATTR_OBJ = modules/vfs_acl_xattr.o VFS_ACL_TDB_OBJ = modules/vfs_acl_tdb.o VFS_SMB_TRAFFIC_ANALYZER_OBJ = modules/vfs_smb_traffic_analyzer.o -VFS_ONEFS_OBJ = modules/vfs_onefs.o modules/onefs_acl.o modules/onefs_system.o \ - modules/onefs_open.o modules/onefs_streams.o modules/onefs_dir.o \ - modules/onefs_cbrl.o modules/onefs_notify.o modules/onefs_config.o -VFS_ONEFS_SHADOW_COPY_OBJ = modules/vfs_onefs_shadow_copy.o modules/onefs_shadow_copy.o -PERFCOUNT_ONEFS_OBJ = modules/perfcount_onefs.o PERFCOUNT_TEST_OBJ = modules/perfcount_test.o VFS_DIRSORT_OBJ = modules/vfs_dirsort.o VFS_SCANNEDONLY_OBJ = modules/vfs_scannedonly.o @@ -3099,18 +3093,6 @@ bin/acl_tdb.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_ACL_TDB_OBJ) @echo Building plugin $@ @$(SHLD_MODULE) $(VFS_ACL_TDB_OBJ) -bin/onefs.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_ONEFS_OBJ) - @echo Building plugin $@ - @$(SHLD_MODULE) $(VFS_ONEFS_OBJ) @ONEFS_LIBS@ - -bin/onefs_shadow_copy.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_ONEFS_SHADOW_COPY_OBJ) - @echo Building plugin $@ - @$(SHLD_MODULE) $(VFS_ONEFS_SHADOW_COPY_OBJ) - -bin/pc_onefs.@SHLIBEXT@:
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-05-16-1409/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-05-16-1409/samba3.stderr http://git.samba.org/autobuild.flakey/2012-05-16-1409/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-05-16-1409/samba4.stderr http://git.samba.org/autobuild.flakey/2012-05-16-1409/samba4.stdout The top commit at the time of the failure was: commit 70be41c772d69d36ea8f434187be8bfd6b5f38a0 Author: Stefan Metzmacher me...@samba.org Date: Wed May 16 09:26:12 2012 +0200 s3:onefs: remove all onefs related code as it not maintained anymore See https://lists.samba.org/archive/samba-technical/2012-May/083631.html for the discussion. metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Wed May 16 11:23:05 CEST 2012 on sn-devel-104
[SCM] CTDB repository - branch master updated - ctdb-1.13-173-g6e68797
The branch, master has been updated
via 6e68797af67bee36f2bad045f94806e7e98f27e9 (commit)
via 2bcd58b30d7cf6dd48ad7f019810c6965a44c85a (commit)
via 863ad337fa3c4effe1fd370d3ba414027c600bd6 (commit)
via f4b7d14f2e3c7345e7a09abb27c32923fb78cbc4 (commit)
via c7d6e4557d00de674737e2c8d6cbebaa2461c303 (commit)
via d661f09c6c76543bd091d51bc0e6fe97ed0f55d1 (commit)
via ed2db1f4e8d2b222d7f912a4a007ce48a23e83b0 (commit)
via d2514051761ba23deee0e118c25afab2ab8d854e (commit)
via a00e80c701a0f9695f41c24e0360c25c0873d49d (commit)
via 6b8507d4d3062e709409b3790117d87311b3460d (commit)
via db8cf8f5e644a0b21a6040287887fee40f38d4db (commit)
via 9f20fbf91706db94f65f62dbd6a4e087890c1da9 (commit)
via 61c80f58a8cfbaca7e669ef8cd95b4f6b5dc66c7 (commit)
via e7ba0a30e7b7fe78e83e493128b349708cf0038a (commit)
via 14a630cbc638d2f3bf699de5d94131e5f7d1a3ea (commit)
via 1957d53b78f101cd0cd37d9705a225deef5174a2 (commit)
via f0a14169883661a702a352aa0311a2b433071a83 (commit)
via 5c23244591b8005f91d8e25e719cd332c711db14 (commit)
from e3dc5bd3f1ef1f0ed08f57a5b5bafcac936e9ed0 (commit)
http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master
- Log -
commit 6e68797af67bee36f2bad045f94806e7e98f27e9
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Thu May 17 10:17:51 2012 +1000
Debug: When scripts hang, we may need to collect additional data in order
to debug why the script hung.
Break this debug and datacollection out into an external script to make it
easier to modify what data we need to collect.
For now we only collect a pstree so we can see what part of the script we
hung in.
S1037271
---
Summary of changes:
Makefile.in |3 +-
config/ctdb.init|1 +
config/ctdb.sysconfig |3 +
config/debug-hung-script.sh |7 ++
config/functions| 12 ++-
include/ctdb_private.h |3 +
packaging/RPM/ctdb.spec.in | 65 +++--
server/ctdb_tunables.c |2 +-
server/ctdbd.c | 11 +++
server/eventscript.c| 66 -
tests/INSTALL | 10 +--
tests/eventscripts/13.per_ip_routing.002.sh |2 +-
tests/eventscripts/scripts/local.sh |3 +-
tests/run_cluster_tests.sh | 19 +-
tests/run_tests.sh | 40 --
tests/scripts/integration.bash | 42 --
tests/scripts/run_tests | 60 +++-
tests/simple/18_ctdb_reloadips.sh | 106 +++
18 files changed, 362 insertions(+), 93 deletions(-)
create mode 100644 config/debug-hung-script.sh
mode change 100755 = 12 tests/run_cluster_tests.sh
create mode 100755 tests/simple/18_ctdb_reloadips.sh
Changeset truncated at 500 lines:
diff --git a/Makefile.in b/Makefile.in
index ecf03f2..cdebbd7 100755
--- a/Makefile.in
+++ b/Makefile.in
@@ -356,6 +356,7 @@ install: all $(PMDA_INSTALL)
if [ -f doc/ltdbtool.1 ]; then ${INSTALLCMD} -m 644 doc/ltdbtool.1
$(DESTDIR)$(mandir)/man1; fi
if [ -f doc/ping_pong.1 ];then ${INSTALLCMD} -m 644 doc/ping_pong.1
$(DESTDIR)$(mandir)/man1; fi
if [ ! -f $(DESTDIR)$(etcdir)/ctdb/notify.sh ];then ${INSTALLCMD} -m
755 config/notify.sh $(DESTDIR)$(etcdir)/ctdb; fi
+ ${INSTALLCMD} -m 755 config/debug-hung-script.sh
$(DESTDIR)$(etcdir)/ctdb
if [ ! -f $(DESTDIR)$(etcdir)/ctdb/ctdb-crash-cleanup.sh ];then
${INSTALLCMD} -m 755 config/ctdb-crash-cleanup.sh $(DESTDIR)$(etcdir)/ctdb; fi
install_pmda:
@@ -369,7 +370,7 @@ install_tests: all
tests/INSTALL --destdir=$(DESTDIR) --datarootdir=$(prefix)/share
--libdir=$(libdir) --bindir=$(bindir) --etcdir=$(etcdir)
test: all
- tests/run_tests.sh
+ tests/run_tests.sh -V tests/var
test_cluster: all
tests/run_cluster_tests.sh
diff --git a/config/ctdb.init b/config/ctdb.init
index 0a4d29b..5d01a9c 100755
--- a/config/ctdb.init
+++ b/config/ctdb.init
@@ -95,6 +95,7 @@ build_ctdb_options () {
maybe_set --event-script-dir $CTDB_EVENT_SCRIPT_DIR
maybe_set --transport $CTDB_TRANSPORT
maybe_set -d $CTDB_DEBUGLEVEL
+maybe_set --debug-hung-script $CTDB_DEBUG_HUNG_SCRIPT
maybe_set --notification-script$CTDB_NOTIFY_SCRIPT
maybe_set --start-as-disabled $CTDB_START_AS_DISABLEDyes
maybe_set --start-as-stopped $CTDB_START_AS_STOPPED yes
diff --git a/config/ctdb.sysconfig b/config/ctdb.sysconfig
index 163a0dd..fecc7a5
[SCM] CTDB repository - branch 1.13 updated - ctdb-1.42-108-g93b176b
The branch, 1.13 has been updated
via 93b176b39dddc71011ec7182deda435874474e45 (commit)
via 06041c372525924add825bf23a0758546465a516 (commit)
via 6f30c8d233b150d12f7e37e54769fdd670437b90 (commit)
from 6ebd66a10b3fce30cf686f67349c4372c1042dc9 (commit)
http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.13
- Log -
commit 93b176b39dddc71011ec7182deda435874474e45
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Thu May 17 11:16:57 2012 +1000
GANESHA: make the ganesha script executable by default
commit 06041c372525924add825bf23a0758546465a516
Author: Martin Schwenke mar...@meltin.net
Date: Wed May 16 17:24:21 2012 +1000
Eventscripts: Modernise 60.ganesha to match 60.nfs
Originally from Srikrishan Malik srikrishan.ma...@in.ibm.com with
some style changes by me.
Signed-off-by: Martin Schwenke mar...@meltin.net
commit 6f30c8d233b150d12f7e37e54769fdd670437b90
Author: Martin Schwenke mar...@meltin.net
Date: Wed May 16 13:29:58 2012 +1000
Eventscripts: restart lockd in the background when going unhealthy
Sometimes the restart can hang when there are I/O problems. Then the
eventscript times out and gets killed so the node never marked as
unhealthy.
Restarting in the background avoids this.
Signed-off-by: Martin Schwenke mar...@meltin.net
---
Summary of changes:
Makefile.in|2 +-
config/events.d/60.ganesha | 207
config/events.d/60.nfs |4 +-
config/functions | 31 +++
config/statd-callout | 14 ++-
5 files changed, 137 insertions(+), 121 deletions(-)
Changeset truncated at 500 lines:
diff --git a/Makefile.in b/Makefile.in
index cdebbd7..cbb987a 100755
--- a/Makefile.in
+++ b/Makefile.in
@@ -343,7 +343,7 @@ install: all $(PMDA_INSTALL)
${INSTALLCMD} -m 755 config/events.d/41.httpd
$(DESTDIR)$(etcdir)/ctdb/events.d
${INSTALLCMD} -m 755 config/events.d/50.samba
$(DESTDIR)$(etcdir)/ctdb/events.d
${INSTALLCMD} -m 755 config/events.d/60.nfs
$(DESTDIR)$(etcdir)/ctdb/events.d
- ${INSTALLCMD} -m 644 config/events.d/60.ganesha
$(DESTDIR)$(etcdir)/ctdb/events.d
+ ${INSTALLCMD} -m 755 config/events.d/60.ganesha
$(DESTDIR)$(etcdir)/ctdb/events.d
${INSTALLCMD} -m 755 config/events.d/62.cnfs
$(DESTDIR)$(etcdir)/ctdb/events.d
${INSTALLCMD} -m 755 config/events.d/70.iscsi
$(DESTDIR)$(etcdir)/ctdb/events.d
${INSTALLCMD} -m 755 config/events.d/91.lvs
$(DESTDIR)$(etcdir)/ctdb/events.d
diff --git a/config/events.d/60.ganesha b/config/events.d/60.ganesha
index fb3b7c2..cee7792 100755
--- a/config/events.d/60.ganesha
+++ b/config/events.d/60.ganesha
@@ -1,34 +1,58 @@
#!/bin/sh
# script to manage nfs in a clustered environment
-start_nfs() {
- mkdir -p $CTDB_VARDIR/state/nfs
- mkdir -p $CTDB_VARDIR/state/statd/ip
- ctdb_service_stop
- ctdb_service_start
- echo 1 /proc/sys/net/ipv4/tcp_tw_recycle
+. $CTDB_BASE/functions
+
+service_name=nfs-ganesha-gpfs
+
+
+service_start ()
+{
+startstop_ganesha stop
+startstop_ganesha start
+set_proc sys/net/ipv4/tcp_tw_recycle 1
}
-. $CTDB_BASE/functions
+service_stop ()
+{
+startstop_ganesha stop
+}
+
+service_reconfigure ()
+{
+# if the ips have been reallocated, we must restart ganesha
+# across all nodes and ping all statd listeners
+[ -x $CTDB_BASE/statd-callout ] {
+ $CTDB_BASE/statd-callout notify
+} /dev/null 21
+}
+loadconfig nfs
-loadconfig nfs
+[ $NFS_SERVER_MODE == ganesha ] || exit 0
-[ $NFS_SERVER_MODE = GANESHA ] || exit 0
+ctdb_setup_service_state_dir
+
+statd_update_trigger=$service_state_dir/update-trigger
+# We want this file to always exist. The corner case is when
+# auto-start/stop is switched off, NFS is added as a managed service
+# some time after ctdbd is started and someone else starts the NFS
+# service for us. In this case this file might not otherwise exist
+# when we get to a monitor event.
+touch $statd_update_trigger
-service_name=nfs-ganesha-gpfs
ctdb_start_stop_service
is_ctdb_managed_service || exit 0
+ctdb_service_check_reconfigure
+
case $1 in
init)
# read statd from persistent database
;;
startup)
ctdb_service_start
- mkdir -p $CTDB_VARDIR/state/statd
- touch $CTDB_VARDIR/state/statd/update-trigger
;;
shutdown)
@@ -44,111 +68,68 @@ case $1 in
;;
monitor)
- if ctdb_service_needs_reconfigure ; then
- ctdb_service_reconfigure
- exit 0
- fi
update_tickles 2049
-
- # check that statd responds to rpc requests
- # if statd is not running we try to restart it
- if ctdb_check_rpc STATD status 1 /dev/null ; then
-
[SCM] CTDB repository - branch master updated - ctdb-1.13-178-gf59b40b
The branch, master has been updated
via f59b40b3f8ea3da8ffb8601bc025e83c237072d5 (commit)
via f23b5a160184db8c92f8c69307dc4a64adae839d (commit)
via 637cab6304dae66b85668506028c76ea1ee88980 (commit)
via 13acd58c41fba1a33894fbd654fed69ea0eac322 (commit)
via 92f74fd589467b46c758e116e97417edfe8773d7 (commit)
from 6e68797af67bee36f2bad045f94806e7e98f27e9 (commit)
http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master
- Log -
commit f59b40b3f8ea3da8ffb8601bc025e83c237072d5
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Thu May 17 11:16:57 2012 +1000
GANESHA: make the ganesha script executable by default
commit f23b5a160184db8c92f8c69307dc4a64adae839d
Merge: 6e68797af67bee36f2bad045f94806e7e98f27e9
637cab6304dae66b85668506028c76ea1ee88980
Author: Ronnie Sahlberg ronniesahlb...@gmail.com
Date: Thu May 17 11:48:07 2012 +1000
Merge remote branch 'martins/ganesha'
commit 637cab6304dae66b85668506028c76ea1ee88980
Author: Martin Schwenke mar...@meltin.net
Date: Wed May 16 17:24:21 2012 +1000
Eventscripts: Modernise 60.ganesha to match 60.nfs
Originally from Srikrishan Malik srikrishan.ma...@in.ibm.com with
some style changes by me.
Signed-off-by: Martin Schwenke mar...@meltin.net
commit 13acd58c41fba1a33894fbd654fed69ea0eac322
Author: Martin Schwenke mar...@meltin.net
Date: Wed May 16 13:29:58 2012 +1000
Eventscripts: restart lockd in the background when going unhealthy
Sometimes the restart can hang when there are I/O problems. Then the
eventscript times out and gets killed so the node never marked as
unhealthy.
Restarting in the background avoids this.
Signed-off-by: Martin Schwenke mar...@meltin.net
commit 92f74fd589467b46c758e116e97417edfe8773d7
Author: Martin Schwenke mar...@meltin.net
Date: Tue May 8 14:53:58 2012 +1000
Eventscript functions: add optional version to nfs_check_rpc_service()
This can be optional because the 1st item of each action-triple is a
test comparison that starts with '-'.
Signed-off-by: Martin Schwenke mar...@meltin.net
---
Summary of changes:
Makefile.in|2 +-
config/events.d/60.ganesha | 207
config/events.d/60.nfs |4 +-
config/functions | 31 +++
config/statd-callout | 14 ++-
5 files changed, 137 insertions(+), 121 deletions(-)
Changeset truncated at 500 lines:
diff --git a/Makefile.in b/Makefile.in
index cdebbd7..cbb987a 100755
--- a/Makefile.in
+++ b/Makefile.in
@@ -343,7 +343,7 @@ install: all $(PMDA_INSTALL)
${INSTALLCMD} -m 755 config/events.d/41.httpd
$(DESTDIR)$(etcdir)/ctdb/events.d
${INSTALLCMD} -m 755 config/events.d/50.samba
$(DESTDIR)$(etcdir)/ctdb/events.d
${INSTALLCMD} -m 755 config/events.d/60.nfs
$(DESTDIR)$(etcdir)/ctdb/events.d
- ${INSTALLCMD} -m 644 config/events.d/60.ganesha
$(DESTDIR)$(etcdir)/ctdb/events.d
+ ${INSTALLCMD} -m 755 config/events.d/60.ganesha
$(DESTDIR)$(etcdir)/ctdb/events.d
${INSTALLCMD} -m 755 config/events.d/62.cnfs
$(DESTDIR)$(etcdir)/ctdb/events.d
${INSTALLCMD} -m 755 config/events.d/70.iscsi
$(DESTDIR)$(etcdir)/ctdb/events.d
${INSTALLCMD} -m 755 config/events.d/91.lvs
$(DESTDIR)$(etcdir)/ctdb/events.d
diff --git a/config/events.d/60.ganesha b/config/events.d/60.ganesha
index fb3b7c2..cee7792 100755
--- a/config/events.d/60.ganesha
+++ b/config/events.d/60.ganesha
@@ -1,34 +1,58 @@
#!/bin/sh
# script to manage nfs in a clustered environment
-start_nfs() {
- mkdir -p $CTDB_VARDIR/state/nfs
- mkdir -p $CTDB_VARDIR/state/statd/ip
- ctdb_service_stop
- ctdb_service_start
- echo 1 /proc/sys/net/ipv4/tcp_tw_recycle
+. $CTDB_BASE/functions
+
+service_name=nfs-ganesha-gpfs
+
+
+service_start ()
+{
+startstop_ganesha stop
+startstop_ganesha start
+set_proc sys/net/ipv4/tcp_tw_recycle 1
}
-. $CTDB_BASE/functions
+service_stop ()
+{
+startstop_ganesha stop
+}
+
+service_reconfigure ()
+{
+# if the ips have been reallocated, we must restart ganesha
+# across all nodes and ping all statd listeners
+[ -x $CTDB_BASE/statd-callout ] {
+ $CTDB_BASE/statd-callout notify
+} /dev/null 21
+}
+loadconfig nfs
-loadconfig nfs
+[ $NFS_SERVER_MODE == ganesha ] || exit 0
-[ $NFS_SERVER_MODE = GANESHA ] || exit 0
+ctdb_setup_service_state_dir
+
+statd_update_trigger=$service_state_dir/update-trigger
+# We want this file to always exist. The corner case is when
+# auto-start/stop is switched off, NFS is added as a managed service
+# some time after ctdbd is started and someone else starts the NFS
+# service for us. In this case this file might not otherwise exist
+# when we get to a monitor event.
+touch
[SCM] build.samba.org - branch master updated
The branch, master has been updated
via c2dd325 test that build farm locks are 0 size
from d405260 Add an easy way to got back to the error list
http://gitweb.samba.org/?p=build-farm.git;a=shortlog;h=master
- Log -
commit c2dd3258882427afeaf3e1f7eb59bc13d30441e7
Author: Andrew Bartlett abart...@samba.org
Date: Thu May 17 11:56:35 2012 +1000
test that build farm locks are 0 size
This does make the locks less atomic, but disk full situations are more
common.
When the disk fills up, then the zero length file is created, and the host
drops out of the build farm.
Andrew Bartlett
---
Summary of changes:
build_test.fns |4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/build_test.fns b/build_test.fns
index 392180a..2358524 100644
--- a/build_test.fns
+++ b/build_test.fns
@@ -196,7 +196,9 @@ lock_file() {
return 0
fi
- if test -f $lckf; then
+ # We need to assert that the file is 0 size, as otherwise we
never
+# recover from disk full situations
+ if test -f $lckf test -s $lckf; then
test x$machine = x$host || {
echo lock file $lckf is valid for other
machine $machine
return 1
--
build.samba.org
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6bafb4a s3-smbd: Avoid creating a UID ACL entry for SIDs that are mapped as ID_TYPE_BOTH The GID ACL entry is what will be mapped in most cases, and so is sufficient. via f38638d s3-smbd: Consider a group with the same SID as sufficient duplication via 5b1c422 s3-smbd: Handle ID_TYPE_BOTH by mapping to both a group ACL entry and file ownership This will allow groups, such as domain administrators, to own files while correctly handling the rest of the ACL permissions. via 367a644 We need to split things up into a new helper function add_current_ace_to_acl() in order for there to be more posix ACL elements than NT ACL elements (so a group SID can own a file, but also get the group permissions that will be honoured) via 173f818 This covers a case where an ID_TYPE_BOTH mapping creates group permissions, but must own the file. Based on an original patch by Andrew Bartlett. via 5910647 s3-smbd: Do not merge UID ACE values with GID ACE values for posix ACL from 70be41c s3:onefs: remove all onefs related code as it not maintained anymore http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6bafb4ac25989fd5d637db0da4afab5ae36bad1c Author: Andrew Bartlett abart...@samba.org Date: Wed May 16 13:07:17 2012 -0700 s3-smbd: Avoid creating a UID ACL entry for SIDs that are mapped as ID_TYPE_BOTH The GID ACL entry is what will be mapped in most cases, and so is sufficient. Andrew Bartlett Signed-off-by: Jeremy Allison j...@samba.org Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Thu May 17 05:08:44 CEST 2012 on sn-devel-104 commit f38638d4511814e2b541665df2f56c7ce357682f Author: Andrew Bartlett abart...@samba.org Date: Thu May 10 11:05:41 2012 +1000 s3-smbd: Consider a group with the same SID as sufficient duplication This code is to ensure that the user does not loose rights when their file ownership is taken away. If the owner (an IDMAP_BOTH SID) appears as a group then a duplicate user is not required. Signed-off-by: Jeremy Allison j...@samba.org commit 5b1c42228b8badbc7e7a4446c33f590bd1257f1f Author: Andrew Bartlett abart...@samba.org Date: Tue May 15 12:33:18 2012 -0700 s3-smbd: Handle ID_TYPE_BOTH by mapping to both a group ACL entry and file ownership This will allow groups, such as domain administrators, to own files while correctly handling the rest of the ACL permissions. Andrew Bartlett Signed-off-by: Jeremy Allison j...@samba.org commit 367a644c4d91531faf8b2ce9a167fc196da12422 Author: Andrew Bartlett abart...@samba.org Date: Mon May 14 17:11:09 2012 -0700 We need to split things up into a new helper function add_current_ace_to_acl() in order for there to be more posix ACL elements than NT ACL elements (so a group SID can own a file, but also get the group permissions that will be honoured) Andrew Bartlett Slightly modified by Jeremy to reduce diff size. Signed-off-by: Jeremy Allison j...@samba.org commit 173f818a294d89cc97ba22856c334c451772fbe5 Author: Jeremy Allison j...@samba.org Date: Mon May 14 12:34:39 2012 -0700 This covers a case where an ID_TYPE_BOTH mapping creates group permissions, but must own the file. Based on an original patch by Andrew Bartlett. commit 59106473d37044adf5f1edde24221e1f70f15972 Author: Andrew Bartlett abart...@samba.org Date: Wed May 9 12:11:45 2012 +1000 s3-smbd: Do not merge UID ACE values with GID ACE values for posix ACL This might happen when we get a SID mapped to IDMAP_BOTH. Andrew Bartlett Signed-off-by: Jeremy Allison j...@samba.org --- Summary of changes: source3/smbd/posix_acls.c | 534 - 1 files changed, 334 insertions(+), 200 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index bbf0eae..e2571ff 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -26,6 +26,7 @@ #include trans2.h #include passdb/lookup_sid.h #include auth.h +#include ../librpc/gen_ndr/idmap.h extern const struct generic_mapping file_generic_mapping; @@ -949,15 +950,21 @@ static void merge_aces( canon_ace **pp_list_head, bool dir_acl) /* For file ACLs we can merge if the SIDs and ALLOW/DENY * types are the same. For directory acls we must also -* ensure the POSIX ACL types are the same. */ +* ensure the POSIX ACL types are the same. +* +* For the IDMAP_BOTH case, we must not merge +* the UID and GID ACE values for same SID +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 632af66 Check the return from create_acl_blob
from 6bafb4a s3-smbd: Avoid creating a UID ACL entry for SIDs that are
mapped as ID_TYPE_BOTH The GID ACL entry is what will be mapped in most cases,
and so is sufficient.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 632af6645376185500820a5be9dbf5c0c3d1e515
Author: Richard Sharpe realrichardsha...@gmail.com
Date: Wed May 16 20:21:34 2012 -0700
Check the return from create_acl_blob
Autobuild-User: Richard Sharpe sha...@samba.org
Autobuild-Date: Thu May 17 07:17:29 CEST 2012 on sn-devel-104
---
Summary of changes:
source3/modules/vfs_acl_common.c | 10 ++
1 files changed, 6 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 221b43f..c7bce57 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -592,10 +592,12 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct
*handle, files_struct *fsp,
NDR_PRINT_DEBUG(security_descriptor,
discard_const_p(struct security_descriptor, psd));
}
- /*
-* Perhaps create_acl_blob should have a status return as well
-*/
- create_acl_blob(psd, blob, XATTR_SD_HASH_TYPE_SHA256, hash);
+ status = create_acl_blob(psd, blob, XATTR_SD_HASH_TYPE_SHA256, hash);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, (fset_nt_acl_xattr: create_acl_blob failed\n));
+ return status;
+ }
+
status = store_acl_blob_fsp(handle, fsp, blob);
return status;
--
Samba Shared Repository
