Re: [Samba] exported LDAP DB file smbpasswd?
Hi, why not export with pdbedit and then import it again ?! no converting needed... (except for smb.conf that is.) cheers. On 25-5-2012 0:01, Gaiseric Vandal wrote: Just what is in the documentation on samba.org. Anything involving plain-text authentication seems to be discouraged. On 05/24/12 17:56, aurfalien wrote: On 05/24/12 16:25, aurfalien wrote: Hi all, I am using OpenLDAP and over have ~800 users in its DB. I would like to simply use Samba as a file server, no PDC. I have been able to export my LDAP DB to a file containing hashes of users passwords. Is there a way I can import this file to smbpasswd or other file that Samba understands so that my 800 some odd users won't have to re register there passwords? I would really love to avoid having 800 annoyed users retyping there passwords for accessing shares. I have them currently authenticating on Windows via an LDAP client (pGina). - aurf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- --- Collen Blijenberg - systeem/netwerk beheerder -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] 3.2.15 sys_get_vfs_quota -- failed for mntpath[ a device ] bdev [ a device ] qtype[4] id[513]: Invalid argument
or/and ... qtype[2] id[501]: Invalid argument above version of samba does not seem to be able to recognize FS(ext4) quotas, could you gents.ladies shed some light please? very much appreciated. regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba / LDAP : map uid to another field ?
I found « username map [script] » directive in smb.conf man page. I've tested P1234=jdoe and it's works. Next is to make a one line script to make this dynamic ^^ Another solution was to make a proxy LDAP instead of a replica. Thanks for the help ! If anyone have another idea, i'm open :) 2012/5/24 Sylvain debian.r...@gmail.com Unfortunaly, I cannot do this since the two attributes are different meaning and are used in another applications so maybe with a local LDAP replica and use of your tricks will works. I will try if there are no Samba solutions. Thanks :) 2012/5/24 miguelmeda...@sapo.pt I am not sure if you can act on the samba side. Maybe you should think the other way around. You can map one attribute to another inside the LDAP server. You would use the map attribute directive to map eduPersonPrincipalName to uid. Both logins would then authenticate against uid. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem joining to a Samba PDC (Probably caused by unix charset)
Hello, trying to join a Windows 7 64-Bit PC to a Samba PDC (3.6.5) fails with message Domain not found or no connection possible. After some testing I found that the problem was caused by the Samba-parameter unix charset = ISO8859-1. When I start the nmbd with same config-file just without the unix charset the PC can join the domain (smbd runs with org. config-file. Samba runs on CentOS6 (en_US.UTF-8)). Is this the expected behavior? (At the moment I need ISO8859-1 because the files were saved with this charset). Best regards, Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] multi home dir locations
Hmm, i played around with this nss_ldap, also with the rfc2307 from winbind looks all nice, but samba4 does not have posix scheme loaded and filled for users by default. if i make a new user, it will not have the posix attributes. and the attributes are not auto set (no uid, gid) so yeh it can go around the problem, but creates a bunch of new ones to bad we can't do the nss_ldap mapping within winbind. since it's only the (unix)homedir we're after at. thx anny way... Collen On 24-5-2012 19:11, steve wrote: Hi Making it default is the easy bit. Install nss-pam-ldapd (libnss-ldapd and libpam-ldapd under Debian). Here is our config in /etc/nslcd.conf uid nslcd gid nslcd uri ldap://sam4dc.polop.site base dc=polop,dc=site map passwd uid samAccountName map passwd homeDirectory unixHomeDirectory #map group uniqueMember member sasl_mech GSSAPI sasl_realm POLOP.SITE krb5_ccname /tmp/nslcd.tkt Most of this is site dependent but the mappings are all that are important. The latest version (0.8.4 up) maps group members too hence the commented out line. We have written scripts to implement this but you can do this from Linux using ldbedit to add only the objects and attributes you need. Here is an example of a user called steve2 (samba-tool user add steve2 or from ADUC in windows) in the directory to which we have added the attributes necessary for nss-ldapd mappings: dn: CN=steve2,CN=Users,DC=polop,DC=site cn: steve2 instanceType: 4 whenCreated: 20120508141303.0Z uSNCreated: 3719 name: steve2 objectGUID: 2e73c14e-976e-431e-830e-863494cc4a1c badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 objectSid: S-1-5-21-1196638036-2541980263-511278767-1105 logonCount: 0 sAMAccountName: steve2 sAMAccountType: 805306368 userPrincipalName: ste...@polop.site objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=polop,DC=site pwdLastSet: 12980959983000 uidNumber: 308 unixHomeDirectory: /home2/CACTUS/steve2 loginShell: /bin/bash objectClass: top objectClass: posixAccount objectClass: person objectClass: organizationalPerson objectClass: user profilePath: \\sam4dc\profiles\steve2 homeDrive: Z: homeDirectory: \\sam4dc\home\steve2 memberOf: CN=staff,CN=Users,DC=polop,DC=site primaryGroupID: 513 gidNumber: 20513 userAccountControl: 66048 accountExpires: 0 whenChanged: 20120518160301.0Z uSNChanged: 3944 distinguishedName: CN=steve2,CN=Users,DC=polop,DC=site You can either add the objects and attributes to taste using ldbedit or write scripts to add them for you. We have written a suite of well tested scripts called 's4bind' which do all this for you. Remember, if the attributes are stored in the directory and mapped by something up to date which understands AD, then there can never be any confusion as to uid, gid, home directory or whatever. m$ have granted us free access to the posix attributes necessary to connect Linux machines to 2008r2 and therefore Samba4 AD. Let's use them to our advantage. http://linuxcostablanca.blogspot.com.es/p/s4bind.html Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba as member of multi domain AD (nss/pam)
Il 25/05/2012 09:57, Marcel Ritter ha scritto: our setup looks much like yours: One domain FAUAD containing all our users, and several domains containing computer objects (and maybe local users). To prevent inconsistencies in user/group membership, we'd like to use nss/pam winbind on the unix side to get users/groups out of our AD. Add winbind to /etc/nss.conf (passwd and group lines). Then use idmap rid for the domains you're interested in (and tdb fot eventual others): idmap backend = tdb idmap uid = 1-9 idmap gid = 1-9 idmap config PERSONALE:backend = rid idmap config PERSONALE:base_rid = 500 idmap config PERSONALE:range = 10 - 4999 idmap config STUDENTI:backend = rid idmap config STUDENTI:base_rid = 500 idmap config STUDENTI:range = 5000 - Users and groups in PERSONALE and STUDENTI are consistent across all servers, while other domains receive first come first served ids. However for most purposes it'd be nice to only get the short user names (user instead of FAUAD+user) for all domains (or at least for a selectable domain). AFAIK the default domain is the one the computer object is created in (in our case this is *not* the one containing the user objects). I haven't found an option to specify this default domain without changing the domain location of the computer object. Neither did I. I tried really hard with: idmap domains = PERSONALE STUDENTI idmap config PERSONALE:default = no idmap config STUDENTI:default = yes To make 'STUDENTI' the default domain while the server is joined to 'PERSONALE', but it didn't work. Maybe someone have a clue. Any idea about how to solve this is welcome :-) I'm in the dark like you :( BYtE, Diego. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Enabling winbind idmap_hash module
Hello, I am using samba 3.5 (Red Hat Linux 6) which comes with idmap_hash plugin. I have put the following in smb.conf: workgroup = WORKGROUP password server = * security = domain idmap backend = hash idmap uid = 500-33554431 idmap gid = 500-33554431 winbind nss info = hash winbind normalize names = yes idmap_hash:name_map = /etc/samba/name_map.cfg template shell = /bin/bash winbind use default domain = false winbind offline logon = no winbind enum users = true winbind enum groups = true log level = winbind:3 An abstract of /etc/samba/name_map.cfg is: ntadmins=WORKGROUP\Domain Admins I restarted winbind. The problem is that the following command gives: # getent group WORKGROUP\Domain Admins WORKGROUP\domain_admins:*:16777224: Instead of something like: ntadmins:x:503: The same problem with getent passwd. I noticed that whatever value I put for idmap backend (event a xrong value), it does not change anything nor produces any error message in log. Any idea? Thanks a lot -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 : Problem setting folder and file permissions from windows box
Hi, Thanks for pointing me to this bug. I'm not sure whether it's the same thing happening here though. Because at first everything was running fine. The only thing I did was backing up the sytem using rsync, which did not preserve the extended attributes. But as I said, copying those extended attribute back on homes and other folders didn't fix the issue either. I may try to reboot the system maybe, but I also have another idea in the meantime : I see that the linux to windows accounts mapping is still working, for example the profiles folder have users ownership like 329, and the map correctly to AD users in windows. So I might as well create linux groups including those numerical user IDs, and apply them directly from command line in linux to files and folders, instead of using windows explorer and security tab. And it would also solve the backups issue. Because I realize that my rsnaphot incremental backups don't save those xattributes eiter... I will look into it further into it, post to 3938 if it is relevant. Thanks again for reading my post. regards, micmac Le 24/05/2012 17:43, steve a écrit : On 05/24/2012 03:39 PM, micmac wrote: I found a Python script that can copy the xattr from one file to another, sadly it didn't help at all... I'm completely desperate about a solution... and apparently people don't care at all about what I'm saying on this list. Here is the script, if it can be of use to some: http://game-sat.com/~brian/xattr.copy micmac -- View this message in context: http://samba.2283325.n4.nabble.com/Samba4-Problem-setting-folder-and-file-permissions-from-windows-box-tp4632038p4632070.html Sent from the Samba - General mailing list archive at Nabble.com. Hi I think you may be looking at the same bug as us: https://bugzilla.samba.org/show_bug.cgi?id=8938 Briefly: posix to windows and windows to posix doesn't work at the moment. I feel sure we are on the edge of an imminent fix. Please add your test-case to 3938 if you think it relevant. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can't join samba4 as domain controller
Hi, I'm trying to join samba 4 alpha 20 to my windows 2003 AD domain and I get this error: Adding SPNs to CN=SAMBADC1,OU=Domain Controllers,DC=montecarlotv,DC=com,DC=uy Setting account password for SAMBADC1$ Enabling account Calling bare provision Join failed - cleaning up checking sAMAccountName Deleted CN=SAMBADC1,OU=Domain Controllers,DC=montecarlotv,DC=com,DC=uy Deleted CN=NTDS Settings,CN=SAMBADC1,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=montecarlotv,DC=com,DC=uy Deleted CN=SAMBADC1,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=montecarlotv,DC=com,DC=uy ERROR(exceptions.NameError): uncaught exception - global name 'all' is not defined File /usr/local/samba/lib64/python2.4/site-packages/samba/netcmd/__init__.py, line 160, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.4/site-packages/samba/netcmd/domain.py, line 179, in run machinepass=machinepass) File /usr/local/samba/lib64/python2.4/site-packages/samba/join.py, line 964, in join_DC ctx.do_join() File /usr/local/samba/lib64/python2.4/site-packages/samba/join.py, line 870, in do_join ctx.join_provision() File /usr/local/samba/lib64/python2.4/site-packages/samba/join.py, line 598, in join_provision dns_backend=NONE) File /usr/local/samba/lib64/python2.4/site-packages/samba/provision/__init__.py, line 1704, in provision sitename=sitename, rootdn=rootdn) File /usr/local/samba/lib64/python2.4/site-packages/samba/provision/__init__.py, line 507, in guess_names if not valid_netbios_name(netbiosname): File /usr/local/samba/lib64/python2.4/site-packages/samba/__init__.py, line 310, in valid_netbios_name return all([is_valid_netbios_char(x) for x in name]) It's on a Centos 5.6 server. I've removed everything from samba3 as told by a post I found with the same error, but still nothing. Any one had already this problem? Where can I get more info on the join failed part to find out what is failing? Regards, Juan Pablo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] exported LDAP DB file smbpasswd?
Now thats brilliant, elegant and simple. Thanks Collen, looking forward to trying it. - aurf On May 25, 2012, at 2:31 AM, Collen wrote: Hi, why not export with pdbedit and then import it again ?! no converting needed... (except for smb.conf that is.) cheers. On 25-5-2012 0:01, Gaiseric Vandal wrote: Just what is in the documentation on samba.org. Anything involving plain-text authentication seems to be discouraged. On 05/24/12 17:56, aurfalien wrote: On 05/24/12 16:25, aurfalien wrote: Hi all, I am using OpenLDAP and over have ~800 users in its DB. I would like to simply use Samba as a file server, no PDC. I have been able to export my LDAP DB to a file containing hashes of users passwords. Is there a way I can import this file to smbpasswd or other file that Samba understands so that my 800 some odd users won't have to re register there passwords? I would really love to avoid having 800 annoyed users retyping there passwords for accessing shares. I have them currently authenticating on Windows via an LDAP client (pGina). - aurf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- --- Collen Blijenberg - systeem/netwerk beheerder -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] exported LDAP DB file smbpasswd?
pbdedit will export the Windows password from the SambaNTPassword field (won't it?) My understanding was the pGina was using the unix password in the userPassword field?Or am I wrong? On 05/25/12 09:36, aurfalien wrote: Now thats brilliant, elegant and simple. Thanks Collen, looking forward to trying it. - aurf On May 25, 2012, at 2:31 AM, Collen wrote: Hi, why not export with pdbedit and then import it again ?! no converting needed... (except for smb.conf that is.) cheers. On 25-5-2012 0:01, Gaiseric Vandal wrote: Just what is in the documentation on samba.org. Anything involving plain-text authentication seems to be discouraged. On 05/24/12 17:56, aurfalien wrote: On 05/24/12 16:25, aurfalien wrote: Hi all, I am using OpenLDAP and over have ~800 users in its DB. I would like to simply use Samba as a file server, no PDC. I have been able to export my LDAP DB to a file containing hashes of users passwords. Is there a way I can import this file to smbpasswd or other file that Samba understands so that my 800 some odd users won't have to re register there passwords? I would really love to avoid having 800 annoyed users retyping there passwords for accessing shares. I have them currently authenticating on Windows via an LDAP client (pGina). - aurf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- --- Collen Blijenberg - systeem/netwerk beheerder -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] exported LDAP DB file smbpasswd?
I am using pGina for authing, correct. But when I map drive shares, I'll need some kind of authing mechanism. My desire was this; Since I already auth the user during there pGina login to Windows, I did not want to auth again for drive mapping to a Samba server. But... since this SSO doesn't carry through to Samba as the Samba file server does not know who this person is requesting a drive map, they will need to input credentials. What I would really LOVE is this; Since authing has already been taking care of during log in, to be able to map a drive as that user w/o needing the input a password. This way whatever they touch on the server will maintain there UID/GID or UGO rather. This in effect will make Samba act as NFS in a way with regards to security (who are you and what are you allowed to do). - aurf On May 25, 2012, at 9:44 AM, Gaiseric Vandal wrote: pbdedit will export the Windows password from the SambaNTPassword field (won't it?) My understanding was the pGina was using the unix password in the userPassword field?Or am I wrong? On 05/25/12 09:36, aurfalien wrote: Now thats brilliant, elegant and simple. Thanks Collen, looking forward to trying it. - aurf On May 25, 2012, at 2:31 AM, Collen wrote: Hi, why not export with pdbedit and then import it again ?! no converting needed... (except for smb.conf that is.) cheers. On 25-5-2012 0:01, Gaiseric Vandal wrote: Just what is in the documentation on samba.org. Anything involving plain-text authentication seems to be discouraged. On 05/24/12 17:56, aurfalien wrote: On 05/24/12 16:25, aurfalien wrote: Hi all, I am using OpenLDAP and over have ~800 users in its DB. I would like to simply use Samba as a file server, no PDC. I have been able to export my LDAP DB to a file containing hashes of users passwords. Is there a way I can import this file to smbpasswd or other file that Samba understands so that my 800 some odd users won't have to re register there passwords? I would really love to avoid having 800 annoyed users retyping there passwords for accessing shares. I have them currently authenticating on Windows via an LDAP client (pGina). - aurf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- --- Collen Blijenberg - systeem/netwerk beheerder -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] exported LDAP DB file smbpasswd?
I would also like to add that since Samba and in effect Windows does not behave like Nix with regards to who you are and what you are trying to do, looks like I will have to integrate PDC functionality into my LDAP server :( Man, this easily quadruples my over all LDAP database, gross. But at least SSO will work. Am I on the right track? - aurf On May 25, 2012, at 9:44 AM, Gaiseric Vandal wrote: pbdedit will export the Windows password from the SambaNTPassword field (won't it?) My understanding was the pGina was using the unix password in the userPassword field?Or am I wrong? On 05/25/12 09:36, aurfalien wrote: Now thats brilliant, elegant and simple. Thanks Collen, looking forward to trying it. - aurf On May 25, 2012, at 2:31 AM, Collen wrote: Hi, why not export with pdbedit and then import it again ?! no converting needed... (except for smb.conf that is.) cheers. On 25-5-2012 0:01, Gaiseric Vandal wrote: Just what is in the documentation on samba.org. Anything involving plain-text authentication seems to be discouraged. On 05/24/12 17:56, aurfalien wrote: On 05/24/12 16:25, aurfalien wrote: Hi all, I am using OpenLDAP and over have ~800 users in its DB. I would like to simply use Samba as a file server, no PDC. I have been able to export my LDAP DB to a file containing hashes of users passwords. Is there a way I can import this file to smbpasswd or other file that Samba understands so that my 800 some odd users won't have to re register there passwords? I would really love to avoid having 800 annoyed users retyping there passwords for accessing shares. I have them currently authenticating on Windows via an LDAP client (pGina). - aurf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- --- Collen Blijenberg - systeem/netwerk beheerder -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] exported LDAP DB file smbpasswd?
I understand what you are trying to accomplish. However I do not know which LDAP field is used for the pGina password- I believe it is userPassword but I am not sure. If seems to me you have three options 1. Crack the unix passwords so you can create matching windows passwords. 2. Configure Samba and your Windows clients to use plain text authentication so that your unix passwords can be used for authentication. 3. Prior to switching users to samba, have them create their samba passwords. Or you may have to set an initial password for each user. If I were to try to have users set their samba passwords, I would probably try to set up a web page that validates their login against the current non-samba password (Plaintext auth over SSL encryption ) , then passes the password and user name to a script to set their samba password. It would be simpler if the Windows machines were in a Samba domain - but that may be tricky to do. On 05/25/12 09:57, aurfalien wrote: I am using pGina for authing, correct. But when I map drive shares, I'll need some kind of authing mechanism. My desire was this; Since I already auth the user during there pGina login to Windows, I did not want to auth again for drive mapping to a Samba server. But... since this SSO doesn't carry through to Samba as the Samba file server does not know who this person is requesting a drive map, they will need to input credentials. What I would really LOVE is this; Since authing has already been taking care of during log in, to be able to map a drive as that user w/o needing the input a password. This way whatever they touch on the server will maintain there UID/GID or UGO rather. This in effect will make Samba act as NFS in a way with regards to security (who are you and what are you allowed to do). - aurf On May 25, 2012, at 9:44 AM, Gaiseric Vandal wrote: pbdedit will export the Windows password from the SambaNTPassword field (won't it?) My understanding was the pGina was using the unix password in the userPassword field?Or am I wrong? On 05/25/12 09:36, aurfalien wrote: Now thats brilliant, elegant and simple. Thanks Collen, looking forward to trying it. - aurf On May 25, 2012, at 2:31 AM, Collen wrote: Hi, why not export with pdbedit and then import it again ?! no converting needed... (except for smb.conf that is.) cheers. On 25-5-2012 0:01, Gaiseric Vandal wrote: Just what is in the documentation on samba.org. Anything involving plain-text authentication seems to be discouraged. On 05/24/12 17:56, aurfalien wrote: On 05/24/12 16:25, aurfalien wrote: Hi all, I am using OpenLDAP and over have ~800 users in its DB. I would like to simply use Samba as a file server, no PDC. I have been able to export my LDAP DB to a file containing hashes of users passwords. Is there a way I can import this file to smbpasswd or other file that Samba understands so that my 800 some odd users won't have to re register there passwords? I would really love to avoid having 800 annoyed users retyping there passwords for accessing shares. I have them currently authenticating on Windows via an LDAP client (pGina). - aurf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- --- Collen Blijenberg - systeem/netwerk beheerder -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Basic questions regarding Samba capabilities
Hi, thanks for your reply: On Mon, May 21, 2012 at 7:51 AM, Aaron E. ssures...@gmail.com wrote: First, I'm not sure if your speaking of samba4 or just upgrading your s3 domain structure .. my comments are based on samba4 hope it helps .. Actually I was thinking about using a stable version of Samba like 3.x. I know that Samba 4 is still being developed for many years. Do you really suggest me to use this alpha version of Samba4 for a critical environment like the one I described? It would be great to have an Open Source ADS implementation with Samba4 but for now I think I can just get as much as possible of features that Samba 3.x can offer me. Policies: -- Group policy works with S4.. So whatever group policies you can set in windows DC you can set on the S4 dcs.. What tool do you use for edit/create policies? I was reading a little about the native MS Windows 2000 tool for policy editing but if you suggest me to use Samba4 I believe you could recommend me to use the Windows 2003/2008 policy editor or something like that? Scalability -- 1PDC and several BDCs would be your answer. Essentially your going to create the same infrastructure as you would with the windows family of servers. unstead of multiple pdc's you'd use bdc's at in different vlans.. or RODC's but I am not sure where the RODC's are in terms of completeness. I'm sorry but I have never heard about RODCs before. Are they read only primary or backup domain controller? How do they work? Backend -- OPENLDAP isn't supported as a back-end.. I believe that your only option is to use the built-in samba4 back-end at this point.. Compatability -- there are no special steps in joining windows 7 or 2008 servers to the S4 domain.. There is an upgrade script that should pull your users and computers to the new domain, obviously this would require extensive testing in your environment. Thanks for all On 05/20/2012 11:32 AM, Jason Voorhees wrote: Hi people: I've been using Samba for a long time with some basic features like Samba working as a PDC, integrated with OpenLDAP, being a print server, among others, for a small number of almost controlled users (no more than 30 or 50 users). But now I'm interested to implement a Windows domain using Samba for a University with 6000-8000 users distributed through several VLANs, subnets, offices in a medium/big campus. I'd like to avoid using a propietary solution like Windows 2008 with ADS so I'd like to know some suggestions like these: Policies: === - How well can Samba manage policies for workstations? - Is it easy or safe to apply and/or remove policies from workstations? - What kind of things can I allow or deny from succeding in workstations using policies? For example: could I avoid users from changing the IP address of the workstation? Could I set a fixed wallpaper or internet explorer proxy settings to workstations? Scalability In a big scenario like the previous i mentioned: - How many BDCs would be needed? Is it enough to have 1 PDC and severals BDCs? - Is it possible to have multiple PDCs of the same domain each one being in a different VLAN? or, what's the right approach in terms of structure-architecture to implement PDCs and BDCs? Backend === Definitely I plan to use OpenLDAP as backend but, similar to the previous question about BDCs: how many Master/Slave OpenLDAP servers do you think it would be necessary? It could be 1 BDC+OpenLDAP (slave or master) for each office or VLAN? Compatibility: === - I know that are some procedures to join Windows 7 to Samba domain, I did this before successfully. Do you know -maybe- of another possible compatibility problem that you suggest I can be prepared for? - If after some time (weeks, months or years) I plan to replace this Samba based domain to Windows 2k ADS domain: is it possible to do this migration without problem? it isn't necessary to reinstall all the domain and rejoin all the workstation? Technically I can investigate how to implement each of these features (policies, BDCs, openldap, etc...) but before taking a decision like this i would like to have some suggestions of people that have done similar implementations before. This help it would be excellent for me, I hope some one can help. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Basic questions regarding Samba capabilities
Hi: On Mon, May 21, 2012 at 8:01 AM, Daniel Müller muel...@tropenklinik.de wrote: IN a such great environment like yours I would suggest having several PDCs in replication mode. Is this possible to implement with Samba 3.x? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Aaron E. Gesendet: Montag, 21. Mai 2012 14:51 An: samba@lists.samba.org Betreff: Re: [Samba] Basic questions regarding Samba capabilities First, I'm not sure if your speaking of samba4 or just upgrading your s3 domain structure .. my comments are based on samba4 hope it helps .. Policies: -- Group policy works with S4.. So whatever group policies you can set in windows DC you can set on the S4 dcs.. Scalability -- 1PDC and several BDCs would be your answer. Essentially your going to create the same infrastructure as you would with the windows family of servers. unstead of multiple pdc's you'd use bdc's at in different vlans.. or RODC's but I am not sure where the RODC's are in terms of completeness. Backend -- OPENLDAP isn't supported as a back-end.. I believe that your only option is to use the built-in samba4 back-end at this point.. Compatability -- there are no special steps in joining windows 7 or 2008 servers to the S4 domain.. There is an upgrade script that should pull your users and computers to the new domain, obviously this would require extensive testing in your environment. On 05/20/2012 11:32 AM, Jason Voorhees wrote: Hi people: I've been using Samba for a long time with some basic features like Samba working as a PDC, integrated with OpenLDAP, being a print server, among others, for a small number of almost controlled users (no more than 30 or 50 users). But now I'm interested to implement a Windows domain using Samba for a University with 6000-8000 users distributed through several VLANs, subnets, offices in a medium/big campus. I'd like to avoid using a propietary solution like Windows 2008 with ADS so I'd like to know some suggestions like these: Policies: === - How well can Samba manage policies for workstations? - Is it easy or safe to apply and/or remove policies from workstations? - What kind of things can I allow or deny from succeding in workstations using policies? For example: could I avoid users from changing the IP address of the workstation? Could I set a fixed wallpaper or internet explorer proxy settings to workstations? Scalability In a big scenario like the previous i mentioned: - How many BDCs would be needed? Is it enough to have 1 PDC and severals BDCs? - Is it possible to have multiple PDCs of the same domain each one being in a different VLAN? or, what's the right approach in terms of structure-architecture to implement PDCs and BDCs? Backend === Definitely I plan to use OpenLDAP as backend but, similar to the previous question about BDCs: how many Master/Slave OpenLDAP servers do you think it would be necessary? It could be 1 BDC+OpenLDAP (slave or master) for each office or VLAN? Compatibility: === - I know that are some procedures to join Windows 7 to Samba domain, I did this before successfully. Do you know -maybe- of another possible compatibility problem that you suggest I can be prepared for? - If after some time (weeks, months or years) I plan to replace this Samba based domain to Windows 2k ADS domain: is it possible to do this migration without problem? it isn't necessary to reinstall all the domain and rejoin all the workstation? Technically I can investigate how to implement each of these features (policies, BDCs, openldap, etc...) but before taking a decision like this i would like to have some suggestions of people that have done similar implementations before. This help it would be excellent for me, I hope some one can help. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Basic questions regarding Samba capabilities
On 5/25/2012 7:48 AM, Jason Voorhees wrote: Hi, thanks for your reply: On Mon, May 21, 2012 at 7:51 AM, Aaron E.ssures...@gmail.com wrote: First, I'm not sure if your speaking of samba4 or just upgrading your s3 domain structure .. my comments are based on samba4 hope it helps .. Actually I was thinking about using a stable version of Samba like 3.x. I know that Samba 4 is still being developed for many years. Do you really suggest me to use this alpha version of Samba4 for a critical environment like the one I described? It would be great to have an Open Source ADS implementation with Samba4 but for now I think I can just get as much as possible of features that Samba 3.x can offer me. From reading the mailing list, people using S4 for it's Active Directory have had great success, it's when they try to use the file server side of things is when they have problems. Also Samba 4 ADS is interchangeable with Windows Server ADS. Policies: -- Group policy works with S4.. So whatever group policies you can set in windows DC you can set on the S4 dcs.. What tool do you use for edit/create policies? I was reading a little about the native MS Windows 2000 tool for policy editing but if you suggest me to use Samba4 I believe you could recommend me to use the Windows 2003/2008 policy editor or something like that? To manage group policies you install Group Policy Management Console (gpmc.msi) on a windows workstation connected to the domain. Scalability -- 1PDC and several BDCs would be your answer. Essentially your going to create the same infrastructure as you would with the windows family of servers. unstead of multiple pdc's you'd use bdc's at in different vlans.. or RODC's but I am not sure where the RODC's are in terms of completeness. I'm sorry but I have never heard about RODCs before. Are they read only primary or backup domain controller? How do they work? Backend -- OPENLDAP isn't supported as a back-end.. I believe that your only option is to use the built-in samba4 back-end at this point.. Compatability -- there are no special steps in joining windows 7 or 2008 servers to the S4 domain.. There is an upgrade script that should pull your users and computers to the new domain, obviously this would require extensive testing in your environment. Thanks for all On 05/20/2012 11:32 AM, Jason Voorhees wrote: Hi people: I've been using Samba for a long time with some basic features like Samba working as a PDC, integrated with OpenLDAP, being a print server, among others, for a small number of almost controlled users (no more than 30 or 50 users). But now I'm interested to implement a Windows domain using Samba for a University with 6000-8000 users distributed through several VLANs, subnets, offices in a medium/big campus. I'd like to avoid using a propietary solution like Windows 2008 with ADS so I'd like to know some suggestions like these: Policies: === - How well can Samba manage policies for workstations? - Is it easy or safe to apply and/or remove policies from workstations? - What kind of things can I allow or deny from succeding in workstations using policies? For example: could I avoid users from changing the IP address of the workstation? Could I set a fixed wallpaper or internet explorer proxy settings to workstations? Scalability In a big scenario like the previous i mentioned: - How many BDCs would be needed? Is it enough to have 1 PDC and severals BDCs? - Is it possible to have multiple PDCs of the same domain each one being in a different VLAN? or, what's the right approach in terms of structure-architecture to implement PDCs and BDCs? Backend === Definitely I plan to use OpenLDAP as backend but, similar to the previous question about BDCs: how many Master/Slave OpenLDAP servers do you think it would be necessary? It could be 1 BDC+OpenLDAP (slave or master) for each office or VLAN? Compatibility: === - I know that are some procedures to join Windows 7 to Samba domain, I did this before successfully. Do you know -maybe- of another possible compatibility problem that you suggest I can be prepared for? - If after some time (weeks, months or years) I plan to replace this Samba based domain to Windows 2k ADS domain: is it possible to do this migration without problem? it isn't necessary to reinstall all the domain and rejoin all the workstation? Technically I can investigate how to implement each of these features (policies, BDCs, openldap, etc...) but before taking a decision like this i would like to have some suggestions of people that have done similar implementations before. This help it would be excellent for me, I hope some one can help. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem joining to a Samba PDC (Probably caused by unix charset)
On Fri, May 25, 2012 at 12:56:50PM +0200, Ralf Aumueller wrote: Hello, trying to join a Windows 7 64-Bit PC to a Samba PDC (3.6.5) fails with message Domain not found or no connection possible. After some testing I found that the problem was caused by the Samba-parameter unix charset = ISO8859-1. When I start the nmbd with same config-file just without the unix charset the PC can join the domain (smbd runs with org. config-file. Samba runs on CentOS6 (en_US.UTF-8)). Is this the expected behavior? (At the moment I need ISO8859-1 because the files were saved with this charset). We think this is bug #8373 https://bugzilla.samba.org/show_bug.cgi?id=8373 for which we have a patch currently undergoing test. With more testing it'll be fixed in the next 3.6.x release. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Basic questions regarding Samba capabilities
Hi Jorell, On 25/05/12 16:57, Jorell wrote: On 5/25/2012 7:48 AM, Jason Voorhees wrote: Hi, thanks for your reply: On Mon, May 21, 2012 at 7:51 AM, Aaron E.ssures...@gmail.com wrote: First, I'm not sure if your speaking of samba4 or just upgrading your s3 domain structure .. my comments are based on samba4 hope it helps .. Actually I was thinking about using a stable version of Samba like 3.x. I know that Samba 4 is still being developed for many years. Do you really suggest me to use this alpha version of Samba4 for a critical environment like the one I described? It would be great to have an Open Source ADS implementation with Samba4 but for now I think I can just get as much as possible of features that Samba 3.x can offer me. From reading the mailing list, people using S4 for it's Active Directory have had great success, it's when they try to use the file server side of things is when they have problems. Also Samba 4 ADS is interchangeable with Windows Server ADS. We have been running samba4 in production environment for almost two years. Our setup is quite basic, single S4 DC, and s3 member servers for file serving and printing. We have ~300 pc's (almost all Windows 7) and ~2500 users But you probably will need more elaborate setup. Policies: -- Group policy works with S4.. So whatever group policies you can set in windows DC you can set on the S4 dcs.. What tool do you use for edit/create policies? I was reading a little about the native MS Windows 2000 tool for policy editing but if you suggest me to use Samba4 I believe you could recommend me to use the Windows 2003/2008 policy editor or something like that? To manage group policies you install Group Policy Management Console (gpmc.msi) on a windows workstation connected to the domain. Windows RAT will do the trick: http://wiki.samba.org/index.php/Samba4/HOWTO#Step_1:_Installing_Windows_Remote_Administration_Tools_onto_Windows Scalability -- 1PDC and several BDCs would be your answer. Essentially your going to create the same infrastructure as you would with the windows family of servers. unstead of multiple pdc's you'd use bdc's at in different vlans.. or RODC's but I am not sure where the RODC's are in terms of completeness. I'm sorry but I have never heard about RODCs before. Are they read only primary or backup domain controller? How do they work? Backend -- OPENLDAP isn't supported as a back-end.. I believe that your only option is to use the built-in samba4 back-end at this point.. Compatability -- there are no special steps in joining windows 7 or 2008 servers to the S4 domain.. There is an upgrade script that should pull your users and computers to the new domain, obviously this would require extensive testing in your environment. Thanks for all On 05/20/2012 11:32 AM, Jason Voorhees wrote: Hi people: I've been using Samba for a long time with some basic features like Samba working as a PDC, integrated with OpenLDAP, being a print server, among others, for a small number of almost controlled users (no more than 30 or 50 users). But now I'm interested to implement a Windows domain using Samba for a University with 6000-8000 users distributed through several VLANs, subnets, offices in a medium/big campus. I'd like to avoid using a propietary solution like Windows 2008 with ADS so I'd like to know some suggestions like these: Policies: === - How well can Samba manage policies for workstations? - Is it easy or safe to apply and/or remove policies from workstations? - What kind of things can I allow or deny from succeding in workstations using policies? For example: could I avoid users from changing the IP address of the workstation? Could I set a fixed wallpaper or internet explorer proxy settings to workstations? Scalability In a big scenario like the previous i mentioned: - How many BDCs would be needed? Is it enough to have 1 PDC and severals BDCs? - Is it possible to have multiple PDCs of the same domain each one being in a different VLAN? or, what's the right approach in terms of structure-architecture to implement PDCs and BDCs? Backend === Definitely I plan to use OpenLDAP as backend but, similar to the previous question about BDCs: how many Master/Slave OpenLDAP servers do you think it would be necessary? It could be 1 BDC+OpenLDAP (slave or master) for each office or VLAN? Compatibility: === - I know that are some procedures to join Windows 7 to Samba domain, I did this before successfully. Do you know -maybe- of another possible compatibility problem that you suggest I can be prepared for? - If after some time (weeks, months or years) I plan to replace this Samba based domain to Windows 2k ADS domain: is it possible to do this migration without problem? it isn't necessary to reinstall all the domain and rejoin all the workstation? Technically I can investigate how to implement each of these features (policies, BDCs, openldap, etc...) but before taking a
Re: [Samba] Basic questions regarding Samba capabilities
On Fri, May 25, 2012 at 09:49:12AM -0500, Jason Voorhees wrote: Hi: On Mon, May 21, 2012 at 8:01 AM, Daniel Müller muel...@tropenklinik.de wrote: IN a such great environment like yours I would suggest having several PDCs in replication mode. Is this possible to implement with Samba 3.x? Sure, use openldap as a backend and replicate. Been a while since I had anything to do with that but that's how it's traditionally been done. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Basic questions regarding Samba capabilities
On 05/25/2012 06:26 PM, Lukasz Zalewski wrote: Hi Jorell, On 25/05/12 16:57, Jorell wrote: On 5/25/2012 7:48 AM, Jason Voorhees wrote: To manage group policies you install Group Policy Management Console (gpmc.msi) on a windows workstation connected to the domain. Hi Is there Group Policy Management Console on a Linux DC? Without being an LDAP expert that is. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] errors during samba 3.6.5 compile
Hello, I am trying to compile Samba 3.6.5 from the official tarball, I am following the how-to from samba.org and run into several errors like the following example when I try to run configure from the source3 directory: configure: failed program was: | /* confdefs.h */ I am running Ubuntu 10.04 LTS server edition. I have compiled a previous version and ran into a similar problem, I suspect I am missing some libraries. Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] GPFS on Linux exported via Samba to Windows Clients, locking issue
I have a 3-node GPFS on Linux Cluster (3.4.0-12) with Samba 3.6.5 The problem is with file locking across the Cluster. Windows Client-1 maps the GPFS directory-1 from GPFS node-1 and initiates a Write of File-1 Windows Client-2 maps the GPFS directory-1 from GPFS node-2 and should only have READ access but not Modify/Delete/Rename access to File-1. However, Windows Client-2 is able to Modify, Delete and Rename File-1 instead of being prevented by the locks. If both Windows Clients (1 and 2) both map to GPFS node-1, the locking mechanism works as designed. Client-2 can Read but cannot Modify/Delete/Rename File-1. What are all the required parameters that should be specified in the smb.conf file to enable the locking to work across the GPFS Cluster when various Clients map to different nodes? I have defined and tested every smb locking parameter combination without any success. Leonard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Splitting up directories with Samba variables
In my smb.conf file, I currently I have a user share definition as: [userdir] path = /samba/%U writeable = yes The problem is, the user pool is in the tens of thousands, so it is not practical to have that many directories within /samba. I'd like to somehow dynamically configure the path with subdirectories, using the first, and second letter of the username as the first and second nested subdirectory. So the share path for username JOHN would point dynamically to /samba/J/O/JOHN. Does anyone know how to accomplish this using the user session variable %U? Is there any concept of using a sub-string for a Samba variable? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e17fa58 s3:smbd: move global smbd_msg_state to smbXsrv_connection via 167cccb s3:smbd: move global koplocks to smbd_server_connection via 3a66ee1 s3:smbd: pass smbd_server_connection to should_notify_deferred_opens() via 469a2c8 s3:smbd: move global oplocks vars to smbd_server_connection via 2f435bb s3:smbd: remove unused get_number_of_exclusive_open_oplocks() from eec4f80 move VERSION to alpha22 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e17fa58d6ee8bf190adba25462d9d97b26ca2c8f Author: Stefan Metzmacher me...@samba.org Date: Thu May 24 23:41:43 2012 +0200 s3:smbd: move global smbd_msg_state to smbXsrv_connection metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Fri May 25 11:01:27 CEST 2012 on sn-devel-104 commit 167cccbc1990dbfb2b47f6aeb1168673a8817bd8 Author: Stefan Metzmacher me...@samba.org Date: Thu May 24 23:33:32 2012 +0200 s3:smbd: move global koplocks to smbd_server_connection metze commit 3a66ee1ae583520a1dea50883038de3ec82169ba Author: Stefan Metzmacher me...@samba.org Date: Thu May 24 23:32:04 2012 +0200 s3:smbd: pass smbd_server_connection to should_notify_deferred_opens() metze commit 469a2c8e7cbcb0c9089f50b9323255840dc6ed04 Author: Stefan Metzmacher me...@samba.org Date: Thu May 24 23:15:08 2012 +0200 s3:smbd: move global oplocks vars to smbd_server_connection metze commit 2f435bb61aeaee142f8a826db6aed88d3dc3ab91 Author: Stefan Metzmacher me...@samba.org Date: Thu May 24 23:06:26 2012 +0200 s3:smbd: remove unused get_number_of_exclusive_open_oplocks() metze --- Summary of changes: source3/smbd/close.c |2 +- source3/smbd/globals.c |7 -- source3/smbd/globals.h | 15 +++- source3/smbd/message.c | 34 - source3/smbd/oplock.c | 55 ++- source3/smbd/proto.h |3 +- 6 files changed, 65 insertions(+), 51 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/close.c b/source3/smbd/close.c index ede7925..22d756c 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -173,7 +173,7 @@ static void notify_deferred_opens(struct smbd_server_connection *sconn, uint32_t i, num_deferred; struct share_mode_entry *deferred; - if (!should_notify_deferred_opens()) { + if (!should_notify_deferred_opens(sconn)) { return; } diff --git a/source3/smbd/globals.c b/source3/smbd/globals.c index 196b643..f107c0e 100644 --- a/source3/smbd/globals.c +++ b/source3/smbd/globals.c @@ -54,8 +54,6 @@ TDB_CONTEXT *tdb_mangled_cache = NULL; */ unsigned mangle_prefix = 0; -struct msg_state *smbd_msg_state = NULL; - bool logged_ioctl_message = false; time_t last_smb_conf_reload_time = 0; @@ -93,11 +91,6 @@ struct vfs_init_function_entry *backends = NULL; char *sparse_buf = NULL; char *LastDir = NULL; -/* Current number of oplocks we have outstanding. */ -int32_t exclusive_oplocks_open = 0; -int32_t level_II_oplocks_open = 0; -struct kernel_oplocks *koplocks = NULL; - struct smbd_parent_context *am_parent = NULL; struct memcache *smbd_memcache_ctx = NULL; bool exit_firsttime = true; diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 24c21ff..ccf79fe 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -58,7 +58,6 @@ extern struct tdb_context *tdb_mangled_cache; extern unsigned mangle_prefix; struct msg_state; -extern struct msg_state *smbd_msg_state; extern bool logged_ioctl_message; @@ -108,11 +107,6 @@ extern struct vfs_init_function_entry *backends; extern char *sparse_buf; extern char *LastDir; -/* Current number of oplocks we have outstanding. */ -extern int32_t exclusive_oplocks_open; -extern int32_t level_II_oplocks_open; -extern struct kernel_oplocks *koplocks; - struct smbd_parent_context; extern struct smbd_parent_context *am_parent; extern struct memcache *smbd_memcache_ctx; @@ -356,6 +350,8 @@ struct smbXsrv_connection { uint32_t max_write; } server; } smb2; + + struct msg_state *msg_state; }; NTSTATUS smbXsrv_connection_init_tables(struct smbXsrv_connection *conn, @@ -519,6 +515,13 @@ struct smbd_server_connection { uint64_t num_requests; + /* Current number of oplocks we have outstanding. */ + struct { + int32_t exclusive_open; + int32_t level_II_open; + struct kernel_oplocks *kernel_ops; + } oplocks; + struct { struct fd_event *fde; diff --git a/source3/smbd/message.c b/source3/smbd/message.c index 63b08e1..8ae588b 100644 ---
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-05-25-1950/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-05-25-1950/samba3.stderr http://git.samba.org/autobuild.flakey/2012-05-25-1950/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-05-25-1950/samba4.stderr http://git.samba.org/autobuild.flakey/2012-05-25-1950/samba4.stdout The top commit at the time of the failure was: commit e17fa58d6ee8bf190adba25462d9d97b26ca2c8f Author: Stefan Metzmacher me...@samba.org Date: Thu May 24 23:41:43 2012 +0200 s3:smbd: move global smbd_msg_state to smbXsrv_connection metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Fri May 25 11:01:27 CEST 2012 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0bf6ec8 s3:selftest: run smbtorture3 CLEANUP3 in the s3dc:local environment via 68d03f2 s3: Test whether get_share_mode_lock cleans up stale processes via 58dff07 s3: Do not check the PIDs is parse_share_modes via 50fdb32 Ensure we only return NT_STATUS_DELETE_PENDING if the share modes are valid. via 89cf7ea s3: Check for serverid_exists in close_directory via bdc4404 s3: Check for serverid_exists in close_remove_share_mode via bc3b7d7 s3: Be less picky on stale share mode entries via 1b15d8b s3: Check for serverid_exists in find_oplock_types via de1 s3: Check for serverid_exists in rename_share_filename via e2818d4 s3: Check for serverid_exists in smb_posix_unlink via fdcca54 s3: Check for serverid_exists in open_mode_check via 19b6671 s3: Check for serverid_exists in notify_deferred_opens via 65264326 Fix an invalid state only reachable on server crash/abort. via 5842d4e s3: Add share_mode_stale_pid via 035342c Fix bug #8373 - Can't join XP Pro workstations to 3.6.1 DC. from e17fa58 s3:smbd: move global smbd_msg_state to smbXsrv_connection http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0bf6ec88eddc8e3267deeaa8f48b79f76a184834 Author: Stefan Metzmacher me...@samba.org Date: Wed May 16 09:11:40 2012 +0200 s3:selftest: run smbtorture3 CLEANUP3 in the s3dc:local environment metze Signed-off-by: Jeremy Allison j...@samba.org Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Fri May 25 20:09:15 CEST 2012 on sn-devel-104 commit 68d03f2ef587d32e1c80e51716b032c8c307ad1e Author: Volker Lendecke v...@samba.org Date: Fri May 11 14:39:42 2012 +0200 s3: Test whether get_share_mode_lock cleans up stale processes Signed-off-by: Jeremy Allison j...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit 58dff077d994b66591f5c208112027959336b178 Author: Volker Lendecke v...@samba.org Date: Mon May 7 16:34:11 2012 +0200 s3: Do not check the PIDs is parse_share_modes We do that when conflicts arise Signed-off-by: Jeremy Allison j...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit 50fdb32a4d30128d3e23d98833b31b84fc3f8215 Author: Jeremy Allison j...@samba.org Date: Tue May 22 12:28:04 2012 -0700 Ensure we only return NT_STATUS_DELETE_PENDING if the share modes are valid. Ensure we only return *file_existed = true if there were valid share modes. Signed-off-by: Stefan Metzmacher me...@samba.org commit 89cf7ea944b8947d5b64b5e2819936ea8af1e661 Author: Volker Lendecke v...@samba.org Date: Mon May 7 15:23:29 2012 +0200 s3: Check for serverid_exists in close_directory Signed-off-by: Jeremy Allison j...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit bdc4404ef950e3cb4d026dd49a247b5ab8ecdbd4 Author: Volker Lendecke v...@samba.org Date: Mon May 7 15:23:29 2012 +0200 s3: Check for serverid_exists in close_remove_share_mode Signed-off-by: Jeremy Allison j...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit bc3b7d76a8ea1b96668163af9379ba4be3771466 Author: Volker Lendecke v...@samba.org Date: Mon May 14 14:57:34 2012 +0200 s3: Be less picky on stale share mode entries If a process died, the share mode entry might be bogus. Ignore those entries. Signed-off-by: Jeremy Allison j...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit 1b15d8b3da19c2f43f41632cd3e1fe20f5088bbb Author: Volker Lendecke v...@samba.org Date: Mon May 7 15:23:29 2012 +0200 s3: Check for serverid_exists in find_oplock_types Signed-off-by: Jeremy Allison j...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit de1975e596990cc7b031a89ce6793987 Author: Volker Lendecke v...@samba.org Date: Mon May 7 15:23:10 2012 +0200 s3: Check for serverid_exists in rename_share_filename Signed-off-by: Jeremy Allison j...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit e2818d4a0b87bf9ff8b2dc14698fa14c7e695c23 Author: Volker Lendecke v...@samba.org Date: Mon May 7 15:23:29 2012 +0200 s3: Check for serverid_exists in smb_posix_unlink Signed-off-by: Jeremy Allison j...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit fdcca54ca302e9b92bdf72823f6a7c9b63886728 Author: Volker Lendecke v...@samba.org Date: Mon May 7 15:23:10 2012 +0200 s3: Check for serverid_exists in open_mode_check Signed-off-by: Jeremy Allison j...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org commit 19b6671c07be2419398a07f202e22abefe562176 Author: Volker Lendecke v...@samba.org Date: Mon May 7 12:22:50 2012 +0200 s3: Check for
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 518484a dns_hosts_file: move to a separate subsystem via 337353b s3-configure.in: when ADS support is disabled, unset HAVE_GSSAPI from 0bf6ec8 s3:selftest: run smbtorture3 CLEANUP3 in the s3dc:local environment http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 518484af8d4960b483e40fbb244e284532efd267 Author: Alexander Bokovoy a...@samba.org Date: Fri May 25 18:45:17 2012 +0300 dns_hosts_file: move to a separate subsystem After discussion with Kai move dns_hosts_file to a separate subsystem and merge it into libaddns private library for s3/s4 client use. Also remove dependency in libcli/nbt, the code from libcli/dns subsystems is not used there at all. Autobuild-User: Alexander Bokovoy a...@samba.org Autobuild-Date: Fri May 25 22:22:44 CEST 2012 on sn-devel-104 commit 337353bd3c752a41b49381486b07fe91634e6c22 Author: Alexander Bokovoy a...@samba.org Date: Fri May 25 13:25:12 2012 +0300 s3-configure.in: when ADS support is disabled, unset HAVE_GSSAPI --- Summary of changes: lib/addns/wscript_build |2 +- libcli/dns/wscript_build | 12 +++- libcli/nbt/wscript_build |2 +- source3/configure.in |1 + 4 files changed, 10 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/addns/wscript_build b/lib/addns/wscript_build index 15fb620..513060d 100755 --- a/lib/addns/wscript_build +++ b/lib/addns/wscript_build @@ -2,6 +2,6 @@ bld.SAMBA_LIBRARY('addns', source='dnsquery.c dnsrecord.c dnsutils.c dnssock.c dnsgss.c dnsmarshall.c error.c', - public_deps='clidns samba-util gssapi uuid resolv', + public_deps='dnshostsfile samba-util gssapi uuid resolv', private_library=True, vars=locals()) diff --git a/libcli/dns/wscript_build b/libcli/dns/wscript_build index 03025ad..421dd6d 100755 --- a/libcli/dns/wscript_build +++ b/libcli/dns/wscript_build @@ -1,7 +1,9 @@ #!/usr/bin/env python -bld.SAMBA_LIBRARY('clidns', -source='dns.c dns_hosts_file.c', -public_deps='LIBTSOCKET tevent-util', -private_library=True, -vars=locals()) +bld.SAMBA_SUBSYSTEM('clidns', +source='dns.c', +public_deps='LIBTSOCKET tevent-util') + +bld.SAMBA_SUBSYSTEM('dnshostsfile', +source='dns_hosts_file.c', +public_deps='samba-util errors') diff --git a/libcli/nbt/wscript_build b/libcli/nbt/wscript_build index a8c239c..faf818e 100755 --- a/libcli/nbt/wscript_build +++ b/libcli/nbt/wscript_build @@ -8,7 +8,7 @@ bld.SAMBA_SUBSYSTEM('NDR_NBT_BUF', bld.SAMBA_SUBSYSTEM('lmhosts', source='lmhosts.c', -deps='clidns replace talloc' +deps='replace talloc' ) bld.SAMBA_LIBRARY('cli-nbt', diff --git a/source3/configure.in b/source3/configure.in index 3e35d8f..f0a76a1 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -4131,6 +4131,7 @@ if test x$with_ads_support != xno; then AC_REMOVE_DEFINE(HAVE_GSSAPI_H) AC_REMOVE_DEFINE(HAVE_GSSAPI_GSSAPI_GENERIC_H) AC_REMOVE_DEFINE(HAVE_GSSAPI_GSSAPI_H) +AC_REMOVE_DEFINE(HAVE_GSSAPI) KRB5_LIBS= with_ads_support=no fi -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e7e6276 s3-utils: Use ads_do_search_retry in net ads search via 0da10c8 s3-libads: Use a reducing page size to try and cope with a slow LDAP server via b9217a8 s3-winbindd: Always map the LDAP error code to an NTSTATUS via 63fb1d3 s3-libads: Map LDAP_TIMELIMIT_EXCEEDED as NT_STATUS_IO_TIMEOUT from 518484a dns_hosts_file: move to a separate subsystem http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e7e62760923af071e7ca215a67f1b297f21da589 Author: Andrew Bartlett abart...@samba.org Date: Fri May 18 22:02:57 2012 +1000 s3-utils: Use ads_do_search_retry in net ads search This makes it possible to search against a slow server, as will fallback from 1000 to (eventually) 125 users at a time. Andrew Bartlett Signed-off-by: Jeremy Allison j...@samba.org Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Sat May 26 03:53:34 CEST 2012 on sn-devel-104 commit 0da10c842e06e98cf94482b654b87ff5991344ae Author: Andrew Bartlett abart...@samba.org Date: Fri May 18 22:01:14 2012 +1000 s3-libads: Use a reducing page size to try and cope with a slow LDAP server If we cannot get 1000 users downloaded in 15seconds, try with 500, 250 and then 125 users at a time. Andrew Bartlett Signed-off-by: Jeremy Allison j...@samba.org commit b9217a8c0032c10b898a4f1ca0ed8d38f39c39a1 Author: Andrew Bartlett abart...@samba.org Date: Fri May 18 17:40:59 2012 +1000 s3-winbindd: Always map the LDAP error code to an NTSTATUS We do this so that we catch LDAP_TIMELIMIT_EXCEEDED as NT_STATUS_IO_TIMEOUT, which has special handling in winbindd_cache.c Andrew Bartlett Signed-off-by: Jeremy Allison j...@samba.org commit 63fb1d396b771211208b653d7725bca73e8df955 Author: Andrew Bartlett abart...@samba.org Date: Fri May 18 17:38:48 2012 +1000 s3-libads: Map LDAP_TIMELIMIT_EXCEEDED as NT_STATUS_IO_TIMEOUT This allows Samba to then handle this error in the same way it would for RPC connections Andrew Bartlett Signed-off-by: Jeremy Allison j...@samba.org --- Summary of changes: source3/include/ads.h |1 + source3/libads/ads_status.c |3 +++ source3/libads/ads_struct.c |4 source3/libads/ldap.c |4 ++-- source3/libads/ldap_utils.c |7 +++ source3/utils/net_ads.c |2 +- source3/winbindd/winbindd_ads.c | 24 7 files changed, 38 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/ads.h b/source3/include/ads.h index bbe8671..3d5fc3a 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -61,6 +61,7 @@ typedef struct ads_struct { time_t current_time; char *schema_path; char *config_path; + int ldap_page_size; } config; /* info about the current LDAP connection */ diff --git a/source3/libads/ads_status.c b/source3/libads/ads_status.c index fc489a9..7465531 100644 --- a/source3/libads/ads_status.c +++ b/source3/libads/ads_status.c @@ -82,6 +82,9 @@ NTSTATUS ads_ntstatus(ADS_STATUS status) if (status.err.rc == LDAP_SUCCESS) { return NT_STATUS_OK; } + if (status.err.rc == LDAP_TIMELIMIT_EXCEEDED) { + return NT_STATUS_IO_TIMEOUT; + } return NT_STATUS_LDAP(status.err.rc); #endif #ifdef HAVE_KRB5 diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index e6220fd..285057b 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -156,6 +156,10 @@ ADS_STRUCT *ads_init(const char *realm, ads-auth.flags = wrap_flags; + /* Start with a page size of 1000 when the connection is new, +* we will drop it by half we get a timeout. */ + ads-config.ldap_page_size = 1000; + return ads; } diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index f3987c9..5c77df1 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -954,11 +954,11 @@ static ADS_STATUS ads_do_paged_search_args(ADS_STRUCT *ads, cookie_be = ber_alloc_t(LBER_USE_DER); if (*cookie) { - ber_printf(cookie_be, {iO}, (ber_int_t) 1000, *cookie); + ber_printf(cookie_be, {iO}, (ber_int_t) ads-config.ldap_page_size, *cookie); ber_bvfree(*cookie); /* don't need it from last time */ *cookie = NULL; } else { - ber_printf(cookie_be, {io}, (ber_int_t) 1000, , 0); + ber_printf(cookie_be, {io}, (ber_int_t) ads-config.ldap_page_size, , 0); }