Re: [Samba] permission problems (ACL)
Hello, thanks for your reply! Good to know that it's a OS problem and not a samba problem. I finnally know what to look for. And I'm using Windows 7. Regards. 2012/6/28 Miguel Medalha miguelmeda...@sapo.pt Nothing is wrong. This is the default behavior of Windows itself. When you move a file, it keeps its permissions, as it should. When you copy a file, it acquires the permissions of the destination folder. With Windows 7 there has been some modification to this default behavior. Please consult the Microsoft technical pages about this. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba with Active directory integration problem
Hi, I have followed the all the steps given, in https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto. to integrate the samba with active directory. I have the following configuration file, [global] workgroup = ASSURANCE security = ads realm = ASSURANCE.LOCAL encrypt passwords = yes winbind separator = + idmap backend = lwopen idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes template homedir = /dev/null template shell = /bin/true [adshare] path = /home/velusamy/Pictures/ writable = yes valid users = ASSURANCE+velu browseable = yes Now, executed the smb-clinet. smbclient //192.168.5.136/adshare -U velu It asked password, given, it connected to the share. But, I was unable to access the share form different machine which is connected in the same network. It said the following error. smbclient //192.168.5.136/adshare -U velu Enter velu's password: session setup failed: NT_STATUS_LOGON_FAILURE Kindly anyone please help me out form this problem.. I could not solve this issue for las two days. Please help me out. Thanks, Velusamy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3.6.6: cluster support not available: support for SCHEDULE_FOR_DELETION control missing
Quoting David Touzeau (da...@touzeau.eu): Dear, i cannot compile the latest build with cluster support: I have tried the debian repository Any reason for not using the Debian packages? If you're using Debian stable (squeeze), we have backports of packages that are in Debian testing. As of now, they're still 3.6.5 as we first need the 3.6.6 packages to enter Debian testing before we can backport them. It's however only a matter of days : the 3.6.6 packages should enter testing as of July 8th and I'll upload backported packages immediately to backports.debian.org. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 DC replication
To your login.bat or login cmd add: netsh interface ipv4 add dns local Your-Lan-Connection static your.new.dns.server 255.255.255.0 This should do the job. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Matthieu Patou Gesendet: Sonntag, 1. Juli 2012 05:56 An: samba@lists.samba.org Betreff: Re: [Samba] Samba4 DC replication On 06/26/2012 12:56 AM, steve wrote: Hi We have just added a second DC to our existing domain. Replication is working fine. We have setup the second DC with bind DLZ and that too is working fine (except that the DNS partition is not replicated). So, we now have two DC's and so also two DNS servers. Question, Do I now have to go to every client and add the new IP for the new DNS? That's an administration question not an Samba one. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba share access problems
Hello, I have Samba 3.6.6 compiled and running under Ubuntu 10.04 server, I upgraded from 3.5.x and used the same share and configuration file. I have access problems from my Windows machines network path not found that I am trying to diagnose via smbclient from the server console: with smbclient... When I run, smblcient -L wen-chang\user1,. For any of my users, I see the error message Error returning browse list: NT STATUS OK. The shares are browseable=yes, so I think this is a permissions problem or an issue with the way I created my Samba users. Suggestions on additional tests to locate the problem? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] DMZ Kerberos authentication, is Samba needed or helpful?
On Sat, 2012-06-30 at 13:14 -0400, Nico Kadel-Garcia wrote: I'm dealing with an environment with AD servers in a normal working environment, all working and happy. I'm using bare Kerberos authentication for my Linux hosts to authenticate local accounts against the AD server, all well and good, I've not needed to integrate LDAP support and don't want to. But there are DMZ VLAN's with hosts exposed directly to the Internet. I'd like to allow those hosts similar authentication, and do *NOT* want to slap an AD server into the DMZ, for more security reasons than I can count. What I'd love to do is to set up either a Samba server, slaved to the master AD servers, to handle authentication and *not* allow propagating any changes to AD servers, basically a pure slave server. This way, I can do it on a far more secure Linux system than most AD servers could ever hope to be and protect it from the DMZ hosts or accidental external exposure. Or, if I can do it, just set up a pure Kerberos slave. Again, I can secure that a lot more than I can hope to secure an AD server. And I'd love to have that *only* handle authentication, not allow password changing or queries against the Kerberos. Will I need or benefit from Samba for this? Or has someone here done the simple Kerberos slave setup and can point me to some notes? [ In case it's not clear, I wrote some of the early Samba ports to SunOS, so I know the basic capabilities and architecture. ] Samba 4.0 as an AD RODC would seem to fit the bill here. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 v. Samba: why is default network profile in 'NETLOGON/Default User.v2' not used?
On Friday, 29.06.2012 at 17:33 +0200, Harry Jede wrote: According to KB-973289 http://support.microsoft.com/kb/973289 the owner should be everyone. Everyone has SID S-1-1-0 http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q243330 . Do you have a usermapping for everyone? (Thanks for your reply, Harry) We don't, actually: I read those instructions and, since our NETLOGON share is not generally writeable and our Samba isn't configured to use ACLs, those permissions wouldn't apply when following the recipe as described in the link above. Nowhere I've read suggests that the ownership setting is *critical*: our NETLOGON share presents as read-only guest, in effect. Do you think the ownership is critical and that Windows is rejecting the use of 'Default User.v2' simply because it can't ascertain that it's EVERYONE-owned, despite the fact that it could read it if it tried?! (I admit I side-stepped this part of the process and hoped it wouldn't matter, since reconfiguring Samba to allow this type of change would be potentially disruptive!) Thanks, Dave. -- Dave Ewart da...@ceu.ox.ac.uk Computing Manager, Cancer Epidemiology Unit University of Oxford / Cancer Research UK N 51.7516, W 1.2152 signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 Smart card logon
Hello list, I have installed and configured a domain with Samba version 4.0.0beta2-GIT-7e80b89 on a CentOS 6.2 I can successfully join a Windows PC in the domain (both Windows XP and Windows 7 tested) Now, I am trying to move a step forward and I would like to configure Samba to accept Windows smart card logon This is a requirement for a project I am involved to I have already installed the required client on Windows and I have a smart card for testing I have already installed EJBCA as my CA on CentOS 6.2 On Samba wiki the how to in http://wiki.samba.org/index.php/Samba4/Smart_Card_Login is not ready, so if anyone can help I will appreciate it According to the headers in the how to, I have to configure Heimdal to accept PKINIT I found a guide on http://www.h5l.org/manual/HEAD/info/heimdal/Setting-up-PK_002dINIT.html I've also found a guide on http://k5wiki.kerberos.org/wiki/Pkinit_configuration for MIT Kerberos which has some more info on the certificates I have created the Kerberos certificate according to what I have understood from the guides but I don't know how to test if the certificate is correct So, my first question is how to test if the Kerberos certificate is correct? Second question is when I create a client certificate (I think I understood from the guides how to create) how I will test it? Will a kinit command like kinit -C FILE:$HOME/clientcert.crt example-user@EXAMPLE-DOMAIN be enough to test the client certificate? And a final question (for now) is if there is any kind of documentation related to Configure Samba4 to know about the certificate and where I can find it? Kind Regards, Charalampos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] A device attached to the system is not functioning
Dear all, I was looking a lot around of Internet, but still did not find some solution for my problem. I have SAMBA and domain with ldap, everything have been fine until today. Like usually I did create new user in domain and tried to get into my domain on Windows 7 and Windows XP machines. Then I have got this error: A device attached to the system is not functioning I checked SAMBA logs and found this: == /var/log/samba/xp-8a995003b537.log == [2012/07/02 17:38:28.626582, 1] rpc_server/srv_pipe_hnd.c:1602(serverinfo_to_SamInfo_base) _netr_LogonSamLogon: user MYDOMAINE.COM\alex has user sid S-1-5-21-2139989288-483860436-2398042574-3228 but group sid S-1-5-21-3745118107-2241246581-749181168-513-513. The conflicting domain portions are not supported for NETLOGON calls I guess it's happens because some problems with SID. I did check SID for user alex: # pdbedit -L -v alex User SID: S-1-5-21-2139989288-483860436-2398042574-3228 Primary Group SID:S-1-5-21-3745118107-2241246581-*749181168-513*-513 Domain:MYDOMAIN.COM Also I did check SID for my domain: # net getlocalsid MYDOMAIN .COM SID for domain MYDOMAIN .COM is: S-1-5-21-3745118107-2241246581-* 749181168-513* So could you please to help to solve this issue? Thanks. -- *בברכה, * *אלכס ברבר* *+9 72 54 285 952 3 * *www.linuxspace.org* http://www.linuxspace.org *--* *Best regards.* *Alex Berber* *+9 72 54 285 952 3* *www.linuxspace.org* http://www.linuxspace.org/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] A device attached to the system is not functioning
On Mon, Jul 2, 2012 at 10:49 AM, Alan Holt berber...@gmail.com wrote: Dear all, I was looking a lot around of Internet, but still did not find some solution for my problem. I have SAMBA and domain with ldap, everything have been fine until today. Like usually I did create new user in domain and tried to get into my domain on Windows 7 and Windows XP machines. Then I have got this error: A device attached to the system is not functioning I checked SAMBA logs and found this: == /var/log/samba/xp-8a995003b537.log == [2012/07/02 17:38:28.626582, 1] rpc_server/srv_pipe_hnd.c:1602(serverinfo_to_SamInfo_base) _netr_LogonSamLogon: user MYDOMAINE.COM\alex has user sid S-1-5-21-2139989288-483860436-2398042574-3228 but group sid S-1-5-21-3745118107-2241246581-749181168-513-513. The conflicting domain portions are not supported for NETLOGON calls I guess it's happens because some problems with SID. I did check SID for user alex: # pdbedit -L -v alex User SID: S-1-5-21-2139989288-483860436-2398042574-3228 Primary Group SID:S-1-5-21-3745118107-2241246581-*749181168-513*-513 Domain:MYDOMAIN.COM Also I did check SID for my domain: # net getlocalsid MYDOMAIN .COM SID for domain MYDOMAIN .COM is: S-1-5-21-3745118107-2241246581-* 749181168-513* So could you please to help to solve this issue? Thanks. I do not believe windows likes samba3 / windows nt domains having a . in the domain name John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] A device attached to the system is not functioning
What does it mean? This is name of my domain: # vi /etc/smbldap-tools/smbldap.conf suffix=dc=mydomaine,dc=com On Mon, Jul 2, 2012 at 5:51 PM, John Drescher dresche...@gmail.com wrote: On Mon, Jul 2, 2012 at 10:49 AM, Alan Holt berber...@gmail.com wrote: Dear all, I was looking a lot around of Internet, but still did not find some solution for my problem. I have SAMBA and domain with ldap, everything have been fine until today. Like usually I did create new user in domain and tried to get into my domain on Windows 7 and Windows XP machines. Then I have got this error: A device attached to the system is not functioning I checked SAMBA logs and found this: == /var/log/samba/xp-8a995003b537.log == [2012/07/02 17:38:28.626582, 1] rpc_server/srv_pipe_hnd.c:1602(serverinfo_to_SamInfo_base) _netr_LogonSamLogon: user MYDOMAINE.COM\alex has user sid S-1-5-21-2139989288-483860436-2398042574-3228 but group sid S-1-5-21-3745118107-2241246581-749181168-513-513. The conflicting domain portions are not supported for NETLOGON calls I guess it's happens because some problems with SID. I did check SID for user alex: # pdbedit -L -v alex User SID: S-1-5-21-2139989288-483860436-2398042574-3228 Primary Group SID:S-1-5-21-3745118107-2241246581-*749181168-513*-513 Domain:MYDOMAIN.COM Also I did check SID for my domain: # net getlocalsid MYDOMAIN .COM SID for domain MYDOMAIN .COM is: S-1-5-21-3745118107-2241246581-* 749181168-513* So could you please to help to solve this issue? Thanks. I do not believe windows likes samba3 / windows nt domains having a . in the domain name John -- *בברכה, * *אלכס ברבר* *+9 72 54 285 952 3 * *www.linuxspace.org* http://www.linuxspace.org *--* *Best regards.* *Alex Berber* *+9 72 54 285 952 3* *www.linuxspace.org* http://www.linuxspace.org/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] A device attached to the system is not functioning
On Mon, Jul 2, 2012 at 11:01 AM, Alan Holt berber...@gmail.com wrote: What does it mean? This is name of my domain: # vi /etc/smbldap-tools/smbldap.conf suffix=dc=mydomaine,dc=com I am talking about the workgroup setting in smb.conf This should not contain a . John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] A device attached to the system is not functioning
Not this is problem right now. Something wrong with SID ... but what.. please any suggestions .. Also for users that already were created I see in logs this error: _netr_LogonSamLogon: user MYDOMAINE.COM\elad has user sid S-1-5-21-2139989288-483860436-2398042574-3070 but group sid S-1-5-21-3745118107-2241246581-749181168-513-513. *The conflicting domain portions are not supported for NETLOGON calls* And also I can get into samba with new user alex: # smbclient -L localhost -U alex Enter zvika's password: Domain=[MYDOMAINE.COM] OS=[Unix] Server=[Samba 3.5.11-79.fc14] On Mon, Jul 2, 2012 at 6:06 PM, John Drescher dresche...@gmail.com wrote: On Mon, Jul 2, 2012 at 11:01 AM, Alan Holt berber...@gmail.com wrote: What does it mean? This is name of my domain: # vi /etc/smbldap-tools/smbldap.conf suffix=dc=mydomaine,dc=com I am talking about the workgroup setting in smb.conf This should not contain a . John -- *בברכה, * *אלכס ברבר* *+9 72 54 285 952 3 * *www.linuxspace.org* http://www.linuxspace.org *--* *Best regards.* *Alex Berber* *+9 72 54 285 952 3* *www.linuxspace.org* http://www.linuxspace.org/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] A device attached to the system is not functioning
Also, this is SID of groups in domain: # net groupmap list Domain Admins (S-1-5-21-2139989288-483860436-2398042574-512) - Domain Admins Domain Users (S-1-5-21-2139989288-483860436-2398042574-513) - Domain Users Domain Guests (S-1-5-21-2139989288-483860436-2398042574-514) - Domain Guests Domain Computers (S-1-5-21-2139989288-483860436-2398042574-515) - Domain Computers Administrators (S-1-5-32-544) - Administrators and this is SID of my user: # pdbedit -Lv alexander User SID: S-1-5-21-2139989288-483860436-2398042574-3186 Primary Group SID:S-1-5-21-3745118107-2241246581-749181168-513-513 They are completely different -- *בברכה, * *אלכס ברבר* *+9 72 54 285 952 3 * *www.linuxspace.org* http://www.linuxspace.org *--* *Best regards.* *Alex Berber* *+9 72 54 285 952 3* *www.linuxspace.org* http://www.linuxspace.org/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] smb.conf for around 2500 users
Samba4 with Linux and Windows clients wanting to get the same home folder data. Hi A college has students arranged with Linux home directories according to which year they belong to and which class within that year, a or b or whatever, they belong to e.g.: /home2/students/year7/year7a/student1 /home2/students/year7/year7a/student2 ... ... /home2/students/year13/year13a/student2500 To get at the same data on windows, I was thinking of a share for each of the classes e.g. [year7a] path = /home2/students/year7/year7a read only = No browsable = No ... ... [year13a] path = /home2/students/year13/year13a read only = No browsable = No and mapping a drive letter to the share e.g. map Z: to \\server\year7a\%USERNAME% That would make lots of shares but would make it readable to non admins. Is there a limit on the number of shares per installation? Any other ideas of how to go about it? e.g. I thought about OU's but we do not want to administer from Windows. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb.conf for around 2500 users
On Mon, 2012-07-02 at 17:39 +0200, steve wrote: Samba4 with Linux and Windows clients wanting to get the same home folder data. Hi A college has students arranged with Linux home directories according to which year they belong to and which class within that year, a or b or whatever, they belong to e.g.: /home2/students/year7/year7a/student1 /home2/students/year7/year7a/student2 ... ... /home2/students/year13/year13a/student2500 To get at the same data on windows, I was thinking of a share for each of the classes e.g. [year7a] path = /home2/students/year7/year7a read only = No browsable = No ... ... [year13a] path = /home2/students/year13/year13a read only = No browsable = No and mapping a drive letter to the share e.g. map Z: to \\server\year7a\%USERNAME% Deal with it through your NSS mechanism so that the file server knows for \\server\%USERNAME% where the users home directory is actually located and then you can just use the special [homes] share. I do this with winbind and the unixHomeDirectory attribute in AD. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb.conf for around 2500 users
On 02/07/12 17:49, Jonathan Buzzard wrote: On Mon, 2012-07-02 at 17:39 +0200, steve wrote: Samba4 with Linux and Windows clients wanting to get the same home folder data. Hi A college has students arranged with Linux home directories according to which year they belong to and which class within that year, a or b or whatever, they belong to e.g.: /home2/students/year7/year7a/student1 /home2/students/year7/year7a/student2 ... ... /home2/students/year13/year13a/student2500 To get at the same data on windows, I was thinking of a share for each of the classes e.g. [year7a] path = /home2/students/year7/year7a read only = No browsable = No ... ... [year13a] path = /home2/students/year13/year13a read only = No browsable = No and mapping a drive letter to the share e.g. map Z: to \\server\year7a\%USERNAME% Deal with it through your NSS mechanism so that the file server knows for \\server\%USERNAME% where the users home directory is actually located and then you can just use the special [homes] share. I do this with winbind and the unixHomeDirectory attribute in AD. JAB. Hi Jonathan Thanks for the quick response. I think I must be missing something here because as far as I can see, winbindd puts all users into the directory specified in template homedir. [homes] then picks out the user from there. At the moment we are using nss-pam-ldapd to grab the unixHomeDirectory from AD. How do I get winbindd or nss to map unixHomeDirectory to something I can then map to a windows drive letter? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] A device attached to the system is not functioning
On 02/07/12 16:15, Alan Holt wrote: Also, this is SID of groups in domain: # net groupmap list Domain Admins (S-1-5-21-2139989288-483860436-2398042574-512) - Domain Admins Domain Users (S-1-5-21-2139989288-483860436-2398042574-513) - Domain Users Domain Guests (S-1-5-21-2139989288-483860436-2398042574-514) - Domain Guests Domain Computers (S-1-5-21-2139989288-483860436-2398042574-515) - Domain Computers Administrators (S-1-5-32-544) - Administrators and this is SID of my user: # pdbedit -Lv alexander User SID: S-1-5-21-2139989288-483860436-2398042574-3186 Primary Group SID:S-1-5-21-3745118107-2241246581-749181168-513-513 They are completely different Hi Alan, I do not know how you came about this setup, but from a quick glance the sid defined in alexander's Primary Group SID is incorrect: Domain Users' sid is defined by SID: S-1-5-21domain-513 (from http://support.microsoft.com/kb/243330) So it seems to me that: 1) you have additional -513 appended at the end 2) Your domain portion of the sid for Primary Group SID is different to the one used in the User SID and to the ones listed by net groupmap admins So shouldn't alexander's Primary Group SID be S-1-5-21-2139989288-483860436-2398042574-513? HTH L -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb.conf for around 2500 users
On 02/07/12 17:20, steve wrote: On 02/07/12 17:49, Jonathan Buzzard wrote: On Mon, 2012-07-02 at 17:39 +0200, steve wrote: Samba4 with Linux and Windows clients wanting to get the same home folder data. Hi A college has students arranged with Linux home directories according to which year they belong to and which class within that year, a or b or whatever, they belong to e.g.: /home2/students/year7/year7a/student1 /home2/students/year7/year7a/student2 ... ... /home2/students/year13/year13a/student2500 To get at the same data on windows, I was thinking of a share for each of the classes e.g. [year7a] path = /home2/students/year7/year7a read only = No browsable = No ... ... [year13a] path = /home2/students/year13/year13a read only = No browsable = No and mapping a drive letter to the share e.g. map Z: to \\server\year7a\%USERNAME% Deal with it through your NSS mechanism so that the file server knows for \\server\%USERNAME% where the users home directory is actually located and then you can just use the special [homes] share. I do this with winbind and the unixHomeDirectory attribute in AD. JAB. Hi Jonathan Thanks for the quick response. I think I must be missing something here because as far as I can see, winbindd puts all users into the directory specified in template homedir. [homes] then picks out the user from there. At the moment we are using nss-pam-ldapd to grab the unixHomeDirectory from AD. How do I get winbindd or nss to map unixHomeDirectory to something I can then map to a windows drive letter? Cheers, Steve Hi Steve, Have you considered using autofs to do all of the mapping work for you, so that you have only one /homes/ (or whatever else you want to call it) to worry about? L -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb.conf for around 2500 users
On 07/02/2012 08:39 AM, steve wrote: Samba4 with Linux and Windows clients wanting to get the same home folder data. Hi A college has students arranged with Linux home directories according to which year they belong to and which class within that year, a or b or whatever, they belong to e.g.: /home2/students/year7/year7a/student1 /home2/students/year7/year7a/student2 ... ... /home2/students/year13/year13a/student2500 To get at the same data on windows, I was thinking of a share for each of the classes e.g. [year7a] path = /home2/students/year7/year7a read only = No browsable = No ... ... [year13a] path = /home2/students/year13/year13a read only = No browsable = No and mapping a drive letter to the share e.g. map Z: to \\server\year7a\%USERNAME% That would make lots of shares but would make it readable to non admins. Is there a limit on the number of shares per installation? Any other ideas of how to go about it? e.g. I thought about OU's but we do not want to administer from Windows. Did you thought about making a new directory ie. /home2/students/data with a link to each real user and then sharing data like that [data] path = /home2/students/data read only = No browsable = No And then use ADUC or ldbedit to specify the connect to attribute and set it to \\servername\data\%username% This fields accept a couple of placeholder I let you discover the others (search engines are your friend). Matthieu. Cheers, Steve -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb.conf for around 2500 users
On 02/07/12 21:17, Matthieu Patou wrote: On 07/02/2012 08:39 AM, steve wrote: Samba4 with Linux and Windows clients wanting to get the same home folder data. Hi A college has students arranged with Linux home directories according to which year they belong to and which class within that year, a or b or whatever, they belong to e.g.: /home2/students/year7/year7a/student1 /home2/students/year7/year7a/student2 ... ... /home2/students/year13/year13a/student2500 To get at the same data on windows, I was thinking of a share for each of the classes e.g. [year7a] path = /home2/students/year7/year7a read only = No browsable = No ... ... [year13a] path = /home2/students/year13/year13a read only = No browsable = No and mapping a drive letter to the share e.g. map Z: to \\server\year7a\%USERNAME% That would make lots of shares but would make it readable to non admins. Is there a limit on the number of shares per installation? Any other ideas of how to go about it? e.g. I thought about OU's but we do not want to administer from Windows. Did you thought about making a new directory ie. /home2/students/data with a link to each real user and then sharing data like that [data] path = /home2/students/data read only = No browsable = No And then use ADUC or ldbedit to specify the connect to attribute and set it to \\servername\data\%username% Hi Matthieu, That looks promising. Will cifs symlink, or are we still at ext4 level here? Are you saying that a real student e.g. /home2/students/year7/year7a/steve has a symlink in /home2/students/data ?? Would that be e.g. for student steve: ln -s /home2/students/year7/year7a/steve /home2/students/data/steve (or is the link the other way around?) All students then have a link in /home2/students/data/name irrespective of which class they are in. For all students, I then map, e.g. Z: to \\servername\data\%USERNAME% Am I close? Cheers and thanks for your patience. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb.conf for around 2500 users
On 02/07/12 18:50, Lukasz Zalewski wrote: On 02/07/12 17:20, steve wrote: On 02/07/12 17:49, Jonathan Buzzard wrote: On Mon, 2012-07-02 at 17:39 +0200, steve wrote: Hi Steve, Have you considered using autofs to do all of the mapping work for you, so that you have only one /homes/ (or whatever else you want to call it) to worry about? L Hi Lukasz Yes, that's exactly what we are doing at the moment. Our Linux clients get their home directory automounted via nfs. It works fine. What I want is for that same home directory to be mapped to a windows drive letter. My method of having one share per class works, but would create over 30 shares. I'm not sure that having this many shares is advisable. I can find few examples of smb.conf's with more than but a handful of shares. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb.conf for around 2500 users
On Mon, 2 Jul 2012, steve wrote: What I want is for that same home directory to be mapped to a windows drive letter. My method of having one share per class works, but would create over 30 shares. I'm not sure that having this many shares is advisable. I can find few examples of smb.conf's with more than but a handful of shares. I have over 1000 shares - it works fine. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb.conf for around 2500 users
On 02/07/2012 21:20, steve wrote: On 02/07/12 18:50, Lukasz Zalewski wrote: On 02/07/12 17:20, steve wrote: On 02/07/12 17:49, Jonathan Buzzard wrote: On Mon, 2012-07-02 at 17:39 +0200, steve wrote: Hi Steve, Have you considered using autofs to do all of the mapping work for you, so that you have only one /homes/ (or whatever else you want to call it) to worry about? L Hi Lukasz Yes, that's exactly what we are doing at the moment. Our Linux clients get their home directory automounted via nfs. It works fine. What I want is for that same home directory to be mapped to a windows drive letter. My method of having one share per class works, but would create over 30 shares. I'm not sure that having this many shares is advisable. I can find few examples of smb.conf's with more than but a handful of shares. Cheers, Steve Hi Steve, Maybe I have misunderstood what you are trying to do but if you already have automounter doing the right thing - maybe for the sake of argument mapping /home2/students/year7/year7a/student1 /home2/students/year7/year7a/student2 ... ... /home2/students/year13/year13a/student2500 to /homes/student1 /homes/student2 ... ... /homes/student250 then you need only [homes] share in the smb.conf, and then (similarly to Matthieu's suggestion) provide \\servername\%username% for homeDirectory attribute (and profilePath if you want roaming profiles)? HTH L -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb.conf for around 2500 users
From: steve st...@steve-ss.com To: samba@lists.samba.org Sent: Monday, July 02, 2012 4:09 PM Subject: Re: [Samba] smb.conf for around 2500 users On 02/07/12 21:17, Matthieu Patou wrote: On 07/02/2012 08:39 AM, steve wrote: Samba4 with Linux and Windows clients wanting to get the same home folder data. Hi A college has students arranged with Linux home directories according to which year they belong to and which class within that year, a or b or whatever, they belong to e.g.: /home2/students/year7/year7a/student1 /home2/students/year7/year7a/student2 ... ... /home2/students/year13/year13a/student2500 To get at the same data on windows, I was thinking of a share for each of the classes e.g. [year7a] path = /home2/students/year7/year7a read only = No browsable = No ... ... [year13a] path = /home2/students/year13/year13a read only = No browsable = No and mapping a drive letter to the share e.g. map Z: to \\server\year7a\%USERNAME% That would make lots of shares but would make it readable to non admins. Is there a limit on the number of shares per installation? Any other ideas of how to go about it? e.g. I thought about OU's but we do not want to administer from Windows. Did you thought about making a new directory ie. /home2/students/data with a link to each real user and then sharing data like that [data] path = /home2/students/data read only = No browsable = No And then use ADUC or ldbedit to specify the connect to attribute and set it to \\servername\data\%username% Hi Matthieu, That looks promising. Will cifs symlink, or are we still at ext4 level here? Are you saying that a real student e.g. /home2/students/year7/year7a/steve has a symlink in /home2/students/data ?? Would that be e.g. for student steve: ln -s /home2/students/year7/year7a/steve /home2/students/data/steve (or is the link the other way around?) All students then have a link in /home2/students/data/name irrespective of which class they are in. For all students, I then map, e.g. Z: to \\servername\data\%USERNAME% Am I close? Well, that would probably work but we have a similar problem and took a different approach. We configure a net share through a logon script for our users. In our smb.conf, we configure samba to call a perl script called sambalogon like this: root preexec = /usr/local/sbin/sambalogin %U %m %M %G %L root postexec = rm -f /var/lib/samba/netlogon/%U.bat The preexec script generates a Windows batch script that maps the user's home to their X: drive. The postexec command deletes the Windows batch file. In the perl script, we do an ldap query to get the user's home and then put a net use command into the batch script that maps their home to their X: drive. #!/usr/bin/perl open LOGON, /var/lib/samba/netlogon/$user.bat; print LOGON \@ECHO OFF\r\n; my $home = gethome ($user, $group); if ($home) { print LOGON NET USE X: $home\\homes\r\n; } The exact contents of the gethome function is left as an excersize for the reader. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Smart card logon
On Mon, 2012-07-02 at 17:24 +0300, Charalampos Anargyrou wrote: Hello list, I have installed and configured a domain with Samba version 4.0.0beta2-GIT-7e80b89 on a CentOS 6.2 I can successfully join a Windows PC in the domain (both Windows XP and Windows 7 tested) Now, I am trying to move a step forward and I would like to configure Samba to accept Windows smart card logon This is a requirement for a project I am involved to I have already installed the required client on Windows and I have a smart card for testing I have already installed EJBCA as my CA on CentOS 6.2 On Samba wiki the how to in http://wiki.samba.org/index.php/Samba4/Smart_Card_Login is not ready, so if anyone can help I will appreciate it According to the headers in the how to, I have to configure Heimdal to accept PKINIT I found a guide on http://www.h5l.org/manual/HEAD/info/heimdal/Setting-up-PK_002dINIT.html I've also found a guide on http://k5wiki.kerberos.org/wiki/Pkinit_configuration for MIT Kerberos which has some more info on the certificates I have created the Kerberos certificate according to what I have understood from the guides but I don't know how to test if the certificate is correct So, my first question is how to test if the Kerberos certificate is correct? Second question is when I create a client certificate (I think I understood from the guides how to create) how I will test it? Will a kinit command like kinit -C FILE:$HOME/clientcert.crt example-user@EXAMPLE-DOMAIN be enough to test the client certificate? I think so, see testprogs/blackbox/test_pkinit.sh for our tests of this functionality. And a final question (for now) is if there is any kind of documentation related to Configure Samba4 to know about the certificate and where I can find it? Sorry, while some have had success with this, we didn't end up getting it documented. If you could fill in the wiki with your experiences, that would be most valuable to others! Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error building samba-4.0.0beta2 on Solaris 10 update 9
On Tue, 2012-06-26 at 12:05 +0100, Tom Crummey wrote: Hello, When attempting to build samba-4.0.0beta2 on Solaris 10 update 9, the following error is produced: [ 530/3371] Compiling lib/tdb/test/external-agent.c ../lib/tdb/test/external-agent.c:7:17: error: err.h: No such file or directory Waf: Leaving directory `/usr/local/src/samba-4.0.0beta2/bin' Build failed: - task failed (err #1): {task: cc external-agent.c - external-agent_17.o} *** Error code 1 make: Fatal error: Command failed for target `all' I've seen some postings regarding something similar on samba-technical, but they seemed to imply the issue had been fixed. What have I missed? ./configure --prefix=/opt/samba We think this is all fixed in Samba 4.0 beta3, which I just released. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Share - MS Excel when saving “can't access the file, there are several possible reasons”
Hello all samba fans.., Long live open source :) Thanks for the @adminbot for approving me to joining this milis. Please allow me to ask the question, I have a weird problem in my samba share. I have one share definition for 3 client (A,B,C) This share contain some excel file which having a lot of formula and linked each other. Client A access the file with libre office (ubuntu), client B access with WinXP MS Office 2003, The write and read process working successfuly on Both of them. The problem occur when client C accessing the same file with MS Excel 2003 (windows xp). This messagebox appear when he saving the file : Microsoft office excel cannot access the \\192.168.1.23\myshare\ There are several possible reasons: - The File ort path does not exist The file is being used by another program. - The workbook you are trying to save has the same name as a - Currently open workbooks. I was trying http://support.microsoft.com/kb/291204 but it didnt work. Below is my share definition : [brainshare] comment = brainshare path = /opt/brainshare/ valid users = @brainshare force group = brainshare read only = No create mask = 0775 veto files = /*.scr/*.eml/thumbs.com/ Help me please... Thanks in advance ! Server: Ubuntu 10.10, Samba version 3.5.4 -- Thinking out of the box -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Share - MS Excel when saving “can't access the file, there are several possible reasons”
Am Dienstag, 3. Juli 2012, 06:16:45 schrieb Gibransyah Fakhri: Hello all samba fans.., Long live open source :) Thanks for the @adminbot for approving me to joining this milis. Please allow me to ask the question, I have a weird problem in my samba share. I have one share definition for 3 client (A,B,C) This share contain some excel file which having a lot of formula and linked each other. Client A access the file with libre office (ubuntu), client B access with WinXP MS Office 2003, The write and read process working successfuly on Both of them. The problem occur when client C accessing the same file with MS Excel 2003 (windows xp). This messagebox appear when he saving the file : Microsoft office excel cannot access the \\192.168.1.23\myshare\ There are several possible reasons: - The File ort path does not exist The file is being used by another program. - The workbook you are trying to save has the same name as a - Currently open workbooks. I was trying http://support.microsoft.com/kb/291204 but it didnt work. Below is my share definition : [brainshare] comment = brainshare path = /opt/brainshare/ valid users = @brainshare force group = brainshare read only = No create mask = 0775 veto files = /*.scr/*.eml/thumbs.com/ Help me please... Thanks in advance ! Server: Ubuntu 10.10, Samba version 3.5.4 -- Thinking out of the box what does smbstatus (run as root) on the samba server show when all 3 clients have the same file open? Does this only happen when _all_ 3 clients access that file at the same time? So, does it work when only B and C (windows xp) clients access that file? Cheers, Günter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[ANNOUNCE] Samba 4.0 beta3
We are proud to a announce another beta release of Samba 4.0, beta3 What's new in Samba 4.0 beta3 = Samba 4.0 will be the next version of the Samba suite and incorporates all the technology found in both the Samba4 alpha series and the stable 3.x series. The primary additional features over Samba 3.6 are support for the Active Directory logon protocols used by Windows 2000 and above. WARNINGS Samba4 beta3 is not a final Samba release, however we are now making good progress towards a Samba 4.0 release, of which this is a preview. Be aware the this release contains the best of all of Samba's technology parts, both a file server (that you can reasonably expect to upgrade existing Samba 3.x releases to) and the AD domain controller work previously known as 'samba4'. Samba4 is subjected to an awesome battery of tests on an automated basis, we have found Samba 4.0 to be very stable in it's behavior. However, we still recommend against upgrading production servers from Samba 3.x release to Samba 4.0 beta at this stage. In particular note that the new default configuration 's3fs' may have different stability characteristics compared with our previous default file server. We are making this release so that we can find and fix any of these issues that arise in the real world. New AD DC installations can provision or join with --use-ntvfs to obtain the previous default file server. See below how to continue using ntvfs in an existing installation. If you are upgrading, or looking to develop, test or deploy Samba 4.0 beta releases, you should backup all configuration and data. UPGRADING = Users upgrading from Samba 3.x domain controllers and wanting to use Samba 4.0 as an AD DC should use the 'samba-tool domain classicupgrade' command. See the wiki for more details: https://wiki.samba.org/index.php/Samba4/samba3upgrade/HOWTO Users upgrading from Samba 4.0 alpha and beta releases since alpha15 should run 'samba-tool dbcheck --cross-ncs --fix'. Users upgrading from earlier alpha releases should contact the team for advice. NEW FEATURES Samba 4.0 beta supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients. Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue. Samba 4.0 beta ships with two distinct file servers. We now use the file server from the Samba 3.x series 'smbd' for all file serving by default. For pure file server work, the binaries users would expect from that series (nmbd, winbindd, smbpasswd) continue to be available. Samba 4.0 also ships with the 'NTVFS' file server. This file server is what was used in all previous alpha releases of Samba 4.0, and is tuned to match the requirements of an AD domain controller. We continue to support this, not only to provide continuity to installations that have deployed it as part of an AD DC, but also as a running example of the NT-FSA architecture we expect to move smbd to in the longer term. As mentioned above, this change to the default file server may cause instability, as we learn about the real-world interactions between these two key components. As DNS is an integral part of Active Directory, we also provide a DNS solution, using the BIND DLZ mechanism in versions 9.8 and 9.9. During the provision, a configuration file will be generated for bind to make it use this plugin. We also have a project to provide a minimal internal DNS server from within the Samba process, for easier 'out of the box' configuration. Note however that this is not yet complete (pending addition of secure DNS update support). To provide accurate timestamps to Windows clients, we integrate with the NTP project to provide secured NTP replies. Finally, a new scripting interface has been added to Samba 4, allowing Python programs to interface to Samba's internals, and many tools and internal workings of the DC code is now implemented in python. CHANGES SINCE beta2 = For a list of changes since beta2, please see the git log. $ git clone git://git.samba.org/samba.git $ cd samba.git $ git log samba-4.0.0beta2..samba-4.0.0beta3 Some major user-visible changes include: The failure to start up due to a blocking smbd-fileserver.conf.pid has been resolved. Samba now includes support for version 2.1 of the SMB protocol, the SMB2 version of Windows 7 and 2008R2, including dynamic reauthentication and support for multi-credit (large MTU). Consequently, Samba negotiates SMB 2.1 by default: The value SMB2 for the configuration parameter max protocol has been changed to be an alias for SMB 2.1. Previously, the default SMB2 version of Samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0ff2fc3 WHATSNEW: mention initial support for SMB3 via 8d80875 WHATSNEW: Mention SMB 2.1 support (reauthentication/mulit-credit) and config default via 86336de WHATSNEW: prepare for 4.0 beta3 from 3f30b02 Disable selections of USE_LINUX_THREAD_CREDENTIALS until we have specific 32-bit and 64-bit versions. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0ff2fc372ad0190d7a74d961d7e303b11352253f Author: Michael Adam ob...@samba.org Date: Mon Jul 2 12:49:30 2012 +0200 WHATSNEW: mention initial support for SMB3 Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Mon Jul 2 15:15:53 CEST 2012 on sn-devel-104 commit 8d80875c4b596d9de39b92470c7fa79d500e28b7 Author: Michael Adam ob...@samba.org Date: Mon Jul 2 12:14:46 2012 +0200 WHATSNEW: Mention SMB 2.1 support (reauthentication/mulit-credit) and config default commit 86336dec7f8f7a0e9d418f39a6790c37a59b15c6 Author: Michael Adam ob...@samba.org Date: Mon Jul 2 12:12:22 2012 +0200 WHATSNEW: prepare for 4.0 beta3 --- Summary of changes: WHATSNEW.txt | 48 ++-- 1 files changed, 18 insertions(+), 30 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index c4ba7f3..e1405cc 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,4 @@ -What's new in Samba 4 beta2 +What's new in Samba 4 beta3 = Samba 4.0 will be the next version of the Samba suite and incorporates @@ -11,7 +11,7 @@ and above. WARNINGS -Samba4 beta2 is not a final Samba release, however we are now making +Samba4 beta3 is not a final Samba release, however we are now making good progress towards a Samba 4.0 release, of which this is a preview. Be aware the this release contains the best of all of Samba's technology parts, both a file server (that you can reasonably expect @@ -94,42 +94,30 @@ Python programs to interface to Samba's internals, and many tools and internal workings of the DC code is now implemented in python. -CHANGES SINCE beta1 +CHANGES SINCE beta2 = -For a list of changes since beta1, please see the git log. +For a list of changes since beta2, please see the git log. $ git clone git://git.samba.org/samba.git $ cd samba.git -$ git log samba-4.0.0beta1..samba-4.0.0beta2 +$ git log samba-4.0.0beta2..samba-4.0.0beta3 Some major user-visible changes include: -The default file server for EXISTING USERS has changed to s3fs. To -continue to use ntvfs, you must set in your smb.conf: - -server services = +smb -s3fs -dcerpc endpoint servers = +winreg +srvsvc - -samba-tool dbcheck will now upgrade older databases that are missing -GUIDs in the schema partition. - -The 'samba-tool domain samba3upgrade' command is now called -'samba-tool domain classicupgrade' and now creates users and groups -with the posixAccount objectClass and uidNumber and gidNumber values. - -The new 'idmap_ldb:use rfc2307' parameter allows these values to be -used instead of the idmap.ldb, where found in the directory. - -Work has continued to make Samba more portable to a wide variety of -Unix-like systems, and to support --without-ad-dc on systems lacking a -modern MIT krb5. - -Less visible, but very importantly, the work has continued in restructuring -the smbd file server to implement SMB3. - -The TDB2 database library has been changed to ntdb, but will not be -the default db layer for the 4.0 release. We will continue to use tdb1. +Samba now includes support for version 2.1 of the SMB protocol, +the SMB2 version of Windows 7 and 2008R2, including dynamic +reauthentication and support for multi-credit (large MTU). +Consequently, Samba negotiates SMB 2.1 by default: The value SMB2 +for the configuration parameter max protocol has been changed to +be an alias for SMB 2.1. Previously, the default SMB2 version of +Samba was the original version 2.0 of SMB that was shipped with +Windows Vista and 2008. + +Samba now offers basic experimental support for SMB3, the next version +of the SMB protocol (formerly known as SMB 2.2) that will be available +with Windows 8 and Windows Server 2012. Negotiation of SMB3 can be +activated by setting max protocol to SMB3 in smb.conf. KNOWN ISSUES -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2105400 s4-torture: more printf removal from samlogon torture test. from 0ff2fc3 WHATSNEW: mention initial support for SMB3 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 21054000287a9ba0201f2dcba2c1c225eb6893c8 Author: Günther Deschner g...@samba.org Date: Mon Jul 2 15:29:06 2012 +0200 s4-torture: more printf removal from samlogon torture test. Guenther Autobuild-User(master): Günther Deschner g...@samba.org Autobuild-Date(master): Mon Jul 2 17:19:55 CEST 2012 on sn-devel-104 --- Summary of changes: source4/torture/rpc/samlogon.c | 54 ++- 1 files changed, 25 insertions(+), 29 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c index b67c832..e4d0784 100644 --- a/source4/torture/rpc/samlogon.c +++ b/source4/torture/rpc/samlogon.c @@ -165,7 +165,7 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, } if (!r-out.return_authenticator || !netlogon_creds_client_check(samlogon_state-creds, r-out.return_authenticator-cred)) { - d_printf(Credential chaining failed\n); + torture_comment(samlogon_state-tctx, Credential chaining failed\n); } if (!NT_STATUS_IS_OK(r-out.result)) { if (error_string) { @@ -237,7 +237,7 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, } if (!r_flags-out.return_authenticator || !netlogon_creds_client_check(samlogon_state-creds, r_flags-out.return_authenticator-cred)) { - d_printf(Credential chaining failed\n); + torture_comment(samlogon_state-tctx, Credential chaining failed\n); } if (!NT_STATUS_IS_OK(r_flags-out.result)) { if (error_string) { @@ -268,7 +268,7 @@ static NTSTATUS check_samlogon(struct samlogon_state *samlogon_state, } if (!base) { - d_printf(No user info returned from 'successful' SamLogon*() call!\n); + torture_comment(samlogon_state-tctx, No user info returned from 'successful' SamLogon*() call!\n); return NT_STATUS_INVALID_PARAMETER; } @@ -1458,6 +1458,7 @@ bool test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { NTSTATUS status; TALLOC_CTX *fn_ctx = talloc_named(mem_ctx, 0, test_InteractiveLogon function-level context); + bool ret = true; struct netr_LogonSamLogonWithFlags r; struct netr_Authenticator a, ra; struct netr_PasswordInfo pinfo; @@ -1513,24 +1514,31 @@ bool test_InteractiveLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, torture_comment(tctx, Testing netr_LogonSamLogonWithFlags '%s' (Interactive Logon)\n, comment); - torture_assert_ntstatus_ok(tctx, + torture_assert_ntstatus_ok_goto(tctx, dcerpc_netr_LogonSamLogonWithFlags_r(b, fn_ctx, r), + ret, failed, talloc_asprintf(tctx, %s: netr_LogonSamLogonWithFlags - %s\n, __location__, nt_errstr(status))); - if (!r.out.return_authenticator - || !netlogon_creds_client_check(creds, r.out.return_authenticator-cred)) { + if (!r.out.return_authenticator) { talloc_free(fn_ctx); - torture_fail(tctx, Credential chaining failed\n); + torture_fail(tctx, no authenticator returned); } - talloc_free(fn_ctx); + torture_assert_goto(tctx, + netlogon_creds_client_check(creds, r.out.return_authenticator-cred), + ret, failed, + Credential chaining failed\n); torture_assert_ntstatus_equal(tctx, r.out.result, expected_error, talloc_asprintf(tctx, [%s]\\[%s] netr_LogonSamLogonWithFlags - expected %s got %s\n, account_domain, account_name, nt_errstr(expected_error), nt_errstr(r.out.result))); - return true; + ret = true; + failed: + talloc_free(fn_ctx); + + return ret; } /* This sets and resets the minPwdAge (in order to allow immediate user @@ -1701,16 +1709,10 @@ bool torture_rpc_samlogon(struct torture_context *torture) tmp_p = torture_join_samr_pipe(user_ctx_wrong_wks); status = dcerpc_samr_SetUserInfo_r(tmp_p-binding_handle, mem_ctx, s); - if (!NT_STATUS_IS_OK(status)) { - printf(SetUserInfo (list of workstations) failed - %s\n, nt_errstr(status)); - ret = false; - goto failed; - } - if
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-07-02-1741/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-07-02-1741/samba3.stderr http://git.samba.org/autobuild.flakey/2012-07-02-1741/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-07-02-1741/samba.stderr http://git.samba.org/autobuild.flakey/2012-07-02-1741/samba.stdout The top commit at the time of the failure was: commit 0ff2fc372ad0190d7a74d961d7e303b11352253f Author: Michael Adam ob...@samba.org Date: Mon Jul 2 12:49:30 2012 +0200 WHATSNEW: mention initial support for SMB3 Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Mon Jul 2 15:15:53 CEST 2012 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 993e809 s3-libpidfile: fix check for running process. via a440df9 s3-libpidfile: some more debug output from 2105400 s4-torture: more printf removal from samlogon torture test. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 993e809b5afde135edb191e964edf83e578e6827 Author: Björn Baumbach b...@sernet.de Date: Mon Jul 2 15:43:49 2012 +0200 s3-libpidfile: fix check for running process. Call pidfile_pid() with process name instead of pid file name. pidfile_pid does create the pid file name by itself. Signed-off-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Mon Jul 2 19:19:21 CEST 2012 on sn-devel-104 commit a440df93a647d396ea19d64cba1bb5b0dee42cd0 Author: Björn Baumbach b...@sernet.de Date: Mon Jul 2 15:30:49 2012 +0200 s3-libpidfile: some more debug output Signed-off-by: Michael Adam ob...@samba.org --- Summary of changes: source3/lib/pidfile.c |8 +++- 1 files changed, 7 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/pidfile.c b/source3/lib/pidfile.c index ec2044f..f0c075c 100644 --- a/source3/lib/pidfile.c +++ b/source3/lib/pidfile.c @@ -89,20 +89,26 @@ pid_t pidfile_pid(const char *program_name) pid = (pid_t)ret; if (!process_exists_by_pid(pid)) { + DEBUG(10, (Process with PID=%d does not exist.\n, (int)pid)); goto noproc; } if (fcntl_lock(fd,F_SETLK,0,1,F_RDLCK)) { /* we could get the lock - it can't be a Samba process */ + DEBUG(10, (Process with PID=%d is no Samba process.\n, + (int)pid)); goto noproc; } + DEBUG(10, (Process with PID=%d is running.\n, (int)pid)); SAFE_FREE(pidFile); close(fd); return (pid_t)ret; noproc: close(fd); + DEBUG(10, (Deleting %s, since %d is no Samba process.\n, pidFile, + (int)pid)); unlink(pidFile); SAFE_FREE(pidFile); return 0; @@ -140,7 +146,7 @@ void pidfile_create(const char *program_name) smb_panic(asprintf failed); } - pid = pidfile_pid(name); + pid = pidfile_pid(program_name); if (pid != 0) { DEBUG(0,(ERROR: %s is already running. File %s exists and process id %d is running.\n, name, pidFile_name, (int)pid)); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4b47e1b VERSION: Move on to beta4! via a656789 VERSION: Mark as the beta3 release via d4bc370 WHATSNEW: Mention Exchange 2010 support via d6bba7b WHATSNEW: Update with fix for smbd-fileserver.conf.pid startup failures via d31f55b s4-dns: Remove refernece to BIND 9.7 supporting GSS-TSIG via d0460d9 s4-bind: Remove patches now incorporated into bind9 via 5de841f s4-dns: Remove dynamic DNS instructions for bind 9.7 via eba8799 auth: Remove .get_challenge (only used for security=server) via ab80b99 auth/gensec: Remove unused gensec_security parameter via 3c57fce selftest: Give Samba4 processes a little longer to clean up via 603a9bc file_server: add [globals] to generated smb.conf from 993e809 s3-libpidfile: fix check for running process. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4b47e1b30d8a6676f807cd1198f3b4e949b313ba Author: Andrew Bartlett abart...@samba.org Date: Tue Jul 3 08:22:51 2012 +1000 VERSION: Move on to beta4! Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Jul 3 02:44:15 CEST 2012 on sn-devel-104 commit a6567893059dea9361b3b787fab13438536b8438 Author: Andrew Bartlett abart...@samba.org Date: Tue Jul 3 08:22:12 2012 +1000 VERSION: Mark as the beta3 release commit d4bc3708d48e24db97e56337963b0ffa11639a41 Author: Andrew Bartlett abart...@samba.org Date: Tue Jul 3 08:54:57 2012 +1000 WHATSNEW: Mention Exchange 2010 support commit d6bba7bf1a77244bc47eaeef67bb9680175ec0bc Author: Andrew Bartlett abart...@samba.org Date: Tue Jul 3 08:21:23 2012 +1000 WHATSNEW: Update with fix for smbd-fileserver.conf.pid startup failures commit d31f55b2974da99970de1c0d5df66d1007f97593 Author: Andrew Bartlett abart...@samba.org Date: Mon Jul 2 08:06:53 2012 +1000 s4-dns: Remove refernece to BIND 9.7 supporting GSS-TSIG This support is too painful to use. Andrew Bartlett commit d0460d96d62d879545818c7f0966b1026b27a007 Author: Andrew Bartlett abart...@samba.org Date: Mon Jul 2 07:24:21 2012 +1000 s4-bind: Remove patches now incorporated into bind9 These patches are in bind9 now, and we do not recomment using them any more as the improved version in bind 9.8 is much less prone to failure. Andrew Bartlett commit 5de841f6f249ea742a8ed0ef5a795f77a364cc35 Author: Andrew Bartlett abart...@samba.org Date: Mon Jul 2 07:21:54 2012 +1000 s4-dns: Remove dynamic DNS instructions for bind 9.7 This version of BIND only ever caused pain when trying to do dynamic DNS. If users are using this version, simply treat it as a static server. Andrew Bartlett commit eba87995145b0e14672c1f6993f7aa3422d62541 Author: Andrew Bartlett abart...@samba.org Date: Sat Jun 30 18:30:57 2012 +1000 auth: Remove .get_challenge (only used for security=server) With NTLMSSP, for NTLM2 we need to be able to set the effective challenge, so if we ever did use a module that needed this functionlity, we would downgrade to just NTLM. Now that security=server has been removed, we have no such module. This will make it easier to make the auth subsystem async, as we will not need to consider making .get_challenge async. Andrew Bartlett commit ab80b99815a51b07e9e89b423e847824ec71bd3c Author: Andrew Bartlett abart...@samba.org Date: Sat Jun 30 17:32:50 2012 +1000 auth/gensec: Remove unused gensec_security parameter commit 3c57fcea959fcd94e2a62a362c6ed2e71ee96658 Author: Andrew Bartlett abart...@samba.org Date: Fri Jun 29 13:38:11 2012 +1000 selftest: Give Samba4 processes a little longer to clean up This may help write out gcov data correctly. Andrew Bartlett commit 603a9bcd2ec3e471db3fb500cdf4ca365add896b Author: Andrew Bartlett abart...@samba.org Date: Tue Apr 17 12:56:21 2012 +1000 file_server: add [globals] to generated smb.conf --- Summary of changes: VERSION|2 +- WHATSNEW.txt |8 ++ auth/common_auth.h |4 - auth/gensec/spnego.c |9 +-- auth/ntlmssp/ntlmssp_server.c |7 -- ...-the-question-section-in-update-responses.patch | 29 -- ...t-a-valgrind-uninitialised-memory-warning.patch | 34 --- .../0003-don-t-compress-TSIG-names.patch | 58 ...api-initialisation-fails-then-heck-for-th.patch | 94 ...sn-t-return-valid-GSSAPI-sequence-numbers.patch | 30 -- examples/bind9-patches/README | 11 --- file_server/file_server.c
[SCM] Samba Shared Repository - annotated tag samba-4.0.0beta3 created
The annotated tag, samba-4.0.0beta3 has been created at 88c4169ebb80ba50fb512945b5bd0e3772d441c7 (tag) tagging a6567893059dea9361b3b787fab13438536b8438 (commit) replaces samba-4.0.0beta2 tagged by Andrew Bartlett on Tue Jul 3 11:41:13 2012 +1000 - Log - samba4: tag release samba-4.0.0beta3 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQBP8k25z4A8Wyi0NrsRAvCjAJ9SSepYZpjASp6G9t6lcCaQMK+B+QCfWoZq 8uSMGdp2iGBZwjfLWEQyOQY= =u+7E -END PGP SIGNATURE- Alexander Bokovoy (1): s3-rpcclient: support all known netr_LogonControl2 variants properly Amitay Isaacs (2): s4-pysmb: Parse security info as an unsigned integer samba-tool: gpo: Fix creation of filesystem ACL from directory ACL Andrew Bartlett (40): VERSION: Move on to beta3! s4-torture: Change the unix.whoami test to use torture_assert() s4-torture: Expand whoami test to confirm the user token. s4-provision: Give better clues on what Samba needs for s3fs ACL support s4-drepl: Ensure that the op-source does not get deallocated too early s4-classicupgrade: Allow DNS backend to be specified selftest: Test unix.whoami with kerberos on plugin_s4_dc s4-join: Import DNS zones in AD DC join s4-samba_upgradedns: Do not set DNS account for internal server s4-join: Setup correct DNS configuration s3-pdb_samba4: Allocate and free a talloc_stackframe() in pdb_samba4_replace_by_sam() s3-pdbtest: Report and handle errors in pdb-getsampwnam() s4-samldb: do not talloc_steal() the elements of the original request s3-pdbtest: Fix pdbtest to compare the same fields s3-pdbtest: show mis-matching times selftest: Add extra users to nss_wrapper selftest: allow NSS_WRAPPER_* vars to be exported to the environment s4-dsdb: Remove hooks for non-directory password handling s4-dsdb when setting DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID make it non-critical s4-selftest: Test login with a password expired user lib/ldb: Print trace messages for modify correctly s3-pdb_samba4: Fix time handling, use nt_time_to_unix() s3-pdb_samba4: Add support for lastLogon and lastLogoff s3-pdbtest: Initialise more elements for testing s4-selftest: expand passdb testing s3-pdb_samba4: Remove dupliate profilePath handling s3-param: Rename loadparm_s3_context - loadparm_s3_helpers librpc/ndr: Initilaise the remainder of struct dom_sid after a pull selftest: use a loop rather than declare tests for both dc and s3dc selftest: run pdbtest against s3dc as well file_server: add [globals] to generated smb.conf selftest: Give Samba4 processes a little longer to clean up auth/gensec: Remove unused gensec_security parameter auth: Remove .get_challenge (only used for security=server) s4-dns: Remove dynamic DNS instructions for bind 9.7 s4-bind: Remove patches now incorporated into bind9 s4-dns: Remove refernece to BIND 9.7 supporting GSS-TSIG WHATSNEW: Update with fix for smbd-fileserver.conf.pid startup failures WHATSNEW: Mention Exchange 2010 support VERSION: Mark as the beta3 release Björn Baumbach (13): wintest: add working bbaumbach.conf file for use with VirtualBox wintest: add option to use ntvfs instead of s3fs wintest: set nameserver on a more general place wintest: add option to select the dns backend wintest: set recursive queries for internal dns wintest: check netcats exitstatus instead of output wintest: extend get_is_dc function with additional expectations wintest: get original nameserver for forwarding on a more general place wintest: enable dns forwarding for internal dns packaging(RHEL-CTDB): fix build dependencies docs-xml: fix typos and format in smb.conf server max protocol man s3-libpidfile: some more debug output s3-libpidfile: fix check for running process. Björn Jacke (15): s3:test: make shell code more porable by elimnating local keyword s3:Makefile: use our $MAKE instead of make in our own Makefile s3:test_net_registry_check: eliminate local keyword in shell s3:test_registry_upgrade: make more portable and eliminate local keyword Merge suggested fix from bug 7511 and enhance it tests: make test_ldb portable, eliminate local keyword s3:test_net_registry_check.sh: grep -E isn't portable, use egrep replace: define INT64_MAX when not defined s3: fine tune and clean up statvfs tests s3: merge bsd_statvfs and darwin_statvfs s3:build: tell linker to use corefoundation on all darwin releases s3: fix the logic in bsd_statvfs s3:configure: fix numerous compile warnings about implicit declaration of 'exit' s3: add sendfile support for Tru64, which is the same as
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3fe2c54 Fix the waf/autoconf builds to detect correctly the 32-bit or 64-bit syscall ABI on Linux. via ec9aae6 Ensure we select the correct syscall numbers on a 32-bit Linux system. from 4b47e1b VERSION: Move on to beta4! http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3fe2c54a5b122acc1d96c0e01d802b4f4a4c84b4 Author: Jeremy Allison j...@samba.org Date: Mon Jul 2 14:08:41 2012 -0700 Fix the waf/autoconf builds to detect correctly the 32-bit or 64-bit syscall ABI on Linux. Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Jul 3 05:32:21 CEST 2012 on sn-devel-104 commit ec9aae6251e7d6d1a073924b6e58908454001625 Author: Jeremy Allison j...@samba.org Date: Mon Jul 2 10:22:10 2012 -0700 Ensure we select the correct syscall numbers on a 32-bit Linux system. --- Summary of changes: lib/util/setid.c | 46 + source3/configure.in | 91 +++--- source3/wscript | 77 ++ 3 files changed, 180 insertions(+), 34 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/setid.c b/lib/util/setid.c index 885b8bf..ed86155 100644 --- a/lib/util/setid.c +++ b/lib/util/setid.c @@ -109,13 +109,25 @@ int samba_setgroups(size_t setlen, const gid_t *gidset); #if defined(HAVE_SYS_SYSCALL_H) #include sys/syscall.h #endif + +/* Ensure we can't compile in a mixed syscall setup. */ +#if !defined(USE_LINUX_32BIT_SYSCALLS) +#if defined(SYS_setresuid32) || defined(SYS_setresgid32) || defined(SYS_setreuid32) || defined(SYS_setregid32) || defined(SYS_setuid32) || defined(SYS_setgid32) || defined(SYS_setgroups32) +#error Mixture of 32-bit Linux system calls and 64-bit calls. +#endif +#endif + #endif /* All the setXX[ug]id functions and setgroups Samba uses. */ int samba_setresuid(uid_t ruid, uid_t euid, uid_t suid) { #if defined(USE_LINUX_THREAD_CREDENTIALS) +#if defined(USE_LINUX_32BIT_SYSCALLS) + return syscall(SYS_setresuid32, ruid, euid, suid); +#else return syscall(SYS_setresuid, ruid, euid, suid); +#endif #elif defined(HAVE_SETRESUID) return setresuid(ruid, euid, suid); #else @@ -127,7 +139,11 @@ int samba_setresuid(uid_t ruid, uid_t euid, uid_t suid) int samba_setresgid(gid_t rgid, gid_t egid, gid_t sgid) { #if defined(USE_LINUX_THREAD_CREDENTIALS) +#if defined(USE_LINUX_32BIT_SYSCALLS) + return syscall(SYS_setresgid32, rgid, egid, sgid); +#else return syscall(SYS_setresgid, rgid, egid, sgid); +#endif #elif defined(HAVE_SETRESGID) return setresgid(rgid, egid, sgid); #else @@ -139,7 +155,11 @@ int samba_setresgid(gid_t rgid, gid_t egid, gid_t sgid) int samba_setreuid(uid_t ruid, uid_t euid) { #if defined(USE_LINUX_THREAD_CREDENTIALS) +#if defined(USE_LINUX_32BIT_SYSCALLS) + return syscall(SYS_setreuid32, ruid, euid); +#else return syscall(SYS_setreuid, ruid, euid); +#endif #elif defined(HAVE_SETREUID) return setreuid(ruid, euid); #else @@ -151,7 +171,11 @@ int samba_setreuid(uid_t ruid, uid_t euid) int samba_setregid(gid_t rgid, gid_t egid) { #if defined(USE_LINUX_THREAD_CREDENTIALS) +#if defined(USE_LINUX_32BIT_SYSCALLS) + return syscall(SYS_setregid32, rgid, egid); +#else return syscall(SYS_setregid, rgid, egid); +#endif #elif defined(HAVE_SETREGID) return setregid(rgid, egid); #else @@ -163,8 +187,13 @@ int samba_setregid(gid_t rgid, gid_t egid) int samba_seteuid(uid_t euid) { #if defined(USE_LINUX_THREAD_CREDENTIALS) +#if defined(USE_LINUX_32BIT_SYSCALLS) + /* seteuid is not a separate system call. */ + return syscall(SYS_setresuid32, -1, euid, -1); +#else /* seteuid is not a separate system call. */ return syscall(SYS_setresuid, -1, euid, -1); +#endif #elif defined(HAVE_SETEUID) return seteuid(euid); #else @@ -176,8 +205,13 @@ int samba_seteuid(uid_t euid) int samba_setegid(gid_t egid) { #if defined(USE_LINUX_THREAD_CREDENTIALS) +#if defined(USE_LINUX_32BIT_SYSCALLS) + /* setegid is not a separate system call. */ + return syscall(SYS_setresgid32, -1, egid, -1); +#else /* setegid is not a separate system call. */ return syscall(SYS_setresgid, -1, egid, -1); +#endif #elif defined(HAVE_SETEGID) return setegid(egid); #else @@ -189,7 +223,11 @@ int samba_setegid(gid_t egid) int samba_setuid(uid_t uid) { #if defined(USE_LINUX_THREAD_CREDENTIALS) +#if defined(USE_LINUX_32BIT_SYSCALLS) + return syscall(SYS_setuid32, uid); +#else return syscall(SYS_setuid, uid); +#endif #elif defined(HAVE_SETUID) return setuid(uid); #else @@ -201,7 +239,11 @@ int samba_setuid(uid_t uid) int samba_setgid(gid_t gid) {