Re: [Samba] Support for Linux Authentication with Samba4's Internal LDAP Server
On Mon, 2012-08-27 at 16:42 -0500, Andrew Martin wrote: Hello, This topic has been touched on in the past, but I'd like to ask for additional clarification on the structure of the internal LDAP server that Samba4 provides. I currently am using OpenLDAP for authenticating Linux servers and a number of web-based services. I also use Samba 3 for presenting shares to Windows users, but it maintains a separate password database. I would like to migrate to a single sign-on, ideally using Samba4. I use the inetOrgPerson schema for users ( http://www.andrew.cmu.edu/user/dd26/ldap.akbkhome.com/objectclass/ inet OrgPerson.html ) and the posixGroup schema for groups ( http://www.andrew.cmu.edu/user/dd26/ldap.akbkhome.com/objectclass/posixGroup.html ). Does the internal LDAP server in Samba4 support these schemas? I don't mind writing some scripts to manually populate/update additional fields as needed, but need to know that services which expect a regular LDAP server would be able to utilize the Samba4 one? You should be able to use both of those, and do a simple bind against Samba4 for password validation. You can even avoid using a DN for the simple bind, we also accept user@realm and domain\user as the 'DN'. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 how to provision as simply a member of a domain
On Sat, 2012-08-25 at 14:38 -0700, Matthieu Patou wrote: On 08/24/2012 11:04 PM, steve wrote: On 24/08/12 10:47, Rowland Penny wrote: On 24/08/12 09:28, steve wrote: Hi I want to try out the Samba 4 versions of smbd, nmbd and winbindd (not samba and not as a DC) on a box which I shall join to an existing domain. How do I provision it? Or don't I and just join it using samba tool domain join? Cheers, Steve Hi Steve, You could try 'net ads join', the net command is there in /usr/local/samba/bin and this is the command that would be used from a samba 3 domain member, but I must say that I haven't yet tried this. Rowland Hi Rowland Yes, thanks I could alwasy do that but I thinking more of a samba'tool domain join method, as a member, not a dc. Anyone had any experience iof this? It looks too straightforaer to me. I must have missed something Samba-tool commands is highly related to DC operation mode, for the member operation mode the net command is your companion. Just to confuse matters, with some patches I just got in to beta7, the two are now roughly equivalent. It needs more testing, but if you run 'samba-tool domain join' then it will also populate the secrets.tdb that smbd/winbindd uses. However, for now I concur in your recommendation to use 'net ads join' as has always been done for smbd/winbindd configurations. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba3upgrade fail + leaking memory
On Thu, 2012-08-23 at 08:13 +0200, Ulrich Schinz wrote: Hello, same strange error here (used classicupgrade). I tried Debian Wheezy amd64 and Debian Squeeze amd64. In both cases i get PANIC: No talloc stackframe. After googling around I found one solution, which worked for me last week: run configure without --enable-developer and run it instead with --enable-dbug. But since tuesday i tried a complete new setup. Compiling runs without errors, but a classicupgrade is not working: PANIC: No talloc stackframe Maybe someone can give some hints, or fix this in source... A fix for this should be in beta7. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Another problem with samba4 classicupgrade
On Thu, 2012-08-23 at 11:18 +0200, Hervé Hénoch wrote: For information : I've commented out the line 831 in the file /usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py : #shells[username] = get_posix_attr_from_ldap_backend(logger, ldb_object, base_dn, username, loginShell) And the migration was successfull. An explanation would be welcome. Clearly we need to have some more try/except clauses here. Would you like to try an write a patch? eg for each of those get_posix_attr_from_ldap_backend, change that line to: try: shells[username] = get_posix_attr_from_ldap_backend(logger, ldb_object, base_dn, username, loginShell) except KeyError: pass If you can send me back a tested patch, I'll get it into master. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Still mandatory profiles, every user same profile
Hi there, again me, again similar question. First of all, what is it, what I'd like to have: 1.) Every user in my System should use the same profile. In dsa.msc I gave every user as profile-path \\samba4\profiles\stud 2.) The users should not be able to change anything in that profile (I think changing ntuser.dat to ntuser.man should do the job, proposed i got step one managed ;) ) System setup: OS: Linux, Debian Wheezy, 3.2.0-3-amd64 #1 SMP Samba-Version: todays git-pull: Version 4.0.0beta8-GIT-9e441c4 On my client I'm using Windows 7. My samba-setup followed the wiki. What I tried until now: 1.) http://infrablog.escde.net/2011/09/30/mandatory-profiles-oder-ein-profil-fur-alle/ (sorry it's in german, but I think its clear, what has to be done there). Another vid showing same way: http://www.youtube.com/watch?v=bDWEsJ0bJe8 This one didn't work. If i try to change the rights of that folder and ntuser.dat-hive, it's not possible to get the same rights, like shown in the video. Some rights (creator group etc) are created automatically, and ich cant remove them. Not shure, whether this is the problem, anyways, windows 7 allways tells me, that I'm beeing logged on with a temporary profile... 2.) http://lists.samba.org/archive/samba/2005-August/110239.html Another post from me, some months ago, where I managed this setup in a samba3-ldap environment (where it worked). This way even is not working. Same error, temporary profile. 3.) I tried to create a default user profile in my netlogon-share. My plan was to create a default user profile, so that at every logon this profile is copied. So I would have been able to delete the profiles over night via cron... But the profile isn't loaded. Maybe I'm doing something wrong in this setup... One way was to copy a customized profile to netlogon-share (see 2.) ) whith read-access to authenticated users. But this profile isn't loaded. Again the message is: temporary profile. In my profiles-share only a folder is created (username.v2) but this folder stays empty. Other way, was to just copy a profile to netlogon, but same problem So now my question to you guys is: is there someone, who got this working with samba4, or is it even working in samba4 to get this kind of setup running? Maybe someone has some hints for me, what else I could try. Kind regards Uli -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Alpha release of fuse-workspace.
Hi, I would like to announce the alpha release of fuse-workspace, a tool which takes care of access to all kinds of resources. It's independent of the GUI, this works in every environment, so also in the textconsole. It gives access on filesystem level, via FUSE for virtual maps and uses external mount commands when mounting SMB shares, and cifs is used. Please test, and try! Access to smb shares can be internal (then libsmbclient is used) and cifs (then fuse-workspace mounts using cifs). See: https://github.com/stefbon/fuse-workspace Apart from access the smb network, it supports an audio cd, and I'm working on access to FTP servers. I've tested it on some machines, but it's alpha. Stef -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net ads user add -F 'user flags'
working with samba 3.5.10 on CentOS.. and AD to a win2k8r2 machine.. I'll say this outright as I can not seem to find a concrete answer, please correct where applicable. * You can create accounts in linux on AD, but they can not be enabled from linux. To enable you must use Win2k8r2 to literally enable them. Unless you want to use ldap tools. * Samba needs the DNS servers (and dns domain) of the AD in order to function properly (resolv.conf) .. (I'm using dnsmasq passing queries for the dns domain to the AD dns servers and things fails; switching to the M$ dns makes it all work..) I'm trying to add users via linux cli as scripting is easier, and it seems that all the accounts will be created 'disabled' and must obviously be 'enabled' for them to work. ( with all that said.. ) So in reading the man page for 'net' I see this: [RPC|ADS] USER ADD name [password] [-F user flags] [-C comment] Add specified user. *where* do I find out what -F 'user flags' are? :) Or is there nothing there that will allow me to 'enable' accounts from linux? Thanks in advance.. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Support for Linux Authentication with Samba4's Internal LDAP Server
2012-08-28 10:32 keltezéssel, Andrew Bartlett írta: On Mon, 2012-08-27 at 16:42 -0500, Andrew Martin wrote: Hello, This topic has been touched on in the past, but I'd like to ask for additional clarification on the structure of the internal LDAP server that Samba4 provides. I currently am using OpenLDAP for authenticating Linux servers and a number of web-based services. I also use Samba 3 for presenting shares to Windows users, but it maintains a separate password database. I would like to migrate to a single sign-on, ideally using Samba4. I use the inetOrgPerson schema for users ( http://www.andrew.cmu.edu/user/dd26/ldap.akbkhome.com/objectclass/ inet OrgPerson.html ) and the posixGroup schema for groups ( http://www.andrew.cmu.edu/user/dd26/ldap.akbkhome.com/objectclass/posixGroup.html ). Does the internal LDAP server in Samba4 support these schemas? I don't mind writing some scripts to manually populate/update additional fields as needed, but need to know that services which expect a regular LDAP server would be able to utilize the Samba4 one? You should be able to use both of those, and do a simple bind against Samba4 for password validation. You can even avoid using a DN for the simple bind, we also accept user@realm and domain\user as the 'DN'. Andrew Bartlett Hi, I can confirm this, just switched the moodle installation from authenticating against OpenLDAP to Samba4. The only caveat was figuring out that I couldn't bind anonymously. Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Migrate samba to new server
Hi, i have a really old server running samba 3.0.11 (PDC, tdbsam backend) and i'd like to update my server and start using samba 3.6.7 from sernet, my question here is. What files do i need to migrate from one version to another, do i need to make some changes on my current conf file? Do i need to join all clients again to the domain? -- Alejandro Rodriguez Luna E-mail: el_alexl...@yahoo.com.mx -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Support for Linux Authentication with Samba4's Internal LDAP Server
Andrew, Thanks for the clarification. Is there a list of the attributes Samba4 will maintain, so I can determine which ones I'll have to manually update? Andrew - Original Message - From: Andrew Bartlett abart...@samba.org To: Andrew Martin amar...@xes-inc.com Cc: samba@lists.samba.org Sent: Tuesday, August 28, 2012 3:32:31 AM Subject: Re: [Samba] Support for Linux Authentication with Samba4's Internal LDAP Server On Mon, 2012-08-27 at 16:42 -0500, Andrew Martin wrote: Hello, This topic has been touched on in the past, but I'd like to ask for additional clarification on the structure of the internal LDAP server that Samba4 provides. I currently am using OpenLDAP for authenticating Linux servers and a number of web-based services. I also use Samba 3 for presenting shares to Windows users, but it maintains a separate password database. I would like to migrate to a single sign-on, ideally using Samba4. I use the inetOrgPerson schema for users ( http://www.andrew.cmu.edu/user/dd26/ldap.akbkhome.com/objectclass/ inet OrgPerson.html ) and the posixGroup schema for groups ( http://www.andrew.cmu.edu/user/dd26/ldap.akbkhome.com/objectclass/posixGroup.html ). Does the internal LDAP server in Samba4 support these schemas? I don't mind writing some scripts to manually populate/update additional fields as needed, but need to know that services which expect a regular LDAP server would be able to utilize the Samba4 one? You should be able to use both of those, and do a simple bind against Samba4 for password validation. You can even avoid using a DN for the simple bind, we also accept user@realm and domain\user as the 'DN'. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Support for Linux Authentication with Samba4's Internal LDAP Server
On Tue, 2012-08-28 at 17:13 -0500, Andrew Martin wrote: Andrew, Thanks for the clarification. Is there a list of the attributes Samba4 will maintain, so I can determine which ones I'll have to manually update? Essentially we behave like AD, so reference guides around that if you need further clues. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS mount intermittently unavailable: cifs_mount failed w/return code = -5
On Mon, 27 Aug 2012 08:48:42 -0400 Jeff Layton jlay...@samba.org wrote: On Thu, 16 Aug 2012 19:57:27 +1000 Robert S robert.spam.me.sensel...@gmail.com wrote: I have a debian machine called debian and a windows XP machine called server. I have a permanent mounted read-only share called \\server\doc. My /etc/fstab looks like this: //server/doc/opt/chroot/mnt/server cifs credentials=/root/.smbmount,username=medical,uid=medical,file_mode=0755,dir_mode=0755,noserverino 0 0 This works well most of the time but at times I get a input/output error when I try to access this share. My syslog shows the following: Aug 16 15:36:35 debian kernel: [1289131.676869] Status code returned 0xc0d0 NT_STATUS_REQUEST_NOT_ACCEPTED Aug 16 15:36:35 debian kernel: [1289131.676875] CIFS VFS: Send error in SessSetup = -5 Aug 16 15:36:35 debian kernel: [1289131.676899] CIFS VFS: cifs_mount failed w/return code = -5 Aug 16 15:36:46 debian kernel: [1289142.653770] Status code returned 0xc0d0 NT_STATUS_REQUEST_NOT_ACCEPTED Aug 16 15:36:46 debian kernel: [1289142.653775] CIFS VFS: Send error in SessSetup = -5 Aug 16 15:36:46 debian kernel: [1289142.653799] CIFS VFS: cifs_mount failed w/return code = -5 Aug 16 15:37:01 debian kernel: [1289158.491697] Status code returned 0xc0d0 NT_STATUS_REQUEST_NOT_ACCEPTED Aug 16 15:37:01 debian kernel: [1289158.491703] CIFS VFS: Send error in SessSetup = -5 Aug 16 15:37:01 debian kernel: [1289158.491727] CIFS VFS: cifs_mount failed w/return code = -5 Does anyone have any suggestions? Can somebody explain what return code -5 means? I have tried replacing server with its fixed IP address (192.168.0.32), but this does not help. I have even moved all the files to another location on the Windows box and recreated the share, but it still occurs. (cc'ing linux-cifs ml) -5 is -EIO which is the generic error that we map stuff to when there's not a better mapping. We don't have a standard mapping for NT_STATUS_REQUEST_NOT_ACCEPTED, so that's why you get -EIO back. The bigger question is why your server is returning that error. You may need to check the logs on the server side to see why it's not accepting these requests. ...and interestingly, the description of this error in the MS-CIFS doc from microsoft says: No resources currently available for this SMB request., which sounds like you're occasionally hitting some sort of resource limit on the server... -- Jeff Layton jlay...@samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Sysvol Replication in Samba4
On 08/26/2012 10:24 PM, Gémes Géza wrote: Hi Matthieu! Thank you for the script. Could you also attach /usr/local/etc/ecv/list_dcs which is sourced? Well no :-( But this is defining the variable LIST_DC a bit like this: LIST_DC=dc1name namedc2 It's a space separated list of dc names. Matthieu. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Still mandatory profiles, every user same profile
On Tue, 2012-08-28 at 13:10 +0200, Ulrich Schinz wrote: Hi there, again me, again similar question. First of all, what is it, what I'd like to have: 1.) Every user in my System should use the same profile. In dsa.msc I gave every user as profile-path \\samba4\profiles\stud 2.) The users should not be able to change anything in that profile (I think changing ntuser.dat to ntuser.man should do the job, proposed i got step one managed ;) ) So now my question to you guys is: is there someone, who got this working with samba4, or is it even working in samba4 to get this kind of setup running? I did this with Samba3, years ago. If I recall correctly, I did the ACL change to the NTuser.dat, changed it to to ntuser.man and put in in the netlogon share. Then I wrote the (still included) disgusting hack: the 'fake_perms' VFS module. This is still in the tree - it might even still work! Set: [netlogon] vfs objects = fake_perms read only = yes to try it out. I think the right fix would have been to run: [netlogon] profile acls = true read only = yes so try that as well. Make sure you are using s3fs (the new default file server). I've suggested read only = yes because I can't vouch for the security implications of using my old module (it pretends the current user always owns the file). If either of these help, then please let me know so we can work out the right way to support this long term. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] syntax of samba-tool to deal with SRV DNS record
Hi, i'm looking to update some SRV DNS Record , but i didn't find the correct syntax to handle priority, weight and port. The goal is to higher the priority of one of my different DCs. Thanks for your help Alain -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] High load while printing a Word document
Hello! Sometimes I have problems printing a particular Word document on a Windows XP machine. The printing takes very long and the server load/CPU are very high. For testing I set the log level = 3 printdrivers:10 and got an STATUS_BUFFER_OVERFLOW error (see logfile-extract below) On the client side I use MS Office 2003 SP3 and Windows XP SP3. With Windows 7 all works fine. The postscript-driver of Lexmark X464 is configured as point-and-click. Samba 3.6.7 is configured as PDC on OpenSuSE 10.3. I've attached the log.smbd and smb.conf as zip-file. The word document is too big (272 kb). If it is needed for testing I can send directly. Probably the eps-part of the picture in the header of the word-document is the problem. Is it possible to config/fix samba to avoid this problem ? Thanks a lot. Alex extract of log.smbd: [2012/08/27 11:07:16.205463, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: SPOOLSS_ADDJOB [2012/08/27 11:07:16.205706, 3] smbd/error.c:81(error_packet_set) error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2012/08/27 11:07:16.208747, 3] smbd/process.c:1662(process_smb) Transaction 149 of length 63 (0 toread) [2012/08/27 11:07:16.208959, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 30185) conn 0x80936638 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via e2200d5 s3: fix #9037 even more - open and netbsd have the md5 symbols in libc from 16cda12 s3:smb2_ioctl: add some more validation checks http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit e2200d51550f73e66924277d4c7290b0eeab3f23 Author: Björn Jacke b...@sernet.de Date: Fri Aug 24 21:13:45 2012 +0200 s3: fix #9037 even more - open and netbsd have the md5 symbols in libc --- Summary of changes: source3/configure.in |9 - 1 files changed, 8 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/configure.in b/source3/configure.in index aae2be0..eef3d13 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -767,8 +767,15 @@ if test x$ac_cv_header_md5_h = xyes -a \ AC_CHECK_LIB(md, MD5Update, [samba_cv_md5lib=md]) fi +if test x$ac_cv_header_md5_h = xyes -a \ +x$samba_cv_md5lib = xnone ; then + AC_CHECK_LIB(c, MD5Update, [samba_cv_md5lib=]) +fi + if test x$samba_cv_md5lib != xnone ; then - LIBS=${LIBS} -l${samba_cv_md5lib} + if test x$samba_cv_md5lib != x ; then + LIBS=${LIBS} -l${samba_cv_md5lib} + fi CRYPTO_MD5_OBJ= AC_DEFINE(HAVE_LIBMD5, 1, [Whether libmd5 conformant to rfc1321 is available.]) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 71c4227 s3: Fix bug #9085. from e2200d5 s3: fix #9037 even more - open and netbsd have the md5 symbols in libc http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 71c4227fd0a741984fb273ad1973ad1724ecb04b Author: hargagan sharga...@novell.com Date: Tue Aug 28 09:29:52 2012 +0200 s3: Fix bug #9085. NMB registration for a duplicate workstation fails with registration refuse. --- Summary of changes: source3/nmbd/nmbd_winsserver.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/nmbd/nmbd_winsserver.c b/source3/nmbd/nmbd_winsserver.c index d569154..31a6038 100644 --- a/source3/nmbd/nmbd_winsserver.c +++ b/source3/nmbd/nmbd_winsserver.c @@ -1038,7 +1038,7 @@ static void wins_register_query_success(struct subnet_record *subrec, DEBUG(3,(wins_register_query_success: Original client at IP %s still wants the \ name %s. Rejecting registration request.\n, inet_ntoa(ip), nmb_namestr(question_name) )); - send_wins_name_registration_response(RFS_ERR, 0, orig_reg_packet); + send_wins_name_registration_response(ACT_ERR, 0, orig_reg_packet); orig_reg_packet-locked = False; free_packet(orig_reg_packet); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 30567b8 s3: Fix bug #9085. from 3844438 Fix bug #9100 - winbind doesn't return Domain Local groups from own domain. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 30567b8f9bc0f5a39a3a65039277aa5f839622cd Author: hargagan sharga...@novell.com Date: Tue Aug 28 09:29:52 2012 +0200 s3: Fix bug #9085. NMB registration for a duplicate workstation fails with registration refuse. (cherry picked from commit 71c4227fd0a741984fb273ad1973ad1724ecb04b) --- Summary of changes: source3/nmbd/nmbd_winsserver.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/nmbd/nmbd_winsserver.c b/source3/nmbd/nmbd_winsserver.c index 0a5b1c8..20436c5 100644 --- a/source3/nmbd/nmbd_winsserver.c +++ b/source3/nmbd/nmbd_winsserver.c @@ -1014,7 +1014,7 @@ static void wins_register_query_success(struct subnet_record *subrec, DEBUG(3,(wins_register_query_success: Original client at IP %s still wants the \ name %s. Rejecting registration request.\n, inet_ntoa(ip), nmb_namestr(question_name) )); - send_wins_name_registration_response(RFS_ERR, 0, orig_reg_packet); + send_wins_name_registration_response(ACT_ERR, 0, orig_reg_packet); orig_reg_packet-locked = False; free_packet(orig_reg_packet); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9e441c4 s3-classicupgrade: Fix import from ldap via dd21bb0 lib/ldb: Bump ldb version to 1.1.11 via dc8d29c s3-vfs: Indicate the symlink destination when failing check_reduced_name via f2ccff7 s3-vfs: Try to be consistent about localtime vs GMT handling in vfs_shadow_copy2 via de20958 s3-vfs_shadow_copy2: Also accept a sscanf result from 11a5646 VERSION: Move on to beta8 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9e441c4ed98b1a2b83069ad5fa54b2b30dc75598 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 28 11:19:04 2012 +1000 s3-classicupgrade: Fix import from ldap We must not reference result before provision(), and do not need session_info and lp for reading a normal ldap backend anyway. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Aug 28 09:49:39 CEST 2012 on sn-devel-104 commit dd21bb0b728a9c6dfc70f1785a642474fe7bd78b Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 28 10:00:34 2012 +1000 lib/ldb: Bump ldb version to 1.1.11 This will ensure the next Samba release requires an ldb with the recent fixes. Andrew Bartlett commit dc8d29cdae68e96a3e8a0d647ee952611e69b49e Author: Andrew Bartlett abart...@samba.org Date: Tue Jul 3 13:09:33 2012 +1000 s3-vfs: Indicate the symlink destination when failing check_reduced_name commit f2ccff7b06a2ad762103f98a736f37da94d7cfdd Author: Andrew Bartlett abart...@samba.org Date: Mon Jul 2 22:31:49 2012 +1000 s3-vfs: Try to be consistent about localtime vs GMT handling in vfs_shadow_copy2 With the ability to handle times a abolute time_t values since 1970 this becomes more important to get absolutly correct. Andrew Bartlett commit de209587f9ddbe19d321753bb8f160ce19eb4517 Author: Andrew Bartlett abart...@samba.org Date: Mon Jul 2 19:31:58 2012 +1000 s3-vfs_shadow_copy2: Also accept a sscanf result --- Summary of changes: lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.11.sigs} |0 ...ldb-util-1.1.10.sigs = pyldb-util-1.1.11.sigs} |0 lib/ldb/wscript|2 +- source3/modules/vfs_shadow_copy2.c | 87 ++-- source3/smbd/vfs.c |4 +- source4/scripting/python/samba/upgrade.py |4 +- 6 files changed, 66 insertions(+), 31 deletions(-) copy lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.11.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs = pyldb-util-1.1.11.sigs} (100%) Changeset truncated at 500 lines: diff --git a/lib/ldb/ABI/ldb-1.1.10.sigs b/lib/ldb/ABI/ldb-1.1.11.sigs similarity index 100% copy from lib/ldb/ABI/ldb-1.1.10.sigs copy to lib/ldb/ABI/ldb-1.1.11.sigs diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util-1.1.11.sigs similarity index 100% copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs copy to lib/ldb/ABI/pyldb-util-1.1.11.sigs diff --git a/lib/ldb/wscript b/lib/ldb/wscript index 611eebf..3978dd2 100755 --- a/lib/ldb/wscript +++ b/lib/ldb/wscript @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'ldb' -VERSION = '1.1.10' +VERSION = '1.1.11' blddir = 'bin' diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c index af14e04..7c42052 100644 --- a/source3/modules/vfs_shadow_copy2.c +++ b/source3/modules/vfs_shadow_copy2.c @@ -84,6 +84,12 @@ be compatible with the conversion specifications recognized by str[fp]time. The default value is @GMT-%Y.%m.%d-%H.%M.%S. + shadow:sscanf = yes/no (default is no) + + The time is the unsigned long integer (%lu) in the format string + rather than a time strptime() can parse. The result must be a unix time_t + time. + shadow:localtime = yes/no (default is no) This is an optional parameter that indicates whether the @@ -142,27 +148,45 @@ static char *shadow_copy2_insert_string(TALLOC_CTX *mem_ctx, struct vfs_handle_struct *handle, time_t snapshot) { + const char *fmt; struct tm snap_tm; - fstring gmt; - size_t gmt_len; + fstring snaptime_string; + size_t snaptime_len; - if (localtime_r(snapshot, snap_tm) == 0) { - DEBUG(10, (gmtime_r failed\n)); - return NULL; - } - gmt_len = strftime(gmt, sizeof(gmt), - lp_parm_const_string(SNUM(handle-conn), shadow, - format, GMT_FORMAT), - snap_tm); - if (gmt_len == 0) { - DEBUG(10, (strftime failed\n)); - return NULL; + fmt =
[SCM] Samba Shared Repository - annotated tag ldb-1.1.11 created
The annotated tag, ldb-1.1.11 has been created at eb603488fc1a536fb0560114312d424edbc37f21 (tag) tagging dd21bb0b728a9c6dfc70f1785a642474fe7bd78b (commit) replaces samba-4.0.0beta7 tagged by Stefan Metzmacher on Tue Aug 28 11:45:02 2012 +0200 - Log - ldb: tag release ldb-1.1.11 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAABAgAGBQJQPJMeAAoJEEeTkWETCEAl40IIAJEsaAf+cj4DK8T1rvp5emdL CYnkiyVLB4vZ9rWJENCdAKj6SAGMiELuovEwFKHwrwBrP2uh8uzWw/e4GCuSsUJD XX72TIxXjbP8UKNpow2uFsBxE89RvCZk38OBoUIhFNY/LnDEs1ScFDszgTqUPgkS 0C+epAsZ79yuV71nK9bSdsAKJbfYLahyQa+xgRO9G3WXFcMv+GBJjkzJofsefDyH qrZtZKk59n2x9xBJ5DVsMPdrkY29PVfC/ifQaeL6uofqj3sR04ngkFSmZKaIebfb 1IBZpATIuifQQkMSPmnOQh4joj7ZwT6NPCSV0f0a+80ShhEx0p1IQAqc0PCLYLM= =SCBr -END PGP SIGNATURE- Andrew Bartlett (5): VERSION: Move on to beta8 s3-vfs_shadow_copy2: Also accept a sscanf result s3-vfs: Try to be consistent about localtime vs GMT handling in vfs_shadow_copy2 s3-vfs: Indicate the symlink destination when failing check_reduced_name lib/ldb: Bump ldb version to 1.1.11 --- -- Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-08-28-1228/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-08-28-1228/samba3.stderr http://git.samba.org/autobuild.flakey/2012-08-28-1228/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-08-28-1228/samba.stderr http://git.samba.org/autobuild.flakey/2012-08-28-1228/samba.stdout The top commit at the time of the failure was: commit 9e441c4ed98b1a2b83069ad5fa54b2b30dc75598 Author: Andrew Bartlett abart...@samba.org Date: Tue Aug 28 11:19:04 2012 +1000 s3-classicupgrade: Fix import from ldap We must not reference result before provision(), and do not need session_info and lp for reading a normal ldap backend anyway. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Aug 28 09:49:39 CEST 2012 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ba862f4 s3-smbd: Fix flooding the logs with records we don't find in pcap. from 9e441c4 s3-classicupgrade: Fix import from ldap http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ba862f47d78e0077d3e01dd84635b76850314436 Author: Andreas Schneider a...@samba.org Date: Tue Aug 28 14:17:22 2012 +0200 s3-smbd: Fix flooding the logs with records we don't find in pcap. Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Tue Aug 28 16:38:55 CEST 2012 on sn-devel-104 --- Summary of changes: source3/smbd/server_reload.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/server_reload.c b/source3/smbd/server_reload.c index e5d7102..3a8f5bb 100644 --- a/source3/smbd/server_reload.c +++ b/source3/smbd/server_reload.c @@ -98,7 +98,7 @@ void delete_and_reload_printers(struct tevent_context *ev, pname = lp_printername(session_info, snum); /* check printer, but avoid removing non-autoloaded printers */ - if (!pcap_printername_ok(pname) lp_autoloaded(snum)) { + if (lp_autoloaded(snum) !pcap_printername_ok(pname)) { DEBUG(3, (removing stale printer %s\n, pname)); if (is_printer_published(session_info, session_info, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a0e4bdc auth/credentials: Improve memory handling in cli_credentials_set_machine_account via 3a303ae5 selftest: Add a test for smbclient --machine-pass without secrets.tdb via bcc29f9 auth/credentials: Avoid double-free in the failure case from ba862f4 s3-smbd: Fix flooding the logs with records we don't find in pcap. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a0e4bdcb5b374a4259164aed8fdbcc7b1761f09b Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 29 09:21:52 2012 +1000 auth/credentials: Improve memory handling in cli_credentials_set_machine_account By using a tempoary talloc context this is much tidier and more reliable code. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Aug 29 03:11:10 CEST 2012 on sn-devel-104 commit 3a303ae5ab2bfef58e0ea281e3a99406ff8fd53f Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 29 09:10:40 2012 +1000 selftest: Add a test for smbclient --machine-pass without secrets.tdb Errors in handling the upgrade case without a matching secrets.tdb caused segfaults in the server. This essentially tests both sides. Andrew Bartlett commit bcc29f9e7317601737858184f5ec6243552e0c0c Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 29 09:09:10 2012 +1000 auth/credentials: Avoid double-free in the failure case This pointer is only valid if dbwrap_fetch returned success. Andrew Bartlett --- Summary of changes: auth/credentials/credentials_secrets.c | 52 selftest/target/Samba4.pm |9 + source4/selftest/tests.py |2 +- 3 files changed, 36 insertions(+), 27 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c index 3304200..8c8c567 100644 --- a/auth/credentials/credentials_secrets.c +++ b/auth/credentials/credentials_secrets.c @@ -73,7 +73,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, /* some other parts of the system will key off this */ cred-machine_account = true; - mem_ctx = talloc_named(cred, 0, cli_credentials fetch machine password); + mem_ctx = talloc_named(cred, 0, cli_credentials_set_secrets from ldb); if (!ldb) { /* Local secrets are stored in secrets.ldb */ @@ -209,10 +209,21 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr char *secrets_tdb_password = NULL; char *keystr; char *keystr_upper = NULL; - char *secrets_tdb = lpcfg_private_path(cred, lp_ctx, secrets.tdb); - struct db_context *db_ctx = dbwrap_local_open(cred, lp_ctx, secrets_tdb, 0, - TDB_DEFAULT, O_RDWR, 0600, - DBWRAP_LOCK_ORDER_1); + char *secrets_tdb; + struct db_context *db_ctx; + TALLOC_CTX *tmp_ctx = talloc_named(cred, 0, cli_credentials_set_secrets from ldb); + if (!tmp_ctx) { + return NT_STATUS_NO_MEMORY; + } + secrets_tdb = lpcfg_private_path(cred, lp_ctx, secrets.tdb); + if (!secrets_tdb) { + TALLOC_FREE(tmp_ctx); + return NT_STATUS_NO_MEMORY; + } + + db_ctx = dbwrap_local_open(cred, lp_ctx, secrets_tdb, 0, + TDB_DEFAULT, O_RDWR, 0600, + DBWRAP_LOCK_ORDER_1); /* Bleh, nasty recursion issues: We are setting a machine * account here, so we don't want the 'pending' flag around * any more */ @@ -225,25 +236,21 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr if (db_ctx) { TDB_DATA dbuf; - keystr = talloc_asprintf(cred, %s/%s, + keystr = talloc_asprintf(tmp_ctx, %s/%s, SECRETS_MACHINE_LAST_CHANGE_TIME, domain); - keystr_upper = strupper_talloc(cred, keystr); - TALLOC_FREE(keystr); - status = dbwrap_fetch(db_ctx, cred, string_tdb_data(keystr_upper), + keystr_upper = strupper_talloc(tmp_ctx, keystr); + status = dbwrap_fetch(db_ctx, tmp_ctx, string_tdb_data(keystr_upper), dbuf); - TALLOC_FREE(keystr_upper); if (NT_STATUS_IS_OK(status) dbuf.dsize == 4) { secrets_tdb_lct = IVAL(dbuf.dptr,0); } - TALLOC_FREE(dbuf.dptr); -
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5d96498 s4-dsdb: Avoid printing secret attributes in ldb trace logs via 395b8e4 lib/ldb: Avoid printing secret attributes in ldb trace logs via 17337cf auth/credentials: Remove unused, and un-declared cli_credentials_set_krbtgt() via beafdd6 auth/credentials: Better integrate fetch of secrets.tdb and secrets.ldb records from a0e4bdc auth/credentials: Improve memory handling in cli_credentials_set_machine_account http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5d96498680ec4209142ea7dc460a3fd921413a5e Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 29 11:32:26 2012 +1000 s4-dsdb: Avoid printing secret attributes in ldb trace logs These are printed when Samba has debug level 10, which is often used for debugging. To indicate that these attributes are secret, we set an opaque. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Aug 29 06:04:33 CEST 2012 on sn-devel-104 commit 395b8e4d58e2815d9848f8a6390f23d8c7d10a91 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 29 11:29:44 2012 +1000 lib/ldb: Avoid printing secret attributes in ldb trace logs These are printed when Samba has debug level 10, which is often used for debugging. Instead, print a note to say that this attribute has been skipped. Andrew Bartlett commit 17337cfec071f7f82fa4c50ace751d51277a4b20 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 29 09:44:52 2012 +1000 auth/credentials: Remove unused, and un-declared cli_credentials_set_krbtgt() commit beafdd6410f122d39c32d51629dd7eaf20a8a6c1 Author: Andrew Bartlett abart...@samba.org Date: Wed Aug 29 09:44:12 2012 +1000 auth/credentials: Better integrate fetch of secrets.tdb and secrets.ldb records By checking first if there is a secrets.tdb record and passing in the password and last change time we avoid setting one series of values and then replacing them. We also avoid the need to work around the setting of anonymous. Andrew Bartlett --- Summary of changes: auth/credentials/credentials_secrets.c | 116 ++-- lib/ldb-samba/ldif_handlers.c |8 ++ lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.12.sigs} |1 + ...ldb-util-1.1.10.sigs = pyldb-util-1.1.12.sigs} |0 lib/ldb/common/ldb.c | 31 - lib/ldb/common/ldb_ldif.c | 47 +++- lib/ldb/common/ldb_modules.c | 15 +++- lib/ldb/include/ldb_module.h |4 + lib/ldb/include/ldb_private.h |5 + lib/ldb/wscript|2 +- 10 files changed, 157 insertions(+), 72 deletions(-) copy lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.12.sigs} (99%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs = pyldb-util-1.1.12.sigs} (100%) Changeset truncated at 500 lines: diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c index 8c8c567..a44fe1c 100644 --- a/auth/credentials/credentials_secrets.c +++ b/auth/credentials/credentials_secrets.c @@ -46,12 +46,14 @@ * @param cred Credentials structure to fill in * @retval NTSTATUS error detailing any failure */ -_PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, - struct loadparm_context *lp_ctx, - struct ldb_context *ldb, - const char *base, - const char *filter, - char **error_string) +static NTSTATUS cli_credentials_set_secrets_lct(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + struct ldb_context *ldb, + const char *base, + const char *filter, + time_t secrets_tdb_last_change_time, + const char *secrets_tdb_password, + char **error_string) { TALLOC_CTX *mem_ctx; @@ -66,6 +68,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, const char *salt_principal; char *keytab; const struct ldb_val *whenChanged; + time_t lct; /* ok, we are going to get it now, don't recurse back here */ cred-machine_account_pending = false; @@ -79,8 +82,6 @@ _PUBLIC_ NTSTATUS