Re: [Samba] How can I show only the shares that user have access to in SAMBA
Hi Simon, as far as I know, you can't hide shares with user specific settings. It is not implemented wether in Windows nor in Samba. The only way is to hide the share for all users by adding the $ at the end of the share name - like [kmplan$]. To limit access to the share you need to set share and corresponding filesystem permissions. Cheers, Christian simon ben guy200...@yahoo.com schrieb: Dear All, I have implemented samba to right now in test environment to be implemented in production as samba file server so far its working grt but I have one issue i have right now one share and want only the users who have access to the share to see it and the others should not when I log into the user who has no access I see the share and when i double click it ask me for username and password googling arround this issuse is solved by using the below in smb.conf file hide dot files = yes hide unreadable = yes in the share definition section. but its still visible security is set as user here the part of my smb.conf -- [kmplan] writeable = yes path = /opt/network/testplan write list = @localgrp revalidate = yes hide unreadable = yes hide dot files = yes comment = masterplan testing directory valid users = @localgrp - is there anything i need to set in smb.conf appreciate your help and advice regards simon -- Dipl.-Ing. Christian Rost roCon - Informationstechnologie Ulmenstraße 45 44534 Lünen Fon: +49 2306 910 658 Fax: +48 2306 910 664 URL: www.rocon-it.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 second dc:s sysvol rights
I have a samba4 domain with two r/w directory controllers. Second servers sysvol share doesn't allow access to normal users, only admin users can access share. Problem is same with both: ntvfs and s3fs. Sysvolreset doesn't help and sysvolcheck doesn't complain anything. posix file acls are identical with the first server which works ok. I have granted rights for Everyone, specific user and Domain Users group, but the result is always same. Here is log for admin user accessing the share: - Successfully converted security token to a unix token:Security token SIDs (17): SID[ 0]: S-1-5-21-xxx-xxx-xxx-1005 SID[ 1]: S-1-5-21-xxx-xxx-xxx-513 SID[ 2]: S-1-5-21-xxx-xxx-xxx-1010 SID[ 3]: S-1-5-21-xxx-xxx-xxx-1747 SID[ 4]: S-1-5-21-xxx-xxx-xxx-1011 SID[ 5]: S-1-5-21-xxx-xxx-xxx-2612 SID[ 6]: S-1-5-21-xxx-xxx-xxx-1026 SID[ 7]: S-1-5-21-xxx-xxx-xxx-512 SID[ 8]: S-1-5-21-xxx-xxx-xxx-572 SID[ 9]: S-1-5-21-xxx-xxx-xxx-1181 SID[ 10]: S-1-5-21-xxx-xxx-xxx-520 SID[ 11]: S-1-5-32-550 SID[ 12]: S-1-5-32-545 SID[ 13]: S-1-5-32-544 SID[ 14]: S-1-1-0 SID[ 15]: S-1-5-2 SID[ 16]: S-1-5-11 Privileges (0x1F00): Privilege[ 0]: SeTakeOwnershipPrivilege Privilege[ 1]: SeBackupPrivilege Privilege[ 2]: SeRestorePrivilege Privilege[ 3]: SeRemoteShutdownPrivilege Privilege[ 4]: SeSecurityPrivilege Privilege[ 5]: SeSystemtimePrivilege Privilege[ 6]: SeShutdownPrivilege Privilege[ 7]: SeDebugPrivilege Privilege[ 8]: SeSystemEnvironmentPrivilege Privilege[ 9]: SeSystemProfilePrivilege Privilege[ 10]: SeProfileSingleProcessPrivilege Privilege[ 11]: SeIncreaseBasePriorityPrivilege Privilege[ 12]: SeLoadDriverPrivilege Privilege[ 13]: SeCreatePagefilePrivilege Privilege[ 14]: SeIncreaseQuotaPrivilege Privilege[ 15]: SeChangeNotifyPrivilege Privilege[ 16]: SeUndockPrivilege Privilege[ 17]: SeManageVolumePrivilege Privilege[ 18]: SeImpersonatePrivilege Privilege[ 19]: SeCreateGlobalPrivilege Privilege[ 20]: SeEnableDelegationPrivilege Rights (0x 403): Right[ 0]: SeInteractiveLogonRight Right[ 1]: SeNetworkLogonRight Right[ 2]: SeRemoteInteractiveLogonRight And as normal user: Successfully converted security token to a unix token:Security token SIDs (6): SID[ 0]: S-1-5-21-xxx-xxx-xxx-1345 SID[ 1]: S-1-5-21-xxx-xxx-xxx-513 SID[ 2]: S-1-5-32-545 SID[ 3]: S-1-1-0 SID[ 4]: S-1-5-2 SID[ 5]: S-1-5-11 Privileges (0x 0): Rights (0x 0): -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How can I show only the shares that user have access to in SAMBA
Dear Bjorn I really apprecite your quick reply. by the way I did add the access based share enum = yes but when I do a testparm it gives a error --- [root@kmshare samba]# testparm /etc/samba/smb.conf Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: access based share enum Ignoring unknown parameter access based share enum Processing section [homes] Processing section [printers] Processing section [kmplan] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = MYGROUP server string = Samba Server Version %v passdb backend = tdbsam disable spoolss = Yes winbind use default domain = Yes winbind trusted domains only = Yes cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [kmplan] comment = masterplan testing directory path = /opt/network/testplan valid users = @localgrp write list = @localgrp read only = No hide unreadable = Yes hide unwriteable files = Yes the directory /opt/network/testplan is sahred as kmplan and localgrp has 2 valid users user1 and user2 so if I log in as user1 or user2 kmplan share can be accessed perfectly i have a third user user3 and he not belong the localgrp . also wanted to mentioned that I have used webmin to create local users and in samba windows file sharing option of webmin== user and group synchronisation == i am using yes for all. that is when a unix user is created automatically add a samba user likewise for groups. apprecite your help and advise regards simon --- On Wed, 10/10/12, Björn JACKE b...@sernet.de wrote: From: Björn JACKE b...@sernet.de Subject: Re: [Samba] How can I show only the shares that user have access to in SAMBA To: simon ben guy200...@yahoo.com Cc: samba@lists.samba.org Date: Wednesday, October 10, 2012, 1:28 PM On 2012-10-10 at 13:02 -0700 simon ben sent off: i have right now one share and want only the users who have access to the share to see it and the others should not when I log into the user who has no access I see the share and when i double click it ask me for username and password googling arround this issuse is solved by using the below in smb.conf file hide dot files = yes hide unreadable = yes in the share definition section. but its still visible can you please try setting access based share enum = yes ? Cheers Björn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How can I show only the shares that user have access to in SAMBA
On 2012-10-11 at 01:22 -0700 simon ben sent off: but when I do a testparm it gives a error --- [root@kmshare samba]# testparm /etc/samba/smb.conf Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: access based share enum Ignoring unknown parameter access based share enum then your Samba version is too old then. This parameter was introduced with Samba 3.6 I think (maybe 3.5 already). On http://www.enterprisesamba.org you might find recent packages for your distribution that support that feature. Cheers Björn -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen ☎ +49-551-37-0, ℻ +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ntacl sysvolreset does not create correct ACL's
Hi Version 4.1.0pre1-GIT-957f9fa openSUSE 12.2 After running samba-tool ntaclreset These are the ACE's produced: getfacl sysvol/ # file: sysvol/ # owner: root # group: wheel # flags: s-- user::rwx user:root:rwx group::r-- group:wheel:r-- group:300:r-- group:301:r-- group:302:r-- mask::rwx other::--- I got the group names from wbinfo. The group numbers correspond to: 300 BUILTIN\Server Operators 4 301 NT AUTHORITY\SYSTEM 5 302 NT AUTHORITY\Authenticated Users 5 Problem: GPO's do not work. I think this is due to the r-- only ACE. Users, authenticated or not do not have access to sysvol to be able to read the GPO's because of the r-- I changed the ACL by adding an r-x and rwx after comparing what a working installation on Ubuntu gave: # file: usr/local/samba/var/locks/sysvol/ # owner: root # group: wheel # flags: s-- user::rwx user:root:rwx group::r-x group:wheel:r-x group:300:r-x group:301:rwx group:302:r-x mask::rwx other::r-x default:user::rwx default:group::r-x default:group:300:r-x default:group:301:rwx default:group:302:r-x default:mask::rwx default:other::--- and now the GPO's work again. However, running sysvolreset returns the ACL to the r-- state. I tested this on Ubuntu where sysvolreset works fine, producing r-x and rwx ACE's in the correct place. I think the problem must be distro specific. Works for Ubuntu, not for openSUSE. Is there something in the script which makes it distro dependent? I notice Ubuntu uses different owning groups (adm Ubuntu, wheel, openSUSE)? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Internal DNS stops forwarding
Hi Felix, I think it is. Because all the connections I see when the error occurs are related to the forwarder I declared in smb.conf. The number of connections keeps growing again until the error appears. So I have to restart samba. And, yes, lsof, shows that all connections but 2 are related to the forwarder. An interesting question of course is why your forwarder never answers the requests from the internal DNS server. Is it set up correctly? I agree we really need to fix the timeout, but even then your DNS setup would be broken if the forwarder never answers to queries. Hi Kai: yes, the forwarder does answer the requests but the connections keep open. The internal dns servers stops forwarding when the number of connections is above 1000. Could you, please, help me? Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Joining Samba RODC, NT_STATUS_NOT_SUPPORTED
Dear list users, I have a problem when joining an Active Directory domain. In this project we have one Main Dc in capital city and one read only dc in one remote city. We join to main DC succesfully. However, we can not join to local Replicate (rodc14). We are using this method for winbind / squid ntlm authentication purposes not a full samba server. İnternet conection is not fast and we have thousands of users. Remote joining is not our first choice. First of all I try to join without lmhosts entry. That time , I got Failed to join domain: failed to find DC for domain. /etc/hosts entry was in place and AD dns server was running. Anyway, I have overcomed this problem after adding lmhosts entry. Now my problem is: result : WERR_NOT_SUPPORTED Failed to join domain: Failed to set account flags for machine account (NT_STATUS_NOT_SUPPORTED) I have searched and come up with, this may be about read only dc.We have changed dc to normal mode. Nothing has changed. I need some help for joining to a read only dc and the problem debugged below. System is Centos 5 i386 AD Server is Windows Server 2008 R2 Enterprise 7601 Service Pack 1 Samba is samba3-utils-3.6.8-44.el5 samba3-3.6.8-44.el5 samba3-winbind-3.6.8-44.el5 samba3-client-3.6.8-44.el5 Rpms from sernet. (actually I was using samba3x rpms fron Centos. I have upgrades when I have encountered these problems) net ads -d 10 testjoin net ads join -d 3 -U test14%pass Debugs are below. DC: rodc14.testdom.com.tr, 10.10.25.4 domain: TESTDOM.COM.TR Machine Name: TEST14 AD USER: test14 (In administrator group) Best Regards, Oguz [root@test14 ~]# kinit Password for tes...@testdom.com.tr: [root@test14 ~]# echo $? 0 [root@test14 ~]# net ads testjoin kinit succeeded but ads_sasl_spnego_krb5_bind failed: Decrypt integrity check failed kerberos_kinit_password TEST14$@TESTDOM.COM.TR failed: A service is not available that is required to process the request Join to domain is not valid: Undetermined error cat /etc/hosts: # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost test14 ::1 localhost6.localdomain6 localhost6 10.10.25.4 rodc14.testdom.com.tr #Do not edit/remove this line, required for labris AD integration cat /etc/samba/lmhosts: # This file provides the same function that the lmhosts file does for # Windows. It's another way to map netbios names to ip addresses. # # Cf. section 'name resolve order' in the manual page of smb.conf for # more information. 127.0.0.1 localhost #127.0.0.1 FOO#20 #192.168.1.1 MYDOM#1C 10.10.25.4 TESTDOM /etc/samba/smb.conf: [global] netbios name = TEST14 realm = testdom.com.tr workgroup = TEST security = ads encrypt passwords = yes password server = 10.10.25.4 log level = 3 log file = /var/log/samba.log ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 winbind separator = / winbind enum users = yes winbind enum groups = yes winbind use default domain = yes domain master = no local master = no preferred master = no template shell = /sbin/nologin getwd cache = yes winbind cache time = 10 ldap connection timeout = 1200 ldap timeout = 2400 allow trusted domains = yes # ldap ssl = off # winbind offline logon = yes # winbind refresh tickets = yes # client use spnego = no # use spnego = no # ldap ssl ads = no # client ldap sasl wrapping = plain /etc/krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = TESTDOM.COM.TR default_tkt_enctypes = rc4-hmac des-cbc-crc default_tgs_enctypes = rc4-hmac des-cbc-crc # dns_lookup_realm = false # dns_lookup_kdc = false dns_lookup_realm = false dns_lookup_kdc = false [realms] TESTDOM.COM.TR = { kdc = 10.10.25.4 admin_server = 10.10.25.4 default_domain = TESTDOM.COM.TR } [domain_realm] .testdom.com.tr = TESTDOM.COM.TR testdom.com.tr = TESTDOM.COM.TR net ads join Log: net ads join -d 3 -U test14%pass lp_load_ex: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] WARNING: The idmap uid option is deprecated WARNING: The idmap gid option is deprecated added interface eth9.102 ip=fe80::20c:bdff:fe05:28f8%eth9.102 bcast=fe80:::::%eth9.102 netmask=::::: added interface eth1 ip=fe80::290:bff:fe21:43ac%eth1 bcast=fe80:::::%eth1 netmask=::::: added interface eth2 ip=fe80::290:bff:fe21:43ad%eth2 bcast=fe80:::::%eth2 netmask=::::: added interface eth0 ip=fe80::290:bff:fe27:b5bf%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth9.102 ip=95.0.0.26 bcast=
[Samba] PDC: realm changed: authentication aborted
Hi list, We have a network with some XP and some Windows 7 computer, we use samba 3.6.6 on debian 6.0.6 from debian-backports. It's a pdc with passdb backend = ldapsam. In our logs there are lots of: ARCServer slapd[1263]: SASL [conn=46778] Failure: realm changed: authentication aborted I found out that at that time this emerges the tcpdump says: 12:59:54.656399 IP client.49551 192.168.43.202.ldap: Flags [S], seq 3802010171, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 12:59:54.656444 IP 192.168.43.202.ldap client.49551: Flags [S.], seq 3999710145, ack 3802010172, win 5840, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0 12:59:54.656831 IP client.49551 192.168.43.202.ldap: Flags [.], ack 1, win 256, length 0 12:59:54.665734 IP client.49551 192.168.43.202.ldap: Flags [P.], seq 1:351, ack 1, win 256, length 350 12:59:54.665756 IP 192.168.43.202.ldap client.49551: Flags [.], ack 351, win 108, length 0 12:59:54.677914 IP 192.168.43.202.ldap client.49551: Flags [P.], seq 1:377, ack 351, win 108, length 376 12:59:54.678040 IP 192.168.43.202.ldap client.49551: Flags [P.], seq 377:391, ack 351, win 108, length 14 12:59:54.678316 IP client.49551 192.168.43.202.ldap: Flags [.], ack 391, win 255, length 0 12:59:54.678707 IP client.49551 192.168.43.202.ldap: Flags [P.], seq 351:391, ack 391, win 255, length 40 12:59:54.679001 IP 192.168.43.202.ldap client.49551: Flags [P.], seq 391:672, ack 391, win 108, length 281 12:59:54.679619 IP client.49551 192.168.43.202.ldap: Flags [P.], seq 391:678, ack 672, win 254, length 287 12:59:54.679858 IP 192.168.43.202.ldap client.49551: Flags [P.], seq 672:758, ack 678, win 125, length 86 12:59:54.680464 IP client.49551 192.168.43.202.ldap: Flags [P.], seq 678:689, ack 758, win 253, length 11 12:59:54.680480 IP client.49551 192.168.43.202.ldap: Flags [F.], seq 689, ack 758, win 253, length 0 12:59:54.680710 IP 192.168.43.202.ldap client.49551: Flags [F.], seq 758, ack 690, win 125, length 0 12:59:54.680987 IP client.49551 192.168.43.202.ldap: Flags [.], ack 759, win 253, length 0 This happens every 15 minutes per Win7 machine on the client wireshark says: //client-server 0„ X c„ O x ‡ objectclass0„ + subschemaSubentry dsServiceName namingContexts defaultNamingContext schemaNamingContext configurationNamingContext rootDomainNamingContext supportedControl supportedLDAPVersion supportedLDAPPolicies supportedSASLMechanisms dnsHostName ldapServiceName serverName supportedCapabilities //server -client 0‚ t d‚ m 0‚ g0' namingContexts1 dc=arc-aachen,dc=de0À supportedControl1« 2.16.840.1.113730.3.4.18 2.16.840.1.113730.3.4.2 1.3.6.1.4.1.4203.1.10.1 1.2.840.113556.1.4.319 1.2.826.0.1.3344810.2.3 1.3.6.1.1.13.2 1.3.6.1.1.13.1 1.3.6.1.1.120 supportedLDAPVersion1 307 supportedSASLMechanisms1 CRAM-MD5 DIGEST-MD5 NTLM0# subschemaSubentry1 cn=Subschema0e //client-server 0„ `„ £„ DIGEST-MD5 //server-client 0‚ a‚ @SASL(0): successful result: security flags do not match required‡Änonce=cryptic1,realm=ARCServer.arc-aachen.de,qop=auth,auth-int, auth-conf,cipher=rc4-40,rc4-56,rc4,des,3des,maxbuf=65536,charset=utf-8, algorithm=md5-sess //client-server 0„ `„ £„ DIGEST-MD5 ‚ õusername=client$,realm=arcd,nonce=cryptic1,digest-uri=ldap/ARCSERVER, cnonce=cryptic2,nc=0001,response=cryptic3,qop=auth-conf,cipher=3des, charset=utf-8 //server-client 0T aO 1 HSASL(-13): authentication failure: realm changed: authentication aborted //client-server 0„ B I understand that the win7 machine tries to ask the server something concernig the network, but the problem is, that the server expects a reply from client.arc-aachen.de but gets a reply from client.arcd. But why? extracts from smb.conf: [global] workgroup = ARCD netbios name = ARCServer # domain settings domain master = yes domain logons = yes os level = 100 preferred master = yes wins support = no passdb backend = ldapsam ldap suffix = dc=arc-aachen,dc=de ldap admin dn = cn=samba,dc=arc-aachen,dc=de ldap user suffix = ou=users ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap idmap suffix = ou=idmaps [...] I know this is a slapd problem if this server wouldn't be our samba file server this problem would not emerge. Does anybody know what to do? Thanks for your help Sebastian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] idmap config question
Hi list we have a samba 3.6.6 pdc on debian 6.0.6 with passdb backend = ldapsam. Our workgroup is ARCD. The winbind-idmap log says: [2012/10/10 13:04:48.771095, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config ARCD Extracts from smb.conf: workgroup = ARCD ldap idmap suffix = ou=idmaps idmap config * : range = 12000 - 3 The manpage says that tdb is the default backend and that * catches all domain names. Why do I get the above log message? Is there still something wrong? Thanks for your help Sebastian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Help to understand file/parent permissions
Hi guys, i am having a very strange problem that is driving me crazy. I have a very simple samba setup I am using version 3.5.10-0.107.el5 # cat /etc/samba/smb.conf [global] realm = MYDOMAIN.BIZ security = ADS idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 [test] path = /tmp/temp read only = No Inside /tmp/test i have the following tree: # ls -laR /tmp/temp/ /tmp/temp/: total 4 drwxr-xr-x 3 root root 1024 Oct 11 10:35 . drwxrwxrwt 5 root root 1024 Oct 11 10:42 .. drwxr-xr-x 2 myuser root 1024 Oct 11 10:42 someFolder /tmp/temp/someFolder: total 2 drwxr-xr-x 2 myuser root 1024 Oct 11 10:42 . drwxr-xr-x 3 root root 1024 Oct 11 10:35 .. -rw-r--r-- 1 root root0 Oct 11 10:36 someFile I can connect from windows 7 to the share just fine using myuser. So now comes the question: Why myuser can rename someFile if its owned by root:root and permission is -rw-r--r-- ? (Though i can not change its contents). I think this is related to myuser being the owner of the folder itself, but i am not sure because of the behaviour in this other question: Why if i set permission to -rw-r-, now myuser can not rename the file anymore ? []'s Salatiel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba Digest, Vol 118, Issue 12
Pessoal, bom dia! Estarei de férias no período de 05/10 a 28/10, retornando no dia 29/10/2012. Na minha ausência as dúvidas poderão ser resolvidas pela seguinte equipe: Ricardo: Coordenação da equipe TI, e-mails e servidores – AMP e Inpacom - (011) 3616-1417 Igor: Gemma - AMP e Inpacom - (011) 3616-1438 Luciano e Vagner: Ginjo/ Silbra - Todos os sistemas - (011) 3659-3096 Robson: Indisa - Todos os sistemas - (019) 3765-6000 Essa é uma resposta automática. Até mais. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] List windows clients/machines in network list (win 7)
Another important information is that I already allowed the windows firewall rules (network discovery rules). Anybody already passed by these situations? Thanks, Marcio Oliveira. 2012/10/10 Marcio Oli marcio.oli...@gmail.com People, some of the machines of my network aren't been listed in (Windows Explorer - Network icon). I made a research and I found the following: - try to activate some services: SSDP Discovery; UPnP Device Host; Function Discovery Resource Publication. Note: this situation happens with machines that were joined to the domain and with others that weren't added to domain yet. I would like to see every windows clients listed in Network icon. I activated these services, but it keeps not working. I think my samba DCs are OK, less the following log message, that I'm not sure if it's normal: 1. [2012/10/10 14:40:52.257211, 0] nmbd/nmbd_workgroupdb.c:281(dump_workgroups) 2. dump_workgroups() 3. dump workgroup on subnet 10.0.5.5: netmask= 255.255.248.0: 4.WORKGROUP(2) current master browser = UNKNOWN 5.NetworkDomain (1) current master browser = PDC 1 6.PDC1 40849b3b (PDC 1 ) 7.BDC1 40809b3b (BDC 1 ) ... 8. [2012/10/10 14:40:52.257344, 0] nmbd/nmbd_workgroupdb.c:281(dump_workgroups) 9.dump_workgroups() 10. dump workgroup on subnet UNICAST_SUBNET: netmask= 10.0.5.5: 11.NetworkDomain (1) current master browser = UNKNOWN 12.PDC1 40819b3b (PDC 1 ) Maybe there is a problem between lines 5 and 11 at above lines. But I don't understand the syntax of this log. Is my network without a current master browser? Anybody could help me with these 2 troubles? Thanks, -- Marcio Oliveira. -- Marcio Oliveira. Tudo concorre para o bem daqueles que amam à Deus. (Rom 8,28) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 - setting acl rwx but getting r-x
Hello, I am having problem setting permission on shared folder: the folder is datasamba/common and after I set full permission for a user itester (317) and also tester (318), I could see that it is only granting r-x to those users. but I could see from the default permissions that they have rwx. getfacl /datasamba/common # file: datasamba/common # owner: root # group: users # flags: sst user::rwx user:root:rwx group::--- group:wheel:r-x group:users:--- group:308:r-x group:317:r-x group:318:r-x mask::rwx other::--- default:user::rwx default:user:root:rwx default:group::--- default:group:wheel:rwx default:group:users:--- default:group:308:r-x default:group:317:rwx default:group:318:rwx default:mask::rwx default:other::--- wbinfo -i itester OFFICEDOM\itester:*:317:100:Innocent Tester:/home/OFFICEDOM/itester:/bin/bash wbinfo -i tester OFFICEDOM\tester:*:318:100:Tester Ramjet:/home/OFFICEDOM/tester:/bin/bash wbinfo -g Enterprise Read-Only Domain Controllers Domain Admins Domain Users Domain Guests Domain Computers Domain Controllers Schema Admins Enterprise Admins Group Policy Creator Owners Read-Only Domain Controllers DnsUpdateProxy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA4 - setting acl rwx but getting r-x
Hello, I am having problem setting permission on shared folder: the folder is datasamba/common and after I set full permission for a user itester (317) and also tester (318), I could see that it is only granting r-x to those users. but I could see from the default permissions that they have rwx. Have anyone this problem before? I am not able to send more details as my email get's back to me. but it can be seen at https://bugzilla.samba.org/show_bug.cgi?id=9284 Thanks beforehand Inno. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 - setting acl rwx but getting r-x
On 11/10/12 20:13, Innocent Yevide wrote: Hello, I am having problem setting permission on shared folder: the folder is datasamba/common and after I set full permission for a user itester (317) and also tester (318), I could see that it is only granting r-x to those users. but I could see from the default permissions that they have rwx. 317 and 318 seem to be a groups. How about: setfacl -m g:317:rwx /datasamba/common Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 - setting acl rwx but getting r-x
Hi Steve, Thanks for answering. This is what I did for the time being. but it means anytime I will grant write permission to a user on shared folder (from windows), I will have come to Linux and run the below command. I was wondering may be I missed something to configure, or it is a bug. Best Regards, Inno. De : steve st...@steve-ss.com À : samba@lists.samba.org Envoyé le : Jeudi 11 octobre 2012 22h28 Objet : Re: [Samba] samba4 - setting acl rwx but getting r-x On 11/10/12 20:13, Innocent Yevide wrote: Hello, I am having problem setting permission on shared folder: the folder is datasamba/common and after I set full permission for a user itester (317) and also tester (318), I could see that it is only granting r-x to those users. but I could see from the default permissions that they have rwx. 317 and 318 seem to be a groups. How about: setfacl -m g:317:rwx /datasamba/common Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How can I show only the shares that user have access to in SAMBA
Dear Bjorn, Indeed so grateful for your quick reply I was indeed using earlier samba actually I just installed it using yum. now I did upgrade samba to recent one samba 3.6.8 and after running the testparm command displayed no errors but still I was not able to achieve my goal as christian mentioned in his reply i do think his mistaken cause there are many guys whos post i see and they have solved it by adding just his 2 below command in their smb.conf file hide unreadable = Yes hide unwriteable files = Yes Is there anything I could look into as I mentioned before I have used webmin to create both local and samba users whos user names are the same and so also groups here below my smb.conf [global] workgroup = MYGROUP server string = Samba Server Version %v disable spoolss = Yes domain master = No idmap config * : backend = tdb cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No [kmplan] comment = masterplan testing directory path = /opt/network/testplan valid users = @localgrp write list = @localgrp read only = No hide unreadable = Yes hide unwriteable files = Yes access based share enum = Yes also here below are the permissions of /opt/network/testplan directory drwxrws--T 3 root localgrp 4096 Oct 10 19:39 testplan Actually every things works fine what I mean is if I log in as a user who belongs to localgrp I can read/write the kmplan share which is perfect but when i log in as user who does not belong to localgrp i can see the kmplan share although i cannot access it. as christian said i can hide the share but even for valid users the share is hidden n i obviously dont want to hide the share for valid users regards simon --- On Thu, 10/11/12, Björn JACKE b...@sernet.de wrote: From: Björn JACKE b...@sernet.de Subject: Re: [Samba] How can I show only the shares that user have access to in SAMBA To: simon ben guy200...@yahoo.com Cc: samba@lists.samba.org Date: Thursday, October 11, 2012, 2:10 AM On 2012-10-11 at 01:22 -0700 simon ben sent off: but when I do a testparm it gives a error --- [root@kmshare samba]# testparm /etc/samba/smb.conf Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: access based share enum Ignoring unknown parameter access based share enum then your Samba version is too old then. This parameter was introduced with Samba 3.6 I think (maybe 3.5 already). On http://www.enterprisesamba.org you might find recent packages for your distribution that support that feature. Cheers Björn -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen ☎ +49-551-37-0, ℻ +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] DNS forward - Re: samba Digest, Vol 118, Issue 12
I can confirm this behavior, forwards work ok until the limit is reached. Setup is a single DC with less that 6 machines joined to the domain and maybe another 6 machines pointing at this DNS. Does anyone want the gdb info that was stated from a prior thread back in issue 10? interim fix: I just added ulimit -n 8192 to the start script and a cron to restart samba twice a day for now. samba version 4.1.0pre1-GIT-456f821 - snippet from the log -- [2012/09/25 12:46:14, 0] ../source4/smbd/server.c:475(binary_smbd_main) samba: using 'standard' process model [2012/10/03 18:07:09, 0] ../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done) ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT [2012/10/03 18:17:09, 0] ../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done) ../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT [2012/10/03 18:27:09, 0] ../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done) -- Forwarded message -- From: fe...@epepm.cupet.cu To: samba@lists.samba.org Cc: Date: Thu, 11 Oct 2012 07:52:57 -0400 (CDT) Subject: Re: [Samba] Internal DNS stops forwarding Hi Felix, I think it is. Because all the connections I see when the error occurs are related to the forwarder I declared in smb.conf. The number of connections keeps growing again until the error appears. So I have to restart samba. And, yes, lsof, shows that all connections but 2 are related to the forwarder. An interesting question of course is why your forwarder never answers the requests from the internal DNS server. Is it set up correctly? I agree we really need to fix the timeout, but even then your DNS setup would be broken if the forwarder never answers to queries. Hi Kai: yes, the forwarder does answer the requests but the connections keep open. The internal dns servers stops forwarding when the number of connections is above 1000. Could you, please, help me? Cheers, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Joining Samba RODC, NT_STATUS_NOT_SUPPORTED
On 10/11/2012 05:29 AM, Oguz Yilmaz wrote: Dear list users, I have a problem when joining an Active Directory domain. In this project we have one Main Dc in capital city and one read only dc in one remote city. We join to main DC succesfully. However, we can not join to local Replicate (rodc14). We are using this method for winbind / squid ntlm authentication purposes not a full samba server. Ä°nternet conection is not fast and we have thousands of users. Remote joining is not our first choice. First of all I try to join without lmhosts entry. That time , I got Failed to join domain: failed to find DC for domain. /etc/hosts entry was in place and AD dns server was running. Anyway, I have overcomed this problem after adding lmhosts entry. Now my problem is: result : WERR_NOT_SUPPORTED Failed to join domain: Failed to set account flags for machine account (NT_STATUS_NOT_SUPPORTED) I think that it's expected, you can't join on a RODC maybe Windows is able to discover it and do the join with the RWDC. Is your rodc a samba 4 DC or a Microsoft Windows ? Matthieu. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] users map with ADS not working
Hi All, I have an update. I did snoop the network and found, when I use IP to connect to the share, samba server sends packets to Windows AD. If I try to connect using hostname, samba server does not make any attempts to connect to Windows AD. It looks more like problem on the smb.conf side. If somebody has experienced this problem in past then please help. (PS: I am using MIT Kerberos + Open LDAP and Samba - all current versions.) Thanks Nitin From: nitintha...@hotmail.com To: samba@lists.samba.org Date: Wed, 10 Oct 2012 23:14:47 -0400 Subject: [Samba] users map with ADS not working Hi All I am running two instances of samba on same box. One instance of samba has joined AD domain ABC and the other 123. My workstation is on ABC domain and when I try to connect to samba server on ABC domain, it asks me for user name and password and then fails. If I put IP address instead it works. At the same time, when I try to connect to 123 domain, it asks me for user name and password and authenticates me without any problem. I set the debug level to 9 on both the instances. I am not running winbind - please dont ask me why. The strange problem is when a user who has same unix and windows account in ABC domain, when he tries to log into the samba server which is on ABC domain, it works with hostname where as folks who has different accounts on windows and unix, it dosent work for them with hostname but with IP. The Global section of both the instances is similar, here is the global section of samba server which is binding to ABC domain: - #=== Global Settings = [global] socket options = TCP_NODELAY IPTOS_LOWDELAY netbios name = TST-SMB-DEV workgroup = ABC server string = tst-smb-dev Server ver %v security = ADS log file = /opt/local/samba-3.6.7/dev/logs/log.%m max log size = 50 password server = AD1.ABC.com AD2.ABC.com encrypt passwords = yes realm = ABC.COM local master = no domain master = no domain logons = no dns proxy = no smb passwd file = /opt/local/samba-3.6.7/dev/private private dir = /opt/local/samba-3.6.7/dev/private username map = /opt/local/samba-3.6.7/dev/users.map pid directory = /opt/local/samba-3.6.7/dev bind interfaces only = yes wins support = no domain master = no locking = yes lock directory = /opt/local/samba-3.6.7/dev/var/locks preserve case = yes short preserve case = yes load printers = no printcap name = /dev/null deadtime = 15 preferred master = no guest account = nobody guest ok = no syslog = 0 interfaces = 10.20.20.3 socket address = 10.20.20.3 kerberos method = system keytab log level = 9 Here are the logs when user whose mapping is defined in users.map tries to log into samba instance which is binding to ABC domain [2012/10/10 15:07:11.896408, 3] libads/authdata.c:332(decode_pac_data) Found account name from PAC: foo [Foo Bar] [2012/10/10 15:07:11.896530, 3] auth/user_krb5.c:50(get_user_from_kerberos_info) Kerberos ticket principal name is [f...@abc.com] [2012/10/10 15:07:11.896611, 4] auth/user_util.c:361(map_username) Scanning username map /opt/local/samba-3.6.7/dev/users.map [2012/10/10 15:07:11.896665, 3] auth/user_util.c:402(map_username) Mapped user ABC\foo to bar [2012/10/10 15:07:11.896725, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user bar [2012/10/10 15:07:11.896758, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is bar [2012/10/10 15:07:11.897025, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [bar]! [2012/10/10 15:07:11.897418, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /opt/local/Samba/lib/smb.conf.dev - /opt/local/Samba/lib/smb.conf.dev last mod_time: Wed Oct 10 15:06:58 2012 [2012/10/10 15:07:11.897530, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user ABC\foo [2012/10/10 15:07:11.897562, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is ABC\foo [2012/10/10 15:07:11.897648, 5] lib/username.c:124(Get_Pwnam_internals) Trying _Get_Pwnam(), username as given is ABC\foo [2012/10/10 15:07:11.897725, 5] lib/username.c:134(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is ABC\foo [2012/10/10 15:07:11.897798, 5] lib/username.c:143(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in ABC\foo [2012/10/10 15:07:11.897832, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [ABC\foo]! [2012/10/10 15:07:11.897861, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user foo [2012/10/10 15:07:11.897896, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is foo [2012/10/10 15:07:11.897973,
Re: [Samba] samba4, classicupgrade: set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER
Hello Andrew, 2012/10/10 Andrew Bartlett abart...@samba.org: A patch is in GIT master (to paper over the issue), which may be backported to the 4.0 release stream once folks confirm it works properly. And so I pulled from master, and now it correctly upgrades the test domain. Thank very much!! Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a11595b docs: Add very basic samba manpage. from 957f9fa rpc_server:srvsvc Remove psd variable that was no longer set by SMB_VFS_FGET_NT_ACL http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a11595bd2e6895f734e621c69c1ad0ee3e1a685a Author: Karolin Seeger ksee...@samba.org Date: Wed Oct 10 10:43:02 2012 +0200 docs: Add very basic samba manpage. Please feel free to extend. Karolin Autobuild-User(master): Karolin Seeger ksee...@samba.org Autobuild-Date(master): Thu Oct 11 11:40:37 CEST 2012 on sn-devel-104 --- Summary of changes: docs-xml/manpages/samba.8.xml | 181 + 1 files changed, 181 insertions(+), 0 deletions(-) create mode 100644 docs-xml/manpages/samba.8.xml Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/samba.8.xml b/docs-xml/manpages/samba.8.xml new file mode 100644 index 000..229e941 --- /dev/null +++ b/docs-xml/manpages/samba.8.xml @@ -0,0 +1,181 @@ +?xml version=1.0 encoding=iso-8859-1? +!DOCTYPE refentry PUBLIC -//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN http://www.samba.org/samba/DTD/samba-doc; +refentry id=samba.8 + +refmeta + refentrytitlesamba/refentrytitle + manvolnum8/manvolnum + refmiscinfo class=sourceSamba/refmiscinfo + refmiscinfo class=manualSystem Administration tools/refmiscinfo + refmiscinfo class=version4.0/refmiscinfo +/refmeta + + +refnamediv + refnamesamba/refname + refpurposeServer to provide AD and SMB/CIFS services to clients/refpurpose +/refnamediv + +refsynopsisdiv + cmdsynopsis + commandsamba/command + arg choice=opt-D/arg + arg choice=opt-i/arg + arg choice=opt-M lt;modelgt;/arg + arg choice=opt--maximum-runtime=lt;secondsgt;/arg + arg choice=opt-b/arg + arg choice=opt--help/arg + arg choice=opt--usage/arg + arg choice=opt-d lt;debug levelgt;/arg + arg choice=opt--debug-stderr/arg + arg choice=opt-s lt;configuration filegt;/arg + arg choice=opt--option=lt;smb_conf_paramgt;=lt;valuegt;/arg + arg choice=opt-l lt;log directorygt;/arg + arg choice=opt--leak-report/arg + arg choice=opt--leak-report-full/arg + arg choice=opt-V/arg + /cmdsynopsis +/refsynopsisdiv + +refsect1 + titleDESCRIPTION/title + paraThis program is part of the citerefentryrefentrytitlesamba/refentrytitle + manvolnum7/manvolnum/citerefentry suite./para + + paracommandsamba/command is the server daemon that + provides Active Directory, filesharing and printing services to clients. + /para +/refsect1 + +refsect1 + titleOPTIONS/title + + variablelist + varlistentry + term-D|--daemon/term + listitemparaIf specified, this parameter causes + the server to operate as a daemon. That is, it detaches + itself and runs in the background, fielding requests + on the appropriate ports. Operating the server as a + daemon is the recommended way of running + commandsamba/command for servers that provide more + than casual use file and print services. This switch is + assumed if commandsamba/command is executed on the + command line of a shell. + /para/listitem + /varlistentry + + varlistentry + term-i|--interactive/term + listitemparaIf this parameter is specified it causes the + server to run interactively, not as a daemon, even if the + server is executed on the command line of a shell. Setting this + parameter negates the implicit daemon mode when run from the + command line. + /para/listitem + /varlistentry + + varlistentry + term-M|--model/term + listitemparaSelect process model. + /para/listitem + /varlistentry + + varlistentry + term--maximum-runtime=seconds/term + listitemparaSet maximum runtime of the server process till + autotermination in seconds. + /para/listitem + /varlistentry + + varlistentry + term-b|--show-build/term + listitemparaPrint information about how Samba was built. + /para/listitem + /varlistentry + + varlistentry + term-?|--help/term + listitemparaShow help message./para/listitem
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1ec5486 smbd: Always free the talloc_stackframe() before leaving smbd_do_query_security_desc from a11595b docs: Add very basic samba manpage. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1ec5486338772cecf953e150ebb717a8845c98d4 Author: Andrew Bartlett abart...@samba.org Date: Thu Oct 11 22:29:43 2012 +1100 smbd: Always free the talloc_stackframe() before leaving smbd_do_query_security_desc Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Oct 11 15:20:54 CEST 2012 on sn-devel-104 --- Summary of changes: source3/smbd/nttrans.c |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 1011bd7..f5e5877 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1916,12 +1916,14 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn, if ((security_info_wanted SECINFO_SACL) !(fsp-access_mask SEC_FLAG_SYSTEM_SECURITY)) { DEBUG(10, (Access to SACL denied.\n)); + TALLOC_FREE(frame); return NT_STATUS_ACCESS_DENIED; } if ((security_info_wanted (SECINFO_DACL|SECINFO_OWNER|SECINFO_GROUP)) !(fsp-access_mask SEC_STD_READ_CONTROL)) { DEBUG(10, (Access to DACL, OWNER, or GROUP denied.\n)); + TALLOC_FREE(frame); return NT_STATUS_ACCESS_DENIED; } @@ -1942,6 +1944,7 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn, fsp, security_info_wanted, frame, psd); } if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); return status; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c2d1474 provision: Always create DNS user. via 276460c wafsamba: Ignore some more symbols when checking for dupes. from 1ec5486 smbd: Always free the talloc_stackframe() before leaving smbd_do_query_security_desc http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c2d14747d608d406de6410556807d467cd0b85ef Author: Jelmer Vernooij jel...@samba.org Date: Thu Oct 11 14:45:10 2012 +0200 provision: Always create DNS user. The DNS user is currently only used by the bind9 plugin. This makes it easier to later on switch between the builtin DNS server and bind backend. In addition, ideally the internal DNS server would use that (separate) user too. Autobuild-User(master): Jelmer Vernooij jel...@samba.org Autobuild-Date(master): Thu Oct 11 17:05:40 CEST 2012 on sn-devel-104 commit 276460cf8afb4894fe1e980c7a75e866c14ba144 Author: Jelmer Vernooij jel...@samba.org Date: Thu Oct 11 14:39:50 2012 +0200 wafsamba: Ignore some more symbols when checking for dupes. --- Summary of changes: buildtools/wafsamba/symbols.py |2 +- .../scripting/python/samba/provision/__init__.py | 31 --- 2 files changed, 14 insertions(+), 19 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/symbols.py b/buildtools/wafsamba/symbols.py index 13d84b9..daa18b9 100644 --- a/buildtools/wafsamba/symbols.py +++ b/buildtools/wafsamba/symbols.py @@ -569,7 +569,7 @@ def symbols_whyneeded(task): def report_duplicate(bld, binname, sym, libs, fail_on_error): '''report duplicated symbols''' -if sym in ['_init', '_fini']: +if sym in ['_init', '_fini', '_edata', '_end', '__bss_start']: return libnames = [] for lib in libs: diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index 9966192..d9ba90c 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -969,7 +969,7 @@ def setup_samdb_rootdse(samdb, names): def setup_self_join(samdb, admin_session_info, names, fill, machinepass, -dns_backend, dnspass, domainsid, next_rid, invocationid, +dnspass, domainsid, next_rid, invocationid, policyguid, policyguid_dc, domainControllerFunctionality, ntdsguid=None, dc_rid=None): Join a host to its own domain. @@ -1048,17 +1048,14 @@ def setup_self_join(samdb, admin_session_info, names, fill, machinepass, samdb.set_session_info(admin_session_info) -if dns_backend != SAMBA_INTERNAL: -# This is Samba4 specific and should be replaced by the correct -# DNS AD-style setup -setup_add_ldif(samdb, setup_path(provision_dns_add_samba.ldif), { - DNSDOMAIN: names.dnsdomain, - DOMAINDN: names.domaindn, - DNSPASS_B64: b64encode(dnspass.encode('utf-16-le')), - HOSTNAME : names.hostname, - DNSNAME : '%s.%s' % ( - names.netbiosname.lower(), names.dnsdomain.lower()) - }) +setup_add_ldif(samdb, setup_path(provision_dns_add_samba.ldif), { + DNSDOMAIN: names.dnsdomain, + DOMAINDN: names.domaindn, + DNSPASS_B64: b64encode(dnspass.encode('utf-16-le')), + HOSTNAME : names.hostname, + DNSNAME : '%s.%s' % ( + names.netbiosname.lower(), names.dnsdomain.lower()) + }) def getpolicypath(sysvolpath, dnsdomain, guid): @@ -1146,7 +1143,7 @@ def setup_samdb(path, session_info, provision_backend, lp, names, def fill_samdb(samdb, lp, names, logger, domainsid, domainguid, policyguid, -policyguid_dc, fill, adminpass, krbtgtpass, machinepass, dns_backend, +policyguid_dc, fill, adminpass, krbtgtpass, machinepass, dnspass, invocationid, ntdsguid, serverrole, am_rodc=False, dom_for_fun_level=None, schema=None, next_rid=None, dc_rid=None): @@ -1334,7 +1331,6 @@ def fill_samdb(samdb, lp, names, logger, domainsid, domainguid, policyguid, logger.info(Setting up self join) setup_self_join(samdb, admin_session_info, names=names, fill=fill, invocationid=invocationid, -dns_backend=dns_backend, dnspass=dnspass, machinepass=machinepass, domainsid=domainsid, @@ -1607,8 +1603,8 @@ def provision_fill(samdb, secrets_ldb, logger, names, paths, next_rid=1000, dc_rid=None, adminpass=None, krbtgtpass=None, domainguid=None, policyguid=None, policyguid_dc=None, invocationid=None, machinepass=None, ntdsguid=None, - dns_backend=None,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via cabd2b2 s3fs-printing: Simplify the comment and location handling. via 49959cf packaging: Add support for reloading systemd services. from c2d1474 provision: Always create DNS user. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cabd2b2e960a7d6346b621a4cf37429c944a7720 Author: Andreas Schneider a...@samba.org Date: Thu Oct 11 14:46:56 2012 +0200 s3fs-printing: Simplify the comment and location handling. Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Thu Oct 11 18:49:15 CEST 2012 on sn-devel-104 commit 49959cffc5717764cc4a5a654eab63bfe5f21603 Author: Andreas Schneider a...@samba.org Date: Wed Oct 10 11:30:15 2012 +0200 packaging: Add support for reloading systemd services. --- Summary of changes: packaging/systemd/nmb.service |1 + packaging/systemd/samba.service |1 + packaging/systemd/smb.service |1 + packaging/systemd/winbind.service |1 + source3/printing/printer_list.c | 30 +- 5 files changed, 21 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/packaging/systemd/nmb.service b/packaging/systemd/nmb.service index a2ecd22..e5e81a1 100644 --- a/packaging/systemd/nmb.service +++ b/packaging/systemd/nmb.service @@ -7,6 +7,7 @@ Type=forking PIDFile=/run/nmbd.pid EnvironmentFile=-/etc/sysconfig/samba ExecStart=/usr/sbin/nmbd $NMBDOPTIONS +ExecReload=/usr/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target diff --git a/packaging/systemd/samba.service b/packaging/systemd/samba.service index d2db18c..e2878d1 100644 --- a/packaging/systemd/samba.service +++ b/packaging/systemd/samba.service @@ -8,6 +8,7 @@ PIDFile=/run/samba.pid LimitNOFILE=16384 EnvironmentFile=-/etc/sysconfig/samba ExecStart=/usr/sbin/samba $SAMBAOPTIONS +ExecReload=/usr/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target diff --git a/packaging/systemd/smb.service b/packaging/systemd/smb.service index 70d9842..d0d945a 100644 --- a/packaging/systemd/smb.service +++ b/packaging/systemd/smb.service @@ -8,6 +8,7 @@ PIDFile=/run/smbd.pid LimitNOFILE=16384 EnvironmentFile=-/etc/sysconfig/samba ExecStart=/usr/sbin/smbd $SMBDOPTIONS +ExecReload=/usr/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target diff --git a/packaging/systemd/winbind.service b/packaging/systemd/winbind.service index 9ce1b52..eff266f 100644 --- a/packaging/systemd/winbind.service +++ b/packaging/systemd/winbind.service @@ -7,6 +7,7 @@ Type=forking PIDFile=/run/winbindd.pid EnvironmentFile=-/etc/sysconfig/samba ExecStart=/usr/sbin/winbindd $WINBINDOPTIONS +ExecReload=/usr/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target diff --git a/source3/printing/printer_list.c b/source3/printing/printer_list.c index 0afb84b..6e02ee5 100644 --- a/source3/printing/printer_list.c +++ b/source3/printing/printer_list.c @@ -148,8 +148,6 @@ NTSTATUS printer_list_set_printer(TALLOC_CTX *mem_ctx, TDB_DATA data; uint64_t time_64; uint32_t time_h, time_l; - const char *str = NULL; - const char *str2 = NULL; NTSTATUS status; int len; @@ -164,24 +162,25 @@ NTSTATUS printer_list_set_printer(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - if (comment) { - str = comment; - } else { - str = ; + if (comment == NULL) { + comment = ; } - if (location) { - str2 = location; - } else { - str2 = ; + if (location == NULL) { + location = ; } - time_64 = last_refresh; time_l = time_64 0xL; time_h = time_64 32; - len = tdb_pack(NULL, 0, PL_DATA_FORMAT, time_h, time_l, name, str, str2); + len = tdb_pack(NULL, 0, + PL_DATA_FORMAT, + time_h, + time_l, + name, + comment, + location); data.dptr = talloc_array(key, uint8_t, len); if (!data.dptr) { @@ -192,7 +191,12 @@ NTSTATUS printer_list_set_printer(TALLOC_CTX *mem_ctx, data.dsize = len; len = tdb_pack(data.dptr, data.dsize, - PL_DATA_FORMAT, time_h, time_l, name, str, str2); + PL_DATA_FORMAT, + time_h, + time_l, + name, + comment, + location); status = dbwrap_store_bystring_upper(db, key, data, TDB_REPLACE); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 21b58b5 samba.join: Fix multiple spaces. via 1aa291c selftest: Move some tests to common test script. via 1080b6c selftests.tests: Remove reference to Samba 4. via 2adf27a samba.provision.sambadns: Use == to compare strings, not 'is'. from cabd2b2 s3fs-printing: Simplify the comment and location handling. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 21b58b5eacb67b4dee6e7efe90bd529bbfd6ef77 Author: Jelmer Vernooij jel...@samba.org Date: Thu Oct 11 17:23:13 2012 +0200 samba.join: Fix multiple spaces. Autobuild-User(master): Jelmer Vernooij jel...@samba.org Autobuild-Date(master): Thu Oct 11 20:30:43 CEST 2012 on sn-devel-104 commit 1aa291c331c29c2f5ee4572b660c4c2061755856 Author: Jelmer Vernooij jel...@samba.org Date: Fri Oct 5 11:46:25 2012 +0200 selftest: Move some tests to common test script. commit 1080b6c2caf1191fd896f3caf38e576a00b01982 Author: Jelmer Vernooij jel...@samba.org Date: Fri Oct 5 11:39:34 2012 +0200 selftests.tests: Remove reference to Samba 4. commit 2adf27a99b999a4fd0329d9fa398a9208b60e367 Author: Jelmer Vernooij jel...@samba.org Date: Thu Oct 11 17:11:44 2012 +0200 samba.provision.sambadns: Use == to compare strings, not 'is'. --- Summary of changes: selftest/tests.py | 10 ++ source4/scripting/python/samba/join.py |2 +- .../scripting/python/samba/provision/sambadns.py |2 +- source4/selftest/tests.py |2 -- 4 files changed, 8 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/tests.py b/selftest/tests.py index 506ed73..d9ad9e9 100644 --- a/selftest/tests.py +++ b/selftest/tests.py @@ -1,16 +1,16 @@ #!/usr/bin/python # This script generates a list of testsuites that should be run as part of -# the Samba 4 test suite. +# the Samba test suite. # The output of this script is parsed by selftest.pl, which then decides # which of the tests to actually run. It will, for example, skip all tests # listed in selftest/skip or only run a subset during make quicktest. -# The idea is that this script outputs all of the tests of Samba 4, not +# The idea is that this script outputs all of the tests of Samba, not # just those that are known to pass, and list those that should be skipped # or are known to fail in selftest/skip or selftest/knownfail. This makes it -# very easy to see what functionality is still missing in Samba 4 and makes -# it possible to run the testsuite against other servers, such as Samba 3 or +# very easy to see what functionality is still missing in Samba and makes +# it possible to run the testsuite against other servers, such as # Windows that have a different set of features. # The syntax for a testsuite is -- TEST -- on a single line, followed @@ -21,3 +21,5 @@ from selftesthelpers import * planpythontestsuite(none, samba.tests.source) +planpythontestsuite(none, selftest.tests.test_suite, extra_path=[srcdir()]) +planpythontestsuite(none, subunit) diff --git a/source4/scripting/python/samba/join.py b/source4/scripting/python/samba/join.py index 7b511f8..c55c22c 100644 --- a/source4/scripting/python/samba/join.py +++ b/source4/scripting/python/samba/join.py @@ -749,7 +749,7 @@ class dc_join(object): print Done with always replicated NC (base, config, schema) for nc in (ctx.domaindns_zone, ctx.forestdns_zone): -if nc in ctx.nc_list: +if nc in ctx.nc_list: print Replicating %s % (str(nc)) repl.replicate(nc, source_dsa_invocation_id, destination_dsa_guid, rodc=ctx.RODC, diff --git a/source4/scripting/python/samba/provision/sambadns.py b/source4/scripting/python/samba/provision/sambadns.py index 576a33f..a66fde1 100644 --- a/source4/scripting/python/samba/provision/sambadns.py +++ b/source4/scripting/python/samba/provision/sambadns.py @@ -1017,7 +1017,7 @@ def setup_ad_dns(samdb, secretsdb, domainsid, names, paths, lp, logger, if not is_valid_os_level(os_level): raise Exception(Invalid os level: %r % os_level) -if dns_backend is NONE: +if dns_backend == NONE: logger.info(No DNS backend set, not configuring DNS) return diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 756b28c..d99c4b0 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -417,7 +417,6 @@ def planoldpythontestsuite(env, module, name=None, extra_path=[], environ={}, ex name = module plantestsuite(name, env, args) -planpythontestsuite(none, selftest.tests.test_suite, extra_path=[srcdir()]) planpythontestsuite(none, api, name=ldb.python,
Re: [SCM] Samba Shared Repository - branch master updated
Hi Jelmer, - Log - commit c2d14747d608d406de6410556807d467cd0b85ef Author: Jelmer Vernooij jel...@samba.org Date: Thu Oct 11 14:45:10 2012 +0200 provision: Always create DNS user. The DNS user is currently only used by the bind9 plugin. This makes it easier to later on switch between the builtin DNS server and bind backend. In addition, ideally the internal DNS server would use that (separate) user too. Why? Isn't that the job of samba_upgradedns? I removed this behavior because I want us to match windows as much as possible. metze signature.asc Description: OpenPGP digital signature
provision: Always create DNS user.
On Thu, 2012-10-11 at 21:23 +0200, Stefan (metze) Metzmacher wrote: Hi Jelmer, - Log - commit c2d14747d608d406de6410556807d467cd0b85ef Author: Jelmer Vernooij jel...@samba.org Date: Thu Oct 11 14:45:10 2012 +0200 provision: Always create DNS user. The DNS user is currently only used by the bind9 plugin. This makes it easier to later on switch between the builtin DNS server and bind backend. In addition, ideally the internal DNS server would use that (separate) user too. Why? Isn't that the job of samba_upgradedns? I removed this behavior because I want us to match windows as much as possible. Jelmer, We discussed this, but I think you misunderstood me. Certainly we can't do this unless we first change the internal DNS server to know about the possibility of a dns-SERVER user. Otherwise it won't use the right key on the kerberos acceptor. I was more thinking that we would keep the previous behaviour (which is more like windows), but allow the internal DNS server to work if a dns-SERVER user exists (rather than strictly requiring it to be removed). Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ff82afb selftest: Move more tests to common list script. from 21b58b5 samba.join: Fix multiple spaces. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ff82afb1f8ad3cf950277487aff05d442d03c969 Author: Jelmer Vernooij jel...@samba.org Date: Fri Oct 5 11:51:37 2012 +0200 selftest: Move more tests to common list script. Autobuild-User(master): Jelmer Vernooij jel...@samba.org Autobuild-Date(master): Fri Oct 12 02:06:42 CEST 2012 on sn-devel-104 --- Summary of changes: selftest/selftesthelpers.py |6 ++ selftest/tests.py | 26 ++ source4/selftest/tests.py | 29 - 3 files changed, 32 insertions(+), 29 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/selftesthelpers.py b/selftest/selftesthelpers.py index 7fc0854..4517030 100644 --- a/selftest/selftesthelpers.py +++ b/selftest/selftesthelpers.py @@ -177,3 +177,9 @@ def planpythontestsuite(env, module, name=None, extra_path=[]): if pypath: args.insert(0, PYTHONPATH=%s % :.join([$PYTHONPATH] + pypath)) plantestsuite_idlist(name, env, args) + + +samba4srcdir = source4dir() +bbdir = os.path.join(srcdir(), testprogs/blackbox) +configuration = --configfile=$SMB_CONF_PATH + diff --git a/selftest/tests.py b/selftest/tests.py index d9ad9e9..26510a8 100644 --- a/selftest/tests.py +++ b/selftest/tests.py @@ -23,3 +23,29 @@ from selftesthelpers import * planpythontestsuite(none, samba.tests.source) planpythontestsuite(none, selftest.tests.test_suite, extra_path=[srcdir()]) planpythontestsuite(none, subunit) +planpythontestsuite(none, samba.tests.blackbox.ndrdump) +planpythontestsuite(none, api, name=ldb.python, extra_path=['lib/ldb/tests/python']) +planpythontestsuite(none, samba.tests.credentials) +planpythontestsuite(none, samba.tests.registry) +planpythontestsuite(none, samba.tests.auth) +planpythontestsuite(none, samba.tests.getopt) +planpythontestsuite(none, samba.tests.security) +planpythontestsuite(none, samba.tests.dcerpc.misc) +planpythontestsuite(none, samba.tests.param) +planpythontestsuite(none, samba.tests.upgrade) +planpythontestsuite(none, samba.tests.core) +planpythontestsuite(none, samba.tests.provision) +planpythontestsuite(none, samba.tests.samba3) +planpythontestsuite(none, samba.tests.strings) +planpythontestsuite(none, samba.tests.netcmd) +planpythontestsuite(none, samba.tests.dcerpc.rpc_talloc) +planpythontestsuite(none, samba.tests.samdb) +planpythontestsuite(none, samba.tests.hostconfig) +planpythontestsuite(none, samba.tests.messaging) +planpythontestsuite(none, samba.tests.samba3sam) +planpythontestsuite(none, wafsamba.tests.test_suite, extra_path=[os.path.join(samba4srcdir, .., buildtools), os.path.join(samba4srcdir, .., buildtools, wafadmin)]) +plantestsuite(samba4.blackbox.dbcheck.alpha13, none , [PYTHON=%s % python, os.path.join(bbdir, dbcheck-alpha13.sh), '$PREFIX_ABS/provision', configuration]) +planpythontestsuite(none, samba.tests.upgradeprovision) +planpythontestsuite(none, samba.tests.xattr) +planpythontestsuite(none, samba.tests.ntacls) +planpythontestsuite(none, samba.tests.policy) diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index d99c4b0..0bc7b29 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -51,8 +51,6 @@ subprocess.call([smb4torture, -V], stdout=sys.stderr) bbdir = os.path.join(srcdir(), testprogs/blackbox) -configuration = --configfile=$SMB_CONF_PATH - torture_options = [configuration, --maximum-runtime=$SELFTEST_MAXTIME, --target=samba4, --basedir=$SELFTEST_TMPDIR] if not os.getenv(SELFTEST_VERBOSE): torture_options.append(--option=torture:progress=no) @@ -314,7 +312,6 @@ planpythontestsuite(s3dc, samba.tests.libsmb_samba_internal); for env in [s3member, s4member, dc, chgdcpass]: plantestsuite(samba4.blackbox.smbclient(%s:local) % env, %s:local % env, [os.path.join(samba4srcdir, utils/tests/test_smbclient.sh), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', smbclient]) -planpythontestsuite(none, samba.tests.blackbox.ndrdump) plantestsuite(samba4.blackbox.samba_tool(dc:local), dc:local, [os.path.join(samba4srcdir, utils/tests/test_samba_tool.sh), '$SERVER', '$SERVER_IP', '$USERNAME', '$PASSWORD', '$DOMAIN', smbclient]) plantestsuite(samba4.blackbox.pkinit(dc:local), dc:local, [os.path.join(bbdir, test_pkinit.sh), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', aes256-cts-hmac-sha1-96, smbclient, configuration]) plantestsuite(samba4.blackbox.kinit(dc:local), dc:local, [os.path.join(bbdir, test_kinit.sh), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX', aes256-cts-hmac-sha1-96, smbclient, configuration]) @@ -417,40 +414,19 @@ def
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-10-12-0429/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-10-12-0429/samba3.stderr http://git.samba.org/autobuild.flakey/2012-10-12-0429/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-10-12-0429/samba.stderr http://git.samba.org/autobuild.flakey/2012-10-12-0429/samba.stdout The top commit at the time of the failure was: commit ff82afb1f8ad3cf950277487aff05d442d03c969 Author: Jelmer Vernooij jel...@samba.org Date: Fri Oct 5 11:51:37 2012 +0200 selftest: Move more tests to common list script. Autobuild-User(master): Jelmer Vernooij jel...@samba.org Autobuild-Date(master): Fri Oct 12 02:06:42 CEST 2012 on sn-devel-104