Re: [Samba] Error installing samba4 on snow leopard OS

[Andrew Bartlett]

On Mon, 2012-10-29 at 00:26 +, gof wrote:
 Support
 
 I've downloaded samba 4 on snow leopard and when I compile it I get an
 error
 by running 'Make test
 error:

This patch, from master, should fix it. 

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org

From aa411045a5ee52d440ccb259a37c6c7489099884 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett abart...@samba.org
Date: Sun, 28 Oct 2012 19:57:58 +1100
Subject: [PATCH] pidl: Remove depends_on=PIDL_MISC as it sets -I/ into CFLAGS

This in turn causes an include of net/if.h to hang on some systems, as
/net/ means to run the automounter!

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett abart...@samba.org
Autobuild-Date(master): Mon Oct 29 01:23:39 CET 2012 on sn-devel-104
---
 librpc/wscript_build | 1 -
 1 file changed, 1 deletion(-)

diff --git a/librpc/wscript_build b/librpc/wscript_build
index ee8483b..0eeb01b 100644
--- a/librpc/wscript_build
+++ b/librpc/wscript_build
@@ -632,7 +632,6 @@ bld.SAMBA_LIBRARY('ndr',
 public_deps='errors talloc samba-util',
 public_headers='gen_ndr/misc.h gen_ndr/ndr_misc.h ndr/libndr.h:ndr.h',
 header_path= [('*gen_ndr*', 'gen_ndr')],
-depends_on='PIDL_MISC',
 vnum='0.0.1',
 abi_directory='ABI',
 abi_match='ndr_* GUID_*',
-- 
1.7.11.7

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] [Announce] Samba 4.0.0rc4 Available for Download

[Karolin Seeger]

Release Announcements
-

This is the fourth release candidate of Samba 4.0.  This is *not*
intended for production environments and is designed for testing
purposes only.  Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.

Samba 4.0 will be the next version of the Samba suite and incorporates
all the technology found in both the Samba4 series and the
stable 3.x series. The primary additional features over Samba 3.6 are
support for the Active Directory logon protocols used by Windows 2000
and above.

This release contains the best of all of Samba's
technology parts, both a file server (that you can reasonably expect
to upgrade existing Samba 3.x releases to) and the AD domain
controller work previously known as 'samba4'.

If you are upgrading, or looking to develop, test or deploy Samba 4.0
releases candidates, you should backup all configuration and data.


UPGRADING
=

Users upgrading from Samba 3.x domain controllers and wanting to use
Samba 4.0 as an AD DC should use the 'samba-tool domain
classicupgrade' command.  See the wiki for more details:
https://wiki.samba.org/index.php/Samba4/samba3upgrade/HOWTO.

Users upgrading from Samba 4.0 alpha and beta releases since alpha15
should run 'samba-tool dbcheck --cross-ncs --fix' before re-starting
Samba.  Users upgrading from earlier alpha releases should contact the
team for advice.

Users upgrading an AD DC from any previous release should run
'samba-tool ntacl sysvolreset' to re-sync ACLs on the sysvol share
with those matching the GPOs in LDAP and the defaults from an initial
provision.  This will set an underlying POSIX ACL if required (eg not
using the NTVFS file server).

If you used the BIND9_FLATFILE or BIND9_DLZ features,
you'll have to add '-dns' to the 'server services' option,
as the internal dns server (SAMBA_INTERNAL) is the default now.


NEW FEATURES


Samba 4.0 supports the server-side of the Active Directory logon
environment used by Windows 2000 and later, so we can do full domain
join and domain logon operations with these clients.

Our Domain Controller (DC) implementation includes our own built-in
LDAP server and Kerberos Key Distribution Center (KDC) as well as the
Samba3-like logon services provided over CIFS.  We correctly generate
the infamous Kerberos PAC, and include it with the Kerberos tickets we
issue.

Samba 4.0.0rc4 ships with two distinct file servers.  We now use the
file server from the Samba 3.x series 'smbd' for all file serving by
default.

Samba 4.0 also ships with the 'NTVFS' file server.  This file server
is what was used in all previous releases of Samba 4.0, and is
tuned to match the requirements of an AD domain controller.  We
continue to support this, not only to provide continuity to
installations that have deployed it as part of an AD DC, but also as a
running example of the NT-FSA architecture we expect to move smbd to in
the longer term.

For pure file server work, the binaries users would expect from that
series (nmbd, winbindd, smbpasswd) continue to be available.  When
running an AD DC, you only need to run 'samba' (not
nmbd/smbd/winbind), as the required services are co-coordinated by this
master binary.

As DNS is an integral part of Active Directory, we also provide two DNS
solutions, a simple internal DNS server for 'out of the box' configurations
and a more elaborate BIND plugin using the BIND DLZ mechanism in versions
9.8 and 9.9. During the provision, you can select which backend to use.
With the internal backend, your DNS server is good to go.
If you chose the BIND_DLZ backend, a configuration file will be generated
for bind to make it use this plugin, as well as a file explaining how to
set up bind.

To provide accurate timestamps to Windows clients, we integrate with
the NTP project to provide secured NTP replies.  To use you need to
start ntpd and configure it with the 'restrict ... ms-sntp' and
ntpsigndsocket options.

Finally, a new scripting interface has been added to Samba 4, allowing
Python programs to interface to Samba's internals, and many tools and
internal workings of the DC code is now implemented in python.


##
Changes
###

smb.conf changes


   Parameter Name   Description
   --   ---

   allow dns updatesNew
   announce as  Removed
   announce version Removed
   cldap port   New
   client max protocol  New
   client min protocol  New
   client signing   Changed default
   dcerpc endpoint servers  New
   dgram port   New
   directory security mask  Removed
   display charset  Removed
   dns forwarderNew
   dns update command  

[Samba] ntlm_auth allowing users which are denied access

[Prateek Kumar]

Hi,
   I am using samba 3.2.2 with freeradius . I have joined the domain 
able to authenticate users with ntlm_auth.

If in ADS-2003 I configure the Remote Access Permission for the user (
User-properties-Dial-in ) as Deny then if I use the ntlm_auth
--username=user --password=password I get NT_STATUS_OK. What could be the
reason for this behavior , or is there any patch for this?

Also if I use windows server's radius server than I am not able to connect
my user be NT_STATUS_OKcause access is denied for that user.

Thanks  Regards,
Prateek
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] ntlm_auth allowing users which are denied access

[Andrew Bartlett]

On Tue, 2012-10-30 at 16:27 +0530, Prateek Kumar wrote:
 Hi,
I am using samba 3.2.2 with freeradius . I have joined the domain 
 able to authenticate users with ntlm_auth.
 
 If in ADS-2003 I configure the Remote Access Permission for the user (
 User-properties-Dial-in ) as Deny then if I use the ntlm_auth
 --username=user --password=password I get NT_STATUS_OK. What could be the
 reason for this behavior , or is there any patch for this?
 
 Also if I use windows server's radius server than I am not able to connect
 my user be NT_STATUS_OKcause access is denied for that user.

There is nothing that ntlm_auth does to indicate to the DC that this is
for a remote access server, compared with say, Squid or a CIFS login.
That's why it doesn't fail.

Perhaps the --require-membership-of option might help, but I don't know
what that particular GUI option sets.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Unable to create GPO with rc3 and a few authentication problems

[felix]

 Hello.

 I had encountered a few problems with 2 Samba 4 rc3 DCs serving domain
 migrated from Windows 2003 R2. I post them altogether, since they look
 related.

 1. Unable to create or delete GPOs.
 # bin/samba-tool gpo create somegpo
 ERROR(ldb): uncaught exception - LDAP error 50
 LDAP_INSUFFICIENT_ACCESS_RIGHTS -  dsdb_access: Access check failed on
 CN=Policies,CN=System,DC=klin,DC=kifato-mk,DC=com 
   File
 /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py,
 line 175, in _run
 return self.run(*args, **kwargs)
   File
 /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/gpo.py,
 line 952, in run
 self.samdb.add(m)

 I'm not sure if this is a schema or authentication problem. Could someone
 suggest how should that be investigated?

 2. Some hosts fail to update records via Samba internal DNS (Andrew, sorry
 for duplicating, but this is updated).
 It looks like this on debug level = 5:
 [2012/10/30 02:23:38,  1]
 ../source4/dns_server/dns_server.c:150(dns_process_send)
   Failed to verify TSIG!
 Hosts are Windows XP, Windows 7, Samba 3 on Linux. Some do update
 succesfully, some can succeed some time (say, 5 hours) later, or may still
 fail. This is weird.
 I should mention that we had some problem with Windows 2k3 demotion -
 during the process it had rewritten the SOA on (the only at that moment)
 Samba DC and put it's own hostname in SOA's primary NS field. We had to
 fix that manually by replacing the SOA record in corresponding LDB.
 Maybe we had just missed something? Any ideas on what's wrong?

 3. Some hosts may suddenly reject valid tickets for RPC calls.
 Somewhat like the previous one. For example, on some non-DC host I do:
 $ kinit
 $ #Got a ticket for some admin user, btw MIT is used here
 $ net rpc shutdown -S somehost -f -k # Samba 3's net command
 It may succeed for some hosts, but fail with NT_LOGON_FAILURE few hours
 later, before the ticket expires (and DCs still accept this ticket for
 e.g. samba-tool drs showrepl). Or it may later suceed for a host it was
 failing for. Renewing the ticket doesn't change anything.
 So, something strange for me, too. I had tried to reset some machine
 accounts and to rejoin some hosts. No luck.

 4. Unrelated to the previous ones. Well, I'm sorry, I hadn't read the
 source to see if this is supposed to happen. But I'd better say that
 before I forget, just in case.
 Try to rename some host using Windows GUI (My Computer - Properties) and
 check if CN, sAMAccountName and member for corresponding groups are
 changed correctly. In my experience, only sAMAccountName is changed.
 Once again, sorry if this is OK.



Something similar happens to me. But I noticed that I can create a new GPO
only with the first user the system had: administrator. None of the new
admin users I created worked, only administrator.

Best regards,
Felix.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Login problems - Daylight

[Natália Vaz]

Good afternoon guys.

I have a network problem due to the change of daylight.
The releases and time blockages worked correctly until the last weekend, so
as the clocks were advanced in one hour, the system is only allowing to
login one hour after the time released.
For example, all users can log on to the network after 7am (this is what is
defined), but samba only releases the login log from 8am.

The time of the workstations are synchronized with the server.

The returned message in the log is:
[25/10/2012 07:56:57.013090, 1] auth / check_samsec.c: 159 (logon_hours_ok)
 logon_hours_ok:  Account for user * not allowed to log on at this time
(Thu Oct 25 07:56:57 2012).

Does anyone have any idea what can be done?

-- 
Natália Vaz Silva
Administradora de redes
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba Digest, Vol 118, Issue 31

[spina]

Pessoal, bom dia!

Estarei de férias no período de 05/10 a 28/10, retornando no dia 29/10/2012.
Na minha ausência as dúvidas poderão ser resolvidas pela seguinte equipe:

Ricardo: Coordenação da equipe TI, e-mails e servidores – AMP e Inpacom - (011) 
3616-1417
Igor: Gemma - AMP e Inpacom - (011) 3616-1438
Luciano e Vagner: Ginjo/ Silbra - Todos os sistemas - (011) 3659-3096
Robson: Indisa - Todos os sistemas - (019) 3765-6000

Essa é uma resposta automática. 

Até mais.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] git pull error

[felix]

Hi everyone:

I've been getting this error today. What can I do to solve it? It's
happened before and I have deleted my copy of samba and started from
scratch again.
Is there any other way to solve it?

felix@laz:~/Descargas/samba-master$ git clean -fdx
felix@laz:~/Descargas/samba-master$ git pull
error: Unable to find f6b8919c44b379e83697a99c808c72e13d38b4b6 under
http://gitweb.samba.org/samba.git
Cannot obtain needed commit f6b8919c44b379e83697a99c808c72e13d38b4b6
while processing commit d8fc4cd25e40164e23c0375b073cb42723892146.
error: Fetch failed.


Felix.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba4 rc4 not configure in freebsd 9.1

[Luiz Gustavo dos S. Costa]

Hi list,

I tried run the configure script of the samba4 version rc4 in a
freebsd 9.1-RC2 without successful.

i put the output of configure in a binpaste url:

http://zlin.dk/p/?ZmE5MjA0

root@samba4:/samba/devel/samba-4.0.0rc4 # uname -a
FreeBSD samba4.ad.mundounix.com.br 9.1-RC2 FreeBSD 9.1-RC2 #0 r241106:
Mon Oct  1 18:26:44 UTC 2012
r...@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64

Thanks for any help.

Gustavo - gugabsd
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Disabling Roaming Profile Support

[Jeff Dickens]

From
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html:

Disabling Roaming Profile Support

The question often asked is, “How may I enforce use of local profiles?” or “How
do I disable roaming profiles?”

There are three ways of doing this:
In smb.conf

Affect the following settings and ALL clients will be forced to use a local
profile: logon home =
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONHOMEand
logon
path =
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONPATH

The arguments to these parameters must be left blank. It is necessary to
include the = sign to specifically assign the empty value.


This apparently no longer works, or at least it doesn't work properly with
an LDAP server.

Can anyone comment on why? I'm running Samba 3.6.3-2 on Ubuntu 12.04.



-- 
* Jeff Dickens*
 IT Manager  978-632-1513
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Disabling Roaming Profile Support

[Marcio Oli]

In my case, I'm using:

logon path =
logon home =
logon drive =

It is working ok, in other words, with local profiles only.
Test the configurations with testparm command to see the output of the
smb.conf file.


Regards,
Marcio Oliveira.


2012/10/30 Jeff Dickens j...@seamanpaper.com

 From
 http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html
 :

 Disabling Roaming Profile Support

 The question often asked is, “How may I enforce use of local profiles?” or
 “How
 do I disable roaming profiles?”

 There are three ways of doing this:
 In smb.conf

 Affect the following settings and ALL clients will be forced to use a local
 profile: logon home =
 
 http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONHOME
 and
 logon
 path =
 
 http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONPATH
 

 The arguments to these parameters must be left blank. It is necessary to
 include the = sign to specifically assign the empty value.


 This apparently no longer works, or at least it doesn't work properly with
 an LDAP server.

 Can anyone comment on why? I'm running Samba 3.6.3-2 on Ubuntu 12.04.



 --
 * Jeff Dickens*
  IT Manager  978-632-1513
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba




-- 
Marcio Oliveira.
Tudo concorre para o bem daqueles que amam à Deus. (Rom 8,28)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 rc4 not configure in freebsd 9.1

[Andrew Bartlett]

On Tue, 2012-10-30 at 16:51 -0200, Luiz Gustavo dos S. Costa wrote:
 Hi list,
 
 I tried run the configure script of the samba4 version rc4 in a
 freebsd 9.1-RC2 without successful.
 
 i put the output of configure in a binpaste url:
 
 http://zlin.dk/p/?ZmE5MjA0
 
 root@samba4:/samba/devel/samba-4.0.0rc4 # uname -a
 FreeBSD samba4.ad.mundounix.com.br 9.1-RC2 FreeBSD 9.1-RC2 #0 r241106:
 Mon Oct  1 18:26:44 UTC 2012
 r...@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64

Sadly I didn't get my build fixes into the RC branch before rc4.  The
attached should help, along with the fix for xattr support.

At this point master and v4-0-test have diverged, which is why there are
these differences.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org

From b5aed614bfe6da2c4034773291ad619e610f1115 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett abart...@samba.org
Date: Tue, 23 Oct 2012 17:31:03 +1100
Subject: [PATCH 37/39] lib/replace: Fix configure on FreeBSD: define_ret is
 not correct here

define_ret is for when the output of the compiled and run program
should be put into the configure define.  This is not the case
here.

Andrew Bartlett
---
 lib/replace/wscript | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/replace/wscript b/lib/replace/wscript
index 2e1dd65..5249e40 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -217,7 +217,6 @@ def configure(conf):
 msg=Checking correct behavior of strtoll,
 headers = 'errno.h',
 execute = True,
-define_ret = True,
 define = 'HAVE_BSD_STRTOLL',
 )
 conf.CHECK_FUNCS('if_nametoindex strerror_r')
-- 
1.7.11.7

From 2756c3ce5c7d5d066dc76592dd1078a8594b983b Mon Sep 17 00:00:00 2001
From: Andrew Bartlett abart...@samba.org
Date: Sat, 27 Oct 2012 19:15:58 +1100
Subject: [PATCH] lib/replace: Return size of xattr if size argument is 0

This makes rep_{f,}getxattr a more complete replacement for the linux function.

Andrew Bartlett
---
 lib/replace/xattr.c | 15 ---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/lib/replace/xattr.c b/lib/replace/xattr.c
index 8e1c989..a26ff67 100644
--- a/lib/replace/xattr.c
+++ b/lib/replace/xattr.c
@@ -71,7 +71,9 @@ ssize_t rep_getxattr (const char *path, const char *name, void *value, size_t si
 	 * that the buffer is large enough to fit the returned value.
 	 */
 	if((retval=extattr_get_file(path, attrnamespace, attrname, NULL, 0)) = 0) {
-		if(retval  size) {
+		if (size == 0) {
+			return retval;
+		} else if (retval  size) {
 			errno = ERANGE;
 			return -1;
 		}
@@ -88,6 +90,9 @@ ssize_t rep_getxattr (const char *path, const char *name, void *value, size_t si
 	if (strncmp(name, system, 6) == 0) flags |= ATTR_ROOT;
 
 	retval = attr_get(path, attrname, (char *)value, valuelength, flags);
+	if (size == 0  retval == -1  errno == E2BIG) {
+		return valuelength;
+	}
 
 	return retval ? retval : valuelength;
 #elif defined(HAVE_ATTROPEN)
@@ -126,7 +131,9 @@ ssize_t rep_fgetxattr (int filedes, const char *name, void *value, size_t size)
 	const char *attrname = ((s=strchr(name, '.')) == NULL) ? name : s + 1;
 
 	if((retval=extattr_get_fd(filedes, attrnamespace, attrname, NULL, 0)) = 0) {
-		if(retval  size) {
+		if (size == 0) {
+			return retval;
+		} else if (retval  size) {
 			errno = ERANGE;
 			return -1;
 		}
@@ -143,7 +150,9 @@ ssize_t rep_fgetxattr (int filedes, const char *name, void *value, size_t size)
 	if (strncmp(name, system, 6) == 0) flags |= ATTR_ROOT;
 
 	retval = attr_getf(filedes, attrname, (char *)value, valuelength, flags);
-
+	if (size == 0  retval == -1  errno == E2BIG) {
+		return valuelength;
+	}
 	return retval ? retval : valuelength;
 #elif defined(HAVE_ATTROPEN)
 	ssize_t ret = -1;
-- 
1.7.11.7

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Unable to create GPO with rc3 and a few authentication problems

[Dmitry Khromov]

 I had encountered a few problems with 2 Samba 4 rc3 DCs serving domain 
 migrated from Windows 2003 R2. I post them altogether, since they look 
 related.
 
 1. Unable to create or delete GPOs.
 # bin/samba-tool gpo create somegpo
 ERROR(ldb): uncaught exception - LDAP error 50 
 LDAP_INSUFFICIENT_ACCESS_RIGHTS -  dsdb_access: Access check failed on 
 CN=Policies,CN=System,DC=klin,DC=kifato-mk,DC=com 
   File 
 /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py, 
 line 175, in _run
 return self.run(*args, **kwargs)
   File /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/gpo.py, 
 line 952, in run
 self.samdb.add(m)
 
 I'm not sure if this is a schema or authentication problem. Could someone 
 suggest how should that be investigated?

It looks like in default Windows schema only members of Domain Admins can 
modify cn=Policies. If one will allow Domain controllers group to have rw 
access too, the LDAP-related error disappears. However, sysvol FS access error 
will raise (due to the fact machine accounts do not have write permissions on 
sysvol/fqdn/Policies after samba-tool ntacl sysvolreset).
So, should samba-tool really use machine account for GPO operations?

-- 
Best regards,
Dmitry Khromov
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Unable to create GPO with rc3 and a few authentication problems

[Andrew Bartlett]

On Wed, 2012-10-31 at 03:33 +0400, Dmitry Khromov wrote:
  I had encountered a few problems with 2 Samba 4 rc3 DCs serving domain 
  migrated from Windows 2003 R2. I post them altogether, since they look 
  related.
  
  1. Unable to create or delete GPOs.
  # bin/samba-tool gpo create somegpo
  ERROR(ldb): uncaught exception - LDAP error 50 
  LDAP_INSUFFICIENT_ACCESS_RIGHTS -  dsdb_access: Access check failed on 
  CN=Policies,CN=System,DC=klin,DC=kifato-mk,DC=com 
File 
  /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py, 
  line 175, in _run
  return self.run(*args, **kwargs)
File 
  /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/gpo.py, line 
  952, in run
  self.samdb.add(m)
  
  I'm not sure if this is a schema or authentication problem. Could someone 
  suggest how should that be investigated?
 
 It looks like in default Windows schema only members of Domain Admins can 
 modify cn=Policies. If one will allow Domain controllers group to have rw 
 access too, the LDAP-related error disappears. However, sysvol FS access 
 error will raise (due to the fact machine accounts do not have write 
 permissions on sysvol/fqdn/Policies after samba-tool ntacl sysvolreset).
 So, should samba-tool really use machine account for GPO operations?

Probably not for write operations. 

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Unable to create GPO with rc3 and a few authentication problems

[Dmitry Khromov]

 On Wed, 2012-10-31 at 03:33 +0400, Dmitry Khromov wrote:
   I had encountered a few problems with 2 Samba 4 rc3 DCs serving domain 
   migrated from Windows 2003 R2. I post them altogether, since they look 
   related.
   
   1. Unable to create or delete GPOs.
   # bin/samba-tool gpo create somegpo
   ERROR(ldb): uncaught exception - LDAP error 50 
   LDAP_INSUFFICIENT_ACCESS_RIGHTS -  dsdb_access: Access check failed on 
   CN=Policies,CN=System,DC=klin,DC=kifato-mk,DC=com 
 File 
   /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py,
line 175, in _run
   return self.run(*args, **kwargs)
 File 
   /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/gpo.py, 
   line 952, in run
   self.samdb.add(m)
   
   I'm not sure if this is a schema or authentication problem. Could someone 
   suggest how should that be investigated?
  
  It looks like in default Windows schema only members of Domain Admins can 
  modify cn=Policies. If one will allow Domain controllers group to have rw 
  access too, the LDAP-related error disappears. However, sysvol FS access 
  error will raise (due to the fact machine accounts do not have write 
  permissions on sysvol/fqdn/Policies after samba-tool ntacl sysvolreset).
  So, should samba-tool really use machine account for GPO operations?
 
 Probably not for write operations. 
 
 Andrew Bartlett
 
 -- 
 Andrew Bartletthttp://samba.org/~abartlet/
 Authentication Developer, Samba Team   http://samba.org
 
 

And it actually doesn't. Sorry, I'm an idiot. I forgot the -k switch, so it was 
falling back to machine account. Now it says NT_STATUS_INVALID_OWNER in 
conn.set_acl, but that's a different story.

-- 
Best regards,
Dmitry Khromov
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Unable to create GPO with rc3 and a few authentication problems

[Andrew Bartlett]

On Wed, 2012-10-31 at 03:48 +0400, Dmitry Khromov wrote:
  On Wed, 2012-10-31 at 03:33 +0400, Dmitry Khromov wrote:
I had encountered a few problems with 2 Samba 4 rc3 DCs serving domain 
migrated from Windows 2003 R2. I post them altogether, since they look 
related.

1. Unable to create or delete GPOs.
# bin/samba-tool gpo create somegpo
ERROR(ldb): uncaught exception - LDAP error 50 
LDAP_INSUFFICIENT_ACCESS_RIGHTS -  dsdb_access: Access check failed on 
CN=Policies,CN=System,DC=klin,DC=kifato-mk,DC=com 
  File 
/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py,
 line 175, in _run
return self.run(*args, **kwargs)
  File 
/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/gpo.py, 
line 952, in run
self.samdb.add(m)

I'm not sure if this is a schema or authentication problem. Could 
someone suggest how should that be investigated?
   
   It looks like in default Windows schema only members of Domain Admins can 
   modify cn=Policies. If one will allow Domain controllers group to have 
   rw access too, the LDAP-related error disappears. However, sysvol FS 
   access error will raise (due to the fact machine accounts do not have 
   write permissions on sysvol/fqdn/Policies after samba-tool ntacl 
   sysvolreset).
   So, should samba-tool really use machine account for GPO operations?
  
  Probably not for write operations. 
  
  Andrew Bartlett
  
  -- 
  Andrew Bartletthttp://samba.org/~abartlet/
  Authentication Developer, Samba Team   http://samba.org
  
  
 
 And it actually doesn't. Sorry, I'm an idiot. I forgot the -k switch, so it 
 was falling back to machine account. Now it says NT_STATUS_INVALID_OWNER in 
 conn.set_acl, but that's a different story.

Is this an upgrade from a Samba3 domain?

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] [samba] printer cups

[root]

my samba is working good, only a problem with the classic pdf printer

I get this message from testparm

Warning: Service pdf-printer defines a print command, but print command 
parameter is ignored when using CUPS libraries.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions


and this is my .conf

[global]
workgroup = RSA
netbios name = RSA-INTRANET
server string = RSA-INTRANET
map to guest = Bad User
passdb backend = tdbsam
log file = /var/log/samba/log.%m
dns proxy = No

[pubblico]
comment = condivisione pubblica
path = /var/pubblico
read only = No

[pdf-printer]
path = /var/pubblico/
create mask = 0700
guest ok = Yes
printable = Yes
print command = /usr/bin/printpdf.sh %s
printer name = lp

everyt hings works ok, but the print command isn't executed altough the printer 
is shared and visible on the lan.

thanks for any help

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] [Announce] CTDB release 2.0 is ready for download

[Amitay Isaacs]

This is long overdue CTDB release. There have been numerous code
enhancements and bug fixes since the last release of CTDB.


Highlights
===

* Support for readonly records (http://ctdb.samba.org/doc/readonlyrecords.txt)
* Locking API to detect deadlocks between ctdb and samba
* Fetch-lock optimization to rate-limit concurrent requests for same record
* Support for policy routing
* Modified IP allocation algorithm
* Improved database vacuuming
* New test infrastructure

Reporting bugs  Development Discussion
===

Please discuss this release on the samba-technical mailing list or by
joining the #ctdb IRC channel on irc.freenode.net.

All bug reports should be filed under CTDB product in the project's
Bugzilla database (https://bugzilla.samba.org/).


Download Details
=

The source code can be downloaded from:

  http://ftp.samba.org/pub/ctdb/

Git repository

   git://git.samba.org/ctdb.git
   http://git.samba.org/?p=ctdb.git;a=summary  (Git via web)

CTDB documentation

https://ctdb.samba.org/


Amitay.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Announce] Samba 4.0.0rc4 Available for Download

[Karolin Seeger]

Release Announcements
-

This is the fourth release candidate of Samba 4.0.  This is *not*
intended for production environments and is designed for testing
purposes only.  Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.

Samba 4.0 will be the next version of the Samba suite and incorporates
all the technology found in both the Samba4 series and the
stable 3.x series. The primary additional features over Samba 3.6 are
support for the Active Directory logon protocols used by Windows 2000
and above.

This release contains the best of all of Samba's
technology parts, both a file server (that you can reasonably expect
to upgrade existing Samba 3.x releases to) and the AD domain
controller work previously known as 'samba4'.

If you are upgrading, or looking to develop, test or deploy Samba 4.0
releases candidates, you should backup all configuration and data.


UPGRADING
=

Users upgrading from Samba 3.x domain controllers and wanting to use
Samba 4.0 as an AD DC should use the 'samba-tool domain
classicupgrade' command.  See the wiki for more details:
https://wiki.samba.org/index.php/Samba4/samba3upgrade/HOWTO.

Users upgrading from Samba 4.0 alpha and beta releases since alpha15
should run 'samba-tool dbcheck --cross-ncs --fix' before re-starting
Samba.  Users upgrading from earlier alpha releases should contact the
team for advice.

Users upgrading an AD DC from any previous release should run
'samba-tool ntacl sysvolreset' to re-sync ACLs on the sysvol share
with those matching the GPOs in LDAP and the defaults from an initial
provision.  This will set an underlying POSIX ACL if required (eg not
using the NTVFS file server).

If you used the BIND9_FLATFILE or BIND9_DLZ features,
you'll have to add '-dns' to the 'server services' option,
as the internal dns server (SAMBA_INTERNAL) is the default now.


NEW FEATURES


Samba 4.0 supports the server-side of the Active Directory logon
environment used by Windows 2000 and later, so we can do full domain
join and domain logon operations with these clients.

Our Domain Controller (DC) implementation includes our own built-in
LDAP server and Kerberos Key Distribution Center (KDC) as well as the
Samba3-like logon services provided over CIFS.  We correctly generate
the infamous Kerberos PAC, and include it with the Kerberos tickets we
issue.

Samba 4.0.0rc4 ships with two distinct file servers.  We now use the
file server from the Samba 3.x series 'smbd' for all file serving by
default.

Samba 4.0 also ships with the 'NTVFS' file server.  This file server
is what was used in all previous releases of Samba 4.0, and is
tuned to match the requirements of an AD domain controller.  We
continue to support this, not only to provide continuity to
installations that have deployed it as part of an AD DC, but also as a
running example of the NT-FSA architecture we expect to move smbd to in
the longer term.

For pure file server work, the binaries users would expect from that
series (nmbd, winbindd, smbpasswd) continue to be available.  When
running an AD DC, you only need to run 'samba' (not
nmbd/smbd/winbind), as the required services are co-coordinated by this
master binary.

As DNS is an integral part of Active Directory, we also provide two DNS
solutions, a simple internal DNS server for 'out of the box' configurations
and a more elaborate BIND plugin using the BIND DLZ mechanism in versions
9.8 and 9.9. During the provision, you can select which backend to use.
With the internal backend, your DNS server is good to go.
If you chose the BIND_DLZ backend, a configuration file will be generated
for bind to make it use this plugin, as well as a file explaining how to
set up bind.

To provide accurate timestamps to Windows clients, we integrate with
the NTP project to provide secured NTP replies.  To use you need to
start ntpd and configure it with the 'restrict ... ms-sntp' and
ntpsigndsocket options.

Finally, a new scripting interface has been added to Samba 4, allowing
Python programs to interface to Samba's internals, and many tools and
internal workings of the DC code is now implemented in python.


##
Changes
###

smb.conf changes


   Parameter Name   Description
   --   ---

   allow dns updatesNew
   announce as  Removed
   announce version Removed
   cldap port   New
   client max protocol  New
   client min protocol  New
   client signing   Changed default
   dcerpc endpoint servers  New
   dgram port   New
   directory security mask  Removed
   display charset  Removed
   dns forwarderNew
   dns update command  

[SCM] CTDB repository - branch 1.2.40 updated - ctdb-1.2.53-3-gb746729

[Amitay Isaacs]

The branch, 1.2.40 has been updated
   via  b7467294465b6225982c90315df20a8699ccf812 (commit)
   via  c116d0b107873d679fd6246ef3dd2fbcdbe46b56 (commit)
   via  49e66cf4009c8f8816baa83a4bd4408c540b389c (commit)
  from  046f8799361794997cedae3d4ff812216661e04e (commit)

http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.2.40


- Log -
commit b7467294465b6225982c90315df20a8699ccf812
Author: Amitay Isaacs ami...@gmail.com
Date:   Tue Oct 30 12:39:00 2012 +1100

New Version 1.2.54

Signed-off-by: Amitay Isaacs ami...@gmail.com

commit c116d0b107873d679fd6246ef3dd2fbcdbe46b56
Author: Amitay Isaacs ami...@gmail.com
Date:   Mon Sep 3 12:39:36 2012 +1000

scripts: Remove duplicate code from init script to set tunables

The tunable variables defined in CTDB configuration file are currently
set up from init script as well as part of setup event in 00.ctdb
eventscript.  Remove the duplication of this code and set tunable
variables only from setup event.  During the setup event, it's possible
that ctdb tool commands can timeout if CTDB daemon is not ready.  To guard
against such eventuality, wait till ctdb ping command succeeds before
executing any other ctdb tool commands.

Signed-off-by: Amitay Isaacs ami...@gmail.com

Cherry-picked-from: 632c1b9c1cc2e242376358ce49fd2022b3f27aa2

Conflicts:
config/events.d/00.ctdb

commit 49e66cf4009c8f8816baa83a4bd4408c540b389c
Author: Amitay Isaacs ami...@gmail.com
Date:   Mon Oct 29 14:56:10 2012 +1100

daemon: Protect against double free of callback state while shutting down

When CTDB is shut down and monitoring has been stopped, monitor_context
gets freed and all the callback states hanging off it.  This includes
callback state for current_monitor, if the current monitor event has
not yet finished.  As a result, when the shutdown event is called,
current_monitor-callback state is not NULL, but it's actually freed
and it's a dangling reference.

So before executing callback function and freeing callback state check
if ctdb-monitor-monitor_context is not NULL.

Signed-off-by: Amitay Isaacs ami...@gmail.com

---

Summary of changes:
 config/ctdb.init   |   14 +-
 config/events.d/00.ctdb|   39 +++
 include/ctdb_private.h |1 +
 packaging/RPM/ctdb.spec.in |5 -
 server/ctdb_monitor.c  |7 +++
 server/eventscript.c   |5 +++--
 6 files changed, 47 insertions(+), 24 deletions(-)


Changeset truncated at 500 lines:

diff --git a/config/ctdb.init b/config/ctdb.init
index 7c75726..4fe01e3 100755
--- a/config/ctdb.init
+++ b/config/ctdb.init
@@ -217,16 +217,6 @@ EOF
 done
 }
 
-set_ctdb_variables () {
-# set any tunables from the config file
-set | grep ^CTDB_SET_ | cut -d_ -f3- | 
-while read v; do
-   varname=`echo $v | cut -d= -f1`
-   value=`echo $v | cut -d= -f2`
-   ctdb setvar $varname $value || RETVAL=1
-done || exit 1
-}
-
 set_retval() {
 return $1
 }
@@ -311,9 +301,7 @@ start() {
 esac
 
 if [ $RETVAL -eq 0 ] ; then
-   if wait_until_ready ; then
-   set_ctdb_variables
-   else
+   if ! wait_until_ready ; then
RETVAL=1
pkill -9 -f $ctdbd /dev/null 21
fi
diff --git a/config/events.d/00.ctdb b/config/events.d/00.ctdb
index 4f97185..5ad74bf 100755
--- a/config/events.d/00.ctdb
+++ b/config/events.d/00.ctdb
@@ -30,6 +30,32 @@ update_config_from_tdb() {
}
 }
 
+set_ctdb_variables () {
+# set any tunables from the config file
+set | grep ^CTDB_SET_ | cut -d_ -f3- | 
+while read v; do
+   varname=`echo $v | cut -d= -f1`
+   value=`echo $v | cut -d= -f2`
+   ctdb setvar $varname $value || return 1
+   echo Set $varname to $value
+done
+}
+
+wait_until_ready () {
+_timeout=${1:-10} # default is 10 seconds
+
+_count=0
+while ! ctdb ping /dev/null 21 ; do
+   if [ $_count -ge $_timeout ] ; then
+   return 1
+   fi
+   sleep 1
+   _count=$(($_count + 1))
+done
+}
+
+ctdb_check_args $@
+
 case $1 in 
  init)
 # make sure we have a blank state directory for the scripts to work 
with
@@ -42,14 +68,11 @@ case $1 in
;;
 
  setup)
-   # set any tunables from the config file
-   set | grep ^CTDB_SET_ | cut -d_ -f3- | 
-   while read v; do
-   varname=`echo $v | cut -d= -f1`
-   value=`echo $v | cut -d= -f2`
-   ctdb setvar $varname $value || exit 1
-   echo Set $varname to $value
-   done || exit 1
+# Make sure CTDB daemon is ready to process requests
+if wait_until_ready ; then
+   # set any tunables from the config file
+   set_ctdb_variables
+   fi 

[SCM] CTDB repository - annotated tag ctdb-1.2.54 created - ctdb-1.2.54

[Amitay Isaacs]

The annotated tag, ctdb-1.2.54 has been created
at  519a63ef7aa002e62cae0518ed03ba9fde2e139f (tag)
   tagging  b7467294465b6225982c90315df20a8699ccf812 (commit)
  replaces  ctdb-1.2.53
 tagged by  Amitay Isaacs
on  Tue Oct 30 16:39:15 2012 +1100

- Log -
new version 1.2.54

Amitay Isaacs (3):
  daemon: Protect against double free of callback state while shutting down
  scripts: Remove duplicate code from init script to set tunables
  New Version 1.2.54

---


-- 
CTDB repository

[SCM] CTDB repository - branch master updated - ctdb-1.13-338-g16a91c2

[Amitay Isaacs]

The branch, master has been updated
   via  16a91c2a4d03b46743611e2fe844bb2cef95e46a (commit)
   via  3d4838db51dd8199b9c29aebb6e7bfbd2a27b8bb (commit)
   via  f8af7d8de76e68e5c4bde15f832a31ce9107e8c7 (commit)
   via  8df7ea6b20417833792932487a082b3c71bb6837 (commit)
   via  b151f9b62299ec5b887c62cef780547a39c0ba9d (commit)
  from  9be3b23adbfc844b71bf1d4ddf0fbc3b269f15fa (commit)

http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master


- Log -
commit 16a91c2a4d03b46743611e2fe844bb2cef95e46a
Author: Amitay Isaacs ami...@gmail.com
Date:   Tue Oct 30 11:54:52 2012 +1100

packaging: Use maketarball.sh script to create tarball for RPM

This removes the duplicate code for building tarball and reuses existing
script.

Signed-off-by: Amitay Isaacs ami...@gmail.com

commit 3d4838db51dd8199b9c29aebb6e7bfbd2a27b8bb
Author: Amitay Isaacs ami...@gmail.com
Date:   Tue Oct 30 11:52:19 2012 +1100

packaging: Use optional argument as targetdir when creating tarball

In addition, do not modify CTDB version string with extra suffix.

Signed-off-by: Amitay Isaacs ami...@gmail.com

commit f8af7d8de76e68e5c4bde15f832a31ce9107e8c7
Author: Amitay Isaacs ami...@gmail.com
Date:   Tue Oct 30 11:49:28 2012 +1100

tool/ctdb: Always support ctdb version command, don't make it optional

Signed-off-by: Amitay Isaacs ami...@gmail.com

commit 8df7ea6b20417833792932487a082b3c71bb6837
Author: Amitay Isaacs ami...@gmail.com
Date:   Tue Oct 30 11:48:23 2012 +1100

build: Add rules to create include/version.h when building from git tree

Signed-off-by: Amitay Isaacs ami...@gmail.com

commit b151f9b62299ec5b887c62cef780547a39c0ba9d
Author: Amitay Isaacs ami...@gmail.com
Date:   Tue Oct 30 11:47:24 2012 +1100

packaging: Create include/version.h to define CTDB_VERSION_STRING

Signed-off-by: Amitay Isaacs ami...@gmail.com

---

Summary of changes:
 Makefile.in|8 +++-
 packaging/RPM/ctdb.spec.in |2 +-
 packaging/RPM/makerpms.sh  |   23 +--
 packaging/maketarball.sh   |   28 ++--
 packaging/mkversion.sh |   14 ++
 tools/ctdb.c   |   11 +++
 6 files changed, 44 insertions(+), 42 deletions(-)


Changeset truncated at 500 lines:

diff --git a/Makefile.in b/Makefile.in
index 3294503..fef2e45 100755
--- a/Makefile.in
+++ b/Makefile.in
@@ -63,6 +63,8 @@ SHLD=${CC} ${CFLAGS} ${LDSHFLAGS} -o $@
 LIB_FLAGS=@LDFLAGS@ -Llib @LIBS@ $(POPT_LIBS) $(TALLOC_LIBS) $(TEVENT_LIBS) 
$(TDB_LIBS) \
  @INFINIBAND_LIBS@ @CTDB_PCAP_LDFLAGS@
 
+CTDB_VERSION_H = include/version.h
+
 UTIL_OBJ = lib/util/idtree.o lib/util/db_wrap.o lib/util/strlist.o 
lib/util/util.o \
lib/util/util_time.o lib/util/util_file.o lib/util/fault.o 
lib/util/substitute.o \
lib/util/signal.o
@@ -112,7 +114,7 @@ DIRS = lib bin tests/bin
 
 .SUFFIXES: .c .o .h
 
-all: showflags dirs $(CTDB_SERVER_OBJ) $(CTDB_CLIENT_OBJ) $(CTDB_LIB_OBJ) 
$(BINS) $(SBINS) $(TEST_BINS)
+all: showflags dirs $(CTDB_VERSION_H) $(CTDB_SERVER_OBJ) $(CTDB_CLIENT_OBJ) 
$(CTDB_LIB_OBJ) $(BINS) $(SBINS) $(TEST_BINS)
 
 showflags:
@echo 'ctdb will be compiled with flags:'
@@ -138,6 +140,10 @@ showlayout::
 dirs:
@mkdir -p $(DIRS)
 
+$(CTDB_VERSION_H):
+   @echo Generating $@
+   @./packaging/mkversion.sh
+
 bin/ctdbd: $(CTDB_SERVER_OBJ)
@echo Linking $@
@$(CC) $(CFLAGS) -o $@ $(CTDB_SERVER_OBJ) $(LIB_FLAGS)
diff --git a/packaging/RPM/ctdb.spec.in b/packaging/RPM/ctdb.spec.in
index b0555c7..50287ab 100644
--- a/packaging/RPM/ctdb.spec.in
+++ b/packaging/RPM/ctdb.spec.in
@@ -71,7 +71,7 @@ export CC
 ## always run autogen.sh
 ./autogen.sh
 
-CFLAGS=$RPM_OPT_FLAGS $EXTRA -O0 -D_GNU_SOURCE 
-DCTDB_VERS=\%{version}-%{release}\ ./configure \
+CFLAGS=$RPM_OPT_FLAGS $EXTRA -O0 -D_GNU_SOURCE ./configure \
 %if %with_included_talloc
--with-included-talloc \
 %endif
diff --git a/packaging/RPM/makerpms.sh b/packaging/RPM/makerpms.sh
index 254abde..c216185 100755
--- a/packaging/RPM/makerpms.sh
+++ b/packaging/RPM/makerpms.sh
@@ -52,7 +52,7 @@ mkdir -p `rpm --eval %_rpmdir`/noarch
 mkdir -p `rpm --eval %_rpmdir`/i386
 mkdir -p `rpm --eval %_rpmdir`/x86_64
 
-VERSION=$(${TOPDIR}/packaging/mkversion.sh)
+VERSION=$(${TOPDIR}/packaging/mkversion.sh ${TOPDIR}/include/version.h)
 if [ -z $VERSION ]; then
 exit 1
 fi
@@ -61,23 +61,10 @@ sed -e s/@VERSION@/$VERSION/g \
 ${DIRNAME}/${SPECFILE_IN} \
 ${DIRNAME}/${SPECFILE}
 
-VERSION=$(grep ^Version ${DIRNAME}/${SPECFILE} | sed -e 's/^Version:\ \+//')
-
-if echo | gzip -c --rsyncable -  /dev/null 21 ; then
-   GZIP=gzip -9 --rsyncable
-else
-   GZIP=gzip -9
-fi
-
-pushd ${TOPDIR}
-echo -n Creating ctdb-${VERSION}.tar.gz ... 
-git archive 

[SCM] Samba Shared Repository - branch v4-0-test updated

[Karolin Seeger]

The branch, v4-0-test has been updated
   via  4309dd1 VERSION: Bump version number up to 4.0.0rc5
   via  8c72009 VERSION: Disable GIT snapshot to prepare rc4 release.
  from  f6b8919 WHATSNEW: Update changes since rc3.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test


- Log -
commit 4309dd11e02e41758a03065d435bdd6ce78c4e56
Author: Karolin Seeger ksee...@samba.org
Date:   Tue Oct 30 09:58:41 2012 +0100

VERSION: Bump version number up to 4.0.0rc5

and re-enable GIT snapshots.

Karolin

commit 8c72009f6d9bf85d35d4cefedc935c14dd799516
Author: Karolin Seeger ksee...@samba.org
Date:   Tue Oct 30 09:57:37 2012 +0100

VERSION: Disable GIT snapshot to prepare rc4 release.

Karolin

---

Summary of changes:
 VERSION |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index bdc8768..00ea5a6 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
 # e.g. SAMBA_VERSION_RC_RELEASE=1  #
 #  -  3.0.0rc1  #
 
-SAMBA_VERSION_RC_RELEASE=4
+SAMBA_VERSION_RC_RELEASE=5
 
 
 # To mark SVN snapshots this should be set to 'yes'#


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-0-stable updated

[Karolin Seeger]

The branch, v4-0-stable has been updated
   via  8c72009 VERSION: Disable GIT snapshot to prepare rc4 release.
   via  f6b8919 WHATSNEW: Update changes since rc3.
   via  e83ad06 source3.selftest: Move last variables to selftesthelpers.
   via  ff52138 source3.selftest: Move more variables to be in common. 
(cherry picked from commit 66980989e5b28490cd7b04b576cf39d26f183b90)
   via  23a6320 selftesthelpers: Fix detection of tap2subunit.
   via  d1deda0 selftest: Add --random-order option. (cherry picked from 
commit 67dd28f3605db4cbdc5feacc1121ec3d7dd075a6)
   via  cf1ede2 source4.selftest.tests: Add FIXME about database 
verification. (cherry picked from commit 
1190f385f72f68f22277c8b380f2d4c461c413a4)
   via  2008f37 selftesthelpers: Simplify detection of tap2subunit. (cherry 
picked from commit 05dc5a39a6ad4b1ffafc904faea3e8e40f6f5cde)
   via  85bf826 source3.selftests.tests: Use common 
plansmbtorture4testsuite() function. (cherry picked from commit 
fd607e0a9eefb79130941e244435980afbbb4bf7)
   via  81c796d source3.selftest.tests: Add suffix for 
smbclient3/ntlm_auth3. (cherry picked from commit 
efb27e29dadf58d2dec651ca3a0c108b4cf515ae)
   via  020f3f4 source3.selftest.tests: Remove tabs. (cherry picked from 
commit a841f0fced7abfb0f6d98390c07becdf49a91af5)
   via  5abde61 source4.selftest.tests: Add suffix for 
smbclient4/nmblookup4. (cherry picked from commit 
ea5e2b56c14072eeaa785d05f1da4d439667e8b6)
   via  a3d1446 selftesthelpers: Add function for printing smbtorture4 
version. (cherry picked from commit 58345820c078f79fe7f67b8e6f947691f7237641)
   via  4d2fc2a selftest: Move determining of smbtorture4 options to 
selftesthelpers. (cherry picked from commit 
8237e2727da0d04b82cb3cf644dd337a4c77fe34)
   via  244ca61 selftest/selftesthelpers: Share environment handling for 
extra smbtorture options. (cherry picked from commit 
fcb7926ce544a8d4b0e5aa6577fe21712b38bb53)
   via  e2adfe7 selftest/selftesthelpers.py: Share configuration variable, 
strip whitespace. (cherry picked from commit 
6bcb25673bdc249f5a49ded912d90bc84b13809d)
   via  5cdec48 selftesthelpers: Share code for listing smbtorture4 tests. 
(cherry picked from commit 4c4d3c86f0430d38f78d16dcb5d365b577ef4227)
   via  af3f83a source4.selftest.tests: Rename plansmbtorturesuite() to 
plansmbtorture4suite(). (cherry picked from commit 
868c8c058306b66fb3baa4a36bfe91d6461805d5)
   via  220b98d source4.selftest.tests: Consistent naming of smbtorture 
binary. (cherry picked from commit 55507d0612ecf2db34867eb6065fc5038ea81aa0)
   via  76bbf16 samba.tests.docs: Ignore removed parameters. (cherry picked 
from commit 364ed82d22bbcd69ae237098ba8d6946969bd390)
   via  7461d45 smb.conf(5): Mark four removed parameters as such. (cherry 
picked from commit 4b4e8e21235615af94788fa0ebfa0b0bc09f14fd)
   via  c7e9ab5 samba.tests.docs: Assume docs are generated by waf. (cherry 
picked from commit ed37b8ad14d496114654017d394fa18d63456aee)
   via  87f45c8 samba.tests.docs: Write error output from xsltproc to 
standard out. (cherry picked from commit 
cfa72bcc5e93a840fc07f5d419216443ef8f7599)
   via  f31db3e samba.tests.docs: Skip tests if xsltproc is not present. 
(cherry picked from commit 8412b57f5ce40901a0a4e2e66c5f9bcbdcb4b46e)
   via  afd55f7 smb.conf(5): Consistent spelling of parameter names.
   via  a23aa34 samba.tests.docs: Support spaces before synonyms. (cherry 
picked from commit 32fad2b910a9e4f9b753b43cb818c72829236a88)
   via  6a34a8a samba.tests.docs: Support synonyms. (cherry picked from 
commit be4dea45daca51a817a7c383a4092bf69650c6cd)
   via  a05c65f samba.tests.docs: Distinguish between unknown and 
undocumened parameters. (cherry picked from commit 
d0e644e0c83636b4e4c6b52ce0f861ffe38cedeb)
   via  97ddb5c tests: Convert find_missing_doc into a unit test. (cherry 
picked from commit d2f8fe855d0705faf216714cf147038563c0ba7e)
   via  ccec37c smb.conf(5): Fix mixing of tabs and spaces. (cherry picked 
from commit 47902702b3e6390de05f8fca2bc457936af9f5c1)
   via  6461f02 smb.conf(5): Add basic documentation for 'nsupdate 
command'. (cherry picked from commit aad30c062fd176fa15994a44a0178d51764cdbf7)
   via  d6bb051 smb.conf(5): Add basic documentation for 'afs token 
lifetime'. (cherry picked from commit 0cea6daffe42f5b9b6ee61eb430da3f86bea31df)
   via  2a2efb9 smb.conf(5): Add 'ldap password sync' as synonym for 'ldap 
passwd sync'. (cherry picked from commit 
695df863eddd6ee323229fe29a4a40712f3553b4)
   via  2059769 smb.conf(5): Add 'socket address' as alias for 'nbt client 
socket address'. (cherry picked from commit 
6c160e3892eea219c50bbb2d1113460817bfad08)
   via  b4eb7ff smb.conf(5): Add basic documentation for 'tls dh params 
file'. (cherry picked from commit 03b48e2bdbea30afad9b414fbab5dae67e57b5cf)
   via  b0cd55e smb.conf(5): Add basic documentation for 'tls enabled'. 
(cherry picked from 

[SCM] Samba Shared Repository - annotated tag samba-4.0.0rc4 created

[Karolin Seeger]

The annotated tag, samba-4.0.0rc4 has been created
at  5ee38616a89f84a71acd9448985dcec5a4d2148e (tag)
   tagging  8c72009f6d9bf85d35d4cefedc935c14dd799516 (commit)
  replaces  samba-4.0.0rc3
 tagged by  Karolin Seeger
on  Tue Oct 30 09:08:56 2012 +0100

- Log -
samba: tag release samba-4.0.0rc4
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.18 (GNU/Linux)

iD8DBQBQj4sibzORW2Vot+oRAlqFAJ9SnbA8FYiBn9oiQwRif1yaEBAqRgCeK2N6
rYmjiTq7ivnx4bzEkWThCDU=
=f7yN
-END PGP SIGNATURE-

Andreas Schneider (2):
  BUG #9295: Build standard auth modules as internal modules.
  packaging: Move smbprint to a comman location.

Andrew Bartlett (2):
  build: Assert that auth_domain, auth_builtin, auth_sam, auth_winbind are 
builtin
  ldb: bump version to 1.1.13 so the 4.0 release can get the isprint fix

Björn Baumbach (2):
  docs: fix opening and ending tag mismatch: para
  docs: fix opening and ending tag mismatch: para

Christian Ambach (1):
  s3:utils/net fix a compiler warning

David Disseldorp (1):
  pam_winbind: fix segfault in pam_sm_authenticate()

Gregor Beck (22):
  s3:auth: use const in smb_pam_xxx_session()
  s3:rpc_server/srvsvc: remove function net_enum_pipes()
  s3:lib: remove unused function connections_traverse()
  s3:smbcontrol: don't do stack_trace by connection but by server_id.
  s3:count_current_connections: do not clear orphaned entries from 
connections.tdb
  s3:net_status_shares: use connections_forall_read for a read only 
traversal
  s3:smbd: pass smbXsrv_session instead of user_struct to session_claim() 
and session_yield()
  s3:smbd: remove smbd_server_connection argument from session_claim()
  s3:smbd: initialize session-global before calling session_claim
  s3:smbd: use session_global_id as session number for pam and utmp
  s3:smbXsrv_session: add smbXsrv_session_global_traverse()
  s3:smbXsrv_tcon: add smbXsrv_tcon_global_traverse()
  s3:build: move sessionid_tdb.o and conn_tdb.o to SMBD_OBJ_BASE
  s3:smbd:setup_new_vc_session: traverse sessions instead of connections to 
shutdown other smbds
  s3:smbd/connection: use smbXsrv_tcon_traverse to count connections
  s3:lib: implement sessionid_traverse_read with 
smb2srv_session_traverse_read
  s3:smbd: don't use (fill) sessionid.tdb in session_claim/yield any more.
  s3:net_serverid: remove sessionid_traverse from net serverid wipedbs
  s3:lib: remove unused sessionid_*() functions
  s3:net_serverid: remove connections_forall from net serverid wipedbs
  s3:lib: remove function connections_forall()
  s3:lib/conn_tdb: implement connections_forall_read() based on 
smbXsrv_*_global_traverse()

Jelmer Vernooij (62):
  wafsamba: Ignore some more symbols when checking for dupes. (cherry 
picked from commit 276460cf8afb4894fe1e980c7a75e866c14ba144)
  samba.provision.sambadns: Use == to compare strings, not 'is'. (cherry 
picked from commit 2adf27a99b999a4fd0329d9fa398a9208b60e367)
  samba4-tests: Move 'samba.tests.source' up.
  selftests.tests: Remove reference to Samba 4. (cherry picked from commit 
1080b6c2caf1191fd896f3caf38e576a00b01982)
  selftest: Move some tests to common test script. (cherry picked from 
commit 1aa291c331c29c2f5ee4572b660c4c2061755856)
  samba.join: Fix multiple spaces.
  selftest: Move more tests to common list script.
  samba-tool user test: Fix expected output.
  smb.conf(5): Extend 'server min protocol' description. (cherry picked 
from commit dfe75c2f3591652a370a36f73f70e8055bda9d11)
  smb.conf(5): Add basic documentation for 'winbindd socket directory'. 
(cherry picked from commit d0b38752471dd870ad640fd39076bc51f84c57d1)
  smb.conf(5): Add basic documentation for 'winbindd privileged socket 
directory'. (cherry picked from commit 3cea6257a9e4a3e1dc46e6c555d57992a73d6e6c)
  smb.conf(5): Add : to idmap config description to mark it as parametric. 
(cherry picked from commit c6ba8575ea7fe8b0fdc49d4f823ca441ae99070a)
  smb.conf(5): Add basic documentation for 'ntvfs handler'. (cherry picked 
from commit 394258ad4c3413388e800800b2b1b941de037fa3)
  smb.conf(5): Add basic documentation for 'dns forwarder'. (cherry picked 
from commit e9d91cd4a133d7acb377341282230f99f5e10a12)
  smb.conf(5): Add basic documentation 'winbind sealed pipes'. (cherry 
picked from commit e7c8fcaea5b06897603abb6f4f38ce39b400c9a7)
  samba-tool user: Fix typos, improve messages. (cherry picked from commit 
d09f15163843c5a027476e9087ae96700f6de003)
  smb.conf(5): Add basic documentation for 'samba kcc command'. (cherry 
picked from commit a63d6a909406c2d0e04f6142f9614c3543ae2d1b)
  smb.conf(5): Add basic documentation for 'server services'. (cherry 
picked from commit 3cc61af7ff3b90026fdc6fc84ad905041154bfaf)
  smb.conf(5): Add basic documentation for 'dns update command'. (cherry 

[SCM] Samba Shared Repository - branch v4-0-test updated

[Karolin Seeger]

The branch, v4-0-test has been updated
   via  7e100a2 WHATSNEW: Correct list of changed parameters.
  from  4309dd1 VERSION: Bump version number up to 4.0.0rc5

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test


- Log -
commit 7e100a2d8fe479e612bae0cae9dc6003bf723768
Author: Karolin Seeger ksee...@samba.org
Date:   Tue Oct 30 11:31:08 2012 +0100

WHATSNEW: Correct list of changed parameters.

These synonyms do still exist.
Thanks to Björn Baumbach for noticing!

Karolin

Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org
Autobuild-Date(v4-0-test): Tue Oct 30 13:13:46 CET 2012 on sn-devel-104

---

Summary of changes:
 WHATSNEW.txt |2 --
 1 files changed, 0 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index dc3b1e4..bbc11c8 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -125,8 +125,6 @@ smb.conf changes
kernel share modes  New
kpasswd portNew
krb5 port   New
-   max protocolRemoved
-   min protocolRemoved
nbt client socket address   New
nbt portNew
nsupdate commandNew


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[David Disseldorp]

The branch, master has been updated
   via  a3a1cd4 packaging: Add NetworkManager dispatcher script for winbind.
  from  4dfded0 s3: Use file_id_string in file_id_string_tos

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit a3a1cd4797c99cb5fd0234c2dfe40e5dcafb05f8
Author: Andreas Schneider a...@cryptomilk.org
Date:   Fri Oct 26 12:46:21 2012 +0200

packaging: Add NetworkManager dispatcher script for winbind.

Signed-off-by: Andreas Schneider a...@cryptomilk.org
Signed-off-by: Andreas Schneider a...@samba.org
Reviewed-by: David Disseldorp dd...@samba.org

Autobuild-User(master): David Disseldorp dd...@samba.org
Autobuild-Date(master): Tue Oct 30 13:17:02 CET 2012 on sn-devel-104

---

Summary of changes:
 packaging/NetworkManager/30-winbind-systemd |   20 
 packaging/NetworkManager/README |6 ++
 2 files changed, 26 insertions(+), 0 deletions(-)
 create mode 100755 packaging/NetworkManager/30-winbind-systemd
 create mode 100644 packaging/NetworkManager/README


Changeset truncated at 500 lines:

diff --git a/packaging/NetworkManager/30-winbind-systemd 
b/packaging/NetworkManager/30-winbind-systemd
new file mode 100755
index 000..af0edf9
--- /dev/null
+++ b/packaging/NetworkManager/30-winbind-systemd
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+winbind_is_active=$(/bin/systemctl is-active winbind.service)
+test ${winbind_is_active} = active || exit 0
+
+winbind_offline_logon=$(testparm -s --parameter-name winbind offline logon 
2/dev/null)
+test ${winbind_offline_logon} = Yes || exit 0
+
+case $2 in
+   up|vpn-up)
+   nmb_is_active=$(/bin/systemctl is-active nmb.service)
+   if test ${nmb_is_active} = active; then
+   /bin/systemctl try-restart nmb.service || :
+   fi
+   /usr/bin/smbcontrol winbind online || :
+   ;;
+   down)
+   /usr/bin/smbcontrol winbind offline
+   ;;
+esac
diff --git a/packaging/NetworkManager/README b/packaging/NetworkManager/README
new file mode 100644
index 000..0db8be6
--- /dev/null
+++ b/packaging/NetworkManager/README
@@ -0,0 +1,6 @@
+This directory includes files for the dispatcher of NetworkManager. The files
+need to be copied to /etc/NetworkManager/dispatcher.d/ and will be 
automatically
+called if a network interface goes up or down.
+
+30-winbind-systemd: This will set winbind into offline mode if you have winbind
+offline logon turned on.


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Björn Jacke]

The branch, master has been updated
   via  e6643fb wafbuild: use -Wstack-protector if available
   via  9a03cc9 wafbuild: use WERROR_FLAGS in 
wscript_configure_system_mitkrb5
   via  fdead58 ccan/wafbuild: use WERROR_CFLAGS instead of -Werror
   via  7fcb253 wafbuild: reorder the Werror checks so that the ambigous w2 
option is being checked last
   via  5169204 wafbuild: merge the missing IBM compiler Werror flag 
-qhalt=w to waf
   via  0342ca4 wfabuild: fix the -errwarn compile flag test
  from  a3a1cd4 packaging: Add NetworkManager dispatcher script for winbind.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit e6643fbf48afccd0acedb65fbe24d3ce84d44c40
Author: Björn Jacke b...@sernet.de
Date:   Tue Oct 30 13:00:58 2012 +0100

wafbuild: use -Wstack-protector if available

Autobuild-User(master): Björn Jacke b...@sernet.de
Autobuild-Date(master): Tue Oct 30 15:04:30 CET 2012 on sn-devel-104

commit 9a03cc93f45a6908c73afe2d059a4ebf5534fdb7
Author: Björn Jacke b...@sernet.de
Date:   Tue Oct 30 12:19:24 2012 +0100

wafbuild: use WERROR_FLAGS in wscript_configure_system_mitkrb5

commit fdead585dc11101761ac975935134c6a84ea3b4f
Author: Björn Jacke b...@sernet.de
Date:   Tue Oct 30 12:07:26 2012 +0100

ccan/wafbuild: use WERROR_CFLAGS instead of -Werror

commit 7fcb2532b99ddf65d78dd02ea06ce8a1a6229949
Author: Björn Jacke b...@sernet.de
Date:   Tue Oct 30 11:48:25 2012 +0100

wafbuild: reorder the Werror checks so that the ambigous w2 option is being 
checked last

commit 51692042d9f898c5e8f1cbc78031e37d23ec032a
Author: Björn Jacke b...@sernet.de
Date:   Tue Oct 30 11:37:34 2012 +0100

wafbuild: merge the missing IBM compiler Werror flag -qhalt=w to waf

commit 0342ca40629d5a57db02c7f840809dfa0bde6780
Author: Björn Jacke b...@sernet.de
Date:   Tue Oct 30 11:32:52 2012 +0100

wfabuild: fix the -errwarn compile flag test

as in the autoconf build this must be -errwarn=%all

---

Summary of changes:
 lib/ccan/wscript |   17 +++--
 lib/replace/wscript  |9 -
 lib/util/util_net.c  |3 +++
 wscript_configure_system_mitkrb5 |4 ++--
 4 files changed, 20 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/ccan/wscript b/lib/ccan/wscript
index 4af9dd4..59b8205 100644
--- a/lib/ccan/wscript
+++ b/lib/ccan/wscript
@@ -7,26 +7,23 @@ def configure(conf):
 conf.CHECK_HEADERS('err.h')
 conf.CHECK_HEADERS('byteswap.h')
 conf.CHECK_FUNCS('bswap_64', link=False, headers=byteswap.h)
-
-# FIXME: if they don't have -Werror, these will all fail.  But they
-# probably will anyway...
 conf.CHECK_CODE('int __attribute__((cold)) func(int x) { return x; }',
-addmain=False, link=False, cflags=-Werror,
+addmain=False, link=False, 
cflags=conf.env['WERROR_CFLAGS'],
 define='HAVE_ATTRIBUTE_COLD')
 conf.CHECK_CODE('int __attribute__((const)) func(int x) { return x; }',
-addmain=False, link=False, cflags=-Werror,
+addmain=False, link=False, 
cflags=conf.env['WERROR_CFLAGS'],
 define='HAVE_ATTRIBUTE_CONST')
 conf.CHECK_CODE('void __attribute__((noreturn)) func(int x) { exit(x); }',
-addmain=False, link=False, cflags=-Werror,
+addmain=False, link=False, 
cflags=conf.env['WERROR_CFLAGS'],
 define='HAVE_ATTRIBUTE_NORETURN')
 conf.CHECK_CODE('void __attribute__((format(__printf__, 1, 2))) func(const 
char *fmt, ...) { }',
-addmain=False, link=False, cflags=-Werror,
+addmain=False, link=False, 
cflags=conf.env['WERROR_CFLAGS'],
 define='HAVE_ATTRIBUTE_PRINTF')
 conf.CHECK_CODE('int __attribute__((unused)) func(int x) { return x; }',
-addmain=False, link=False, cflags=-Werror,
+addmain=False, link=False, 
cflags=conf.env['WERROR_CFLAGS'],
 define='HAVE_ATTRIBUTE_UNUSED')
 conf.CHECK_CODE('int __attribute__((used)) func(int x) { return x; }',
-addmain=False, link=False, cflags=-Werror,
+addmain=False, link=False, 
cflags=conf.env['WERROR_CFLAGS'],
 define='HAVE_ATTRIBUTE_USED')
 # We try to use headers for a compile-time test.
 conf.CHECK_CODE(code = #ifdef __BYTE_ORDER
@@ -121,7 +118,7 @@ def configure(conf):
 link=True,
 define='HAVE_TYPEOF')
 conf.CHECK_CODE('int __attribute__((warn_unused_result)) func(int x) { 
return x; }',
-addmain=False, link=False, cflags=-Werror,
+addmain=False, link=False, 
cflags=conf.env['WERROR_CFLAGS'],
 

[SCM] Samba Shared Repository - branch master updated

[Michael Adam]

The branch, master has been updated
   via  d8fc4cd s3:smb2_read: fix SMBD_SMB2_NUM_IOV_PER_REQ check for 
sendfile() support (bug #9341)
  from  e6643fb wafbuild: use -Wstack-protector if available

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit d8fc4cd25e40164e23c0375b073cb42723892146
Author: Stefan Metzmacher me...@samba.org
Date:   Tue Oct 30 11:08:19 2012 +0100

s3:smb2_read: fix SMBD_SMB2_NUM_IOV_PER_REQ check for sendfile() support 
(bug #9341)

Reported-by: Sebastien LAVEZE sebastien.lav...@mindspeed.com
Signed-off-by: Stefan Metzmacher me...@samba.org
Reviewed-by: Michael Adam ob...@samba.org
Tested-by: Sebastien LAVEZE sebastien.lav...@mindspeed.com

Autobuild-User(master): Michael Adam ob...@samba.org
Autobuild-Date(master): Tue Oct 30 16:49:26 CET 2012 on sn-devel-104

---

Summary of changes:
 source3/smbd/smb2_read.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/smb2_read.c b/source3/smbd/smb2_read.c
index 2890f86..41adb03 100644
--- a/source3/smbd/smb2_read.c
+++ b/source3/smbd/smb2_read.c
@@ -277,7 +277,7 @@ static NTSTATUS schedule_smb2_sendfile_read(struct 
smbd_smb2_request *smb2req,
if (!lp__use_sendfile(SNUM(fsp-conn)) ||
smb2req-do_signing ||
smb2req-do_encryption ||
-   smb2req-in.vector_count  (2*SMBD_SMB2_NUM_IOV_PER_REQ) ||
+   smb2req-in.vector_count = (2*SMBD_SMB2_NUM_IOV_PER_REQ) ||
(fsp-base_fsp != NULL) ||
(fsp-wcp != NULL) ||
(!S_ISREG(fsp-fsp_name-st.st_ex_mode)) ||


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Volker Lendecke]

The branch, master has been updated
   via  a88e3be s3:docs document shadow:snapdirseverywhere option of 
vfs_shadow_copy2
  from  d8fc4cd s3:smb2_read: fix SMBD_SMB2_NUM_IOV_PER_REQ check for 
sendfile() support (bug #9341)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit a88e3be794a7458ad644e5b73435971533aa7dbe
Author: Christian Ambach a...@samba.org
Date:   Tue Oct 30 15:39:02 2012 +0100

s3:docs document shadow:snapdirseverywhere option of vfs_shadow_copy2

Autobuild-User(master): Volker Lendecke v...@samba.org
Autobuild-Date(master): Tue Oct 30 18:32:57 CET 2012 on sn-devel-104

---

Summary of changes:
 docs-xml/manpages/vfs_shadow_copy2.8.xml |   15 +++
 1 files changed, 15 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages/vfs_shadow_copy2.8.xml 
b/docs-xml/manpages/vfs_shadow_copy2.8.xml
index 34f3d1b..b313416 100644
--- a/docs-xml/manpages/vfs_shadow_copy2.8.xml
+++ b/docs-xml/manpages/vfs_shadow_copy2.8.xml
@@ -157,6 +157,21 @@
 /para
 /listitem
 /varlistentry
+   varlistentry
+   termshadow:snapdirseverywhere = yes/no
+   /term
+   listitem
+   paraIf you enable command moreinfo=none
+   shadow:snapdirseverywhere /command then this module will look
+   out for snapshot directories in the current and all parent
+   directories of the current working directory.
+   An example where this is needed are independent filesets in
+   IBM's GPFS, but other filesystems might support snapshotting
+   only particular subtrees of the filesystem as well.
+   /para
+   /listitem
+   /varlistentry
+
/variablelist
 /refsect1
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Jeremy Allison]

The branch, master has been updated
   via  39e58d6 s3fs-utils: Free the popt context in smbcacls and smbquotas.
   via  aca807c s3fs-net: Use talloc for memory allocation.
  from  a88e3be s3:docs document shadow:snapdirseverywhere option of 
vfs_shadow_copy2

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 39e58d6845ee4dab0e9ae1537fccaed837ead728
Author: Andreas Schneider a...@samba.org
Date:   Mon Oct 29 21:12:14 2012 +0100

s3fs-utils: Free the popt context in smbcacls and smbquotas.

Signed-off-by: Andreas Schneider a...@samba.org
Reviewed by: Jeremy Allison j...@samba.org

Autobuild-User(master): Jeremy Allison j...@samba.org
Autobuild-Date(master): Tue Oct 30 20:22:46 CET 2012 on sn-devel-104

commit aca807c94cdb44cc846562400495ee3a7114f8e0
Author: Andreas Schneider a...@samba.org
Date:   Mon Oct 29 21:12:13 2012 +0100

s3fs-net: Use talloc for memory allocation.

Signed-off-by: Andreas Schneider a...@samba.org
Reviewed by: Jeremy Allison j...@samba.org

---

Summary of changes:
 source3/utils/net.c|2 +-
 source3/utils/smbcacls.c   |2 ++
 source3/utils/smbcquotas.c |2 ++
 3 files changed, 5 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/utils/net.c b/source3/utils/net.c
index eccb522..85fe2f6 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -868,7 +868,7 @@ static struct functable net_func[] = {
break;
case 'U':
c-opt_user_specified = true;
-   c-opt_user_name = SMB_STRDUP(c-opt_user_name);
+   c-opt_user_name = talloc_strdup(c, c-opt_user_name);
p = strchr(c-opt_user_name,'%');
if (p) {
*p = 0;
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index 3d18bee..7df4e48 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -1435,6 +1435,8 @@ static struct cli_state *connect_one(struct 
user_auth_info *auth_info,
return -1;
}
 
+   poptFreeContext(pc);
+
string_replace(path,'/','\\');
 
server = talloc_strdup(frame, path+2);
diff --git a/source3/utils/smbcquotas.c b/source3/utils/smbcquotas.c
index be82e34..b962103 100644
--- a/source3/utils/smbcquotas.c
+++ b/source3/utils/smbcquotas.c
@@ -688,6 +688,8 @@ 
FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT, SETSTRING },
exit(EXIT_PARSE_ERROR);
}
 
+   poptFreeContext(pc);
+
string_replace(path, '/', '\\');
 
server = SMB_STRDUP(path+2);


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Andrew Bartlett]

The branch, master has been updated
   via  a71ad96 ldb: Add ldbdump, based on tdbdump
   via  4b2f3c6 ldb: Remove no-longer-existing ltdb_unpack_data_free from 
ldb_tdb.h
   via  cc6d0de ldb: Change ltdb_unpack_data to take an ldb_context
   via  42c379f samba-tool: Add samba-tool processes subcommand
   via  a732f2a pymessaging: Add irpc_servers_byname() and 
irpc_all_servers()
   via  76b7348 pymessaging: Use the server_id IDL structure rather than a 
tuple
   via  3b4ef03 imessaging: Add irpc_all_servers() to list all available 
servers
  from  39e58d6 s3fs-utils: Free the popt context in smbcacls and smbquotas.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit a71ad96bd046f1199e67b4fe8fc7783cbd8dd771
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Oct 30 15:41:27 2012 +1100

ldb: Add ldbdump, based on tdbdump

This uses a tdb_traverse or (more usefully) the tdb_rescue API, like 
tdbdump.

The difference here is that it uses ldb helper functions to further
eliminate faulty records, which avoids creating duplicates in the output.

(The duplicates come from parts of records that are left in blank space
in the db, which tdb_rescue finds, but which are not actually a full
record).

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett abart...@samba.org
Autobuild-Date(master): Tue Oct 30 23:56:11 CET 2012 on sn-devel-104

commit 4b2f3c6dec997b0dd4bcafeae662a71ebd34e12b
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Oct 30 10:22:28 2012 +1100

ldb: Remove no-longer-existing ltdb_unpack_data_free from ldb_tdb.h

commit cc6d0decc7980028293168aee267e7610752fc80
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Oct 30 10:21:42 2012 +1100

ldb: Change ltdb_unpack_data to take an ldb_context

It always de-references the module to find the ldb anyway.

Andrew Bartlett

commit 42c379f0dfdeb36598bb2636aa2b6e3ca4410930
Author: Andrew Bartlett abart...@samba.org
Date:   Mon Oct 29 15:36:36 2012 +1100

samba-tool: Add samba-tool processes subcommand

This will allow administrators to inspect the process list in a
similar way to what running on a platform with setproctitle might
permit.

--pid= returns the registered server names for a PID (eg kdc, cldap_server)
--name= returns the pids registered with a particular name.

Andrew Bartlett

commit a732f2a621665923322422c5a3d788c9d1aa8df9
Author: Andrew Bartlett abart...@samba.org
Date:   Mon Oct 29 15:34:41 2012 +1100

pymessaging: Add irpc_servers_byname() and irpc_all_servers()

This will allow python scripts to inspect the process list.

Andrew Bartlett

commit 76b7348299870279acec5b7c9f02f4e4b2461703
Author: Andrew Bartlett abart...@samba.org
Date:   Mon Oct 29 15:33:59 2012 +1100

pymessaging: Use the server_id IDL structure rather than a tuple

This will make it easier to pass this structure in and out.  The tuple is 
still
accepted as input.

Andrew Bartlett

commit 3b4ef03097293f758d8f11cbe434063ed1dc6b91
Author: Andrew Bartlett abart...@samba.org
Date:   Mon Oct 29 15:32:21 2012 +1100

imessaging: Add irpc_all_servers() to list all available servers

This is implemented with a tdb_traverse_read(), and will allow a tool
to disover the name and server_id of all Samba processes, as each
process registers itself to recieve messages.

Andrew Bartlett

---

Summary of changes:
 lib/ldb/ldb_tdb/ldb_index.c|2 +-
 lib/ldb/ldb_tdb/ldb_pack.c |4 +-
 lib/ldb/ldb_tdb/ldb_search.c   |6 +-
 lib/ldb/ldb_tdb/ldb_tdb.c  |2 +-
 lib/ldb/ldb_tdb/ldb_tdb.h  |4 +-
 lib/ldb/tools/ldbdump.c|  219 
 lib/ldb/wscript|4 +
 librpc/wscript_build   |5 +
 source4/lib/messaging/irpc.h   |2 +
 source4/lib/messaging/messaging.c  |   71 +++
 source4/lib/messaging/pymessaging.c|  124 +++-
 source4/librpc/idl/irpc.idl|   13 +-
 source4/librpc/wscript_build   |6 +
 source4/scripting/python/samba/netcmd/main.py  |2 +
 source4/scripting/python/samba/netcmd/processes.py |   78 +++
 source4/scripting/python/samba/tests/messaging.py  |   13 +-
 .../python/samba/tests/samba_tool/processes.py |   35 +++
 source4/selftest/tests.py  |1 +
 18 files changed, 572 insertions(+), 19 deletions(-)
 create mode 100644 lib/ldb/tools/ldbdump.c
 create mode 100644 

Re: [SCM] Samba Shared Repository - branch master updated

[simo]

On Tue, 2012-10-30 at 23:57 +0100, Andrew Bartlett wrote:
 commit cc6d0decc7980028293168aee267e7610752fc80
 Author: Andrew Bartlett abart...@samba.org
 Date:   Tue Oct 30 10:21:42 2012 +1100
 
 ldb: Change ltdb_unpack_data to take an ldb_context
 
 It always de-references the module to find the ldb anyway.
 
 Andrew Bartlett 

Andrew,
why are you messing over with these interface conventions ?

I see no rationale for this change, can you please revert and learn a
bit about consistent and predictable interfaces ?

Thanks.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer s...@samba.org
Principal Software Engineer at Red Hat, Inc. s...@redhat.com

[SCM] CTDB repository - branch master updated - ctdb-1.13-340-gceac026

[Amitay Isaacs]

The branch, master has been updated
   via  ceac026713a7ee30ea865ed4a9422900ed76fdf6 (commit)
   via  aad1584da8a8425bc6f5163c95810e9d2390dc91 (commit)
  from  16a91c2a4d03b46743611e2fe844bb2cef95e46a (commit)

http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master


- Log -
commit ceac026713a7ee30ea865ed4a9422900ed76fdf6
Author: Amitay Isaacs ami...@gmail.com
Date:   Wed Oct 31 12:17:27 2012 +1100

web: Update instructions for building from tarball

Signed-off-by: Amitay Isaacs ami...@gmail.com

commit aad1584da8a8425bc6f5163c95810e9d2390dc91
Author: Amitay Isaacs ami...@gmail.com
Date:   Wed Oct 31 12:10:22 2012 +1100

tests: Do not check release suffix in ctdb version test

release suffix added by RPM is to track packaging changes. Core CTDB
version does not include the release suffix.

Signed-off-by: Amitay Isaacs ami...@gmail.com

---

Summary of changes:
 tests/simple/01_ctdb_version.sh |3 ++-
 web/building.html   |   10 +-
 2 files changed, 11 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/tests/simple/01_ctdb_version.sh b/tests/simple/01_ctdb_version.sh
index 5a36ea4..3e1ed3e 100755
--- a/tests/simple/01_ctdb_version.sh
+++ b/tests/simple/01_ctdb_version.sh
@@ -39,8 +39,9 @@ if ! try_command_on_node -v 0 rpm -q ctdb ; then
 fi
 rpm_ver=${out#ctdb-}
 # Some version of RPM append the architecture to the version.
+# And also remove the release suffix.
 arch=$(uname -m)
-rpm_ver=${rpm_ver%.${arch}}
+rpm_ver=${rpm_ver%-*.${arch}}
 
 try_command_on_node -v 0 $CTDB version
 ctdb_ver=${out#CTDB version: }
diff --git a/web/building.html b/web/building.html
index fc4789c..7475078 100644
--- a/web/building.html
+++ b/web/building.html
@@ -4,7 +4,7 @@
 H2 align=centerBuilding CTDB and Samba/h2
 
 h2CTDB/h2
-To build a copy of the CTDB code you should do this:
+To build a copy of CTDB code from a git tree you should do this:
 pre
cd ctdb
./autogen.sh
@@ -13,6 +13,14 @@ To build a copy of the CTDB code you should do this:
make install
 /pre
 
+To build a copy of CTDB code from a tarball you should do this:
+pre
+   tar xf ctdb-x.y.tar.gz
+   cd ctdb-x.y
+   ./configure
+   make
+   make install
+/pre
 You need to install ctdb on all nodes of your cluster.
 
 


-- 
CTDB repository

[SCM] CTDB repository - branch master updated - ctdb-1.13-341-gcd64035

[Amitay Isaacs]

The branch, master has been updated
   via  cd64035d71ddff6aebe6c15a49e09527283425d2 (commit)
  from  ceac026713a7ee30ea865ed4a9422900ed76fdf6 (commit)

http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master


- Log -
commit cd64035d71ddff6aebe6c15a49e09527283425d2
Author: Martin Schwenke mar...@meltin.net
Date:   Wed Oct 31 12:33:25 2012 +1100

ctdbd: Fix compilation warning in locking code

Signed-off-by: Martin Schwenke mar...@meltin.net

---

Summary of changes:
 server/ctdb_lock.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/server/ctdb_lock.c b/server/ctdb_lock.c
index 8097e84..81f0eb3 100644
--- a/server/ctdb_lock.c
+++ b/server/ctdb_lock.c
@@ -1039,13 +1039,13 @@ void ctdb_lock_blocked_handler(struct tevent_context 
*ev,
DEBUG(DEBUG_WARNING,
  (Process %s (pid=%d) locked database %s (inode %lu) for 
%.0lf seconds\n,
   (process_name ? process_name : unknown),
-  blocker_pid, db_name, inode,
+  blocker_pid, db_name, (unsigned long)inode,
   timeval_elapsed(lock_ctx-start_time)));
} else {
DEBUG(DEBUG_WARNING,
  (Process %s (pid=%d) locked database (inode %lu) for 
%.0lf seconds\n,
   (process_name ? process_name : unknown),
-  blocker_pid, inode,
+  blocker_pid, (unsigned long)inode,
   timeval_elapsed(lock_ctx-start_time)));
}
 


-- 
CTDB repository

[SCM] CTDB repository - annotated tag ctdb-2.0 created - ctdb-2.0

[Amitay Isaacs]

The annotated tag, ctdb-2.0 has been created
at  23282c5c861fe5674960ad38ca635350937c6758 (tag)
   tagging  cd64035d71ddff6aebe6c15a49e09527283425d2 (commit)
  replaces  ctdb-1.13
 tagged by  Amitay Isaacs
on  Wed Oct 31 12:36:10 2012 +1100

- Log -
New version 2.0

Amitay Isaacs (89):
  build: Add rules to create ctags/etags
  packaging: Setup directories for rpmbuild
  build: Remove re-definition of same variable
  build: Display correct LIB_FLAGS while building
  build: Use system talloc library if available
  build: Use system tevent library if available
  build: Use system tdb library if available
  recovery: Add prototypes for tdb internal functions
  build: Substitute POPT macros once and reuse variables
  tests/tool: Fix the nodestatus test
  tests/tool: New nodestatus test
  tests: exportfs always outputs with options in brackets
  tests: Add a script to run cluster tests and make target test_cluster
  tests: Add regular expression parsing for hop_count_buckets
  tests: Fix the error messages in test event script
  ctdbd: Fix the error message string
  tests: Check for assigned IP addresses only if we are on real cluster
  tests: Check assigned IPs from ctdb output
  tests: Set the debug level = 3 when running local tests
  tests: Use CTDB_TEST_REAL_CLUSTER to decide if tests use local daemons
  recoverd: Fix spurious warnings when running with --nopublicipcheck
  ctdbd: Fix spurious warnings when running with --nopublicipcheck
  includes: Move special tevent defines from tevent.h to includes.h
  Remove explicit include of lib/tevent/tevent.h.
  ctdb_test: Remove faked wrappers for tevent functions in stub testing
  lib/tevent: Remove local modifications to tevent
  lib/tevent: Remove the files required to build tevent as a library
  lib/tevent: Sync tevent from samba git tree
  lib/talloc: Remove the files required to build talloc as a library
  lib/talloc: Sync talloc from samba git tree
  lib/tdb: Remove the files required to build tdb as a library
  lib/tdb: Sync tdb from samba git tree
  tests/tool: Fix the nodestatus test
  tests/tool: New nodestatus test
  tests: Fix wrapper scripts
  tests: CTDB_TEST_WRAPPER has to be an absolute path on a real cluster
  tests: test_wrap needs to set TEST_SCRIPTS_DIR
  tests/simple: Fix typo in the test message
  server: locking: Provide a common API for non-blocking locking of TDBs
  Revert server: locking: Provide a common API for non-blocking locking of 
TDBs
  tests: Use per node log files when running tests with local daemons
  packaging: make ctdb-tests package depend on nc
  server: Replace BOOL datatype with bool, True/False with true/false
  tests: Fix flakey behavior of ctdb_fetch test
  tests: Fix ctdb_fetch test (parse extra lines of output)
  tests: Increment RSN always in ctdb_update_record_persistent test
  Fix compiler warnings.
  util: Do not try to lockdown memory when running in local daemons mode
  ctdbd: Return explicit boolean values for function returning bool
  Remove tevent_loop_allow_nesting()
  web: Add my name to the developer list.
  util: Do not lock down memory when running with local daemons
  doc: Fix path string of /etc/sysconfig/ctdb file
  Revert when creating/adding a public ip, set the initial interface to be 
the first interface specified
  doc: Fix the hyperlink for Testing CTDB page
  scripts: Remove duplicate code from init script to set tunables
  doc: Fix documentation for setup event
  doc: Add info about execute permissions on event scripts
  header: Added DB statistics update macros
  common: Add routines to get process and lock information
  ctdbd: locking: Provide non-blocking API for locking of TDB 
record/db/alldb
  tools/ctdb: Display the locking statistics
  tests: Fix statistics test for new output lines from locking API
  ctdbd_test: Include ctdb_lock.c code for test stubs
  ctdb_freeze: Replace locking functions with locking API
  ctdb_recover: Replace static locking functions with locking API
  ctdbd: Replace lockwait with locking API and remove ctdb_lockwait.c
  locking: Schedule a new lock request everytime a lock is released
  locking: Add database priority handling for older versions of samba
  locking: Do not use ctdb_kill() to kill smbd processes
  build: Set CTDB_PATH to /tmp/ctdb.socket if SOCKPATH is not defined
  web: Remove reference to non-existent config files
  web: Add the links to ftp/http ctdb download area
  web: Add posix locking information to prerequisites
  doc: README - add information about CTDB, license and website
  build: Extract building of manpages in a separate Makefile
  packaging: Build 

autobuild: intermittent test failure detected

[autobuild]

The autobuild test system has detected an intermittent failing test in 
the current master tree.

The autobuild log of the failure is available here:

   http://git.samba.org/autobuild.flakey/2012-10-31-0246/flakey.log

The samba3 build logs are available here:

   http://git.samba.org/autobuild.flakey/2012-10-31-0246/samba3.stderr
   http://git.samba.org/autobuild.flakey/2012-10-31-0246/samba3.stdout

The source4 build logs are available here:

   http://git.samba.org/autobuild.flakey/2012-10-31-0246/samba.stderr
   http://git.samba.org/autobuild.flakey/2012-10-31-0246/samba.stdout
  
The top commit at the time of the failure was:

commit a71ad96bd046f1199e67b4fe8fc7783cbd8dd771
Author: Andrew Bartlett abart...@samba.org
Date:   Tue Oct 30 15:41:27 2012 +1100

ldb: Add ldbdump, based on tdbdump

This uses a tdb_traverse or (more usefully) the tdb_rescue API, like 
tdbdump.

The difference here is that it uses ldb helper functions to further
eliminate faulty records, which avoids creating duplicates in the output.

(The duplicates come from parts of records that are left in blank space
in the db, which tdb_rescue finds, but which are not actually a full
record).

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett abart...@samba.org
Autobuild-Date(master): Tue Oct 30 23:56:11 CET 2012 on sn-devel-104

[SCM] Samba Shared Repository - branch master updated

[Michael Adam]

The branch, master has been updated
   via  59e9661 Add regression test for bug #9329 - Directory listing with 
SeBackup can crash smbd.
  from  a71ad96 ldb: Add ldbdump, based on tdbdump

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 59e9661de2dd19808295002f1329b27d5dca09e6
Author: Jeremy Allison j...@samba.org
Date:   Mon Oct 29 14:49:36 2012 -0700

Add regression test for bug #9329 - Directory listing with SeBackup can 
crash smbd.

Ensure we exercise the SeBackup code path on directory listings.

Signed-off-by: Jeremy Allison j...@samba.org
Reviewed-by: Michael Adam ob...@samba.org

Autobuild-User(master): Michael Adam ob...@samba.org
Autobuild-Date(master): Wed Oct 31 03:21:38 CET 2012 on sn-devel-104

---

Summary of changes:
 source3/script/tests/test_smbclient_s3.sh |   62 +++-
 source3/selftest/tests.py |   10 ++--
 2 files changed, 64 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/script/tests/test_smbclient_s3.sh 
b/source3/script/tests/test_smbclient_s3.sh
index 3341c62..fb518c5 100755
--- a/source3/script/tests/test_smbclient_s3.sh
+++ b/source3/script/tests/test_smbclient_s3.sh
@@ -2,9 +2,9 @@
 
 # this runs the file serving tests that are expected to pass with samba3
 
-if [ $# -lt 7 ]; then
+if [ $# -lt 11 ]; then
 cat EOF
-Usage: test_smbclient_s3.sh SERVER SERVER_IP DOMAIN USERNAME PASSWORD USERID 
LOCAL_PATH PREFIX SMBCLIENT WBINFO
+Usage: test_smbclient_s3.sh SERVER SERVER_IP DOMAIN USERNAME PASSWORD USERID 
LOCAL_PATH PREFIX SMBCLIENT WBINFO NET
 EOF
 exit 1;
 fi
@@ -19,9 +19,10 @@ LOCAL_PATH=${7}
 PREFIX=${8}
 SMBCLIENT=${9}
 WBINFO=${10}
+NET=${11}
 SMBCLIENT=$VALGRIND ${SMBCLIENT}
 WBINFO=$VALGRIND ${WBINFO}
-shift 10
+shift 11
 ADDARGS=$*
 
 incdir=`dirname $0`/../../../testprogs/blackbox
@@ -489,6 +490,57 @@ EOF
 fi
 }
 
+# Test doing a directory listing with backup privilege.
+test_backup_privilege_list()
+{
+tmpfile=$PREFIX/smbclient_backup_privilege_list
+
+# If we don't have a DOMAIN component to the username, add it.
+echo $USERNAME | grep '\\' 21
+ret=$?
+if [ $ret != 0 ] ; then
+   priv_username=$DOMAIN\\$USERNAME
+else
+   priv_username=$USERNAME
+fi
+
+$NET sam rights grant $priv_username SeBackupPrivilege 21
+ret=$?
+if [ $ret != 0 ] ; then
+   echo Failed to add SeBackupPrivilege to user $priv_username - $ret
+   false
+   return
+fi
+
+cat  $tmpfile EOF
+backup
+ls
+quit
+EOF
+
+cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT $@ -U$USERNAME%$PASSWORD 
//$SERVER/tmp -I $SERVER_IP $ADDARGS  $tmpfile 21'
+eval echo $cmd
+out=`eval $cmd`
+ret=$?
+rm -f $tmpfile
+
+if [ $ret != 0 ] ; then
+   echo $out
+   echo failed backup privilege list $ret
+   false
+   return
+fi
+
+# Now remove all privileges from this SID.
+$NET sam rights revoke $priv_username SeBackupPrivilege 21
+ret=$?
+if [ $ret != 0 ] ; then
+   echo failed to remove SeBackupPrivilege from user $priv_username - 
$ret
+   false
+   return
+fi
+}
+
 LOGDIR_PREFIX=test_smbclient_s3
 
 # possibly remove old logdirs:
@@ -552,6 +604,10 @@ testit using an authentication file \
 test_auth_file || \
 failed=`expr $failed + 1`
 
+testit list with backup privilege \
+test_backup_privilege_list || \
+failed=`expr $failed + 1`
+
 testit rm -rf $LOGDIR \
 rm -rf $LOGDIR || \
 failed=`expr $failed + 1`
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 9b0527c..def4d83 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -180,20 +180,20 @@ plantestsuite(samba3.blackbox.smbclient_auth.plain (%s) 
bad username % env, en
 
 # plain
 for env in [s3dc]:
-plantestsuite(samba3.blackbox.smbclient_s3.plain (%s) % env, env, 
[os.path.join(samba3srcdir, script/tests/test_smbclient_s3.sh), '$SERVER', 
'$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', 
'$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, configuration])
+plantestsuite(samba3.blackbox.smbclient_s3.plain (%s) % env, env, 
[os.path.join(samba3srcdir, script/tests/test_smbclient_s3.sh), '$SERVER', 
'$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', 
'$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration])
 
 for env in [member, s3member]:
-plantestsuite(samba3.blackbox.smbclient_s3.plain (%s) member creds % 
env, env, [os.path.join(samba3srcdir, script/tests/test_smbclient_s3.sh), 
'$SERVER', '$SERVER_IP', '$SERVER', '$SERVER$USERNAME', '$PASSWORD', 
'$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, configuration])
+plantestsuite(samba3.blackbox.smbclient_s3.plain (%s) member creds % 
env, env, [os.path.join(samba3srcdir,