Re: [Samba] Error installing samba4 on snow leopard OS
On Mon, 2012-10-29 at 00:26 +, gof wrote: Support I've downloaded samba 4 on snow leopard and when I compile it I get an error by running 'Make test error: This patch, from master, should fix it. -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org From aa411045a5ee52d440ccb259a37c6c7489099884 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett abart...@samba.org Date: Sun, 28 Oct 2012 19:57:58 +1100 Subject: [PATCH] pidl: Remove depends_on=PIDL_MISC as it sets -I/ into CFLAGS This in turn causes an include of net/if.h to hang on some systems, as /net/ means to run the automounter! Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Mon Oct 29 01:23:39 CET 2012 on sn-devel-104 --- librpc/wscript_build | 1 - 1 file changed, 1 deletion(-) diff --git a/librpc/wscript_build b/librpc/wscript_build index ee8483b..0eeb01b 100644 --- a/librpc/wscript_build +++ b/librpc/wscript_build @@ -632,7 +632,6 @@ bld.SAMBA_LIBRARY('ndr', public_deps='errors talloc samba-util', public_headers='gen_ndr/misc.h gen_ndr/ndr_misc.h ndr/libndr.h:ndr.h', header_path= [('*gen_ndr*', 'gen_ndr')], -depends_on='PIDL_MISC', vnum='0.0.1', abi_directory='ABI', abi_match='ndr_* GUID_*', -- 1.7.11.7 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Announce] Samba 4.0.0rc4 Available for Download
Release Announcements - This is the fourth release candidate of Samba 4.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.0 will be the next version of the Samba suite and incorporates all the technology found in both the Samba4 series and the stable 3.x series. The primary additional features over Samba 3.6 are support for the Active Directory logon protocols used by Windows 2000 and above. This release contains the best of all of Samba's technology parts, both a file server (that you can reasonably expect to upgrade existing Samba 3.x releases to) and the AD domain controller work previously known as 'samba4'. If you are upgrading, or looking to develop, test or deploy Samba 4.0 releases candidates, you should backup all configuration and data. UPGRADING = Users upgrading from Samba 3.x domain controllers and wanting to use Samba 4.0 as an AD DC should use the 'samba-tool domain classicupgrade' command. See the wiki for more details: https://wiki.samba.org/index.php/Samba4/samba3upgrade/HOWTO. Users upgrading from Samba 4.0 alpha and beta releases since alpha15 should run 'samba-tool dbcheck --cross-ncs --fix' before re-starting Samba. Users upgrading from earlier alpha releases should contact the team for advice. Users upgrading an AD DC from any previous release should run 'samba-tool ntacl sysvolreset' to re-sync ACLs on the sysvol share with those matching the GPOs in LDAP and the defaults from an initial provision. This will set an underlying POSIX ACL if required (eg not using the NTVFS file server). If you used the BIND9_FLATFILE or BIND9_DLZ features, you'll have to add '-dns' to the 'server services' option, as the internal dns server (SAMBA_INTERNAL) is the default now. NEW FEATURES Samba 4.0 supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients. Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue. Samba 4.0.0rc4 ships with two distinct file servers. We now use the file server from the Samba 3.x series 'smbd' for all file serving by default. Samba 4.0 also ships with the 'NTVFS' file server. This file server is what was used in all previous releases of Samba 4.0, and is tuned to match the requirements of an AD domain controller. We continue to support this, not only to provide continuity to installations that have deployed it as part of an AD DC, but also as a running example of the NT-FSA architecture we expect to move smbd to in the longer term. For pure file server work, the binaries users would expect from that series (nmbd, winbindd, smbpasswd) continue to be available. When running an AD DC, you only need to run 'samba' (not nmbd/smbd/winbind), as the required services are co-coordinated by this master binary. As DNS is an integral part of Active Directory, we also provide two DNS solutions, a simple internal DNS server for 'out of the box' configurations and a more elaborate BIND plugin using the BIND DLZ mechanism in versions 9.8 and 9.9. During the provision, you can select which backend to use. With the internal backend, your DNS server is good to go. If you chose the BIND_DLZ backend, a configuration file will be generated for bind to make it use this plugin, as well as a file explaining how to set up bind. To provide accurate timestamps to Windows clients, we integrate with the NTP project to provide secured NTP replies. To use you need to start ntpd and configure it with the 'restrict ... ms-sntp' and ntpsigndsocket options. Finally, a new scripting interface has been added to Samba 4, allowing Python programs to interface to Samba's internals, and many tools and internal workings of the DC code is now implemented in python. ## Changes ### smb.conf changes Parameter Name Description -- --- allow dns updatesNew announce as Removed announce version Removed cldap port New client max protocol New client min protocol New client signing Changed default dcerpc endpoint servers New dgram port New directory security mask Removed display charset Removed dns forwarderNew dns update command
[Samba] ntlm_auth allowing users which are denied access
Hi, I am using samba 3.2.2 with freeradius . I have joined the domain able to authenticate users with ntlm_auth. If in ADS-2003 I configure the Remote Access Permission for the user ( User-properties-Dial-in ) as Deny then if I use the ntlm_auth --username=user --password=password I get NT_STATUS_OK. What could be the reason for this behavior , or is there any patch for this? Also if I use windows server's radius server than I am not able to connect my user be NT_STATUS_OKcause access is denied for that user. Thanks Regards, Prateek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ntlm_auth allowing users which are denied access
On Tue, 2012-10-30 at 16:27 +0530, Prateek Kumar wrote: Hi, I am using samba 3.2.2 with freeradius . I have joined the domain able to authenticate users with ntlm_auth. If in ADS-2003 I configure the Remote Access Permission for the user ( User-properties-Dial-in ) as Deny then if I use the ntlm_auth --username=user --password=password I get NT_STATUS_OK. What could be the reason for this behavior , or is there any patch for this? Also if I use windows server's radius server than I am not able to connect my user be NT_STATUS_OKcause access is denied for that user. There is nothing that ntlm_auth does to indicate to the DC that this is for a remote access server, compared with say, Squid or a CIFS login. That's why it doesn't fail. Perhaps the --require-membership-of option might help, but I don't know what that particular GUI option sets. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Unable to create GPO with rc3 and a few authentication problems
Hello. I had encountered a few problems with 2 Samba 4 rc3 DCs serving domain migrated from Windows 2003 R2. I post them altogether, since they look related. 1. Unable to create or delete GPOs. # bin/samba-tool gpo create somegpo ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - dsdb_access: Access check failed on CN=Policies,CN=System,DC=klin,DC=kifato-mk,DC=com File /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/gpo.py, line 952, in run self.samdb.add(m) I'm not sure if this is a schema or authentication problem. Could someone suggest how should that be investigated? 2. Some hosts fail to update records via Samba internal DNS (Andrew, sorry for duplicating, but this is updated). It looks like this on debug level = 5: [2012/10/30 02:23:38, 1] ../source4/dns_server/dns_server.c:150(dns_process_send) Failed to verify TSIG! Hosts are Windows XP, Windows 7, Samba 3 on Linux. Some do update succesfully, some can succeed some time (say, 5 hours) later, or may still fail. This is weird. I should mention that we had some problem with Windows 2k3 demotion - during the process it had rewritten the SOA on (the only at that moment) Samba DC and put it's own hostname in SOA's primary NS field. We had to fix that manually by replacing the SOA record in corresponding LDB. Maybe we had just missed something? Any ideas on what's wrong? 3. Some hosts may suddenly reject valid tickets for RPC calls. Somewhat like the previous one. For example, on some non-DC host I do: $ kinit $ #Got a ticket for some admin user, btw MIT is used here $ net rpc shutdown -S somehost -f -k # Samba 3's net command It may succeed for some hosts, but fail with NT_LOGON_FAILURE few hours later, before the ticket expires (and DCs still accept this ticket for e.g. samba-tool drs showrepl). Or it may later suceed for a host it was failing for. Renewing the ticket doesn't change anything. So, something strange for me, too. I had tried to reset some machine accounts and to rejoin some hosts. No luck. 4. Unrelated to the previous ones. Well, I'm sorry, I hadn't read the source to see if this is supposed to happen. But I'd better say that before I forget, just in case. Try to rename some host using Windows GUI (My Computer - Properties) and check if CN, sAMAccountName and member for corresponding groups are changed correctly. In my experience, only sAMAccountName is changed. Once again, sorry if this is OK. Something similar happens to me. But I noticed that I can create a new GPO only with the first user the system had: administrator. None of the new admin users I created worked, only administrator. Best regards, Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Login problems - Daylight
Good afternoon guys. I have a network problem due to the change of daylight. The releases and time blockages worked correctly until the last weekend, so as the clocks were advanced in one hour, the system is only allowing to login one hour after the time released. For example, all users can log on to the network after 7am (this is what is defined), but samba only releases the login log from 8am. The time of the workstations are synchronized with the server. The returned message in the log is: [25/10/2012 07:56:57.013090, 1] auth / check_samsec.c: 159 (logon_hours_ok) logon_hours_ok: Account for user * not allowed to log on at this time (Thu Oct 25 07:56:57 2012). Does anyone have any idea what can be done? -- Natália Vaz Silva Administradora de redes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba Digest, Vol 118, Issue 31
Pessoal, bom dia! Estarei de férias no período de 05/10 a 28/10, retornando no dia 29/10/2012. Na minha ausência as dúvidas poderão ser resolvidas pela seguinte equipe: Ricardo: Coordenação da equipe TI, e-mails e servidores – AMP e Inpacom - (011) 3616-1417 Igor: Gemma - AMP e Inpacom - (011) 3616-1438 Luciano e Vagner: Ginjo/ Silbra - Todos os sistemas - (011) 3659-3096 Robson: Indisa - Todos os sistemas - (019) 3765-6000 Essa é uma resposta automática. Até mais. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] git pull error
Hi everyone: I've been getting this error today. What can I do to solve it? It's happened before and I have deleted my copy of samba and started from scratch again. Is there any other way to solve it? felix@laz:~/Descargas/samba-master$ git clean -fdx felix@laz:~/Descargas/samba-master$ git pull error: Unable to find f6b8919c44b379e83697a99c808c72e13d38b4b6 under http://gitweb.samba.org/samba.git Cannot obtain needed commit f6b8919c44b379e83697a99c808c72e13d38b4b6 while processing commit d8fc4cd25e40164e23c0375b073cb42723892146. error: Fetch failed. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 rc4 not configure in freebsd 9.1
Hi list, I tried run the configure script of the samba4 version rc4 in a freebsd 9.1-RC2 without successful. i put the output of configure in a binpaste url: http://zlin.dk/p/?ZmE5MjA0 root@samba4:/samba/devel/samba-4.0.0rc4 # uname -a FreeBSD samba4.ad.mundounix.com.br 9.1-RC2 FreeBSD 9.1-RC2 #0 r241106: Mon Oct 1 18:26:44 UTC 2012 r...@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 Thanks for any help. Gustavo - gugabsd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Disabling Roaming Profile Support
From http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html: Disabling Roaming Profile Support The question often asked is, “How may I enforce use of local profiles?” or “How do I disable roaming profiles?” There are three ways of doing this: In smb.conf Affect the following settings and ALL clients will be forced to use a local profile: logon home = http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONHOMEand logon path = http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONPATH The arguments to these parameters must be left blank. It is necessary to include the = sign to specifically assign the empty value. This apparently no longer works, or at least it doesn't work properly with an LDAP server. Can anyone comment on why? I'm running Samba 3.6.3-2 on Ubuntu 12.04. -- * Jeff Dickens* IT Manager 978-632-1513 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Disabling Roaming Profile Support
In my case, I'm using: logon path = logon home = logon drive = It is working ok, in other words, with local profiles only. Test the configurations with testparm command to see the output of the smb.conf file. Regards, Marcio Oliveira. 2012/10/30 Jeff Dickens j...@seamanpaper.com From http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html : Disabling Roaming Profile Support The question often asked is, “How may I enforce use of local profiles?” or “How do I disable roaming profiles?” There are three ways of doing this: In smb.conf Affect the following settings and ALL clients will be forced to use a local profile: logon home = http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONHOME and logon path = http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONPATH The arguments to these parameters must be left blank. It is necessary to include the = sign to specifically assign the empty value. This apparently no longer works, or at least it doesn't work properly with an LDAP server. Can anyone comment on why? I'm running Samba 3.6.3-2 on Ubuntu 12.04. -- * Jeff Dickens* IT Manager 978-632-1513 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Marcio Oliveira. Tudo concorre para o bem daqueles que amam à Deus. (Rom 8,28) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 rc4 not configure in freebsd 9.1
On Tue, 2012-10-30 at 16:51 -0200, Luiz Gustavo dos S. Costa wrote: Hi list, I tried run the configure script of the samba4 version rc4 in a freebsd 9.1-RC2 without successful. i put the output of configure in a binpaste url: http://zlin.dk/p/?ZmE5MjA0 root@samba4:/samba/devel/samba-4.0.0rc4 # uname -a FreeBSD samba4.ad.mundounix.com.br 9.1-RC2 FreeBSD 9.1-RC2 #0 r241106: Mon Oct 1 18:26:44 UTC 2012 r...@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 Sadly I didn't get my build fixes into the RC branch before rc4. The attached should help, along with the fix for xattr support. At this point master and v4-0-test have diverged, which is why there are these differences. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org From b5aed614bfe6da2c4034773291ad619e610f1115 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett abart...@samba.org Date: Tue, 23 Oct 2012 17:31:03 +1100 Subject: [PATCH 37/39] lib/replace: Fix configure on FreeBSD: define_ret is not correct here define_ret is for when the output of the compiled and run program should be put into the configure define. This is not the case here. Andrew Bartlett --- lib/replace/wscript | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/replace/wscript b/lib/replace/wscript index 2e1dd65..5249e40 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -217,7 +217,6 @@ def configure(conf): msg=Checking correct behavior of strtoll, headers = 'errno.h', execute = True, -define_ret = True, define = 'HAVE_BSD_STRTOLL', ) conf.CHECK_FUNCS('if_nametoindex strerror_r') -- 1.7.11.7 From 2756c3ce5c7d5d066dc76592dd1078a8594b983b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett abart...@samba.org Date: Sat, 27 Oct 2012 19:15:58 +1100 Subject: [PATCH] lib/replace: Return size of xattr if size argument is 0 This makes rep_{f,}getxattr a more complete replacement for the linux function. Andrew Bartlett --- lib/replace/xattr.c | 15 --- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/lib/replace/xattr.c b/lib/replace/xattr.c index 8e1c989..a26ff67 100644 --- a/lib/replace/xattr.c +++ b/lib/replace/xattr.c @@ -71,7 +71,9 @@ ssize_t rep_getxattr (const char *path, const char *name, void *value, size_t si * that the buffer is large enough to fit the returned value. */ if((retval=extattr_get_file(path, attrnamespace, attrname, NULL, 0)) = 0) { - if(retval size) { + if (size == 0) { + return retval; + } else if (retval size) { errno = ERANGE; return -1; } @@ -88,6 +90,9 @@ ssize_t rep_getxattr (const char *path, const char *name, void *value, size_t si if (strncmp(name, system, 6) == 0) flags |= ATTR_ROOT; retval = attr_get(path, attrname, (char *)value, valuelength, flags); + if (size == 0 retval == -1 errno == E2BIG) { + return valuelength; + } return retval ? retval : valuelength; #elif defined(HAVE_ATTROPEN) @@ -126,7 +131,9 @@ ssize_t rep_fgetxattr (int filedes, const char *name, void *value, size_t size) const char *attrname = ((s=strchr(name, '.')) == NULL) ? name : s + 1; if((retval=extattr_get_fd(filedes, attrnamespace, attrname, NULL, 0)) = 0) { - if(retval size) { + if (size == 0) { + return retval; + } else if (retval size) { errno = ERANGE; return -1; } @@ -143,7 +150,9 @@ ssize_t rep_fgetxattr (int filedes, const char *name, void *value, size_t size) if (strncmp(name, system, 6) == 0) flags |= ATTR_ROOT; retval = attr_getf(filedes, attrname, (char *)value, valuelength, flags); - + if (size == 0 retval == -1 errno == E2BIG) { + return valuelength; + } return retval ? retval : valuelength; #elif defined(HAVE_ATTROPEN) ssize_t ret = -1; -- 1.7.11.7 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Unable to create GPO with rc3 and a few authentication problems
I had encountered a few problems with 2 Samba 4 rc3 DCs serving domain migrated from Windows 2003 R2. I post them altogether, since they look related. 1. Unable to create or delete GPOs. # bin/samba-tool gpo create somegpo ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - dsdb_access: Access check failed on CN=Policies,CN=System,DC=klin,DC=kifato-mk,DC=com File /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/gpo.py, line 952, in run self.samdb.add(m) I'm not sure if this is a schema or authentication problem. Could someone suggest how should that be investigated? It looks like in default Windows schema only members of Domain Admins can modify cn=Policies. If one will allow Domain controllers group to have rw access too, the LDAP-related error disappears. However, sysvol FS access error will raise (due to the fact machine accounts do not have write permissions on sysvol/fqdn/Policies after samba-tool ntacl sysvolreset). So, should samba-tool really use machine account for GPO operations? -- Best regards, Dmitry Khromov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Unable to create GPO with rc3 and a few authentication problems
On Wed, 2012-10-31 at 03:33 +0400, Dmitry Khromov wrote: I had encountered a few problems with 2 Samba 4 rc3 DCs serving domain migrated from Windows 2003 R2. I post them altogether, since they look related. 1. Unable to create or delete GPOs. # bin/samba-tool gpo create somegpo ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - dsdb_access: Access check failed on CN=Policies,CN=System,DC=klin,DC=kifato-mk,DC=com File /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/gpo.py, line 952, in run self.samdb.add(m) I'm not sure if this is a schema or authentication problem. Could someone suggest how should that be investigated? It looks like in default Windows schema only members of Domain Admins can modify cn=Policies. If one will allow Domain controllers group to have rw access too, the LDAP-related error disappears. However, sysvol FS access error will raise (due to the fact machine accounts do not have write permissions on sysvol/fqdn/Policies after samba-tool ntacl sysvolreset). So, should samba-tool really use machine account for GPO operations? Probably not for write operations. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Unable to create GPO with rc3 and a few authentication problems
On Wed, 2012-10-31 at 03:33 +0400, Dmitry Khromov wrote: I had encountered a few problems with 2 Samba 4 rc3 DCs serving domain migrated from Windows 2003 R2. I post them altogether, since they look related. 1. Unable to create or delete GPOs. # bin/samba-tool gpo create somegpo ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - dsdb_access: Access check failed on CN=Policies,CN=System,DC=klin,DC=kifato-mk,DC=com File /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/gpo.py, line 952, in run self.samdb.add(m) I'm not sure if this is a schema or authentication problem. Could someone suggest how should that be investigated? It looks like in default Windows schema only members of Domain Admins can modify cn=Policies. If one will allow Domain controllers group to have rw access too, the LDAP-related error disappears. However, sysvol FS access error will raise (due to the fact machine accounts do not have write permissions on sysvol/fqdn/Policies after samba-tool ntacl sysvolreset). So, should samba-tool really use machine account for GPO operations? Probably not for write operations. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org And it actually doesn't. Sorry, I'm an idiot. I forgot the -k switch, so it was falling back to machine account. Now it says NT_STATUS_INVALID_OWNER in conn.set_acl, but that's a different story. -- Best regards, Dmitry Khromov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Unable to create GPO with rc3 and a few authentication problems
On Wed, 2012-10-31 at 03:48 +0400, Dmitry Khromov wrote: On Wed, 2012-10-31 at 03:33 +0400, Dmitry Khromov wrote: I had encountered a few problems with 2 Samba 4 rc3 DCs serving domain migrated from Windows 2003 R2. I post them altogether, since they look related. 1. Unable to create or delete GPOs. # bin/samba-tool gpo create somegpo ERROR(ldb): uncaught exception - LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - dsdb_access: Access check failed on CN=Policies,CN=System,DC=klin,DC=kifato-mk,DC=com File /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/gpo.py, line 952, in run self.samdb.add(m) I'm not sure if this is a schema or authentication problem. Could someone suggest how should that be investigated? It looks like in default Windows schema only members of Domain Admins can modify cn=Policies. If one will allow Domain controllers group to have rw access too, the LDAP-related error disappears. However, sysvol FS access error will raise (due to the fact machine accounts do not have write permissions on sysvol/fqdn/Policies after samba-tool ntacl sysvolreset). So, should samba-tool really use machine account for GPO operations? Probably not for write operations. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org And it actually doesn't. Sorry, I'm an idiot. I forgot the -k switch, so it was falling back to machine account. Now it says NT_STATUS_INVALID_OWNER in conn.set_acl, but that's a different story. Is this an upgrade from a Samba3 domain? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [samba] printer cups
my samba is working good, only a problem with the classic pdf printer I get this message from testparm Warning: Service pdf-printer defines a print command, but print command parameter is ignored when using CUPS libraries. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions and this is my .conf [global] workgroup = RSA netbios name = RSA-INTRANET server string = RSA-INTRANET map to guest = Bad User passdb backend = tdbsam log file = /var/log/samba/log.%m dns proxy = No [pubblico] comment = condivisione pubblica path = /var/pubblico read only = No [pdf-printer] path = /var/pubblico/ create mask = 0700 guest ok = Yes printable = Yes print command = /usr/bin/printpdf.sh %s printer name = lp everyt hings works ok, but the print command isn't executed altough the printer is shared and visible on the lan. thanks for any help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Announce] CTDB release 2.0 is ready for download
This is long overdue CTDB release. There have been numerous code enhancements and bug fixes since the last release of CTDB. Highlights === * Support for readonly records (http://ctdb.samba.org/doc/readonlyrecords.txt) * Locking API to detect deadlocks between ctdb and samba * Fetch-lock optimization to rate-limit concurrent requests for same record * Support for policy routing * Modified IP allocation algorithm * Improved database vacuuming * New test infrastructure Reporting bugs Development Discussion === Please discuss this release on the samba-technical mailing list or by joining the #ctdb IRC channel on irc.freenode.net. All bug reports should be filed under CTDB product in the project's Bugzilla database (https://bugzilla.samba.org/). Download Details = The source code can be downloaded from: http://ftp.samba.org/pub/ctdb/ Git repository git://git.samba.org/ctdb.git http://git.samba.org/?p=ctdb.git;a=summary (Git via web) CTDB documentation https://ctdb.samba.org/ Amitay. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Announce] Samba 4.0.0rc4 Available for Download
Release Announcements - This is the fourth release candidate of Samba 4.0. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.0 will be the next version of the Samba suite and incorporates all the technology found in both the Samba4 series and the stable 3.x series. The primary additional features over Samba 3.6 are support for the Active Directory logon protocols used by Windows 2000 and above. This release contains the best of all of Samba's technology parts, both a file server (that you can reasonably expect to upgrade existing Samba 3.x releases to) and the AD domain controller work previously known as 'samba4'. If you are upgrading, or looking to develop, test or deploy Samba 4.0 releases candidates, you should backup all configuration and data. UPGRADING = Users upgrading from Samba 3.x domain controllers and wanting to use Samba 4.0 as an AD DC should use the 'samba-tool domain classicupgrade' command. See the wiki for more details: https://wiki.samba.org/index.php/Samba4/samba3upgrade/HOWTO. Users upgrading from Samba 4.0 alpha and beta releases since alpha15 should run 'samba-tool dbcheck --cross-ncs --fix' before re-starting Samba. Users upgrading from earlier alpha releases should contact the team for advice. Users upgrading an AD DC from any previous release should run 'samba-tool ntacl sysvolreset' to re-sync ACLs on the sysvol share with those matching the GPOs in LDAP and the defaults from an initial provision. This will set an underlying POSIX ACL if required (eg not using the NTVFS file server). If you used the BIND9_FLATFILE or BIND9_DLZ features, you'll have to add '-dns' to the 'server services' option, as the internal dns server (SAMBA_INTERNAL) is the default now. NEW FEATURES Samba 4.0 supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients. Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue. Samba 4.0.0rc4 ships with two distinct file servers. We now use the file server from the Samba 3.x series 'smbd' for all file serving by default. Samba 4.0 also ships with the 'NTVFS' file server. This file server is what was used in all previous releases of Samba 4.0, and is tuned to match the requirements of an AD domain controller. We continue to support this, not only to provide continuity to installations that have deployed it as part of an AD DC, but also as a running example of the NT-FSA architecture we expect to move smbd to in the longer term. For pure file server work, the binaries users would expect from that series (nmbd, winbindd, smbpasswd) continue to be available. When running an AD DC, you only need to run 'samba' (not nmbd/smbd/winbind), as the required services are co-coordinated by this master binary. As DNS is an integral part of Active Directory, we also provide two DNS solutions, a simple internal DNS server for 'out of the box' configurations and a more elaborate BIND plugin using the BIND DLZ mechanism in versions 9.8 and 9.9. During the provision, you can select which backend to use. With the internal backend, your DNS server is good to go. If you chose the BIND_DLZ backend, a configuration file will be generated for bind to make it use this plugin, as well as a file explaining how to set up bind. To provide accurate timestamps to Windows clients, we integrate with the NTP project to provide secured NTP replies. To use you need to start ntpd and configure it with the 'restrict ... ms-sntp' and ntpsigndsocket options. Finally, a new scripting interface has been added to Samba 4, allowing Python programs to interface to Samba's internals, and many tools and internal workings of the DC code is now implemented in python. ## Changes ### smb.conf changes Parameter Name Description -- --- allow dns updatesNew announce as Removed announce version Removed cldap port New client max protocol New client min protocol New client signing Changed default dcerpc endpoint servers New dgram port New directory security mask Removed display charset Removed dns forwarderNew dns update command
[SCM] CTDB repository - branch 1.2.40 updated - ctdb-1.2.53-3-gb746729
The branch, 1.2.40 has been updated via b7467294465b6225982c90315df20a8699ccf812 (commit) via c116d0b107873d679fd6246ef3dd2fbcdbe46b56 (commit) via 49e66cf4009c8f8816baa83a4bd4408c540b389c (commit) from 046f8799361794997cedae3d4ff812216661e04e (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.2.40 - Log - commit b7467294465b6225982c90315df20a8699ccf812 Author: Amitay Isaacs ami...@gmail.com Date: Tue Oct 30 12:39:00 2012 +1100 New Version 1.2.54 Signed-off-by: Amitay Isaacs ami...@gmail.com commit c116d0b107873d679fd6246ef3dd2fbcdbe46b56 Author: Amitay Isaacs ami...@gmail.com Date: Mon Sep 3 12:39:36 2012 +1000 scripts: Remove duplicate code from init script to set tunables The tunable variables defined in CTDB configuration file are currently set up from init script as well as part of setup event in 00.ctdb eventscript. Remove the duplication of this code and set tunable variables only from setup event. During the setup event, it's possible that ctdb tool commands can timeout if CTDB daemon is not ready. To guard against such eventuality, wait till ctdb ping command succeeds before executing any other ctdb tool commands. Signed-off-by: Amitay Isaacs ami...@gmail.com Cherry-picked-from: 632c1b9c1cc2e242376358ce49fd2022b3f27aa2 Conflicts: config/events.d/00.ctdb commit 49e66cf4009c8f8816baa83a4bd4408c540b389c Author: Amitay Isaacs ami...@gmail.com Date: Mon Oct 29 14:56:10 2012 +1100 daemon: Protect against double free of callback state while shutting down When CTDB is shut down and monitoring has been stopped, monitor_context gets freed and all the callback states hanging off it. This includes callback state for current_monitor, if the current monitor event has not yet finished. As a result, when the shutdown event is called, current_monitor-callback state is not NULL, but it's actually freed and it's a dangling reference. So before executing callback function and freeing callback state check if ctdb-monitor-monitor_context is not NULL. Signed-off-by: Amitay Isaacs ami...@gmail.com --- Summary of changes: config/ctdb.init | 14 +- config/events.d/00.ctdb| 39 +++ include/ctdb_private.h |1 + packaging/RPM/ctdb.spec.in |5 - server/ctdb_monitor.c |7 +++ server/eventscript.c |5 +++-- 6 files changed, 47 insertions(+), 24 deletions(-) Changeset truncated at 500 lines: diff --git a/config/ctdb.init b/config/ctdb.init index 7c75726..4fe01e3 100755 --- a/config/ctdb.init +++ b/config/ctdb.init @@ -217,16 +217,6 @@ EOF done } -set_ctdb_variables () { -# set any tunables from the config file -set | grep ^CTDB_SET_ | cut -d_ -f3- | -while read v; do - varname=`echo $v | cut -d= -f1` - value=`echo $v | cut -d= -f2` - ctdb setvar $varname $value || RETVAL=1 -done || exit 1 -} - set_retval() { return $1 } @@ -311,9 +301,7 @@ start() { esac if [ $RETVAL -eq 0 ] ; then - if wait_until_ready ; then - set_ctdb_variables - else + if ! wait_until_ready ; then RETVAL=1 pkill -9 -f $ctdbd /dev/null 21 fi diff --git a/config/events.d/00.ctdb b/config/events.d/00.ctdb index 4f97185..5ad74bf 100755 --- a/config/events.d/00.ctdb +++ b/config/events.d/00.ctdb @@ -30,6 +30,32 @@ update_config_from_tdb() { } } +set_ctdb_variables () { +# set any tunables from the config file +set | grep ^CTDB_SET_ | cut -d_ -f3- | +while read v; do + varname=`echo $v | cut -d= -f1` + value=`echo $v | cut -d= -f2` + ctdb setvar $varname $value || return 1 + echo Set $varname to $value +done +} + +wait_until_ready () { +_timeout=${1:-10} # default is 10 seconds + +_count=0 +while ! ctdb ping /dev/null 21 ; do + if [ $_count -ge $_timeout ] ; then + return 1 + fi + sleep 1 + _count=$(($_count + 1)) +done +} + +ctdb_check_args $@ + case $1 in init) # make sure we have a blank state directory for the scripts to work with @@ -42,14 +68,11 @@ case $1 in ;; setup) - # set any tunables from the config file - set | grep ^CTDB_SET_ | cut -d_ -f3- | - while read v; do - varname=`echo $v | cut -d= -f1` - value=`echo $v | cut -d= -f2` - ctdb setvar $varname $value || exit 1 - echo Set $varname to $value - done || exit 1 +# Make sure CTDB daemon is ready to process requests +if wait_until_ready ; then + # set any tunables from the config file + set_ctdb_variables + fi
[SCM] CTDB repository - annotated tag ctdb-1.2.54 created - ctdb-1.2.54
The annotated tag, ctdb-1.2.54 has been created at 519a63ef7aa002e62cae0518ed03ba9fde2e139f (tag) tagging b7467294465b6225982c90315df20a8699ccf812 (commit) replaces ctdb-1.2.53 tagged by Amitay Isaacs on Tue Oct 30 16:39:15 2012 +1100 - Log - new version 1.2.54 Amitay Isaacs (3): daemon: Protect against double free of callback state while shutting down scripts: Remove duplicate code from init script to set tunables New Version 1.2.54 --- -- CTDB repository
[SCM] CTDB repository - branch master updated - ctdb-1.13-338-g16a91c2
The branch, master has been updated via 16a91c2a4d03b46743611e2fe844bb2cef95e46a (commit) via 3d4838db51dd8199b9c29aebb6e7bfbd2a27b8bb (commit) via f8af7d8de76e68e5c4bde15f832a31ce9107e8c7 (commit) via 8df7ea6b20417833792932487a082b3c71bb6837 (commit) via b151f9b62299ec5b887c62cef780547a39c0ba9d (commit) from 9be3b23adbfc844b71bf1d4ddf0fbc3b269f15fa (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit 16a91c2a4d03b46743611e2fe844bb2cef95e46a Author: Amitay Isaacs ami...@gmail.com Date: Tue Oct 30 11:54:52 2012 +1100 packaging: Use maketarball.sh script to create tarball for RPM This removes the duplicate code for building tarball and reuses existing script. Signed-off-by: Amitay Isaacs ami...@gmail.com commit 3d4838db51dd8199b9c29aebb6e7bfbd2a27b8bb Author: Amitay Isaacs ami...@gmail.com Date: Tue Oct 30 11:52:19 2012 +1100 packaging: Use optional argument as targetdir when creating tarball In addition, do not modify CTDB version string with extra suffix. Signed-off-by: Amitay Isaacs ami...@gmail.com commit f8af7d8de76e68e5c4bde15f832a31ce9107e8c7 Author: Amitay Isaacs ami...@gmail.com Date: Tue Oct 30 11:49:28 2012 +1100 tool/ctdb: Always support ctdb version command, don't make it optional Signed-off-by: Amitay Isaacs ami...@gmail.com commit 8df7ea6b20417833792932487a082b3c71bb6837 Author: Amitay Isaacs ami...@gmail.com Date: Tue Oct 30 11:48:23 2012 +1100 build: Add rules to create include/version.h when building from git tree Signed-off-by: Amitay Isaacs ami...@gmail.com commit b151f9b62299ec5b887c62cef780547a39c0ba9d Author: Amitay Isaacs ami...@gmail.com Date: Tue Oct 30 11:47:24 2012 +1100 packaging: Create include/version.h to define CTDB_VERSION_STRING Signed-off-by: Amitay Isaacs ami...@gmail.com --- Summary of changes: Makefile.in|8 +++- packaging/RPM/ctdb.spec.in |2 +- packaging/RPM/makerpms.sh | 23 +-- packaging/maketarball.sh | 28 ++-- packaging/mkversion.sh | 14 ++ tools/ctdb.c | 11 +++ 6 files changed, 44 insertions(+), 42 deletions(-) Changeset truncated at 500 lines: diff --git a/Makefile.in b/Makefile.in index 3294503..fef2e45 100755 --- a/Makefile.in +++ b/Makefile.in @@ -63,6 +63,8 @@ SHLD=${CC} ${CFLAGS} ${LDSHFLAGS} -o $@ LIB_FLAGS=@LDFLAGS@ -Llib @LIBS@ $(POPT_LIBS) $(TALLOC_LIBS) $(TEVENT_LIBS) $(TDB_LIBS) \ @INFINIBAND_LIBS@ @CTDB_PCAP_LDFLAGS@ +CTDB_VERSION_H = include/version.h + UTIL_OBJ = lib/util/idtree.o lib/util/db_wrap.o lib/util/strlist.o lib/util/util.o \ lib/util/util_time.o lib/util/util_file.o lib/util/fault.o lib/util/substitute.o \ lib/util/signal.o @@ -112,7 +114,7 @@ DIRS = lib bin tests/bin .SUFFIXES: .c .o .h -all: showflags dirs $(CTDB_SERVER_OBJ) $(CTDB_CLIENT_OBJ) $(CTDB_LIB_OBJ) $(BINS) $(SBINS) $(TEST_BINS) +all: showflags dirs $(CTDB_VERSION_H) $(CTDB_SERVER_OBJ) $(CTDB_CLIENT_OBJ) $(CTDB_LIB_OBJ) $(BINS) $(SBINS) $(TEST_BINS) showflags: @echo 'ctdb will be compiled with flags:' @@ -138,6 +140,10 @@ showlayout:: dirs: @mkdir -p $(DIRS) +$(CTDB_VERSION_H): + @echo Generating $@ + @./packaging/mkversion.sh + bin/ctdbd: $(CTDB_SERVER_OBJ) @echo Linking $@ @$(CC) $(CFLAGS) -o $@ $(CTDB_SERVER_OBJ) $(LIB_FLAGS) diff --git a/packaging/RPM/ctdb.spec.in b/packaging/RPM/ctdb.spec.in index b0555c7..50287ab 100644 --- a/packaging/RPM/ctdb.spec.in +++ b/packaging/RPM/ctdb.spec.in @@ -71,7 +71,7 @@ export CC ## always run autogen.sh ./autogen.sh -CFLAGS=$RPM_OPT_FLAGS $EXTRA -O0 -D_GNU_SOURCE -DCTDB_VERS=\%{version}-%{release}\ ./configure \ +CFLAGS=$RPM_OPT_FLAGS $EXTRA -O0 -D_GNU_SOURCE ./configure \ %if %with_included_talloc --with-included-talloc \ %endif diff --git a/packaging/RPM/makerpms.sh b/packaging/RPM/makerpms.sh index 254abde..c216185 100755 --- a/packaging/RPM/makerpms.sh +++ b/packaging/RPM/makerpms.sh @@ -52,7 +52,7 @@ mkdir -p `rpm --eval %_rpmdir`/noarch mkdir -p `rpm --eval %_rpmdir`/i386 mkdir -p `rpm --eval %_rpmdir`/x86_64 -VERSION=$(${TOPDIR}/packaging/mkversion.sh) +VERSION=$(${TOPDIR}/packaging/mkversion.sh ${TOPDIR}/include/version.h) if [ -z $VERSION ]; then exit 1 fi @@ -61,23 +61,10 @@ sed -e s/@VERSION@/$VERSION/g \ ${DIRNAME}/${SPECFILE_IN} \ ${DIRNAME}/${SPECFILE} -VERSION=$(grep ^Version ${DIRNAME}/${SPECFILE} | sed -e 's/^Version:\ \+//') - -if echo | gzip -c --rsyncable - /dev/null 21 ; then - GZIP=gzip -9 --rsyncable -else - GZIP=gzip -9 -fi - -pushd ${TOPDIR} -echo -n Creating ctdb-${VERSION}.tar.gz ... -git archive
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 4309dd1 VERSION: Bump version number up to 4.0.0rc5 via 8c72009 VERSION: Disable GIT snapshot to prepare rc4 release. from f6b8919 WHATSNEW: Update changes since rc3. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 4309dd11e02e41758a03065d435bdd6ce78c4e56 Author: Karolin Seeger ksee...@samba.org Date: Tue Oct 30 09:58:41 2012 +0100 VERSION: Bump version number up to 4.0.0rc5 and re-enable GIT snapshots. Karolin commit 8c72009f6d9bf85d35d4cefedc935c14dd799516 Author: Karolin Seeger ksee...@samba.org Date: Tue Oct 30 09:57:37 2012 +0100 VERSION: Disable GIT snapshot to prepare rc4 release. Karolin --- Summary of changes: VERSION |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index bdc8768..00ea5a6 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # - 3.0.0rc1 # -SAMBA_VERSION_RC_RELEASE=4 +SAMBA_VERSION_RC_RELEASE=5 # To mark SVN snapshots this should be set to 'yes'# -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-stable updated
The branch, v4-0-stable has been updated via 8c72009 VERSION: Disable GIT snapshot to prepare rc4 release. via f6b8919 WHATSNEW: Update changes since rc3. via e83ad06 source3.selftest: Move last variables to selftesthelpers. via ff52138 source3.selftest: Move more variables to be in common. (cherry picked from commit 66980989e5b28490cd7b04b576cf39d26f183b90) via 23a6320 selftesthelpers: Fix detection of tap2subunit. via d1deda0 selftest: Add --random-order option. (cherry picked from commit 67dd28f3605db4cbdc5feacc1121ec3d7dd075a6) via cf1ede2 source4.selftest.tests: Add FIXME about database verification. (cherry picked from commit 1190f385f72f68f22277c8b380f2d4c461c413a4) via 2008f37 selftesthelpers: Simplify detection of tap2subunit. (cherry picked from commit 05dc5a39a6ad4b1ffafc904faea3e8e40f6f5cde) via 85bf826 source3.selftests.tests: Use common plansmbtorture4testsuite() function. (cherry picked from commit fd607e0a9eefb79130941e244435980afbbb4bf7) via 81c796d source3.selftest.tests: Add suffix for smbclient3/ntlm_auth3. (cherry picked from commit efb27e29dadf58d2dec651ca3a0c108b4cf515ae) via 020f3f4 source3.selftest.tests: Remove tabs. (cherry picked from commit a841f0fced7abfb0f6d98390c07becdf49a91af5) via 5abde61 source4.selftest.tests: Add suffix for smbclient4/nmblookup4. (cherry picked from commit ea5e2b56c14072eeaa785d05f1da4d439667e8b6) via a3d1446 selftesthelpers: Add function for printing smbtorture4 version. (cherry picked from commit 58345820c078f79fe7f67b8e6f947691f7237641) via 4d2fc2a selftest: Move determining of smbtorture4 options to selftesthelpers. (cherry picked from commit 8237e2727da0d04b82cb3cf644dd337a4c77fe34) via 244ca61 selftest/selftesthelpers: Share environment handling for extra smbtorture options. (cherry picked from commit fcb7926ce544a8d4b0e5aa6577fe21712b38bb53) via e2adfe7 selftest/selftesthelpers.py: Share configuration variable, strip whitespace. (cherry picked from commit 6bcb25673bdc249f5a49ded912d90bc84b13809d) via 5cdec48 selftesthelpers: Share code for listing smbtorture4 tests. (cherry picked from commit 4c4d3c86f0430d38f78d16dcb5d365b577ef4227) via af3f83a source4.selftest.tests: Rename plansmbtorturesuite() to plansmbtorture4suite(). (cherry picked from commit 868c8c058306b66fb3baa4a36bfe91d6461805d5) via 220b98d source4.selftest.tests: Consistent naming of smbtorture binary. (cherry picked from commit 55507d0612ecf2db34867eb6065fc5038ea81aa0) via 76bbf16 samba.tests.docs: Ignore removed parameters. (cherry picked from commit 364ed82d22bbcd69ae237098ba8d6946969bd390) via 7461d45 smb.conf(5): Mark four removed parameters as such. (cherry picked from commit 4b4e8e21235615af94788fa0ebfa0b0bc09f14fd) via c7e9ab5 samba.tests.docs: Assume docs are generated by waf. (cherry picked from commit ed37b8ad14d496114654017d394fa18d63456aee) via 87f45c8 samba.tests.docs: Write error output from xsltproc to standard out. (cherry picked from commit cfa72bcc5e93a840fc07f5d419216443ef8f7599) via f31db3e samba.tests.docs: Skip tests if xsltproc is not present. (cherry picked from commit 8412b57f5ce40901a0a4e2e66c5f9bcbdcb4b46e) via afd55f7 smb.conf(5): Consistent spelling of parameter names. via a23aa34 samba.tests.docs: Support spaces before synonyms. (cherry picked from commit 32fad2b910a9e4f9b753b43cb818c72829236a88) via 6a34a8a samba.tests.docs: Support synonyms. (cherry picked from commit be4dea45daca51a817a7c383a4092bf69650c6cd) via a05c65f samba.tests.docs: Distinguish between unknown and undocumened parameters. (cherry picked from commit d0e644e0c83636b4e4c6b52ce0f861ffe38cedeb) via 97ddb5c tests: Convert find_missing_doc into a unit test. (cherry picked from commit d2f8fe855d0705faf216714cf147038563c0ba7e) via ccec37c smb.conf(5): Fix mixing of tabs and spaces. (cherry picked from commit 47902702b3e6390de05f8fca2bc457936af9f5c1) via 6461f02 smb.conf(5): Add basic documentation for 'nsupdate command'. (cherry picked from commit aad30c062fd176fa15994a44a0178d51764cdbf7) via d6bb051 smb.conf(5): Add basic documentation for 'afs token lifetime'. (cherry picked from commit 0cea6daffe42f5b9b6ee61eb430da3f86bea31df) via 2a2efb9 smb.conf(5): Add 'ldap password sync' as synonym for 'ldap passwd sync'. (cherry picked from commit 695df863eddd6ee323229fe29a4a40712f3553b4) via 2059769 smb.conf(5): Add 'socket address' as alias for 'nbt client socket address'. (cherry picked from commit 6c160e3892eea219c50bbb2d1113460817bfad08) via b4eb7ff smb.conf(5): Add basic documentation for 'tls dh params file'. (cherry picked from commit 03b48e2bdbea30afad9b414fbab5dae67e57b5cf) via b0cd55e smb.conf(5): Add basic documentation for 'tls enabled'. (cherry picked from
[SCM] Samba Shared Repository - annotated tag samba-4.0.0rc4 created
The annotated tag, samba-4.0.0rc4 has been created at 5ee38616a89f84a71acd9448985dcec5a4d2148e (tag) tagging 8c72009f6d9bf85d35d4cefedc935c14dd799516 (commit) replaces samba-4.0.0rc3 tagged by Karolin Seeger on Tue Oct 30 09:08:56 2012 +0100 - Log - samba: tag release samba-4.0.0rc4 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.18 (GNU/Linux) iD8DBQBQj4sibzORW2Vot+oRAlqFAJ9SnbA8FYiBn9oiQwRif1yaEBAqRgCeK2N6 rYmjiTq7ivnx4bzEkWThCDU= =f7yN -END PGP SIGNATURE- Andreas Schneider (2): BUG #9295: Build standard auth modules as internal modules. packaging: Move smbprint to a comman location. Andrew Bartlett (2): build: Assert that auth_domain, auth_builtin, auth_sam, auth_winbind are builtin ldb: bump version to 1.1.13 so the 4.0 release can get the isprint fix Björn Baumbach (2): docs: fix opening and ending tag mismatch: para docs: fix opening and ending tag mismatch: para Christian Ambach (1): s3:utils/net fix a compiler warning David Disseldorp (1): pam_winbind: fix segfault in pam_sm_authenticate() Gregor Beck (22): s3:auth: use const in smb_pam_xxx_session() s3:rpc_server/srvsvc: remove function net_enum_pipes() s3:lib: remove unused function connections_traverse() s3:smbcontrol: don't do stack_trace by connection but by server_id. s3:count_current_connections: do not clear orphaned entries from connections.tdb s3:net_status_shares: use connections_forall_read for a read only traversal s3:smbd: pass smbXsrv_session instead of user_struct to session_claim() and session_yield() s3:smbd: remove smbd_server_connection argument from session_claim() s3:smbd: initialize session-global before calling session_claim s3:smbd: use session_global_id as session number for pam and utmp s3:smbXsrv_session: add smbXsrv_session_global_traverse() s3:smbXsrv_tcon: add smbXsrv_tcon_global_traverse() s3:build: move sessionid_tdb.o and conn_tdb.o to SMBD_OBJ_BASE s3:smbd:setup_new_vc_session: traverse sessions instead of connections to shutdown other smbds s3:smbd/connection: use smbXsrv_tcon_traverse to count connections s3:lib: implement sessionid_traverse_read with smb2srv_session_traverse_read s3:smbd: don't use (fill) sessionid.tdb in session_claim/yield any more. s3:net_serverid: remove sessionid_traverse from net serverid wipedbs s3:lib: remove unused sessionid_*() functions s3:net_serverid: remove connections_forall from net serverid wipedbs s3:lib: remove function connections_forall() s3:lib/conn_tdb: implement connections_forall_read() based on smbXsrv_*_global_traverse() Jelmer Vernooij (62): wafsamba: Ignore some more symbols when checking for dupes. (cherry picked from commit 276460cf8afb4894fe1e980c7a75e866c14ba144) samba.provision.sambadns: Use == to compare strings, not 'is'. (cherry picked from commit 2adf27a99b999a4fd0329d9fa398a9208b60e367) samba4-tests: Move 'samba.tests.source' up. selftests.tests: Remove reference to Samba 4. (cherry picked from commit 1080b6c2caf1191fd896f3caf38e576a00b01982) selftest: Move some tests to common test script. (cherry picked from commit 1aa291c331c29c2f5ee4572b660c4c2061755856) samba.join: Fix multiple spaces. selftest: Move more tests to common list script. samba-tool user test: Fix expected output. smb.conf(5): Extend 'server min protocol' description. (cherry picked from commit dfe75c2f3591652a370a36f73f70e8055bda9d11) smb.conf(5): Add basic documentation for 'winbindd socket directory'. (cherry picked from commit d0b38752471dd870ad640fd39076bc51f84c57d1) smb.conf(5): Add basic documentation for 'winbindd privileged socket directory'. (cherry picked from commit 3cea6257a9e4a3e1dc46e6c555d57992a73d6e6c) smb.conf(5): Add : to idmap config description to mark it as parametric. (cherry picked from commit c6ba8575ea7fe8b0fdc49d4f823ca441ae99070a) smb.conf(5): Add basic documentation for 'ntvfs handler'. (cherry picked from commit 394258ad4c3413388e800800b2b1b941de037fa3) smb.conf(5): Add basic documentation for 'dns forwarder'. (cherry picked from commit e9d91cd4a133d7acb377341282230f99f5e10a12) smb.conf(5): Add basic documentation 'winbind sealed pipes'. (cherry picked from commit e7c8fcaea5b06897603abb6f4f38ce39b400c9a7) samba-tool user: Fix typos, improve messages. (cherry picked from commit d09f15163843c5a027476e9087ae96700f6de003) smb.conf(5): Add basic documentation for 'samba kcc command'. (cherry picked from commit a63d6a909406c2d0e04f6142f9614c3543ae2d1b) smb.conf(5): Add basic documentation for 'server services'. (cherry picked from commit 3cc61af7ff3b90026fdc6fc84ad905041154bfaf) smb.conf(5): Add basic documentation for 'dns update command'. (cherry
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 7e100a2 WHATSNEW: Correct list of changed parameters. from 4309dd1 VERSION: Bump version number up to 4.0.0rc5 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 7e100a2d8fe479e612bae0cae9dc6003bf723768 Author: Karolin Seeger ksee...@samba.org Date: Tue Oct 30 11:31:08 2012 +0100 WHATSNEW: Correct list of changed parameters. These synonyms do still exist. Thanks to Björn Baumbach for noticing! Karolin Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Tue Oct 30 13:13:46 CET 2012 on sn-devel-104 --- Summary of changes: WHATSNEW.txt |2 -- 1 files changed, 0 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index dc3b1e4..bbc11c8 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -125,8 +125,6 @@ smb.conf changes kernel share modes New kpasswd portNew krb5 port New - max protocolRemoved - min protocolRemoved nbt client socket address New nbt portNew nsupdate commandNew -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a3a1cd4 packaging: Add NetworkManager dispatcher script for winbind. from 4dfded0 s3: Use file_id_string in file_id_string_tos http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a3a1cd4797c99cb5fd0234c2dfe40e5dcafb05f8 Author: Andreas Schneider a...@cryptomilk.org Date: Fri Oct 26 12:46:21 2012 +0200 packaging: Add NetworkManager dispatcher script for winbind. Signed-off-by: Andreas Schneider a...@cryptomilk.org Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: David Disseldorp dd...@samba.org Autobuild-User(master): David Disseldorp dd...@samba.org Autobuild-Date(master): Tue Oct 30 13:17:02 CET 2012 on sn-devel-104 --- Summary of changes: packaging/NetworkManager/30-winbind-systemd | 20 packaging/NetworkManager/README |6 ++ 2 files changed, 26 insertions(+), 0 deletions(-) create mode 100755 packaging/NetworkManager/30-winbind-systemd create mode 100644 packaging/NetworkManager/README Changeset truncated at 500 lines: diff --git a/packaging/NetworkManager/30-winbind-systemd b/packaging/NetworkManager/30-winbind-systemd new file mode 100755 index 000..af0edf9 --- /dev/null +++ b/packaging/NetworkManager/30-winbind-systemd @@ -0,0 +1,20 @@ +#!/bin/sh + +winbind_is_active=$(/bin/systemctl is-active winbind.service) +test ${winbind_is_active} = active || exit 0 + +winbind_offline_logon=$(testparm -s --parameter-name winbind offline logon 2/dev/null) +test ${winbind_offline_logon} = Yes || exit 0 + +case $2 in + up|vpn-up) + nmb_is_active=$(/bin/systemctl is-active nmb.service) + if test ${nmb_is_active} = active; then + /bin/systemctl try-restart nmb.service || : + fi + /usr/bin/smbcontrol winbind online || : + ;; + down) + /usr/bin/smbcontrol winbind offline + ;; +esac diff --git a/packaging/NetworkManager/README b/packaging/NetworkManager/README new file mode 100644 index 000..0db8be6 --- /dev/null +++ b/packaging/NetworkManager/README @@ -0,0 +1,6 @@ +This directory includes files for the dispatcher of NetworkManager. The files +need to be copied to /etc/NetworkManager/dispatcher.d/ and will be automatically +called if a network interface goes up or down. + +30-winbind-systemd: This will set winbind into offline mode if you have winbind +offline logon turned on. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e6643fb wafbuild: use -Wstack-protector if available via 9a03cc9 wafbuild: use WERROR_FLAGS in wscript_configure_system_mitkrb5 via fdead58 ccan/wafbuild: use WERROR_CFLAGS instead of -Werror via 7fcb253 wafbuild: reorder the Werror checks so that the ambigous w2 option is being checked last via 5169204 wafbuild: merge the missing IBM compiler Werror flag -qhalt=w to waf via 0342ca4 wfabuild: fix the -errwarn compile flag test from a3a1cd4 packaging: Add NetworkManager dispatcher script for winbind. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e6643fbf48afccd0acedb65fbe24d3ce84d44c40 Author: Björn Jacke b...@sernet.de Date: Tue Oct 30 13:00:58 2012 +0100 wafbuild: use -Wstack-protector if available Autobuild-User(master): Björn Jacke b...@sernet.de Autobuild-Date(master): Tue Oct 30 15:04:30 CET 2012 on sn-devel-104 commit 9a03cc93f45a6908c73afe2d059a4ebf5534fdb7 Author: Björn Jacke b...@sernet.de Date: Tue Oct 30 12:19:24 2012 +0100 wafbuild: use WERROR_FLAGS in wscript_configure_system_mitkrb5 commit fdead585dc11101761ac975935134c6a84ea3b4f Author: Björn Jacke b...@sernet.de Date: Tue Oct 30 12:07:26 2012 +0100 ccan/wafbuild: use WERROR_CFLAGS instead of -Werror commit 7fcb2532b99ddf65d78dd02ea06ce8a1a6229949 Author: Björn Jacke b...@sernet.de Date: Tue Oct 30 11:48:25 2012 +0100 wafbuild: reorder the Werror checks so that the ambigous w2 option is being checked last commit 51692042d9f898c5e8f1cbc78031e37d23ec032a Author: Björn Jacke b...@sernet.de Date: Tue Oct 30 11:37:34 2012 +0100 wafbuild: merge the missing IBM compiler Werror flag -qhalt=w to waf commit 0342ca40629d5a57db02c7f840809dfa0bde6780 Author: Björn Jacke b...@sernet.de Date: Tue Oct 30 11:32:52 2012 +0100 wfabuild: fix the -errwarn compile flag test as in the autoconf build this must be -errwarn=%all --- Summary of changes: lib/ccan/wscript | 17 +++-- lib/replace/wscript |9 - lib/util/util_net.c |3 +++ wscript_configure_system_mitkrb5 |4 ++-- 4 files changed, 20 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ccan/wscript b/lib/ccan/wscript index 4af9dd4..59b8205 100644 --- a/lib/ccan/wscript +++ b/lib/ccan/wscript @@ -7,26 +7,23 @@ def configure(conf): conf.CHECK_HEADERS('err.h') conf.CHECK_HEADERS('byteswap.h') conf.CHECK_FUNCS('bswap_64', link=False, headers=byteswap.h) - -# FIXME: if they don't have -Werror, these will all fail. But they -# probably will anyway... conf.CHECK_CODE('int __attribute__((cold)) func(int x) { return x; }', -addmain=False, link=False, cflags=-Werror, +addmain=False, link=False, cflags=conf.env['WERROR_CFLAGS'], define='HAVE_ATTRIBUTE_COLD') conf.CHECK_CODE('int __attribute__((const)) func(int x) { return x; }', -addmain=False, link=False, cflags=-Werror, +addmain=False, link=False, cflags=conf.env['WERROR_CFLAGS'], define='HAVE_ATTRIBUTE_CONST') conf.CHECK_CODE('void __attribute__((noreturn)) func(int x) { exit(x); }', -addmain=False, link=False, cflags=-Werror, +addmain=False, link=False, cflags=conf.env['WERROR_CFLAGS'], define='HAVE_ATTRIBUTE_NORETURN') conf.CHECK_CODE('void __attribute__((format(__printf__, 1, 2))) func(const char *fmt, ...) { }', -addmain=False, link=False, cflags=-Werror, +addmain=False, link=False, cflags=conf.env['WERROR_CFLAGS'], define='HAVE_ATTRIBUTE_PRINTF') conf.CHECK_CODE('int __attribute__((unused)) func(int x) { return x; }', -addmain=False, link=False, cflags=-Werror, +addmain=False, link=False, cflags=conf.env['WERROR_CFLAGS'], define='HAVE_ATTRIBUTE_UNUSED') conf.CHECK_CODE('int __attribute__((used)) func(int x) { return x; }', -addmain=False, link=False, cflags=-Werror, +addmain=False, link=False, cflags=conf.env['WERROR_CFLAGS'], define='HAVE_ATTRIBUTE_USED') # We try to use headers for a compile-time test. conf.CHECK_CODE(code = #ifdef __BYTE_ORDER @@ -121,7 +118,7 @@ def configure(conf): link=True, define='HAVE_TYPEOF') conf.CHECK_CODE('int __attribute__((warn_unused_result)) func(int x) { return x; }', -addmain=False, link=False, cflags=-Werror, +addmain=False, link=False, cflags=conf.env['WERROR_CFLAGS'],
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d8fc4cd s3:smb2_read: fix SMBD_SMB2_NUM_IOV_PER_REQ check for sendfile() support (bug #9341) from e6643fb wafbuild: use -Wstack-protector if available http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d8fc4cd25e40164e23c0375b073cb42723892146 Author: Stefan Metzmacher me...@samba.org Date: Tue Oct 30 11:08:19 2012 +0100 s3:smb2_read: fix SMBD_SMB2_NUM_IOV_PER_REQ check for sendfile() support (bug #9341) Reported-by: Sebastien LAVEZE sebastien.lav...@mindspeed.com Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org Tested-by: Sebastien LAVEZE sebastien.lav...@mindspeed.com Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Tue Oct 30 16:49:26 CET 2012 on sn-devel-104 --- Summary of changes: source3/smbd/smb2_read.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/smb2_read.c b/source3/smbd/smb2_read.c index 2890f86..41adb03 100644 --- a/source3/smbd/smb2_read.c +++ b/source3/smbd/smb2_read.c @@ -277,7 +277,7 @@ static NTSTATUS schedule_smb2_sendfile_read(struct smbd_smb2_request *smb2req, if (!lp__use_sendfile(SNUM(fsp-conn)) || smb2req-do_signing || smb2req-do_encryption || - smb2req-in.vector_count (2*SMBD_SMB2_NUM_IOV_PER_REQ) || + smb2req-in.vector_count = (2*SMBD_SMB2_NUM_IOV_PER_REQ) || (fsp-base_fsp != NULL) || (fsp-wcp != NULL) || (!S_ISREG(fsp-fsp_name-st.st_ex_mode)) || -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a88e3be s3:docs document shadow:snapdirseverywhere option of vfs_shadow_copy2 from d8fc4cd s3:smb2_read: fix SMBD_SMB2_NUM_IOV_PER_REQ check for sendfile() support (bug #9341) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a88e3be794a7458ad644e5b73435971533aa7dbe Author: Christian Ambach a...@samba.org Date: Tue Oct 30 15:39:02 2012 +0100 s3:docs document shadow:snapdirseverywhere option of vfs_shadow_copy2 Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Tue Oct 30 18:32:57 CET 2012 on sn-devel-104 --- Summary of changes: docs-xml/manpages/vfs_shadow_copy2.8.xml | 15 +++ 1 files changed, 15 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/vfs_shadow_copy2.8.xml b/docs-xml/manpages/vfs_shadow_copy2.8.xml index 34f3d1b..b313416 100644 --- a/docs-xml/manpages/vfs_shadow_copy2.8.xml +++ b/docs-xml/manpages/vfs_shadow_copy2.8.xml @@ -157,6 +157,21 @@ /para /listitem /varlistentry + varlistentry + termshadow:snapdirseverywhere = yes/no + /term + listitem + paraIf you enable command moreinfo=none + shadow:snapdirseverywhere /command then this module will look + out for snapshot directories in the current and all parent + directories of the current working directory. + An example where this is needed are independent filesets in + IBM's GPFS, but other filesystems might support snapshotting + only particular subtrees of the filesystem as well. + /para + /listitem + /varlistentry + /variablelist /refsect1 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 39e58d6 s3fs-utils: Free the popt context in smbcacls and smbquotas. via aca807c s3fs-net: Use talloc for memory allocation. from a88e3be s3:docs document shadow:snapdirseverywhere option of vfs_shadow_copy2 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 39e58d6845ee4dab0e9ae1537fccaed837ead728 Author: Andreas Schneider a...@samba.org Date: Mon Oct 29 21:12:14 2012 +0100 s3fs-utils: Free the popt context in smbcacls and smbquotas. Signed-off-by: Andreas Schneider a...@samba.org Reviewed by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Oct 30 20:22:46 CET 2012 on sn-devel-104 commit aca807c94cdb44cc846562400495ee3a7114f8e0 Author: Andreas Schneider a...@samba.org Date: Mon Oct 29 21:12:13 2012 +0100 s3fs-net: Use talloc for memory allocation. Signed-off-by: Andreas Schneider a...@samba.org Reviewed by: Jeremy Allison j...@samba.org --- Summary of changes: source3/utils/net.c|2 +- source3/utils/smbcacls.c |2 ++ source3/utils/smbcquotas.c |2 ++ 3 files changed, 5 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/utils/net.c b/source3/utils/net.c index eccb522..85fe2f6 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -868,7 +868,7 @@ static struct functable net_func[] = { break; case 'U': c-opt_user_specified = true; - c-opt_user_name = SMB_STRDUP(c-opt_user_name); + c-opt_user_name = talloc_strdup(c, c-opt_user_name); p = strchr(c-opt_user_name,'%'); if (p) { *p = 0; diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index 3d18bee..7df4e48 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -1435,6 +1435,8 @@ static struct cli_state *connect_one(struct user_auth_info *auth_info, return -1; } + poptFreeContext(pc); + string_replace(path,'/','\\'); server = talloc_strdup(frame, path+2); diff --git a/source3/utils/smbcquotas.c b/source3/utils/smbcquotas.c index be82e34..b962103 100644 --- a/source3/utils/smbcquotas.c +++ b/source3/utils/smbcquotas.c @@ -688,6 +688,8 @@ FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT, SETSTRING }, exit(EXIT_PARSE_ERROR); } + poptFreeContext(pc); + string_replace(path, '/', '\\'); server = SMB_STRDUP(path+2); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a71ad96 ldb: Add ldbdump, based on tdbdump via 4b2f3c6 ldb: Remove no-longer-existing ltdb_unpack_data_free from ldb_tdb.h via cc6d0de ldb: Change ltdb_unpack_data to take an ldb_context via 42c379f samba-tool: Add samba-tool processes subcommand via a732f2a pymessaging: Add irpc_servers_byname() and irpc_all_servers() via 76b7348 pymessaging: Use the server_id IDL structure rather than a tuple via 3b4ef03 imessaging: Add irpc_all_servers() to list all available servers from 39e58d6 s3fs-utils: Free the popt context in smbcacls and smbquotas. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a71ad96bd046f1199e67b4fe8fc7783cbd8dd771 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 30 15:41:27 2012 +1100 ldb: Add ldbdump, based on tdbdump This uses a tdb_traverse or (more usefully) the tdb_rescue API, like tdbdump. The difference here is that it uses ldb helper functions to further eliminate faulty records, which avoids creating duplicates in the output. (The duplicates come from parts of records that are left in blank space in the db, which tdb_rescue finds, but which are not actually a full record). Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Oct 30 23:56:11 CET 2012 on sn-devel-104 commit 4b2f3c6dec997b0dd4bcafeae662a71ebd34e12b Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 30 10:22:28 2012 +1100 ldb: Remove no-longer-existing ltdb_unpack_data_free from ldb_tdb.h commit cc6d0decc7980028293168aee267e7610752fc80 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 30 10:21:42 2012 +1100 ldb: Change ltdb_unpack_data to take an ldb_context It always de-references the module to find the ldb anyway. Andrew Bartlett commit 42c379f0dfdeb36598bb2636aa2b6e3ca4410930 Author: Andrew Bartlett abart...@samba.org Date: Mon Oct 29 15:36:36 2012 +1100 samba-tool: Add samba-tool processes subcommand This will allow administrators to inspect the process list in a similar way to what running on a platform with setproctitle might permit. --pid= returns the registered server names for a PID (eg kdc, cldap_server) --name= returns the pids registered with a particular name. Andrew Bartlett commit a732f2a621665923322422c5a3d788c9d1aa8df9 Author: Andrew Bartlett abart...@samba.org Date: Mon Oct 29 15:34:41 2012 +1100 pymessaging: Add irpc_servers_byname() and irpc_all_servers() This will allow python scripts to inspect the process list. Andrew Bartlett commit 76b7348299870279acec5b7c9f02f4e4b2461703 Author: Andrew Bartlett abart...@samba.org Date: Mon Oct 29 15:33:59 2012 +1100 pymessaging: Use the server_id IDL structure rather than a tuple This will make it easier to pass this structure in and out. The tuple is still accepted as input. Andrew Bartlett commit 3b4ef03097293f758d8f11cbe434063ed1dc6b91 Author: Andrew Bartlett abart...@samba.org Date: Mon Oct 29 15:32:21 2012 +1100 imessaging: Add irpc_all_servers() to list all available servers This is implemented with a tdb_traverse_read(), and will allow a tool to disover the name and server_id of all Samba processes, as each process registers itself to recieve messages. Andrew Bartlett --- Summary of changes: lib/ldb/ldb_tdb/ldb_index.c|2 +- lib/ldb/ldb_tdb/ldb_pack.c |4 +- lib/ldb/ldb_tdb/ldb_search.c |6 +- lib/ldb/ldb_tdb/ldb_tdb.c |2 +- lib/ldb/ldb_tdb/ldb_tdb.h |4 +- lib/ldb/tools/ldbdump.c| 219 lib/ldb/wscript|4 + librpc/wscript_build |5 + source4/lib/messaging/irpc.h |2 + source4/lib/messaging/messaging.c | 71 +++ source4/lib/messaging/pymessaging.c| 124 +++- source4/librpc/idl/irpc.idl| 13 +- source4/librpc/wscript_build |6 + source4/scripting/python/samba/netcmd/main.py |2 + source4/scripting/python/samba/netcmd/processes.py | 78 +++ source4/scripting/python/samba/tests/messaging.py | 13 +- .../python/samba/tests/samba_tool/processes.py | 35 +++ source4/selftest/tests.py |1 + 18 files changed, 572 insertions(+), 19 deletions(-) create mode 100644 lib/ldb/tools/ldbdump.c create mode 100644
Re: [SCM] Samba Shared Repository - branch master updated
On Tue, 2012-10-30 at 23:57 +0100, Andrew Bartlett wrote: commit cc6d0decc7980028293168aee267e7610752fc80 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 30 10:21:42 2012 +1100 ldb: Change ltdb_unpack_data to take an ldb_context It always de-references the module to find the ldb anyway. Andrew Bartlett Andrew, why are you messing over with these interface conventions ? I see no rationale for this change, can you please revert and learn a bit about consistent and predictable interfaces ? Thanks. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com
[SCM] CTDB repository - branch master updated - ctdb-1.13-340-gceac026
The branch, master has been updated via ceac026713a7ee30ea865ed4a9422900ed76fdf6 (commit) via aad1584da8a8425bc6f5163c95810e9d2390dc91 (commit) from 16a91c2a4d03b46743611e2fe844bb2cef95e46a (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit ceac026713a7ee30ea865ed4a9422900ed76fdf6 Author: Amitay Isaacs ami...@gmail.com Date: Wed Oct 31 12:17:27 2012 +1100 web: Update instructions for building from tarball Signed-off-by: Amitay Isaacs ami...@gmail.com commit aad1584da8a8425bc6f5163c95810e9d2390dc91 Author: Amitay Isaacs ami...@gmail.com Date: Wed Oct 31 12:10:22 2012 +1100 tests: Do not check release suffix in ctdb version test release suffix added by RPM is to track packaging changes. Core CTDB version does not include the release suffix. Signed-off-by: Amitay Isaacs ami...@gmail.com --- Summary of changes: tests/simple/01_ctdb_version.sh |3 ++- web/building.html | 10 +- 2 files changed, 11 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/tests/simple/01_ctdb_version.sh b/tests/simple/01_ctdb_version.sh index 5a36ea4..3e1ed3e 100755 --- a/tests/simple/01_ctdb_version.sh +++ b/tests/simple/01_ctdb_version.sh @@ -39,8 +39,9 @@ if ! try_command_on_node -v 0 rpm -q ctdb ; then fi rpm_ver=${out#ctdb-} # Some version of RPM append the architecture to the version. +# And also remove the release suffix. arch=$(uname -m) -rpm_ver=${rpm_ver%.${arch}} +rpm_ver=${rpm_ver%-*.${arch}} try_command_on_node -v 0 $CTDB version ctdb_ver=${out#CTDB version: } diff --git a/web/building.html b/web/building.html index fc4789c..7475078 100644 --- a/web/building.html +++ b/web/building.html @@ -4,7 +4,7 @@ H2 align=centerBuilding CTDB and Samba/h2 h2CTDB/h2 -To build a copy of the CTDB code you should do this: +To build a copy of CTDB code from a git tree you should do this: pre cd ctdb ./autogen.sh @@ -13,6 +13,14 @@ To build a copy of the CTDB code you should do this: make install /pre +To build a copy of CTDB code from a tarball you should do this: +pre + tar xf ctdb-x.y.tar.gz + cd ctdb-x.y + ./configure + make + make install +/pre You need to install ctdb on all nodes of your cluster. -- CTDB repository
[SCM] CTDB repository - branch master updated - ctdb-1.13-341-gcd64035
The branch, master has been updated via cd64035d71ddff6aebe6c15a49e09527283425d2 (commit) from ceac026713a7ee30ea865ed4a9422900ed76fdf6 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit cd64035d71ddff6aebe6c15a49e09527283425d2 Author: Martin Schwenke mar...@meltin.net Date: Wed Oct 31 12:33:25 2012 +1100 ctdbd: Fix compilation warning in locking code Signed-off-by: Martin Schwenke mar...@meltin.net --- Summary of changes: server/ctdb_lock.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/server/ctdb_lock.c b/server/ctdb_lock.c index 8097e84..81f0eb3 100644 --- a/server/ctdb_lock.c +++ b/server/ctdb_lock.c @@ -1039,13 +1039,13 @@ void ctdb_lock_blocked_handler(struct tevent_context *ev, DEBUG(DEBUG_WARNING, (Process %s (pid=%d) locked database %s (inode %lu) for %.0lf seconds\n, (process_name ? process_name : unknown), - blocker_pid, db_name, inode, + blocker_pid, db_name, (unsigned long)inode, timeval_elapsed(lock_ctx-start_time))); } else { DEBUG(DEBUG_WARNING, (Process %s (pid=%d) locked database (inode %lu) for %.0lf seconds\n, (process_name ? process_name : unknown), - blocker_pid, inode, + blocker_pid, (unsigned long)inode, timeval_elapsed(lock_ctx-start_time))); } -- CTDB repository
[SCM] CTDB repository - annotated tag ctdb-2.0 created - ctdb-2.0
The annotated tag, ctdb-2.0 has been created at 23282c5c861fe5674960ad38ca635350937c6758 (tag) tagging cd64035d71ddff6aebe6c15a49e09527283425d2 (commit) replaces ctdb-1.13 tagged by Amitay Isaacs on Wed Oct 31 12:36:10 2012 +1100 - Log - New version 2.0 Amitay Isaacs (89): build: Add rules to create ctags/etags packaging: Setup directories for rpmbuild build: Remove re-definition of same variable build: Display correct LIB_FLAGS while building build: Use system talloc library if available build: Use system tevent library if available build: Use system tdb library if available recovery: Add prototypes for tdb internal functions build: Substitute POPT macros once and reuse variables tests/tool: Fix the nodestatus test tests/tool: New nodestatus test tests: exportfs always outputs with options in brackets tests: Add a script to run cluster tests and make target test_cluster tests: Add regular expression parsing for hop_count_buckets tests: Fix the error messages in test event script ctdbd: Fix the error message string tests: Check for assigned IP addresses only if we are on real cluster tests: Check assigned IPs from ctdb output tests: Set the debug level = 3 when running local tests tests: Use CTDB_TEST_REAL_CLUSTER to decide if tests use local daemons recoverd: Fix spurious warnings when running with --nopublicipcheck ctdbd: Fix spurious warnings when running with --nopublicipcheck includes: Move special tevent defines from tevent.h to includes.h Remove explicit include of lib/tevent/tevent.h. ctdb_test: Remove faked wrappers for tevent functions in stub testing lib/tevent: Remove local modifications to tevent lib/tevent: Remove the files required to build tevent as a library lib/tevent: Sync tevent from samba git tree lib/talloc: Remove the files required to build talloc as a library lib/talloc: Sync talloc from samba git tree lib/tdb: Remove the files required to build tdb as a library lib/tdb: Sync tdb from samba git tree tests/tool: Fix the nodestatus test tests/tool: New nodestatus test tests: Fix wrapper scripts tests: CTDB_TEST_WRAPPER has to be an absolute path on a real cluster tests: test_wrap needs to set TEST_SCRIPTS_DIR tests/simple: Fix typo in the test message server: locking: Provide a common API for non-blocking locking of TDBs Revert server: locking: Provide a common API for non-blocking locking of TDBs tests: Use per node log files when running tests with local daemons packaging: make ctdb-tests package depend on nc server: Replace BOOL datatype with bool, True/False with true/false tests: Fix flakey behavior of ctdb_fetch test tests: Fix ctdb_fetch test (parse extra lines of output) tests: Increment RSN always in ctdb_update_record_persistent test Fix compiler warnings. util: Do not try to lockdown memory when running in local daemons mode ctdbd: Return explicit boolean values for function returning bool Remove tevent_loop_allow_nesting() web: Add my name to the developer list. util: Do not lock down memory when running with local daemons doc: Fix path string of /etc/sysconfig/ctdb file Revert when creating/adding a public ip, set the initial interface to be the first interface specified doc: Fix the hyperlink for Testing CTDB page scripts: Remove duplicate code from init script to set tunables doc: Fix documentation for setup event doc: Add info about execute permissions on event scripts header: Added DB statistics update macros common: Add routines to get process and lock information ctdbd: locking: Provide non-blocking API for locking of TDB record/db/alldb tools/ctdb: Display the locking statistics tests: Fix statistics test for new output lines from locking API ctdbd_test: Include ctdb_lock.c code for test stubs ctdb_freeze: Replace locking functions with locking API ctdb_recover: Replace static locking functions with locking API ctdbd: Replace lockwait with locking API and remove ctdb_lockwait.c locking: Schedule a new lock request everytime a lock is released locking: Add database priority handling for older versions of samba locking: Do not use ctdb_kill() to kill smbd processes build: Set CTDB_PATH to /tmp/ctdb.socket if SOCKPATH is not defined web: Remove reference to non-existent config files web: Add the links to ftp/http ctdb download area web: Add posix locking information to prerequisites doc: README - add information about CTDB, license and website build: Extract building of manpages in a separate Makefile packaging: Build
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-10-31-0246/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-10-31-0246/samba3.stderr http://git.samba.org/autobuild.flakey/2012-10-31-0246/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-10-31-0246/samba.stderr http://git.samba.org/autobuild.flakey/2012-10-31-0246/samba.stdout The top commit at the time of the failure was: commit a71ad96bd046f1199e67b4fe8fc7783cbd8dd771 Author: Andrew Bartlett abart...@samba.org Date: Tue Oct 30 15:41:27 2012 +1100 ldb: Add ldbdump, based on tdbdump This uses a tdb_traverse or (more usefully) the tdb_rescue API, like tdbdump. The difference here is that it uses ldb helper functions to further eliminate faulty records, which avoids creating duplicates in the output. (The duplicates come from parts of records that are left in blank space in the db, which tdb_rescue finds, but which are not actually a full record). Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Oct 30 23:56:11 CET 2012 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 59e9661 Add regression test for bug #9329 - Directory listing with SeBackup can crash smbd. from a71ad96 ldb: Add ldbdump, based on tdbdump http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 59e9661de2dd19808295002f1329b27d5dca09e6 Author: Jeremy Allison j...@samba.org Date: Mon Oct 29 14:49:36 2012 -0700 Add regression test for bug #9329 - Directory listing with SeBackup can crash smbd. Ensure we exercise the SeBackup code path on directory listings. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Wed Oct 31 03:21:38 CET 2012 on sn-devel-104 --- Summary of changes: source3/script/tests/test_smbclient_s3.sh | 62 +++- source3/selftest/tests.py | 10 ++-- 2 files changed, 64 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/script/tests/test_smbclient_s3.sh b/source3/script/tests/test_smbclient_s3.sh index 3341c62..fb518c5 100755 --- a/source3/script/tests/test_smbclient_s3.sh +++ b/source3/script/tests/test_smbclient_s3.sh @@ -2,9 +2,9 @@ # this runs the file serving tests that are expected to pass with samba3 -if [ $# -lt 7 ]; then +if [ $# -lt 11 ]; then cat EOF -Usage: test_smbclient_s3.sh SERVER SERVER_IP DOMAIN USERNAME PASSWORD USERID LOCAL_PATH PREFIX SMBCLIENT WBINFO +Usage: test_smbclient_s3.sh SERVER SERVER_IP DOMAIN USERNAME PASSWORD USERID LOCAL_PATH PREFIX SMBCLIENT WBINFO NET EOF exit 1; fi @@ -19,9 +19,10 @@ LOCAL_PATH=${7} PREFIX=${8} SMBCLIENT=${9} WBINFO=${10} +NET=${11} SMBCLIENT=$VALGRIND ${SMBCLIENT} WBINFO=$VALGRIND ${WBINFO} -shift 10 +shift 11 ADDARGS=$* incdir=`dirname $0`/../../../testprogs/blackbox @@ -489,6 +490,57 @@ EOF fi } +# Test doing a directory listing with backup privilege. +test_backup_privilege_list() +{ +tmpfile=$PREFIX/smbclient_backup_privilege_list + +# If we don't have a DOMAIN component to the username, add it. +echo $USERNAME | grep '\\' 21 +ret=$? +if [ $ret != 0 ] ; then + priv_username=$DOMAIN\\$USERNAME +else + priv_username=$USERNAME +fi + +$NET sam rights grant $priv_username SeBackupPrivilege 21 +ret=$? +if [ $ret != 0 ] ; then + echo Failed to add SeBackupPrivilege to user $priv_username - $ret + false + return +fi + +cat $tmpfile EOF +backup +ls +quit +EOF + +cmd='CLI_FORCE_INTERACTIVE=yes $SMBCLIENT $@ -U$USERNAME%$PASSWORD //$SERVER/tmp -I $SERVER_IP $ADDARGS $tmpfile 21' +eval echo $cmd +out=`eval $cmd` +ret=$? +rm -f $tmpfile + +if [ $ret != 0 ] ; then + echo $out + echo failed backup privilege list $ret + false + return +fi + +# Now remove all privileges from this SID. +$NET sam rights revoke $priv_username SeBackupPrivilege 21 +ret=$? +if [ $ret != 0 ] ; then + echo failed to remove SeBackupPrivilege from user $priv_username - $ret + false + return +fi +} + LOGDIR_PREFIX=test_smbclient_s3 # possibly remove old logdirs: @@ -552,6 +604,10 @@ testit using an authentication file \ test_auth_file || \ failed=`expr $failed + 1` +testit list with backup privilege \ +test_backup_privilege_list || \ +failed=`expr $failed + 1` + testit rm -rf $LOGDIR \ rm -rf $LOGDIR || \ failed=`expr $failed + 1` diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 9b0527c..def4d83 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -180,20 +180,20 @@ plantestsuite(samba3.blackbox.smbclient_auth.plain (%s) bad username % env, en # plain for env in [s3dc]: -plantestsuite(samba3.blackbox.smbclient_s3.plain (%s) % env, env, [os.path.join(samba3srcdir, script/tests/test_smbclient_s3.sh), '$SERVER', '$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, configuration]) +plantestsuite(samba3.blackbox.smbclient_s3.plain (%s) % env, env, [os.path.join(samba3srcdir, script/tests/test_smbclient_s3.sh), '$SERVER', '$SERVER_IP', '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, net, configuration]) for env in [member, s3member]: -plantestsuite(samba3.blackbox.smbclient_s3.plain (%s) member creds % env, env, [os.path.join(samba3srcdir, script/tests/test_smbclient_s3.sh), '$SERVER', '$SERVER_IP', '$SERVER', '$SERVER$USERNAME', '$PASSWORD', '$USERID', '$LOCAL_PATH', '$PREFIX', smbclient3, wbinfo, configuration]) +plantestsuite(samba3.blackbox.smbclient_s3.plain (%s) member creds % env, env, [os.path.join(samba3srcdir,