[Samba] Windows 7 & 8 + HomeGroup support

[Christ Schlacta]

As windows 8 is continuing the tradition of using HomeGroup instead of 
traditional sharing, I'd like to re-request that some consideration be 
given to implementing HomeGroup support in Samba.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] cant find "provision"

[Gémes Géza]

2012-10-31 22:35 keltezéssel, samba.to.anomal...@xoxy.net írta:

The wiki and most of the how-to web sites reference this command to
set up a new ad domain, but I can find this command anywhere in the
file system, only a directory with .py commands.
samba_upgradeprovision does not seem to support the same arguments.
Installed with git clone, configure, make, make quicktest, make
install.
What do I need to do to create a new Active Directory domain?

samba-tool --help in general and samba-tool domain --help in this case 
are your friends.


Regards

Geza Gemes
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] cant find "provision"

[samba . to . anomalyst]

The wiki and most of the how-to web sites reference this command to
set up a new ad domain, but I can find this command anywhere in the
file system, only a directory with .py commands.
samba_upgradeprovision does not seem to support the same arguments.
Installed with git clone, configure, make, make quicktest, make
install.
What do I need to do to create a new Active Directory domain?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Internal DNS - TTL enforcement for dynamic updates

[Dmitry Khromov]

Hello.

Samba 4 rc 3.
I had noticed a strange behavior. If host creates a record, it won't be further 
updated until the record gets deleted manually. What could cause this?

Another question: how could the dynamically added record's TTL be enforced? For 
example, we have a user-based VLAN assignment in our networks. When Windows 
host boots, it authenticates with machine account and goes to the one of 
"parking" VLANs. Later, when user logs in, he gets a different VLAN and 
different IP address. So, we really want other DNS servers to not cache this 
records for too long.
Normally, this is done by modifying SOA record (and, as I recall, Samba's 
internal DNS respects TTLs in SOA). But samba-tool can't edit SOA records, MMC 
DNS snap-in fails to do it too.

Thanks.

-- 
Best regards,
Dmitry Khromov
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba x Ldap Latency change groups

[Jeremy Allison]

On Wed, Oct 31, 2012 at 11:31:21AM -0300, Flávio wrote:
> I'm with a problem and need some help with this.
> 
> So i'm using 389ds + samba 3.6.9,
> 
> I have Ldap integrated with samba, it works. I get login successfully,
> attributes permissions with ACL, created Shared FOlders, all right.
> 
> But when I insert a user in a Samba Group,it  takes between 20 ~ 30 minutes
> to works.
> I already restart service, restart server, but only is inserted after the
> time.
> 
> What i have to do ?

Are you using nscd caching ? Try turning it off.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4: audit logs

[Jeremy Allison]

On Wed, Oct 31, 2012 at 07:01:55AM +, Thomas Mueller wrote:
> hi 
> 
> I can see some vfs audit module for shares. is there something 
> compareable for authentications and/or ldap access/modifications?
> 
> at least I'd like to see successfull or failed authentications attempts. 
> with "log level = 2" I can't find these in the logfile. 

This is an area in the code that needs improvement.

If you could write up a design explaining exactly what you want
and how you could see this working, I'd be happy to work on a
design for this to get it into future releases.

Cheers,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] help with shadow copy implementation

[Prashanth Sundaram]

Hi,

Over the past several days I have been trying to get the shadow to work with 
samba but haven't been successful. Can someone check below config and let me 
know if I am missing something? We are using Equallogic SAN and iSCSI LUNS to 
mount volumes.

I can cleanly access samba shares on Windows 7 clients but just not shadow 
copy. I have referred the official how-to but couldn't get it to work. I see 
these messages in the logs.  Any help is deeply appreciated.


-  What  should be value of shadow:snapdir?

[2012/10/31 12:20:53.549863,  0] smbd/nttrans.c:2170(call_nt_transact_ioctl)
  FSCTL_GET_SHADOW_COPY_DATA: connectpath /fs/test-01, failed.
[2012/10/31 12:21:13.887198,  0] 
modules/vfs_shadow_copy2.c:734(shadow_copy2_get_shadow_copy2_data)
  shadow:snapdir not found for /fs/test-01 in get_shadow_copy_data
[2012/10/31 12:21:13.887265,  0] smbd/nttrans.c:2170(call_nt_transact_ioctl)
  FSCTL_GET_SHADOW_COPY_DATA: connectpath /fs/test-01, failed.
== Samba pkgs ==
samba-3.5.10-116.el6_2.x86_64
samba-common-3.5.10-116.el6_2.x86_64
samba-winbind-clients-3.5.10-116.el6_2.x86_64
samba-client-3.5.10-116.el6_2.x86_64

=== df -h ==
/dev/mapper/eql-0-fs-test015.0G  2.3G  2.5G  48% 
/fs/test-01
/dev/mapper/eql-2-0+fs-test01   5.0G  2.3G  2.5G  48% 
/fs/test-01/@GMT-2012.10.26-17.32.42/fs/test-01
   (SNAPSHOT-1)
/dev/mapper/eql-d-0+fs-test01   5.0G  2.3G  2.5G  48% 
/fs/test-01/@GMT-2012.10.31-11.52.42/fs/test-01
   (SNAPSHOT- 2)

===/etc/samba/smb.conf ===
[global]
workgroup = DOMAIN
server string = Samba Server Version %v
security = ads
realm = DOMAIN.CORP
encrypt passwords = yes
guest account = nobody
map to guest = bad uid
log file = /var/log/samba/%m.log

domain master = no
local master = no
preferred master = no
os level = 0

load printers = no
show add printer wizard = no
printable = no
printcap name = /dev/null
disable spoolss = yes

follow symlinks = yes
wide links = yes
unix extensions = no

[test]
comment = Test Directories
path = /fs/test-01
vfs objects = shadow_copy2
#shadow_copy2: sort = desc
#shadow: localtime = yes
#shadow: snapdir = /fs/test-01/test
#shadow: basedir = /fs/test-01
guest ok = yes
writeable = yes
map archive = no
force create mode = 0660
force directory mode = 2770
inherit owner = yes
inherit permissions = yes

All feedback is welcome. Thanks!





Confidentiality Notice from Laurion Capital Management LP:

The information in this message, including any attachment, is confidential and 
intended for use only by the designated recipient(s) named above. It is the 
property of Laurion Capital Management LP or its affiliates. If you are not the 
intended recipient, please return the message to the sender and delete all 
copies of it, including attachments, from your computer. Unauthorized use, 
disclosure, dissemination or copying of this message or any part hereof is 
strictly prohibited. This message is for information purposes only. The 
information expressed herein may be changed at any time without notice or 
obligation to update.

No warranty is made as to the completeness or accuracy of the information 
contained in this communication. Any views or opinions presented are those of 
only the author and do not necessarily represent those of Laurion Capital 
Management LP or its related entities. This communication is for information 
purposes only and should not be regarded as an offer, solicitation or 
recommendation to sell or purchase any security or other financial product.

Email transmission cannot be guaranteed to be secure, virus-free or error-free. 
Therefore, we do not represent that this message is virus-free, complete or 
accurate and it should not be relied upon as such. Laurion Capital Management 
LP and its affiliates accept no liability for any damage sustained in 
connection with the content or transmission of this message.

Laurion Capital Management LP and its related entities reserve the right to 
monitor all e-mail communications through their networks.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Office 2010, location is not trusted in samba 3.6.x

[Joeri Vanthienen]

Hi,

Everytime a user opens a excel,word,... document on the share office
complains about the file is beying downloaded from the internet and is not
secure. After a push on the allow or edit button, the user can continue his
work.

I know you can add the UNC location to your trusted sites or location
within internet explorer or office trust center.

When the UNC path is a windows server. There is no warning.
So my question, what is the difference?
I've turned on signing, I can see that the packages are signed between
samba and my windows 7 computer. But this doesn't resolve the problem.

Also using the VFS module streams_xattr is not working.

Is there any solution apart from adding the UNC path as trusted on the
client?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Disabling Roaming Profile Support

[Helmut Hullen]

Hallo, Jeff,

Du meintest am 31.10.12:

> I have "logon drive =" in smb.conf but testparm does not report that.

Just try

testparm -sv

Then you can see the actual options (regardless wether they are set in  
"smb.conf" or not).

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Disabling Roaming Profile Support

[Jeff Dickens]

Well on my setup unless I manually set the profile to local or set a
registry setting to allow only local profiles, it always fails to create a
local profile.  I can't figure out why.


On Wed, Oct 31, 2012 at 9:45 AM, Jeff Dickens  wrote:

> I have "logon drive =" in smb.conf but testparm does not report that.
>
> Does it on your system, Marcio?
>
> ex:
>
> root@grackle:~# grep logon /etc/samba/smb.conf
>domain logons = yes
>logon drive =
>logon home =
>logon path =
> [netlogon]
>path = /home/samba/netlogon
> root@grackle:~#
> root@grackle:~# testparm | grep logon
> Load smb config files from /etc/samba/smb.conf
> ...snip...
> Loaded services file OK.
> Server role: ROLE_DOMAIN_PDC
> Press enter to see a dump of your service definitions
>
> logon path =
> logon home =
> domain logons = Yes
> [netlogon]
> path = /home/samba/netlogon
> root@grackle:~#
>
> On Tue, Oct 30, 2012 at 5:10 PM, Jeff Dickens wrote:
>
>> From
>> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html:
>>
>> Disabling Roaming Profile Support
>>
>> The question often asked is, “How may I enforce use of local profiles?”
>> or “How do I disable roaming profiles?”
>>
>> There are three ways of doing this:
>> In smb.conf
>>
>> Affect the following settings and ALL clients will be forced to use a
>> local profile: logon home =
>> and
>>  logon
>> path =
>> 
>>
>> The arguments to these parameters must be left blank. It is necessary to
>> include the = sign to specifically assign the empty value.
>>
>>
>> This apparently no longer works, or at least it doesn't work properly
>> with an LDAP server.
>>
>> Can anyone comment on why? I'm running Samba 3.6.3-2 on Ubuntu 12.04.
>>
>>
>>
>> --
>> * Jeff Dickens*
>>  IT Manager  978-632-1513
>>
>>
>>
>
>
> --
> * Jeff Dickens*
>  IT Manager  978-632-1513
>
>
>


-- 
* Jeff Dickens*
 IT Manager  978-632-1513
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba x Ldap Latency change groups

[Flávio]

I'm with a problem and need some help with this.

So i'm using 389ds + samba 3.6.9,

I have Ldap integrated with samba, it works. I get login successfully,
attributes permissions with ACL, created Shared FOlders, all right.

But when I insert a user in a Samba Group,it  takes between 20 ~ 30 minutes
to works.
I already restart service, restart server, but only is inserted after the
time.

What i have to do ?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Disabling Roaming Profile Support

[Marcio Oli]

Hi Jeff,

  my configs. are like yours. The default value of parameter "logon
drive" is "logon drive =", so testparm is correct, because the output is
showed only if different of default values.

Thanks,
Marcio Oliveira.

2012/10/31 Jeff Dickens 

> I have "logon drive =" in smb.conf but testparm does not report that.
>
> Does it on your system, Marcio?
>
> ex:
>
> root@grackle:~# grep logon /etc/samba/smb.conf
>domain logons = yes
>logon drive =
>logon home =
>logon path =
> [netlogon]
>path = /home/samba/netlogon
> root@grackle:~#
> root@grackle:~# testparm | grep logon
> Load smb config files from /etc/samba/smb.conf
> ...snip...
> Loaded services file OK.
> Server role: ROLE_DOMAIN_PDC
> Press enter to see a dump of your service definitions
>
> logon path =
> logon home =
> domain logons = Yes
> [netlogon]
> path = /home/samba/netlogon
> root@grackle:~#
>
> On Tue, Oct 30, 2012 at 5:10 PM, Jeff Dickens 
> wrote:
>
> > From
> >
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html
> :
> >
> > Disabling Roaming Profile Support
> >
> > The question often asked is, “How may I enforce use of local profiles?”
> > or “How do I disable roaming profiles?”
> >
> > There are three ways of doing this:
> > In smb.conf
> >
> > Affect the following settings and ALL clients will be forced to use a
> > local profile: logon home =
> > <
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONHOME>and
> logon
> > path =
> > <
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONPATH
> >
> >
> > The arguments to these parameters must be left blank. It is necessary to
> > include the = sign to specifically assign the empty value.
> >
> >
> > This apparently no longer works, or at least it doesn't work properly
> with
> > an LDAP server.
> >
> > Can anyone comment on why? I'm running Samba 3.6.3-2 on Ubuntu 12.04.
> >
> >
> >
> > --
> > * Jeff Dickens*
> >  IT Manager  978-632-1513
> >
> >
> >
>
>
> --
> * Jeff Dickens*
>  IT Manager  978-632-1513
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Marcio Oliveira.
"Tudo concorre para o bem daqueles que amam à Deus." (Rom 8,28)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Disabling Roaming Profile Support

[Jeff Dickens]

I have "logon drive =" in smb.conf but testparm does not report that.

Does it on your system, Marcio?

ex:

root@grackle:~# grep logon /etc/samba/smb.conf
   domain logons = yes
   logon drive =
   logon home =
   logon path =
[netlogon]
   path = /home/samba/netlogon
root@grackle:~#
root@grackle:~# testparm | grep logon
Load smb config files from /etc/samba/smb.conf
...snip...
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

logon path =
logon home =
domain logons = Yes
[netlogon]
path = /home/samba/netlogon
root@grackle:~#

On Tue, Oct 30, 2012 at 5:10 PM, Jeff Dickens  wrote:

> From
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html:
>
> Disabling Roaming Profile Support
>
> The question often asked is, “How may I enforce use of local profiles?”
> or “How do I disable roaming profiles?”
>
> There are three ways of doing this:
> In smb.conf
>
> Affect the following settings and ALL clients will be forced to use a
> local profile: logon home =
> and
>  logon
> path =
> 
>
> The arguments to these parameters must be left blank. It is necessary to
> include the = sign to specifically assign the empty value.
>
>
> This apparently no longer works, or at least it doesn't work properly with
> an LDAP server.
>
> Can anyone comment on why? I'm running Samba 3.6.3-2 on Ubuntu 12.04.
>
>
>
> --
> * Jeff Dickens*
>  IT Manager  978-632-1513
>
>
>


-- 
* Jeff Dickens*
 IT Manager  978-632-1513
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Copy passwords samba from other server

[rodrigo tavares]

Hello,

Today, I have a samba with LDAP with 2000 users.
But, I need to make a new domain server. 

So, i want copy the samba passwords from another server.

How I can to copy backup password samba ?
This passwords is in /var/lib/samba, about create usingsmbpasswd. 

Good bye,

Rodrigo Faria Tavares
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Still mandatory profiles, every user same profile

[Joel Franco Guzmán]

Hi Ulrich,

I have a similar problem like you described:

I want several users to authenticate in your windows machine with your
specific login/pass, but all of them use the same mandatory fixed
roaming profile.

Have you succeeded your setup with the Barlett sugestions? In that case,
can you post your solution?

Regards,

-- 
Joel Franco Guzmán

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] access my created share in smb.conf Only by Ip

[Mohammad Ebrahim Abravi]

Hello

Upgrade to samba4 rc4 But this problem not solved 

On Sat, Oct 20, 2012 at 12:40 PM, Rowland Penny  wrote:

> On 20/10/12 08:20, Mohammad Ebrahim Abravi wrote:
>
>> Hello
>>
>> use your recommendations , Results:
>>
>> samba4 rc3
>> *s4-ad -> samba server Host name
>> test.s4.com -> domain name*
>> *Dns Server -> Samba Internal DNS server , Bind 9.9.1-P2*
>> *win xp*
>>
>> \\test.s4.com  no  access
>> \\192.168.1.6 ->  no  access
>>
>> \\test.s4.com\myshare   ->  no  access
>> \\192.168.1.6\myshare  ->  no  access
>>
>>
>> *Note*: this options set for change mandatory profile owner to
>>
>> AdministratorS :
>> server services = +smb -s3fs
>> dcerpc endpoint servers = +winreg +srvsvc
>>
>>
>> Thanks
>>
>>
>> On Wed, Oct 17, 2012 at 6:54 PM, Carlos R. Pena Evertsz <
>> carlosrpever...@gmail.com> wrote:
>>
>>  Let Mohammad try my recommendations and them we will talk about it.
>>>
>>>
>>>
>>> On 10/17/2012 9:07 AM, Rowland Penny wrote:
>>>
>>>  On 17/10/12 15:20, Carlos R. Pena Evertsz wrote:

  Hi Mohammad,
>
> I had the same problem like many others,  so I think samba should
> include a note like mine in their documentation.
>
> This is the trick for successfully access the share with the hostname..
>
> Be sure you have the following lines in the smb.conf:
>
> netbios name = yourhostname
>
>  This is set by default

   wins support = yes
 This turns on the wins server, you should only turn this on if it is the
 only one.


  Find the "name resolve order" directive and be sure you have it in the
> following order.
>
> name resolve order = wins lmhosts hosts bcast
>
>
> Add the following line:
>
> hosts allow = the host ip / mask
>
> Where the host ip is your server ip.
>   the mask is the mask you are using in all your windows
> clients.
>
>  If you set it like this, the only machine that will be able to connect
 would be the server itself. It should be, from data supplied,
 192.168.1.0/255.255.255.0 This would allow any computer on the subnet
 to
 connect.

   This is the most important thing. For example If you have in your
 server

> the mask 255.255.0.0 then all your clients must have the same network
> mask.
> Windows clients with the same mask of the server will see the server
> on the
> network with it hostname otherwise you need to access the server by
> its ip
> number. I think this is a Windows issue but they have left it in this
> way
> so we have to live with it.
>
> I hope this can help you.
>
>   I doubt it.
>
 Rowland

   Carlos

> Santo Domingo, Dominican Republic
> On 10/17/2012 6:55 AM, Mohammad Ebrahim Abravi wrote:
>
>  Hello
>>
>> samba4 rc3
>> *s4-ad -> samba server Host name
>> test.s4.com -> domain name*
>> *Dns Server -> Samba Internal DNS server , Bind 9.9.1-P2*
>> *win xp*
>>
>> have access to default  share such as sysvol  by dns name (\\
>> test.s4.com
>> \sysvol)
>>
>> but if  created a share in smb.conf  Only access by IP such as :
>>
>> \\test.s4.com\myshare   ->  no  access and ask me for user and
>> password !
>> \\192.168.1.6\myshare  ->  access
>>
>> If using *s4-ad.test.s4.com* my share accessible !!!
>>
>> \\test.s4.com\myshare   ->  no  access !
>> \\s4-ad.s4.com \myshare   -> access !
>>
>> \\test.s4.com\sysvol   ->  access !
>> \\*s4-ad* . test.s4.com<
>> http://test.s4.com>\sysvol
>>
>>   ->
>> access !
>>
>> Note:
>> In *\\test.s4.com* seen all the shared directory, but not accessible
>>
>> in *samba alpha17* no need type *s4-ad*
>>
>> what happened ?
>>
>> This is  Bug in samba4 rc3 ?
>>
>>
>> Thanks
>>
>>
>
  --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  
>>> https://lists.samba.org/mailman/options/samba
>>> 
>>> >
>>>
>>>  Hello again, how did you provision the samba4 server? Please provide
> the smb.conf from the samba4 server.
>
> Rowland
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  
> https://lists.samba.org/**mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [PATCH] Re: can not change mandatory owner to administrators

[Andrew Bartlett]

On Wed, 2012-10-31 at 13:10 +0330, Mohammad Ebrahim Abravi wrote:
> Hello
> 
> Remove This Record and  problem solved without add "server services = +smb
> -s3fs " and " dcerpc endpoint servers = +winreg +srvsvc" to smb.conf
> 
> idmap.ldb:
> 
> dn: CN=S-1-5-32-544
> cn: S-1-5-32-544
> objectClass: sidMap
> objectSid: S-1-5-32-544
> type: ID_TYPE_GID
> xidNumber: 10
> distinguishedName: CN=S-1-5-32-544**
> 
> *Note: BUG : Upgrade To samba rc4 and run samba-tool dbcheck but not fix
> this record ;*

Sadly we can't 'just fix' this, because it changes which unix gid files
are owned by.  We can however suggest it to administrators in release
notes, I'll try and get that set when we fix the release branch.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [PATCH] Re: can not change mandatory owner to administrators

[Mohammad Ebrahim Abravi]

Hello

Remove This Record and  problem solved without add "server services = +smb
-s3fs " and " dcerpc endpoint servers = +winreg +srvsvc" to smb.conf

idmap.ldb:

dn: CN=S-1-5-32-544
cn: S-1-5-32-544
objectClass: sidMap
objectSid: S-1-5-32-544
type: ID_TYPE_GID
xidNumber: 10
distinguishedName: CN=S-1-5-32-544**

*Note: BUG : Upgrade To samba rc4 and run samba-tool dbcheck but not fix
this record ;*



On Tue, Oct 16, 2012 at 10:39 AM, Andrew Bartlett wrote:

> On Tue, 2012-10-16 at 13:17 +1100, Andrew Bartlett wrote:
> > On Sat, 2012-10-13 at 19:30 +1100, Andrew Bartlett wrote:
> > > On Sat, 2012-10-13 at 09:58 +0330, Mohammad Ebrahim Abravi wrote:
> > > > Solved
> > > >
> > > > Thanks a lot
> > >
> > > Thanks.
> > >
> > > The root of the issue is this automatically generated entry in your
> > > idmap.ldb:
> > >
> > > # record 12
> > > dn: CN=S-1-5-32-544
> > > cn: S-1-5-32-544
> > > objectClass: sidMap
> > > objectSid: S-1-5-32-544
> > > type: ID_TYPE_GID
> > > xidNumber: 10
> > > distinguishedName: CN=S-1-5-32-544
> > >
> > >
> > > What we need to do in your case is to remove that record, so it becomes
> > > regenerated as an IDMAP_BOTH.  We also need to remove the generation of
> > > that record from provision.
> > >
> > > The issue is that as a GID, you of course can't own a file.  The ntvfs
> > > file server papered over this issue (didn't deal with file ownership at
> > > a unix level), but the smbd file server needs to correctly set posix
> > > permissions.
> > >
> > > I hope this clarifies things.  If you can please file a bug, I'll try
> > > not to forget this.
> >
> > The attached patch should prevent this for a new provision.  Are you
> > able to test if this fixes things for you (on a new test domain?)
>
> This updated version uses the primary group of root (or the --root user)
> rather than hoping that there will be a group by the same name.
>
> Andrew Bartlett
>
> --
> Andrew Bartletthttp://samba.org/~abartlet/
> Authentication Developer, Samba Team   http://samba.org
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [Announce] CTDB release 2.0 is ready for download

[Amitay Isaacs]

Hi Michael,

On Wed, Oct 31, 2012 at 7:12 PM, Michael Adam  wrote:
> Hi Amitay,
>
> On 2012-10-31 at 16:14 +1100, Amitay Isaacs wrote:
>> This is long overdue CTDB release. There have been numerous code
>> enhancements and bug fixes since the last release of CTDB.
>
> it is really very nice, that we start over, version-wise! :-)
>
> Are you planning to create a ctdb-2.0 branch off the release tag
> so that this version can stabilize?

Owing to a *very small* active group of developers of CTDB, most of
the new commits would be bug-fixes. ;-)

I didn't want to take on extra work of maintaining multiple
development/release branches till there is significant contribution
and new developments. I will continue to release from master till we
need separate stable and development branches.


>> Highlights
>> ===
>>
>> * Support for readonly records 
>> (http://ctdb.samba.org/doc/readonlyrecords.txt)
>
> Wasn't that alrady in the 1.2.* versions and the version stream
> in the branch 1.13 ?
>
>> * Locking API to detect deadlocks between ctdb and samba
>> * Fetch-lock optimization to rate-limit concurrent requests for same record
>> * Support for policy routing
>> * Modified IP allocation algorithm
>> * Improved database vacuuming
>
> This is also available in the 1.2.* stream (various 1.2.X branches)
> and even the 1.0.114.* versions (1.0.114 branch).
>
>> * New test infrastructure
>
> Sorry for pointing these out so bluntly.
> I may have missed somethings, but I also did not
> want to let a false impression arise that the
> items I commented on were newly created and are
> not available in eralier releases.
>
> If this is misleading or wrong, please apologize and clarify! :-)

Last time I checked, the last community released code (either in
tarball or RPM form) was 1.0.114. Correct me if I am wrong.

If the changes I mentioned were present in 1.0.114 release, I need to
improve my git skills significantly. :-)

Amitay.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] [Announce] CTDB release 2.0 is ready for download

[Michael Adam]

Hi Amitay,

On 2012-10-31 at 16:14 +1100, Amitay Isaacs wrote:
> This is long overdue CTDB release. There have been numerous code
> enhancements and bug fixes since the last release of CTDB.

it is really very nice, that we start over, version-wise! :-)

Are you planning to create a ctdb-2.0 branch off the release tag
so that this version can stabilize?

> Highlights
> ===
> 
> * Support for readonly records (http://ctdb.samba.org/doc/readonlyrecords.txt)

Wasn't that alrady in the 1.2.* versions and the version stream
in the branch 1.13 ?

> * Locking API to detect deadlocks between ctdb and samba
> * Fetch-lock optimization to rate-limit concurrent requests for same record
> * Support for policy routing
> * Modified IP allocation algorithm
> * Improved database vacuuming

This is also available in the 1.2.* stream (various 1.2.X branches)
and even the 1.0.114.* versions (1.0.114 branch).

> * New test infrastructure

Sorry for pointing these out so bluntly.
I may have missed somethings, but I also did not
want to let a false impression arise that the
items I commented on were newly created and are
not available in eralier releases.

If this is misleading or wrong, please apologize and clarify! :-)

Cheers - Michael

> Reporting bugs & Development Discussion
> ===
> 
> Please discuss this release on the samba-technical mailing list or by
> joining the #ctdb IRC channel on irc.freenode.net.
> 
> All bug reports should be filed under CTDB product in the project's
> Bugzilla database (https://bugzilla.samba.org/).
> 
> 
> Download Details
> =
> 
> The source code can be downloaded from:
> 
>   http://ftp.samba.org/pub/ctdb/
> 
> Git repository
> 
>git://git.samba.org/ctdb.git
>http://git.samba.org/?p=ctdb.git;a=summary  (Git via web)
> 
> CTDB documentation
> 
> https://ctdb.samba.org/
> 
> 
> Amitay.


pgp14cBj1nslV.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4: audit logs

[Andrew Bartlett]

On Wed, 2012-10-31 at 07:01 +, Thomas Mueller wrote:
> hi 
> 
> I can see some vfs audit module for shares. is there something 
> compareable for authentications and/or ldap access/modifications?
> 
> at least I'd like to see successfull or failed authentications attempts. 
> with "log level = 2" I can't find these in the logfile. 

We don't really have anything like that in an organised fashion right
now. 

Sorry,

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba4: audit logs

[Thomas Mueller]

hi 

I can see some vfs audit module for shares. is there something 
compareable for authentications and/or ldap access/modifications?

at least I'd like to see successfull or failed authentications attempts. 
with "log level = 2" I can't find these in the logfile. 

- Thomas

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba