Re: [Samba] samba / winbind user authentication problem
Hello, I just wanted to answer my question in case anybody has the same problem and is looking for an answer... On Sun, 02 Dec 2012 22:46, I wrote: I have a problem with samba / winbind PAM authentication. Domain controller is samba4, machines users log on to via PAM are samba 3.6 (all of them ubuntu 12.04 LTS). The whole user authentication was working already, but after a reboot it somehow broke. Additional reboots don't help. The funny thing is that all logs look quite OK to me (except for the single line saying NT_STATUS_LOGON_FAILURE). Also wbinfo only gives me positive feedback: # wbinfo --user-info john john:*:1001:2000::/home/john:/bin/bash [...] # wbinfo --pam-logon john Enter john's password: plaintext password authentication succeeded The whole problem is coming from an old ubuntu help wiki page suggesting to use: kerberos method = system keytab in smb.conf -- instead you should be using: kerberos method = secrets and keytab I somehow changed this line to match ubuntu documentation when debugging a different problem and did not revert that change. See https://bugzilla.samba.org/show_bug.cgi?id=6833 You should never blindly copy anything from the internet :) -- Best regards, -Johannes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 rc6 join win2k3 domain failed
I have same problem. Hmmm... From: Innocent Yevide inye...@yahoo.fr Date: Fri, 7 Dec 2012 22:56:12 + (GMT) Hello, I am trying to join samba4 rc6 to win2k3 server, and failing with: descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=office,DC=local not found under DC=office,DC=local full log below... anyone knows why? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 rc6 join win2k3 domain failed
In my environment, joining to W2K8R2 domain failed on same error. From: TAKAHASHI Motonobu mo...@monyo.com Date: Sun, 09 Dec 2012 23:39:01 +0900 (JST) I have same problem. Hmmm... From: Innocent Yevide inye...@yahoo.fr Date: Fri, 7 Dec 2012 22:56:12 + (GMT) Hello, I am trying to join samba4 rc6 to win2k3 server, and failing with: descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=office,DC=local not found under DC=office,DC=local full log below... anyone knows why? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 DNS: recursion requested but not available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2012-12-09 08:37, Michael B. Trausch wrote: Hi Mike, I am trying to get mail working for a subdomain that is being managed by Samba 4. I added an MX record, but the problem here is that the Samba 4 DNS server isn't replying with the record: = [mbt@aloe ~]$ dig -t MX nautest.naunetcorp.com @s4.nautest.naunetcorp.com ; DiG 9.9.2-P1-RedHat-9.9.2-5.P1.fc18 -t MX nautest.naunetcorp.com @s4.nautest.naunetcorp.com ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOTIMP, id: 5782 ^^ This one is the important bit. MX queries return NOTIMP. I'm a bit surprised about that because I was sure I had seen code in the dns update logc handling this. But apparently I forgot to add code to the query logic to actually return MX records. Sorry. ;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available This is just caused by our error handling code not bothering to set the 'recursion available' bit on error replies. The query should return the name and priority of the MX server that I have defined. The MX shows up in the samba-tool dns query output, so it's just the DNS server that isn't responding correctly. Is this a bug, or is this the result of something I've done wrong? This clearly is a bug in the DNS server. Attached is a patch that should fix MX queries for both the 4.0 release branch and master. I'm afraid we just missed the window for the 4.0.0 release, but I've opened bug #9485 in Samba Bugzilla to track this bug and get it in for the next bugfix release. Thanks for the catch and sorry for any inconvenience. Kai - -- Kai Blin Worldforge developer http://www.worldforge.org/ Wine developer http://wiki.winehq.org/KaiBlin Samba team member http://www.samba.org/samba/team/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlDE7Q0ACgkQEKXX/bF2FpR9pgCfeV1AFdWyF2zHGCZXvy4LcgJ6 SYYAn04b4BCtCCc6oE/+zxA+fxu2S/49 =rGcM -END PGP SIGNATURE- From e6b772c3215c3cf677e0268c7283f5b0e6e75abf Mon Sep 17 00:00:00 2001 From: Kai Blin k...@samba.org Date: Mon, 10 Dec 2012 05:50:05 +1000 Subject: [PATCH] dns: Add support for MX queries Due to an oversight, the internal DNS server supports MX record updates, but not MX record queries. Add support for MX queries and tests. This should fix bug #9485 Signed-off-by: Kai Blin k...@samba.org --- source4/dns_server/dns_query.c |8 + source4/scripting/python/samba/tests/dns.py | 42 +++ 2 files changed, 50 insertions(+), 0 deletions(-) diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c index 54e0c7f..75f0e9f 100644 --- a/source4/dns_server/dns_query.c +++ b/source4/dns_server/dns_query.c @@ -89,6 +89,14 @@ static WERROR create_response_rr(const struct dns_name_question *question, case DNS_QTYPE_PTR: ans[ai].rdata.ptr_record = talloc_strdup(ans, rec-data.ptr); break; + case DNS_QTYPE_MX: + ans[ai].rdata.mx_record.preference = rec-data.mx.wPriority; + ans[ai].rdata.mx_record.exchange = talloc_strdup( + ans, rec-data.mx.nameTarget); + if (ans[ai].rdata.mx_record.exchange == NULL) { + return WERR_NOMEM; + } + break; case DNS_QTYPE_TXT: tmp = talloc_asprintf(ans, \%s\, rec-data.txt.str[0]); W_ERROR_HAVE_NO_MEMORY(tmp); diff --git a/source4/scripting/python/samba/tests/dns.py b/source4/scripting/python/samba/tests/dns.py index 49d699e..d01c8ff 100644 --- a/source4/scripting/python/samba/tests/dns.py +++ b/source4/scripting/python/samba/tests/dns.py @@ -510,6 +510,48 @@ class TestDNSUpdates(DNSTest): response = self.dns_transaction_udp(p) self.assert_dns_rcode_equals(response, dns.DNS_RCODE_NXDOMAIN) +def test_update_add_mx_record(self): +test adding MX records works +p = self.make_name_packet(dns.DNS_OPCODE_UPDATE) +updates = [] + +name = self.get_dns_domain() + +u = self.make_name_question(name, dns.DNS_QTYPE_SOA, dns.DNS_QCLASS_IN) +updates.append(u) +self.finish_name_packet(p, updates) + +updates = [] +r = dns.res_rec() +r.name = %s % self.get_dns_domain() +r.rr_type = dns.DNS_QTYPE_MX +r.rr_class = dns.DNS_QCLASS_IN +r.ttl = 900 +r.length = 0x +r.rdata = dns.mx_record() +r.rdata.preference = 10 +r.rdata.exchange = 'mail.%s' % self.get_dns_domain() +updates.append(r) +p.nscount = len(updates) +p.nsrecs = updates + +response = self.dns_transaction_udp(p) +self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK) + +p = self.make_name_packet(dns.DNS_OPCODE_QUERY) +questions = [] + +name = %s %
Re: [Samba] samba4 rc6 join win2k3 domain failed
Hello, There might be some problems with local, but I haven't this problem with rc5, actually I just fallback to rc5 because of that issue. Best Regards, Inno. De : Ali Bendriss ali.bendr...@googlemail.com À : Innocent Yevide inye...@yahoo.fr Cc : samba@lists.samba.org Envoyé le : Dimanche 9 décembre 2012 23h28 Objet : Re: [Samba] samba4 rc6 join win2k3 domain failed On Friday, December 07, 2012 10:56:12 PM Innocent Yevide wrote: Hello, I am trying to join samba4 rc6 to win2k3 server, and failing with: descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=office,DC=local not found under DC=office,DC=local full log below... anyone knows why? Not sure but there is a lot of discussions on the web about some problems using a .local domain name not only with samba. -- Ali -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 DNS: recursion requested but not available
On 12/09/2012 02:57 PM, Kai Blin wrote: This clearly is a bug in the DNS server. Attached is a patch that should fix MX queries for both the 4.0 release branch and master. I'm afraid we just missed the window for the 4.0.0 release, but I've opened bug #9485 in Samba Bugzilla to track this bug and get it in for the next bugfix release. Thanks for the patch; I will apply it tonight and let you know. Irony is that this was found when I set up a lab environment; my production environment doesn't have MX records in the Samba server! :) Thanks for the catch and sorry for any inconvenience. No worries. Bugs happen, it's how they're dealt with that matters. Thanks! --- Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fwd: samba_dnsupdate principal and TKEY unacceptable
Hi, I am trying to run samba with bind_dlz (bind-9.9.1 - P1) on a multi-homed network. I have configured the setup as per Samba4 Howto. But when I try to do samba_dnsupdate --all-names it fails with error: dns_tkey_negotiategss: TKEY is unacceptable The kerberos ticket being used by samba_dnsupdate shows follwoing principals: klist -c /tmp/tmp6cxfgY Ticket cache: FILE:/tmp/tmp6cxfgY Default principal: DB-SERVER$@BOM.MH.IN Service principal krbtgt/BOM.MH.IN DNS/db-ser...@bom.mh.in Whereas the dns.keytab shows following principals (repeated for multiple encryption algorithms) klist -k private/dns.keytab: DNS/db-server.bom.mh...@bom.mh.in dns-db-ser...@bom.mh.in Wireshark shows that samba_dnsupdate requests TGS-REQ for DNS/ db-ser...@bom.mh.in I retried this thing with samba's internal DNS and there samba_dnsupdate requests for DNS/db-server.bom.mh...@bom.mh.in. In case of internal server the ticket cache shows up like: Service principal krbtgt/BOM.MH.IN DNS/db-server.bom.mh...@bom.mh.in As the principal being used by samba_dnsupdate in case of Bind doesn't contain domain name at its end, can this be the reason for Tkey failure? Why is there a difference in the principal names requested by samba_dnsupdate in case of Bind and Internal DNS? PS: I couldn't go ahead with samba's internal DNS because there I got Tsig verify failure as already posted here: http://permalink.gmane.org/gmane.network.samba.general/127722 Thank you folks for the awesome work! Regards, Tushar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Permissions
Sorry for the top post. If I only wanted to use ACLs to control access, and not Samba as indicated in my OP, should I use security = share mode? Thanks. -Original Message- From: TAKAHASHI Motonobu [mailto:mo...@monyo.com] Sent: Sunday, December 09, 2012 2:20 AM To: Baird, Josh Cc: samba@lists.samba.org Subject: Re: [Samba] Samba Permissions From: Baird, Josh jba...@follett.com Date: Fri, 7 Dec 2012 20:58:22 + I thought I had this working correctly, but sometimes it randomly breaks. Here is an example of a share's configuration: [testshare] comment = Test Share path = /test/testshare writeable = yes create mask = 770 directory mask = 770 You may want to add force group = DOMAIN\testgroup. if the share's directory has the following permissions: drwxrwx--- 2 root DOMAIN\testgroup 4096 Dec 7 14:54 testshare Then, anyone in the DOMAIN\testgroup should have read/write access to the share, correct? Basically yes. In my env, those settings work correctly. DOMAIN\testuser, a member of DOMAIN\testgroup can write to the share. The owner group of written file is DOMAIN\domain users, testuser's primary group. --- TAKAHASHI Motononu mo...@monyo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: Re: samba4 binddlz performance
Hi Thomas, On Tue, Dec 4, 2012 at 6:18 AM, Thomas Manninger dbgtmas...@gmx.at wrote: Original-Nachricht Datum: Fri, 23 Nov 2012 14:32:31 -0800 Von: Matthieu Patou m...@samba.org An: samba@lists.samba.org Betreff: Re: [Samba] samba4 binddlz performance On 11/19/2012 07:11 AM, Thomas Manninger wrote: Hello, i am using samba4rc2. I have problems with the bind9 dlz module, i get very long response times from interal queries. root@s-srv01:~# dig s-srv04.test.local @192.168.0.4 ; DiG 9.8.0-P4 s-srv04.test.local @192.168.0.4 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 64478 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;s-srv04.test.local. IN A ;; ANSWER SECTION: s-srv04.test.local. 900 IN A 192.168.0.4 ;; AUTHORITY SECTION: test.local. 900 IN NS s-srv01.test.local. test.local. 900 IN NS s-srv04.test.local. ;; ADDITIONAL SECTION: s-srv01.test.local. 900 IN A 192.168.0.1 ;; Query time: 1239 msec ;; SERVER: 192.168.0.4#53(192.168.0.4) ;; WHEN: Mon Nov 19 16:07:59 2012 ;; MSG SIZE rcvd: 108 .local is normally used for mdns (see. http://en.wikipedia.org/wiki/MDNS#Host_Discovery), can you try with another kind of tld (ie. use domain test.corp). external queries are a little bit faster: root@s-srv01:~# dig google.com @192.168.0.4 ; DiG 9.8.0-P4 google.com @192.168.0.4 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 56403 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 13, ADDITIONAL: 6 ;; QUESTION SECTION: ;google.com.IN A ;; ANSWER SECTION: google.com. 300 IN A 173.194.35.135 google.com. 300 IN A 173.194.35.136 google.com. 300 IN A 173.194.35.137 google.com. 300 IN A 173.194.35.142 google.com. 300 IN A 173.194.35.128 google.com. 300 IN A 173.194.35.129 google.com. 300 IN A 173.194.35.130 google.com. 300 IN A 173.194.35.131 google.com. 300 IN A 173.194.35.132 google.com. 300 IN A 173.194.35.133 google.com. 300 IN A 173.194.35.134 ;; AUTHORITY SECTION: . 45846 IN NS a.root-servers.net. . 45846 IN NS c.root-servers.net. . 45846 IN NS b.root-servers.net. . 45846 IN NS g.root-servers.net. . 45846 IN NS f.root-servers.net. . 45846 IN NS j.root-servers.net. . 45846 IN NS e.root-servers.net. . 45846 IN NS i.root-servers.net. . 45846 IN NS l.root-servers.net. . 45846 IN NS k.root-servers.net. . 45846 IN NS h.root-servers.net. . 45846 IN NS d.root-servers.net. . 45846 IN NS m.root-servers.net. ;; ADDITIONAL SECTION: a.root-servers.net. 45846 IN A 198.41.0.4 b.root-servers.net. 45846 IN A 192.228.79.201 c.root-servers.net. 45846 IN A 192.33.4.12 d.root-servers.net. 45846 IN A 128.8.10.90 e.root-servers.net. 45846 IN A 192.203.230.10 f.root-servers.net. 45846 IN A 192.5.5.241 ;; Query time: 281 msec ;; SERVER: 192.168.0.4#53(192.168.0.4) ;; WHEN: Mon Nov 19 16:09:06 2012 ;; MSG SIZE rcvd: 511 When i change to the samba4 internal dns server, i get response time about ~1-2ms. But why is the bind dlz modul so slooow..? you can use kcachegrind to trace bind in foreground mode in order to see where the time is spent. Matthieu. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Startup time of bind is also very slow: Dec 3 20:10:06 srv named[20349]: samba_dlz: trying container 'CN=MicrosoftDNS,CN=System,DC=test,DC=intern' Dec 3 20:10:10 srv named[20349]: samba_dlz: configured writeable zone '110.168.192.in-addr.arpa' Dec 3 20:10:10 srv named[20349]: samba_dlz: trying container 'CN=MicrosoftDNS,CN=System,DC=test,DC=intern' Dec 3 20:10:14 srv named[20349]: samba_dlz: configured writeable zone
Re: [Samba] Problem with Kerberos in Samba4
Am Sat, 08 Dec 2012 18:03:31 +0100 schrieb Börje Johnsson: Hi I have a problem when setting up samba4. The server is Ubuntu 12.04 and the version of samba is 4.0.0rc6. I use a clean install of samba. built from git or installed with ubuntu packages? I think that samba is configured correctly according to the HOWTO. Samba is provisioned like this: $ samba-tool domain provision --realm=hrm.local --domain=HRM --adminpass='' --server-role=dc resolv.conf: domain hrm.local nameserver 172.20.10.19 Every test in the HOWTO works until Kerberos is tested: $ kinit administrator@HRM.LOCAL kinit: Cannot contact any KDC for realm 'HRM.LOCAL' while getting initial credentials did you actually start samba after the provision? (check: ps -C samba -f) any messages in the samba.log file? $ klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administra...@samba.example.com Valid starting Expires Service principal 2012-12-08 16:38:15 2012-12-09 02:38:15 krbtgt/ samba.example@samba.example.com renew until 2012-12-15 16:38:15 2012-12-08 16:38:15 2012-12-09 02:38:15 LOCALADMEMBER$@SAMBA.EXAMPLE.COM maybe a leftover from old tests? run kdestroy to clean up kerberos credentials cache. - Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-12-09-0932/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-12-09-0932/samba3.stderr http://git.samba.org/autobuild.flakey/2012-12-09-0932/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-12-09-0932/samba.stderr http://git.samba.org/autobuild.flakey/2012-12-09-0932/samba.stdout The top commit at the time of the failure was: commit b6e2be8e147b4d34a0424a8851b03b24f180048c Author: Alexander Bokovoy a...@samba.org Date: Sat Dec 8 17:57:20 2012 +0200 wafsamba: replace try:except: case with explicit comment about FIPS mode Since exceptions will be caught be outer try:except: pair anyway, mark the test of MD5 code by the comment that explains why we need to really test it. Do it for both hashlib.md5 and md5 modules. Autobuild-User(master): Alexander Bokovoy a...@samba.org Autobuild-Date(master): Sat Dec 8 18:41:07 CET 2012 on sn-devel-104
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-12-09-1427/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-12-09-1427/samba3.stderr http://git.samba.org/autobuild.flakey/2012-12-09-1427/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-12-09-1427/samba.stderr http://git.samba.org/autobuild.flakey/2012-12-09-1427/samba.stdout The top commit at the time of the failure was: commit b6e2be8e147b4d34a0424a8851b03b24f180048c Author: Alexander Bokovoy a...@samba.org Date: Sat Dec 8 17:57:20 2012 +0200 wafsamba: replace try:except: case with explicit comment about FIPS mode Since exceptions will be caught be outer try:except: pair anyway, mark the test of MD5 code by the comment that explains why we need to really test it. Do it for both hashlib.md5 and md5 modules. Autobuild-User(master): Alexander Bokovoy a...@samba.org Autobuild-Date(master): Sat Dec 8 18:41:07 CET 2012 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ade5bfd s4-torture: call the s4u2self tests with arcfour and aes. via d0bad6c s4-torture: precalculate expected session keys from samlogon in schannel test. via f6cb804 libcli/auth: support AES decryption in netlogon_creds_decrypt_samlogon(). via be296a2 libcli/auth: remove trailing whitespace. via f2d9589 s3-auth: remove crypto from serverinfo_to_SamInfoX calls. via c1fb595 s3-rpc_server: Remove obsolete process_creds boolean in samlogon server. via 7f435bd s3-auth: session keys in validation level 6 samlogon replies are *not* encrypted. via 6452892 s3-rpc_server: support AES for interactive netlogon samlogon password decryption. via 7157263 s4-rpc_server: support AES encryption in interactive and generic samlogon. via a52115c s3-rpc_server: we need to encrypt OWFs using DES in _netr_ServerGetTrustInfo(). via 6aec126 s4-torture: validate owf password hash and negotiate AES in forest trust test. via 83b00af s4-torture: validate owf password hash and negotiate AES ServerGetTrustInfo test. via 306a78d s3-rpc_server: pass down netlogon cred state in _netr_ServerGetTrustInfo(). via fd70870 s4-torture: use netlogon_creds_arcfour_crypt() in samba3rpc test. via 4afb7dc s4-torture: exit early when join fails in samba3rpc tests. via 5089442 s4-torture: support AES encryption in interactive samlogon tests in rpc.samr. via d94f012 s4-torture: support AES encryption in pac_verify/generic samlogon netlogon tests. via 3dffd29 s4-torture: use names for r.in.logon_level of netlogon samlogon requests. via 7ea9da0 s4-torture: remove trailing whitespace in smbtorture remote_pac test. via c6f4745 s3-rpc_client: use netlogon_creds_aes_encrypt in interactive netlogon samlogon. via 01e6970 s4-rpc_server: support AES decryption in netr_ServerPasswordSet2 server. via 3dc8c20 s4-torture: add AES support for netr_ServerPasswordSet2 tests. via 0a09160 s4-torture: pass down netlogon flags in netr_ServerPasswordSet2 tests. via d1f481f s4-torture: remove trailing whitespace from netlogon test. via 1362d54 s3-rpc_server: support AES decryption in netr_ServerPasswordSet2 server. via 6434501 s3-rpc_client: support AES encryption in netr_ServerPasswordSet2 client. via ec06c81 s3-rpc_client: use netlogon_creds_arcfour_crypt() in init_netr_CryptPassword. via 429600c libcli/auth: add netlogon_creds_aes_{en|de}crypt routines. from b6e2be8 wafsamba: replace try:except: case with explicit comment about FIPS mode http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ade5bfd304cc806758a58f04b35834cd730dd9ba Author: Günther Deschner g...@samba.org Date: Fri Dec 7 12:51:10 2012 +0100 s4-torture: call the s4u2self tests with arcfour and aes. Guenther Signed-off-by: Günther Deschner g...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Sun Dec 9 21:24:44 CET 2012 on sn-devel-104 commit d0bad6c3350698b26ba009bb0c91d0265cc22f60 Author: Günther Deschner g...@samba.org Date: Fri Dec 7 12:57:18 2012 +0100 s4-torture: precalculate expected session keys from samlogon in schannel test. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit f6cb8049b2fe62054d254a006b8a39f000d1d1d5 Author: Günther Deschner g...@samba.org Date: Fri Dec 7 12:38:16 2012 +0100 libcli/auth: support AES decryption in netlogon_creds_decrypt_samlogon(). Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit be296a21fc509cacaedb5aad0c3ca4ccd44b4a62 Author: Günther Deschner g...@samba.org Date: Fri Dec 7 01:05:00 2012 +0100 libcli/auth: remove trailing whitespace. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit f2d9589b178c0e3374e1c1ad363639b9e2bdce5f Author: Günther Deschner g...@samba.org Date: Thu Dec 6 15:21:02 2012 +0100 s3-auth: remove crypto from serverinfo_to_SamInfoX calls. All crypto is dealt with within the netlogon samlogon server now. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit c1fb595081c2b0bf66bce06c09750f53e8031311 Author: Günther Deschner g...@samba.org Date: Thu Dec 6 14:54:25 2012 +0100 s3-rpc_server: Remove obsolete process_creds boolean in samlogon server. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 71df5a6 WHATSNEW: Add changes since rc6. via 91d2752 wafsamba: Make sure md5 is really work before using it or overriding the hash function via 25eb1af Fix bug #9471 - SEGV when using second vfs module. from 1cd24d5 build: Install .po files for SWAT intl support http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 71df5a66d3679e4dabb9ae967a258af55a8a7b4d Author: Karolin Seeger ksee...@samba.org Date: Sun Dec 9 21:07:37 2012 +0100 WHATSNEW: Add changes since rc6. Karolin Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Sun Dec 9 22:51:12 CET 2012 on sn-devel-104 commit 91d27520dfec5817e2e3e6826f7c7aa2ed42319b Author: Alexander Bokovoy a...@samba.org Date: Fri Dec 7 17:36:02 2012 +0200 wafsamba: Make sure md5 is really work before using it or overriding the hash function In FIPS mode importing md5 Python module will not cause any error but calling md5.md5() function will throw ValueError since md5 is not available. Make sure md5.md5() actually works and if not, fall back to use hash replacement that we already have in wafsamba. Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Sat Dec 8 13:30:07 CET 2012 on sn-devel-104 (cherry picked from commit 56d9c8c4bf29eb473f9f4e7a7ef16fc6020db6b5) Signed-off-by: Andreas Schneider a...@samba.org Fix bug #9479 - Support FIPS mode when building Samba. commit 25eb1af07cc09e5e019a0702c60a763cc3266196 Author: Tsukasa Hamano ham...@osstech.co.jp Date: Thu Dec 6 13:01:33 2012 -0800 Fix bug #9471 - SEGV when using second vfs module. Don't use default_classname_table when we obviously shoud be using classname_table. Reviewed by: Jeremy Allison j...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Fri Dec 7 17:51:50 CET 2012 on sn-devel-104 (cherry picked from commit 16d725b4f5ed77db865e2a3c27ae0eb4accca5a8) --- Summary of changes: WHATSNEW.txt | 32 buildtools/wafsamba/samba_utils.py |8 lib/util/debug.c |2 +- 3 files changed, 41 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 355de80..004c252 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -181,6 +181,38 @@ smb.conf changes winbindd socket directory New +CHANGES SINCE 4.0.0rc6 +== + +o Michael Adam ob...@samba.org +* BUG 9456: developer-build: Fix panic when acl_xattr fails with access + denied. + + +o Jeremy Allison j...@samba.org +* BUG 9462: Users can not be given write permissions any more by default. + + +o Andrew Bartlett abart...@samba.org +* BUG 9415: Install SWAT *.msg files with waf. + + +o Alexander Bokovoy a...@samba.org +* BUG 9479: Support FIPS mode when building Samba. + + +o Tsukasa Hamano ham...@osstech.co.jp +* BUG 9471: Fix SEGV when using second vfs module. + + +o Andreas Schneider a...@samba.org +* BUG 9459: Install manpages only if we install the target. + + +o Richard Sharpe realrichardsha...@gmail.com +* BUG 9460: Respond correctly to FILE_STREAM_INFO requests. + + CHANGES SINCE 4.0.0rc5 == diff --git a/buildtools/wafsamba/samba_utils.py b/buildtools/wafsamba/samba_utils.py index c1869df..cab87a4 100644 --- a/buildtools/wafsamba/samba_utils.py +++ b/buildtools/wafsamba/samba_utils.py @@ -388,9 +388,17 @@ def RUN_COMMAND(cmd, # make sure we have md5. some systems don't have it try: from hashlib import md5 +try: +foo = md5.md5('abcd') +except ValueError: +raise except: try: import md5 +try: +foo = md5.md5('abcd') +except ValueError: +raise except: import Constants Constants.SIG_NIL = hash('abcd') diff --git a/lib/util/debug.c b/lib/util/debug.c index 15a2452..7509f90 100644 --- a/lib/util/debug.c +++ b/lib/util/debug.c @@ -1007,7 +1007,7 @@ bool dbghdrclass(int level, int cls, const char *location, const char *func) slprintf(header_str + hs_len, sizeof(header_str) -1 - hs_len, , class=%s, -default_classname_table[cls]); +classname_table[cls]); } /* Print it all out at once to prevent split syslog output. */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-stable updated
The branch, v3-6-stable has been updated via 89cb247 WHATSNEW: Prepare release notes for Samba 3.6.10. via 801a704 Fix bug #9460 - Samba 3.6.x and Master respond incorrectly to FILE_STREAM_INFO requests. via 5f9cf80 s3-net: Fix DEBUG() location. via 9de2d87 s3-net: give more control how to update/register DNS entries. via 88d57bc s3-net: pass down a flags field to DoDNSUpdate(). via 22bff5f s3-net: move out some prototypes to net_dns.h. via 2143dd8 s3-net: pass down struct net_context to the dns update calls. via ac36194 Final part of #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend. via 3da9c3d More for #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend. via 3c94475 Ensure when calculating the access mask for MAXIMUM_ALLOWED_ACCESS that we add in FILE_READ_ATTRIBUTES, even if this doesn't come from the file/directory ACL. via 7f68710 Add comment explaining exactly *why* we don't check FILE_READ_ATTRIBUTES when evaluating file/directory ACE's. via 43c2b1a First part of #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend. via 2beafab Use work around for 'winbind use default domain' only if it is set via e00a8b1 s3-winbind: use new reconnect logic in rpc_lookup_sids() also. via 48b9e78 s3-winbindd: rework reconnect logic in winbindd_lookup_names(). via a5aa6b6 s3-winbindd: rework reconnect logic in winbindd_lookup_sids(). via 38a7d54 s3-winbindd: remove lookup_sids_fn_t. via c18689c s3-winbindd: remove lookup_names_fn_t. via 17a3e0f s3-rpc_client: make dcerpc_lsa_lookup_names_generic() public. via 078904b s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() public. via 8824ce1 s3-winbindd: add cm_connect_lsat(). via c3f7d01 s3-rpc_cli: Remove some unused wrapping code. via 7a354f8 s3: Make winbindd_lookup_names static via 5c6b050 spoolss: fix segfault when default devmode is disabled via 184ae80 BUG 9436: Fix leaking sockets of SMB connections to a DC. via b61a99c Fix MD5 detection in the autoconf build via 4c2863c Fix Bug 9422 - large read requests cause server to issue malformed reply (cherry picked from commit ecc9f5bdb8c56853a37ff6e980fed815fc5ee0a9) via f49eecb s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(). (bug #9426) via b5d5966 lib/addns: don't depend on the order in resp-answers[] via fff6962 lib/addns: remove pointless check for resp-num_additionals != 1 via abd85a2 lib/replace: replace all *printf function if we replace snprintf (bug #9390) via b526723 libreplace: Fix symbol names for snprintf/asprintf/vasprintf. via 692b817 Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. via 92280d2 s3-kerberos: also try with AES keys, when decrypting tickets. via f8034f4 s3-libsmb: make sure we copy at most 16 bytes in cli_set_session_key(). via 54cfef6 samba: check for AES encryption type defines. via 0926ca6 s3:winbind: BUG 9386: Failover if netlogon pipe is not available. via a625f1b lib/krb5_wrap: request enc_types in the correct order (bug #9272) via 8c10d64 s3-kerberos: add aes enctypes to generated krb5.conf. via b7138c3 s3-krb5: use and request AES keys in kerberos operations. via 4384833 s3-aio_pthread: Optimize aio_pthread_handle_completion via 8679684 lib/tsocket: optimize syscalls in tstream_readv_pdu_send() via 70a6cc8 lib/tsocket: disable the syscall optimization for recvfrom/readv by default via 81130a5 docs-xml: fix use of smbconfoption tag (fix bug #9345) via fa81342 s4:torture/smb2: improve the smb2.create.blob test via 841e157 BUG 9326: Fix net ads join message for the dns domain. via b68dca6 pam_winbind: fix segfault in pam_sm_authenticate() from c59fdd9 WHATSNEW: Start release notes for Samba 3.6.10. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable - Log - commit 89cb2474a635ba3fc68eb2816f9fca62b329dd1f Author: Karolin Seeger ksee...@samba.org Date: Thu Dec 6 10:26:19 2012 +0100 WHATSNEW: Prepare release notes for Samba 3.6.10. Karolin (cherry picked from commit 29b36a1fb4e494be0851ebbea17a22839a344bf3) commit 801a7047d570b5edf04efdc07f84fc251c0cd860 Author: Richard Sharpe realrichardsha...@gmail.com Date: Tue Dec 4 17:21:29 2012 -0800 Fix bug #9460 - Samba 3.6.x and Master respond incorrectly to FILE_STREAM_INFO requests. Ensure we check the buffer size correctly. Reviewed by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Thu Dec 6 01:31:08
[SCM] Samba Shared Repository - annotated tag samba-3.6.10 created
The annotated tag, samba-3.6.10 has been created at 02ad24717486151dc7d1af224e8d36e788dd1aac (tag) tagging 89cb2474a635ba3fc68eb2816f9fca62b329dd1f (commit) replaces samba-3.6.9 tagged by Karolin Seeger on Mon Dec 10 08:52:28 2012 +0100 - Log - tag samba-3.6.10 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.18 (GNU/Linux) iD8DBQBQxZTSbzORW2Vot+oRAiCUAJ9CXGheizsmWpSTs8UEuXwyqdDlQACfSjTI hH2zp/ZTn4vGiIhO4ypC/5g= =MdeC -END PGP SIGNATURE- Andreas Schneider (3): BUG 9326: Fix net ads join message for the dns domain. s3:winbind: BUG 9386: Failover if netlogon pipe is not available. BUG 9436: Fix leaking sockets of SMB connections to a DC. Björn Baumbach (1): docs-xml: fix use of smbconfoption tag (fix bug #9345) David Disseldorp (2): pam_winbind: fix segfault in pam_sm_authenticate() spoolss: fix segfault when default devmode is disabled Günther Deschner (20): s3-krb5: use and request AES keys in kerberos operations. s3-kerberos: add aes enctypes to generated krb5.conf. samba: check for AES encryption type defines. s3-libsmb: make sure we copy at most 16 bytes in cli_set_session_key(). s3-kerberos: also try with AES keys, when decrypting tickets. s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(). (bug #9426) s3-rpc_cli: Remove some unused wrapping code. s3-winbindd: add cm_connect_lsat(). s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() public. s3-rpc_client: make dcerpc_lsa_lookup_names_generic() public. s3-winbindd: remove lookup_names_fn_t. s3-winbindd: remove lookup_sids_fn_t. s3-winbindd: rework reconnect logic in winbindd_lookup_sids(). s3-winbindd: rework reconnect logic in winbindd_lookup_names(). s3-winbind: use new reconnect logic in rpc_lookup_sids() also. s3-net: pass down struct net_context to the dns update calls. s3-net: move out some prototypes to net_dns.h. s3-net: pass down a flags field to DoDNSUpdate(). s3-net: give more control how to update/register DNS entries. s3-net: Fix DEBUG() location. Jelmer Vernooij (1): libreplace: Fix symbol names for snprintf/asprintf/vasprintf. Jeremy Allison (6): Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. First part of #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend. Add comment explaining exactly *why* we don't check FILE_READ_ATTRIBUTES when evaluating file/directory ACE's. Ensure when calculating the access mask for MAXIMUM_ALLOWED_ACCESS that we add in FILE_READ_ATTRIBUTES, even if this doesn't come from the file/directory ACL. More for #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend. Final part of #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend. Karolin Seeger (3): VERSION: Bump version up to 3.6.10. WHATSNEW: Start release notes for Samba 3.6.10. WHATSNEW: Prepare release notes for Samba 3.6.10. Matthieu Patou (1): Fix MD5 detection in the autoconf build Richard Sharpe (1): Fix bug #9460 - Samba 3.6.x and Master respond incorrectly to FILE_STREAM_INFO requests. Stefan Metzmacher (7): s4:torture/smb2: improve the smb2.create.blob test lib/tsocket: disable the syscall optimization for recvfrom/readv by default lib/tsocket: optimize syscalls in tstream_readv_pdu_send() lib/krb5_wrap: request enc_types in the correct order (bug #9272) lib/replace: replace all *printf function if we replace snprintf (bug #9390) lib/addns: remove pointless check for resp-num_additionals != 1 lib/addns: don't depend on the order in resp-answers[] Sumit Bose (1): Use work around for 'winbind use default domain' only if it is set Volker Lendecke (3): s3-aio_pthread: Optimize aio_pthread_handle_completion Fix Bug 9422 - large read requests cause server to issue malformed reply s3: Make winbindd_lookup_names static --- -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via c3a4c6e Announce Samba 3.6.10. from 03eb05d Announce Samba 4.0.0rc6. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit c3a4c6ef79b55cca2b26a6ede046643f2477cbe1 Author: Karolin Seeger ksee...@samba.org Date: Fri Dec 7 12:52:05 2012 +0100 Announce Samba 3.6.10. Karolin --- Summary of changes: generated_news/latest_10_bodies.html| 21 --- generated_news/latest_10_headlines.html |4 +- generated_news/latest_2_bodies.html | 21 --- history/header_history.html |1 + history/samba-3.6.10.html | 88 +++ latest_stable_release.html |6 +- 6 files changed, 118 insertions(+), 23 deletions(-) create mode 100755 history/samba-3.6.10.html Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index 20ed096..dd3f192 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,15 @@ + h5a name=3.6.1010 December 2012/a/h5 + p class=headlineSamba 3.6.10 Available for Download/p + pThis is the latest stable release of the Samba 3.6 series./p + +pThe uncompressed tarballs and patch files have been signed +using GnuPG (ID 6568B7EA). The source code can be +a href=http://samba.org/samba/ftp/stable/samba-3.6.10.tar.gz;downloaded +now/a. A a href=http://samba.org/samba/ftp/patches/patch-3.6.9-3.6.10.diffs.gz; +patch against Samba 3.6.9/a is also available. +See a href=http://samba.org/samba/history/samba-3.6.10.html; +the release notes for more info/a./p + h5a name=4.0.0rc604 December 2012/a/h5 p class=headlineSamba 4.0.0rc6 Available for Download/p pThis is the sixth release candidate of the Samba 4.0 series./p @@ -84,12 +96,3 @@ now/a. A a href=http://samba.org/samba/ftp/patches/patch-3.6.7-3.6.8.diffs.g patch against Samba 3.6.7/a is also available. See a href=http://samba.org/samba/history/samba-3.6.8.html; the release notes for more info/a./p - - h5a name=4.0.0rc113 September 2012/a/h5 - p class=headlineSamba 4.0.0rc1 Available for Download/p - pThis is the first release candidate of the Samba 4.0 series./p - -pThe uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -a href=https://download.samba.org/pub/samba/rc/samba-4.0.0rc1.tar.gz;downloaded now/a. -See a href=https://download.samba.org/pub/samba/rc/WHATSNEW-4-0-0rc1.txt;the release notes for more info/a./p diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html index 08a98c9..1d2b5c9 100644 --- a/generated_news/latest_10_headlines.html +++ b/generated_news/latest_10_headlines.html @@ -1,4 +1,6 @@ ul + li 10 December 2012 a href=#3.6.10Samba 3.6.10 Available for Download/a/li + li 04 December 2012 a href=#4.0.0rc6Samba 4.0.0rc6 Available for Download/a/li li 13 November 2012 a href=#4.0.0rc5Samba 4.0.0rc5 Available for Download/a/li @@ -16,6 +18,4 @@ li 24 September 2012 a href=#3.5.18Samba 3.5.18 Available for Download/a/li li 17 September 2012 a href=#3.6.8Samba 3.6.8 Available for Download/a/li - - li 13 September 2012 a href=#4.0.0rc1Samba 4.0.0rc1 Available for Download/a/li /ul diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index b5e83aa..f323cd5 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -1,3 +1,15 @@ + h5a name=3.6.1010 December 2012/a/h5 + p class=headlineSamba 3.6.10 Available for Download/p + pThis is the latest stable release of the Samba 3.6 series./p + +pThe uncompressed tarballs and patch files have been signed +using GnuPG (ID 6568B7EA). The source code can be +a href=http://samba.org/samba/ftp/stable/samba-3.6.10.tar.gz;downloaded +now/a. A a href=http://samba.org/samba/ftp/patches/patch-3.6.9-3.6.10.diffs.gz; +patch against Samba 3.6.9/a is also available. +See a href=http://samba.org/samba/history/samba-3.6.10.html; +the release notes for more info/a./p + h5a name=4.0.0rc604 December 2012/a/h5 p class=headlineSamba 4.0.0rc6 Available for Download/p pThis is the sixth release candidate of the Samba 4.0 series./p @@ -6,12 +18,3 @@ using GnuPG (ID 6568B7EA). The source code can be a href=https://download.samba.org/pub/samba/rc/samba-4.0.0rc6.tar.gz;downloaded now/a. See a href=https://download.samba.org/pub/samba/rc/WHATSNEW-4-0-0rc6.txt;the release notes for more info/a./p - - h5a name=4.0.0rc513 November 2012/a/h5 - p class=headlineSamba 4.0.0rc5 Available for Download/p - pThis is the fifth release candidate of the Samba 4.0