[Samba] Slow winbind lookups
Hi all, I have a Samba 4.0.0 domain running on a Gentoo box with a 3.7.0 kernel. I have added 'winbind' to the passwd and group lines in /etc/nsswitch.conf wbinfo -t returns immediately saying trust checking succeeded. wbinfo -g returns immediately with a list of groups wbinfo -u takes a long time to return a list of users # time wbinfo -u | wc -l 336 real0m4.211s user0m0.000s sys 0m0.000s 4s might not seem like a great deal but this delay seems to occur whenever anything looks up data from winbind. getent passwd also has a similar delay. It returns local users immediately but winbind users are delayed. Whilst gathering data for this post I have noticed that the results also seem to be sporadic. The following 3 commands were run in quick succession: # date time getent passwd | wc -l Thu Jan 10 09:41:22 GMT 2013 376 real0m5.677s user0m0.010s sys 0m0.000s # date time getent passwd | wc -l Thu Jan 10 09:41:29 GMT 2013 220 real0m2.633s user0m0.000s sys 0m0.000s # date time getent passwd | wc -l Thu Jan 10 09:41:32 GMT 2013 235 real0m4.014s user0m0.000s sys 0m0.010s Another example would be samba-tool sysvolreset: # time samba-tool ntacl sysvolreset real5m26.076s user3m7.500s sys 0m13.480s and if I disable winbind in nsswitch.conf # time samba-tool ntacl sysvolreset real1m13.851s user0m46.500s sys 0m3.140s (1m still seems to be a long time for this process to complete but I'll save that for my other post) Is this correct speed? Is there anything I can do to improve performance? Thanks, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ACL on GPO directory does not match expected value from GPO object. AGAIN.
Hi all, Some (then all) of our workstations were complaining about incorrect ACLs on GPOs and were unable to read the gpt.ini to apply the GPOs. So I did a sysvolcheck and sure enough I'd lost the ACLs when I moved our sysvol share to a new location on the server (whoops, mea culpa). I ran a sysvolreset which took a long time to return (some 5 minutes, please see my post on slow winbind lookups). Just to make sure everything went as planned I re-ran the sysvolcheck and I get the following error: ERROR(class 'samba.provision.ProvisioningError'): uncaught exception - ProvisioningError: DB ACL on GPO directory /vol/samba/shares/sysvol/internal.stmaryscollege.co.uk/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} O:LAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object File /usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/lib64/python2.7/site-packages/samba/netcmd/ntacl.py, line 245, in run lp) File /usr/lib64/python2.7/site-packages/samba/provision/__init__.py, line 1599, in checksysvolacl direct_db_access) File /usr/lib64/python2.7/site-packages/samba/provision/__init__.py, line 1550, in check_gpos_acl domainsid, direct_db_access) File /usr/lib64/python2.7/site-packages/samba/provision/__init__.py, line 1500, in check_dir_acl raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl)) Comparing the two ACLs O:LAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) The only difference I can see is the 'DAG' vs 'LAG' at the beginning (Directory ACL vs File ACL?) Thanks, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba member server and trusted domains question
Hi, I have two Windows Domains, DOMA and DOMB. A Samba 3.6 Server is a member server in DOMA. DOMA has a (unidirectional) trust relationship to DOMB. Users from DOMB should be able to connect and authenticate at the Samba server. The domain controller of DOMB has the IP 10.35.5.25. During authentication of a DOMB user at a share I get the following log entries: get_dc_list: preferred server list: , * [2013/01/10 11:24:59.816974, 3] libads/ldap.c:640(ads_connect) Successfully contacted LDAP server 10.35.5.25 [2013/01/10 11:24:59.818216, 3] libads/ldap.c:640(ads_connect) Successfully contacted LDAP server 10.35.5.25 [2013/01/10 11:24:59.819284, 3] libads/ldap.c:694(ads_connect) Connected to LDAP server dc01.domb [2013/01/10 11:24:59.821064, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 [2013/01/10 11:24:59.821196, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 [2013/01/10 11:24:59.821296, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 [2013/01/10 11:24:59.821354, 3] libads/sasl.c:869(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 [2013/01/10 11:24:59.821478, 3] libads/sasl.c:878(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got server principal name = dc01$@DOMB [2013/01/10 11:24:59.822188, 3] libsmb/clikrb5.c:787(ads_krb5_mk_req) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) Ignoring unknown parameter idmap domains [2013/01/10 11:25:00.883025, 1] libsmb/clikrb5.c:799(ads_krb5_mk_req) ads_krb5_mk_req: smb_krb5_get_credentials failed for ldap/dc01.domb@DOMB (Server not found in Kerberos database) [2013/01/10 11:25:00.883184, 0] libads/sasl.c:908(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in Kerberos database [2013/01/10 11:25:00.883536, 1] winbindd/idmap_ad.c:149(ad_idmap_cached_connection_internal) ad_idmap_cached_connection_internal: failed to connect to AD First you have to know that the users can successfully authenticate to the samba server. But there are error messages in the log I don´t understand, especially the failed to connect to AD error message. Why is this AD connection to DOMB necessary? What exactly is the samba server trying to do with the DOMB domain controller? Kind regards Carsten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.0 - Browseable option don't work
Hello Hleb Valoshka I tried s3fs and works fine for me Thanks On 01/07/2013 04:25 PM, Hleb Valoshka wrote: On 1/7/13, Bruno Pereira bpere...@ipbrick.com wrote: I configured some shares with the option browseable = No but this share still browseable. server services = ... smb I guess the reason is the ntvfs. Try s3fs. -- Bruno Pereira /IPBrick ID Dpt/ http://www.ipbrick.com/ IPBRICK International Rua Passos Manuel, 66/76 4000-381 Porto PortugalTEL: +351 221 207 100 FAX: +351 225 189 722 UCoIP: bpere...@ipbrick.com mailto:bpere...@ipbrick.com www.ipbrick.com http://www.ipbrick.com/ www.iportaldoc.com http://www.iportaldoc.com/ Facebook http://www.facebook.com/pages/IPBrick/263923950988/ Twitter http://twitter.com/IPBrick/ Linked In http://pt.linkedin.com/in/ipbrick/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACL on GPO directory does not match expected value from GPO object. AGAIN.
On 1/10/13, Alex Matthews qoole.sa...@lillimoth.com wrote: Comparing the two ACLs O:LAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) O:DAG:DUD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) The only difference I can see is the 'DAG' vs 'LAG' at the beginning (Directory ACL vs File ACL?) Take a look here: https://bugzilla.samba.org/show_bug.cgi?id=9483 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Slow winbind lookups
On 1/10/13, Alex Matthews qoole.sa...@lillimoth.com wrote: wbinfo -u takes a long time to return a list of users I guess that if you attach output of strace wbinfo -u or may be even strace -f wbinfo -u you'll find assistance faster :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 dnsupdate failed with bind (cannot contact KDC)
I upgrade our samba3 server to the latest samba4. Everything is working except for the dnsupdate: /usr/local/samba/sbin/samba_dnsupdate --verbose --all-names: IPs: ['172.x.x.x'] Traceback (most recent call last): File /usr/local/samba/sbin/samba_dnsupdate, line 508, in module get_credentials(lp) File /usr/local/samba/sbin/samba_dnsupdate, line 122, in get_credentials creds.get_named_ccache(lp, ccachename) RuntimeError: kinit for ADSRV1$@MYDOMAIN.EU failed (Cannot contact any KDC for requested realm) --- But kinit works runnig as root after adding the [realms] section to /etc/krb5.conf (did not work without the [realms] section: --- [libdefaults] default_realm = MYDOMAIN.EU dns_lookup_realm = false dns_lookup_kdc = true [realms] MYDOMAIN.EU = { kdc = ADSRV1.mydomain.eu } --- kinit administra...@mydomain.eu klist: Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administra...@mydomain.eu Valid starting ExpiresService principal 01/10/13 15:22:47 01/11/13 01:22:47 krbtgt/mydomain...@mydomain.eu renew until 01/11/13 15:22:46 --- Bind is running and responding: --- tcp0 0 172.x.x.x:53 0.0.0.0:* LISTEN 1075/named tcp0 0 127.0.0.1:530.0.0.0:* LISTEN 1075/named --- Host –t SRV _ldap._tcp.mydomain.eu ldap._tcp.mydomain.eu has SRV record 0 100 389 adsrv1.mydomain.eu. --- smb.conf: --- [global] workgroup = MYCOMPANY realm = MYDOMAIN.EU netbios name = ADSRV1 server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate idmap_ldb:use rfc2307 = yes interfaces=172.x.x.x/20 127.0.0.0/8 bind interfaces only = yes [netlogon] path = /usr/local/samba/var/locks/sysvol/mydomain.eu/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No --- Has this something to do with the fact that my domain is not part of the realm? (domain: MYCOMPANY, realm: MYDOMAIN.EU) That's why kinit running as root was not working without the [realm] section I guess. I copied /etc/krb5.conf to /usr/local/samba/private/ because I suspected the dnsupdate script was using that file, but no luck. A second question: Is there any way to change the domain name during the upgrade without breaking the whole AD? I was planning to join a windows 2008 server and then use rendom to change the domain name. But if there's any other better way, I'd like like to hear that. Thanks __ This email has been scanned by the IT101 / Symantec.cloud Email Security System. For more information please visit http://www.it101.be __ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Slow winbind lookups
On 10/01/2013 13:51, Hleb Valoshka wrote: On 1/10/13, Alex Matthews qoole.sa...@lillimoth.com wrote: wbinfo -u takes a long time to return a list of users I guess that if you attach output of strace wbinfo -u or may be even strace -f wbinfo -u you'll find assistance faster :) # strace -ftT wbinfo -u 14:09:01 execve(/usr/bin/wbinfo, [wbinfo, -u], [/* 37 vars */]) = 0 0.000259 14:09:01 brk(0) = 0xd9f000 0.31 14:09:01 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81143e4000 0.44 14:09:01 access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such file or directory) 0.30 14:09:01 open(/usr/lib64/tls/x86_64/libsamba-util.so.0, O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.30 14:09:01 stat(/usr/lib64/tls/x86_64, 0x7fffdba49910) = -1 ENOENT (No such file or directory) 0.22 14:09:01 open(/usr/lib64/tls/libsamba-util.so.0, O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.23 14:09:01 stat(/usr/lib64/tls, 0x7fffdba49910) = -1 ENOENT (No such file or directory) 0.42 14:09:01 open(/usr/lib64/x86_64/libsamba-util.so.0, O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.29 14:09:01 stat(/usr/lib64/x86_64, 0x7fffdba49910) = -1 ENOENT (No such file or directory) 0.22 14:09:01 open(/usr/lib64/libsamba-util.so.0, O_RDONLY|O_CLOEXEC) = 3 0.28 14:09:01 read(3, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0\240\347\0\0\0\0\0\0..., 832) = 832 0.29 14:09:01 fstat(3, {st_mode=S_IFREG|0755, st_size=214200, ...}) = 0 0.22 14:09:01 mmap(NULL, 2310096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8113f9 0.24 14:09:01 mprotect(0x7f8113fc3000, 2093056, PROT_NONE) = 0 0.35 14:09:01 mmap(0x7f81141c2000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x32000) = 0x7f81141c2000 0.29 14:09:01 close(3) = 0 0.21 14:09:01 open(/usr/lib64/libwbclient.so.0, O_RDONLY|O_CLOEXEC) = 3 0.34 14:09:01 read(3, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0P#\0\0\0\0\0\0..., 832) = 832 0.23 14:09:01 fstat(3, {st_mode=S_IFREG|0755, st_size=43160, ...}) = 0 0.22 14:09:01 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f81143e3000 0.23 14:09:01 mmap(NULL, 2145544, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8113d84000 0.30 14:09:01 mprotect(0x7f8113d8e000, 2093056, PROT_NONE) = 0 0.33 14:09:01 mmap(0x7f8113f8d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9000) = 0x7f8113f8d000 0.26 14:09:01 mmap(0x7f8113f8f000, 3336, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f8113f8f000 0.24 14:09:01 close(3) = 0 0.26 14:09:01 open(/usr/lib64/libreplace.so, O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.29 14:09:01 open(/usr/lib64/samba/tls/x86_64/libreplace.so, O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.28 14:09:01 stat(/usr/lib64/samba/tls/x86_64, 0x7fffdba498b0) = -1 ENOENT (No such file or directory) 0.22 14:09:01 open(/usr/lib64/samba/tls/libreplace.so, O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.28 14:09:01 stat(/usr/lib64/samba/tls, 0x7fffdba498b0) = -1 ENOENT (No such file or directory) 0.28 14:09:01 open(/usr/lib64/samba/x86_64/libreplace.so, O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.22 14:09:01 stat(/usr/lib64/samba/x86_64, 0x7fffdba498b0) = -1 ENOENT (No such file or directory) 0.27 14:09:01 open(/usr/lib64/samba/libreplace.so, O_RDONLY|O_CLOEXEC) = 3 0.29 14:09:01 read(3, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0\220\16\0\0\0\0\0\0..., 832) = 832 0.22 14:09:01 fstat(3, {st_mode=S_IFREG|0755, st_size=10240, ...}) = 0 0.27 14:09:01 mmap(NULL, 2105896, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8113b81000 0.30 14:09:01 mprotect(0x7f8113b83000, 2093056, PROT_NONE) = 0 0.45 14:09:01 mmap(0x7f8113d82000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7f8113d82000 0.26 14:09:01 close(3) = 0 0.26 14:09:01 open(/usr/lib64/libsamba-hostconfig.so.0, O_RDONLY|O_CLOEXEC) = 3 0.44 14:09:01 read(3, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\\347\0\0\0\0\0\0..., 832) = 832 0.27 14:09:01 fstat(3, {st_mode=S_IFREG|0755, st_size=237984, ...}) = 0 0.21 14:09:01 mmap(NULL, 2333224, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8113947000 0.29 14:09:01 mprotect(0x7f8113979000, 2097152, PROT_NONE) = 0 0.34 14:09:01 mmap(0x7f8113b79000, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x32000) = 0x7f8113b79000 0.30 14:09:01 close(3) = 0 0.21 14:09:01 open(/usr/lib64/libcliauth.so, O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) 0.24 14:09:01
[Samba] samba-tool dbcheck produces wrong instancetype errors
Hi All, I have joined a samba4 instance to en existing W2k8 AD domain as an additional domain controller. When I do samba-tool dbcheck I get (example) : ERROR: wrong instanceType 4 on CN=INVIEW-DC2,OU=Domain Controllers,DC=inview,DC=local, should be 0 Not changing instanceType from 4 to 0 on CN=INVIEW-DC2,OU=Domain Controllers,DC=inview,DC=local This happens for 644 out of 655 of the objects in directory. I have attempted to fix one or two less important objects and the error does not appear again. Before I go ahead and fix them all, I want to find out whether doing this would have any unwanted ramifications? Can anyone explain what causes these errors and if fixing them might break something? Thanks in advance Chris -- Chris Lewis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba-tool dbcheck produces wrong instancetype errors
Hello, I have the same issue in a W2K3 and W2K8 AD domain. Best Regards On 01/10/2013 04:50 PM, Chris Lewis wrote: Hi All, I have joined a samba4 instance to en existing W2k8 AD domain as an additional domain controller. When I do samba-tool dbcheck I get (example) : ERROR: wrong instanceType 4 on CN=INVIEW-DC2,OU=Domain Controllers,DC=inview,DC=local, should be 0 Not changing instanceType from 4 to 0 on CN=INVIEW-DC2,OU=Domain Controllers,DC=inview,DC=local This happens for 644 out of 655 of the objects in directory. I have attempted to fix one or two less important objects and the error does not appear again. Before I go ahead and fix them all, I want to find out whether doing this would have any unwanted ramifications? Can anyone explain what causes these errors and if fixing them might break something? Thanks in advance Chris -- Bruno Pereira /IPBrick ID Dpt/ http://www.ipbrick.com/ IPBRICK International Rua Passos Manuel, 66/76 4000-381 Porto PortugalTEL: +351 221 207 100 FAX: +351 225 189 722 UCoIP: bpere...@ipbrick.com mailto:bpere...@ipbrick.com www.ipbrick.com http://www.ipbrick.com/ www.iportaldoc.com http://www.iportaldoc.com/ Facebook http://www.facebook.com/pages/IPBrick/263923950988/ Twitter http://twitter.com/IPBrick/ Linked In http://pt.linkedin.com/in/ipbrick/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Account Lockout
I'm currently using samba4 as an AD DC (domain and forest are both configured with the samba-tool command to be at the 2008_R2 functional level) for both Windows and Linux systems. I've got the default password settings set using the samba-tool domain passwordsettings command and I have all the GPOs configured as I need them for clients. However, I would like to configure how the account lockout functions for the domain accounts. I read that there isn't currently support for server side GPOs, so I'm not certain how to configure this, or if its even possible. To be clear, I'm using Zentyal 3.0 (distro built from Ubuntu 12.04) which has a pre-built zentyal-samba package installed but from what I can tell it's just samba4.0 (that's what it tells me when I use samba --version) What I've tried thus far: 1. Use testparm -v to get a complete list of all possible smb.conf values - didn't see much in there 2. Manually edit the account_policy.tdb database within the samba folder identified in the current smb.conf file with tdbtool - it looks like there ARE settings here that might apply, but for some reason changes aren't being reflected. For example, when I use the samba-tool domain passwordsettings set --min-pwd-age=5 the account_policy.tdb key corresponding to pass min age does NOT get updated, but I have validated that the changes DO take immediate effect. Maybe the account_policy.tdb file is legacy and not used when the active role is DC with a 2008_R2 functional level? My question with respect to samba is two fold: is it even POSSIBLE to have samba detect multiple failed login attempts and lock an account once a certain threshold has been reached and if so how is that configured? Thanks so much for any information you can provide! -Chris Stoneburner -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] del_driver_init deletes what?
Hi team, I'm trying to debug cupsaddsmb with 3.5.20, which sometimes throws Unable to install Windows 2000 printer driver files error for me. I traced it all down to _spoolss_AddPrinterDriver(), which calls del_driver_init function from printing/nt_printing.c file. It seems that del_driver_init() is called to delete some key from ntdrivers.tdb, and the key in question seems to be DRIVER_INIT/my_printer_name. These lines made me think this is what it does: === if (asprintf(key, %s%s, DRIVER_INIT_PREFIX, drivername) 0) { return false; } snip ret = (tdb_delete_bystring(tdb_drivers, key) == 0); snip return ret; === However, I dumped all the keys of ntdrivers.tdb and there is no single key with a name like DRIVER_INIT/. Am I incorrect about this function internals? What does del_driver_init trying to delete and why would it fail? Thanks in advance. -Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 internal DNS not responding to DNS requests - SOLVED
The problem was definitely SELinux and/or firewall (iptables). Thank you for the help. On Wed, Jan 9, 2013 at 8:38 PM, Andrew Bartlett abart...@samba.org wrote: On Wed, 2013-01-09 at 09:47 -0500, fe...@epepm.cupet.cu wrote: I am not able to get the Samba4 internal DNS server to respond to DNS requests on the network. I am running Samba4 4.1.0pre1-GIT-c1fb37d on my CentOS 6.3 system. I followed the instructions here: https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO I configured Samba4 to use the internal DNS server. My Samba4 server is 192.168.0.13. Its full hostname is ubuntu-ad.allenlan.net. The realm is ALLENLAN.NET. The DNS testing section of the document passes: $host -t SRV _ldap._tcp.allenlan.net. _ldap._tcp.allenlan.net has SRV record 0 100 389 ubuntu-ad.allenlan.net. $host -t SRV _kerberos._udp.allenlan.net. _kerberos._udp.allenlan.net has SRV record 0 100 88 ubuntu-ad.allenlan.net. $host -t A ubuntu-ad.allenlan.net. ubuntu-ad.allenlan.net has address 192.168.0.13 I configured my Windows XP system with a DNS of 192.168.0.13 (Samba4 server). When I perform the Windows command nslookup ubuntu-ad.allenlan.net (or any variation of that) it reports: DNS request timed out. timeout was 2 seconds. *** Can't find server name for address 192.168.0.13: Timed out (above 3 messages repeat again) Default servers are not available Server: UnKnown Address: 192.168.0.13 The Windows system can ping the Samba4 server by IP address. Any help would be appreciated! More configuration information below. /etc/resolv.conf: domain allenlan.net nameserver 192.168.0.13 /usr/local/samba/etc/smb.conf: [global] workgroup = ALLENLAN realm = ALLENLAN.NET netbios name = UBUNTU-AD server role = active directory domain controller dns forwarder = 192.168.0.1 interfaces = 192.168.0.13 127.0.0.1 bind interfaces only = yes log level = 3 server services = smb, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns /etc/hosts: 192.168.0.13ubuntu-ad ubuntu-ad.allenlan.net 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 $hostname ubuntu-ad.allenlan.net That was the reason I switched to bind9. The internal dns server used to keep connections open, without closing old ones, until reaching the limit of max files... I don't know wether it's been already fixed or not. But it doesn't happen with bind. This topic is been in the list before. Yes, we fixed that (with a timeout). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- *Lee Allen* email: l...@leecallen.com bus: (716) 773-2729 home: (716) 773-2326 cell: (716) 880-0854 fax: (716) 408-8844 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba is slow and crash when i transfert one file
Hi at All Samba stop my transfert when i want to copie one files or is very low. I don't for why in my log, i have when my copie crash : [2013/01/10 21:40:56.442652, 3] smbd/oplock.c:895(init_oplocks) init_oplocks: initializing messages. [2013/01/10 21:40:56.442712, 3] smbd/oplock_linux.c:224(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2013/01/10 21:40:56.445978, 3] smbd/process.c:1485(process_smb) Transaction 0 of length 137 (0 toread) [2013/01/10 21:40:56.446004, 3] smbd/process.c:1294(switch_message) switch message SMBnegprot (pid 29106) conn 0x0 [2013/01/10 21:40:56.446017, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/01/10 21:40:56.446054, 3] smbd/negprot.c:587(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2013/01/10 21:40:56.446066, 3] smbd/negprot.c:587(reply_negprot) Requested protocol [LANMAN1.0] [2013/01/10 21:40:56.446075, 3] smbd/negprot.c:587(reply_negprot) Requested protocol [Windows for Workgroups 3.1a] [2013/01/10 21:40:56.446083, 3] smbd/negprot.c:587(reply_negprot) Requested protocol [LM1.2X002] [2013/01/10 21:40:56.446091, 3] smbd/negprot.c:587(reply_negprot) Requested protocol [LANMAN2.1] [2013/01/10 21:40:56.446098, 3] smbd/negprot.c:587(reply_negprot) Requested protocol [NT LM 0.12] [2013/01/10 21:40:56.446174, 3] smbd/negprot.c:405(reply_nt1) using SPNEGO [2013/01/10 21:40:56.446190, 3] smbd/negprot.c:692(reply_negprot) Selected protocol NT LM 0.12 [2013/01/10 21:40:56.590285, 3] smbd/process.c:1485(process_smb) Transaction 1 of length 142 (0 toread) [2013/01/10 21:40:56.590309, 3] smbd/process.c:1294(switch_message) switch message SMBsesssetupX (pid 29106) conn 0x0 [2013/01/10 21:40:56.590319, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/01/10 21:40:56.590332, 3] smbd/sesssetup.c:1436(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2013/01/10 21:40:56.590345, 2] smbd/sesssetup.c:1391(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2013/01/10 21:40:56.590355, 3] smbd/sesssetup.c:1190(reply_sesssetup_and_X_spnego) Doing spnego session setup [2013/01/10 21:40:56.590366, 3] smbd/sesssetup.c:1232(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2013/01/10 21:40:56.590390, 3] smbd/sesssetup.c:806(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 40 [2013/01/10 21:40:56.590429, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088297 [2013/01/10 21:40:56.612941, 3] smbd/process.c:1485(process_smb) Transaction 2 of length 426 (0 toread) [2013/01/10 21:40:56.612965, 3] smbd/process.c:1294(switch_message) switch message SMBsesssetupX (pid 29106) conn 0x0 [2013/01/10 21:40:56.612976, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/01/10 21:40:56.612988, 3] smbd/sesssetup.c:1436(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2013/01/10 21:40:56.612996, 2] smbd/sesssetup.c:1391(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2013/01/10 21:40:56.613005, 3] smbd/sesssetup.c:1190(reply_sesssetup_and_X_spnego) Doing spnego session setup [2013/01/10 21:40:56.613015, 3] smbd/sesssetup.c:1232(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2013/01/10 21:40:56.613033, 3] libsmb/ntlmssp.c:747(ntlmssp_server_auth) Got user=[root] domain=[] workstation=[PC-DE-ALEX] len1=24 len2=186 thank for your help -- Alexandre Priou -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] cannot join an existing AD as either a RODC or DC w/ samba4
I'm unable to have samba4 join an existing AD domain as either an RODC (preferrable) or merely a DC. AD domain is Win2k3, but we recently added a pair of Win2k8 DCs to it. Domain functional level is Win2k3. ### Adding samba4 as an RODC ### # samba-tool domain join -d5 my.domain RODC -U'adminuser@MY.DOMAIN' --server=nysv-vmdc3.my.domain INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1 bcast=fe80:::::%eth1 netmask=::::: added interface eth1 ip=192.168.42.1 bcast=192.168.42.255 netmask=255.255.255.0 added interface eth0 ip=10.2.40.194 bcast=10.2.40.255 netmask=255.255.255.0 added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1 bcast=fe80:::::%eth1 netmask=::::: added interface eth1 ip=192.168.42.1 bcast=192.168.42.255 netmask=255.255.255.0 added interface eth0 ip=10.2.40.194 bcast=10.2.40.255 netmask=255.255.255.0 added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1 bcast=fe80:::::%eth1 netmask=::::: added interface eth1 ip=192.168.42.1 bcast=192.168.42.255 netmask=255.255.255.0 added interface eth0 ip=10.2.40.194 bcast=10.2.40.255 netmask=255.255.255.0 added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1 bcast=fe80:::::%eth1 netmask=::::: added interface eth1 ip=192.168.42.1 bcast=192.168.42.255 netmask=255.255.255.0 added interface eth0 ip=10.2.40.194 bcast=10.2.40.255 netmask=255.255.255.0 added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1 bcast=fe80:::::%eth1 netmask=::::: added interface eth1 ip=192.168.42.1 bcast=192.168.42.255 netmask=255.255.255.0 added interface eth0 ip=10.2.40.194 bcast=10.2.40.255 netmask=255.255.255.0 added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0 bcast=fe80:::::%eth0 netmask=::::: added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1 bcast=fe80:::::%eth1 netmask=::::: added interface eth1 ip=192.168.42.1 bcast=192.168.42.255 netmask=255.255.255.0 added interface eth0 ip=10.2.40.194 bcast=10.2.40.255 netmask=255.255.255.0 Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 Password for [adminuser@MY.DOMAIN]: Timed out smb_krb5 packet Received smb_krb5 packet of length 148 Timed out smb_krb5 packet Received smb_krb5 packet of length 1450 gensec_gssapi: credentials were delegated GSSAPI Connection will be cryptographically sealed workgroup is MY realm is my.domain checking sAMAccountName Adding CN=NYSV-NIS1,OU=Domain Controllers,DC=my,DC=domain Join failed - cleaning up checking sAMAccountName ERROR(ldb): uncaught exception - LDAP error 19 LDAP_CONSTRAINT_VIOLATION - 20B5: AtrErr: DSID-03152804, #2: 0: 20B5: DSID-03152804, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 90786 (msDS-NeverRevealGroup) 1: 20B5: DSID-03152804, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 90788 (msDS-RevealOnDemandGroup) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 558, in run dns_backend=dns_backend) File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 1071, in join_RODC ctx.do_join() File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 1007, in do_join ctx.join_add_objects() File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 499, in join_add_objects ctx.samdb.add(rec) ### Adding samba4 as a DC ### # samba-tool domain join -d5 my.domain DC -U'adminuser@MY.DOMAIN' --server=nysv-vmdc3.my.domain INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman:
[Samba] NT_STATUS_NO_MEMORY when browsing file server on Belkin modem
Hello, Can someone help me to track down the source of this problem? I'm trying to access a file server running on a Belkin modem with an attached USB drive. Judging my the quality of the firmware on the device, I'd say there's a good chance of it being buggy. But it works well enough on a Windows machine, even one running inside Virtualbox under Linux. I therefore see no reason why it shouldn't work using a Samba client. When I try to connect using smbclient, I can connect OK, and put and retrieve files. But if I try to browse the share using 'ls' or 'du', it returns immediately something like 'NT_STATUS_NO_MEMORY listing *' So I can't get a directory listing of the share, which pretty much makes it useless. Interestingly, when I try to connect to it using XBMC running on my Apple TV, which I assume incorporates samba pretty much off the shelf, it also returns an error indicating problems allocating memory. I have enough IT skills to build samba from source and try to reverse engineer and debug it. I'd just like to benefit from the experience of others before I go down that path. Many thanks, Jonathan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA 4 acting as Domain Server- Is Exchange 2010 capable of being installed?
Hello All, SAMBA 4 is a great advancement, and I have it up and running in a lab environment authenticating Cisco UCM LDAP queries... I am attempting to install an Exchange 2010 deployment for integrated UM testing. As I attempted to extend the schema of the SAMBA 4 AD (setup /ps), the setup program came back and reported the following: The Domain Controller 'smb4.homelab.int' is running the 4.0.0 version of the operating system. Minimal requested version is 5.2 (3790) Service Pack 1. Is it possible to install Exchange 2010 in a Samba4 Active Directory environment ? Is Exchange supported? Many Thanks, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Re: Changing administrator password after Samba4 classic upgrade
Hi Andrew, Sorry for the late response took me a while to figure out the internal DNS. For your queries these are the concern/issues For your testing domain or configuration: - What was working I used to run smoothly the classic upgrade in a new Server (running a Centos 6.3 using OpenLDAP 2.4 before migrating to Samba4 from CentOS 5.5 and Samba 3.3.10 with OpenLDAP 2.3.43 as backend) Copy the backup ldif (from the production server) to the new server (testing domain) and connecting to the new ldap server $sudo slapadd -c -l thebackup.ldif Meaning i have a fully running OpenLDAP 2.4 running, which I used to configure some files like nslcd.conf, pam_ldap.conf, and dap.conf I used the following commands to check $getent group $getent passwd If displays the groups and the users from the ldap database, I can successfully migrated it to Samba4. As based on my test if doesn't have output from the ldap, I can't proceed to classicupgrade. Hope someone give insights more? If no need to change the configurations stated above, or maybe it is a shortcut of what I am doing. As for my understanding samba-tool domain classicugrade need to have LDAP running, and those configurations needed in order to run it properly the LDAP. That's why you need to run still the ldap when issuing the classicupgrade. The patch you given was working fine and even without adding a patch, probably I just got some mistakes before especially on the users and groups in the database. Then copied the tdb files to the new server and on my case generate error on secrets.tdb, what I did issue the command $sudo /usr/local/samba/bin/smbpasswd -w xxx -c /tmp/livedata/samba/smb.conf $cp /var/lib/samba/private/secrets.tdb/tmp/livedata/samba assume xxx the password and /tmp/livedata/samba where your tdb files also located Then run the classicupgrade but modified/delete some users and groups that the conflict or not recognised by the samba-tool domain classicupgrade based on the display. - What was not working Some suggested, NO need to the configure the nslcd.conf, pam_ldap.conf, and the ldap.conf (locally connected) to the LDAP server. But on my case, it doesn't work if I will not change them, in short I can't upgrade to Samba4, using classicupgrade command. Not able to test client from the production that no need to re-authenticate (re-connecting to the samba4 domain from samba3) - What you changed I used to retain the SID, meaning just copy the SID from the production domain, my assumptions that the existing machines in the LDAP database, will be automatically connected without re-authentication. $set netlocalid zzz where zzz is the SID Modified users and groups in the LDAP Server Deleted 'Everyone' group Change SID of user uid=administrator from 20001 to 500 Deleted the Group list of Administrators and added from the list of Administrators' zzz-512 where zzz SID Remove oneGroup, but uncommon group or custom made group - What is now working Work fine no yet problems encountered (coz not yet connected to the production) For your attempt to apply this to your production domain: - What is working So far as I mimicking the testing domain, no problems encountered in migration or running the classicupgrade command - What is not working As I observed the internal DNS having the problem especially once change with an IP address coz only using a DHCP. Not authororitative for '.', forwarding RuntimeError: kinit for xxx$@yyy failed (Cannot contact any KDC for requested realm) ../source4/dsdb/dns/dns_update.c294: Failed DNS update - NT_STATUS_ACCESS_DENIED - What was working but is now not working Not yet so far - What you have attempted to do to fix it What I did as internal DNS having the probs, I used to re-run again samba-tool domain classicupgrade from scratch which solved the problems but so far on the trial of connecting to the 2 actual clients for testing purposes (that no need to re-authenticate) if that will be the case lots of work to do. My question How do able to change the internal DNS server ip? I think it is not using localhost nor 127.0.0.1. Cheers, Mario Codeniera On Fri, Jan 4, 2013 at 5:46 PM, Andrew Bartlett abart...@samba.org wrote: On Fri, 2013-01-04 at 14:09 +1300, Mario Codeniera wrote: Thanks so much Andrew, it is working fine. But when I try to reinstall and recompile without removing the 'root' account from the OpenLDAP and it doesn't have an error (just for curiosity), and the root account password is also the administrator password after migration. I am on the process of connecting it to the real machine which previously connected with the DC-Samba3, seems some problem but I have to re-investigate it the cause maybe a DNS et al. I don't want to re-connect (re-establish) it to the Samba4, coz I retain the SID of Samba4 from Samba3. I used to connect new machine but machines after migration
Re: [Samba] NT_STATUS_NO_MEMORY when browsing file server on Belkin modem
On Fri, Jan 11, 2013 at 02:45:15PM +1100, Jonathan Schultz wrote: Hello, Can someone help me to track down the source of this problem? I'm trying to access a file server running on a Belkin modem with an attached USB drive. Judging my the quality of the firmware on the device, I'd say there's a good chance of it being buggy. But it works well enough on a Windows machine, even one running inside Virtualbox under Linux. I therefore see no reason why it shouldn't work using a Samba client. When I try to connect using smbclient, I can connect OK, and put and retrieve files. But if I try to browse the share using 'ls' or 'du', it returns immediately something like 'NT_STATUS_NO_MEMORY listing *' So I can't get a directory listing of the share, which pretty much makes it useless. Interestingly, when I try to connect to it using XBMC running on my Apple TV, which I assume incorporates samba pretty much off the shelf, it also returns an error indicating problems allocating memory. I have enough IT skills to build samba from source and try to reverse engineer and debug it. I'd just like to benefit from the experience of others before I go down that path. What we need are comparative network traces from accessing the box via windows and smbclient. See https://wiki.samba.org/index.php/Capture_Packets for info how to do that best. Thanks, Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 4659595 s4:lib/messaging: terminate the irpc_servers_byname() result with server_id_set_disconnected() (bug #9540) via af61dad smbd: Fix bug 9549 -- Memleak in the async echo handler from 0d5e2f4 docs: Fix typo in vfs_tsmsm.8.xml. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 465959594a4e033878740f9dfe559525e4559094 Author: Stefan Metzmacher me...@samba.org Date: Fri Jan 4 13:27:26 2013 +0100 s4:lib/messaging: terminate the irpc_servers_byname() result with server_id_set_disconnected() (bug #9540) Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit 8d9a77f8646cd26371dc2ec1d3ed52730ac19eb9) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Thu Jan 10 11:46:05 CET 2013 on sn-devel-104 commit af61dad97203ff1a44093f1cf864c75c2558cd46 Author: Volker Lendecke v...@samba.org Date: Tue Jan 8 15:34:19 2013 +0100 smbd: Fix bug 9549 -- Memleak in the async echo handler Reviewed by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Jan 8 23:30:41 CET 2013 on sn-devel-104 (cherry picked from commit 3d5c534f0cc7c6e3eead7462eef4a178c7035857) --- Summary of changes: source3/smbd/process.c |2 +- source4/lib/messaging/messaging.c |4 ++-- source4/lib/messaging/pymessaging.c |4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/process.c b/source3/smbd/process.c index eeda6f9..e934eaa 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -3022,7 +3022,7 @@ static void smbd_echo_got_packet(struct tevent_req *req) } iov = state-pending[num_pending]; - iov-iov_base = buf; + iov-iov_base = talloc_move(state-pending, buf); iov-iov_len = buflen; DEBUG(10,(echo_handler[%d]: forward to main\n, diff --git a/source4/lib/messaging/messaging.c b/source4/lib/messaging/messaging.c index 6618897..29ba388 100644 --- a/source4/lib/messaging/messaging.c +++ b/source4/lib/messaging/messaging.c @@ -977,7 +977,7 @@ struct server_id *irpc_servers_byname(struct imessaging_context *msg_ctx, for (i=0;icount;i++) { ret[i] = ((struct server_id *)rec.dptr)[i]; } - ret[i] = cluster_id(0, 0); + server_id_set_disconnected(ret[i]); free(rec.dptr); tdb_unlock_bystring(t-tdb, name); talloc_free(t); @@ -1414,7 +1414,7 @@ struct dcerpc_binding_handle *irpc_binding_handle_by_name(TALLOC_CTX *mem_ctx, errno = EADDRNOTAVAIL; return NULL; } - if (sids[0].pid == 0) { + if (server_id_is_disconnected(sids[0])) { talloc_free(sids); errno = EADDRNOTAVAIL; return NULL; diff --git a/source4/lib/messaging/pymessaging.c b/source4/lib/messaging/pymessaging.c index fca46e6..cb79d72 100644 --- a/source4/lib/messaging/pymessaging.c +++ b/source4/lib/messaging/pymessaging.c @@ -247,7 +247,7 @@ static PyObject *py_irpc_servers_byname(PyObject *self, PyObject *args, PyObject return NULL; } - for (i = 0; ids[i].pid != 0; i++) { + for (i = 0; !server_id_is_disconnected(ids[i]); i++) { /* Do nothing */ } @@ -257,7 +257,7 @@ static PyObject *py_irpc_servers_byname(PyObject *self, PyObject *args, PyObject PyErr_NoMemory(); return NULL; } - for (i = 0; ids[i].pid; i++) { + for (i = 0; !server_id_is_disconnected(ids[i]); i++) { PyObject *py_server_id; struct server_id *p_server_id = talloc(NULL, struct server_id); if (!p_server_id) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 213e726 build: Set LD_LIBRARY_PATH in install_with_python.sh via 5a1deec build: Make install_with_python.sh more portable via 8e84c33 build: In install_with_python.sh force using the python from the install we just made via 7acacdf build: Make install_with_python.sh executable via 489ad49 swat: move russian swat files alongside ja and tr via b9fbce2 passdb: Add discard_const_p() to pdb_samba_dsdb via 26bae89 vfs: Fix compilation of solaris ACL module via 9dfd0a0 build: Remove bashism from SAMBAMANPAGES rule from 313da9d smb.conf(5): update list of available protocols (bug #9552) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 213e7260a83d4349132e8c159798b476cec3f814 Author: Andrew Bartlett abart...@samba.org Date: Thu Jan 10 12:00:03 2013 +1100 build: Set LD_LIBRARY_PATH in install_with_python.sh This ensures that the python install finishes correctly. Andrew Bartlett Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Jan 10 14:00:13 CET 2013 on sn-devel-104 commit 5a1deec38a7ff7287b31a47ae61769c66e10de17 Author: Andrew Bartlett abart...@samba.org Date: Thu Jan 10 09:00:37 2013 +1100 build: Make install_with_python.sh more portable Reviewed-by: Stefan Metzmacher me...@samba.org commit 8e84c33a6094288ec2c8964588c679a71742e855 Author: Andrew Bartlett abart...@samba.org Date: Thu Jan 10 08:51:34 2013 +1100 build: In install_with_python.sh force using the python from the install we just made Reviewed-by: Stefan Metzmacher me...@samba.org commit 7acacdfc05d3162b2879b6ac80d0809b5af96f1e Author: Andrew Bartlett abart...@samba.org Date: Thu Jan 10 08:50:53 2013 +1100 build: Make install_with_python.sh executable Reviewed-by: Stefan Metzmacher me...@samba.org commit 489ad498ab14340eb99f35a8814418db9db788a5 Author: Andrew Bartlett abart...@samba.org Date: Thu Dec 20 18:36:40 2012 +1100 swat: move russian swat files alongside ja and tr Reviewed-by: Stefan Metzmacher me...@samba.org commit b9fbce20613952ead92dde3981a57f6d825c0584 Author: Andrew Bartlett abart...@samba.org Date: Thu Dec 13 10:33:04 2012 +1100 passdb: Add discard_const_p() to pdb_samba_dsdb Reviewed-by: Stefan Metzmacher me...@samba.org commit 26bae894f2ae898c51535dda14060ecf4786c6ec Author: Andrew Bartlett abart...@samba.org Date: Sat Jan 5 14:53:13 2013 +1100 vfs: Fix compilation of solaris ACL module Andrew Bartlett Reviewed-by: Stefan Metzmacher me...@samba.org commit 9dfd0a0dc980b521905399e0b409cb81fbbe6b37 Author: Andrew Bartlett abart...@samba.org Date: Wed Jan 9 09:39:59 2013 +1100 build: Remove bashism from SAMBAMANPAGES rule In sh, you must assign the variable, then export it. Andrew Bartlett Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: buildtools/wafsamba/wafsamba.py|3 ++- install_with_python.sh |7 ++- source3/modules/vfs_solarisacl.c |2 +- source3/passdb/pdb_samba_dsdb.c|4 ++-- .../lang}/ru/help/welcome-no-samba-doc.html|0 {source3/po = swat/lang}/ru/help/welcome.html |0 {source3/po = swat/lang}/ru/images/globals.gif| Bin 2041 - 2041 bytes {source3/po = swat/lang}/ru/images/home.gif | Bin 2190 - 2190 bytes {source3/po = swat/lang}/ru/images/passwd.gif | Bin 1936 - 1936 bytes {source3/po = swat/lang}/ru/images/printers.gif | Bin 2139 - 2139 bytes {source3/po = swat/lang}/ru/images/shares.gif | Bin 2081 - 2081 bytes {source3/po = swat/lang}/ru/images/status.gif | Bin 2305 - 2305 bytes {source3/po = swat/lang}/ru/images/viewconfig.gif | Bin 2096 - 2096 bytes {source3/po = swat/lang}/ru/images/wizard.gif | Bin 2605 - 2605 bytes {source3/po = swat/lang}/ru/include/header.html |0 15 files changed, 11 insertions(+), 5 deletions(-) mode change 100644 = 100755 install_with_python.sh rename {source3/po = swat/lang}/ru/help/welcome-no-samba-doc.html (100%) rename {source3/po = swat/lang}/ru/help/welcome.html (100%) rename {source3/po = swat/lang}/ru/images/globals.gif (100%) rename {source3/po = swat/lang}/ru/images/home.gif (100%) rename {source3/po = swat/lang}/ru/images/passwd.gif (100%) rename {source3/po = swat/lang}/ru/images/printers.gif (100%) rename {source3/po = swat/lang}/ru/images/shares.gif (100%) rename {source3/po = swat/lang}/ru/images/status.gif (100%) rename {source3/po = swat/lang}/ru/images/viewconfig.gif (100%) rename {source3/po = swat/lang}/ru/images/wizard.gif (100%)
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 051a1a9 samba-tool classicupgrade: Do not print the admin password during upgrade via 5e0fcb0 s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307 via c9d2ca5 selftest: Add test for rfc2307 mapping handling via 5812eb3 dsdb-acl: give error string if we can not obtain the schema via 99d872e s4-dbcheck: Allow forcing an override of an old @MODULES record from 213e726 build: Set LD_LIBRARY_PATH in install_with_python.sh http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 051a1a9c6417c2cbffa7d091ae477a6c7922d363 Author: Andrew Bartlett abart...@samba.org Date: Sat Dec 22 09:28:05 2012 +1100 samba-tool classicupgrade: Do not print the admin password during upgrade This changes the code to only set and show a new password if no admin user is found during the upgrade. Andrew Bartlett Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Jan 10 16:55:23 CET 2013 on sn-devel-104 commit 5e0fcb04a48d96669ed4376bfa17f679e3582236 Author: Andrew Bartlett abart...@samba.org Date: Wed Dec 26 20:48:12 2012 +1100 s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307 This change matches the source3/idmap/idmap_ad.c code, and allows this feature to work with only the setting of the UID/GID in Active Directory Users and Computers. Andrew Bartlett Reviewed-by: Stefan Metzmacher me...@samba.org commit c9d2ca585e198b1006bbf7f1a3c988c1188b66cb Author: Andrew Bartlett abart...@samba.org Date: Fri Dec 28 12:36:06 2012 +1100 selftest: Add test for rfc2307 mapping handling Reviewed-by: Stefan Metzmacher me...@samba.org commit 5812eb3c1deac51891f01338b4771b1e397dc24d Author: Andrew Bartlett abart...@samba.org Date: Thu Jan 3 21:31:22 2013 +1100 dsdb-acl: give error string if we can not obtain the schema Reviewed-by: Stefan Metzmacher me...@samba.org commit 99d872ee9261a299add4718c38234dfe9f7658fc Author: Andrew Bartlett abart...@samba.org Date: Thu Aug 23 15:18:13 2012 +1000 s4-dbcheck: Allow forcing an override of an old @MODULES record Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: nsswitch/tests/test_rfc2307_mapping.sh | 181 ++ selftest/selftest.pl |5 +- selftest/target/Samba4.pm|8 +- source4/dsdb/samdb/ldb_modules/acl.c |5 +- source4/scripting/python/samba/dbchecker.py |9 + source4/scripting/python/samba/netcmd/dbcheck.py | 24 +++- source4/scripting/python/samba/upgrade.py| 11 ++- source4/selftest/tests.py|1 + source4/winbind/idmap.c |9 +- testprogs/blackbox/dbcheck.sh|5 + 10 files changed, 243 insertions(+), 15 deletions(-) create mode 100755 nsswitch/tests/test_rfc2307_mapping.sh Changeset truncated at 500 lines: diff --git a/nsswitch/tests/test_rfc2307_mapping.sh b/nsswitch/tests/test_rfc2307_mapping.sh new file mode 100755 index 000..f1e3ea9 --- /dev/null +++ b/nsswitch/tests/test_rfc2307_mapping.sh @@ -0,0 +1,181 @@ +#!/bin/sh +# Blackbox test for wbinfo and rfc2307 mappings +if [ $# -lt 4 ]; then +cat EOF +Usage: test_rfc2307_mapping.sh DOMAIN USERNAME PASSWORD SERVER UID_RFC2307TEST GID_RFC2307TEST +EOF +exit 1; +fi + +DOMAIN=$1 +USERNAME=$2 +PASSWORD=$3 +SERVER=$4 +UID_RFC2307TEST=$5 +GID_RFC2307TEST=$6 +shift 6 + +failed=0 +samba4bindir=$BINDIR +wbinfo=$VALGRIND $samba4bindir/wbinfo +samba_tool=$VALGRIND $samba4bindir/samba-tool +ldbmodify=$samba4bindir/ldbmodify + +. `dirname $0`/../../testprogs/blackbox/subunit.sh + +testfail() { + name=$1 + shift + cmdline=$* + echo test: $name + $cmdline + status=$? +if [ x$status = x0 ]; then +echo failure: $name +else +echo success: $name +fi +return $status +} + +knownfail() { +name=$1 +shift +cmdline=$* +echo test: $name +$cmdline +status=$? +if [ x$status = x0 ]; then +echo failure: $name [unexpected success] + status=1 +else +echo knownfail: $name + status=0 +fi +return $status +} + + +# Create new testing account +testit user add $samba_tool user create --given-name=rfc2307 --surname=Tester --initial=UT rfc2307_test_user testp@ssw0Rd $@ + +#test creation of six different groups +testit group add $samba_tool group add $CONFIG
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via edbc26b scripting/samba_upgradedns: Only look for IPv4/IPv6 addresses if we actually them from 051a1a9 samba-tool classicupgrade: Do not print the admin password during upgrade http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit edbc26bca84ee77b5a9571ba8dc9416c0db25906 Author: Andrew Bartlett abart...@samba.org Date: Fri Dec 28 10:05:40 2012 +1100 scripting/samba_upgradedns: Only look for IPv4/IPv6 addresses if we actually them This allows the script to be used to create/remove the samba-specific dns-SERVER account when we do not need to create the in-directory partition. Andrew Bartlett Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Jan 10 20:56:50 CET 2013 on sn-devel-104 --- Summary of changes: source4/scripting/bin/samba_upgradedns | 43 --- 1 files changed, 22 insertions(+), 21 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/bin/samba_upgradedns b/source4/scripting/bin/samba_upgradedns index ba597cf..f389ef7 100755 --- a/source4/scripting/bin/samba_upgradedns +++ b/source4/scripting/bin/samba_upgradedns @@ -278,27 +278,6 @@ if __name__ == '__main__': logger.error(Cannot create AD based DNS for OS level 2003) sys.exit(1) -logger.info(Looking up IPv4 addresses) -hostip = interface_ips_v4(lp) -try: -hostip.remove('127.0.0.1') -except ValueError: -pass -if not hostip: -logger.error(No IPv4 addresses found) -sys.exit(1) -else: -hostip = hostip[0] -logger.debug(IPv4 addresses: %s % hostip) - -logger.info(Looking up IPv6 addresses) -hostip6 = interface_ips_v6(lp, linklocal=False) -if not hostip6: -hostip6 = None -else: -hostip6 = hostip6[0] -logger.debug(IPv6 addresses: %s % hostip6) - domaindn = names.domaindn forestdn = names.rootdn @@ -351,6 +330,28 @@ if __name__ == '__main__': ncname = msg[0]['nCName'][0] except Exception, e: logger.info(Creating DNS partitions) + +logger.info(Looking up IPv4 addresses) +hostip = interface_ips_v4(lp) +try: +hostip.remove('127.0.0.1') +except ValueError: +pass +if not hostip: +logger.error(No IPv4 addresses found) +sys.exit(1) +else: +hostip = hostip[0] +logger.debug(IPv4 addresses: %s % hostip) + +logger.info(Looking up IPv6 addresses) +hostip6 = interface_ips_v6(lp, linklocal=False) +if not hostip6: +hostip6 = None +else: +hostip6 = hostip6[0] +logger.debug(IPv6 addresses: %s % hostip6) + create_dns_partitions(ldbs.sam, domainsid, names, domaindn, forestdn, dnsadmins_sid) -- Samba Shared Repository
[SCM] CTDB repository - branch 1.2.40 updated - ctdb-1.2.56-1-g9fbd13e
The branch, 1.2.40 has been updated via 9fbd13ea7d3da5e297827e7763f336f484262f47 (commit) from 143ec438d9281a11fc7800921c2859a242037775 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.2.40 - Log - commit 9fbd13ea7d3da5e297827e7763f336f484262f47 Author: Amitay Isaacs ami...@gmail.com Date: Wed Jan 9 11:03:18 2013 +1100 scripts: Fix the variable name for sed expressions Signed-off-by: Amitay Isaacs ami...@gmail.com --- Summary of changes: config/debug_locks.sh |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/config/debug_locks.sh b/config/debug_locks.sh index 5b9efed..91cb405 100755 --- a/config/debug_locks.sh +++ b/config/debug_locks.sh @@ -13,7 +13,7 @@ out=$( cat /proc/locks | while read pid rest ; do pname=$(readlink /proc/$pid/exe) echo $pid $pname $rest -done | sed -e $sed_fu | grep \.tdb ) +done | sed -e $sed_cmd | grep \.tdb ) if [ -n $out ]; then # Log information about locks -- CTDB repository