[Samba] Problem joining Samba 4 to an older Samba 4 alpha 17
Hi there, Im trying to join a samba 4.0.1 server to an older samba 4 alpha 17 server. Whatever i do the join is interrupted but i dont know what goes wrong. Dns is double checked and correct as is most other stuff. How can i get a better view of what is happening than this? Can it be the source domain that contains erroneous objects? My goal is to move the old server to a new one, maybe there are a better way of doing this? Suggestions? Error joining to domain: Schema-DN[CN=Schema,CN=Configuration,DC=sesam,DC=lan] objects[402/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=sesam,DC=lan] objects[804/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=sesam,DC=lan] objects[1206/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=sesam,DC=lan] objects[1550/1550] linked_values[0/0] Analyze and apply schema objects Partition[CN=Configuration,DC=sesam,DC=lan] objects[402/1674] linked_values[0/0] Partition[CN=Configuration,DC=sesam,DC=lan] objects[804/1674] linked_values[0/0] Partition[CN=Configuration,DC=sesam,DC=lan] objects[1206/1674] linked_values[0/0] Partition[CN=Configuration,DC=sesam,DC=lan] objects[1608/1674] linked_values[0/0] Partition[CN=Configuration,DC=sesam,DC=lan] objects[1674/1674] linked_values[94/0] Partition[DC=sesam,DC=lan] objects[100/100] linked_values[79/0] Partition[DC=sesam,DC=lan] objects[502/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[904/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[1306/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[1708/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[2110/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[2512/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[2914/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[3316/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[3718/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[4120/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[4522/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[4924/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[5326/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[5728/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[6130/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[6532/6594] linked_values[0/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1338/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1500/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1500/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1500/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1500/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1500/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[1500/0] Partition[DC=sesam,DC=lan] objects[6694/6594] linked_values[811/0] ERROR(runtime): uncaught exception - (-1073741807, 'NT_STATUS_END_OF_FILE') File /usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/lib/python2.7/dist-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/lib/python2.7/dist-packages/samba/join.py, line 1104, in join_DC ctx.do_join() File /usr/lib/python2.7/dist-packages/samba/join.py, line 1014, in do_join ctx.join_finalise() File /usr/lib/python2.7/dist-packages/samba/join.py, line 812, in join_finalise ctx.send_DsReplicaUpdateRefs(nc) File /usr/lib/python2.7/dist-packages/samba/join.py, line 797, in send_DsReplicaUpdateRefs ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1, r) //danileh -- With best regards, Daniel Hedblom Sysadmin Phone: +46 (0) 620-68 22 02 Mobile: + 46 (0) 70 383 72 44 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Request to an old post - Having problem with Samba Internal DNS
Hello all, I have installed Samba on a Cent OS 6.3. I followed the Samba4/HOW-TO. I'm using the samba internal dns. I can join the domain with a Win 7 Client but I have problems with the internal dns. I tried to test/debug the dynamic dns update by the help of the Samba4/HOW-TO. The summary of the error-message: ; TSIG error with server: tsig verify failure Failed nsupdate: 2 Failed update of 21 entries In the archive of the mailing list I found the same error. Unfortunately there is no solution for the problem but the user solved the Problem https://lists.samba.org/archive/samba/2012-October/169446.html Thanks beforehand, Christof -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 DNS: recursion requested but not available
On 2013-01-17 19:27, Thomas Simmons wrote: Hi Thomas, Has this problem been fixed? It looks like the patch referenced above had issues, but there were no further follow-ups in bugzilla. I'm still trying to figure out why the proposed patch doesn't work. Currently I'm getting a better debugging infrastructure in place for all things DNS, I'm hoping to tackle this issue next. My current state is at https://gitweb.samba.org/?p=kai/samba.git;a=shortlog;h=refs/heads/bug9485 but note that this currently has the same issues as the patch on bug #9485. Cheers, Kai -- Kai Blin Worldforge developer http://www.worldforge.org/ Wine developer http://wiki.winehq.org/KaiBlin Samba team member http://www.samba.org/samba/team/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem joining Samba 4 to an older Samba 4 alpha 17
On Fri, 2013-01-18 at 10:11 +0100, Daniel Hedblom wrote: Hi there, Im trying to join a samba 4.0.1 server to an older samba 4 alpha 17 server. Whatever i do the join is interrupted but i dont know what goes wrong. Dns is double checked and correct as is most other stuff. How can i get a better view of what is happening than this? Can it be the source domain that contains erroneous objects? My goal is to move the old server to a new one, maybe there are a better way of doing this? Suggestions? Honestly, upgrading in place is the best way to do this. Backup the old DC, upgrade in place, and start the 4.0.1 release. The role transfer stuff isn't as reliable as we would like, whereas in-place is. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Integration With Google
On Wed, 2013-01-16 at 13:59 -0800, Varoujan Avanessians wrote: Hello everone, In my Company we are going through a network redesign and Planning to retire our Novel edirectory, and Novel Servers and replace them with Samba4 (Over 150 Servers). We have setup a Samba4 test environment which seems to be working well so far. We are an organization with multiple locations and over 1200 users, we are also very heavy users of google apps. I have couple of questions that I need help with. 1- Is it possible to Integrate samba4 with Google Apps for Single sign-on, I know google has and application that Integrates Microsoft Active Directory with Google Apps, so I assume it should be possible with Samba4 too. Has anyone tried and used this feature with success? I think that outputting the password sync would be a custom development task at this point. It will be a very useful feature for others too. 2- We already have over 1200 accounts on Google. Is there a way to Import these user accounts into samba4? The hard part will be getting the plaintext passwords. Otherwise, it is mostly a matter of just getting the data into AD-like LDIF files, and adding them. You might be able to instead upgrade your Novell domain into Samba 4.0's AD DC, if it currently backs a Samba 3.x 'classic' domain (or can be made to), or otherwise you should be able to get the plaintext pw from the Novell server with some work. I would really appreciate any help in this matter and welcome any additional suggestions that you may have for a Project of this magnitude. This certainly needs a lot of care. What you are proposing would be one of our larger deployments in terms of numbers of users, and is very large in terms of number of servers (almost certainly the largest, if you really want 150 DCs), and will be stretching our replication capabilities. I'll help you however I can, but you may wish to engage some professional support as well. I do wish you all the best. It is great to see folks taking Samba 4.0 as an AD DC to new and exciting places! Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with smbclient send netbios message
On Wed, 2013-01-16 at 13:11 -0200, José Colzani wrote: Hi. First, sorry by my bad english :) I had a samba 3.0 and use a script with smbclient to send messages to 30 computers in my laboratory. I upgrade to debian squeeze and samba 3.5 and now i dont use the script command. root@escort:~# echo Testando | smbclient -NM LAB5-01 -I 192.168.3.200 Type your message, ending it with a Control-D cli_message returned NT_STATUS_PIPE_BROKEN I finding in samba bugzilla this: https://bugzilla.samba.org/show_bug.cgi?id=7635 When i test with RH 5.9 with samba 3.0 this work, only with samba 3.5 dont work. [root@delorean ~]# smbclient --version Version 3.0.33-3.39.el5_8 [root@delorean ~]# echo Teste | smbclient -M LAB5-01 -I 192.168.3.200 Connected. Type your message, ending it with a Control-D sent 7 bytes Please, can anyone helpme? Try Samba 4.0. it is actually tested as part of 'make test' in the 4.0 release, so you may have better luck there. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem joining Samba 4 to an older Samba 4 alpha 17
2013/1/18 Andrew Bartlett abart...@samba.org On Fri, 2013-01-18 at 10:11 +0100, Daniel Hedblom wrote: Hi there, Im trying to join a samba 4.0.1 server to an older samba 4 alpha 17 server. Whatever i do the join is interrupted but i dont know what goes wrong. Dns is double checked and correct as is most other stuff. How can i get a better view of what is happening than this? Can it be the source domain that contains erroneous objects? My goal is to move the old server to a new one, maybe there are a better way of doing this? Suggestions? Honestly, upgrading in place is the best way to do this. Backup the old DC, upgrade in place, and start the 4.0.1 release. The role transfer stuff isn't as reliable as we would like, whereas in-place is. Thanks for answering so fast. Im trying to move to a new hardware at the same time, and the server is not easily upgraded as its an Resara Server with their own packages of Samba4. Not so sure i would be successfull if i upgrade. I would very much prefer if i could move the machine and user accounts somehow without doing nasty stuff to the original server. If i upgrade in place will a subsequent join of another DC be easier then? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org //danielh -- With best regards, Daniel Hedblom Sysadmin Phone: +46 (0) 620-68 22 02 Mobile: + 46 (0) 70 383 72 44 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba AD DC initial join fails at schema replication
On Thu, 2013-01-17 at 13:57 -0800, Matthieu Patou wrote: On 01/16/2013 06:03 PM, Rican, Joshua T Civ USAF AF ISR Agency NASIC/SCXE wrote: Date: 16Jan2013 Samba Version: 4.0.1 OS Version: RHEL 6.3 Windows OS: Server 2012 Forest/Domain: 2008r2 Warning: Failed to convert schema object CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,dnsdomain into ldb msg That's a known issue I have a patch for this it was working back in October and it's in my todo to restest it, ping me in a couple of days, for the moment you need not to have Windows 2012 schema. That is to say never join a Windows 2012 server to your domain. Do you mean (a) Do not join a Windows 2012 Server to the domain or (b) do not join a Windows 2012 Server as a Domain Controller in the domain? -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba AD DC initial join fails at schema replication
For the sake of clarity, I was originally operating at forest/domain 2012 levels in this environment. I rolled back to 2008r2 due to an earlier issue. Subject: Re: [Samba] Samba AD DC initial join fails at schema replication On Thu, 2013-01-17 at 13:57 -0800, Matthieu Patou wrote: On 01/16/2013 06:03 PM, Rican, Joshua T Civ USAF AF ISR Agency NASIC/SCXE wrote: Date: 16Jan2013 Samba Version: 4.0.1 OS Version: RHEL 6.3 Windows OS: Server 2012 Forest/Domain: 2008r2 Warning: Failed to convert schema object CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,dnsdomain into ldb msg That's a known issue I have a patch for this it was working back in October and it's in my todo to restest it, ping me in a couple of days, for the moment you need not to have Windows 2012 schema. That is to say never join a Windows 2012 server to your domain. Do you mean (a) Do not join a Windows 2012 Server to the domain or (b) do not join a Windows 2012 Server as a Domain Controller in the domain? -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba smime.p7s Description: S/MIME cryptographic signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3 classicupgrade to Samba AD
Here is the whole command I am testing: root@telluride:/usr/local/samba# /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir /root/old-samba/ --use-xattrs=yes --realm=ntserv.local /root/old-samba/smb.conf Reading smb.conf Processing section [netlogon] Unknown parameter encountered: share modes Ignoring unknown parameter share modes Provisioning Exporting account policy Exporting groups Exporting users Ignoring group memberships of 'L-LECHUGA$' S-1-5-21-684095783-2094215992-774919444-1995: Unable to enumerate group memberships, (-1073741724,No such user) Ignoring group memberships of 'ahendrickson' S-1-5-21-684095783-2094215992-774919444-1921: Unable to enumerate group memberships, (-1073741724,No such user) .. a whole bunch of similar errors Ignoring group memberships of 'S-GURULE$' S-1-5-21-684095783-2094215992-774919444-1658: Unable to enumerate group memberships, (-1073741724,No such user) Next rid = 6155 Exporting posix attributes Reading WINS database Cannot open wins database, Ignoring: [Errno 2] No such file or directory: '/root/old-samba/wins.dat' lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Processing section [netlogon] Processing section [sysvol] Module 'acl_xattr' loaded Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema partition_metadata: Migrating partition metadata Adding DomainDN: DC=ntserv,DC=local DN: DC=ntserv,DC=local is a NC Adding configuration container DN: CN=Configuration,DC=ntserv,DC=local is a NC Setting up sam.ldb schema DN: CN=Schema,CN=Configuration,DC=ntserv,DC=local is a NC Setting up sam.ldb configuration data Setting up display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Setting acl on sysvol skipped Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=ntserv,DC=local Creating DomainDnsZones and ForestDnsZones partitions DN: DC=DomainDnsZones,DC=ntserv,DC=local is a NC DN: DC=ForestDnsZones,DC=ntserv,DC=local is a NC Populating DomainDnsZones and ForestDnsZones partitions Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf Setting up fake yp server settings Once the above files are installed, your Samba4 server will be ready to use Admin password:5]9+V=xFXT9sixJ+o0!4O Server Role: active directory domain controller Hostname: telluride NetBIOS Domain:NTSERV DNS Domain:ntserv.local DOMAIN SID:S-1-5-21-684095783-2094215992-774919444 Importing WINS database Importing Account policy Importing idmap database Processing section [netlogon] Processing section [sysvol] Importing groups Importing users Adding users to groups Processing section [netlogon] Processing section [sysvol] idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER. ERROR(runtime): uncaught exception - (-1073741734, 'NT_STATUS_INVALID_OWNER') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py, line 926, in upgrade_from_samba3 result.names.domaindn, result.lp, use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py, line 1476, in setsysvolacl setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb) File /usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py, line 154, in setntacl smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd) Thank you again for your help on this. Thanks, Max Andrew Bartlett abart...@samba.org 1/16/2013 2:24 PM On Wed, 2013-01-16 at 09:23 -0700, Max Olivas wrote: Is the workaround something I do or something that is fixed in the newer version? Thanks, Max Max Olivas moli...@northglenn.org 1/15/2013 6:54 AM Version 4.1.0pre1-GIT-94f11e9 on Ubuntu 12.04 LTS. Thanks, Max Andrew Bartlett abart...@samba.org 1/14/2013 3:01 PM On Mon, 2013-01-14 at 14:14 -0700, Max Olivas wrote: Hey All, Thanks for the feedback. I've
Re: [Samba] samba 3 - getting rid of some logfile errors
Jürgen Echter j.echter at echter-kuechen-elektro.de writes: Hi, i have a lot of entries in my logs which i can't solve, but everything works as expected. my setup: samba pdc - bacula samba bdc - mule Ubuntu 10.04-LTS Server samba 3.4.7 log file entries: Aug 1 08:25:40 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:41 bacula smbd[23854]: [2012/08/01 08:25:41, 0] smbd/service.c:988(make_connection_snum) Aug 1 08:25:41 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:743(write_data) Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] smbd/process.c:62(srv_send_smb) Aug 1 08:25:44 bacula smbd[24003]: Error writing 4 bytes to client. -1. (Transport endpoint is not connected) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:539(read_fd_with_timeout) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:26:07 bacula smbd[24002]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:26:07 bacula smbd[24002]: read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. any hints how to resolve this? thanks juergen Hello Juergen, I also have the same exact error messages in SMBD log´s: lib/util_sock.c:1498(get_peer_addr_internal and lib/util_sock.c:539(read_fd_with_timeout) we use Ubuntu Server 10.4 (Samba 3.4.7) Member server everything works ok two...We have an Active Directory 2008 domain Did you get to solve this problems? Vladimiro Sabino -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to set ACLs with Samba4 AD?
I apologize if this is very beginner/basic. In my defense, I can't get the Samba4 documentation to compile on my system, and I can't find the man pages online (a pointer to them would be extremely helpful). And in general, I am having difficulty sorting through the documentation on the wiki because much of it is clearly pre-Samba4 and therefore obsolete, or at least questionable. It's hard to know what is relevant. Most of the posts I see here seem to be much better informed than I am. I would love to know how they obtained their knowledge. So here is my question: I am running Samba4 as an AD and file server. How do I define ACLs for the samba shares, for domain users groups? These users and groups are not defined on the underlying OS (CentOS 6.3). It seems the answer is to do it via the underlying filesystem, but how is that possible when the domain users groups are not defined in the OS? I see samba-tool has some ACL get/set capability. Is that the answer? Or is there some special magic to get CentOS to control file access by referring to the Samba4 AD? Many thanks in advance for any help. And I would be very grateful for pointers to Samba4 introductory or background material (I have used the HOW-TOs extensively). Lee Allen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ldap users with users samba
Hello ! I trying sync ldap users with users samba. I´m using a interface, by create ldap users. So, when ldap user be created, i want account e password samba be created. No my smb.conf I put the follow lines: ldap admin dn = cn=admin,dc=def,dc=mg,dc=gov,dc=br ldap group suffix = ou = groups ldap machine suffix = ou = computers ldap passwd sync = yes encrypt passwords = Yes ldap suffix = dc=def,dc=mg,dc=gov,dc=br ldap ssl = no ldap user suffix = ou = defensory smb ports = 445 139 add user script = /usr/sbin/smbldap-useradd -a -m %u add group script = /usr/sbin/smbldap-groupadd -p %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u passwd program = /usr/sbin/smbldap-passwd -s %u passdb backend = ldapsam:ldap://10.65.8.95 passdb backend = tdbsam hosts allow = 127.0.0.1, 10.65.8.0/255.255.252.0 pam password change = yes passwd program = /usr/bin/passwd %u I make a configure in sladp.conf: include /etc/ldap/schema/ppolicy.schema moduleload ppolicy.so overlay ppolicy access to attrs=userPassword,shadowLastChange,sambaPwdMustChange,sambaLMPassword,sambaPwdLastSet,sambaNTPassword by dn=cn=admin,dc=def,dc=mg,dc=gov,dc=br write by anonymous auth by self write by * none The user ldap is done, but samba user is not created. See some logs: Jan 18 16:09:01 defensoria slapd[6210]: conn=2455 fd=50 ACCEPT from IP=10.65.8.95:54507 (IP=0.0.0.0:389) So its bad. root@replica:/etc/ldap# smbclient -L 10.65.8.95 -U xbox Enter xbox's password: session setup failed: NT_STATUS_LOGON_FAILURE Thanks ! Rodrigo Faria Tavares -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] pam_smbpass.so on AIX
Yet another odd one... I've got it set up now so that swat uses pam_smbpass.so, and once a user logs into swat at least once, it'll update their password in the passdb backend configured for Samba. But, I also need to ensure that when a user changes their password via passwd, it also gets updated. I added the following in /etc/security/login.cfg: usw: auth_type = PAM_AUTH and that makes telnetd, passwd, etc all go through pam. However, when I try to log in via telnet or run passwd, I get this in syslog.log: Jan 18 10:59:06 systst auth|security:debug login PAM: load_modules: /usr/lib/security/pam_aix Jan 18 10:59:06 systst auth|security:debug login PAM: load_function: successful load of pam_sm_authenticate Jan 18 10:59:06 systst auth|security:debug login PAM: load_modules: /opt/samba-4.0.0/lib/security/pam_smbpass.so Jan 18 10:59:06 systst auth|security:debug login PAM: open_module: /opt/samba-4.0.0/lib/security/pam_smbpass.so failed: A file or directory in the path name does not exist. Jan 18 10:59:06 systst auth|security:err|error login PAM: load_modules: can not open module /opt/samba-4.0.0/lib/security/pam_smbpass.so However, if I run swat, it'll load /opt/samba-4.0.0/lib/security/pam_smbpass.so just fine. No, it's not a typo, and yes, the module is present in that path. I don't know what to do. I need to deploy this tomorrow (Saturday), and the users need to be able to update their Samba passwords when they run passwd, etc. Replacing the system passwd program with a script that calls both from absolute paths is not a workable solution, though technically it would work. Anyway, any idea why swat can load pam_smbpass.so but not telnetd or passwd? Many thanks! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] compiling samba for ubuntu 12.4 lts
OK, it worked. I used the git package configuration as described at http://wiki.samba.org/index.php/Samba4/Debian but I had to make some small adjustments. It was unavoidable to use the following packages from the latest ubuntu repositories. I chose to create a local repository with only these debs to stay as close to the lts-version as possible. heimdal-dev_1.6~git20120403+dfsg1-2_amd64.deb heimdal-multidev_1.6~git20120403+dfsg1-2_amd64.deb libasn1-8-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libgssapi3-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libhcrypto4-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libhdb9-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libheimbase1-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libheimntlm0-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libhx509-5-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libkadm5clnt7-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libkadm5srv8-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libkafs0-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libkdc2-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libkrb5-26-heimdal_1.6~git20120403+dfsg1-2_amd64.deb libldb1_1.1.13-1_amd64.deb libldb-dev_1.1.13-1_amd64.deb libtdb1_1.2.10-2_amd64.deb libtdb-dev_1.2.10-2_amd64.deb libtevent0_0.9.17-1_amd64.deb libtevent-dev_0.9.17-1_amd64.deb libwind0-heimdal_1.6~git20120403+dfsg1-2_amd64.deb python-ldb_1.1.13-1_amd64.deb python-ldb-dev_1.1.13-1_amd64.deb python-tdb_1.2.10-2_amd64.deb install dependencies: apt-get install bison docbook-xml docbook-xsl flex heimdal-dev heimdal-multidev libbsd-dev libldb-dev libparse-yapp-perl libsmbclient-dev libsubunit-dev libtalloc-dev libtdb-dev libtevent-dev libwbclient-dev python-all-dev python-ldb python-ldb-dev python-talloc-dev python-tdb python-testtools subunit xsltproc libldb1 libldb-dev libtdb-dev libtevent-dev python-ldb python-ldb-dev python-tdb git clone git://git.debian.org/pkg-samba/samba4 samba4-unstable mv samba4-unstable/debian debian rm -r samba4-unstable vi debian/winbind4.install # remove last line usr/share/man/man1/ntlm_auth4.1 vi debian/changelog # change to: samba (4.0.1-0ubuntu1) unstable; urgency=low * Initial release (Closes: #) is the bug number of your ITP -- firstname name email Wed, 16 Jan 2013 16:35:18 +0100 vi debian/control # edit line 3 change Maintainer to: Maintainer: Ubuntu Developers ubuntu-devel-disc...@lists.ubuntu.com insert line: XSBC-Original-Maintainer: Samba Debian Maintainers pkg-samba-ma...@lists.alioth.debian.org vi debian/rules # edit line 84 orig: rm $(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/samba/share/ldb.so # change to: rm -f $(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/samba/share/ldb.so # edit line 100 orig: dh_install --sourcedir=$(DESTDIR) --list-missing --fail-missing # change to: dh_install --sourcedir=$(DESTDIR) --list-missing wget http://www.samba.org/samba/ftp/stable/samba-4.0.1.tar.gz cp samba-4.0.1.tar.gz samba_4.0.1.orig.tar.gz tar -xzf samba-4.0.1.tar.gz cd samba-4.0.1 cp -r ../debian . debuild ../build.log -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to set ACLs with Samba4 AD?
Hello Lee, I am not sure I understand what is your real need. but If you don't want to use samba-tool, you can use windows explorer to set your acls... assuming you have your file system supporting xattr, you can connect to your share drive from windows with a privileged account like the administrator. and then right click on the folder / property / security. you should be able to set/reset acls for users and groups what I used to do, is create my folder, give full priviledge and even acls (OS level) for all on that folder, and then as Admin on windows, I remove and set privilege for only those who need it. You might need the following under your shared folder in smb.conf: vfs objects = acl_xattr Regards, Inno. De : Lee Allen l...@leecallen.com À : samba@lists.samba.org Envoyé le : Vendredi 18 janvier 2013 22h12 Objet : [Samba] How to set ACLs with Samba4 AD? I apologize if this is very beginner/basic. In my defense, I can't get the Samba4 documentation to compile on my system, and I can't find the man pages online (a pointer to them would be extremely helpful). And in general, I am having difficulty sorting through the documentation on the wiki because much of it is clearly pre-Samba4 and therefore obsolete, or at least questionable. It's hard to know what is relevant. Most of the posts I see here seem to be much better informed than I am. I would love to know how they obtained their knowledge. So here is my question: I am running Samba4 as an AD and file server. How do I define ACLs for the samba shares, for domain users groups? These users and groups are not defined on the underlying OS (CentOS 6.3). It seems the answer is to do it via the underlying filesystem, but how is that possible when the domain users groups are not defined in the OS? I see samba-tool has some ACL get/set capability. Is that the answer? Or is there some special magic to get CentOS to control file access by referring to the Samba4 AD? Many thanks in advance for any help. And I would be very grateful for pointers to Samba4 introductory or background material (I have used the HOW-TOs extensively). Lee Allen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] pam_smbpass.so on AIX
On Fri, 2013-01-18 at 19:20 +, Benjamin Huntsman wrote: Yet another odd one... I've got it set up now so that swat uses pam_smbpass.so, and once a user logs into swat at least once, it'll update their password in the passdb backend configured for Samba. But, I also need to ensure that when a user changes their password via passwd, it also gets updated. I added the following in /etc/security/login.cfg: usw: auth_type = PAM_AUTH and that makes telnetd, passwd, etc all go through pam. However, when I try to log in via telnet or run passwd, I get this in syslog.log: Jan 18 10:59:06 systst auth|security:debug login PAM: load_modules: /usr/lib/security/pam_aix Jan 18 10:59:06 systst auth|security:debug login PAM: load_function: successful load of pam_sm_authenticate Jan 18 10:59:06 systst auth|security:debug login PAM: load_modules: /opt/samba-4.0.0/lib/security/pam_smbpass.so Jan 18 10:59:06 systst auth|security:debug login PAM: open_module: /opt/samba-4.0.0/lib/security/pam_smbpass.so failed: A file or directory in the path name does not exist. Jan 18 10:59:06 systst auth|security:err|error login PAM: load_modules: can not open module /opt/samba-4.0.0/lib/security/pam_smbpass.so However, if I run swat, it'll load /opt/samba-4.0.0/lib/security/pam_smbpass.so just fine. No, it's not a typo, and yes, the module is present in that path. I don't know what to do. I need to deploy this tomorrow (Saturday), and the users need to be able to update their Samba passwords when they run passwd, etc. Replacing the system passwd program with a script that calls both from absolute paths is not a workable solution, though technically it would work. Anyway, any idea why swat can load pam_smbpass.so but not telnetd or passwd? Run ldd on the binary. it will show the unresolved library references. My guess is that things it relies on, are on in the standard library path for the system. Perhaps edit /etc/ld.so.conf to put opt/samba-4.0.0/lib in that path? Normally all that isn't required (we use -rpath when linking), but perhaps that's working for our binaries (eg swat), but not our plugins when loaded by telnet? Anyway, that's how I would start debugging this. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] pam_smbpass.so on AIX
Run ldd on the binary. it will show the unresolved library references. Hi there! Here is the output: benhu@systst:/opt $ ldd /opt/samba-4.0.0/lib/security/pam_smbpass.so /opt/samba-4.0.0/lib/security/pam_smbpass.so needs: /usr/lib/libc.a(shr.o) /usr/lib/libpam.a(shr.o) /usr/lib/libpthread.a(shr_xpg5.o) /opt/samba-4.0.0/lib/libwbclient.so /usr/lib/librtl.a(shr.o) /unix /usr/lib/libcrypt.a(shr.o) /usr/lib/libmls.a(shr.o) /usr/lib/libpthreads.a(shr_comm.o) /usr/lib/libpthreads.a(shr_xpg5.o) /usr/lib/libmlsenc.a(shr.o) /usr/lib/libodm.a(shr.o) benhu@systst:/opt $ ldd /opt/samba-4.0.0/lib/libwbclient.so /opt/samba-4.0.0/lib/libwbclient.so needs: /usr/lib/libc.a(shr.o) /usr/lib/libpthreads.a(shr_xpg5.o) /usr/lib/librtl.a(shr.o) /unix /usr/lib/libcrypt.a(shr.o) /usr/lib/libpthreads.a(shr_comm.o) AIX doesn't have an rpath option that I know of, and it doesn't have an ld.so.conf. The closest equivalent is to define LIBPATH in /etc/environment. I have done this, since I had to do that to get swat working in the first place. But the above looks good to me, since they're absolute paths you'd think it's just work... Since it works for swat and not for passwd though, I'm wondering if it has something to do with 32-bit vs 64-bit binaries... Thanks! -Ben -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 Easy Transfer
I've installed Windows 7 64/Pro on a former XP/Pro workstation connected to Samba domain (Debian/Squeeze - v3.5.6). Prior to doing this, I saved the settings using the Windows Easy Transfer tool to create a 13G file on a USB stick. I completed the install of Windows 7 and joined the workstation to the domain. I can log in with a Domain Admin account, and I note that the Domain Admins are in the local Administrators group. However when I run the Easy Transfer tool to restore whatever settings it can, I get Windows easy transfer can't log on to your domain account. I've seen some other complaints about Easy Transfer having some problems with Domains, but I'm wondering if there are any known problems with Samba domains? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 2cd0314 ntlm_auth(1): fix format and make examples visible (bug #9569) from 653ebe1 configure: Fix bug 9546, aio_suspend detection on FreeBSD http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 2cd0314f1fe47ac30e0df6791ff27850b09e6d83 Author: Björn Baumbach b...@sernet.de Date: Tue Dec 4 10:54:05 2012 +0100 ntlm_auth(1): fix format and make examples visible (bug #9569) example is no child of para. So these examples were not visible. Using a varlist instead may be not the best way but it does look nice. Signed-off-by: Björn Baumbach b...@sernet.de Reviewed-by: Michael Adam ob...@samba.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit cabc89a1e72fc95300d4b6f8d480a7d666221b8b) --- Summary of changes: docs-xml/manpages-3/ntlm_auth.1.xml | 195 +++ 1 files changed, 108 insertions(+), 87 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/ntlm_auth.1.xml b/docs-xml/manpages-3/ntlm_auth.1.xml index dcf9b42..ffbbf05 100644 --- a/docs-xml/manpages-3/ntlm_auth.1.xml +++ b/docs-xml/manpages-3/ntlm_auth.1.xml @@ -160,111 +160,132 @@ external program to the helper are:/para variablelist varlistentry - termUsername/term - -listitemparaThe username, expected to be in -Samba's smbconfoption name=unix charset/. -/para - - paraexampleUsername: bob/example/para - paraexampleUsername:: Ym9i/example/para - /listitem/varlistentry + termUsername/term + listitemparaThe username, expected to be in + Samba's smbconfoption name=unix charset/. + /para + varlistentry + termExamples:/term + paraUsername: bob/para + paraUsername:: Ym9i/para + /varlistentry + /listitem + /varlistentry varlistentry - termNT-Domain/term -listitemparaThe user's domain, expected to be in -Samba's smbconfoption name=unix charset/. -/para - - paraexampleNT-Domain: WORKGROUP/example/para - paraexampleNT-Domain:: V09SS0dST1VQ/example/para - /listitem/varlistentry + termNT-Domain/term + listitemparaThe user's domain, expected to be in + Samba's smbconfoption name=unix charset/. + /para + + varlistentry + termExamples:/term + paraNT-Domain: WORKGROUP/para + paraNT-Domain:: V09SS0dST1VQ/para + /varlistentry + /listitem + /varlistentry varlistentry - termFull-Username/term -listitemparaThe fully qualified username, expected to be in -Samba's smbconfoption name=unix charset/ and qualified with the -smbconfoption name=winbind separator/. -/para - - paraexampleFull-Username: WORKGROUP\bob/example/para - paraexampleFull-Username:: V09SS0dST1VQYm9i/example/para - /listitem/varlistentry + termFull-Username/term + listitemparaThe fully qualified username, expected to be + in Samba's smbconfoption name=unix charset/ and qualified + with the smbconfoption name=winbind separator/./para + varlistentry + termExamples:/term + paraFull-Username: WORKGROUP\bob/para + paraFull-Username:: V09SS0dST1VQYm9i/para + /varlistentry + /listitem + /varlistentry varlistentry - termLANMAN-Challenge/term - -listitemparaThe 8 byte commandLANMAN Challenge/command value, -generated randomly by the server, or (in cases such as -MSCHAPv2) generated in some way by both the server and -the client. -/para - paraexampleLANMAN-Challenge: 0102030405060708/example/para - /listitem/varlistentry + termLANMAN-Challenge/term + listitemparaThe 8 byte commandLANMAN Challenge/command + value, generated randomly by the server, or (in cases such +
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 090d346 WHATSNEW: Prepare release notes for 3.6.11. from 2cd0314 ntlm_auth(1): fix format and make examples visible (bug #9569) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 090d346017d5b3afb1baaa26d3c05ecb721fbd24 Author: Karolin Seeger ksee...@samba.org Date: Fri Jan 18 11:23:51 2013 +0100 WHATSNEW: Prepare release notes for 3.6.11. Karolin --- Summary of changes: WHATSNEW.txt | 19 ++- 1 files changed, 18 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 9b7c8bb..6599766 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -8,12 +8,29 @@ This is is the latest stable release of Samba 3.6. Major enhancements in Samba 3.6.11 include: -o +o defer_open is triggered multiple times on the same request (bug #9196). +o Fix SEGV wh_n using second vfs module (bug #9471). + Changes since 3.6.10: o Jeremy Allison j...@samba.org +* BUG 9196: defer_open is triggered multiple times on the same request. +* BUG 9550: Mask off signals the correct way from the signal handler. + + +o Björn Baumbach b...@sernet.de +* BUG 9569: ntlm_auth.1: Fix format and make examples visible. + + +o Tsukasa Hamano ham...@osstech.co.jp +* BUG 9471: Fix SEGV when using second vfs module. + + +o Volker Lendecke v...@samba.org +* BUG 9548: Correctly detect O_DIRECT. +* BUG 9546: Fix aio_suspend detection on FreeBSD. ## -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 78f4e66 vfs: Fix compilation of solaris ACL module via adc62f7 wafsamba: use additional xml catalog file (bug #9512) via 7610b4f ntlm_auth(1): fix format and make examples visible (bug #9569) from 097690e Fix bug 9550 - sigprocmask does not work on FreeBSD to stop further signals in a signal handler http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 78f4e66e3064f75bec5e2c358acdc32fd09f80d4 Author: Andrew Bartlett abart...@samba.org Date: Sat Jan 5 14:53:13 2013 +1100 vfs: Fix compilation of solaris ACL module Andrew Bartlett Reviewed-by: Stefan Metzmacher me...@samba.org (cherry picked from commit 26bae894f2ae898c51535dda14060ecf4786c6ec) Fix bug #9564 - error too few arguments in function `solarisacl_sys_acl_get_file`. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri Jan 18 11:25:36 CET 2013 on sn-devel-104 commit adc62f753b3f183580c3eed8cdd8801d7d8e26a2 Author: Björn Baumbach b...@sernet.de Date: Thu Dec 20 10:01:43 2012 +0100 wafsamba: use additional xml catalog file (bug #9512) Add additional /usr/local/share/xml/catalog catalog file platforms (used by freebsd). Fix manual page build on freebsd. Signed-off-by: Björn Baumbach b...@sernet.de Reviewed-by: Michael Adam ob...@samba.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit d61d2af3727a19cc4ddc88ec2faa8aafff9c7422) commit 7610b4fd561300240818c053842ae98412b9ecc4 Author: Björn Baumbach b...@sernet.de Date: Tue Dec 4 10:54:05 2012 +0100 ntlm_auth(1): fix format and make examples visible (bug #9569) example is no child of para. So these examples were not visible. Using a varlist instead may be not the best way but it does look nice. Signed-off-by: Björn Baumbach b...@sernet.de Reviewed-by: Michael Adam ob...@samba.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit cabc89a1e72fc95300d4b6f8d480a7d666221b8b) --- Summary of changes: buildtools/wafsamba/wafsamba.py |3 +- docs-xml/manpages/ntlm_auth.1.xml | 195 source3/modules/vfs_solarisacl.c |2 +- 3 files changed, 111 insertions(+), 89 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py index 9409669..c49f7aa 100644 --- a/buildtools/wafsamba/wafsamba.py +++ b/buildtools/wafsamba/wafsamba.py @@ -790,7 +790,8 @@ def SAMBAMANPAGES(bld, manpages): '''build and install manual pages''' bld.env.SAMBA_EXPAND_XSL = bld.srcnode.abspath() + '/docs-xml/xslt/expand-sambadoc.xsl' bld.env.SAMBA_MAN_XSL = bld.srcnode.abspath() + '/docs-xml/xslt/man.xsl' -bld.env.SAMBA_CATALOGS = 'file:///etc/xml/catalog file://' + bld.srcnode.abspath() + '/bin/default/docs-xml/build/catalog.xml' +bld.env.SAMBA_CATALOGS = 'file:///etc/xml/catalog file:///usr/local/share/xml/catalog file://' + bld.srcnode.abspath() + '/bin/default/docs-xml/build/catalog.xml' + for m in manpages.split(): source = m + '.xml' bld.SAMBA_GENERATOR(m, diff --git a/docs-xml/manpages/ntlm_auth.1.xml b/docs-xml/manpages/ntlm_auth.1.xml index 8bd77bd..619e713 100644 --- a/docs-xml/manpages/ntlm_auth.1.xml +++ b/docs-xml/manpages/ntlm_auth.1.xml @@ -160,111 +160,132 @@ external program to the helper are:/para variablelist varlistentry - termUsername/term - -listitemparaThe username, expected to be in -Samba's smbconfoption name=unix charset/. -/para - - paraexampleUsername: bob/example/para - paraexampleUsername:: Ym9i/example/para - /listitem/varlistentry + termUsername/term + listitemparaThe username, expected to be in + Samba's smbconfoption name=unix charset/. + /para + varlistentry + termExamples:/term + paraUsername: bob/para + paraUsername:: Ym9i/para + /varlistentry + /listitem + /varlistentry varlistentry - termNT-Domain/term -listitemparaThe user's domain, expected to be in -Samba's smbconfoption name=unix charset/. -/para - - paraexampleNT-Domain: WORKGROUP/example/para - paraexampleNT-Domain:: V09SS0dST1VQ/example/para - /listitem/varlistentry + termNT-Domain/term +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4f9cffb BUG 9378: Add extra attributes for AD printer publishing. via 12a08d8 printing: Remove invalid free from error path. from f0852a3 Remove locking across the lifetime of the copychunk call. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4f9cffbae6a60268140eba5e457ac7e86cac6246 Author: David Disseldorp dd...@samba.org Date: Thu Jan 17 13:21:25 2013 +0100 BUG 9378: Add extra attributes for AD printer publishing. Currently attempting to publish a printer in AD fails with Object class violation, due to a number of missing attributes in the LDAP request. Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Fri Jan 18 17:27:35 CET 2013 on sn-devel-104 commit 12a08d8ae254d5cb0651cb6016ab7e1859f47d82 Author: David Disseldorp dd...@samba.org Date: Fri Jan 18 11:48:20 2013 +0100 printing: Remove invalid free from error path. Reviewed-by: Andreas Schneider a...@samba.org --- Summary of changes: source3/printing/nt_printing_ads.c | 87 +++- 1 files changed, 85 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/printing/nt_printing_ads.c b/source3/printing/nt_printing_ads.c index 87cab63..b99a972 100644 --- a/source3/printing/nt_printing_ads.c +++ b/source3/printing/nt_printing_ads.c @@ -87,6 +87,86 @@ done: talloc_free(tmp_ctx); } +static WERROR nt_printer_info_to_mods(TALLOC_CTX *ctx, + struct spoolss_PrinterInfo2 *info2, + ADS_MODLIST *mods) +{ + char *info_str; + + ads_mod_str(ctx, mods, SPOOL_REG_PRINTERNAME, info2-sharename); + ads_mod_str(ctx, mods, SPOOL_REG_SHORTSERVERNAME, lp_netbios_name()); + ads_mod_str(ctx, mods, SPOOL_REG_SERVERNAME, get_mydnsfullname()); + + info_str = talloc_asprintf(ctx, %s\\%s, + get_mydnsfullname(), info2-sharename); + if (info_str == NULL) { + return WERR_NOMEM; + } + ads_mod_str(ctx, mods, SPOOL_REG_UNCNAME, info_str); + + info_str = talloc_asprintf(ctx, %d, 4); + if (info_str == NULL) { + return WERR_NOMEM; + } + ads_mod_str(ctx, mods, SPOOL_REG_VERSIONNUMBER, info_str); + + /* empty strings in the mods list result in an attrubute error */ + if (strlen(info2-drivername) != 0) + ads_mod_str(ctx, mods, SPOOL_REG_DRIVERNAME, info2-drivername); + if (strlen(info2-location) != 0) + ads_mod_str(ctx, mods, SPOOL_REG_LOCATION, info2-location); + if (strlen(info2-comment) != 0) + ads_mod_str(ctx, mods, SPOOL_REG_DESCRIPTION, info2-comment); + if (strlen(info2-portname) != 0) + ads_mod_str(ctx, mods, SPOOL_REG_PORTNAME, info2-portname); + if (strlen(info2-sepfile) != 0) + ads_mod_str(ctx, mods, SPOOL_REG_PRINTSEPARATORFILE, info2-sepfile); + + info_str = talloc_asprintf(ctx, %u, info2-starttime); + if (info_str == NULL) { + return WERR_NOMEM; + } + ads_mod_str(ctx, mods, SPOOL_REG_PRINTSTARTTIME, info_str); + + info_str = talloc_asprintf(ctx, %u, info2-untiltime); + if (info_str == NULL) { + return WERR_NOMEM; + } + ads_mod_str(ctx, mods, SPOOL_REG_PRINTENDTIME, info_str); + + info_str = talloc_asprintf(ctx, %u, info2-priority); + if (info_str == NULL) { + return WERR_NOMEM; + } + ads_mod_str(ctx, mods, SPOOL_REG_PRIORITY, info_str); + + if (info2-attributes PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS) { + ads_mod_str(ctx, mods, SPOOL_REG_PRINTKEEPPRINTEDJOBS, TRUE); + } else { + ads_mod_str(ctx, mods, SPOOL_REG_PRINTKEEPPRINTEDJOBS, FALSE); + } + + switch (info2-attributes 0x3) { + case 0: + ads_mod_str(ctx, mods, SPOOL_REG_PRINTSPOOLING, + SPOOL_REGVAL_PRINTWHILESPOOLING); + break; + case 1: + ads_mod_str(ctx, mods, SPOOL_REG_PRINTSPOOLING, + SPOOL_REGVAL_PRINTAFTERSPOOLED); + break; + case 2: + ads_mod_str(ctx, mods, SPOOL_REG_PRINTSPOOLING, + SPOOL_REGVAL_PRINTDIRECT); + break; + default: + DEBUG(3, (unsupported printer attributes %x\n, + info2-attributes)); + } + + return WERR_OK; +} + static WERROR nt_printer_publish_ads(struct messaging_context *msg_ctx, ADS_STRUCT *ads,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 63a7d38 nsswitch: Fix two bitfield constants being the same. via d814cfa Sort winbind request flags. Ira saw we have a duplicate. via a8fe624 smbtorture: Satisfy a linker dependency via 15596a8 winbind: Handle child requests in a tevent_fd via 5e75564 winbind: Introduce struct child_handler_state via 3e830e4 winbind: Use standard tevent_context_init from 4f9cffb BUG 9378: Add extra attributes for AD printer publishing. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 63a7d3817fae3ec190a7919521cc0f5dbdea3b64 Author: Ira Cooper i...@samba.org Date: Wed Jan 16 11:33:31 2013 -0800 nsswitch: Fix two bitfield constants being the same. WBFLAG_PAM_AUTH_PAC and WBFLAG_BIG_NTLMV2_BLOB are the same causing errors in NTLMv2 authentication. Reviewed-by: Andrew Bartlett abart...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri Jan 18 22:13:09 CET 2013 on sn-devel-104 commit d814cfac017039ae8fc0d1311b15cc03f4c8b2ba Author: Jeremy Allison j...@samba.org Date: Wed Jan 16 11:31:32 2013 -0800 Sort winbind request flags. Ira saw we have a duplicate. Signed-off-by: Jeremy Allison j...@samba.org Reviewed by: Ira Cooper i...@wakeful.net Reviewed-by: Andrew Bartlett abart...@samba.org commit a8fe624948f06e76aeb147ce0e47326f2d753f93 Author: Volker Lendecke v...@samba.org Date: Thu Jan 17 15:22:32 2013 +0100 smbtorture: Satisfy a linker dependency Reviewed by: Jeremy Allison j...@samba.org commit 15596a8d9c5a578fa98e110350d15265c90e8f03 Author: Volker Lendecke v...@samba.org Date: Thu Jan 17 14:34:35 2013 +0100 winbind: Handle child requests in a tevent_fd This enables the use of standard tevent_loop_once in the child, which now also uses epoll where available. Reviewed by: Jeremy Allison j...@samba.org commit 5e755643772d4615410599961859102f7c679d1c Author: Volker Lendecke v...@samba.org Date: Thu Jan 17 13:49:08 2013 +0100 winbind: Introduce struct child_handler_state This will make the next patch simpler. child_handler_state contains the information that the handler for the parent fde needs to pass to process_child_request Reviewed by: Jeremy Allison j...@samba.org commit 3e830e44d3eb23325fbda6f2053e58926ee2136e Author: Volker Lendecke v...@samba.org Date: Wed Jan 16 12:00:00 2013 +0100 winbind: Use standard tevent_context_init This makes winbind use epoll instead of poll Reviewed by: Jeremy Allison j...@samba.org --- Summary of changes: nsswitch/winbind_struct_protocol.h | 16 ++-- source3/torture/torture.c |9 ++- source3/winbindd/winbindd.c| 38 +++- source3/winbindd/winbindd.h|2 - source3/winbindd/winbindd_dual.c | 186 +++- source3/winbindd/winbindd_proto.h |1 + 6 files changed, 126 insertions(+), 126 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/winbind_struct_protocol.h b/nsswitch/winbind_struct_protocol.h index c1704c8..4a41ba3 100644 --- a/nsswitch/winbind_struct_protocol.h +++ b/nsswitch/winbind_struct_protocol.h @@ -205,27 +205,25 @@ typedef struct winbindd_gr { uint32_t gr_mem_ofs; /* offset to group membership */ } WINBINDD_GR; -/* PAM specific request flags */ +/* Request flags */ #define WBFLAG_PAM_INFO3_NDR 0x0001 #define WBFLAG_PAM_INFO3_TEXT 0x0002 #define WBFLAG_PAM_USER_SESSION_KEY0x0004 #define WBFLAG_PAM_LMKEY 0x0008 #define WBFLAG_PAM_CONTACT_TRUSTDOM0x0010 +#define WBFLAG_QUERY_ONLY 0x0020 /* not used */ +#define WBFLAG_PAM_AUTH_PAC0x0040 #define WBFLAG_PAM_UNIX_NAME 0x0080 #define WBFLAG_PAM_AFS_TOKEN 0x0100 #define WBFLAG_PAM_NT_STATUS_SQUASH0x0200 -#define WBFLAG_PAM_KRB50x1000 -#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x2000 -#define WBFLAG_PAM_CACHED_LOGIN0x4000 -#define WBFLAG_PAM_GET_PWD_POLICY 0x8000 -#define WBFLAG_PAM_AUTH_PAC0x0001 - -/* generic request flags */ -#define WBFLAG_QUERY_ONLY 0x0020 /* not used */ /* This is a flag that can only be sent from parent to child */ #define WBFLAG_IS_PRIVILEGED 0x0400 /* not used */ /* Flag to say this is a winbindd internal send - don't recurse. */ #define WBFLAG_RECURSE 0x0800 +#define WBFLAG_PAM_KRB50x1000 +#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x2000 +#define WBFLAG_PAM_CACHED_LOGIN0x4000