Re: [Samba] upgrade samba
Hi Nico Kadel-Garcia, thanks for reply. Path for smbldap is correct. Other log file have 2013/01/25 17:20:13.974204, 1] auth/server_info.c:386(samu_to_SamInfo3) The primary group domain sid(S-1-5-21-3564791867-1010203101-2143723903-513) does not match the domain sid(S-1-5-21-2427793829-1009842549-3523806979) for Manager(S-1-5-21-2427793829-1009842549-3523806979-500) [2013/01/25 17:20:13.974250, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/01/25 17:20:13.974286, 0] auth/check_samsec.c:491(check_sam_security) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' [2013/01/25 17:20:13.974506, 3] auth/auth_winbind.c:60(check_winbind_security) check_winbind_security: Not using winbind, requested domain [gis] was for this SAM. [2013/01/25 17:20:13.974542, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [Manager] - [Manager] FAILED with error NT_STATUS_UNSUCCESSFUL [2013/01/25 17:20:13.974610, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX) NT_STATUS_UNSUCCESSFUL [2013/01/25 17:20:24.885770, 1] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 192.0.200.149 read error = NT_STATUS_CONNECTION_RESET. [2013/01/25 17:20:24.885923, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/01/25 17:20:24.886102, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) Then the problem is sid, samba-3.3 probabily do not check sid. Ldap is workin so it is possible disable sid check in samba-3.6? Fabrizio. Well, for one thing, if you updated to samba3x your binaries for things like smbldap-usermod are all going to be in /usr/bin, not /usr/local/bin. path is correct, files smbldap are in /usr/local/bin. Did you have an old hand-built Samba lying around? If you did, you need to clear it. Jan 24 17:53:03 VmPDC smbd[15115]: [2013/01/24 17:53:03.371837, 0] auth/check_samsec.c:491(check_sam_security) Jan 24 17:53:03 VmPDC smbd[15115]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' Jan 24 17:53:04 VmPDC smbd[15115]: [2013/01/24 17:53:04.413597, 0] auth/check_samsec.c:491(check_sam_security) Jan 24 17:53:04 VmPDC smbd[15115]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' This configuration of samba [root@VmPDC ~]# testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] Processing section [profiles] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = GIS passdb backend = ldapsam:ldap://192.0.200.2/ log file = /var/log/samba/log.%U time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE add user script = /usr/local/bin/smbldap-useradd -a -m -P %u delete user script = /usr/local/bin/smbldap-userdel -r %u add group script = /usr/local/bin/smbldap-groupadd -p %g delete group script = /usr/local/bin/smbldap-groupdel %g add user to group script = /usr/local/bin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/bin/smbldap-groupmod -x %u %g set primary group script = /usr/local/bin/smbldap-usermod -g %g %u add machine script = /usr/local/bin/smbldap-useradd -w %u logon path = logon home = domain logons = Yes os level = 33 preferred master = Auto domain master = Yes ldap admin dn = cn=Manager,dc=sigesgroup,dc=intra ldap delete dn = Yes ldap group suffix = ou=group ldap machine suffix = ou=machines ldap passwd sync = yes ldap suffix = dc=sigesgroup,dc=intra ldap ssl = no ldap user suffix = ou=People idmap config * :range = 5000 - 5 ldapsam:editposix = yes ldapsam:trusted = yes idmap config * : backend = ldap:ldap://192.0.200.2/ [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = Yes [profiles] path = /home/profiles read only = No create mask = 0600 directory mask = 0700 why is not it working? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC: The trust relationship ... failed from the beginning
From: Eimac Dude [mailto:eimacd...@aol.com] Sent: 24 January 2013 19:43 To: samba@lists.samba.org Subject: [Samba] PDC: The trust relationship ... failed from the beginning Hi, When I try a net logon from Windows 7 64-bit Business (don't have any other Windows machines), I get The trust relationship between this workstation and the primary domain failed. The discussion I've found around the Web regarding this error message seems to be only in the context of the 30 day password expiry issue, where the solution is to simply rejoin the domain. Unfortunately, I have this problem *always*, and rejoining does not help. I have not been able to do a net login at all, from the first time I tried. At the same time, there's no problem accessing the Samba shares by going to \\SMB in Windows Explorer and logging in with the same user accounts. # smbstatus Samba version 3.6.7-48.12.1-2831-SUSE-SL12.2-x86_64 The LAN is on 172.16. and the Samba machine is also the LAN's DNS server; not using LDAP. We had been using Samba for simple file sharing, with no domain functionality enabled, and with the Windows machines on the network configured as members of the workgroup. We recently decided to set Samba as a PDC and support roaming profiles, and have been blocked by this trust error. I made some changes to smb.conf, which can be seen here: http://pastebin.com/raw.php?i=qKvQq3W2 The profiles directory was chmod 2775 and its group changed from root to users. The netlogon directory is 755. Initially, in smb.conf the name resolve order was starting with dns, but Windows 7 kept giving me an error about not finding the domain when I tried to change from workgroup to domain, so I took that out and set wins as the first item in the list. # cat /etc/samba/smbusers: root = administrator Administrator admin nobody = guest pcguest smbguest I added root to smbpasswd. I also executed the following: net groupmap add ntgroup=Domain Admins unixgroup=root rid=512 type=d net groupmap add ntgroup=Domain Users unixgroup=users rid=513 type=d net groupmap add ntgroup=Domain Guests unixgroup=nobody rid=514 type=d net rpc rights grant -U root URBASE\Domain Admins SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege SeRemoteShutdownPrivilege The Windows machines are configured as specified on wiki.samba.org/index.php/Windows7 (that is, I only edited DomainCompatibilityMode and DNSNameResolutionRequired). Changing from workgroup to domain and rebooting, then trying to log in with one of the SMB users gives me the The trust relationship between this workstation and the primary domain failed error. I can only log into the local machine account. If, instead of changing from workgroup to domain directly, I try to use the network ID wizard, it eventually leads to the same error when it tries to set up the domain user. Looking at /etc/samba/smbpasswd, the machine account shows up there so the add machine script seems to be working; however, # tail /var/log/samba/log.smbd [2013/01/23 14:26:16.350332, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client BRIX machine account BRIX$ [2013/01/23 14:26:16.352562, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client BRIX machine account BRIX$ [2013/01/23 14:37:22.518159, 0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client BRIX machine account BRIX$ Why is it not working? I don't know how to troubleshoot this. I've tried removing the machine from the domain then taking it out of smbpasswd and the Unix accounts, and then rejoining, but same errors. I tried manually adding the IP address in the Windows machine's WINS setting, but it doesn't make a difference. One thing I'm unsure of is the DNS suffixes thing which seems to be mentioned on some sites in association with this. In the Windows clients, under Append these DNS suffixes (in order) we've normally had as suffix the DNS master zone for the LAN, which is different from the domain name in smb.conf -- if that matters at all given joining the domain should be using WINS instead of DNS for name resolution. I tried adding the domain in there anyway, but it doesn't help. Can anyone kindly help? I've asked on a couple of other forums but to no avail... Are the clocks synchronised between the 2 machines? According to http://community.spiceworks.com/topic/170347-trust-relationship-between-this -workstation-and-primary-domain-failed clock discrepancy can be one cause of this problem. Moray. To err is human; to purr, feline. -- To unsubscribe from this list go to
Re: [Samba] Samba AD DC initial join fails at schema replication
That's a known issue I have a patch for this it was working back in October and it's in my todo to restest it, ping me in a couple of days, for the moment you need not to have Windows 2012 schema. That is to say never join a Windows 2012 server to your domain. -- Matthieu Patou Samba Team http://samba.org Was just wondering if you had a chance to test out your patch? I am also willing to do additional testing if it could be of help, the environment I'm working with is essentially a lab. smime.p7s Description: S/MIME cryptographic signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Winbind - is it really not possible to be sensible?
On Sat, 2013-01-26 at 12:46 +, Rob McCorkell wrote: If you provision/run with idmap_ldb:use rfc2307 then you can assign each user/group a uidNumber/gidNumber which then is/can be obeyed by samba/nslcd. Sorry, I should have made myself more clear. Our current setup uses the nslcd approach to get the UIDs and GIDs as mapped from the RID of each object. We then feed that back into the LDAP database (as uidNumber and gidNumber attributes) along with setting idmap_ldb:use rfc2307 so that Samba4 gets the same UIDs and GIDs as from mapping the RID. But this is very much a fudge, and it does not make sense that Winbind shouldn't support this form of RID mapping, even though previous versions did support it. We continue to support this, just not when we are an AD DC. If this bothers you, then do not use your AD DC as a file server, except for the required group policy files. This is one of the many reasons we recommend against combining these roles on sites with complex requirements. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade samba
On Mon, Jan 28, 2013 at 3:38 AM, Fabrizio Monti thefanta...@gmail.com wrote: Hi Nico Kadel-Garcia, thanks for reply. Path for smbldap is correct. Other log file have Then you have a manually built and installed smbldap-tools, and you should probably replace it with the one from Red Hat or your Red Hat rebuild provider. For consistence and compatibility with your RPM supplied Samba, I urge you to use the distribution provided smbldap-tools package and move aside the hand-built versions you have in /usr/local/bin. While this won't necessarily solve your problem, it gives all of us a consistent reference as to what tools and versions of tools you're using. It's also why I spend so much time RPM bundling software, so both people I support and I are using the same package from the same, clean build environment. Nico Kadel-Garcia nka...@gmail.com 2013/01/25 17:20:13.974204, 1] auth/server_info.c:386(samu_to_SamInfo3) The primary group domain sid(S-1-5-21-3564791867-1010203101-2143723903-513) does not match the domain sid(S-1-5-21-2427793829-1009842549-3523806979) for Manager(S-1-5-21-2427793829-1009842549-3523806979-500) [2013/01/25 17:20:13.974250, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/01/25 17:20:13.974286, 0] auth/check_samsec.c:491(check_sam_security) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' [2013/01/25 17:20:13.974506, 3] auth/auth_winbind.c:60(check_winbind_security) check_winbind_security: Not using winbind, requested domain [gis] was for this SAM. [2013/01/25 17:20:13.974542, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [Manager] - [Manager] FAILED with error NT_STATUS_UNSUCCESSFUL [2013/01/25 17:20:13.974610, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX) NT_STATUS_UNSUCCESSFUL [2013/01/25 17:20:24.885770, 1] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 192.0.200.149 read error = NT_STATUS_CONNECTION_RESET. [2013/01/25 17:20:24.885923, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2013/01/25 17:20:24.886102, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) Then the problem is sid, samba-3.3 probabily do not check sid. Ldap is workin so it is possible disable sid check in samba-3.6? Fabrizio. Well, for one thing, if you updated to samba3x your binaries for things like smbldap-usermod are all going to be in /usr/bin, not /usr/local/bin. path is correct, files smbldap are in /usr/local/bin. Did you have an old hand-built Samba lying around? If you did, you need to clear it. Jan 24 17:53:03 VmPDC smbd[15115]: [2013/01/24 17:53:03.371837, 0] auth/check_samsec.c:491(check_sam_security) Jan 24 17:53:03 VmPDC smbd[15115]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' Jan 24 17:53:04 VmPDC smbd[15115]: [2013/01/24 17:53:04.413597, 0] auth/check_samsec.c:491(check_sam_security) Jan 24 17:53:04 VmPDC smbd[15115]: check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL' This configuration of samba [root@VmPDC ~]# testparm Load smb config files from /etc/samba/smb.conf Processing section [netlogon] Processing section [profiles] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = GIS passdb backend = ldapsam:ldap://192.0.200.2/ log file = /var/log/samba/log.%U time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE add user script = /usr/local/bin/smbldap-useradd -a -m -P %u delete user script = /usr/local/bin/smbldap-userdel -r %u add group script = /usr/local/bin/smbldap-groupadd -p %g delete group script = /usr/local/bin/smbldap-groupdel %g add user to group script = /usr/local/bin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/bin/smbldap-groupmod -x %u %g set primary group script = /usr/local/bin/smbldap-usermod -g %g %u add machine script = /usr/local/bin/smbldap-useradd -w %u logon path = logon home = domain logons = Yes os level = 33 preferred master = Auto domain master = Yes ldap admin dn = cn=Manager,dc=sigesgroup,dc=intra ldap delete dn = Yes ldap group suffix = ou=group ldap machine suffix = ou=machines ldap passwd sync = yes ldap suffix = dc=sigesgroup,dc=intra ldap ssl = no ldap user suffix = ou=People idmap config * :range = 5000 - 5 ldapsam:editposix = yes
Re: [Samba] Samba Authentication With Kerberos
On Sun, 2013-01-27 at 11:48 -0500, Fabian von Romberg wrote: Hi All, Im thrying to setup a server with Samba4 with Kerberos. When I want to see list all shares with smbclient with samba authentication, everything works fine. But when I try to authenticate using Kerberos, I get and error. To be clear, is this Samba 4.0 as an AD DC, or as a member server in another AD domain? The command I execute is: smbclient -L localhost -k The error message from Samba is: using SPNEGO Selected protocol [8][NT LANMAN 1.0] GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96 SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE SPNEGO login failed: NT_STATUS_LOGON_FAILURE smbclient should never do kerberos to localhost because we can never know which localhost that is. If you have somehow registered a 'localhost' as a servicePrincipalName, then this is likely the cause of the issue. (This error indicates that the key you got from the KDC is not the key that the server has in it's secrets database/keytab.) Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Authentication With Kerberos
Thank you, this is a Samba4 host as an AD DC. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Andrew Bartlett Sent: January-28-13 9:32 AM To: Fabian von Romberg Cc: samba@lists.samba.org Subject: Re: [Samba] Samba Authentication With Kerberos On Sun, 2013-01-27 at 11:48 -0500, Fabian von Romberg wrote: Hi All, Im thrying to setup a server with Samba4 with Kerberos. When I want to see list all shares with smbclient with samba authentication, everything works fine. But when I try to authenticate using Kerberos, I get and error. To be clear, is this Samba 4.0 as an AD DC, or as a member server in another AD domain? The command I execute is: smbclient -L localhost -k The error message from Samba is: using SPNEGO Selected protocol [8][NT LANMAN 1.0] GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96 SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE SPNEGO login failed: NT_STATUS_LOGON_FAILURE smbclient should never do kerberos to localhost because we can never know which localhost that is. If you have somehow registered a 'localhost' as a servicePrincipalName, then this is likely the cause of the issue. (This error indicates that the key you got from the KDC is not the key that the server has in it's secrets database/keytab.) Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Authentication With Kerberos
Disregard, that, sorry. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of David Salib, Mr Sent: January-28-13 9:38 AM To: Andrew Bartlett; Fabian von Romberg Cc: samba@lists.samba.org Subject: Re: [Samba] Samba Authentication With Kerberos Thank you, this is a Samba4 host as an AD DC. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Andrew Bartlett Sent: January-28-13 9:32 AM To: Fabian von Romberg Cc: samba@lists.samba.org Subject: Re: [Samba] Samba Authentication With Kerberos On Sun, 2013-01-27 at 11:48 -0500, Fabian von Romberg wrote: Hi All, Im thrying to setup a server with Samba4 with Kerberos. When I want to see list all shares with smbclient with samba authentication, everything works fine. But when I try to authenticate using Kerberos, I get and error. To be clear, is this Samba 4.0 as an AD DC, or as a member server in another AD domain? The command I execute is: smbclient -L localhost -k The error message from Samba is: using SPNEGO Selected protocol [8][NT LANMAN 1.0] GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96 SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE SPNEGO login failed: NT_STATUS_LOGON_FAILURE smbclient should never do kerberos to localhost because we can never know which localhost that is. If you have somehow registered a 'localhost' as a servicePrincipalName, then this is likely the cause of the issue. (This error indicates that the key you got from the KDC is not the key that the server has in it's secrets database/keytab.) Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] fail-over, redundancy, bdc, multi-dc-domain
On Tue, 2013-01-22 at 10:53 -0800, Gregory Sloop wrote: I'm aware of, at least generally, how one would have done a BDC/Redundant server under OpenLDAP Samba3. However, rolling your own multi-domain-controller was fairly daunting [for me] under Samba3 / OpenLDAP. I've been very interested in Samba4 for the more integrated nature of having LDAP/DNS/Samba all under one roof. [i.e. Fewer places where I can screw it up horribly.] Most of our users find that Samba 4.0 'just works' for them as an AD DC, even replicating to a second DC. However I'm also interested in how one can handle fail-over. I don't need something totally seamless and big-iron style. A backup box that would need some manual intervention would be fine. Just replicating to a second DC should be fine. You will need to manually replicate the sysvol share, but that shouldn't be hard. So, something like an rsync'd backup box where the shared files/accounts/etc are perhaps an hour out of date, and that would require 15 minutes to bring up as a primary would be an acceptable solution. I would not recommend just rsyncing anything, except the sysvol files. The reason is that rsync will not get a consistent snapshot of the databases. Joining a second DC will be much more seamless. That's not to say I wouldn't want something better, but that's kind of the low end of the acceptable scale. I've done some searches on the list and spent a while looking for examples but I don't easily find any. [Using searches with: samba4 bdc, redundant, backup, etc. There are a ton of very old articles on the list, but almost nothing I could find specifically on Samba4.] Could some kind soul point me either to: 1) Search terms more likely to produce results, or some discussion threads or 2) wiki/how-to's on how to accomplish something in the neighborhood on this subjet? The main HOWTO contains information on joining to an existing domain. That is what you need to do on your second DC. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] upgrade samba
On 16:55:05 wrote Fabrizio Monti: Hi Nico Kadel-Garcia, thanks for reply. Path for smbldap is correct. Other log file have 2013/01/25 17:20:13.974204, 1] auth/server_info.c:386(samu_to_SamInfo3) The primary group domain sid(S-1-5-21-3564791867-1010203101-2143723903-513) does not match the domain sid(S-1-5-21-2427793829-1009842549-3523806979) for Manager(S-1-5-21-2427793829-1009842549-3523806979-500) You have a SID problem: S-1-5-21-3564791867-1010203101-2143723903-513 S-1-5-21-2427793829-1009842549-3523806979 S-1-5-21-2427793829-1009842549-3523806979-500 So it seems to be a config/upgrade problem. Check the output from: net getdomainsid also control the sid settting in smbldaptools.conf ... Then the problem is sid, samba-3.3 probabily do not check sid. Ldap is workin so it is possible disable sid check in samba-3.6? SIDs are Microsofts primary security indentifier. I believe you can not change this. Fabrizio. -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] add x64 printer drivers with cupsaddsmb fail
Hello, I have set up a cups print server and would like to offer Point'n'Print functionnality for the windows computer clients. So, i've followed informations from the man page of cupsaddsmb as resumed below: -configure smb.conf -add x86 and x64 PS drivers (from x86 and x64 windows 2008 installs). -add x86 and x64 CUPS drivers (from cups SVN) I then launch cupsaddsmb using the following command : [root@newcups]# cupsaddsmb -H localhost -U root -h localhost -a -v It showed me lots of line scrolls through the terminal (.. command is stuck in an endless loop). Here is the beginning of the output (one cycle): /[root@newcups]# cupsaddsmb -H localhost -U root -h localhost -a -v Un mot de passe pour root est nécessaire pour accéder à localhost via SAMBA : Commande en cours d'exécution : smbclient //localhost/print$ -N -A /tmp/cupsjenHRl -c « mkdir W32X86;put /tmp/cups4nnHkk W32X86/4-4555-couleur.ppd;put /usr/share/cups/drivers/ps5ui.dll W32X86/ps5ui.dll;put /usr/share/cups/drivers/pscript.hlp W32X86/pscript.hlp;put /usr/share/cups/drivers/pscript.ntf W32X86/pscript.ntf;put /usr/share/cups/drivers/pscript5.dll W32X86/pscript5.dll » Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.10-125.el6] NT_STATUS_OBJECT_NAME_COLLISION making remote directory \W32X86 putting file /tmp/cups4nnHkk as \W32X86/4-4555-couleur.ppd (76059,5 kb/s) (average 76060,9 kb/s) putting file /usr/share/cups/drivers/ps5ui.dll as \W32X86/ps5ui.dll (119081,4 kb/s) (average 99527,7 kb/s) putting file /usr/share/cups/drivers/pscript.hlp as \W32X86/pscript.hlp (25425,3 kb/s) (average 93352,7 kb/s) putting file /usr/share/cups/drivers/pscript.ntf as \W32X86/pscript.ntf (129459,8 kb/s) (average 107796,2 kb/s) putting file /usr/share/cups/drivers/pscript5.dll as \W32X86/pscript5.dll (106197,9 kb/s) (average 107477,0 kb/s) Commande en cours d'exécution : smbclient //localhost/print$ -N -A /tmp/cupsjenHRl -c « put /usr/share/cups/drivers/cups6.ini W32X86/cups6.ini;put /usr/share/cups/drivers/cupsps6.dll W32X86/cupsps6.dll;put /usr/share/cups/drivers/cupsui6.dll W32X86/cupsui6.dll » Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.10-125.el6] putting file /usr/share/cups/drivers/cups6.ini as \W32X86/cups6.ini (65,4 kb/s) (average 65,4 kb/s) putting file /usr/share/cups/drivers/cupsps6.dll as \W32X86/cupsps6.dll (12272,2 kb/s) (average 6169,4 kb/s) putting file /usr/share/cups/drivers/cupsui6.dll as \W32X86/cupsui6.dll (13672,0 kb/s) (average 12845,2 kb/s) Commande en cours d'exécution : rpcclient localhost -N -A /tmp/cupsjenHRl -c « adddriver Windows NT x86 4-4555-couleur:pscript5.dll:4-4555-couleur.ppd:ps5ui.dll:pscript.hlp:NULL:RAW:pscript5.dll,4-4555-couleur.ppd,ps5ui.dll,pscript.hlp,pscript.ntf,cups6.ini,cupsps6.dll,cupsui6.dll » Printer Driver 4-4555-couleur successfully installed. Commande en cours d'exécution : smbclient //localhost/print$ -N -A /tmp/cupsjenHRl -c « mkdir x64;put /tmp/cups4nnHkk x64/4-4555-couleur.ppd;put /usr/share/cups/drivers/x64/ps5ui.dll x64/ps5ui.dll;put /usr/share/cups/drivers/x64/pscript.hlp x64/pscript.hlp;put /usr/share/cups/drivers/x64/pscript.ntf x64/pscript.ntf;put /usr/share/cups/drivers/x64/pscript5.dll x64/pscript5.dll » Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.10-125.el6] NT_STATUS_OBJECT_NAME_COLLISION making remote directory \x64 putting file /tmp/cups4nnHkk as \x64/4-4555-couleur.ppd (95073,9 kb/s) (average 95076,2 kb/s) putting file /usr/share/cups/drivers/x64/ps5ui.dll as \x64/ps5ui.dll (137997,8 kb/s) (average 120830,5 kb/s) putting file /usr/share/cups/drivers/x64/pscript.hlp as \x64/pscript.hlp (26131,2 kb/s) (average 112221,7 kb/s) putting file /usr/share/cups/drivers/x64/pscript.ntf as \x64/pscript.ntf (129726,4 kb/s) (average 119592,8 kb/s) putting file /usr/share/cups/drivers/x64/pscript5.dll as \x64/pscript5.dll (123097,6 kb/s) (average 120323,4 kb/s) Commande en cours d'exécution : smbclient //localhost/print$ -N -A /tmp/cupsjenHRl -c « put /usr/share/cups/drivers/x64/cups6.ini x64/cups6.ini;put /usr/share/cups/drivers/x64/cupsps6.dll x64/cupsps6.dll;put /usr/share/cups/drivers/x64/cupsui6.dll x64/cupsui6.dll » Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.5.10-125.el6] putting file /usr/share/cups/drivers/x64/cups6.ini as \x64/cups6.ini (70,3 kb/s) (average 70,3 kb/s) putting file /usr/share/cups/drivers/x64/cupsps6.dll as \x64/cupsps6.dll (16998,3 kb/s) (average 8535,2 kb/s) putting file /usr/share/cups/drivers/x64/cupsui6.dll as \x64/cupsui6.dll (19456,0 kb/s) (average 18035,2 kb/s) Commande en cours d'exécution : rpcclient localhost -N -A /tmp/cupsjenHRl -c « adddriver Windows x64 4-4555-couleur:pscript5.dll:4-4555-couleur.ppd:ps5ui.dll:pscript.hlp:NULL:RAW:pscript5.dll,4-4555-couleur.ppd,ps5ui.dll,pscript.hlp,pscript.ntf,cups6.ini,cupsps6.dll,cupsui6.dll » result was WERR_UNKNOWN_PRINTER_DRIVER Impossible d'installer les fichiers des pilotes d'impression pour Windows 2000 (1)./ These output can be separated in 2 parts:
[Samba] trouble with ldap authentication on centos+openldap
Hi Samba List,
I've been trying to get a samba+ldap working on centos 6.3. I've had
some troubles adapting to the new slapd.d configuration format for the
openldap, which seems unnecassarily complicated. Most of the tutorials
refer to the older style slapd.conf configuration. I was following this
tutorial:
http://linuxserverathome.com/articles/installing-and-configuring-openldap-2423-centos-63
http://linuxserverathome.com/articles/using-samba-share-files-windows-part-1
http://linuxserverathome.com/articles/using-samba-share-files-windows-part-2
I've got ldap working, I can do a unix login as an ldap user. But I
cannot browse to the samba server. What seems to be happening is that
samba is not authenticating with with ldap correctly, I see this in my logs:
Jan 28 09:09:44 city1 net: [2013/01/28 09:09:44.664956, 0]
lib/smbldap.c:1151(smbldap_connect_system)
Jan 28 09:09:44 city1 net: failed to bind to server
ldap://city1.burlingtoniowa.org with
dn=cn=samba,dc=burlingtoniowa,dc=org Error: Invalid credentials
Jan 28 09:09:44 city1 net: #011(unknown)
Looks like the ldap password is set in the following configuration files:
olcDatabase={0}config.ldif
olcDatabase={2}bdb.ldif
I am thinking most of this is done in olcDatabase={2}bdb.ldif, here's
what I think is the relevant part of it:
olcAccess: {0}to attrs=userPassword,shadowLastChange by
dn=cn=samba,dc=burlin
gtoniowa,dc=org write by anonymous auth by self write by * none
olcAccess: {1}to dn.base= by * read
olcAccess: {2}to * by dn=cn=samba,dc=burlingtoniowa,dc=org write by *
read
olcRootPW: {SSHA}---redacted-
olcSuffix: dc=burlingtoniowa,dc=org
here's the ldap part of my smb.conf:
[global]
workgroup = CITY
server string = city1
passdb backend = ldapsam:ldap://city1.burlingtoniowa.org
log level = 3
log file = /var/log/samba/log.%m
max log size = 50
os level = 65
wins support = Yes
ldap admin dn = cn=samba,dc=burlingtoniowa,dc=org
ldap group suffix = ou=groups
ldap passwd sync = yes
ldap suffix = dc=burlingtoniowa,dc=org
ldap user suffix = ou=people
cups options = raw
Your input and suggestions are appreciated Thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba Authentication With Kerberos
Hi Andrew, it is Samba 4 and the server role is active directory domain controller. Thanks and regards, Fabian On 28/01/2013 9:32, Andrew Bartlett wrote: On Sun, 2013-01-27 at 11:48 -0500, Fabian von Romberg wrote: Hi All, Im thrying to setup a server with Samba4 with Kerberos. When I want to see list all shares with smbclient with samba authentication, everything works fine. But when I try to authenticate using Kerberos, I get and error. To be clear, is this Samba 4.0 as an AD DC, or as a member server in another AD domain? The command I execute is: smbclient -L localhost -k The error message from Samba is: using SPNEGO Selected protocol [8][NT LANMAN 1.0] GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96 SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE SPNEGO login failed: NT_STATUS_LOGON_FAILURE smbclient should never do kerberos to localhost because we can never know which localhost that is. If you have somehow registered a 'localhost' as a servicePrincipalName, then this is likely the cause of the issue. (This error indicates that the key you got from the KDC is not the key that the server has in it's secrets database/keytab.) Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC: The trust relationship ... failed from the beginning
On 1/24/2013 7:31 PM, Nico Kadel-Garcia wrote: On Thu, Jan 24, 2013 at 8:57 PM, Eimac Dude eimacd...@aol.com wrote: Brought in a new Windows 7 64-bit machine and that one works... So it seems to be a Windows configuration issue, but what other settings could possibly cause this authentication failure? The new machine is a recent clean install and uses MSE as antivirus, whereas the older workstations use AVG and Ad-Aware. But I doubt the antivirus could cause the difference. And I don't see any difference in the network configuration of the machines. Any suggestions? I can't simply replace all Windows clients on our network... The new machine has a new hostname? Are they both statically configured in DNS? Do they both have all the system patches? And have you tried yanking out AVG and replacing it with MSE? All have same new patches. The new machine has a different hostname. But I've also tried changing the hostname of the old machine... The only thing I didn't test yet is removing AVG. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Creating users via Perl Net::LDAP
Hey there folks, I put together a little Perl script that makes an LDAP connection to a Samba4 server and creates the cn=username,cn=users,... part of a user account. It appears that this is not sufficient to get a fully functioning Active Directory type log-in; from the howto I can deduce that my effort is missing a sidMap, and there might be a good deal more to creating full AD users and groups than the simple LDAP entry as I had hoped. 1. Is it reasonable to think that one could create a full AD user / group in Samba 4 using an LDAP type interface? 2. If so, aside from attempting to read the code (I'm not currently fluent in Python), where would I find documentation on what data needs to be generated? Sorry if my google and Really-Fine-Manual glasses have failed. Before someone points out my obvious mistake of reinventing the wheel, the short version is that I'm hoping to manage users for a custom environment that needs to sync a bunch of weird parts, and was hoping to write something that could manage them all via APIs and network interfaces rather than just writing a bash wrapper that would only work on a master server. Thanks for your help! -- Pablo Virgo System Administrator Solutions for Progress, Inc. 728 South Broad Street Philadelphia, PA 19146 Phone: 215-701-8075 Fax: 215-972-8109 pgpM0E1KDTcVI.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] generate keytab
Hi, does not http.keytab. exported thus: $samba-tool domain exportkeytab http.keytab --principal=HTTP/ ejbca.nisled@nisled.org ouput line: # klist -ke http.keytab Keytab name: WRFILE:http.keytab KVNO Principal -- 2 HTTP/ejbca.nisled@nisled.org (des-cbc-crc) 2 HTTP/ejbca.nisled@nisled.org (des-cbc-md5) 2 HTTP/ejbca.nisled@nisled.org (arcfour-hmac) kinit: # kinit -k -e http.keytab http-ejbca kinit: Key table entry not found while getting initial credentials Prof. Msc. Clodonil H. Trigo www.nisled.org E-mail: clodo...@nisled.org Classificação: () Confidencial (X) Interna As informações contidas nesta mensagem e respectivos anexos são de interesse exclusivo a quem foram dirigidos, podendo ser confidenciais, portanto fica proibida sua retenção, distribuição, divulgação, reprodução ou utilização, sob as penas da lei. Caso tenha recebido esta mensagem por engano, pedimos a gentileza de informar ao seu autor, eliminando-a de sua caixa de entrada, registros ou sistema de controle. 2013/1/25 Andrew Bartlett abart...@samba.org On Thu, 2013-01-24 at 18:33 +0200, Hleb Valoshka wrote: Please! Don't write into private mail. Thanks. $ Samba-tool user create http-user --random-password $ Samba-tool spn add HTTP/www.nisled.org http-user Okay, you've got user http-user with principals http-u...@nisled.org and HTTP/www.nisled@nisled.org. $ Samba-tool domain exportkeytab --principal=HTTP/www.nisled.org http.keytab Here you export _only_ HTTP/www.nisled@nisled.org. $ kinit -k -t http.keytab http-user kinit: Key table entry not found while getting initial credentials Of cause, because you didn't export it. Can anyone help me? Export http-u...@nisled.org too. Exactly. While the Samba KDC is smart, and knows these are the same user, the keytab and krb5 client tools are dumb (very), they work on exact string matches, so you have export out exactly the name you want to kinit as, or kinit as HTTP/www.nisled@nisled.org. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] generate keytab
Hi, Hi, does not http.keytab. exported thus: $samba-tool domain exportkeytab http.keytab --principal=HTTP/ ejbca.nisled@nisled.org ouput line: # klist -ke http.keytab Keytab name: WRFILE:http.keytab KVNO Principal -- 2 HTTP/ejbca.nisled@nisled.org (des-cbc-crc) 2 HTTP/ejbca.nisled@nisled.org (des-cbc-md5) 2 HTTP/ejbca.nisled@nisled.org (arcfour-hmac) kinit: # kinit -k -e http.keytab http-ejbca kinit: Key table entry not found while getting initial credentials Prof. Msc. Clodonil H. Trigo www.nisled.org E-mail: clodo...@nisled.org Classificação: () Confidencial (X) Interna As informações contidas nesta mensagem e respectivos anexos são de interesse exclusivo a quem foram dirigidos, podendo ser confidenciais, portanto fica proibida sua retenção, distribuição, divulgação, reprodução ou utilização, sob as penas da lei. Caso tenha recebido esta mensagem por engano, pedimos a gentileza de informar ao seu autor, eliminando-a de sua caixa de entrada, registros ou sistema de controle. Your kinit line is invalid. If you've exported HTTP/ejbca.nisled@nisled.org, you should kinit (using keytab) as it: kinit -k -e http.keytab HTTP/ejbca.nisled.org (supposing that NISLED.ORG is your default domain) as there were no keytab entries for http-ejbca (even if they are the same on the KDC beeing only as spn for each other) Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba3 File Server + Winbind -- AD Authentication Flaky/Inconsistent/Unreliable
Nico- Sorry, should've realized more information was warranted. Fortunately though, we managed to figure it out using a couple of different guides. Amongst other things, I was missing a few key lines in the samba.conf file (specifically 'idmap config * : range' and 'template shell'). I'll try to be more diligent for future posts. Thanks Mike Ray - Original Message - From: Nico Kadel-Garcia nka...@gmail.com To: Michael Ray m...@xes-inc.com Cc: samba@lists.samba.org Sent: Friday, January 25, 2013 8:24:26 PM Subject: Re: [Samba] Samba3 File Server + Winbind -- AD Authentication Flaky/Inconsistent/Unreliable On Fri, Jan 25, 2013 at 5:21 PM, Michael Ray m...@xes-inc.com wrote: Hey all, This is a link to pastebin that shows my configuration files for krb5, nsswitch and smb as they were saved the morning after I got this working. I do not know what could have gone wrong, but it has. I will be trying to go through my documented procedure on Monday with a clean VM and then trying it with various random internet procedures if that fails. Any ideas / clues as to what blew up would be appreciated, as well as links to guides that people have used successfully. You've not mentioned the OS you're running for the server, the particular release of Samba 3 and Samba 4 you're working with, nor precisely what you see in the logs. Please post those to get a better idea if it might be a known, and already fixed problem. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Creating users via Perl Net::LDAP
Pablo- I'm certainly no expert on the matter, but what comes to mind quickly: is the user account enabled? If it is enabled, is a password set? It may be this simple, as I have just added a user to AD via the windows ldifde tool and he was defined as far as a CN and objectClass. When I look him up in the database, his objectSID, sAMAccountName/Type and everything else necessary is populated. If I set a password and enable the account, I can log in as him. The gist of this being, I think you ought to be able to create a user creation script. Let me know how it goes too, I may end up trying to do something similar. Good luck, Mike Ray - Original Message - From: Pablo T. Virgo pvi...@solutionsforprogress.com To: samba@lists.samba.org Sent: Monday, January 28, 2013 1:49:55 PM Subject: [Samba] Creating users via Perl Net::LDAP Hey there folks, I put together a little Perl script that makes an LDAP connection to a Samba4 server and creates the cn=username,cn=users,... part of a user account. It appears that this is not sufficient to get a fully functioning Active Directory type log-in; from the howto I can deduce that my effort is missing a sidMap, and there might be a good deal more to creating full AD users and groups than the simple LDAP entry as I had hoped. 1. Is it reasonable to think that one could create a full AD user / group in Samba 4 using an LDAP type interface? 2. If so, aside from attempting to read the code (I'm not currently fluent in Python), where would I find documentation on what data needs to be generated? Sorry if my google and Really-Fine-Manual glasses have failed. Before someone points out my obvious mistake of reinventing the wheel, the short version is that I'm hoping to manage users for a custom environment that needs to sync a bunch of weird parts, and was hoping to write something that could manage them all via APIs and network interfaces rather than just writing a bash wrapper that would only work on a master server. Thanks for your help! -- Pablo Virgo System Administrator Solutions for Progress, Inc. 728 South Broad Street Philadelphia, PA 19146 Phone: 215-701-8075 Fax: 215-972-8109 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] The RPC server is unavailable on Samba 4 clients
Hi, It seems I answered my own query here, I used to solve it and pointing to https://bugs.launchpad.net/ubuntu/+source/samba4/+bug/1055075 what I did add the following in /usr/local/samba/etc/smb.conf server services = +smb -s3fs dcerpc endpoint servers = +winreg +srvsvc everything works fine which login me instantly and use the RSAT with no problem. But no yet idea how those configs helps or the exact explanation. Thanks, Mario On Mon, Jan 28, 2013 at 6:45 PM, Mario Codeniera mario.codeni...@gmail.comwrote: Hi, I used to upgrade/migrated samba 3.3.10 to samba 3.4.17 with LDAP backend in place, while upgrading the CentOS from 5.5 to 5.9. In place to retain the trust relationship. The users can able to login without re-authentication from existing machines. Tested 3 XPs, and 3 Win7 but it takes 5-8 mins to login compared to 1 win7 that was re-connected (disconnected from domain, restart, then rejoin it back) from the domain 'gaara' which instantly login. But there is a problem in connecting to the Windows Remote Administration Tools particularly on Windows 7 but no problems encountered on Windows XP. It displays on the 'Active Directory Domain Services' dialogue box Naming information cannot be located because: The RPC server is unavailable. Contact your system administrator to verify that your domain is properly configured and is currently online. If you Change Domain..., it can be browse but still can't connect again it displays The domain gaara.kazekage.net could not be found because: The RPC server is unavailable. The DNS and Kerberos were tested okay but got error when using smbclient, eve disabled the firewall and the selinux. #/usr/local/samba/bin/smbclient //localhost/netlogon -Uadministrator which displays Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSES) Please see below for some logs that I got for more information (Sorry for a long posting of logs). I also run on CentOS 6.3 which doesn't have problems on RSAT except for trust relationship which need to be recheck coz I change hostname, domain et al. Hope someone can give insights about it. Thanks. Mario (In Windows 7) C:\Users\administratordcdiag /v /s:gaara Directory Server Diagnosis Performing initial setup: * Connecting to directory service on server gaara. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=gaara,DC=sandbo x,DC=net,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),... The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name ,CN=Sites,CN=Configuration,DC=gaara,DC=kazekage,DC=net Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=gaara,DC=sandbo x,DC=net,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),... The previous call succeeded The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=SHUKA-KU,CN=Servers,CN =Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gaara,DC=kazekage,DC=net objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected * Identifying all NC cross-refs. Got error while checking if the DC is using FRS or DFSR. Error: A device attached to the system is not functioning.The VerifyReferences, FrsEvent and DfsrEvent tests might fail because of this error. * Found 1 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\SHUKA-KU Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity * Active Directory RPC Services Check . SHUKA-KU passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\SHUKA-KU Starting test: Advertising Fatal Error:DsGetDcName (SHUKA-KU) call failed, error 1722 The Locator could not find the server. Printing RPC Extended Error Info: Error Record 1, ProcessID is 2812 (DcDiag) System Time is: 1/28/2013 1:3:0:375 Generating component is 2 (RPC runtime) Status is 1722 The RPC server is unavailable. Detection location is 193 Error Record 2, ProcessID is 2812 (DcDiag) System Time is: 1/28/2013 1:3:0:375 Generating component is 5 (redirector) Status is 64 The specified network name is no longer available. Detection location is 190 NumberOfParameters is 2 Long val: 1441792
[Samba] Fw: Re: Creating users via Perl Net::LDAP
Thanks for the input Mike, I set the attributes, as best I could, to mirror those of another account created using the samba-tool per the howto. Reviewing the attributes of both accounts, I see nothing about them being enabled or disabled. For the password I used userPassword, specifically with a utf8 encoding, per a previous message: http://lists.samba.org/archive/samba/2009-April/147576.htmlsa=Uei=W_0GUejFMKKA0AGF6YDoBAved=0CBQQFjAAusg=AFQjCNE1hAYmT1nKj6YcmtUJo7XqiqwagQ What did you do to set a password and enable the account? -- Pablo Virgo System Administrator Solutions for Progress, Inc. 728 South Broad Street Philadelphia, PA 19146 Phone: 215-701-8075 Fax: 215-972-8109 -- Pablo Virgo System Administrator Solutions for Progress, Inc. 728 South Broad Street Philadelphia, PA 19146 Phone: 215-701-8075 Fax: 215-972-8109 pgpbBcExoCiX4.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fw: Re: Creating users via Perl Net::LDAP
Pablo- From the linux side, using samba-tool: samba-tool user enable username : this enables a specific user samba-tool user setpassword username : allows you to set a new password for a user From the MS side, using AD tools: (in Computers and Users) Right click on user and click 'enable' to allow this account to login -- if it has a little down arrow on the icon, that means it is disabled, otherwise enabled. (in Computers and Users) Right click on user and click 'reset password' to set the password. I've noticed when creating users by uploading in LDAP data / using windows tools, they are disabled by default. From the linux side, they seem to be enabled by default. I was having trouble with the userPassword attribute working when transferred from a different LDAP server, so I would set one manually. Let me if you have any luck, -Mike Ray - Original Message - From: Pablo T. Virgo pvi...@solutionsforprogress.com To: samba@lists.samba.org Sent: Monday, January 28, 2013 5:21:52 PM Subject: [Samba] Fw: Re: Creating users via Perl Net::LDAP Thanks for the input Mike, I set the attributes, as best I could, to mirror those of another account created using the samba-tool per the howto. Reviewing the attributes of both accounts, I see nothing about them being enabled or disabled. For the password I used userPassword, specifically with a utf8 encoding, per a previous message: http://lists.samba.org/archive/samba/2009-April/147576.htmlsa=Uei=W_0GUejFMKKA0AGF6YDoBAved=0CBQQFjAAusg=AFQjCNE1hAYmT1nKj6YcmtUJo7XqiqwagQ What did you do to set a password and enable the account? -- Pablo Virgo System Administrator Solutions for Progress, Inc. 728 South Broad Street Philadelphia, PA 19146 Phone: 215-701-8075 Fax: 215-972-8109 -- Pablo Virgo System Administrator Solutions for Progress, Inc. 728 South Broad Street Philadelphia, PA 19146 Phone: 215-701-8075 Fax: 215-972-8109 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] upgrade from 3.5 - 3.6, now I have no backend defined for idmap
Hi. I am getting loads of errors no backend defined for idmap config MYDOMAIN after I upgraded from 3.5 - 3.6 a couple of days ago. I read http://wiki.samba.org/index.php/Samba_3.6_Features_added/changed and did what man smb.conf suggested: idmap config MYDOMAIN : backend = tdb idmap config MYDOMAIN : range = 500-199 yet I still receive those errors. I used to have idmap uid = 500-1000 idmap gid = 500-1000 and I had no errors while running 3.5.10. I am not sure what I am doing wrong, help please. Jobst -- 'I will go to Korea.' - Dwight D Eisenhower. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] fail-over, redundancy, bdc, multi-dc-domain
For me working: Centos5 old Samba3 PDC/BDC with openldap (Master/Master Multi-Master-Replication), ucarp for failover Ip/ Glusterfs Replicating Brick 2 node for samba shares/netlogon...Sa Ba4wins(Sernet), two wins-server push and pull. Running without any trouble. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Andrew Bartlett Gesendet: Montag, 28. Januar 2013 15:41 An: Greg Sloop Cc: samba@lists.samba.org Betreff: Re: [Samba] fail-over, redundancy, bdc, multi-dc-domain On Tue, 2013-01-22 at 10:53 -0800, Gregory Sloop wrote: I'm aware of, at least generally, how one would have done a BDC/Redundant server under OpenLDAP Samba3. However, rolling your own multi-domain-controller was fairly daunting [for me] under Samba3 / OpenLDAP. I've been very interested in Samba4 for the more integrated nature of having LDAP/DNS/Samba all under one roof. [i.e. Fewer places where I can screw it up horribly.] Most of our users find that Samba 4.0 'just works' for them as an AD DC, even replicating to a second DC. However I'm also interested in how one can handle fail-over. I don't need something totally seamless and big-iron style. A backup box that would need some manual intervention would be fine. Just replicating to a second DC should be fine. You will need to manually replicate the sysvol share, but that shouldn't be hard. So, something like an rsync'd backup box where the shared files/accounts/etc are perhaps an hour out of date, and that would require 15 minutes to bring up as a primary would be an acceptable solution. I would not recommend just rsyncing anything, except the sysvol files. The reason is that rsync will not get a consistent snapshot of the databases. Joining a second DC will be much more seamless. That's not to say I wouldn't want something better, but that's kind of the low end of the acceptable scale. I've done some searches on the list and spent a while looking for examples but I don't easily find any. [Using searches with: samba4 bdc, redundant, backup, etc. There are a ton of very old articles on the list, but almost nothing I could find specifically on Samba4.] Could some kind soul point me either to: 1) Search terms more likely to produce results, or some discussion threads or 2) wiki/how-to's on how to accomplish something in the neighborhood on this subjet? The main HOWTO contains information on joining to an existing domain. That is what you need to do on your second DC. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 6603013 Fix bug #9587 - archive flag is always set on directories.
from ae0cf58 BUG 9474: Downgrade v4 printer driver requests to v3.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 6603013f8f03773d141c33fd1c4923197a5350c8
Author: Jeremy Allison j...@samba.org
Date: Thu Jan 24 11:02:30 2013 -0800
Fix bug #9587 - archive flag is always set on directories.
Creating a directory to a Samba share sets the attributes to 'D' only
(correct) - only when creating a new file should the 'A' attribute
be set.
However, doing a rename of that directory sets the 'A' attribute in error.
This should only be done on a file rename. smbclient regression test to
follow.
Signed-off-by: Jeremy Allison j...@samba.org
---
Summary of changes:
source3/smbd/reply.c |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index ac471aa..a708fd8 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -6187,7 +6187,8 @@ NTSTATUS rename_internals_fsp(connection_struct *conn,
%s - %s\n, smb_fname_str_dbg(fsp-fsp_name),
smb_fname_str_dbg(smb_fname_dst)));
- if (!lp_posix_pathnames()
+ if (!fsp-is_directory
+ !lp_posix_pathnames()
(lp_map_archive(SNUM(conn)) ||
lp_store_dos_attributes(SNUM(conn {
/* We must set the archive bit on the newly
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 155fdc4 smbcontrol: Fix undefined serverid_traverse_read warning
via dd9ed7b smbcontrol: Fix the build with libunwind
from bb3238b s4:service_task: add missing imessaging_cleanup() to
task_server_terminate()
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 155fdc405ada674146afe577aa7228f6144d34b1
Author: Volker Lendecke v...@samba.org
Date: Sun Jan 27 17:24:49 2013 +0100
smbcontrol: Fix undefined serverid_traverse_read warning
Reviewed-by: Andreas Schneider a...@samba.org
Autobuild-User(master): Andreas Schneider a...@cryptomilk.org
Autobuild-Date(master): Mon Jan 28 11:51:12 CET 2013 on sn-devel-104
commit dd9ed7bef4040e2f87baa3bf7133675aca995980
Author: Volker Lendecke v...@samba.org
Date: Sun Jan 27 17:24:31 2013 +0100
smbcontrol: Fix the build with libunwind
Reviewed-by: Andreas Schneider a...@samba.org
---
Summary of changes:
source3/utils/smbcontrol.c |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/utils/smbcontrol.c b/source3/utils/smbcontrol.c
index ac13dc4..0e4a8cc 100644
--- a/source3/utils/smbcontrol.c
+++ b/source3/utils/smbcontrol.c
@@ -33,6 +33,7 @@
#include messages.h
#include util_tdb.h
#include ../lib/util/pidfile.h
+#include serverid.h
#if HAVE_LIBUNWIND_H
#include libunwind.h
@@ -327,7 +328,7 @@ static int stack_trace_server(const struct server_id *id,
void *priv)
{
if (id-vnn == get_my_vnn()) {
- print_stack_trace(procid_to_pid(id-pid), (int *)priv);
+ print_stack_trace(procid_to_pid(id), (int *)priv);
}
return 0;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via e104e5a Regression test for bug #9571 - Unlink after open causes
smbd to panic
via 578909a Fix bug #9571 - Unlink after open causes smbd to panic.
from 34854ae Fix bug #9588 - ACLs are not inherited to directories for
DFS shares.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit e104e5a8192e9d9a2637035bec343de3c35ca21e
Author: Jeremy Allison j...@samba.org
Date: Thu Jan 24 16:20:14 2013 -0800
Regression test for bug #9571 - Unlink after open causes smbd to panic
Replicates the protocol activity that triggers the crash.
Signed-off-by: Jeremy Allison j...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org
Autobuild-User(master): Stefan Metzmacher me...@samba.org
Autobuild-Date(master): Mon Jan 28 15:33:17 CET 2013 on sn-devel-104
commit 578909ae19d7ec9dacb960626bd1985a2915365b
Author: Pavel Shilovsky pias...@etersoft.ru
Date: Wed Jan 16 15:02:26 2013 +0400
Fix bug #9571 - Unlink after open causes smbd to panic.
s3:smbd: fix wrong lock order in posix unlink
Signed-off-by: Pavel Shilovsky pias...@etersoft.ru
Reviewed-by: Jeremy Allison j...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org
---
Summary of changes:
source3/smbd/trans2.c |6 +++---
source3/torture/torture.c | 44
2 files changed, 47 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 9c77f4d..92d047a 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -7663,8 +7663,8 @@ static NTSTATUS smb_posix_unlink(connection_struct *conn,
continue;
}
/* Fail with sharing violation. */
- close_file(req, fsp, NORMAL_CLOSE);
TALLOC_FREE(lck);
+ close_file(req, fsp, NORMAL_CLOSE);
return NT_STATUS_SHARING_VIOLATION;
}
}
@@ -7678,12 +7678,12 @@ static NTSTATUS smb_posix_unlink(connection_struct
*conn,
fsp,
smb_fname);
+ TALLOC_FREE(lck);
+
if (!NT_STATUS_IS_OK(status)) {
close_file(req, fsp, NORMAL_CLOSE);
- TALLOC_FREE(lck);
return status;
}
- TALLOC_FREE(lck);
return close_file(req, fsp, NORMAL_CLOSE);
}
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 799c911..b59ac30 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -5368,6 +5368,8 @@ static bool run_simple_posix_open_test(int dummy)
bool correct = false;
NTSTATUS status;
size_t nread;
+ const char *fname_windows = windows_file;
+ uint16_t fnum2 = (uint16_t)-1;
printf(Starting simple POSIX open test\n);
@@ -5390,6 +5392,8 @@ static bool run_simple_posix_open_test(int dummy)
cli_posix_unlink(cli1, hname);
cli_setatr(cli1, sname, 0, 0);
cli_posix_unlink(cli1, sname);
+ cli_setatr(cli1, fname_windows, 0, 0);
+ cli_posix_unlink(cli1, fname_windows);
/* Create a directory. */
status = cli_posix_mkdir(cli1, dname, 0777);
@@ -5681,6 +5685,39 @@ static bool run_simple_posix_open_test(int dummy)
goto out;
}
+ /*
+* Now create a Windows file, and attempt a POSIX unlink.
+* This should fail with a sharing violation but due to:
+*
+* [Bug 9571] Unlink after open causes smbd to panic
+*
+* ensure we've fixed the lock ordering violation.
+*/
+
+ status = cli_ntcreate(cli1, fname_windows, 0,
+ FILE_READ_DATA|FILE_WRITE_DATA, 0,
+ FILE_SHARE_READ|FILE_SHARE_WRITE|FILE_SHARE_DELETE,
+ FILE_CREATE,
+ 0x0, 0x0, fnum2);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf(Windows create of %s failed (%s)\n, fname_windows,
+ nt_errstr(status));
+ goto out;
+ }
+
+ /* Now try posix_unlink. */
+ status = cli_posix_unlink(cli1, fname_windows);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION)) {
+ printf(POSIX unlink of %s should fail
+ with NT_STATUS_SHARING_VIOLATION
+ got %s instead !\n,
+ fname_windows,
+ nt_errstr(status));
+ goto out;
+ }
+
+ cli_close(cli1, fnum2);
+
printf(Simple POSIX open test passed\n);
correct = true;
@@ -5691,6 +5728,11
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 99d2cb2 Fix bug #9588 - ACLs are not inherited to directories for
DFS shares.
from 6603013 Fix bug #9587 - archive flag is always set on directories.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 99d2cb211f04e907bf2ed19656843026207ae0e3
Author: Jeremy Allison j...@samba.org
Date: Fri Jan 25 10:21:48 2013 -0800
Fix bug #9588 - ACLs are not inherited to directories for DFS shares.
We can return with NT_STATUS_OK in an error code path. This
has a really strange effect in that it prevents the ACL editor
in Windows XP from recursively changing ACE entries on sub-directories
after a change in a DFS-root share (we end up returning a path
that looks like: \\IPV4\share1\xptest/testdir with a mixture
of Windows and POSIX pathname separators).
Signed-off-by: Jeremy Allison j...@samba.org
---
Summary of changes:
source3/smbd/msdfs.c | 13 +
1 files changed, 13 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index f0f5d06..1235f0f 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -974,6 +974,19 @@ NTSTATUS get_referred_path(TALLOC_CTX *ctx,
if (!NT_STATUS_EQUAL(status, NT_STATUS_PATH_NOT_COVERED)) {
DEBUG(3,(get_referred_path: No valid referrals for path %s\n,
dfs_path));
+ if (NT_STATUS_IS_OK(status)) {
+ /*
+* We are in an error path here (we
+* know it's not a DFS path), but
+* dfs_path_lookup() can return
+* NT_STATUS_OK. Ensure we always
+* return a valid error code.
+*
+* #9588 - ACLs are not inherited to directories
+* for DFS shares.
+*/
+ status = NT_STATUS_NOT_FOUND;
+ }
goto err_exit;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via fb0868e Fix bug #9571 - Unlink after open causes smbd to panic.
from 99d2cb2 Fix bug #9588 - ACLs are not inherited to directories for
DFS shares.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit fb0868e290cdc23671a84b7600af689a8b8b806f
Author: Pavel Shilovsky pias...@etersoft.ru
Date: Wed Jan 16 15:02:26 2013 +0400
Fix bug #9571 - Unlink after open causes smbd to panic.
s3:smbd: fix wrong lock order in posix unlink
Signed-off-by: Pavel Shilovsky pias...@etersoft.ru
Reviewed-by: Jeremy Allison j...@samba.org
---
Summary of changes:
source3/smbd/trans2.c |6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index bdbdbc0..2824f93 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -7586,8 +7586,8 @@ static NTSTATUS smb_posix_unlink(connection_struct *conn,
continue;
}
/* Fail with sharing violation. */
- close_file(req, fsp, NORMAL_CLOSE);
TALLOC_FREE(lck);
+ close_file(req, fsp, NORMAL_CLOSE);
return NT_STATUS_SHARING_VIOLATION;
}
}
@@ -7601,12 +7601,12 @@ static NTSTATUS smb_posix_unlink(connection_struct
*conn,
fsp,
smb_fname);
+ TALLOC_FREE(lck);
+
if (!NT_STATUS_IS_OK(status)) {
close_file(req, fsp, NORMAL_CLOSE);
- TALLOC_FREE(lck);
return status;
}
- TALLOC_FREE(lck);
return close_file(req, fsp, NORMAL_CLOSE);
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via 035be05 Fix bug #9586 - smbd[29175]: disk_free: sys_popen() failed
message logged in /var/log/message many times.
from fb0868e Fix bug #9571 - Unlink after open causes smbd to panic.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit 035be05db96b0544434febc33349adb910dba78e
Author: Jeremy Allison j...@samba.org
Date: Wed Jan 23 14:39:09 2013 -0800
Fix bug #9586 - smbd[29175]: disk_free: sys_popen() failed message logged
in /var/log/message many times.
Ensure when reading lines from an interruptible
pipe source we ignore EINTR.
Signed-off-by: Jeremy Allison j...@samba.org
Reviewed-by: Volker Lendecke v...@samba.org
Autobuild-User(master): Volker Lendecke v...@samba.org
Autobuild-Date(master): Thu Jan 24 10:45:48 CET 2013 on sn-devel-104
(cherry picked from commit 497febfe36354c4aff3696cd32c6c7e8fee55af8)
---
Summary of changes:
source3/lib/util_file.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/lib/util_file.c b/source3/lib/util_file.c
index 50ff844..8319f04 100644
--- a/source3/lib/util_file.c
+++ b/source3/lib/util_file.c
@@ -38,7 +38,7 @@ static char *file_pload(const char *syscmd, size_t *size)
p = NULL;
total = 0;
- while ((n = read(fd, buf, sizeof(buf))) 0) {
+ while ((n = sys_read(fd, buf, sizeof(buf))) 0) {
p = talloc_realloc(NULL, p, char, total + n + 1);
if (!p) {
DEBUG(0,(file_pload: failed to expand buffer!\n));
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated
via 7ba52a1 Regression test for bug #9571 - Unlink after open causes
smbd to panic
via 35f2333 Fix bug #9571 - Unlink after open causes smbd to panic.
via 0b7a432 Fix bug #9588 - ACLs are not inherited to directories for
DFS shares.
from 8464023 ldb: Ensure to decrement the transaction_active whenever we
delete a transaction
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -
commit 7ba52a12bb930cfaddc3092cac291e4f7d503c05
Author: Jeremy Allison j...@samba.org
Date: Thu Jan 24 16:20:14 2013 -0800
Regression test for bug #9571 - Unlink after open causes smbd to panic
Replicates the protocol activity that triggers the crash.
Signed-off-by: Jeremy Allison j...@samba.org
Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org
Autobuild-Date(v4-0-test): Mon Jan 28 21:40:31 CET 2013 on sn-devel-104
commit 35f23335e4ff3b350d6740755823df8583b18ed9
Author: Pavel Shilovsky pias...@etersoft.ru
Date: Wed Jan 16 15:02:26 2013 +0400
Fix bug #9571 - Unlink after open causes smbd to panic.
s3:smbd: fix wrong lock order in posix unlink
Signed-off-by: Pavel Shilovsky pias...@etersoft.ru
Reviewed-by: Jeremy Allison j...@samba.org
commit 0b7a43250d2102c8e884763a8d4ae00125e4bc31
Author: Jeremy Allison j...@samba.org
Date: Fri Jan 25 10:21:48 2013 -0800
Fix bug #9588 - ACLs are not inherited to directories for DFS shares.
We can return with NT_STATUS_OK in an error code path. This
has a really strange effect in that it prevents the ACL editor
in Windows XP from recursively changing ACE entries on sub-directories
after a change in a DFS-root share (we end up returning a path
that looks like: \\IPV4\share1\xptest/testdir with a mixture
of Windows and POSIX pathname separators).
Signed-off-by: Jeremy Allison j...@samba.org
---
Summary of changes:
source3/smbd/msdfs.c | 13 +
source3/smbd/trans2.c |6 +++---
source3/torture/torture.c | 45 +
3 files changed, 61 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index b6ebaca..ccbd89c 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -1000,6 +1000,19 @@ NTSTATUS get_referred_path(TALLOC_CTX *ctx,
if (!NT_STATUS_EQUAL(status, NT_STATUS_PATH_NOT_COVERED)) {
DEBUG(3,(get_referred_path: No valid referrals for path %s\n,
dfs_path));
+ if (NT_STATUS_IS_OK(status)) {
+ /*
+* We are in an error path here (we
+* know it's not a DFS path), but
+* dfs_path_lookup() can return
+* NT_STATUS_OK. Ensure we always
+* return a valid error code.
+*
+* #9588 - ACLs are not inherited to directories
+* for DFS shares.
+*/
+ status = NT_STATUS_NOT_FOUND;
+ }
goto err_exit;
}
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 9b15698..27ff550 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -7662,8 +7662,8 @@ static NTSTATUS smb_posix_unlink(connection_struct *conn,
continue;
}
/* Fail with sharing violation. */
- close_file(req, fsp, NORMAL_CLOSE);
TALLOC_FREE(lck);
+ close_file(req, fsp, NORMAL_CLOSE);
return NT_STATUS_SHARING_VIOLATION;
}
}
@@ -7677,12 +7677,12 @@ static NTSTATUS smb_posix_unlink(connection_struct
*conn,
fsp,
smb_fname);
+ TALLOC_FREE(lck);
+
if (!NT_STATUS_IS_OK(status)) {
close_file(req, fsp, NORMAL_CLOSE);
- TALLOC_FREE(lck);
return status;
}
- TALLOC_FREE(lck);
return close_file(req, fsp, NORMAL_CLOSE);
}
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 0cca680..cd885a1 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -5368,6 +5368,8 @@ static bool run_simple_posix_open_test(int dummy)
bool correct = false;
NTSTATUS status;
size_t nread;
+ const char *fname_windows = windows_file;
+ uint16_t fnum2 = (uint16_t)-1;
printf(Starting simple POSIX open test\n);
@@ -5390,6 +5392,8 @@ static bool run_simple_posix_open_test(int
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-01-29-0011/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-01-29-0011/samba3.stderr http://git.samba.org/autobuild.flakey/2013-01-29-0011/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-01-29-0011/samba.stderr http://git.samba.org/autobuild.flakey/2013-01-29-0011/samba.stdout The top commit at the time of the failure was: commit e104e5a8192e9d9a2637035bec343de3c35ca21e Author: Jeremy Allison j...@samba.org Date: Thu Jan 24 16:20:14 2013 -0800 Regression test for bug #9571 - Unlink after open causes smbd to panic Replicates the protocol activity that triggers the crash. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Mon Jan 28 15:33:17 CET 2013 on sn-devel-104
