Re: [Samba] msdfs proxy question
Hi Daniel, that is exactly the problem, the samba server has an OpenVPN server, but the VPN user group includes people who are not directly working for the company so they should'nt have access to the internal network. So even if I could set up the samba box as gw and limit the access to the file server by firewall rules, I'm not sure I can restrict the access to the file server itself and they could see way to much than what they should. Is there any other possibility to do that? On Mon, 2013-02-04 at 08:33 +0100, Daniel Müller wrote: If you have no route to the network nothing will work. Samba is not a Gateway nor does it VPN connections or something like that. If your second network is a external one you will be better in the first with openvpn And set your routes to your needs. If your second network is internal you need to set up a gateway that can be reached from both Networks. Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Michael Wilke Gesendet: Montag, 4. Februar 2013 08:05 An: samba@lists.samba.org Betreff: [Samba] msdfs proxy question Hi List, I am struggling a little bit with the msdfs proxy parameter. I want the samba server as a kind of a bridge between two networks, that the samba server only shares some of the shares provided by our file server to a second network. I don't want the samba srv to be a gw or give the clients a route to the internal network, because it is a total different user group. I first tried to do so with an msdfs root directory and symlinks but for sure it didn't work, because the clients don't have a route to the source server. But msdfs proxy doesn't work either: smb.conf: --- [software-new] msdfs root = yes msdfs proxy= \gunter\software --- When I try to access the share from a computer in the sec. network the log shows: --- Client requested device type [?] for share [SOFTWARE-NEW] refusing connection to dfs proxy share 'software-new' (pointing to \gunter\software) error packet at smbd/reply.c(803) cmd=117 (SMBtconX) NT_STATUS_BAD_NETWORK_NAME --- The server is accessible from the samba box and smbclient connects fine: root@samba:~# smbclient -L '\\gunter' -U 'DOMAIN\micha' WARNING: The idmap uid option is deprecated WARNING: The idmap gid option is deprecated Enter DOMAIN\micha's password: Domain=[DOMAIN] OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server 2003 R2 5.2] Sharename Type Comment - --- ... softwareDisk Software ... If I access the msdfs share from the sec. network (10.10.12.0) with an IP in the first network (10.10.10.0) then the connection redirects me to the gunter server and everything works, but I need a proxy not a standard msdfs redirect. Any advice appreciated Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Michael Wilke HoD Advisor IT and General Service Department NIMR - Mbeya Medical Research Center (MMRC) P.O. Box 2410 Mbeya - Tanzania Mobile: +255 684 700 979 (Airtel TZ) E-Mail: m...@nimr-mmrc.org Internet: http://www.nimr-mmrc.org/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] msdfs proxy question
So If you have done your openvpn config on a per client. You can restrict in this config the things users can do. Ex.: Client 1 can only see a specific host. Client 2 has full access to the fileserver and the net behind it. Group one is distributed with Client 1. Group two is distributed with Client 2. The second part is with Samba. Only the IP-Range that is distributed with Client 2 can logon and work with files. Then set the samba groups according to your needs and you are up and running. Ex. OPENVPN config with logon to Samba 3 Server: Server: local your.server.i.p port 1194 proto udp dev tun #your keys ca keys/ca.crt cert keys/server.crt key keys/server.key dh keys/dh1024.pem server 10.0.9.0 255.255.255.0 #your clients config directory client-config-dir ccd client-to-client duplicate-cn push dhcp-option DNS here.your.dns.server push dhcp-option WINS here.your.wins.server###openvpn provides netbios push dhcp-option DOMAIN your.domain ##your routes route 192.168.135.0 255.255.255.0 push route 192.168.135.0 255.255.255.0 push route 192.168.134.0 255.255.255.0 push route 192.168.133.0 255.255.255.0 push route 192.168.132.0 255.255.255.0 max-clients 20 keepalive 10 120 comp-lzo persist-key persist-tun status server-tcp.log verb 3 #auth against samba/openldap on connect through openvpn client auth-user-pass-verify /etc/openvpn/ccd/login.sh via-env Client: client dev tun proto udp port 1194 remote your.remote.loginserver 1194 ## resolv-retry infinite nobind persist-key persist-tun ##Where are your certs? ca C:\\openvpn\\config\\ca.crt cert C:\\openvpn\\config\\client1.crt key C:\\openvpn\\config\\client1.key ns-cert-type server comp-lzo verb 3 pull ##prompt for samba/openldap user--pass auth-user-pass auth-nocache route-method exe ##-- you need this entries route-delay 2 ##-- for windows to log on --explicit-exit-notify 2 ##Below if you need a script the name need to be client_up.bat or client_down.bat ##--up C:\\openvpn\\config\\client_up.bat Login.sh (So you can be certain only a authenticated user to samba see the files): #!/bin/sh ##login script openvpn 071209 dm ## LDAP=xxx.xxx.xxx.xxx ##pruefen ob leer username/passwort o anonymous if [$username = anonymous || $username = Anonymous || -z $username || -z $password ]; then exit 1; fi ###test bind ldapwhoami -x -h $LDAP -D uid=$username,ou=users,dc=your,dc=domain -w $password ### if [ $? = 0 ]; then exit 0; else exit 1; fi exit 1; In your smb.conf, Hosts allow= 10.0.9.0/24 --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Michael Wilke [mailto:m...@1982.cc] Gesendet: Montag, 4. Februar 2013 09:07 An: samba@lists.samba.org Cc: muel...@tropenklinik.de Betreff: Re: AW: [Samba] msdfs proxy question Hi Daniel, that is exactly the problem, the samba server has an OpenVPN server, but the VPN user group includes people who are not directly working for the company so they should'nt have access to the internal network. So even if I could set up the samba box as gw and limit the access to the file server by firewall rules, I'm not sure I can restrict the access to the file server itself and they could see way to much than what they should. Is there any other possibility to do that? On Mon, 2013-02-04 at 08:33 +0100, Daniel Müller wrote: If you have no route to the network nothing will work. Samba is not a Gateway nor does it VPN connections or something like that. If your second network is a external one you will be better in the first with openvpn And set your routes to your needs. If your second network is internal you need to set up a gateway that can be reached from both Networks. Good Luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Michael Wilke Gesendet: Montag, 4. Februar 2013 08:05 An: samba@lists.samba.org Betreff: [Samba] msdfs proxy question Hi List, I am struggling a little bit with the msdfs proxy parameter. I want the samba server as a kind of a bridge between two networks, that the samba server only shares some of the shares provided by our file server to a second network. I don't want the samba srv to be a gw or give the clients a route to the internal network, because it is a total different user group. I first tried to do so with an msdfs root directory and symlinks but for sure it
Re: [Samba] Web Site E-mail Server authentication with Samba4
Thanks for prompt reply. What i doubt about the stability and durability of SOGo. What are your experience with SOGo. Does samba 4 not used by any one the list with zimbra?? or any experience with zimbra. With Warm Regards, Vijay++ On Mon, Feb 4, 2013 at 12:25 PM, Daniel Müller muel...@tropenklinik.dewrote: If you are not fixed to Zimbra you can have a look at SOGo (http://www.sogo.nu/). --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Vijay Thakur Gesendet: Montag, 4. Februar 2013 07:46 An: samba@lists.samba.org Betreff: [Samba] Web Site E-mail Server authentication with Samba4 Hi all, I have a running Samba4 Server. I am able to authenticate Windows and Linux Clients very. (1) I want to use samba4 as SSO. In this regard my next step is to authenticate our web site users from samba4 server. In this web site, at home page our corporate users give their e-mail address usern...@companydomain.com and password (not e-mail password). (2) Our E-mail server is hosted on cloud. We want to deploy our own in-house E-mail Server. The users of E-mail server will be authenticated from Samba4. In precise, i want to turn my samba server a SSO in my required two scenario. Kindly help me and suggest that how can i achieve these two targets. For e-mail Server i will use Zimbra Collaboration Server. Thanks in advance. Vijay Thakur -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Internal LDAP problem
Hi! I'm trying to use the internal LDAP provided by Samba4 to store mail domains used by SOGo. I have two sets of users. Those used by Samba and created through samba-tool and those created under some ou I have made up. A few days ago I was able to change the latter users passwords using ldapadmin (a windows LDAP client) but today I am not. When I try to change a password I get an error message like RPC server unavailable. And I have another problem with LDAP. I have to use ldapadmin to change users' password because ldappasswd gives me this error: ldappasswd -d4 -h 192.168.0.137 cn=juan.lapuerta,ou=alisys.net ,dc=aliratiun,dc=tic ldap_build_search_req ATTRS: supportedSASLMechanisms SASL/GSSAPI authentication started SASL username: administra...@aliratiun.tic SASL SSF: 56 SASL data security layer installed. Result: Protocol error (2) Additional info: Extended Operation(1.3.6.1.4.1.4203.1.11.1) not supported But I think I read somewhere that that extended operation is supported. Thanks in advance. Regards, -- Linkedin profile (http://es.linkedin.com/in/lafdez) G+ profile (https://plus.google.com/u/0/115320207805121303027/about) Twitter (@lafdez @_lafdez_) Identi.ca (@lafdez) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] not able to connect to windows machine
Hi, I am using samba4 and libsmbclient.h and libsmbclient.so. I have implemented the below apis locally within linux machines, but now I want to connect to my windows machine for this I am giving my windows machine username and password In below get_auth_data_fn() function: static void get_auth_data_fn(const char * m_pserver, const char * m_pshare, char * m_pworkgroup, int m_maxLenWorkgroup, char * m_pusername, int m_maxlenUsername, char * m_pPassword, int m_maxLenPassword) { m_pworkgroup = igatecorp; m_maxLenWorkgroup = 100; m_maxlenUsername = 100; m_maxLenPassword =100; m_pusername = abc; m_pPassword = 1; } smbc_init( get_auth_data_fn, l_ndebug ); Int smbc_open(const char *furl, int flags, mode_t mode); But it is giving following debugt errors: START INIT INFO: Current debug levels: all: 50 tdb: 50 printdrivers: 50 lanman: 50 smb: 50 rpc_parse: 50 rpc_srv: 50 rpc_cli: 50 passdb: 50 sam: 50 auth: 50 winbind: 50 vfs: 50 idmap: 50 quota: 50 acls: 50 locking: 50 msdfs: 50 dmapi: 50 registry: 50 Using netbios name MER19640. Using workgroup WORKGROUP. INIT SUCCESSSMBC_server: server_n=[172.31.130.148] server=[172.31.130.148] - server_n=[172.31.130.148] server=[172.31.130.148] Connecting to 172.31.130.148 at port 445 Socket options: Doing spnego session setup (blob length=83) got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.2.840.113554.1.2.2.3 got OID=1.3.6.1.4.1.311.2.2.10 got principal=pc-a49240$@ negotiate: struct NEGOTIATE_MESSAGE Signature: 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0x60088215 (1611170325) DomainNameLen: 0x0009 (9) DomainNameMaxLen : 0x0009 (9) DomainName : * DomainName : 'WORKGROUP' WorkstationLen : 0x0008 (8) WorkstationMaxLen: 0x0008 (8) Workstation : * Workstation : 'MER19640' challenge: struct CHALLENGE_MESSAGE Signature: 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen: 0x0012 (18) TargetNameMaxLen : 0x0012 (18) TargetName : * TargetName : 'PC-A49240' NegotiateFlags : 0x628a8215 (1653244437) ServerChallenge : cc22f263c3a9cbd1 Reserved : TargetInfoLen: 0x0084 (132) TargetNameInfoMaxLen : 0x0084 (132) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count: 0x0005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen: 0x0012 (18) Value: union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'PC-A49240' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen: 0x0012 (18) Value: union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'PC-A49240' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen: 0x0026 (38) Value: union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'pc-a49240.patni.com' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen: 0x0026 (38) Value: union ntlmssp_AvValue(case 0x3) AvDnsComputerName: 'pc-a49240.patni.com' pair: struct AV_PAIR AvId : MsvAvEOL (0x0)
Re: [Samba] Cannot logon Samba 4 via plaintext password
There is no samba-tool binary in my build. I built 4.0.2 using the original build system, since the WAF-baed one doesn't work on AIX. Can the same effect be achieved through editing smb.conf? Thanks! -Ben From: Daniel Müller [muel...@tropenklinik.de] Sent: Sunday, February 03, 2013 10:59 PM To: 'TAKAHASHI Motonobu'; Benjamin Huntsman Cc: samba@lists.samba.org Subject: AW: [Samba] Cannot logon Samba 4 via plaintext password Did you try samba-tool: pwsettings Sets password settings set -H --quiet --complexity=on|off|default --store-plaintext=on|off|default --history-length= --min-pwd-length= --min-pwd-age= --max-pwd-age= --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von TAKAHASHI Motonobu Gesendet: Sonntag, 3. Februar 2013 17:27 An: bhunts...@mail2.cu-portland.edu Cc: samba@lists.samba.org Betreff: Re: [Samba] Cannot logon Samba 4 via plaintext password From: Benjamin Huntsman bhunts...@mail2.cu-portland.edu Date: Fri, 1 Feb 2013 21:42:29 + So, I have working builds of Samba 3.6.10, and 4.0.2 using the traditional build system on AIX, both built with XLC. For historical reasons, we're needing to use 'encrypt passwords = no', so that Samba uses the OS password. The odd thing, is, the 3.6.10 Samba works just fine, but the 4.0.2 doesn't allow connections. Here's the Samba config I'm using on both: I reproduced this problem on Linux box. I see packet captures and confirm that Samba replies to enable plaintext password, Windows client sends a plaintext password, and at last Samba replies logon failure to client. My smb.conf is: - [global] encrypt passwords = no server max protocol = nt1 ntlm auth = yes [tmp] path = /tmp writeable = yes - Hmmm, I think it is a bug... --- TAKAHASHI Motonobu mo...@monyo.com / @damemonyo facebook.com/takahashi.motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 - classicupgrade - problem - passdb.error uncaught exception - Cannot load backend methods for 'ldapsam:ldap://localhost' backend NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Hello, I'm migrating to samba4 (samba 4.0.2 in Debian 6.0.6) After copying .tdb files and smb.conf and migrating ldap server to the new server and configured it. When I run: /usr/loca/samba/bin/samba-tool domain classicpugrade --dbdir=samba --user-xattrs=yes --realm=sadom.espel.com samba/smb.conf I get: Reading smb.conf WARNING: The idmap backend option is deprecated WARNING: The idmap uid option is deprecated WARNING: The idmap gid option is deprecated WARNING: Ignoring invalid value 'cups' for parameter 'printing' Provisioning convert_string_talloc: Conversion not supported. pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it. pdb backend ldapsam:ldap://localhost did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO) ERROR(class 'passdb.error'): uncaught exception - Cannot load backend methods for 'ldapsam:ldap://localhost' backend (-1073741606,NT_STATUS_CANT_ACCESS_DOMAIN_INFO) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py, line 612, in upgrade_from_samba3 s3db = samba3.get_sam_db() File /usr/local/samba/lib/python2.6/site-packages/samba/samba3/__init__.py, line 390, in get_sam_db return passdb.PDB(self.lp.get('passdb backend')) My smb.conf is: [global] unix charset = LOCALE workgroup= SPEL.COM netbios name = VS002 passdb backend = ldapsam:ldap://localhost username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 time server = yes #wmarcos 24 01 08 #privileges = yes #time offset = -30 security = user #agregado por wmarcos 6/2/08 wins support = yes ldap ssl = off add user script= /usr/local/sbin/smbldap-useradd -a -m -P '%u' delete user script = /usr/local/sbin/smbldap-userdel '%u' add group script = /usr/local/sbin/smbldap-groupadd -p '%g' delete group script = /usr/local/sbin/smbldap-groupdel '%g' add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/local/sbin/smbldap-useradd -i '%u' domain logons = yes preferred master = yes domain master= yes local master = yes os level = 80 ldap suffix = dc=spel,dc=com ldap user suffix = ou=usuarios ldap group suffix = ou=grupos ldap machine suffix = ou=equipos ldap passwd sync = yes ldap idmap suffix = ou=usuarios ldap admin dn= cn=admin,dc=spel,dc=com idmap backend = ldap:ldap://localhost idmap uid = 2000~2999 idmap gid = 500~1000 printing = cups encrypt passwords = yes read only = yes follow symlinks = no guest ok = no logon home = logon path = hide unreadable = yes [homes] comment = Directorio personal del usuario %U valid users = %U browseable = no read only = no create mask = 750 directory mask = 740 [netlogon] path = /home/samba/netlogon browseable = no guest ok = yes Any clues? I only found this, but didn't help me solve this issue http://lists.samba.org/archive/samba-technical/2011-September/079286.html Thanks in advance! M. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Trust problems after upgrade from 3.5 to 3.6
Hello. My setup: _ one Samba 3.5 domain (), with a PDC and a BDC, both running FreeBSD; _ one AD domain () running on two Windows 2003 DCs; _ bidirectional trust between the two domains. Everything used to work until I moved the PDC from Samba 3.5 (EOL'ed) to 3.6; now, users from domain cannot access the PDC's shares. I used to have in smb.conf: idmap backend=ldap:ldap://localhost/ idmap alloc backend=ldap idmap alloc config:ldap_url=ldap://localhost idmap alloc config:ldap_base_dn=ou=idmap,dc=,dc=xx idmap alloc config:ldap_user_dn=cn=root,dc=,dc=xx idmap cache time=120 idmap uid=15-20 idmap gid=15-20 template shell=/sbin/nologin idmap config :backend=nss idmap config :range=1000-99 After the upgrade I changed it this way: idmap config *:backend=ldap idmap config *:range=15-20 idmap config *:ldap_url=ldap://localhost/ idmap config *:ldap_base_dn=ou=idmap,dc=,dc=xx idmap config *:ldap_user_dn=cn=root,dc=,dc=xx idmap cache time=120 template shell=/sbin/nologin idmap config :backend=nss idmap config :range=1000-99 I see many errors like the following in log.winbindd-idmap: [2013/02/04 19:22:20.847184, 1] winbindd/idmap.c:249(idmap_init_domain) idmap initialization returned NT_STATUS_ACCESS_DENIED In log.wb- [2013/02/04 19:20:59.364510, 0] rpc_client/cli_pipe.c:3240(cli_rpc_pipe_open_spnego_ntlmssp) cli_rpc_pipe_bind failed with error NT_STATUS_ACCESS_DENIED Please, any help is appreciated. bye Thanks av. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Security: ads - net ads user works, wbinfo -u does not
Hi, I have Debian Squeeze running Samba being a member of the domain (PDC and BDC are Windows servers) and it's users are authenticated against AD using winbind for years. Now there is a need to setup another virtual Debian box exactly like that. So the name of the first is STUDENT, I named the virtual STUDENT2. I'm trying to set up the virtual box exactly the same, using exactly the same configs (smb.conf, krb5.conf) as on the working box, but this is what I get: STUDENT2, I can: - create kerberos tickets (kinit Administrator@FOO.LOCAL) - list kerberos tickets (klist) - join the domain (net ads join -U Administrator) Here I get next output: Using short domain name -- FOO Joined 'STUDENT2' to realm 'FOO.Local' DNS update failed! But as I understand the last message is not something to worry about. - (here I start samba, then winbind) And at this point strange thing happen. I cannot get domain users using wbinfo (wbinfo -u returns nothing) but I get them all using net ads user -U Administrator. Of course, getent passwd lists only local users too. I believe my winbind is not working properly. Here are the questions: 1). How to effectively debug why wbinfo is acting this way? 2). Could the problem be because of 2 machines conflicting because of one letter difference (STUDENT vs STUDENT2)? I can't delete the first box from domain in order to test it as it's in production. STUDENT2 details: - Debian Squeeze up-to-date (6.0.6) - standard repo packages: # dpkg -l '*samba*' '*winbind*' | grep ^ii ii samba 2:3.5.6~dfsg-3squeeze9 ii samba-common 2:3.5.6~dfsg-3squeeze9 ii samba-common-bin 2:3.5.6~dfsg-3squeeze9 ii winbind2:3.5.6~dfsg-3squeeze9 - # wbinfo -p Ping to winbindd succeeded PDC and BDCs are running Windows Server 2008 R2. I can post the configs in case it helps. However I feel like I have tried all the possible variations of the configs (from so many good howto's) with no effect at all. P. S. One more (possibly important) detail. When I was playing with different configs I sometimes was getting different output from 'wbinfo -u', which looked like this: STUDENT2+joe STUDENT2+nobody This looked very strange to me as my domain is 'FOO.LOCAL', not 'STUDENT2' (the latter is a hostname of the new box) and these 2 users are local users. Thanks in advance, dimir -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Able to join Samba client as MEMBER server to Windows 2008 R2 RWDC but not to RODC
I'm trying to join a RHEL 5 client to a Windows 2008 R2 AD, I've tried both Samba 3.6.6 and 4.0.2. When pointing the client to a RWDC(wegsfes19123) I'm able to successfully join the client: [root@vm-ae67a ~]# net ads join -U Administrator -d1 -Swegsfes19123 ... libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : 'DOMAIN' dns_domain_name : 'domain.com' forest_name : 'domain.com' dn : 'CN=vm-ae67a,CN=Computers,DC=domain,DC=com' domain_sid : * domain_sid : S-1-5-21-2999212452-478241430-698296220 modified_config : 0x00 (0) error_string : NULL domain_is_ad : 0x01 (1) result : WERR_OK Using short domain name -- DOMAIN Joined 'VM-AE67A' to realm 'domain.com' DNS Update for vm-ae67a.**INTERNAL*** failed: ERROR_DNS_GSS_ERROR DNS update failed! [root@vm-ae67a log]# net ads info LDAP server: 10.100.0.231 LDAP server name: wegsfes19123.domain.com Realm: DOMAIN.COM Bind Path: dc=DOMAIN,dc=COM LDAP port: 389 Server time: Sun, 03 Feb 2013 11:45:05 EST KDC server: 10.100.0.231 Server time offset: 0 However pointing the same client to a RODC(wegsfes19234), for the same domain, I'm unable to join (/etc/krb5.conf and /etc/samba/smb.conf were updated to point to the RODC server for authentication): [root@vm-ae67a log]# kinit administra...@domain.com Password for administra...@domain.com: [root@vm-ae67a log]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: administra...@domain.com Valid starting ExpiresService principal 02/03/13 12:31:17 02/03/13 22:31:24 krbtgt/domain@domain.com renew until 02/04/13 12:31:17 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [root@vm-ae67a ~]# net ads join -U Administrator -d1 -Swegsfes19234 libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : 'DOMAIN' dns_domain_name : 'domain.com' forest_name : 'domain.com' dn : NULL domain_sid : * domain_sid : S-1-5-21-2999212452-478241430-698296220 modified_config : 0x00 (0) error_string : 'Failed to set account flags for machine account (NT_STATUS_NOT_SUPPORTED) ' domain_is_ad : 0x01 (1) result : WERR_NOT_SUPPORTED Failed to join domain: Failed to set account flags for machine account (NT_STATUS_NOT_SUPPORTED) Any help with this matter would be greatly appreciated. Regards, Matt Configuration files: [root@vm-ae67a ~]# grep -v -e ^# -e ^; /etc/samba/smb.conf | uniq [global] workgroup = DOMAIN password server = wegsfes19234.domain.com realm = DOMAIN.COM security = ads idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash idmap backend = nss template homedir = /home/%U winbind nss info = rfc2307 winbind use default domain = true server string = vm-ae67a netbios name = vm-ae67a encrypt passwords = true # logs split per machine log file = /var/log/samba/log.%m # max 50KB per log file, then rotate max log size = 50 # the login script name depends on the machine name # the login script name depends on the unix user used # disables profiles support by specifing an empty path load printers = yes cups options = raw #obtain list of printers automatically on SystemV [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [root@vm-ae67a ~]# grep -v -e ^# -e ^; /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = DOMAIN.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des3-hmac-sha1 default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5 des3-hmac-sha1 clockskew = 300 [realms] EXAMPLE.COM = { kdc = kerberos.example.com:88 admin_server = kerberos.example.com:749 default_domain = example.com } domain.com = { kdc = wegsfes19234.domain.com } DOMAIN.COM = { kdc = wegsfes19234.domain.com kdc = wegsfes19234.domain.com } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM domain.com = DOMAIN.COM .domain.com = DOMAIN.COM [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true
Re: [Samba] upgrade from 3.5 - 3.6, now I have no backend defined for idmap
Hi Dale that worked, thanks. Just to clarify the * means everything else, right? Cause now I am getting (only once) [2013/02/04 07:50:48.519114, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config BUILTIN One strange side effect ... I have never had to reboot a machine because of a change to the samba daemon(s), a restart always worked. For a couple of days after the change I still was getting the message until I rebooted ... now I do not get the messages, weird. Jobst On Tue, Jan 29, 2013 at 01:17:52PM -0600, Dale Schroeder (d...@briannassaladdressing.com) wrote: Jobst, The following works for me in 3.6.x. Modify to match your criteria. idmap config * : backend= tdb idmap config * : range = low - high idmap config DOMAIN : default = Yes idmap config DOMAIN : backend = idmap backend idmap config DOMAIN : range = different low - different high Dale On 01/28/2013 10:51 PM, Jobst Schmalenbach wrote: Hi. I am getting loads of errors no backend defined for idmap config MYDOMAIN after I upgraded from 3.5 - 3.6 a couple of days ago. I read http://wiki.samba.org/index.php/Samba_3.6_Features_added/changed and did what man smb.conf suggested: idmap config MYDOMAIN : backend = tdb idmap config MYDOMAIN : range = 500-199 yet I still receive those errors. I used to have idmap uid = 500-1000 idmap gid = 500-1000 and I had no errors while running 3.5.10. I am not sure what I am doing wrong, help please. Jobst -- The journey of a thousand steps begins with few hundred forgotten necessities. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5a8e049 Fix typo in warning message from 570a4b3 tevent_poll: add poll_event_loop_wait() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5a8e04963f611b21570b9bdfc3b74e18254df2d1 Author: Volker Lendecke v...@samba.org Date: Sun Feb 3 12:30:10 2013 +0100 Fix typo in warning message Signed-off-by: Volker Lendecke v...@samba.org Reviewed-By: Ira Cooper i...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Mon Feb 4 11:48:25 CET 2013 on sn-devel-104 --- Summary of changes: source3/wscript |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/wscript b/source3/wscript index bb5ee89..7c63a9c 100644 --- a/source3/wscript +++ b/source3/wscript @@ -693,7 +693,7 @@ msg.msg_acctrightslen = sizeof(fd); if not conf.CONFIG_SET('HAVE_GSS_GET_NAME_ATTRIBUTE') and \ not (conf.CONFIG_SET('HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT') and \ conf.CONFIG_SET('HAVE_GSS_INQUIRE_SEC_CONTEXT_BY_OID')): -Logs.warn(need eiterh gss_get_name_attribute or gsskrb5_extract_authz_data_from_sec_context and gss_inquire_sec_context_by_oid in -lgssapi for PAC support) +Logs.warn(need either gss_get_name_attribute or gsskrb5_extract_authz_data_from_sec_context and gss_inquire_sec_context_by_oid in -lgssapi for PAC support) use_ads_krb5 = False if not conf.CONFIG_SET('HAVE_GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT'): -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via ad6b3e8 WHATSNEW: Start release notes for Samba 4.0.3. from 4eadddc VERSION: Bump version number up to 4.0.3. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit ad6b3e878ea57c9d283ad8a6be0b6b872b8f3527 Author: Karolin Seeger ksee...@samba.org Date: Mon Feb 4 11:30:18 2013 +0100 WHATSNEW: Start release notes for Samba 4.0.3. Karolin Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Feb 4 13:23:03 CET 2013 on sn-devel-104 --- Summary of changes: WHATSNEW.txt | 168 +- 1 files changed, 166 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 0711f96..67c558f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,168 @@ = + Release Notes for Samba 4.0.3 + February 05, 2013 + = + + +This is is the latest stable release of Samba 4.0. + +Major enhancements in Samba 4.0.3 include: + +o Fix ACL problem with delegation of privileges and deletion of accounts + over LDAP interface (bug #8909). +o Fix 'smbd' panic triggered by unlink after open (bug #9571). +o smbd: Fix memleak in the async echo handler (bug #9549). + + +Changes since 4.0.2: + + +o Michael Adam ob...@samba.org +* BUG 9568: Document the command line options in dbwrap_tool(1). + + +o Jeremy Allison j...@samba.org +* BUG 9196: defer_open is triggered multiple times on the same request. +* BUG 9518: conn-share_access appears not be be reset between users. +* BUG 9550: sigprocmask does not work on FreeBSD to stop further signals in + a signal handler. +* BUG 9572: Fix file corruption during SMB1 read by Mac OSX 10.8.2 clients. +* BUG 9586: smbd[29175]: disk_free: sys_popen() failed message logged in + /var/log/message many times. +* BUG 9587: Archive flag is always set on directories. +* BUG 9588: ACLs are not inherited to directories for DFS shares. + + +o Andrew Bartlett abart...@samba.org +* BUG 8909: Fix ACL problem with delegation of privileges and deletion of + accounts over LDAP interface. +* BUG 9461: FSMO seize of naming role fails: NT_STATUS_IO_TIMEOUT. +* BUG 9564: Fix compilation of Solaris ACL module. +* BUG 9581: gensec: Allow login without a PAC by default. +* BUG 9596: Linked attribute handling should be by GUID. +* BUG 9598: Use pid,task_id as cluster_id in process_single just like + process_prefork. +* BUG 9609: ldb: Ensure to decrement the transaction_active whenever we + delete a transaction. +* BUG 9609: Add 'ldbdump' tool. +* BUG 9609: ldb: Remove no-longer-existing ltdb_unpack_data_free from + ldb_tdb.h. +* BUG 9609: ldb: Change ltdb_unpack_data to take an ldb_context. +* BUG 9610: dsdb: Make secrets_tdb_sync cope with -H secrets.ldb. + + +o Björn Baumbach b...@sernet.de +* BUG 9512: wafsamba: Use additional xml catalog file. +* BUG 9517: samba_dnsupdate: Set KRB5_CONFIG for nsupdate command. +* BUG 9552: smb.conf(5): Update list of available protocols. +* BUG 9568: Add dbwrap_tool.1 manual page. +* BUG 9569: ntlm_auth(1): Fix format and make examples visible. + + +o Ira Cooper i...@samba.org +* BUG 9575: Duplicate flags defined in the winbindd protocol. + + +o Günther Deschner g...@samba.org +* BUG 9474: Downgrade v4 printer driver requests to v3. +* BUG 9595: s3-winbind: Fix the build of idmap_ldap. + + +o David Disseldorp dd...@samba.org +* BUG 9378: Add extra attributes for AD printer publishing. + + +o Stephen Gallagher sgall...@redhat.com +* BUG 9609: ldb: Move doxygen comments for ldb_connect to the right place. + + +o Volker Lendecke v...@samba.org +* BUG 9541: Make use of posix_openpt. +* BUG 9544: Fix build of vfs_commit and plug in async pwrite support. +* BUG 9546: Fix aio_suspend detection on FreeBSD. +* BUG 9548: Correctly detect O_DIRECT. +* BUG 9549: smbd: Fix memleak in the async echo handler. + + +o Stefan Metzmacher me...@samba.org +* BUG 8909: Fix ACL problem with delegation of privileges and deletion of + accounts over LDAP interface. +* BUG 9481: samba_upgradeprovision: fix the nTSecurityDescriptor on more + containers. +* BUG 9499: s3:smb2_negprot: set the 'remote_proto' value. +* BUG 9508: s4:drsuapi: Make sure we report the meta data from the cycle + start. +* BUG 9540: terminate the irpc_servers_byname() result with + server_id_set_disconnected(). +* BUG 9598: Fix timeouts of some IRPC calls. +* BUG 9609: Fix a warning
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4c1527b s3:modules remove gpfs_getacl_alloc via 18bfcac s3:modules use vfs_gpfs_getacl in gpfsacl_get_posix_acl via 5388773 s3:modules use vfs_gpfs_getacl in gpfsacl_set_nt_acl_internal via 16940d8 s3:modules use vfs_gpfs_getacl in gpfs_get_nfs4_acl via 940b7ec s3:torture/vfstest add memreport option via 8e571fd s3:torture/vfstest implement sys_acl_blob_get_fd via de67655 s3:torture/vfstest implement sys_acl_blob_get_file via 0621991 s3:vfs_gpfs use non_posix_sys_acl_blob_get_*_helper via f1ff845 s3:vfs_gpfs add a generic vfs_gpfs_getacl function via d9075e1 s3:modules/vfs_gpfs add GPFS_GETACL_NATIVE define via b4be8d5 s3:modules/non_posix_acls: only stat if we do not have it cached via 7cd91ca s3:autoconf add non_posix_acls to NFS4ACL_OBJ via ea6ac28 s3:autoconf introduce NFS4ACL_OBJ via d7ad24a s3-waf:modules add non_posix_acls dependency to vfs_gpfs via 2a2dbf8 vfs: Add helper function for non posix ACL modules via e650a5f idl: Provide a common wrapper for the data to hash for a non-POSIX ACL via a133a98 selftest: add a test that demonstrates how new ACL blob code helps via f0e49b0 vfs_acl_common: Do not fetch the underlying NT ACL unless we need it via 4e8c895 vfs: Whitespace fix only to get_nt_acl_internal indentation via 25526ed vfs: Implement an improved vfs_acl_common that uses the hash of the system ACL via 6a5f65b vfs: Add helper function hash_blob_sha256 to vfs_acl_common.c from 5a8e049 Fix typo in warning message http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4c1527b1ce26759dbb7470b23f9f83a391d99b30 Author: Christian Ambach a...@samba.org Date: Tue Jan 8 17:10:27 2013 +0100 s3:modules remove gpfs_getacl_alloc last caller has gone Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Mon Feb 4 14:10:08 CET 2013 on sn-devel-104 commit 18bfcac810bed431d0ca33ad02508fd87df1c626 Author: Christian Ambach a...@samba.org Date: Tue Jan 8 17:10:10 2013 +0100 s3:modules use vfs_gpfs_getacl in gpfsacl_get_posix_acl as preparation to remove gpfs_getacl_alloc() Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 5388773d4baf902d8dd70d046cacc5a15fa790d7 Author: Christian Ambach a...@samba.org Date: Tue Jan 8 17:07:09 2013 +0100 s3:modules use vfs_gpfs_getacl in gpfsacl_set_nt_acl_internal as preparation to remove gpfs_getacl_alloc() Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 16940d8a8ecb46a6de9cf5c83da7d2f54030777b Author: Christian Ambach a...@samba.org Date: Tue Jan 8 16:54:16 2013 +0100 s3:modules use vfs_gpfs_getacl in gpfs_get_nfs4_acl as preparation to remove gpfs_getacl_alloc() Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 940b7ec78c50c41a399bee2775cd008618baf8f8 Author: Christian Ambach a...@samba.org Date: Fri Nov 16 22:58:06 2012 +0100 s3:torture/vfstest add memreport option this will run a talloc_report_full on the talloc stackframe after each command Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 8e571fd385334bc12ee5c5bdfd32b31ad2c4b4b8 Author: Christian Ambach a...@samba.org Date: Thu Nov 15 15:25:52 2012 +0100 s3:torture/vfstest implement sys_acl_blob_get_fd Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit de676555ab882bd110a2649555645d58abe2bfeb Author: Christian Ambach a...@samba.org Date: Thu Nov 15 15:19:07 2012 +0100 s3:torture/vfstest implement sys_acl_blob_get_file Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 06219913abc4f1c3912b377b4a9521a11ad45886 Author: Christian Ambach a...@samba.org Date: Tue Oct 30 13:44:40 2012 +0100 s3:vfs_gpfs use non_posix_sys_acl_blob_get_*_helper use the helper functions to return the blob based on the raw GPFS ACL blob (if it is a NFSv4 ACL). If not, fall back to the POSIX ACL code Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit f1ff845720604fc32788a59ec9a1a128135efe35 Author: Christian Ambach a...@samba.org Date: Mon Nov 5 19:26:57 2012 +0100 s3:vfs_gpfs add a generic vfs_gpfs_getacl function in contrast to gpfs_getacl_alloc which always puts the ACL on talloc_tos(), this one allows to
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c5d991e Revert selftest: skip smb2.ioctl tests on ntvfs from 4c1527b s3:modules remove gpfs_getacl_alloc http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c5d991e5102069ec712fe609c031a10ee8b0f389 Author: David Disseldorp dd...@samba.org Date: Sun Feb 3 17:06:37 2013 +0100 Revert selftest: skip smb2.ioctl tests on ntvfs This reverts commit cf27c2fbb6e7422cb962f4c63a53515321c65a70. The following concerns were raised with regard to the relocation of tests from selftest/knownfail to selftest/skip. Andrew Bartlett abart...@samba.org wrote: Unless there is some entirely undesirable side-effect, this patch throws away valuable testing, because it removes the test of the testsuite for failure (ie, does the test work!), and it removes the documentation of the difference between the servers (if someone did add some this to the ntvfs server, it would never be tested). It also removes a test that if this unimplemented functionality is called, that we don't crash and die. Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): David Disseldorp dd...@samba.org Autobuild-Date(master): Mon Feb 4 15:57:29 CET 2013 on sn-devel-104 --- Summary of changes: selftest/knownfail |2 ++ selftest/skip |1 - 2 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/knownfail b/selftest/knownfail index dcd94ec..39485af 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -172,6 +172,8 @@ ^samba3.smb2.durable-v2-open.open-lease ^samba3.smb2.durable-v2-open.persistent-open-lease ^samba3.smb2.durable-v2-open.app-instance +^samba4.smb2.ioctl.req_resume_key\(dc\) # not supported by s4 ntvfs server +^samba4.smb2.ioctl.copy_chunk_\w*\(dc\)# not supported by s4 ntvfs server ^samba3.smb2.dir.one ^samba3.smb2.dir.modify ^samba3.smb2.lease.request diff --git a/selftest/skip b/selftest/skip index d54a5b0..5c49306 100644 --- a/selftest/skip +++ b/selftest/skip @@ -61,7 +61,6 @@ ^samba4.smb2.dir ^samba4.smb2.session ^samba4.smb2.compound -^samba4.smb2.ioctl # not supported by ntvfs ^samba4.ntvfs.cifs.*.base.charset ^samba4.ntvfs.cifs.*.base.iometer ^samba4.ntvfs.cifs.*.base.casetable -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via dc6c40b samba-tool/domain provision: add support for utf-8 passwords for --adminpass via 2e7bc87 samba-tool/user setpassword: fix help message via d60be81 s4:scripting/python: add support for utf-8 passwords from the command line via ff65500 s3:dbrwap_ctdb: ZERO_STRUCT(rec) just to be sure in traverse_persistent_callback_read() via 3949854 s3:dbwrap_ctdb: ZERO_STRUCT(rec) just to be sure in traverse_read_callback() via a09f3a3 s3:dbwrap_ctdb: add db_context to db_record via 25bdab9 s3:dbwrap_ctdb: setup result-name in db_open_ctdb() via 29aeaab lib/dbwrap: talloc_strdup() name in db_open_file() via 65f2bba lib/util: improve check_password_quality() to handle utf8 via e5ca813 dsdb/util: rework samdb_check_password() to support utf8 via 54cc3b1 dsdb/password_hash: rename variable 'stat' to 'vstat' via 6eccfc7 dsdb/password_hash: make sure that io-n.cleartext_utf8.data is a null terminated string via 9292e5b s3: use generate_random_password() instead of generate_random_str() from c5d991e Revert selftest: skip smb2.ioctl tests on ntvfs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit dc6c40b193e125e8810cf95129fc99f7d4f6db27 Author: Stefan Metzmacher me...@samba.org Date: Mon Feb 4 11:41:39 2013 +0100 samba-tool/domain provision: add support for utf-8 passwords for --adminpass Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Mon Feb 4 18:54:32 CET 2013 on sn-devel-104 commit 2e7bc87fa54148655ce13a59bd3274fb6285a579 Author: Stefan Metzmacher me...@samba.org Date: Mon Feb 4 13:35:48 2013 +0100 samba-tool/user setpassword: fix help message Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org commit d60be8167b7264dadae7d4735ee5977233d4cea9 Author: Stefan Metzmacher me...@samba.org Date: Mon Feb 4 11:41:39 2013 +0100 s4:scripting/python: add support for utf-8 passwords from the command line Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org commit ff65500f2b4f00dad25e342b51373f700d888c6b Author: Michael Adam ob...@samba.org Date: Mon Feb 4 13:10:34 2013 +0100 s3:dbrwap_ctdb: ZERO_STRUCT(rec) just to be sure in traverse_persistent_callback_read() Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 394985454970e1eeb9b871bb359fa9f5edc9747b Author: Michael Adam ob...@samba.org Date: Mon Feb 4 13:09:46 2013 +0100 s3:dbwrap_ctdb: ZERO_STRUCT(rec) just to be sure in traverse_read_callback() Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit a09f3a35519d5be2a7d37dc2a283f84f6eb4e8cc Author: Stefan Metzmacher me...@samba.org Date: Fri Feb 1 02:48:00 2013 -0500 s3:dbwrap_ctdb: add db_context to db_record Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org commit 25bdab9c6140a04dfb33e5b4118f45e8d8489d86 Author: Stefan Metzmacher me...@samba.org Date: Fri Feb 1 03:14:16 2013 -0500 s3:dbwrap_ctdb: setup result-name in db_open_ctdb() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org commit 29aeaab1d9bf2441f4a3a9f4a8554fa9af2bd5c2 Author: Stefan Metzmacher me...@samba.org Date: Fri Feb 1 03:13:35 2013 -0500 lib/dbwrap: talloc_strdup() name in db_open_file() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org commit 65f2bba559a33edb3c352d552aebb259e5e008eb Author: Stefan Metzmacher me...@samba.org Date: Mon Feb 4 08:45:48 2013 +0100 lib/util: improve check_password_quality() to handle utf8 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org commit e5ca813ffb4398faeefc96c224d3b2677e576c7a Author: Stefan Metzmacher me...@samba.org Date: Mon Feb 4 09:19:54 2013 +0100 dsdb/util: rework samdb_check_password() to support utf8 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org commit 54cc3b1f42eba19170e611b0ee0ea464ea4ac604 Author: Stefan Metzmacher me...@samba.org Date: Mon Feb 4 09:47:31 2013 +0100 dsdb/password_hash: rename variable 'stat' to 'vstat' Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org commit 6eccfc74cd9a16e96a2b6214b943f5b2f9adfe65 Author: Stefan Metzmacher me...@samba.org Date: Mon Feb 4 09:18:59 2013 +0100 dsdb/password_hash: make sure that io-n.cleartext_utf8.data is a null terminated string
[SCM] CTDB repository - branch master updated - ctdb-2.1-11-g25a2040
The branch, master has been updated via 25a20409fb39a94b64c13990c0eba4f75d482ecd (commit) via d1ec06d30148e6fd344625a2fbf1c22391bd908a (commit) from 124e2a471aeda9c900fd898178a30522d7d74221 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit 25a20409fb39a94b64c13990c0eba4f75d482ecd Author: Martin Schwenke mar...@meltin.net Date: Tue Feb 5 12:13:57 2013 +1100 build: Fix a Makefile.in typo Objects are named *.o ;-) Signed-off-by: Martin Schwenke mar...@meltin.net commit d1ec06d30148e6fd344625a2fbf1c22391bd908a Author: Martin Schwenke mar...@meltin.net Date: Fri Jan 11 12:39:37 2013 +1100 tools/ctdb: Fix a compiler warning Signed-off-by: Martin Schwenke mar...@meltin.net Pair-programmed-with: Amitay Isaacs ami...@gmail.com --- Summary of changes: Makefile.in |2 +- tools/ctdb.c |2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/Makefile.in b/Makefile.in index e704d63..762f788 100755 --- a/Makefile.in +++ b/Makefile.in @@ -72,7 +72,7 @@ UTIL_OBJ = lib/util/idtree.o lib/util/db_wrap.o lib/util/strlist.o lib/util/util CTDB_COMMON_OBJ = common/ctdb_io.o common/ctdb_util.o \ common/ctdb_ltdb.o common/ctdb_message.o common/cmdline.o \ lib/util/debug.o common/rb_tree.o @CTDB_SYSTEM_OBJ@ common/system_common.o \ - common/ctdb_logging.c common/ctdb_fork.o + common/ctdb_logging.o common/ctdb_fork.o CTDB_LIB_OBJ = libctdb/ctdb.o libctdb/io_elem.o libctdb/local_tdb.o \ libctdb/messages.o libctdb/sync.o libctdb/control.o \ diff --git a/tools/ctdb.c b/tools/ctdb.c index 678b555..fb3df8b 100644 --- a/tools/ctdb.c +++ b/tools/ctdb.c @@ -4935,7 +4935,7 @@ static int control_setdbseqnum(struct ctdb_context *ctdb, int argc, const char * } key.dptr = (uint8_t *)discard_const(CTDB_DB_SEQNUM_KEY); - key.dsize = strlen(key.dptr) + 1; + key.dsize = strlen(CTDB_DB_SEQNUM_KEY) + 1; data.dsize = sizeof(new_seqnum); data.dptr = talloc_size(tmp_ctx, data.dsize); -- CTDB repository
[SCM] CTDB repository - branch master updated - ctdb-2.1-13-ga82d3ec
The branch, master has been updated via a82d3ec12f0fda16d6bfa8442a07595de897c10e (commit) via a4f622e85168f59417c11705f1734e0352e1d44a (commit) from 25a20409fb39a94b64c13990c0eba4f75d482ecd (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit a82d3ec12f0fda16d6bfa8442a07595de897c10e Author: Martin Schwenke mar...@meltin.net Date: Tue Feb 5 12:09:36 2013 +1100 Logging: Free the ringbuffer in child processes created with ctdb_fork() At the moment the log ringbuffer is duplicated in every child process. Althought it is copy-on-write we want to see if it is contributing to out-of-memory situations when there are a lot of children. The ringbuffer isn't accessible from any of the children anyway... Signed-off-by: Martin Schwenke mar...@meltin.net commit a4f622e85168f59417c11705f1734e0352e1d44a Author: Martin Schwenke mar...@meltin.net Date: Tue Feb 5 12:08:11 2013 +1100 Logging: New function ctdb_log_ringbuffer_free() Signed-off-by: Martin Schwenke mar...@meltin.net --- Summary of changes: common/ctdb_fork.c |3 +++ common/ctdb_logging.c |9 - include/ctdb_private.h |2 +- 3 files changed, 12 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/common/ctdb_fork.c b/common/ctdb_fork.c index 24534e6..a11f75a 100644 --- a/common/ctdb_fork.c +++ b/common/ctdb_fork.c @@ -59,6 +59,9 @@ pid_t ctdb_fork(struct ctdb_context *ctdb) ctdb_restore_scheduler(ctdb); } ctdb-can_send_controls = false; + + ctdb_log_ringbuffer_free(); + return 0; } diff --git a/common/ctdb_logging.c b/common/ctdb_logging.c index 09b1df2..105b4df 100644 --- a/common/ctdb_logging.c +++ b/common/ctdb_logging.c @@ -85,7 +85,14 @@ void log_ringbuffer(const char *format, ...) va_end(ap); } - +void ctdb_log_ringbuffer_free(void) +{ + if (log_entries != NULL) { + free(log_entries); + log_entries = NULL; + } + log_ringbuf_size = 0; +} void ctdb_collect_log(struct ctdb_context *ctdb, struct ctdb_get_log_addr *log_addr) { diff --git a/include/ctdb_private.h b/include/ctdb_private.h index 5b519fb..cd0feaa 100644 --- a/include/ctdb_private.h +++ b/include/ctdb_private.h @@ -1435,7 +1435,7 @@ void ctdb_collect_log(struct ctdb_context *ctdb, struct ctdb_get_log_addr *log_a void ctdb_clear_log(struct ctdb_context *ctdb); int32_t ctdb_control_get_log(struct ctdb_context *ctdb, TDB_DATA addr); int32_t ctdb_control_clear_log(struct ctdb_context *ctdb); - +void ctdb_log_ringbuffer_free(void); struct ctdb_log_state *ctdb_fork_with_logging(TALLOC_CTX *mem_ctx, struct ctdb_context *ctdb, -- CTDB repository
[SCM] CTDB repository - branch master updated - ctdb-2.1-14-g35da9a7
The branch, master has been updated via 35da9a7c2a0f5e54e61588c3c3455f06ebc66822 (commit) from a82d3ec12f0fda16d6bfa8442a07595de897c10e (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit 35da9a7c2a0f5e54e61588c3c3455f06ebc66822 Author: Amitay Isaacs ami...@gmail.com Date: Tue Jan 22 13:27:20 2013 +1100 daemon: Make sure all the traverse children are terminated if traverse times out When traverse times out, callback function is called with key and data set to tdb_null. This is also the way to signal end of traverse. So if the traverse times out, callback function treats it as traverse ended and frees state without calling the destructor. Keep track if the traverse timed out, so callback function can take appropriate action for traverse timeout and traverse end. Signed-off-by: Amitay Isaacs ami...@gmail.com --- Summary of changes: server/ctdb_traverse.c | 14 +++--- 1 files changed, 11 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/server/ctdb_traverse.c b/server/ctdb_traverse.c index 54ee70f..5b709dc 100644 --- a/server/ctdb_traverse.c +++ b/server/ctdb_traverse.c @@ -214,6 +214,7 @@ struct ctdb_traverse_all_handle { ctdb_traverse_fn_t callback; void *private_data; uint32_t null_count; + bool timedout; }; /* @@ -243,6 +244,7 @@ static void ctdb_traverse_all_timeout(struct event_context *ev, struct timed_eve DEBUG(DEBUG_ERR,(__location__ Traverse all timeout on database:%s\n, state-ctdb_db-db_name)); CTDB_INCREMENT_STAT(state-ctdb, timeouts.traverse); + state-timedout = true; state-callback(state-private_data, tdb_null, tdb_null); } @@ -288,6 +290,7 @@ static struct ctdb_traverse_all_handle *ctdb_daemon_traverse_all(struct ctdb_db_ state-callback = callback; state-private_data = start_state; state-null_count = 0; + state-timedout = false; talloc_set_destructor(state, ctdb_traverse_all_destructor); @@ -549,9 +552,14 @@ static void traverse_start_callback(void *p, TDB_DATA key, TDB_DATA data) ctdb_dispatch_message(state-ctdb, state-srvid, cdata); if (key.dsize == 0 data.dsize == 0) { - /* end of traverse */ - talloc_set_destructor(state, NULL); - talloc_free(state); + if (state-h-timedout) { + /* timed out, send TRAVERSE_KILL control */ + talloc_free(state); + } else { + /* end of traverse */ + talloc_set_destructor(state, NULL); + talloc_free(state); + } } } -- CTDB repository
[SCM] CTDB repository - branch 1.2.40 updated - ctdb-1.2.56-5-g2c203bb
The branch, 1.2.40 has been updated via 2c203bbad887dff6f38e9e47e640c05fad95a7be (commit) via 6b8ccd1d77ba33563c442d780ce75f2bbfae6f62 (commit) via 967549ecf79448a43cead227074e6376441b2fb9 (commit) via b0fbd82cae11fca243cf454cb46d9bb62fdabaf0 (commit) from 9fbd13ea7d3da5e297827e7763f336f484262f47 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.2.40 - Log - commit 2c203bbad887dff6f38e9e47e640c05fad95a7be Author: Amitay Isaacs ami...@gmail.com Date: Tue Feb 5 12:59:53 2013 +1100 doc: Rebuild all documentation Signed-off-by: Amitay Isaacs ami...@gmail.com commit 6b8ccd1d77ba33563c442d780ce75f2bbfae6f62 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Tue Mar 20 11:38:20 2012 +1100 DOC document the FetchCollapse tunable Cherry-pick-from: c37aa6f3738693653f64c2fa015ace061da38b5a commit 967549ecf79448a43cead227074e6376441b2fb9 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Tue Mar 20 11:31:59 2012 +1100 FETCH COLLAPSE : Change the fetch-lock collapse to collapse ALL fetches, including fetch-locks into a single command in flight per record. Also add a tunable to enable/disable this optimization for hot records Conflicts: server/ctdb_tunables.c Cherry-pick-from: eafd7bbaaa5931546a96c8beae3cf9a39a49c925 commit b0fbd82cae11fca243cf454cb46d9bb62fdabaf0 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Tue Nov 8 06:55:46 2011 +1100 Record Fetch Collapse: Collapse multiple fetch request into one single request. When multiple clients fetch the same record concurrently, send only one single fetch across the network and deferr all other fetches locally. This improves performance for hot records and reduces cpu load on ctdb. Conflicts: server/ctdb_ltdb_server.c Cherry-pick-from: 82d6946ad8b3348e8b9d3d971f24925ade02d1be --- Summary of changes: doc/ctdb.1|4 +- doc/ctdb.1.html | 158 -- doc/ctdbd.1 | 13 +++- doc/ctdbd.1.html | 98 - doc/ctdbd.1.xml | 23 + doc/onnode.1 | 21 +++-- doc/onnode.1.html | 16 ++-- include/ctdb_private.h|5 + server/ctdb_daemon.c | 208 + server/ctdb_ltdb_server.c | 10 ++ server/ctdb_tunables.c|1 + 11 files changed, 415 insertions(+), 142 deletions(-) Changeset truncated at 500 lines: diff --git a/doc/ctdb.1 b/doc/ctdb.1 index 3b15032..dd2866e 100644 --- a/doc/ctdb.1 +++ b/doc/ctdb.1 @@ -2,12 +2,12 @@ .\ Title: ctdb .\Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\ Generator: DocBook XSL Stylesheets v1.76.1 http://docbook.sf.net/ -.\ Date: 01/02/2013 +.\ Date: 02/05/2013 .\Manual: CTDB - clustered TDB database .\Source: ctdb .\ Language: English .\ -.TH CTDB 1 01/02/2013 ctdb CTDB \- clustered TDB database +.TH CTDB 1 02/05/2013 ctdb CTDB \- clustered TDB database .\ - .\ * Define some portability stuff .\ - diff --git a/doc/ctdb.1.html b/doc/ctdb.1.html index 701b0dd..7e2cae7 100644 --- a/doc/ctdb.1.html +++ b/doc/ctdb.1.html @@ -1,6 +1,6 @@ -htmlheadmeta http-equiv=Content-Type content=text/html; charset=ISO-8859-1titlectdb/titlemeta name=generator content=DocBook XSL Stylesheets V1.75.2/headbody bgcolor=white text=black link=#FF vlink=#840084 alink=#FFdiv class=refentry title=ctdba name=ctdb.1/adiv class=titlepage/divdiv class=refnamedivh2Name/h2pctdb #8212; clustered tdb database management utility/p/divdiv class=refsynopsisdiv title=Synopsish2Synopsis/h2div class=cmdsynopsispcode class=commandctdb [ OPTIONS ] COMMAND .../code /p/divdiv class=cmdsynopsispcode class=commandctdb/code [-n lt;nodegt;] [-Y] [-t lt;timeoutgt;] [-T lt;timelimitgt;] [-? --help] [--usage] [-d --debug=lt;INTEGERgt;] [--socket=lt;filenamegt;]/p/div/divdiv class=refsect1 title=DESCRIPTIONa name=id2485540/ah2DESCRIPTION/h2p +htmlheadmeta http-equiv=Content-Type content=text/html; charset=ISO-8859-1titlectdb/titlemeta name=generator content=DocBook XSL Stylesheets V1.76.1/headbody bgcolor=white text=black link=#FF vlink=#840084 alink=#FFdiv class=refentry title=ctdba name=ctdb.1/adiv class=titlepage/divdiv class=refnamedivh2Name/h2pctdb #8212; clustered tdb database management utility/p/divdiv class=refsynopsisdiv title=Synopsish2Synopsis/h2div class=cmdsynopsispcode class=commandctdb [ OPTIONS ] COMMAND .../code /p/divdiv class=cmdsynopsispcode class=commandctdb/code [-n lt;nodegt;] [-Y] [-t lt;timeoutgt;] [-T lt;timelimitgt;] [-? --help] [--usage] [-d
[SCM] CTDB repository - branch master updated - ctdb-2.1-15-gf1ffe11
The branch, master has been updated via f1ffe1112b7e342d7f1228ca816a8e5918f893cf (commit) from 35da9a7c2a0f5e54e61588c3c3455f06ebc66822 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit f1ffe1112b7e342d7f1228ca816a8e5918f893cf Author: Martin Schwenke mar...@meltin.net Date: Thu Jan 10 14:39:09 2013 +1100 ctdbd: Message logged at exit should be different for different processes Some subprocesses print CTDB daemon shutting down when they exit and this can be confusing. Signed-off-by: Martin Schwenke mar...@meltin.net Pair-programmed-with: Amitay Isaacs ami...@gmail.com --- Summary of changes: server/ctdb_daemon.c |6 +- 1 files changed, 5 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/server/ctdb_daemon.c b/server/ctdb_daemon.c index fdfd5de..0550fab 100644 --- a/server/ctdb_daemon.c +++ b/server/ctdb_daemon.c @@ -40,7 +40,11 @@ static void daemon_incoming_packet(void *, struct ctdb_req_header *); static void print_exit_message(void) { - DEBUG(DEBUG_NOTICE,(CTDB daemon shutting down\n)); + if (debug_extra != NULL debug_extra[0] != '\0') { + DEBUG(DEBUG_NOTICE,(CTDB %s shutting down\n, debug_extra)); + } else { + DEBUG(DEBUG_NOTICE,(CTDB daemon shutting down\n)); + } } -- CTDB repository
[SCM] CTDB repository - branch master updated - ctdb-2.1-20-ga0ef73e
The branch, master has been updated via a0ef73e197dc9147f7718e0813fe803ff0b3d54d (commit) via 9b0d56b16775aa16f33bdfdf831256e085fa3339 (commit) via 3400b2ed34b6eb9496eb55f1aab6f89d2952060d (commit) via 0581f9a84e58764d194f4e04064c2c5b393c348b (commit) via 501461cc3e132d4adee9e91b5d4513a26bae2846 (commit) from f1ffe1112b7e342d7f1228ca816a8e5918f893cf (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit a0ef73e197dc9147f7718e0813fe803ff0b3d54d Author: Martin Schwenke mar...@meltin.net Date: Tue Feb 5 13:16:46 2013 +1100 initscript: export CTDB_EXTERNAL_TRACE This means it can be set like any other configuration option in the configuration file, without needing to export it there. Signed-off-by: Martin Schwenke mar...@meltin.net commit 9b0d56b16775aa16f33bdfdf831256e085fa3339 Author: Martin Schwenke mar...@meltin.net Date: Tue Feb 5 14:36:29 2013 +1100 ctdbd: Don't use a fixed length buffer for the hung script command The amount of data to write into the buffer wasn't constrained anywhere... Signed-off-by: Martin Schwenke mar...@meltin.net commit 3400b2ed34b6eb9496eb55f1aab6f89d2952060d Author: Martin Schwenke mar...@meltin.net Date: Tue Feb 5 14:25:01 2013 +1100 ctdbd: Complain loudly if CTDB_DEBUG_HUNG_SCRIPT script isn't executable This is quite easy to misconfigure by failing to set the execute bit on the script. Better to complain loudly. This is a debugging facilty rather than core CTDB functionality, so it doesn't need a subtle mechanism to disable it at run-time. To disable the designated script at run-time either edit it to put an exit 0 at the top or move it aside and symlink to /bin/true. This is implemented by actually removing the code that checks that the file exists and is executable. The output from the shell when the system() function fails is just as useful. Signed-off-by: Martin Schwenke mar...@meltin.net commit 0581f9a84e58764d194f4e04064c2c5b393c348b Author: Martin Schwenke mar...@meltin.net Date: Tue Feb 5 15:49:52 2013 +1100 ctdbd: Remove command-line option --debug-hung-script Use an environment variable instead. This just means that the initscript exports CTDB_DEBUG_HUNG_SCRIPT and the code checks for the environment variable. The justification for this simplification is that more debug options will be arriving soon and we want to handle them consistently without needing to add a command-line option for each. So, the convention will be to use an environment variable for each debug option. Signed-off-by: Martin Schwenke mar...@meltin.net commit 501461cc3e132d4adee9e91b5d4513a26bae2846 Author: Martin Schwenke mar...@meltin.net Date: Tue Feb 5 13:08:55 2013 +1100 ctdbd: Remove debug_hung_script_ctx The only allocation against this context is by ctdb_fork_with_logging(). This memory is freed by ctdb_log_handler() anyway. There should be no memory leak. Signed-off-by: Martin Schwenke mar...@meltin.net --- Summary of changes: config/ctdb.init |8 +++- include/ctdb_private.h |3 --- server/ctdbd.c | 11 --- server/eventscript.c | 35 +-- 4 files changed, 16 insertions(+), 41 deletions(-) Changeset truncated at 500 lines: diff --git a/config/ctdb.init b/config/ctdb.init index 9f9b686..dafe8f7 100755 --- a/config/ctdb.init +++ b/config/ctdb.init @@ -95,7 +95,6 @@ build_ctdb_options () { maybe_set --event-script-dir $CTDB_EVENT_SCRIPT_DIR maybe_set --transport $CTDB_TRANSPORT maybe_set -d $CTDB_DEBUGLEVEL -maybe_set --debug-hung-script $CTDB_DEBUG_HUNG_SCRIPT maybe_set --notification-script$CTDB_NOTIFY_SCRIPT maybe_set --start-as-disabled $CTDB_START_AS_DISABLEDyes maybe_set --start-as-stopped $CTDB_START_AS_STOPPED yes @@ -108,6 +107,11 @@ build_ctdb_options () { maybe_set --max-persistent-check-errors $CTDB_MAX_PERSISTENT_CHECK_ERRORS } +export_debug_variables () +{ +export CTDB_DEBUG_HUNG_SCRIPT CTDB_EXTERNAL_TRACE +} + # Log given message or stdin to either syslog or a CTDB log file do_log () { @@ -235,6 +239,8 @@ start() { build_ctdb_options +export_debug_variables + # make sure we drop any ips that might still be held if previous # instance of ctdb got killed with -9 or similar drop_all_public_ips diff --git a/include/ctdb_private.h b/include/ctdb_private.h index cd0feaa..cf850aa 100644 --- a/include/ctdb_private.h +++ b/include/ctdb_private.h @@ -494,7 +494,6 @@ struct ctdb_context { bool do_setsched; void