Re: [Samba] map to guest = bad user ignored in Samba 4?
Thanks Ricky. I've enabled the file system requirements in fstab and checked the kernel supports them (not sure how I managed to skip that step during installation). Now the permissions changes do stick. However, as per Andrew's email (part of this thread) - the server still prompts for credentials on the workgroup machine when trying to access the public/full permissions share, although I allowed full access to Guests and Everyone. It seems there is no way to provide unauthenticated access to shares at this moment in Samba 4. It would have been rather useful with migrating workgroups to domains gradually, instead of in one step - but one must be happy with one's blessings :-) - so I'll make do the way things are. Cheers, Sebastian On 15/02/13 18:00, Ricky Nance wrote: Have you taken a look at https://wiki.samba.org/index.php/Samba_4/OS_Requirements#File_System_Support to ensure your file system will handle ACL's? Ricky On Fri, Feb 15, 2013 at 10:35 AM, Sebastian Arcus s...@open-t.co.uk mailto:s...@open-t.co.uk wrote: Hi Ricky, Thanks for the reply. I have tried changing the permissions on the netlogon share and the strange thing is that none of the changes I do in the Security/ACL tab from the Windows XP machine which is joined to the domain (but on the netlogon share which is on the server) actually stick. I can access the shares fine with that machine, but if I change the permissions, it seems to just ignore the changes - no error message. I am logged in as the domain Administrator - so it seems like a bit of a mystery. Then again - maybe I've done something silly when I've setup this Samba AD DC - although I've followed all the instructions on the Samba wiki and everything else seems to be working fine. Sebastian On 14/02/13 05:31, Ricky Nance wrote: Hi Sebastian, Many of the per share options can now be done using ACL's. In this case you would open the netlogon share (via windows) start - run - \\MY-SERVER\netlogon (then press enter), then right click on a blank spot in that folder (not on any other file or folder) and select properties. Find the security tab and you can make the modifications you want (specifically adding Everyone with full permissions should give you what you are looking for, though I have not been able to test this yet). If I get a chance soon I will do some testing to make sure that the acl change is all that is needed. To find out what options are available, samba-tool testparm -v will give you a nice list (at least for global). Ricky On Wed, Feb 13, 2013 at 4:33 AM, Sebastian Arcus s...@open-t.co.uk mailto:s...@open-t.co.uk mailto:s...@open-t.co.uk mailto:s...@open-t.co.uk wrote: I would like to migrate some of my Samba 3.x domains to Samba 4. Part of the functionality of the current system is allowing some Windows XP Pro computers, which are not joined to the domain, access to some public shares on the Samba server. I tried using map to guest = bad user with Samba 4 - but it appears to be completely ignored and the Windows XP machine keeps on prompting for username/password when trying to access the server share. Has this option been dropped in Samba 4? Is there another way to accomplish the same? Otherwise my Samba 4 domain seems to be working fine - and the Windows XP Pro machines which are joined to it can access the share fine. As a side note, I find it hard to figure out which smb.conf options are still available for Samba 4 and which are not. I've googled around and can't seem to find a wiki page or authoritative page. I use Samba 4.1.0pre1 Here is my smb.conf [global] workgroup = MYDOMAIN realm = mydomain.local netbios name = MY-SERVER server role = active directory domain controller idmap_ldb:use rfc2307 = yes map to guest = bad user [netlogon] path = /var/lib/samba/sysvol/mydomain.local/scripts read only = No public = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba https://lists.samba.org/__mailman/options/samba https://lists.samba.org/__mailman/options/samba https://lists.samba.org/mailman/options/samba -- -- Linux vehicle CCTV - www.open-t.co.uk/iroko
Re: [Samba] BIND9_DLZ CNAME Records Not Resolving from Windows Workstations
Hai, do : ipconfig /all should look like this: P:\ipconfig /all Windows IP-configuratie Host-name . . . . . . . . . . . .: FOO Primair DNS-achtervoegsel. . . . .: internal.testdom.com DNS-achtervoegselsearchlist . . . : internal.testdom.com I bet on your linux in resolve.conf you have the following line. DOMAIN internal.testdom.com SEARCH internal.testdom.com In windows after adding to domain, you loose your search option, aka. Its set to the domain name. For example. PCNAME My NT domain is called HOMEOFFICE. My DNS domain is called internal.testdom.com PC name after adding to NT domain, : PCNAME.HOMEOFFICE and not pcname.internal.testcom.com Also, if you used Forwarders in BIND, remove them. add nameserver IP to resolve.conf resolv.conf should look like. domain internal.testdom.com search internal.testdom.com # first look in own DB. nameserver 127.0.0.1 # now look up the internet thingies. nameserver DNS1PROVIDER nameserver DNS2PROVIDER nameserver DNS3PROVIDER nameserver DNS4PROVIDER Help this helps a bit. Louis -Oorspronkelijk bericht- Van: twsn...@gmail.com [mailto:samba-boun...@lists.samba.org] Namens Thomas Simmons Verzonden: vrijdag 15 februari 2013 14:59 Aan: Greg Sloop CC: samba@lists.samba.org Onderwerp: Re: [Samba] BIND9_DLZ CNAME Records Not Resolving from Windows Workstations On Thu, Feb 14, 2013 at 11:45 PM, Gregory Sloop gr...@sloop.net wrote: -SNIP- TS Perfect! Now from the Windows workstation. C:\Users\Admin1ipconfig /flushdns TS Windows IP Configuration TS Successfully flushed the DNS Resolver Cache. C:\Users\Admin1ping foo.internal.testdom.com TS Ping request could not find host foo.internal.testdom.com. Please check the TS name TS and try again. A NSLookup trace would probably be more helpful, than just a non resolution from ping. Perhaps it won't show us anything, but it might. Hello Greg, I used ping as it showed what was happening with less output, but here is nslookup. C:\Users\Admin1nslookup foo.internal.testdom.com Server: UnKnown Address: 10.1.1.254 Name:foo.internal.testdom.com [root@DC1 ~]# nslookup foo.internal.testdom.com Server: 10.1.1.254 Address:10.1.1.254#53 foo.internal.testdom.comcanonical name = google.com. Name: google.com Address: 74.125.228.104 Name: google.com Address: 74.125.228.98 Name: google.com Address: 74.125.228.99 Name: google.com Address: 74.125.228.101 Name: google.com Address: 74.125.228.96 Name: google.com Address: 74.125.228.102 Name: google.com Address: 74.125.228.100 Name: google.com Address: 74.125.228.103 Name: google.com Address: 74.125.228.110 Name: google.com Address: 74.125.228.105 Name: google.com Address: 74.125.228.97 --- Provided the nslookup trace show that the server you expect isn't giving answers, rather than some other problem... Is BIND configured to answer queries from hosts in the IP block that the station is in? [See listen-on and allow-query in BIND docs] The server can answer queries from the Windows workstation. This vpn resolution test verifies this: Just to be sure the Windows workstation is using the correct DNS, I alter the record for my vpn server to a nonsense IP of 1.2.3.4... C:\Users\Admin1ping vpn.internal.testdom.com -n 1 Pinging vpn.internal.testdom.com [1.2.3.4] with 32 bytes of data: Request timed out. Ping statistics for 1.2.3.4: Packets: Sent = 1, Received = 0, Lost = 1 (100% loss), [root@DC1 ~]# ping vpn.internal.testdom.com -c 1 PING vpn.internal.testdom.com (1.2.3.4) 56(84) bytes of data. --- vpn.internal.testdom.com ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 1ms Here is nslookup of the same thing: C:\Users\Admin1nslookup vpn.internal.testdom.com Server: UnKnown Address: 10.1.1.254 Name:vpn.internal.testdom.com Address: 1.2.3.4 [root@DC1 ~]# nslookup vpn.internal.testdom.com Server: 10.1.1.254 Address:10.1.1.254#53 Name: vpn.internal.testdom.com Address: 1.2.3.4 -Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Centos samba-3x / samba-3.6.6 - win7 will not join domain
Thanks all for the advice I tried again this morning, having made a couple of small changes (I think!) I ran smbpasswd -a plawrie first and entered my password - but surely that was already done using swat? Now it joins! I did notice that using the control panel/system / change settings when I put the domain name in lower case, I get an Active Directory could not be contacted In upper case, previously it responded with 'network path not found' This time it finally worked. - I've never had this bother with XP clients. My smb.conf is below, The main change is to enable winbind, but I'm sure I tried that yesterday. I also seem to have included 'password server = none', but can't remember doing that! [root@centos55 samba]# cat /etc/samba/smb.conf # Samba config file created using SWAT # from UNKNOWN (0.0.0.0) # Date: 2013/02/18 10:57:39 [global] workgroup = GLENDISC server string = Samba Server Version %v obey pam restrictions = Yes password server = none pam password change = Yes passwd program = /usr/bin/passwd %u unix password sync = Yes lanman auth = Yes log file = /var/log/samba/%m.log max log size = 50 name resolve order = wins bcast host lmhosts time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 printcap name = cups logon script = scripts\%U.bat logon path = logon drive = z: domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins support = Yes preload = global idmap config * : range = idmap config * : backend = tdb cups options = raw [homes] valid users = %S read only = No browseable = No [netlogon] comment = netlogon path = /datastore/netlogon valid users = @adm, @users read only = No [company] comment = company share path = /datastore/company valid users = @adm, @users force group = users read only = No create mask = 0775 force create mode = 0775 directory mask = 0775 force directory mode = 0775 inherit permissions = Yes use sendfile = Yes [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No [root@centos55 samba]# On 18 February 2013 07:36, Daniel Müller muel...@tropenklinik.de wrote: Did you join the win7 client to the samba3 domain using smbpasswd -m. Did you set the registry hacks on the win 7 client. Sometimes the win 7 machines need to set the wins server to your Samba/pdc and netbios enabled. Good luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von peter lawrie Gesendet: Montag, 18. Februar 2013 00:59 An: Thomas Simmons Cc: samba@lists.samba.org Betreff: Re: [Samba] Centos samba-3x / samba-3.6.6 - win7 will not join domain Hi Thanks, but I've already done that. Now I'm getting active directory domain controller could not be contacted. I have renamed my win7 PC as pjl-win7 and restarted PC, server and router to ensure all match I also changed the workgroup in Samba from Glendiscovery to glendisc, my PC is still on the windows workgroup and can access the shares. There is also an XP machine, computer1 on 'workgroup', once I've fixed the win7 problem, I'll be checking it can also join the domain. browse.dat has: GLENDISCc0001000 CENTOS55GLENDISC CENTOS55408c9a23 Samba Server Version 3.6.6-0.129.el5 GLENDISC WORKGROUP c0001000 COMPUTER1 WORKGROUP GLENDISCOVERY c0001000 PJL-WIN7 GLENDISCOVERY I was recommended to add some lines to smb.conf, so it now has [root@centos55 samba]# cat smb.conf # Samba config file created using SWAT # from UNKNOWN (0.0.0.0) # Date: 2013/02/17 23:16:46 [global] lanman auth = yes log file = /var/log/samba/%m.log name resolve order = bcast host lmhosts wins socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 obey pam restrictions = Yes client ntlmv2 auth = yes logon drive = z: ntlm auth = Yes domain master = Yes idmap config * : range = time server = Yes wins proxy = No passwd program = /usr/bin/passwd %u wins support = true netbios name = centos55 cups options = raw server
[Samba] upgrade samba (3.0.33) to samba-3x (3.6.6) on Centos5
Hi Related to my previous posting on joining win7 to a domain with samba-3.6.6 (which I finally managed to do!) With Centos5 one has the option of installing either Samba which is 3.0.33 or Samba3x which is 3.6.6 with the latest updates to centos5.9 My own server was set up with samba3x and hence was able to attempt connection of win7 PC I have several customers with older installations using samba3.0.33. Last year I tried updating one of them and it appeared the only way was to remove samba (3.0.33) and then install samba3x. This meant recreating all the shares and samba configuration and rejoining everyone to the domain. Is there an easier way of upgrading? Regards Peter Lawrie -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ACL problem with Samba 3.4.x on GPFS
When a file is created with samba 3.5.x or 3.6.x, it is created effective read-only: ~ # getfacl Microsoft\ Word-Dokument\ \(neu\).docx # file: Microsoft\040Word-Dokument\040(neu).docx # owner: root # group: 11816 user::rwx user:11582:rwx#effective:r-- group::rwx#effective:r-- mask::r-- other::--- The ACL-settings for the parent directory are ok: ~ # getfacl . # file: . # owner: root # group: 11816 user::rwx user:11582:rwx group::rwx mask::rwx other::--- default:user::rwx default:user:11582:rwx default:group::rwx default:mask::rwx default:other::--- The same Samba configuration on the same filesystem (GPFS) running with Samba 3.4.x is working correctly: [share] read only = no inherit acls= yes inherit owner = yes inherit permissions = yes nt acl support = yes Is it a bug or do I need to change some configuration parameters? Thanks a lot, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Centos samba-3x / samba-3.6.6 - win7 will not join domain
Hi On 18 February 2013 13:40, peter lawrie peter.law...@glendiscovery.co.uk wrote: [...] [global] [...] socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 Unrelated to your problems with joining machines to the domain, but you should probably remove these SO_SNDBUF and SO_RCVBUF which are generally not needed on a modern version of Linux and might slow things down. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Replication with Windows DC stops if it is rebooted
Hello All Just wanted to see if anyone else had experienced same thing. I have a Samba4 server DC replicating with a Windows 2008 server DC. When the Windows 2008 server is restarted, the samba 4 server no longer replicates. In the example below the 2008 server restarted itself at approx 3am for automatic updates. Samba 4 does not recover replication until samba4 service is restarted. Best regards Chris root@inview-dc2:~# samba-tool drs showrepl Default-First-Site-Name\INVIEW-DC2 DSA Options: 0x0001 DSA object GUID: 9f7b6201-cd1c-40dc-b930-f826cf9cad82 DSA invocationId: 70ec0850-684b-42e4-ad4b-ff23686ee424 INBOUND NEIGHBORS DC=DomainDnsZones,DC=inview,DC=local Default-First-Site-Name\INVIEW-DC1 via RPC DSA object GUID: 8be331d4-be37-43d6-9593-2ea1d095d504 Last attempt @ Fri Feb 15 16:00:41 2013 GMT failed, result 88 (WERR_NET_WRITE_FAULT) 623 consecutive failure(s). Last success @ Fri Feb 15 03:18:15 2013 GMT DC=ForestDnsZones,DC=inview,DC=local Default-First-Site-Name\INVIEW-DC1 via RPC DSA object GUID: 8be331d4-be37-43d6-9593-2ea1d095d504 Last attempt @ Fri Feb 15 16:00:41 2013 GMT failed, result 88 (WERR_NET_WRITE_FAULT) 623 consecutive failure(s). Last success @ Fri Feb 15 03:18:15 2013 GMT CN=Schema,CN=Configuration,DC=inview,DC=local Default-First-Site-Name\INVIEW-DC1 via RPC DSA object GUID: 8be331d4-be37-43d6-9593-2ea1d095d504 Last attempt @ Fri Feb 15 16:00:41 2013 GMT failed, result 88 (WERR_NET_WRITE_FAULT) 623 consecutive failure(s). Last success @ Fri Feb 15 03:18:17 2013 GMT CN=Configuration,DC=inview,DC=local Default-First-Site-Name\INVIEW-DC1 via RPC DSA object GUID: 8be331d4-be37-43d6-9593-2ea1d095d504 Last attempt @ Fri Feb 15 16:00:41 2013 GMT failed, result 88 (WERR_NET_WRITE_FAULT) 642 consecutive failure(s). Last success @ Fri Feb 15 03:18:17 2013 GMT DC=inview,DC=local Default-First-Site-Name\INVIEW-DC1 via RPC DSA object GUID: 8be331d4-be37-43d6-9593-2ea1d095d504 Last attempt @ Fri Feb 15 16:00:42 2013 GMT failed, result 88 (WERR_NET_WRITE_FAULT) 1219 consecutive failure(s). Last success @ Fri Feb 15 03:18:17 2013 GMT OUTBOUND NEIGHBORS CN=Schema,CN=Configuration,DC=inview,DC=local Default-First-Site-Name\INVIEW-DC1 via RPC DSA object GUID: 8be331d4-be37-43d6-9593-2ea1d095d504 Last attempt @ Thu Jan 24 10:59:13 2013 GMT was successful 0 consecutive failure(s). Last success @ Thu Jan 24 10:59:13 2013 GMT CN=Configuration,DC=inview,DC=local Default-First-Site-Name\INVIEW-DC1 via RPC DSA object GUID: 8be331d4-be37-43d6-9593-2ea1d095d504 Last attempt @ Thu Jan 24 10:59:18 2013 GMT was successful 0 consecutive failure(s). Last success @ Thu Jan 24 10:59:18 2013 GMT DC=inview,DC=local Default-First-Site-Name\INVIEW-DC1 via RPC DSA object GUID: 8be331d4-be37-43d6-9593-2ea1d095d504 Last attempt @ Thu Feb 14 17:27:41 2013 GMT was successful 0 consecutive failure(s). Last success @ Thu Feb 14 17:27:41 2013 GMT KCC CONNECTION OBJECTS Connection -- Connection name: c3c2ed9e-adb7-4e82-8ede-5e894b004e38 Enabled: TRUE Server DNS name : INVIEW-DC1.inview.local Server DN name : CN=NTDS Settings,CN=INVIEW-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=inview,DC=local TransportType: RPC options: 0x0001 Warning: No NC replicated for Connection! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Question marks, asterisks, colons in filenames
Hi, I suppose this question must have been posted a hundred times, but Google brings up nothing useful: Consider The Wall from Pink Floyd in an MP3 collection. There's In The Flesh.mp3 and In The Flesh?.mp3 as tracks. Or, another example in an MP3 collection: There's a Band called Stellar, but there's also a band called Stellar*. Naming files like this is no problem in Linux. Now I had the idea of using my files on other computers such as Macs and Windows-boxes, but both Systems have trouble with the characters mentioned above. My question is how Samba can help me to map these characters to something else so that the files become usable on the Windows/Mac side *without destroying the readability of the filenames entorely*. Hashing into 8.3 random character sequences with mangled names = yes is not really an option. What is the successor of the removed mangled map option? I did not find anything in the current man page of smb.conf (5). I'm running Samba 3.5.10, which is the latest in CentOS 6.3. Surely there must be some elegant way to fix this? I don't want to rename all my files at the Linux end. Any help would be very appreciated. Cheers, Raimund -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ldap+kerberos+samba
Dear list members, i am trying to get ldap + samba + kerberos working and have tried to make the proper configuration. Integrating samba + ldap was pretty easy, but getting kerberos to work seems a nightmare. Here it is what i tried (copy and pasted from my link client): harley@802-1x:/etc/samba$ kdestroy harley@802-1x:/etc/samba$ kinit har...@ufv.br's Password: harley@802-1x:/etc/samba$ klist Credentials cache: FILE:/tmp/krb5cc_1000 Principal: har...@ufv.br IssuedExpires Principal Feb 18 15:53:33 2013 Feb 18 19:53:33 2013 krbtgt/ufv...@ufv.br harley@802-1x:/etc/samba$ smbclient //802-1x.cpd.ufv.br/printers -k session setup failed: NT_STATUS_LOGON_FAILURE harley@802-1x:/etc/samba$ klist Credentials cache: FILE:/tmp/krb5cc_1000 Principal: har...@ufv.br IssuedExpires Principal Feb 18 15:53:33 2013 Feb 18 19:53:33 2013 krbtgt/ufv...@ufv.br Feb 18 15:53:44 2013 Feb 18 19:53:33 2013 cifs/802-1x.cpd.ufv...@ufv.br harley@802-1x:/etc/samba$ We can realize that smbclient is fetching the ticket to cifs service. But why NT_STATUS_LOGON_FAILURE ? Nothing appears on smbd logs. Any advice ? Thank you for your time and cooperation. Best regards. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 DC, Auth on linux side
Hi all, i'm searching the web up and down for a while now. I had set up an Samba4 AD from debian packages successfully. Now the goal is, like S3 with LDAP, to use this AD for linux purposes. At first for auth, later to bind postfix and other services to read the directory. (When tests are successfull, i will migrate an existing S3/OpenLDAP to S4s Active Directory. Now it is difficult for me to find best practises for my project. - Should I add posix attributes to my Domain Users and how to use this approach in an easy way with ADUC or other tools and read them with nslcd. or - Should I use nslcd without posix attributes and configure some mappings like creating uidNumber from the SID or - should I use WINBIND for auth. But I have found discussions about different winbind behavior depending on S4 is used as DC or member server in AD. In production mode, there will be the need to have linux auth on the DC and one member server (NAS). So it would nice to get the same behavior on both servers. Thanks for your advice. Chris Fischer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Sernet samba3-cifsmount
I upgraded a samba 3.5 installation to 3.6 and I noticed that there is no samba3-cifsmount package for 3.6 so now my system has mixed versions: [root@mysystem]# rpm -qa | grep samba3 samba3-cifsmount-3.5.20-44.el5 samba3-client-3.6.12-44.el5 samba3-3.6.12-44.el5 Is this the correct way to set this up? Thanks, -- Mark Nienberg Sent from an invalid address. Please reply to the group. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] smb.conf for Windows clients
So, I'm trying to paw through the long set of smb.conf options - and it's rather daunting. I'm wondering what smb.conf options are most important/appropriate/common for mostly Windows XP/7/(possibly v8) clients. TIA -Greg -- Gregory Sloop, Principal: Sloop Network Computer Consulting 503.251.0452 x121 Voice | 503.251.0452 Fax www.sloop.net mailto:gr...@sloop.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Question marks, asterisks, colons in filenames
On 18/02/13 19:16, Ray wrote: Hi, I suppose this question must have been posted a hundred times, but Google brings up nothing useful: Consider The Wall from Pink Floyd in an MP3 collection. There's In The Flesh.mp3 and In The Flesh?.mp3 as tracks. Or, another example in an MP3 collection: There's a Band called Stellar, but there's also a band called Stellar*. Naming files like this is no problem in Linux. Anyone putting special characters in file names has a special place in hell reserved for them. It is plain stupid, just don't do it. Personally I would name them all wall01.mp3, wall02.mp3 etc. and add ID3 tags to them. Any decent graphical file manager and/or music player will display the tag information. Stop abusing the filename to store metadata when there is a standard for storing that metadata in the file. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Question marks, asterisks, colons in filenames
On Mon, Feb 18, 2013 at 4:56 PM, Jonathan Buzzard jonat...@buzzard.me.uk wrote: On 18/02/13 19:16, Ray wrote: Hi, I suppose this question must have been posted a hundred times, but Google brings up nothing useful: Consider The Wall from Pink Floyd in an MP3 collection. There's In The Flesh.mp3 and In The Flesh?.mp3 as tracks. Or, another example in an MP3 collection: There's a Band called Stellar, but there's also a band called Stellar*. Naming files like this is no problem in Linux. Anyone putting special characters in file names has a special place in hell reserved for them. It is plain stupid, just don't do it. Personally I would name them all wall01.mp3, wall02.mp3 etc. and add ID3 tags to them. Any decent graphical file manager and/or music player will display the tag information. Stop abusing the filename to store metadata when there is a standard for storing that metadata in the file. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba JAB, have you ever pulled down a website with wget? Have you ever looked at www.dropbox.com/bad_files_check which shows all the native files on your Linux box that will never make it to windows. Is there some kind of regular expression transliterate functionality? A way to force windows only characters for samba shares? Ray, on more than one occasion swat has documentation that is nowhere else. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldap+kerberos+samba
On Mon, 2013-02-18 at 16:52 -0300, Friedrich Locke wrote: Dear list members, i am trying to get ldap + samba + kerberos working and have tried to make the proper configuration. Integrating samba + ldap was pretty easy, but getting kerberos to work seems a nightmare. Here it is what i tried (copy and pasted from my link client): harley@802-1x:/etc/samba$ kdestroy harley@802-1x:/etc/samba$ kinit har...@ufv.br's Password: harley@802-1x:/etc/samba$ klist Credentials cache: FILE:/tmp/krb5cc_1000 Principal: har...@ufv.br IssuedExpires Principal Feb 18 15:53:33 2013 Feb 18 19:53:33 2013 krbtgt/ufv...@ufv.br harley@802-1x:/etc/samba$ smbclient //802-1x.cpd.ufv.br/printers -k session setup failed: NT_STATUS_LOGON_FAILURE harley@802-1x:/etc/samba$ klist Credentials cache: FILE:/tmp/krb5cc_1000 Principal: har...@ufv.br IssuedExpires Principal Feb 18 15:53:33 2013 Feb 18 19:53:33 2013 krbtgt/ufv...@ufv.br Feb 18 15:53:44 2013 Feb 18 19:53:33 2013 cifs/802-1x.cpd.ufv...@ufv.br harley@802-1x:/etc/samba$ We can realize that smbclient is fetching the ticket to cifs service. But why NT_STATUS_LOGON_FAILURE ? Nothing appears on smbd logs. How is samba connected to the krb5 realm? What configuration options have you set to make it use a keytab? That all said, this kind of frustration is why I worked so hard on Samba 4.0 as an AD DC, because it provides the server-side integration of LDAP, Kerberos and the Domain protocols that allow Samba and windows member servers to join it, and for it to 'just work'. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb.conf for Windows clients
Hi Greg, could you please provide more info on what you are needing samba to do? Is this going to be a PDC or AD DC, or simple sharing, a print server, the list goes on... give us a little bit more info to work with and someone will likely be able to help you out. Ricky On Mon, Feb 18, 2013 at 5:02 PM, Gregory Sloop gr...@sloop.net wrote: So, I'm trying to paw through the long set of smb.conf options - and it's rather daunting. I'm wondering what smb.conf options are most important/appropriate/common for mostly Windows XP/7/(possibly v8) clients. TIA -Greg -- Gregory Sloop, Principal: Sloop Network Computer Consulting 503.251.0452 x121 Voice | 503.251.0452 Fax www.sloop.net mailto:gr...@sloop.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smb.conf for Windows clients
Alright, so you should find everything you are looking for here https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO_TEMP ACL's make share manipulation much easier, pretty much [share] path = /some/path/on/linux read only = no then from windows, login as the domain administrator and you can set the permissions to however you'd like. Let us know if you have any more issues. Ricky On Mon, Feb 18, 2013 at 7:40 PM, Gregory Sloop gr...@sloop.net wrote: Hi Greg, could you please provide more info on what you are needing samba to do? Is this going to be a PDC or AD DC, or simple sharing, a print server, the list goes on... give us a little bit more info to work with and someone will likely be able to help you out. Ricky Yes, of course. I should have done that initially. Sorry for the vagueness - though I'm *shocked,* *shocked I tell you* that you're not mind-readers! --- It's a Samba4 AD, operating in absence of a Windows AD/DC It's going to do file sharing, in an AD context. [Domain] We'll probably eventually use point-and-print functionality and GPO's etc. ...But initially I just want a good start on the main share. No non-windows clients are likely to use the share. Some things are clearly going to be items to use, like case [non]-sensitivity. So, I'm most interested in the important items in relation to the Share the Windows clients will see. If there are other items in the smb.conf elsewhere to be wary of, then those would be nice too. But there are so many items...having a good place to start that would avoid nasties cropping up later would be really nice. I've done a lot of this under S3, but it's been a while - and S4 changed so much I'm a new babe in the woods again. :) -Greg -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via e28ec90 smbd: fix initial large PAC sess setup response from d21280f Fix bug 9519 - Samba returns unexpected error on SMB posix open. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit e28ec902a207655acab665c4cfabb1f2031fb24f Author: David Disseldorp dd...@samba.org Date: Tue Feb 12 11:58:06 2013 +0100 smbd: fix initial large PAC sess setup response An oversize Kerberos security token may be split across multiple Session Setup AndX requests when authenticating as a user who is a member of many (~2000) groups. In such a case the NativeOS, NativeLanMan PrimaryDomain fields must be sent with the NT_STATUS_MORE_PROCESSING_REQUIRED response. Otherwise Windows clients may resend the same security token data in subsequent session setup andX requests, as observed with Windows 7 and Server 2012. This change fixes the SMB1 server only. Fix bug #9658 - Session Setup AndX exchange fails with an oversize security token. --- Summary of changes: source3/smbd/sesssetup.c | 14 +- 1 files changed, 13 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 4f09db9..75c2a15 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -905,6 +905,13 @@ static NTSTATUS check_spnego_blob_complete(struct smbd_server_connection *sconn, (unsigned int)copy_len, (unsigned int)pblob-length )); + if (pblob-length pad-needed_len) { + DEBUG(2, (subsequent security token data length %u + exceeds expected length %u\n, + (unsigned int)pblob-length, + (unsigned int)pad-needed_len)); + } + tmp_blob = data_blob(NULL, pad-partial_data.length + copy_len); @@ -1165,13 +1172,18 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) status = check_spnego_blob_complete(sconn, smbpid, vuid, blob1); if (!NT_STATUS_IS_OK(status)) { + /* +* Pack error response, ensuring to fill NativeOS, NativeLanMan +* PrimaryDomain fields on NT_STATUS_MORE_PROCESSING_REQUIRED +*/ + reply_outbuf(req, 4, 0); + reply_sesssetup_blob(req, data_blob_null, status); if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { /* Real error - kill the intermediate vuid */ invalidate_vuid(sconn, vuid); } data_blob_free(blob1); - reply_nterror(req, nt_status_squash(status)); return; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 97c3b5d waf: Fix correct linking of libreplace with cmdline-credentials. via db13fac Fallback to the internal resolver on EAI_FAIL. via 6284031 s3:idmap_autorid: fix freeing of non-talloced memory (uninitialized pointer) (bug #9653) from 1c74a7d Fix bug 9519 - Samba returns unexpected error on SMB posix open. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 97c3b5db4214336786c1fadde8292fe4d1aba56b Author: Andreas Schneider a...@samba.org Date: Thu Feb 14 12:14:33 2013 +0100 waf: Fix correct linking of libreplace with cmdline-credentials. cmdline-credentials needs rep_getpass from libreplace. The function has been replaced in master so this issue only exists in 4.0 releases. Reviewed-by: Andrew Bartlet abart...@samba.org Signed-off-by: Andreas Schneider a...@samba.org Fix bug #9664 - libcmdline-credentials.so isn't correctly linked again libreplace.so. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Feb 18 11:55:59 CET 2013 on sn-devel-104 commit db13facf3397d6043ae4324b78daf5346fed20ef Author: Landon Fuller land...@bikemonkey.org Date: Sat Feb 16 22:57:40 2013 -0500 Fallback to the internal resolver on EAI_FAIL. On Linux, non-RFC 1034-complaint names (such as gc._msdsc.example.org) will result in the resolver returning the non-POSIX EAI_NODATA. In that case, the case statement here would fall back on the internal resolver, allowing resolution to complete successfully. On FreeBSD, the libc resolver uses the same validation code, but the POSIX result of EAI_FAIL is returned instead of EAI_NODATA. Since there was no case for this error code, no fallback to the internal resolver would occur. This led to replication failing on FreeBSD. Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Sun Feb 17 07:06:36 CET 2013 on sn-devel-104 (cherry picked from commit 6dfb35f3ff7ad2d2089c0a3e5eab342384e45e4c) Fix bug #9656 - [patch] Work around FreeBSD's getaddrinfo() underscore issue. commit 62840319080908e234ba78affdbad25f53214441 Author: Michael Adam ob...@samba.org Date: Mon Feb 11 22:52:55 2013 +0100 s3:idmap_autorid: fix freeing of non-talloced memory (uninitialized pointer) (bug #9653) Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Feb 13 09:51:53 CET 2013 on sn-devel-104 (cherry picked from commit 19c68f80251f443016e505c5cf87f697fb552e8c) --- Summary of changes: source3/winbindd/idmap_autorid.c |2 +- source4/lib/cmdline/wscript_build |1 + source4/libcli/resolve/dns_ex.c |4 +++- 3 files changed, 5 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/idmap_autorid.c b/source3/winbindd/idmap_autorid.c index 621cae9..306b176 100644 --- a/source3/winbindd/idmap_autorid.c +++ b/source3/winbindd/idmap_autorid.c @@ -244,7 +244,7 @@ static NTSTATUS idmap_autorid_id_to_sid(struct autorid_global_config *cfg, struct id_map *map) { uint32_t range; - TDB_DATA data; + TDB_DATA data = tdb_null; char *keystr; struct dom_sid sid; NTSTATUS status; diff --git a/source4/lib/cmdline/wscript_build b/source4/lib/cmdline/wscript_build index 9b6f6e5..eec92d4 100644 --- a/source4/lib/cmdline/wscript_build +++ b/source4/lib/cmdline/wscript_build @@ -4,6 +4,7 @@ bld.SAMBA_LIBRARY('cmdline-credentials', source='credentials.c', autoproto='credentials.h', public_deps='samba-credentials popt', + deps='replace', private_library=True) bld.SAMBA_SUBSYSTEM('POPT_SAMBA', diff --git a/source4/libcli/resolve/dns_ex.c b/source4/libcli/resolve/dns_ex.c index bc64e8d..1226ed6 100644 --- a/source4/libcli/resolve/dns_ex.c +++ b/source4/libcli/resolve/dns_ex.c @@ -400,8 +400,10 @@ static void run_child_getaddrinfo(struct dns_ex_state *state, int fd) #ifdef EAI_NODATA case EAI_NODATA: #endif + case EAI_FAIL: + /* Linux returns EAI_NODATA on non-RFC1034-compliant names. FreeBSD returns EAI_FAIL */ case EAI_NONAME: - /* getaddrinfo() doesn't handle CNAME records */ + /* getaddrinfo() doesn't handle CNAME or non-RFC1034 compatible records */ run_child_dns_lookup(state, fd); return;
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8adbd1c srv_epmapper.c: Fix typo. via 240df6c wb_samba3_cmd.c: Fix typo in comment. via b22b22d brlock_tdb.c: Fix typo in comment. via 75ca814 srv_netlog_nt.c: Fix typo in comment. via 6eb59eb brlock.c: Fix typo in comment. via 38cb141 vfs_gpfs: Fix typos in comments. via 2ed035b fault.c: Fix typo in comment. via 68b2e30 docs: Fix typo. from dcc94f0 s4-nbt: Ensure source4/ nbt client and server honour 'disable netbios' http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8adbd1cf75492869f7fd1935eb211a070ef924cc Author: Karolin Seeger ksee...@samba.org Date: Mon Feb 18 10:25:09 2013 +0100 srv_epmapper.c: Fix typo. priviledge - privilege Signed-off-by: Karolin Seeger ksee...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Mon Feb 18 13:57:40 CET 2013 on sn-devel-104 commit 240df6c7b05e3c5c7be80d7607824147f360d64e Author: Karolin Seeger ksee...@samba.org Date: Mon Feb 18 10:05:23 2013 +0100 wb_samba3_cmd.c: Fix typo in comment. redundent - redundant Signed-off-by: Karolin Seeger ksee...@samba.org commit b22b22dccac6d3bdf7f02d9fe037a472df7956fd Author: Karolin Seeger ksee...@samba.org Date: Mon Feb 18 10:04:42 2013 +0100 brlock_tdb.c: Fix typo in comment. redundent - redundant Signed-off-by: Karolin Seeger ksee...@samba.org commit 75ca814f1efe435da018f7604865fda7ac59f712 Author: Karolin Seeger ksee...@samba.org Date: Mon Feb 18 10:03:51 2013 +0100 srv_netlog_nt.c: Fix typo in comment. redundent - redundant Signed-off-by: Karolin Seeger ksee...@samba.org commit 6eb59eb388ac7b98f7f7812e45ad4c8d333f03e8 Author: Karolin Seeger ksee...@samba.org Date: Mon Feb 18 10:02:51 2013 +0100 brlock.c: Fix typo in comment. redundent - redundant Signed-off-by: Karolin Seeger ksee...@samba.org commit 38cb1410f5107f42ddea9cbf9555adb273b35b18 Author: Karolin Seeger ksee...@samba.org Date: Mon Feb 18 10:01:21 2013 +0100 vfs_gpfs: Fix typos in comments. Signed-off-by: Karolin Seeger ksee...@samba.org commit 2ed035b5a064e21f57c89adc9c947ffa7721c600 Author: Karolin Seeger ksee...@samba.org Date: Mon Feb 18 09:59:52 2013 +0100 fault.c: Fix typo in comment. redundent - redundant Signed-off-by: Karolin Seeger ksee...@samba.org commit 68b2e30ae62d8a563cb7ee35e10c45fe0266c612 Author: Karolin Seeger ksee...@samba.org Date: Wed Feb 6 09:08:15 2013 +0100 docs: Fix typo. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: .../smbdotconf/printing/showaddprinterwizard.xml |2 +- lib/util/fault.c |2 +- prog_guide4.txt|6 +++--- source3/locking/brlock.c |2 +- source3/modules/vfs_gpfs.c |4 ++-- source3/rpc_server/epmapper/srv_epmapper.c | 10 +- source3/rpc_server/netlogon/srv_netlog_nt.c|2 +- source4/ntvfs/common/brlock_tdb.c |2 +- source4/winbind/wb_samba3_cmd.c|2 +- 9 files changed, 16 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/printing/showaddprinterwizard.xml b/docs-xml/smbdotconf/printing/showaddprinterwizard.xml index f6c1b90..f24bdb5 100644 --- a/docs-xml/smbdotconf/printing/showaddprinterwizard.xml +++ b/docs-xml/smbdotconf/printing/showaddprinterwizard.xml @@ -14,7 +14,7 @@ paraUnder normal circumstances, the Windows NT/2000 client will open a handle on the printer server with OpenPrinterEx() asking for Administrator privileges. If the user does not have administrative -access on the print server (i.e is not root or the priviledge +access on the print server (i.e is not root or has granted the SePrintOperatorPrivilege), the OpenPrinterEx() call fails and the client makes another open call with a request for a lower privilege level. This should succeed, however the APW diff --git a/lib/util/fault.c b/lib/util/fault.c index 4f8e8db..13d29db 100644 --- a/lib/util/fault.c +++ b/lib/util/fault.c @@ -76,7 +76,7 @@ static void fault_report(int sig) smb_panic(internal error); - /* smb_panic() never returns, so this is really redundent */ + /* smb_panic() never returns, so this is really redundant */ exit(1); } diff --git a/prog_guide4.txt b/prog_guide4.txt index c8c91c4..0a33284 100644 --- a/prog_guide4.txt +++ b/prog_guide4.txt @@ -267,7 +267,7 @@ parser where to find the following four variables, but they should In Samba3 there were unwritten rules about which
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via cfebce3 s3:smbd: add debugging to close code (regarding disconnect of a durable) via 2954442 s4:torture: fix segfault in test_durable_open_open2_oplock() via 2f8a033 s4:torture:smb2: fix segfault on error condition in the durable-open.delete_on_close2 test via 1d3bd45 s4:torture:smb2: fix segfault on error condition in the durable-open.delete_on_close1 test via 98b0e90 s4:torture:smb2: fix segfault on error condition in the durable-open.reopen4 test via 10fcbc6 s4:torture:smb2: fix segfault on error condition in the durable-open.reopen3 test via cb9b897 s4:torture:smb2: fix segfault on error condition in the durable-open.reopen2a test via 6385f75 s4:torture:smb2: fix segfault on error condition in durable-open.reopen2 test via 6240a7d s4:torture:smb2:durable: make test functions static via 42bf98d s4:torture: add a durable-open-disconnect test (suite) via f0e6a9b s3:smbd: use smbXsrv_open_close() instead of smbXsrv_open_update() from 8adbd1c srv_epmapper.c: Fix typo. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cfebce3c56474ac914474b57ed94f93418b0564b Author: Michael Adam ob...@samba.org Date: Tue Feb 12 17:44:51 2013 +0100 s3:smbd: add debugging to close code (regarding disconnect of a durable) Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Mon Feb 18 17:42:45 CET 2013 on sn-devel-104 commit 295444266d33863e3a8b7c8ffa5d193123db6132 Author: Stefan Metzmacher me...@samba.org Date: Wed Feb 13 14:11:57 2013 +0100 s4:torture: fix segfault in test_durable_open_open2_oplock() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org commit 2f8a033bf2563d547e42be5603074223078595f9 Author: Michael Adam ob...@samba.org Date: Wed Feb 13 15:05:40 2013 +0100 s4:torture:smb2: fix segfault on error condition in the durable-open.delete_on_close2 test Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 1d3bd45d6177c8af653dbacac934eb2061acf35e Author: Michael Adam ob...@samba.org Date: Wed Feb 13 15:04:10 2013 +0100 s4:torture:smb2: fix segfault on error condition in the durable-open.delete_on_close1 test Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 98b0e909b7b65bee694743617476d4d36fe595a3 Author: Michael Adam ob...@samba.org Date: Wed Feb 13 15:03:00 2013 +0100 s4:torture:smb2: fix segfault on error condition in the durable-open.reopen4 test Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 10fcbc6869dc2803e1c2dd3183c6781f4233550d Author: Michael Adam ob...@samba.org Date: Wed Feb 13 15:01:47 2013 +0100 s4:torture:smb2: fix segfault on error condition in the durable-open.reopen3 test Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit cb9b8975e5a9c032f7c4227c3eafb1ed6ada5e19 Author: Michael Adam ob...@samba.org Date: Wed Feb 13 15:00:26 2013 +0100 s4:torture:smb2: fix segfault on error condition in the durable-open.reopen2a test Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 6385f750f19a00a6ba16a0aec9bb91ab1cfcb2be Author: Michael Adam ob...@samba.org Date: Wed Feb 13 14:58:29 2013 +0100 s4:torture:smb2: fix segfault on error condition in durable-open.reopen2 test Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 6240a7d11e910027b42ac1d31ca13264e90d2266 Author: Michael Adam ob...@samba.org Date: Tue Feb 12 21:51:06 2013 +0100 s4:torture:smb2:durable: make test functions static Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 42bf98d54c36abd5f532a4510cdd4066fe82143d Author: Michael Adam ob...@samba.org Date: Tue Feb 12 17:45:23 2013 +0100 s4:torture: add a durable-open-disconnect test (suite) this opens a durable, disconnects it and exits Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit f0e6a9be00e441e50f0087c543e1b7c9012d126f Author: Stefan Metzmacher me...@samba.org Date: Wed Feb 13 08:26:43 2013 -0500 s3:smbd: use smbXsrv_open_close() instead of smbXsrv_open_update() This makes sure we store the correct disconnect_time for disconnected durable handles. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-02-19-0210/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-02-19-0210/samba3.stderr http://git.samba.org/autobuild.flakey/2013-02-19-0210/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-02-19-0210/samba.stderr http://git.samba.org/autobuild.flakey/2013-02-19-0210/samba.stdout The top commit at the time of the failure was: commit cfebce3c56474ac914474b57ed94f93418b0564b Author: Michael Adam ob...@samba.org Date: Tue Feb 12 17:44:51 2013 +0100 s3:smbd: add debugging to close code (regarding disconnect of a durable) Signed-off-by: Michael Adam ob...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Mon Feb 18 17:42:45 CET 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 06780ae samba_upgradeprovision: Remove options to fix FS ACLs from cfebce3 s3:smbd: add debugging to close code (regarding disconnect of a durable) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 06780ae82281fb62a08d0c3604d2e679976756c2 Author: Andrew Bartlett abart...@samba.org Date: Sat Feb 16 08:51:51 2013 +1100 samba_upgradeprovision: Remove options to fix FS ACLs samba-tool ntacl sysvolreset handles this better, and makes this tool much less confusing internally. Andrew Bartlett Reviewed-by: Matthieu Patou m...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Feb 19 06:06:41 CET 2013 on sn-devel-104 --- Summary of changes: source4/scripting/bin/samba_upgradeprovision | 427 +++--- source4/scripting/python/samba/upgradehelpers.py | 49 +--- 2 files changed, 205 insertions(+), 271 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/bin/samba_upgradeprovision b/source4/scripting/bin/samba_upgradeprovision index e2c57f2..570f783 100755 --- a/source4/scripting/bin/samba_upgradeprovision +++ b/source4/scripting/bin/samba_upgradeprovision @@ -186,12 +186,6 @@ parser.add_option(--debugchangesd, action=store_true, help=Print security descriptor differences) parser.add_option(--debugall, action=store_true, help=Print all available information (very verbose)) -parser.add_option(--resetfileacl, action=store_true, - help=Force a reset on filesystem acls in sysvol / netlogon share) -parser.add_option(--nontaclfix, action=store_true, - help=In full upgrade mode do not try to upgrade sysvol / netlogon acls) -parser.add_option(--fixntacl, action=store_true, - help=Only fix NT ACLs in sysvol / netlogon share) parser.add_option(--db_backup_only, action=store_true, help=Do the backup of the database in the provision, skip the sysvol / netlogon shares) parser.add_option(--full, action=store_true, @@ -1726,8 +1720,6 @@ if __name__ == '__main__': global defSDmodified defSDmodified = False -if opts.nontaclfix and opts.fixntacl: -message(SIMPLE, nontaclfix and fixntacl are mutally exclusive) # From here start the big steps of the program # 1) First get files paths paths = get_paths(param, smbconf=smbconf) @@ -1787,225 +1779,214 @@ if __name__ == '__main__': adm_session = admin_session(lp, str(names.domainsid)) # So we reget handle on objects # ldbs = get_ldbs(paths, creds, adm_session, lp) -if not opts.fixntacl: -if not sanitychecks(ldbs.sam, names): -message(SIMPLE, Sanity checks for the upgrade have failed. -Check the messages and correct the errors -before rerunning upgradeprovision) -ldbs.groupedRollback() -sys.exit(1) -# Let's see provision parameters -print_provision_key_parameters(names) - -# 5) With all this information let's create a fresh new provision used as -# reference -message(SIMPLE, Creating a reference provision) -provisiondir = tempfile.mkdtemp(dir=paths.private_dir, -prefix=referenceprovision) -result = newprovision(names, creds, session, smbconf, provisiondir, -provision_logger) -result.report_logger(provision_logger) - -# TODO -# 6) and 7) -# We need to get a list of object which SD is directly computed from -# defaultSecurityDescriptor. -# This will allow us to know which object we can rebuild the SD in case -# of change of the parent's SD or of the defaultSD. -# Get file paths of this new provision -newpaths = get_paths(param, targetdir=provisiondir) -new_ldbs = get_ldbs(newpaths, creds, session, lp) -new_ldbs.startTransactions() - -populateNotReplicated(new_ldbs.sam, names.schemadn) -# 8) Populate some associative array to ease the update process -# List of attribute which are link and backlink -populate_links(new_ldbs.sam, names.schemadn) -# List of attribute with ASN DN synthax) -populate_dnsyntax(new_ldbs.sam, names.schemadn) -# 9) -update_privilege(newpaths.private_dir, paths.private_dir) -# 10) -oem = getOEMInfo(ldbs.sam, str(names.rootdn)) -# Do some modification on sam.ldb -ldbs.groupedCommit() -new_ldbs.groupedCommit() -
[SCM] CTDB repository - branch master updated - ctdb-2.1-26-gd788bc8
The branch, master has been updated via d788bc8f7212b7dc1587ae592242dc8c876f4053 (commit) from 855ab348901edb3ec1327499a43f509d279b8182 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit d788bc8f7212b7dc1587ae592242dc8c876f4053 Author: Amitay Isaacs ami...@gmail.com Date: Fri Jan 18 10:42:14 2013 +1100 common/io: Rewrite socket handling code to read all available data This improves the processing of packets considerably. It has been observed that there can be as many as 10 packets in the socket buffer and the current code of reading a single packet from a socket at a time is not very optimal. This change reads all the bytes from socket buffer and then parses to extract multiple packets. If there are multiple packets, set up a timed event to process next packet. Signed-off-by: Amitay Isaacs ami...@gmail.com --- Summary of changes: common/ctdb_io.c | 160 +++--- 1 files changed, 92 insertions(+), 68 deletions(-) Changeset truncated at 500 lines: diff --git a/common/ctdb_io.c b/common/ctdb_io.c index 3ac1b63..b4224c4 100644 --- a/common/ctdb_io.c +++ b/common/ctdb_io.c @@ -30,9 +30,10 @@ #include stdarg.h /* structures for packet queueing - see common/ctdb_io.c */ -struct ctdb_partial { +struct ctdb_buffer { uint8_t *data; uint32_t length; + uint32_t size; }; struct ctdb_queue_pkt { @@ -44,7 +45,7 @@ struct ctdb_queue_pkt { struct ctdb_queue { struct ctdb_context *ctdb; - struct ctdb_partial partial; /* partial input packet */ + struct ctdb_buffer buffer; /* input buffer */ struct ctdb_queue_pkt *out_queue, *out_queue_tail; uint32_t out_queue_length; struct fd_event *fde; @@ -63,6 +64,75 @@ int ctdb_queue_length(struct ctdb_queue *queue) return queue-out_queue_length; } +static void queue_process(struct ctdb_queue *queue); + +static void queue_process_event(struct event_context *ev, struct timed_event *te, + struct timeval t, void *private_data) +{ + struct ctdb_queue *queue = talloc_get_type(private_data, struct ctdb_queue); + + queue_process(queue); +} + +/* + * This function is used to process data in queue buffer. + * + * Queue callback function can end up freeing the queue, there should not be a + * loop processing packets from queue buffer. Instead set up a timed event for + * immediate run to process remaining packets from buffer. + */ +static void queue_process(struct ctdb_queue *queue) +{ + uint32_t pkt_size; + uint8_t *data; + + if (queue-buffer.length sizeof(pkt_size)) { + return; + } + + pkt_size = *(uint32_t *)queue-buffer.data; + if (pkt_size == 0) { + DEBUG(DEBUG_CRIT, (Invalid packet of length 0\n)); + goto failed; + } + + if (queue-buffer.length pkt_size) { + DEBUG(DEBUG_DEBUG, (Partial packet data read\n)); + return; + } + + /* Extract complete packet */ + data = talloc_size(queue, pkt_size); + if (data == NULL) { + DEBUG(DEBUG_ERR, (read error alloc failed for %u\n, pkt_size)); + return; + } + memcpy(data, queue-buffer.data, pkt_size); + + /* Shift packet out from buffer */ + if (queue-buffer.length pkt_size) { + memmove(queue-buffer.data, + queue-buffer.data + pkt_size, + queue-buffer.length - pkt_size); + } + queue-buffer.length -= pkt_size; + + if (queue-buffer.length 0) { + /* There is more data to be processed, setup timed event */ + event_add_timed(queue-ctdb-ev, queue, timeval_zero(), + queue_process_event, queue); + } + + /* It is the responsibility of the callback to free 'data' */ + queue-callback(data, pkt_size, queue-private_data); + return; + +failed: + queue-callback(NULL, 0, queue-private_data); + +} + + /* called when an incoming connection is readable This function MUST be safe for reentry via the queue callback! @@ -70,10 +140,6 @@ int ctdb_queue_length(struct ctdb_queue *queue) static void queue_io_read(struct ctdb_queue *queue) { int num_ready = 0; - uint32_t sz_bytes_req; - uint32_t pkt_size; - uint32_t pkt_bytes_remaining; - uint32_t to_read; ssize_t nread; uint8_t *data; @@ -91,77 +157,33 @@ static void queue_io_read(struct ctdb_queue *queue) goto failed; } - if (queue-partial.data == NULL) { - /* starting fresh, allocate buf for size bytes */ - sz_bytes_req = sizeof(pkt_size); -
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2cf83f7 samba_upgradeprovision: Use tdb_util.tdb_copy not shutil.copy2 via 3c51e18 samba_upgradeprovision: Do not update privileges.ldb any more (unchanged since 2009) via 396df64 scripting: Make tdb_copy a common util function in samba.tdb_util via 2c2759e scripting: Make tdb_copy use the python subprocess module from 06780ae samba_upgradeprovision: Remove options to fix FS ACLs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2cf83f7c645e4b216cf6f23857fd72ec0e6ca7a6 Author: Andrew Bartlett abart...@samba.org Date: Sun Feb 17 18:15:52 2013 +1100 samba_upgradeprovision: Use tdb_util.tdb_copy not shutil.copy2 This is really important, because copying a file will both ignore locks held by another process and break any locks we hold (due to POSIX brain-damage regarding multiple fds on one file in a process). By leaving this to tdbbackup in a child, both of these issues are avoided. Andrew Bartlett Reviewed-by: Matthieu Patou m...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Feb 19 07:48:18 CET 2013 on sn-devel-104 commit 3c51e18a0cd1cb4b54cd29e312abd7cc2c0fbc98 Author: Andrew Bartlett abart...@samba.org Date: Sun Feb 17 18:41:00 2013 +1100 samba_upgradeprovision: Do not update privileges.ldb any more (unchanged since 2009) This update was only a total oblitoration of the existing database and not a merge, and the shutil.copy would both disregard and break locks on the database that are held at this point. Andrew Bartlett Reviewed-by: Matthieu Patou m...@samba.org commit 396df64ef6f2c66c35989ecda3e564d5578fe9f3 Author: Andrew Bartlett abart...@samba.org Date: Sun Feb 17 18:14:06 2013 +1100 scripting: Make tdb_copy a common util function in samba.tdb_util This will allow samba_upgradeprovision to also call it. Andrew Bartlett Reviewed-by: Matthieu Patou m...@samba.org commit 2c2759e408d9c45c2aee0c2578f45edd246afec3 Author: Andrew Bartlett abart...@samba.org Date: Sun Feb 17 17:57:42 2013 +1100 scripting: Make tdb_copy use the python subprocess module This makes the code more robust to spaces in the file names (etc). Andrew Bartlett Reviewed-by: Matthieu Patou m...@samba.org --- Summary of changes: source4/scripting/bin/samba_upgradeprovision | 51 --- .../scripting/python/samba/provision/sambadns.py | 23 + source4/scripting/python/samba/tdb_util.py | 41 3 files changed, 66 insertions(+), 49 deletions(-) create mode 100644 source4/scripting/python/samba/tdb_util.py Changeset truncated at 500 lines: diff --git a/source4/scripting/bin/samba_upgradeprovision b/source4/scripting/bin/samba_upgradeprovision index 570f783..25c3ac2 100755 --- a/source4/scripting/bin/samba_upgradeprovision +++ b/source4/scripting/bin/samba_upgradeprovision @@ -40,6 +40,7 @@ import samba.getopt as options from base64 import b64encode from samba.credentials import DONT_USE_KERBEROS from samba.auth import system_session, admin_session +from samba import tdb_util from ldb import (SCOPE_SUBTREE, SCOPE_BASE, FLAG_MOD_REPLACE, FLAG_MOD_ADD, FLAG_MOD_DELETE, MessageElement, Message, Dn, LdbError) @@ -1470,7 +1471,7 @@ def simple_update_basesamdb(newpaths, paths, names): :param names: List of key provision parameters message(SIMPLE, Copy samdb) -shutil.copy(newpaths.samdb, paths.samdb) +tdb_util.tdb_copy(newpaths.samdb, paths.samdb) message(SIMPLE, Update partitions filename if needed) schemaldb = os.path.join(paths.private_dir, schema.ldb) @@ -1482,31 +1483,19 @@ def simple_update_basesamdb(newpaths, paths, names): os.mkdir(samldbdir) os.chmod(samldbdir, 0700) if os.path.isfile(schemaldb): -shutil.copy(schemaldb, os.path.join(samldbdir, +tdb_util.tdb_copy(schemaldb, os.path.join(samldbdir, %s.ldb%str(names.schemadn).upper())) os.remove(schemaldb) if os.path.isfile(usersldb): -shutil.copy(usersldb, os.path.join(samldbdir, +tdb_util.tdb_copy(usersldb, os.path.join(samldbdir, %s.ldb%str(names.rootdn).upper())) os.remove(usersldb) if os.path.isfile(configldb): -shutil.copy(configldb, os.path.join(samldbdir, +tdb_util.tdb_copy(configldb, os.path.join(samldbdir, %s.ldb%str(names.configdn).upper())) os.remove(configldb) -def update_privilege(ref_private_path, cur_private_path): -Update the privilege
[SCM] CTDB repository - branch 1.2.40 updated - ctdb-1.2.57-7-g4455822
The branch, 1.2.40 has been updated via 44558223c2f83cafbe4ee63b4ce3d508dc7f0a02 (commit) via 9d8338fc14cfa5f4d8236eccb90ffdd4cdc11343 (commit) via c6e1b84595039edb5c49a5851b440710dc0e2ac1 (commit) via aae948c3c2ce1d2678ce57b4219674bafda5008e (commit) via 4697a83866a04357d386473a50685f677a730daf (commit) via 1cbdb44d604461509676b903a9e9515e7cab2598 (commit) via 537bed11c339a10faf45a6ede778f7c8e26e4f91 (commit) from 584e8c25971219614f3f2bfd5be233b04de7e0af (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.2.40 - Log - commit 44558223c2f83cafbe4ee63b4ce3d508dc7f0a02 Author: Amitay Isaacs ami...@gmail.com Date: Tue Feb 19 18:09:05 2013 +1100 New Version 1.2.58 Signed-off-by: Amitay Isaacs ami...@gmail.com commit 9d8338fc14cfa5f4d8236eccb90ffdd4cdc11343 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Fri May 25 12:27:59 2012 +1000 RECOVER: When we pull databases during recovery, we used to reallocate the databuffer for each entry added. This would normally not be an issue, but for cases where memory is fragmented, this could start to cost significant cpu if we need to reallocate and move to a different region. Change this to instead preallocate , by default, 10MByte chunks to the data buffer. This significantly reduces the number of potential reallocate and move operations that may be required. Create a tunable to override/change how much preallocation should be used. Conflicts: include/ctdb_private.h server/ctdb_tunables.c Cherry-pick-from: 1f262deaad0818f159f9c68330f7fec121679023 Also, make sure the preallocation size is 10MB and not 100MB. Signed-off-by: Amitay Isaacs ami...@gmail.com commit c6e1b84595039edb5c49a5851b440710dc0e2ac1 Author: Martin Schwenke mar...@meltin.net Date: Tue Feb 5 12:09:36 2013 +1100 Logging: Free the ringbuffer in child processes created with ctdb_fork() At the moment the log ringbuffer is duplicated in every child process. Althought it is copy-on-write we want to see if it is contributing to out-of-memory situations when there are a lot of children. The ringbuffer isn't accessible from any of the children anyway... Signed-off-by: Martin Schwenke mar...@meltin.net Conflicts: common/ctdb_fork.c Cherry-pick-from: a82d3ec12f0fda16d6bfa8442a07595de897c10e commit aae948c3c2ce1d2678ce57b4219674bafda5008e Author: Martin Schwenke mar...@meltin.net Date: Tue Feb 5 12:08:11 2013 +1100 Logging: New function ctdb_log_ringbuffer_free() Signed-off-by: Martin Schwenke mar...@meltin.net Cherry-pick-from: a4f622e85168f59417c11705f1734e0352e1d44a commit 4697a83866a04357d386473a50685f677a730daf Author: Amitay Isaacs ami...@gmail.com Date: Mon Feb 11 11:25:49 2013 +1100 eventscripts: Remove calls to smbstatus -np for samba cleanup This is an artifact from older versions of Samba. In the newer versions of Samba, smbstatus -np command does not do anything useful, but causes a traverse in CTDB which is expensive and causes CPU utilization to shoot up. Signed-off-by: Amitay Isaacs ami...@gmail.com Conflicts: config/events.d/50.samba Cherry-pick-from: 053b89c6dbce47001505524606889334559d2ec4 commit 1cbdb44d604461509676b903a9e9515e7cab2598 Author: Amitay Isaacs ami...@gmail.com Date: Fri Jan 18 10:42:14 2013 +1100 common/io: Rewrite socket handling code to read all available data This improves the processing of packets considerably. It has been observed that there can be as many as 10 packets in the socket buffer and the current code of reading a single packet from a socket at a time is not very optimal. This change reads all the bytes from socket buffer and then parses to extract multiple packets. If there are multiple packets, set up a timed event to process next packet. Signed-off-by: Amitay Isaacs ami...@gmail.com Cherry-pick-from: d788bc8f7212b7dc1587ae592242dc8c876f4053 Conflicts: common/ctdb_io.c commit 537bed11c339a10faf45a6ede778f7c8e26e4f91 Author: Amitay Isaacs ami...@gmail.com Date: Tue Jan 22 13:27:20 2013 +1100 daemon: Make sure all the traverse children are terminated if traverse times out When traverse times out, callback function is called with key and data set to tdb_null. This is also the way to signal end of traverse. So if the traverse times out, callback function treats it as traverse ended and frees state without calling the destructor. Keep track if the traverse timed out, so callback function can take appropriate action for traverse timeout and traverse end. Signed-off-by: Amitay Isaacs ami...@gmail.com Cherry-pick-from:
[SCM] CTDB repository - annotated tag ctdb-1.2.58 created - ctdb-1.2.58
The annotated tag, ctdb-1.2.58 has been created at 347a504424435225d8829edb9e04d24349bfee77 (tag) tagging 44558223c2f83cafbe4ee63b4ce3d508dc7f0a02 (commit) replaces ctdb-1.2.57 tagged by Amitay Isaacs on Tue Feb 19 18:10:12 2013 +1100 - Log - new version 1.2.58 Amitay Isaacs (4): daemon: Make sure all the traverse children are terminated if traverse times out common/io: Rewrite socket handling code to read all available data eventscripts: Remove calls to smbstatus -np for samba cleanup New Version 1.2.58 Martin Schwenke (2): Logging: New function ctdb_log_ringbuffer_free() Logging: Free the ringbuffer in child processes created with ctdb_fork() Ronnie Sahlberg (1): RECOVER: When we pull databases during recovery, we used to reallocate the databuffer for each entry added. This would normally not be an issue, but for cases where memory is fragmented, this could start to cost significant cpu if we need to reallocate and move to a different region. --- -- CTDB repository