Re: [Samba] stat between reads
Hello, thanks for the very quick replay and the patch. I tested the patch with the v3-6-stable branch (3.6.14) and it works as expected. The stat is gone and I could recognize a increased performance. kind regards, Frank Am 03/22/2013 10:28 PM, schrieb Jeremy Allison: On Fri, Mar 22, 2013 at 02:07:29PM -0700, Jeremy Allison wrote: On Fri, Mar 22, 2013 at 05:24:20PM +0100, Volker Lendecke wrote: If I see it right, we could avoid most of those calls. First, they are only relevant to see whether we can do sendfile. That choice is racy, we first look and have to deal with the mess if we have a short read afterwards anyway. Jeremy, what do you think? Only do that stat call in the sendfile if-branch, and there only if the read call in question would go beyond what we currently have in st.st_ex_size? Yes we could certainly make that change. It's not relevent in the non-sendfile read path but we'd have to be careful about not doing it by checking the existing fsp-fsp_name-st.st_ex_size, as I don't think we update that on an ftruncate call. My worry would be (to one single smbd): open 1mb file ftruncate to 10k readX of 50k at offset 0. Unless the ftruncate call updates fsp-fsp_name-st.st_ex_size then we'll return 10k of real data + 40k of zeros if sendfile is turned on, rather than a correct short read of 10k. Let me look at the code some and revisit this. Yep, I was right. This would be a problem (ftruncate and other file-size changing calls don't automatically update the st_ex_size on an fsp). Moving the fstat and ISREG check to the use_sendfile() path is an obviously correct no brainer though. And here is that patch. Should apply cleanly to 4.0.x and 3.6.x (with a few offsets). I'm testing here and will propose as an official optimization if 'make test' passes locally. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 server IP change
Hello, A perhaps silly but hopefully easy to answer question: does a server running Samba4 with a provisioned domain (upgraded from Samba3) mind if its IP address is changed? Is there anything special to do apart from obviously modifying Samba's internal DNS record for the Samba4 server? Thanks! Best regards, Andrei -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 Schema credentials
Hello, I am currently migrating from OpenLDAP to samba4 and encountered the following problem, I only can bind to CN=sambaadmin,CN=Users,DC=example,DC=com. So I was wondering if it is possible to bind to the CN=Schema,CN=Configuration,DC=example,DC=com? If so, where can I find the credentials? Best Regards Tim Vangehugten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 Dc Winbind and uidNumbers
Hi all, I'm trying to get the unix extensions working in AD. I'm obviously missing something, but I can't see what... I've just created user Jim (using ADUC) and added a uidnumber (using ADSIEdit). From this and what I have below, user Jim should have uidNumber of 12345 (from AD) and not be prefixed with Domain name. This isn't happening. Does anyone have any idea why not? cheers, Jim Excerpt from getent passwd: saned:x:110:117::/home/saned:/bin/false FASTFOOD\Administrator:*:0:100::/home/FASTFOOD/Administrator:/bin/false FASTFOOD\Guest:*:311:312::/home/FASTFOOD/Guest:/bin/false FASTFOOD\krbtgt:*:316:100::/home/FASTFOOD/krbtgt:/bin/false FASTFOOD\jim:*:319:100:Jim Chu:/home/FASTFOOD/jim:/bin/false smb.conf: [global] workgroup = FASTFOOD realm = FASTFOOD.LAN netbios name = CHIPSHOP server role = active directory domain controller dns forwarder = 62.24.199.13 log level = 3 algorithmic rid base = 1 idmap config * : range = 50001-6 idmap config * : backend = ad idmap config FASTFOOD : range = 1-5 idmap config FASTFOOD : backend = ad winbind nss info = rfc2307 winbind use default domain = yes [netlogon] path = /var/lib/samba/sysvol/fastfood.lan/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No My user from AD: dn: CN=Jim Chu,CN=Users,DC=fastfood,DC=lan objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: Jim Chu sn: Chu givenName: Jim instanceType: 4 whenCreated: 20130317212551.0Z displayName: Jim Chu uSNCreated: 3873 name: Jim Chu objectGUID:: hXvFCY0pTUeIgltTLbnOcQ== badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 primaryGroupID: 513 objectSid:: AQUAAAUVbDu04eltc/ij6yQSUQQAAA== accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: jim sAMAccountType: 805306368 userPrincipalName: j...@fastfood.lan objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=fastfood,DC=lan pwdLastSet: 13008029152000 userAccountControl: 66048 uidNumber: 12345 whenChanged: 20130317212824.0Z uSNChanged: 3877 distinguishedName: CN=Jim Chu,CN=Users,DC=fastfood,DC=lan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.5 git. Printer sharing broken?
On 26/03/13 05:03, steve wrote: Version 4.0.5-GIT-50c476e openSUSE 12.3 with CUPS driver on the DC which is printing OK from Linux clients joined to the domain. Hi everyone I have set up printing according to: http://wiki.samba.org/index.php/Samba4/HOWTO#Step_13:_Setup_a_Printer_share My smb.conf looks like this: [printers] comment = All Printers path = /usr/local/samba/var/spool browseable = Yes read only = No printable = Yes [print$] comment = Point and Print Printer Drivers path = /usr/local/samba/var/print read only = No But testparm tells me otherwise (notice the browseable = No): [printers] comment = All Printers path = /usr/local/samba/var/spool read only = No printable = Yes print ok = Yes browseable = No [print$] comment = Point and Print Printer Drivers path = /usr/local/samba/var/print read only = No Although I can't see the 'Printers and Faxes' share in W7 explorer, I see an empty screen at \\server\printers and when I right click I can choose 'server properties' and proceed to select the correct driver. The driver installs fine from a W7 client and the files appear at: /usr/local/samba/var/print/W32X86/3 However, I cannot print anything from Windows. The printer does not appear and cannot therefore be selected even though the driver seems to be correctly installed. This same config was working fine with 4.0.0. Any ideas what to do to be able to share the printer using the test branch? Cheers, Steve Error messages from smbd: /usr/local/samba/sbin/smbd: _spoolss_AddPrinterDriverEx: level 8 not yet implemented /usr/local/samba/sbin/smbd: spoolss_addprinterex_level_2: add printer for printer hpdeskjetf2200series called and no smb.conf parameter addprinter command is defined. This parameter must exist for this call to succeed windows says 'Access is denied' when trying to install the printer driver. I have opened 631 on the DC for CUPS and also tried without any firewall. Anyone? Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Dc Winbind and uidNumbers
On Wed, Mar 27, 2013 at 6:14 AM, Jim Potter jimchuf...@googlemail.com wrote: Hi all, I'm trying to get the unix extensions working in AD. I'm obviously missing something, but I can't see what... I've just created user Jim (using ADUC) and added a uidnumber (using ADSIEdit). From this and what I have below, user Jim should have uidNumber of 12345 (from AD) and not be prefixed with Domain name. This isn't happening. Does anyone have any idea why not? cheers, Jim Excerpt from getent passwd: saned:x:110:117::/home/saned:/bin/false FASTFOOD\Administrator:*:0:100::/home/FASTFOOD/Administrator:/bin/false FASTFOOD\Guest:*:311:312::/home/FASTFOOD/Guest:/bin/false FASTFOOD\krbtgt:*:316:100::/home/FASTFOOD/krbtgt:/bin/false FASTFOOD\jim:*:319:100:Jim Chu:/home/FASTFOOD/jim:/bin/false smb.conf: [global] workgroup = FASTFOOD realm = FASTFOOD.LAN netbios name = CHIPSHOP server role = active directory domain controller dns forwarder = 62.24.199.13 log level = 3 algorithmic rid base = 1 idmap config * : range = 50001-6 idmap config * : backend = ad idmap config FASTFOOD : range = 1-5 idmap config FASTFOOD : backend = ad Hello Jim, Try adding these lines. If this doesn't work, I think you're being bitten by a known bug specific to this setup on an S4 DC. Andrew wrote a patch back in Nov-Dec, but it may not have made it into the codebase. Let me know if that doesn't work and I'll try to find that thread. I'm pretty sure someone came up with a work around. idmap config FASTFOOD : schema_mode = rfc2307 idmap config FASTFOOD : default = yes winbind enum users = yes winbind enum groups = yes winbind nss info = rfc2307 winbind use default domain = yes [netlogon] path = /var/lib/samba/sysvol/fastfood.lan/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No My user from AD: dn: CN=Jim Chu,CN=Users,DC=fastfood,DC=lan objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: Jim Chu sn: Chu givenName: Jim instanceType: 4 whenCreated: 20130317212551.0Z displayName: Jim Chu uSNCreated: 3873 name: Jim Chu objectGUID:: hXvFCY0pTUeIgltTLbnOcQ== badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 primaryGroupID: 513 objectSid:: AQUAAAUVbDu04eltc/ij6yQSUQQAAA== accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: jim sAMAccountType: 805306368 userPrincipalName: j...@fastfood.lan objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=fastfood,DC=lan pwdLastSet: 13008029152000 userAccountControl: 66048 uidNumber: 12345 whenChanged: 20130317212824.0Z uSNChanged: 3877 distinguishedName: CN=Jim Chu,CN=Users,DC=fastfood,DC=lan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.5 git. Printer sharing broken?
Hi Steve, On Wed, 27 Mar 2013 11:18:32 +0100 steve st...@steve-ss.com wrote: windows says 'Access is denied' when trying to install the printer driver. I have opened 631 on the DC for CUPS and also tried without any firewall. Please ensure that the user attempting to add the printer driver has been granted SePrintOperatorPrivilege: # net rpc rights grant user SePrintOperatorPrivilege Cheers, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.5 git. Printer sharing broken?
On 27/03/13 12:09, David Disseldorp wrote: Hi Steve, On Wed, 27 Mar 2013 11:18:32 +0100 steve st...@steve-ss.com wrote: windows says 'Access is denied' when trying to install the printer driver. I have opened 631 on the DC for CUPS and also tried without any firewall. Please ensure that the user attempting to add the printer driver has been granted SePrintOperatorPrivilege: # net rpc rights grant user SePrintOperatorPrivilege Cheers, David Hi David I tried: # net rpc rights grant Administrator SePrintOperatorPrivilege -UAdministrator Enter Administrator's password: Successfully granted rights. I now try and print something. The file appears the queue as 'printing' but then changes to 'printing error'. Nothing prints. Any ideas? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 issue: roaming profile mismatch betweens W2k/XP machines due to enabled o
Samba 4.0.4 installed, provisioned by classicupgrade, running on Debian Squeeze: The issue is, that changes to the roaming profile is not transferred after log ins/outs between Win2K and XP machine. In example: I log into the W2k machine with my testuser and create a testdir1 and testdir2 on the Desktop. I logoff again. I check with ls -l if these directories was created on samba4 side at the file system (profiles share path). The test directories were created and the permissions + acls looks fine. Now I logon with this testuser at winXP machine. I can see testdir1 + testdir2 on the desktop. Now I delete testdir1 and create a new dir called fromxphost. So I see on the XP machine two dirs, called testdir2 + fromxphost. I logoff from the XPhost and log into the w2k machine again. Here is the issue -- I see three directories, called testdir1, testdir2 and fromxphost. When I logoff now again, these 3 directories will of course saved exactly like this onto the roaming profile. When the user logs into XP machine afterwards, he also will see these 3 directories. I have tested various user account and w2k/xp hosts. When I add/delete directories on this way to the w2k host logged on, no problem occurs. The user sees the updated directories. The problem occurs when the user switches from W2K --to--- XP host, or vice-versa. I think I have found out the reason of my problem with w2k clients and roaming profile mismatch -- samba4 uses offline caching which I cannot explain why so? In samba3 there was an option in smb.conf called csc policy or something like that. But smb.conf in samba4 doesn't seem to exist. I have realized that a Windows XP client in my samba4 domain writes warning to the event log that offline caching on the roaming profile was detected ! Unfortunately I see no way to disable that on samba4 server. Exact the same issue was mentioned by another user in February on the samba list here: http://samba.2283325.n4.nabble.com/Offline-Caching-td4357156.html With WinXP and Win7 there seems no problem as the content of the roaming profile seems to be saved/loaded correctly. Didnt realize any mismatch issues with WinXP/Win7 clients before. But on W2k clients it does NOT :( thats really a big issue in my case, cause we still have about 15-20 W2k clients in prod. environment. At luck I am not migrated yet to Samba4 on prod.env. cause I am still testing on my isolated test environment where I test with various Win2k, WinXP and Win7 clients. Under this circumstances I **CANNOT** migrate my samba3 domain to the new samba4 domain, as all my W2k clients would show this issue. Any information on developer side regarding this offline caching mechanism on samba4 ? any help, hint, info is really appreciated. Lucas (local@irc) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot access share from Kodak printer
I'm trying to use a Samba (3.0.37) share on my ASUS RT-ac66R router as a destination for scans from my Kodak Office Hero 6.1 all-in-one printer. ... I have put the printer and my laptop onto a hub and am using Wireshark to see what's going on. From the captures, it appears that printer is using a product called BlueShare 3.0 I've continued to experiment with smb.conf tweaks with no real progress. I have noticed new syslog entries: Mar 27 07:56:36 smbd[692]: [2013/03/27 07:56:36, 0] smbd/sesssetup.c:reply_sesssetup_and_X(1265) Mar 27 07:56:36 smbd[692]: reply_sesssetup_and_X: Rejecting attempt at SPNEGO session setup when it was not negoitiated. I tried setting the spnego options in smb.conf to yes, but these messages continue. I may have also noticed that the username/password isn't being sent from the printer to the router. The Session Setup AndX Request doesn't seem to contain either the username or password. It also doesn't seem to grow when I make the username and password both 8 bytes longer. Suggestions will be gratefully received. - Original Message - From: MIKE BLAKEKNOX bk1...@knology.net To: samba@lists.samba.org Sent: Sunday, March 24, 2013 11:45:39 AM Subject: [Samba] Cannot access share from Kodak printer I'm trying to use a Samba (3.0.37) share on my ASUS RT-ac66R router as a destination for scans from my Kodak Office Hero 6.1 all-in-one -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] force user = and guest ok = yes both set: samba 3.6.12 versus 3.6.13
Hello, when I set guest ok = yes and force user = some_user for a share and a client connects as guest, does samba switch to the user 'some_user' when it accesses the share's directory? To me it looks like samba did do this up to version 3.6.12 but does no longer with version 3.6.13: Instead 3.6.13 does switch to the guest user account - in my case to nobody. Please can someone confirm that there was a change from 3.6.12 to 3.6.13 that introduced this new behavior - or am I wrong and something else did go wrong when I did update? I did read the release notes and tried to read the source, but couldn't come to a conclusion. Best regards, Heiner Billich -- System Engineer Scientific Computing; Paul Scherrer Institut heiner.bill...@psi.ch; +41563103602; -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.5 git. Printer sharing broken?
Hi Steve, On Wed, 27 Mar 2013 12:58:03 +0100 steve st...@steve-ss.com wrote: ... I tried: # net rpc rights grant Administrator SePrintOperatorPrivilege -UAdministrator Enter Administrator's password: Successfully granted rights. I now try and print something. The file appears the queue as 'printing' but then changes to 'printing error'. Nothing prints. SePrintOperatorPrivilege shouldn't be required for issuing a print job, just administrative tasks like driver upload. Please raise a bug for your printing failure. Ensure to attach level 10 logs, as well as a network trace taken across the print attempt. Cheers, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 issue: roaming profile mismatch betweens W2k/XP machines due to enabled o
Hi Lucas, This is normal. when a user logs in, everything from user profile is copied to c:\docs and settings\username and when they log out everything is copied back, but nothing is deleted. As a result, you get all manner of junk building up in your profile, its not easy to delete and logins just get slower and slower as all this is copied about. I get round this by redirecting desktop to either a read only share or to a subdirectory of networked my docs folder. Also I use preexec scripts to manage user profile. Hope that helps Jim On Mar 27, 2013 12:04 PM, ?icro MEGAS microme...@mail333.com wrote: Samba 4.0.4 installed, provisioned by classicupgrade, running on Debian Squeeze: The issue is, that changes to the roaming profile is not transferred after log ins/outs between Win2K and XP machine. In example: I log into the W2k machine with my testuser and create a testdir1 and testdir2 on the Desktop. I logoff again. I check with ls -l if these directories was created on samba4 side at the file system (profiles share path). The test directories were created and the permissions + acls looks fine. Now I logon with this testuser at winXP machine. I can see testdir1 + testdir2 on the desktop. Now I delete testdir1 and create a new dir called fromxphost. So I see on the XP machine two dirs, called testdir2 + fromxphost. I logoff from the XPhost and log into the w2k machine again. Here is the issue -- I see three directories, called testdir1, testdir2 and fromxphost. When I logoff now again, these 3 directories will of course saved exactly like this onto the roaming profile. When the user logs into XP machine afterwards, he also will see these 3 directories. I have tested various user account and w2k/xp hosts. When I add/delete directories on this way to the w2k host logged on, no problem occurs. The user sees the updated directories. The problem occurs when the user switches from W2K --to--- XP host, or vice-versa. I think I have found out the reason of my problem with w2k clients and roaming profile mismatch -- samba4 uses offline caching which I cannot explain why so? In samba3 there was an option in smb.conf called csc policy or something like that. But smb.conf in samba4 doesn't seem to exist. I have realized that a Windows XP client in my samba4 domain writes warning to the event log that offline caching on the roaming profile was detected ! Unfortunately I see no way to disable that on samba4 server. Exact the same issue was mentioned by another user in February on the samba list here: http://samba.2283325.n4.nabble.com/Offline-Caching-td4357156.html With WinXP and Win7 there seems no problem as the content of the roaming profile seems to be saved/loaded correctly. Didnt realize any mismatch issues with WinXP/Win7 clients before. But on W2k clients it does NOT :( thats really a big issue in my case, cause we still have about 15-20 W2k clients in prod. environment. At luck I am not migrated yet to Samba4 on prod.env. cause I am still testing on my isolated test environment where I test with various Win2k, WinXP and Win7 clients. Under this circumstances I **CANNOT** migrate my samba3 domain to the new samba4 domain, as all my W2k clients would show this issue. Any information on developer side regarding this offline caching mechanism on samba4 ? any help, hint, info is really appreciated. Lucas (local@irc) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Dc Winbind and uidNumbers
Hi, On Wed, Mar 27, 2013 at 6:14 AM, Jim Potter jimchuf...@googlemail.com wrote: Hi all, I'm trying to get the unix extensions working in AD. I'm obviously missing something, but I can't see what... I've just created user Jim (using ADUC) and added a uidnumber (using ADSIEdit). From this and what I have below, user Jim should have uidNumber of 12345 (from AD) and not be prefixed with Domain name. This isn't happening. Does anyone have any idea why not? cheers, Jim Excerpt from getent passwd: saned:x:110:117::/home/saned:/bin/false FASTFOOD\Administrator:*:0:100::/home/FASTFOOD/Administrator:/bin/false FASTFOOD\Guest:*:311:312::/home/FASTFOOD/Guest:/bin/false FASTFOOD\krbtgt:*:316:100::/home/FASTFOOD/krbtgt:/bin/false FASTFOOD\jim:*:319:100:Jim Chu:/home/FASTFOOD/jim:/bin/false smb.conf: [global] workgroup = FASTFOOD realm = FASTFOOD.LAN netbios name = CHIPSHOP server role = active directory domain controller dns forwarder = 62.24.199.13 log level = 3 algorithmic rid base = 1 idmap config * : range = 50001-6 idmap config * : backend = ad idmap config FASTFOOD : range = 1-5 idmap config FASTFOOD : backend = ad Hello Jim, Try adding these lines. If this doesn't work, I think you're being bitten by a known bug specific to this setup on an S4 DC. Andrew wrote a patch back in Nov-Dec, but it may not have made it into the codebase. Let me know if that doesn't work and I'll try to find that thread. I'm pretty sure someone came up with a work around. idmap config FASTFOOD : schema_mode = rfc2307 idmap config FASTFOOD : default = yes winbind enum users = yes winbind enum groups = yes winbind nss info = rfc2307 winbind use default domain = yes [netlogon] path = /var/lib/samba/sysvol/fastfood.lan/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No My user from AD: dn: CN=Jim Chu,CN=Users,DC=fastfood,DC=lan objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: Jim Chu sn: Chu givenName: Jim instanceType: 4 whenCreated: 20130317212551.0Z displayName: Jim Chu uSNCreated: 3873 name: Jim Chu objectGUID:: hXvFCY0pTUeIgltTLbnOcQ== badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 primaryGroupID: 513 objectSid:: AQUAAAUVbDu04eltc/ij6yQSUQQAAA== accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: jim sAMAccountType: 805306368 userPrincipalName: j...@fastfood.lan objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=fastfood,DC=lan pwdLastSet: 13008029152000 userAccountControl: 66048 uidNumber: 12345 whenChanged: 20130317212824.0Z uSNChanged: 3877 distinguishedName: CN=Jim Chu,CN=Users,DC=fastfood,DC=lan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba If you are running samba 4 as an AD DC (that is if you specify: server role = active directory domain controller) you will need to configure winbind inside the samba binary. The settings you have are obeyed by the winbind binary which should be run e.g. on a member server, so you need to replace them with: idmap_ldb:use rfc2307 = yes that is the only settings (it defaults to no) which can affect winbind behavior on an AD DC. Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ADUC tool cannot creates users home directory
Hello everybody, if I use Microsoft's Active Directory Users tool to add a home drive mapping to a users profile, I encounter the problem that ADUC tool cannot create automatically the home directory for the desired user. ADUC tool fails with the message, that the share cannot be accessed. My smb.conf contains: [global] template homedir = /data1/homes/%ACCOUNTNAME [homes] browseable = no read only = no When user johndoe browse the share \\s4srv he will see a share with the name johndoe. If he doubleclicks this share, he see's the content of his home directory. Until here everything work's fine and is reasonable. As man smb.conf explains the [homes] share is a special share and the behavior is explained in details. My problem is, that I am logged-in with MYDOMNAME\Administrator at a Windows client, and running the ADUC tool. In users profile I enter for home drive mapping following information: U: --map---to---\\s4srv\%username% The syntax is correct, but ADUC cannot access this share, because it would resolve to \\s4srv\administrator at this step. I think that's why ADUC cannot create this share, because of the special mapping of the [home] share. The [home] share is cloned and the username of the accessing user is used. (see 'man smb.con' under section [homes] special share). How can I achieve to have ADUC tool create also the home dir when I create a new user? Any help appreciated. Thanks in advance, Lucas. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Dc Winbind and uidNumbers
Thanks for the replies on this. I'm on holiday at the mo, but will try it when I get home and get back to you. cheers, Jim On Mar 27, 2013 2:21 PM, Gémes Géza g...@kzsdabas.hu wrote: Hi, On Wed, Mar 27, 2013 at 6:14 AM, Jim Potter jimchuf...@googlemail.com wrote: Hi all, I'm trying to get the unix extensions working in AD. I'm obviously missing something, but I can't see what... I've just created user Jim (using ADUC) and added a uidnumber (using ADSIEdit). From this and what I have below, user Jim should have uidNumber of 12345 (from AD) and not be prefixed with Domain name. This isn't happening. Does anyone have any idea why not? cheers, Jim Excerpt from getent passwd: saned:x:110:117::/home/saned:/bin/false FASTFOOD\Administrator:*:0:100::/home/FASTFOOD/Administrator:/bin/false FASTFOOD\Guest:*:311:312::/home/FASTFOOD/Guest:/bin/false FASTFOOD\krbtgt:*:316:100::/home/FASTFOOD/krbtgt:/bin/false FASTFOOD\jim:*:319:100:Jim Chu:/home/FASTFOOD/jim:/bin/false smb.conf: [global] workgroup = FASTFOOD realm = FASTFOOD.LAN netbios name = CHIPSHOP server role = active directory domain controller dns forwarder = 62.24.199.13 log level = 3 algorithmic rid base = 1 idmap config * : range = 50001-6 idmap config * : backend = ad idmap config FASTFOOD : range = 1-5 idmap config FASTFOOD : backend = ad Hello Jim, Try adding these lines. If this doesn't work, I think you're being bitten by a known bug specific to this setup on an S4 DC. Andrew wrote a patch back in Nov-Dec, but it may not have made it into the codebase. Let me know if that doesn't work and I'll try to find that thread. I'm pretty sure someone came up with a work around. idmap config FASTFOOD : schema_mode = rfc2307 idmap config FASTFOOD : default = yes winbind enum users = yes winbind enum groups = yes winbind nss info = rfc2307 winbind use default domain = yes [netlogon] path = /var/lib/samba/sysvol/fastfood.lan/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No My user from AD: dn: CN=Jim Chu,CN=Users,DC=fastfood,DC=lan objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: Jim Chu sn: Chu givenName: Jim instanceType: 4 whenCreated: 20130317212551.0Z displayName: Jim Chu uSNCreated: 3873 name: Jim Chu objectGUID:: hXvFCY0pTUeIgltTLbnOcQ== badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 primaryGroupID: 513 objectSid:: AQUAAAUVbDu04eltc/ij6yQSUQQAAA== accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: jim sAMAccountType: 805306368 userPrincipalName: j...@fastfood.lan objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=fastfood,DC=lan pwdLastSet: 13008029152000 userAccountControl: 66048 uidNumber: 12345 whenChanged: 20130317212824.0Z uSNChanged: 3877 distinguishedName: CN=Jim Chu,CN=Users,DC=fastfood,DC=lan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba If you are running samba 4 as an AD DC (that is if you specify: server role = active directory domain controller) you will need to configure winbind inside the samba binary. The settings you have are obeyed by the winbind binary which should be run e.g. on a member server, so you need to replace them with: idmap_ldb:use rfc2307 = yes that is the only settings (it defaults to no) which can affect winbind behavior on an AD DC. Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ADUC tool cannot creates users home directory
On Mar 27, 2013 8:08 PM, ?icro MEGAS microme...@mail333.com wrote: My smb.conf contains: [global] template homedir = /data1/homes/%ACCOUNTNAME [homes] browseable = no read only = no Remove template homedir from global and add following to your homes section: path = /data1/homes And while defining home directory for users in dsa.msc give following path: \\SRV4\homes\%USERAME% And it should work fine. Regards, Nishant -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ADUC tool cannot creates users home directory
Well, In that case you could choose to hide the homes share by naming it homes$ and assigning a network drive say H: to users as their home drive. This is the way I have implemented it, may be there is some oversight from my side, but it works for me. And directories are created automagically by the windows tool. Regards, Nishant On Mar 27, 2013 8:41 PM, ?icro MEGAS microme...@mail333.com wrote: Hello Nishant, thanks for your feedback. Well, of course your proposed configuration would work, but have a caveats in my eyes: - a user accessing the share \\s4srv\homes would see all other users home directories. Although he cannot enter/access them, I don't like this behavior. - you would have two shares shown, one is \\s4srv\homes and the other cloned one (because of the homes special share) \\s4srv\johndoe. That's annoying, too. If I would use browseable = no at the [homes] section, than only the share \\s4srv\johndoe would be visible and when you open this share, you see again all other users home directories (which is not wanted at all). I would really appreciate to use the special share [homes] as it is intended to be used (as described in the manual of smb.conf). But I cannot find another option to have ADUC tool use somehow this syntax form of this special share which will clone [homes]--[username]. As I think exactly that is the problem, that's why ADUC cannot access this share to create a subdir there. Of course there would be an option to use logon scripts to create a non-existing home dir on-the-fly after the user logs in. I just wanted to ask here on the community, if I miss something and maybe there's a workaround to use [homes] as described initially on my post here *AND* to have ADUC tool creates a homedir for a user. However, thanks for your feedback. Cheers, Lucas. Срд 27 Мар 2013 18:50:02 +0400, Nishant Sharma codemarau...@gmail.com написал: On Mar 27, 2013 8:08 PM, ?icro MEGAS microme...@mail333.comhttp://compose/?adb_to=microme...@mail333.com wrote: My smb.conf contains: [global] template homedir = /data1/homes/%ACCOUNTNAME [homes] browseable = no read onlyXSSCleaned= no Remove template homedir from global and add following to your homes section: path = /data1/homes And while defining home directory for users in dsa.msc give following path: \\SRV4\homes\%USERAME% And it should work fine. Regards, Nishant -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] CTDB / High RECLOCK latency
Hi, i have the following Problem in a CTDB / GFS2 Cluster. Two Nodes, 2 Public Adresses. Is there any Solution or what can be the Problem? 2013/03/27 09:45:19.175337 [ 3596]: High RECLOCK latency 20.887812s for operation lock() Thanks for help... Mit freundlichen Grüßen Sven Vogel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.5 git. Printer sharing broken?
On 27/03/13 14:44, David Disseldorp wrote: Hi Steve, On Wed, 27 Mar 2013 12:58:03 +0100 steve st...@steve-ss.com wrote: ... I tried: # net rpc rights grant Administrator SePrintOperatorPrivilege -UAdministrator Enter Administrator's password: Successfully granted rights. I now try and print something. The file appears the queue as 'printing' but then changes to 'printing error'. Nothing prints. SePrintOperatorPrivilege shouldn't be required for issuing a print job, just administrative tasks like driver upload. Please raise a bug for your printing failure. Ensure to attach level 10 logs, as well as a network trace taken across the print attempt. Cheers, David Hi David OK. https://bugzilla.samba.org/show_bug.cgi?id=9745 We really would like to be able to print from windows too. Thanks. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] network neighborhood (Solved)
Hai, Since im using debian 6 also, and i do see all my windows pC/servers and linux server (samba) Here is what im having, and most important make sure your using the same workgroup = DOMAINNAM for all servers. This isa part of my PDC config. ( based on debian sarge setup, upgraded to lenny, using samba 3.5.6 from backports-lenny ) interfaces = lo eth0 bind interfaces only = yes netbios name = PDC server string = THEREALHOSTNAME-PDC( but you can use something else ) workgroup = DOMAINNAME domain logons = Yes preferred master = Yes domain master = Yes os level = 65 min protocol = NT1 lm announce = no lanman auth = no disable netbios = no On my New PDC ( new setup , debian squeeze, used backports samba packages version 3.6.6 ) interfaces = lo eth0 bind interfaces only = yes smb ports = 139 445 dns proxy = yes name resolve order = wins host lmhosts bcast netbios name = PDC2 server string = THEREALHOSTNAME-PDC2 workgroup = DOMAINNAME domain logons = Yes domain master = Yes preferred master = No On my BDC ( base on debian etch, upgraded to lenny sing samba 3.5.6 from backports-lenny ) netbios name = BDC server string = THEREALHOSTNAME-BDC workgroup = DOMAINNAME domain logons = Yes preferred master = No domain master = No os level = 60 min protocol = NT1 lm announce = no lanman auth = no disable netbios = no encrypt passwords = true name resolve order = lmhosts host wins bcast dns proxy = yes and the member server are having. like BDC but domain logons = NO preferred master = No domain master = No hope this helps for you. Also, all my pcnames are in BIND, resolvable and having reverse records. and.. if you dont see your server, wait at least 15-30 min. somethings it just takes some time before you see the name of the server. Why, i dont know.. Good luck. Louis -Oorspronkelijk bericht- Van: fe...@epepm.cupet.cu [mailto:samba-boun...@lists.samba.org] Namens fe...@epepm.cupet.cu Verzonden: vrijdag 22 maart 2013 13:28 Aan: samba@lists.samba.org Onderwerp: Re: [Samba] network neighborhood You can try, [global] announce as = system type You are running in an windows ADS there is no netbios but dns. So it could be PCs are not show up In the neighborhood. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von fe...@epepm.cupet.cu Gesendet: Donnerstag, 21. März 2013 16:04 An: samba@lists.samba.org Betreff: [Samba] network neighborhood Mensaje original Asunto: network neighborhood De: fe...@epepm.cupet.cu Fecha: Mie, 20 de Marzo de 2013, 8:07 am Para: samba@lists.samba.org --- --- Hello: I would like to know what is wrong in my configuration. I can't see this server in network neighborhood. samba 3.5.6 joined to my active directory domain. [global] # message command = /bin/sh -c '/usr/bin/linpopup %f %m %s; rm %s' security = ADS netbios name = dos realm = EPEPM.CUPET.CU password server = ad.epepm.cupet.cu workgroup = EPEPM log level = 1 syslog = 0 idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind enum users = yes winbind enum groups = yes winbind use default domain = yes template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes domain master = no server string = Servidor Dos encrypt passwords = true Yes, all windows computers are shown in network neigborhood, even an ubuntu 12.04 desktop, but not this debian 6. I tried your suggestion but it didn't work. I read that default is announce as = NT Server I set loglevel = 10 and I got this: [2013/03/22 08:26:02.154496, 4] nmbd/nmbd_workgroupdb.c:281(dump_workgroups) dump_workgroups() dump workgroup on subnet 10.30.100.6: netmask=255.255.255.255: EPEPM(1) current master browser = UNKNOWN DOS 40809b03 (Servidor Dos) [2013/03/22 08:26:12.159757, 4] nmbd/nmbd_workgroupdb.c:170(find_workgroup_on_subnet) find_workgroup_on_subnet: workgroup search for EPEPM on subnet 10.30.100.6: found. [2013/03/22 08:26:12.159879, 8] lib/util.c:1869(is_myname) is_myname(DOS) returns 1 [2013/03/22 08:26:12.159912, 3]
Re: [Samba] samba-tool classicupgrade (from v3 to v4) aborts with Unable to get id for sid
- Original Message - From: Andrew Bartlett abart...@samba.org To: Max Olivas moli...@northglenn.org Cc: Jon Detert jdet...@infinityhealthcare.com, samba@lists.samba.org Sent: Friday, March 22, 2013 7:01:34 AM Subject: Re: [Samba] samba-tool classicupgrade (from v3 to v4) aborts with Unable to get id for sid On Thu, 2013-03-21 at 10:15 -0600, Max Olivas wrote: On 3/19/2013 at 8:28 AM, in message 2119021439.23770729.1363703293922.javamail.r...@infinityhealthcare.com, Jon Detert jdet...@infinityhealthcare.com wrote: I'm trying to upgrade from samba3 - 4. I ran this command: WORKDIR=/usr/local/mobius /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=$WORKDIR/var --use-xattrs=yes --realm=infinityhealthcare.com $WORKDIR/smb.conf but it failed with the error given in this email's subject. What does it mean, and how do I fix it? -- snip -- The big issue here is that passdb has never had a 'fsck', and Samba operates quite well as a 'classic' DC with an almost totally invalid database! Wow. I would not be surprised at all if my passdb does not have the utmost integrity. As to what has happened in your particular instance, could you please post me the output of ldbdump private/idmap.ldb? I'd be happy to, but I can't find ldbdump. I have tdbdump and ntdbdump. I gather from googling that ldbdump is based on or inspired by tdbdump. Would a tdbdump suffice? If not, how can I get ldbdump? As to posting the dump for you - I'm not sure it's wise to post it to this list. I could put it in dropbox, and email you a link. Let me know if that plan is undesirable. Thanks, Jon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Schema credentials
On Wed, 2013-03-27 at 10:13 +0100, Tim Vangehugten wrote: Hello, I am currently migrating from OpenLDAP to samba4 and encountered the following problem, I only can bind to CN=sambaadmin,CN=Users,DC=example,DC=com. So I was wondering if it is possible to bind to the CN=Schema,CN=Configuration,DC=example,DC=com? If so, where can I find the credentials? You can only bind as a user in the domain. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 LDAP NTLM password nightly injection
On Tue, 2013-03-26 at 11:10 -0400, Luc Lalonde wrote: Hello Andrew, I'm finally diving into this project... First off, my sysadmin stuff is mostly in Perl. So my Python is rudimentary at best. Here we go anyway... I've looked at the 'upgrade.py' but I can't seem to figure out how to connect to the Samba4 passwd database. In the script I see these lines: ### # Connect to samba4 backend s4_passdb = passdb.PDB(new_lp_ctx.get(passdb backend)) I would appreciate a hint on how to connect to the database please. Where is the 'passdb' object referenced from? Once that's done, from what I understand, I should be able to change the passwords directly: ### # Change foo-user password admin_userdata = s4_passdb.getsampwnam(foo-user) admin_userdata.nt_passwd = 878D8014606CDA29677A44EFA1353FC7 admin_userdata.lanman_passwd = 552902031BEDE9EFAAD3B435B51404EE s4_passdb.update_sam_account(admin_userdata) ### Sort of. Those values are not base16 strings, but raw bytes, but otherwise that looks pretty much right at a first glance. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 server IP change
On 03/27/2013 04:45 AM, samba-de...@gbif.org wrote: Hello, A perhaps silly but hopefully easy to answer question: does a server running Samba4 with a provisioned domain (upgraded from Samba3) mind if its IP address is changed? Is there anything special to do apart from obviously modifying Samba's internal DNS record for the Samba4 server? Thanks! Best regards, Andrei The server probably won't much care, but the clients might take a hissy fit. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 LDAP NTLM password nightly injection
Hello Andrew, How would I convert the below base16 strings into raw bytes acceptable to this routine? We presently inject the NTLM passwords directly into our LDAP database for Samba3. Also, I can't seem to figure out the argument values for 'passdb.PDB'. I tried 'ldb', 'samba_dsdb'. Thanks for your help! On 2013-03-27, at 6:18 PM, Andrew Bartlett abart...@samba.org wrote: On Tue, 2013-03-26 at 11:10 -0400, Luc Lalonde wrote: Hello Andrew, I'm finally diving into this project... First off, my sysadmin stuff is mostly in Perl. So my Python is rudimentary at best. Here we go anyway... I've looked at the 'upgrade.py' but I can't seem to figure out how to connect to the Samba4 passwd database. In the script I see these lines: ### # Connect to samba4 backend s4_passdb = passdb.PDB(new_lp_ctx.get(passdb backend)) I would appreciate a hint on how to connect to the database please. Where is the 'passdb' object referenced from? Once that's done, from what I understand, I should be able to change the passwords directly: ### # Change foo-user password admin_userdata = s4_passdb.getsampwnam(foo-user) admin_userdata.nt_passwd = 878D8014606CDA29677A44EFA1353FC7 admin_userdata.lanman_passwd = 552902031BEDE9EFAAD3B435B51404EE s4_passdb.update_sam_account(admin_userdata) ### Sort of. Those values are not base16 strings, but raw bytes, but otherwise that looks pretty much right at a first glance. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Internal DNS and Replication
On 03/26/2013 08:32 PM, Dustin C. Hatch wrote: Can you post the full output of `samba-tool drs showrepl`? I joined and removed my Samba server from Active Directory several times while testing, so I decided to start everything over from scratch. After I rebuilt Server 2008 and the Active Directory on Server1, I joined a Windows 7 machine named adwks11 to the domain. Then I joined Server2 running Samba 4.0.4 as a DC. The A record and CNAME record weren't added, so added them following the HOW-TO. I also ran the ntdsutil commands that you provided earlier. Here's the output for samba-tool drs and samba-tool dns: samba-tool drs showrepl http://pastebin.com/UVczcQQJ samba-tool dns query localhost ankeny.local @ ALL http://pastebin.com/4TH5py8Y samba-tool dns query server1 ankeny.local @ ALL http://pastebin.com/VQHLwPb5 The record for server2 never shows up in it's own DNS. Later I joined another Windows 7 machine to the domain. It shows up in server1's DNS, but it never gets replicated to server2. No, the client is only supposed to update the DC it authenticated against. The replication should pass the information along. Does the internal DNS use Kerberos authentication for replication? I'm using Centos 6, so I think I'm using the kinit from MIT Kerberos. Could that be causing problems? Thanks, Alan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Flushing wafcache when tweaking Samba builds
On Tue, Mar 26, 2013 at 5:55 PM, Andrew Bartlett abart...@samba.org wrote: On Fri, 2013-03-22 at 07:53 -0400, Nico Kadel-Garcia wrote: I notice that Sama builds with Samba 4.0.x now use WAFCACHE to store temporary files in the build process. Caching these files is fine, but what clears them out? I've been working in test environments where WAFCACHE was set to /tmp/wafcache, such as building Fedora RPM's for testing, and eventually ran my filesystem out of inodes because nothing expires them. For now, I've left a cron job running to flush old files there, but does anyone have a better approach? Should the WAFCACHE be in inside the build tree, and flushed as part of make clean? The only waf cache I can find is in bin/.confcache. Have you set something manually? Andrew Bartlett The Fedora SRPM's do, I wa working from those. I had a gentle word with them about this, and they're switching it to $PWD/WAFCACHE. in the build directory, although the default you've illuminated here actually makes more sense. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Flushing wafcache when tweaking Samba builds
On Wed, 2013-03-27 at 23:04 -0400, Nico Kadel-Garcia wrote: On Tue, Mar 26, 2013 at 5:55 PM, Andrew Bartlett abart...@samba.org wrote: On Fri, 2013-03-22 at 07:53 -0400, Nico Kadel-Garcia wrote: I notice that Sama builds with Samba 4.0.x now use WAFCACHE to store temporary files in the build process. Caching these files is fine, but what clears them out? I've been working in test environments where WAFCACHE was set to /tmp/wafcache, such as building Fedora RPM's for testing, and eventually ran my filesystem out of inodes because nothing expires them. For now, I've left a cron job running to flush old files there, but does anyone have a better approach? Should the WAFCACHE be in inside the build tree, and flushed as part of make clean? The only waf cache I can find is in bin/.confcache. Have you set something manually? Andrew Bartlett The Fedora SRPM's do, I wa working from those. I had a gentle word with them about this, and they're switching it to $PWD/WAFCACHE. in the build directory, although the default you've illuminated here actually makes more sense. I wouldn't recommend using it at all between builds. The Samba Team never sets it, and ccache is a safer option, as it verifies the input to gcc, rather than before gcc is called. We occasionally have strange situations where waf doesn't think the deps on a task have changed, but they really have, and the only way to get things building again is to blow away the target object or the whole working tree. If the WAFCACHE is used in an automated process, then the 'old' result could be silently returned, which might be bad. I'm working from this description of it from here, and from private discussions with Tridge from when we first started with waf: https://groups.google.com/forum/?fromgroups=#! topic/waf-users/jegukEHjJ68 Finally, I don't want to slander waf: we use an old version of waf, and so my concerns might be addressed in a later version, or be specific to the way Samba (ab)uses waf. Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Invitation to connect on LinkedIn
LinkedIn I'd like to add you to my professional network on LinkedIn. - Aravinda Aravinda Guzzar Technical Manager HCL, Consultant Tech Lead NetApp at NetApp Bengaluru Area, India Confirm that you know Aravinda Guzzar: https://www.linkedin.com/e/6zb2eq-hetfietd-5a/isd/12000915114/uv99-TJ5/?hs=falsetok=0yjVmCYwAj_RE1 -- You are receiving Invitation to Connect emails. Click to unsubscribe: http://www.linkedin.com/e/6zb2eq-hetfietd-5a/uO9ZcyIWktTuqscs6Cl0OwbXkN/goo/samba%40samba%2Eorg/20061/I3980101842_1/?hs=falsetok=07PPPswy0j_RE1 (c) 2012 LinkedIn Corporation. 2029 Stierlin Ct, Mountain View, CA 94043, USA. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e865788 dbwrap: Add a comment explaining a restriction from e3f5e47 smbd: Remove an optimization that became unnecessary http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e8657887a9c1deadbd4e98c8b66cd46bdf36402a Author: Volker Lendecke v...@samba.org Date: Wed Mar 27 10:23:50 2013 +0100 dbwrap: Add a comment explaining a restriction Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Mar 27 13:40:15 CET 2013 on sn-devel-104 --- Summary of changes: lib/dbwrap/dbwrap.c | 11 +++ 1 files changed, 11 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/dbwrap/dbwrap.c b/lib/dbwrap/dbwrap.c index f0b7a9a..f03514d 100644 --- a/lib/dbwrap/dbwrap.c +++ b/lib/dbwrap/dbwrap.c @@ -453,6 +453,17 @@ int dbwrap_get_seqnum(struct db_context *db) int dbwrap_transaction_start(struct db_context *db) { if (!db-persistent) { + /* +* dbwrap_ctdb has two different data models for persistent +* and non-persistent databases. Transactions are supported +* only for the persistent databases. This check is here to +* prevent breakages of the cluster case, autobuild at this +* point only tests non-clustered Samba. Before removing this +* check, please make sure that this facility has also been +* added to dbwrap_ctdb. +* +* Thanks, vl +*/ DEBUG(1, (transactions not supported on non-persistent database %s\n, db-name)); return -1; -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 73cdbcd Add CVE-2013-0454 page from 91d4fb8 Update latest stable release. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 73cdbcdc0605cd76e4f9a3846f68eb3bf65a0aab Author: Lars Müller l...@samba.org Date: Wed Mar 27 16:16:30 2013 +0100 Add CVE-2013-0454 page --- Summary of changes: security/CVE-2013-0454.html | 42 ++ 1 files changed, 42 insertions(+), 0 deletions(-) create mode 100644 security/CVE-2013-0454.html Changeset truncated at 500 lines: diff --git a/security/CVE-2013-0454.html b/security/CVE-2013-0454.html new file mode 100644 index 000..6137b10 --- /dev/null +++ b/security/CVE-2013-0454.html @@ -0,0 +1,42 @@ +=== +== Subject: A writable configured share might get read only +== +== CVE ID#: CVE-2013-0454 +== +== Versions:Samba 3.6.0 - 3.6.5 (inclusive) +== +== Summary: A share configuration 'read only = no' might result +== in 'read only = yes' +== +=== + +=== +Description +=== + +Due to a assignment vs equality bug a share reference might get +overwritten. This can lead to 'read only = no' from another share to +leak into a 'read only = yes' share for a subsequent connections. This +is a re-evaluation of an already fixed bug. + +== +Workaround +== + +Update to 3.6.6 or apply +http://git.samba.org/?p=samba.git;a=commit;h=15a423bf373a8116a0de7a627eaaea3932541e88 + +== +Patch Availability +== + +See above. + +=== +Credits +=== + +The release of this information was driven by Ulf Troppens of IBM +February, 19th 2013. + +The required patch got written by Michael Adam 1st of February 2013. -- Samba Website Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-03-27-1620/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-03-27-1620/samba3.stderr http://git.samba.org/autobuild.flakey/2013-03-27-1620/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-03-27-1620/samba.stderr http://git.samba.org/autobuild.flakey/2013-03-27-1620/samba.stdout The top commit at the time of the failure was: commit e8657887a9c1deadbd4e98c8b66cd46bdf36402a Author: Volker Lendecke v...@samba.org Date: Wed Mar 27 10:23:50 2013 +0100 dbwrap: Add a comment explaining a restriction Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Mar 27 13:40:15 CET 2013 on sn-devel-104
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 1b2389d Add html header and footer from 73cdbcd Add CVE-2013-0454 page http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 1b2389d6ed7da9c1679a70c01d717a38d1a3f12c Author: Lars Müller l...@samba.org Date: Wed Mar 27 16:26:04 2013 +0100 Add html header and footer --- Summary of changes: security/CVE-2013-0454.html | 22 ++ 1 files changed, 22 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/security/CVE-2013-0454.html b/security/CVE-2013-0454.html index 6137b10..6198449 100644 --- a/security/CVE-2013-0454.html +++ b/security/CVE-2013-0454.html @@ -1,3 +1,17 @@ +!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; +html xmlns=http://www.w3.org/1999/xhtml; + +head +titleSamba - Security Announcement Archive/title +/head + +body + + H2CVE-2013-0454.html:/H2 + +p +pre === == Subject: A writable configured share might get read only == @@ -40,3 +54,11 @@ The release of this information was driven by Ulf Troppens of IBM February, 19th 2013. The required patch got written by Michael Adam 1st of February 2013. + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== +/pre +/body +/html -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 40d783c Call smb_panic when we try to exit the server uncleanly. This gives us the normal traceback and memory dump, but also runs the normal panic action. via 1dcd75d auth/ntlmssp: Avoid use-after-free of user_info after logon failure at log level 5 from e865788 dbwrap: Add a comment explaining a restriction http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 40d783c397ea21d03d1ea7130a438dd8c0d817f1 Author: Richard Sharpe realrichardsha...@gmail.com Date: Tue Mar 26 20:17:11 2013 -0700 Call smb_panic when we try to exit the server uncleanly. This gives us the normal traceback and memory dump, but also runs the normal panic action. Signed-off-by: Richard Sharpe realrichardsha...@gmail.com Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Wed Mar 27 22:58:37 CET 2013 on sn-devel-104 commit 1dcd75df4941d7032a66d3fbb86ac7696a3f Author: Andrew Bartlett abart...@samba.org Date: Fri Mar 15 13:00:55 2013 +1100 auth/ntlmssp: Avoid use-after-free of user_info after logon failure at log level 5 Reviewed-by: Jeremy Allison j...@samba.org --- Summary of changes: auth/ntlmssp/ntlmssp_server.c |2 +- source3/smbd/server_exit.c|8 +--- 2 files changed, 2 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c index d9bea1c..442bd5d 100644 --- a/auth/ntlmssp/ntlmssp_server.c +++ b/auth/ntlmssp/ntlmssp_server.c @@ -449,11 +449,11 @@ static NTSTATUS ntlmssp_server_check_password(struct gensec_security *gensec_sec gensec_ntlmssp-server_returned_info, user_session_key, lm_session_key); } - talloc_free(user_info); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(5, (__location__ : Checking NTLMSSP password for %s\\%s failed: %s\n, user_info-client.domain_name, user_info-client.account_name, nt_errstr(nt_status))); } + TALLOC_FREE(user_info); NT_STATUS_NOT_OK_RETURN(nt_status); diff --git a/source3/smbd/server_exit.c b/source3/smbd/server_exit.c index fa28374..dfa2b1d 100644 --- a/source3/smbd/server_exit.c +++ b/source3/smbd/server_exit.c @@ -202,14 +202,8 @@ static void exit_server_common(enum server_exit_reason how, printing_end(); if (how != SERVER_EXIT_NORMAL) { - DEBUGSEP(0); - DEBUG(0,(Abnormal server exit: %s\n, - reason ? reason : no explanation provided)); - DEBUGSEP(0); - log_stack_trace(); - - dump_core(); + smb_panic(reason); /* Notreached. */ exit(1); -- Samba Shared Repository