Re: [Samba] Static entries NOT working (Debian, Ubuntu)
Are you sure this is working ? I tried it and it doesnt. I have winbind installed and can findsmb / smbtree . pinging the NetBIOS names found by previous commandes works. pinging the ones I added manually doesn't. I also tried copy/pasting entries and just changing the IP with no success Even the entries with TTL set to zero are overwritten when restarting SAMBA. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] dynamic dns for Linux clients
Version 4.0.6-GIT-9bfcb9f openSUSE 12.3 client with 3.6.12 Hi I've a problem with a Linux box joined to a domain which sometimes can't connect. Login, kinit fail. The DC doesn't recognise it. I've traced this to (almost certainly) DNS. When it's 192.168.1.21 it's fine. Maybe it was .21 when it first joined? The other Linux boxes work fine whatever DHCP gives them. I've worked around it by giving it a static ip and setting the DHCP range from 22 up but it would be better if I could find out why it is the one box which is problematic. I've tried both Winbind and sssd on the client with the same results. Where would I start to debug this? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Rsyncing Samba4 Roaming Profiles between servers
On 17/04/2013 16:32, Rob Beard wrote: Hi folks, I've got a bit of an issue with roaming profiles and I wondered if someone might be able to help please? :-) We've started rolling out Samba 4 across our network. Currently it's on 3 of our 4 sites, one site has two Samba servers and two sites have one Samba server each (well one site has two Samba 4 servers but one of the servers was an oldish test box which I'm planning on removing from AD when I can work out how to, but that's a separate issue). I've managed to get roaming profiles working for the users on each site. Each user is currently configured to store their roaming profile on the server on the site that they're based at. This seems to work pretty well with our Windows 7 clients and the users are happy that they can now login to any PC and get their desktop icons etc. Now my boss would like the ability to be able to login to a PC on a remote site (as in, not the site where his roaming profile is stored) and have the profile available. It seems to work without making any changes but it is quite slow logging on and off (I put this down to the fairly slow ADSL links we have between the sites). I was giving the issue some thought and tried creating a test user and changing the profile path to %logonserver%\profiles\user.name which when logging on created a profile on the logon server of whichever site I was at. However, I tried then rsyncing this profile across from one server at one site to another server (I've also tried it between two servers on the same site) but the permissions seem to get corrupted... If I look at the permissions in a Linux terminal I get the following... Output from ls -lh on Server 1: drwxrwx---+ 14 360 users 4.0K Apr 17 16:15 charles.carmichael.V2 Output from ls -lh on Server 2: drwxrwx---+ 14 360 users 4.0K Apr 17 16:15 charles.carmichael.V2 So the permissions look okay to me unless I'm missing something. If I check the permissions of the two profile folders in Windows 7 I get the following: Server 1 Permissions: SYSTEM - Full Control Charles.Carmichael - Full Control Server 2 Permissions: Everyone - None RANDOMPC$ - Full Control Random Group - Full Control Domain Users - None CREATOR OWNER - Special CREATOR GROUP - Special On Server 1 the owner is the user of the profile, on Server 2 the owner is RANDOMPC$. Both Server 1 and Server 2 are running Samba 4.0.3, Debian Squeeze AMD64 with the kernel 2.6.32-5-amd64. If it helps the filesystems are ext4 and have the options user_xattr,acl,barrier=1 in fstab. What we'd like to do is run an rsync overnight and copy the differences between the servers, but as we're coming across these issues we're a bit stuck. If anyone could help, or maybe suggest another way of syncing the roaming profiles between the servers that would be great. Thanks in advance, Rob Hi folks, Further to Ricky's reply, I've had a look at the xattr's and acl's of the profiles folder after running an rsync with the -p, -A and -X switches. Checking the permissions on both servers they appear to be the same, the have the same owner and groups. Having checked the acls and xattrs they match on both servers. I've restarted Samba on the second server after rsyncing to it and checked the permissions again but I'm still getting the incorrect permissions :-( I wondered if there might be anywhere I can check where the permissions might be stored? Ta, Rob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Exceeding 200 client connections - samba 3.5.4 and squid
Hi, We have a central pair of squid proxy servers running Samba Version 3.5.4-0.83.el5_7.2, on CentOS 5.4, which are using NTLM authentication for a number of trusted domains over WAN connections (all 100Mbit fibre links, so shouldn't be considered slow). Recently we've noticed that the winbind connections are exceeding the default 200, as below, [2013/04/16 10:19:15.510056, 0] winbindd/winbindd.c:914(winbindd_listen_fde_handler) winbindd: Exceeding 200 client connections, no idle connection found[2013/04/16 10:19:15.548416, 0] winbindd/winbindd.c:914(winbindd_listen_fde_handler) winbindd: Exceeding 200 client connections, no idle connection found[2013/04/16 10:19:15.548545, 0] winbindd/winbindd.c:914(winbindd_listen_fde_handler) I've read a fair number of the posts from a years ago on here, putting similar issues down to a bug with was fixed in 3.0.25, so I would assume this won't be affecting the version we're running and that it's possible our servers are in fact genuinely exceeding 200 client connections. There's possibly about 4,000 clients on the network at any given time. I have a few questions which I was hoping someone would be able to help me answer, 1) Is there a way to monitor the number of winbind client connections in use? 2) will this version of samba allow me to increase this using the winbind max clients option in the smb.conf? 3) would it be recommend to upgrade to a newer version completely? Thanks in advance, all input is appreciated, Sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Rsyncing Samba4 Roaming Profiles between servers
are you using getfattr to check ntacl attributes? getfattr -d -m .* folder should dump all extended attributes, itll return a Not available on security.NTACL if there are no extended attributes. On Mon, Apr 22, 2013 at 7:24 PM, Rob Beard r...@mareandfoal.org wrote: On 17/04/2013 16:32, Rob Beard wrote: Hi folks, I've got a bit of an issue with roaming profiles and I wondered if someone might be able to help please? :-) We've started rolling out Samba 4 across our network. Currently it's on 3 of our 4 sites, one site has two Samba servers and two sites have one Samba server each (well one site has two Samba 4 servers but one of the servers was an oldish test box which I'm planning on removing from AD when I can work out how to, but that's a separate issue). I've managed to get roaming profiles working for the users on each site. Each user is currently configured to store their roaming profile on the server on the site that they're based at. This seems to work pretty well with our Windows 7 clients and the users are happy that they can now login to any PC and get their desktop icons etc. Now my boss would like the ability to be able to login to a PC on a remote site (as in, not the site where his roaming profile is stored) and have the profile available. It seems to work without making any changes but it is quite slow logging on and off (I put this down to the fairly slow ADSL links we have between the sites). I was giving the issue some thought and tried creating a test user and changing the profile path to %logonserver%\profiles\user.**namehttp://user.namewhich when logging on created a profile on the logon server of whichever site I was at. However, I tried then rsyncing this profile across from one server at one site to another server (I've also tried it between two servers on the same site) but the permissions seem to get corrupted... If I look at the permissions in a Linux terminal I get the following... Output from ls -lh on Server 1: drwxrwx---+ 14 360 users 4.0K Apr 17 16:15 charles.carmichael.V2 Output from ls -lh on Server 2: drwxrwx---+ 14 360 users 4.0K Apr 17 16:15 charles.carmichael.V2 So the permissions look okay to me unless I'm missing something. If I check the permissions of the two profile folders in Windows 7 I get the following: Server 1 Permissions: SYSTEM - Full Control Charles.Carmichael - Full Control Server 2 Permissions: Everyone - None RANDOMPC$ - Full Control Random Group - Full Control Domain Users - None CREATOR OWNER - Special CREATOR GROUP - Special On Server 1 the owner is the user of the profile, on Server 2 the owner is RANDOMPC$. Both Server 1 and Server 2 are running Samba 4.0.3, Debian Squeeze AMD64 with the kernel 2.6.32-5-amd64. If it helps the filesystems are ext4 and have the options user_xattr,acl,barrier=1 in fstab. What we'd like to do is run an rsync overnight and copy the differences between the servers, but as we're coming across these issues we're a bit stuck. If anyone could help, or maybe suggest another way of syncing the roaming profiles between the servers that would be great. Thanks in advance, Rob Hi folks, Further to Ricky's reply, I've had a look at the xattr's and acl's of the profiles folder after running an rsync with the -p, -A and -X switches. Checking the permissions on both servers they appear to be the same, the have the same owner and groups. Having checked the acls and xattrs they match on both servers. I've restarted Samba on the second server after rsyncing to it and checked the permissions again but I'm still getting the incorrect permissions :-( I wondered if there might be anywhere I can check where the permissions might be stored? Ta, Rob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Rsyncing Samba4 Roaming Profiles between servers
On 22/04/2013 11:06, Hisham Attar wrote: are you using getfattr to check ntacl attributes? getfattr -d -m .* folder should dump all extended attributes, itll return a Not available on security.NTACL if there are no extended attributes. Hi Hisham, Thanks for the pointer, I've checked the output of getfattr -d -m .* on both servers and they are coming up with the same output apart from user.DOSATTRIB, on the second server that is causing the issue the user.DOSATTRIB doesn't have anything applied to it, whereas on the original server user.DOSATTRIB has a string of characters assigned to it. security.NTACL, system.posix_acl_access and system.posix_acl_default are the same on both servers. I've manually copied over the attributes using setfattr -n attribute --value=value folder and I'm still getting the same issue. Rob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [samba4] crash of winbind after ls -l /usr/local/samba/var/locks/sysvol
Hi On 21 April 2013 14:07, François Lafont flafdiv...@free.fr wrote: Hello, Le 20/04/2013 20:00, Michael Wood a écrit : As Andrew suggested it would be good if you could run it under valgrind and reproduce the crash. I don't know valgrind sorry. In spite of all, I have tried this: --- apt-get install valgrind ./configure --enable-debug #--- I add the --enable-debug make make install samba-tool domain provision --realm=CHEZMOI.PRIV --domain=CHEZMOI --server-role=dc --dns-backend=SAMBA_INTERNAL --adminpass='+toto123' echo nameserver 192.168.0.21 /etc/resolv.conf samba ln -s /usr/local/samba/lib/libnss_winbind.so /lib/libnss_winbind.so ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 # I put winbind in the nsswitch.conf file. sed -i -r -e 's/^(passwd:.*)$/\1 winbind/g' -e 's/^(group:.*)$/\1 winbind/g' /etc/nsswitch.conf valgrind --leak-check=full samba -i M single out 21 --- Here is the output during the ls -l /usr/local/samba/var/locks/sysvol/ problem: http://sisco.laf.free.fr/codes/samba4_gid_300_valgrind.log Will that be enough? Also, you should probably log a bug in bugzilla. It's done: https://bugzilla.samba.org/show_bug.cgi?id=9820 Did winbind also crash when you ran it under valgrind? Perhaps you should attach the two logs directly to the bug instead of just linking to them. One of the Samba developers will have to let you know if the information you have provided is enough. Regards, Michael -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Rsyncing Samba4 Roaming Profiles between servers
To me it looks like its inheriting permissions from the Parent folder on your second server. The permissions from server 1 are explicit because AD creates those when you first set a home directory and it doesnt exist. Maybe try checking inheritance, if its there untick it on the folder and see if the rsync restores the correct attributes. On Mon, Apr 22, 2013 at 9:21 PM, Rob Beard r...@mareandfoal.org wrote: On 22/04/2013 11:06, Hisham Attar wrote: are you using getfattr to check ntacl attributes? getfattr -d -m .* folder should dump all extended attributes, itll return a Not available on security.NTACL if there are no extended attributes. Hi Hisham, Thanks for the pointer, I've checked the output of getfattr -d -m .* on both servers and they are coming up with the same output apart from user.DOSATTRIB, on the second server that is causing the issue the user.DOSATTRIB doesn't have anything applied to it, whereas on the original server user.DOSATTRIB has a string of characters assigned to it. security.NTACL, system.posix_acl_access and system.posix_acl_default are the same on both servers. I've manually copied over the attributes using setfattr -n attribute --value=value folder and I'm still getting the same issue. Rob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4: W2k clients cannot perform dynamic updates (TSIG failure)
Hi all, I am running samba 4.0.5 as Active-Directory Domain Controller with bind9 9.8 and I am using the BIND9_DLZ mech. I have setup my DNS quite exactly as described on the samba4_dns HowTo, but I am facing following problems: Win2000 clients are NOT ABLE to update/add/delete dynamic dns ressource records to the DNS database, because it seems they cannot be verified by samba4? The BIND9 log with debug level 3 shows error messages like that: [...] 22-Apr-2013 13:50:56.373 update-security: error: client 172.16.200.66#1343: upda te 'ad.mycompany.com/IN' denied [...] 22-Apr-2013 13:50:56.392 client: debug 3: client 172.16.200.66#1344: read 22-Apr-2013 13:50:56.392 client: debug 3: client @0x7f9a576948d0: accept 22-Apr-2013 13:50:56.395 client: debug 3: client 172.16.200.66#1344: TCP request 22-Apr-2013 13:50:56.395 client: debug 3: client 172.16.200.66#1344: query 22-Apr-2013 13:50:56.396 general: debug 3: failed gss_inquire_cred: GSSAPI error : Major = Unspecified GSS failure. Minor code may provide more information, Min or = Credentials cache file '/tmp/krb5cc_110' not found. 22-Apr-2013 13:50:56.403 general: debug 3: gss-api source name (accept) is smb4t estwin2k$@AD.MYCOMPANY.COM 22-Apr-2013 13:50:56.403 client: debug 3: client 172.16.200.66#1344: send 22-Apr-2013 13:50:56.403 client: debug 3: client 172.16.200.66#1344: sendto 22-Apr-2013 13:50:56.404 client: debug 3: client 172.16.200.66#1344: senddone [...] 22-Apr-2013 13:50:56.536 client: debug 3: client 172.16.200.66#1346: TCP request 22-Apr-2013 13:50:56.536 client: debug 3: client 172.16.200.66#1346: query 22-Apr-2013 13:50:56.537 general: debug 3: failed gss_inquire_cred: GSSAPI error : Major = Unspecified GSS failure. Minor code may provide more information, Min or = Credentials cache file '/tmp/krb5cc_110' not found. 22-Apr-2013 13:50:56.543 general: debug 3: gss-api source name (accept) is smb4t estwin2k$@AD.MYCOMPANY.COM 22-Apr-2013 13:50:56.544 client: debug 3: client 172.16.200.66#1346: send 22-Apr-2013 13:50:56.544 client: debug 3: client 172.16.200.66#1346: sendto 22-Apr-2013 13:50:56.544 client: debug 3: client 172.16.200.66#1346: senddone 22-Apr-2013 13:50:56.544 client: debug 3: client 172.16.200.66#1346: next 22-Apr-2013 13:50:56.544 client: debug 3: client 172.16.200.66#1346: endrequest 22-Apr-2013 13:50:56.544 client: debug 3: client 172.16.200.66#1346: read 22-Apr-2013 13:50:56.549 client: debug 3: client 172.16.200.66#1346: next 22-Apr-2013 13:50:56.549 client: debug 3: client 172.16.200.66#1346: endrequest 22-Apr-2013 13:50:56.549 client: debug 3: client 172.16.200.66#1346: closetcp 22-Apr-2013 13:50:56.563 client: debug 3: client 172.16.200.66#1347: UDP request 22-Apr-2013 13:50:56.564 general: debug 3: GSS verify error: GSSAPI error: Major = A token had an invalid Message Integrity Check (MIC), Minor = Unknown error. [...] 22-Apr-2013 13:50:56.707 security: error: client 172.16.200.66#1351: request has invalid signature: TSIG 910533066770-2 (smb4testwin2k\$\@AD.MYCOMPANY.COM) : tsig verify failure (BADSIG) Anyone knows more about that and know how to debug/fix that? Any help appreciated. Thanks a lot. Lucas. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 backup script
Hi list I recently encountered errors while trying to backup the samba4 AD. Apparently tar had some problems with sockets in the samba4 directory. I modified the samba4 backup script, perhaps this or a similar change is good to include upstream? Cheers Simon Oosthoek #!/bin/sh # # THIS FILE IS DISTRIBUTED BY PUPPET # # # # Copyright (C) Matthieu Patou m...@matws.net 2010-2011 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see http://www.gnu.org/licenses/. # FROMWHERE=/var/lib/samba4/ WHERE=/var/backup/samba4/ if [ -n $1 ] [ $1 = -h -o $1 = --usage ]; then echo samba_backup [provisiondir] [destinationdir] echo Will backup your provision located in provisiondir to archive stored in destinationdir echo Default provisiondir: $FROMWHERE echo Default destinationdir: $WHERE exit 0 fi [ -n $1 -a -d $1 ]FROMWHERE=$1 [ -n $2 -a -d $2 ]WHERE=$2 DIRS=private sysvol #Number of days to keep the backup DAYS=90 WHEN=$(date +%d%m%y) if [ ! -d $WHERE ]; then echo Missing backup directory $WHERE exit 1 fi if [ ! -d $FROMWHERE ]; then echo Missing or wrong provision directory $FROMWHERE exit 1 fi cd $FROMWHERE for d in $DIRS;do relativedirname=$(find . -type d -name $d -prune) n=$(echo $d | sed 's,/,_,g') if [ $d = private ]; then find $relativedirname -name *.ldb.bak -exec rm {} \; for ldb in $(find $relativedirname -name *.ldb); do if tdbbackup $ldb then : else echo Error while backuping $ldb exit 1 fi done find $relativedirname -type f -o -type d |grep -v '\.ldb$' |cpio --quiet -o --format=tar |bzip2 $WHERE/samba4_${n}.$WHEN.tar.bz2 if [ ! -f $WHERE/samba4_${n}.$WHEN.tar.bz2 ] || [ $(stat -c %s $WHERE/samba4_${n}.$WHEN.tar.bz2) -eq 0 ]; then echo Error while archiving ${WHERE}/samba4_${n}.${WHEN}.tar.bz2 exit 1 fi find $relativedirname -name *.ldb.bak -exec rm {} \; else find $relativedirname -type f -o -type d |cpio --quiet -o --format=tar |bzip2 $WHERE/${n}.$WHEN.tar.bz2 if [ ! -f $WHERE/${n}.$WHEN.tar.bz2 ] || [ $(stat -c %s $WHERE/${n}.$WHEN.tar.bz2) -eq 0 ]; then echo Error while archiving ${WHERE}/${n}.${WHEN}.tar.bz2 exit 1 fi fi done find $WHERE -name samba4_*bz2 -mtime +$DAYS -exec rm {} \; /dev/null 21 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Static entries NOT working (Debian, Ubuntu)
On Sun, Apr 21, 2013 at 1:24 PM, thomas t.macai...@beware.fr wrote: Are you sure this is working ? I tried it and it doesnt. Yes, I have static entries that are still there from months ago. I have winbind installed and can findsmb / smbtree . pinging the NetBIOS names found by previous commandes works. pinging the ones I added manually doesn't. I also tried copy/pasting entries and just changing the IP with no success Even the entries with TTL set to zero are overwritten when restarting SAMBA. I think any entry will get over written if a client registers that same name. I'm using the entries for things like WPAD and ISATAP. You can't force an IP address with WINS. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] One of our users cannot connect to Samba-shares
Hi all, we here have a user that got a new Windows 7 client (before he had Windows XP) and now is no longer able to connect to our Samba shares. Testing his client with another account has proven that the client is not the problem, other user can connect. Also testing the user on another (Windows 7) client gave the result that the user is not allowed to access. Running Samba with different log levels (up to 99 :)) first show only a simple [2013/04/22 13:10:18.503496, 1, pid=13437, effective(0, 0), real(0, 0)] smbd/sesssetup.c:332(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! Increasing the debug level then gave: [2013/04/22 14:18:28.769410, 10, pid=23552, effective(0, 0), real(0, 0)] smbd/sesssetup.c:1150(check_spnego_blob_complete) check_spnego_blob_complete: needed_len = 21149, pblob-length = 16460 [2013/04/22 14:18:28.769454, 3, pid=23552, effective(0, 0), real(0, 0)] smbd/error.c:80(error_packet_set) error packet at smbd/sesssetup.c(1317) cmd=115 (SMBsesssetupX) NT_STATUS_MORE_PROCESSING_REQUIRED . [2013/04/22 14:18:28.800264, 10, pid=23552, effective(0, 0), real(0, 0)] smbd/sesssetup.c:1053(check_spnego_blob_complete) check_spnego_blob_complete: pad-partial_data.length = 16460, pad-needed_len = 4689, copy_len = 16460, pblob-length = 16460, . [2013/04/22 14:18:28.800603, 3, pid=23552, effective(0, 0), real(0, 0)] smbd/sesssetup.c:806(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 21071 [2013/04/22 14:18:28.801778, 3, pid=23552, effective(0, 0), real(0, 0)] libads/kerberos_verify.c:391(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [23] failed to decrypt with error ASN.1 structure is missing a required field [2013/04/22 14:18:28.801969, 3, pid=23552, effective(0, 0), real(0, 0)] libads/kerberos_verify.c:391(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [1] failed to decrypt with error ASN.1 structure is missing a required field [2013/04/22 14:18:28.802129, 3, pid=23552, effective(0, 0), real(0, 0)] libads/kerberos_verify.c:391(ads_secrets_verify_ticket) ads_secrets_verify_ticket: enc type [3] failed to decrypt with error ASN.1 structure is missing a required field [2013/04/22 14:18:28.802179, 3, pid=23552, effective(0, 0), real(0, 0)] libads/kerberos_verify.c:589(ads_verify_ticket) ads_verify_ticket: krb5_rd_req with auth failed (ASN.1 structure is missing a required field) [2013/04/22 14:18:28.802221, 10, pid=23552, effective(0, 0), real(0, 0)] libads/kerberos_verify.c:598(ads_verify_ticket) ads_verify_ticket: returning error NT_STATUS_LOGON_FAILURE [2013/04/22 14:18:28.802284, 1, pid=23552, effective(0, 0), real(0, 0)] smbd/sesssetup.c:332(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! So where is the problem with this special user? Why is it's spnego-information that large (21149 bytes!!) ? Any idea what we can do further? (our problem is that we have very restricted access to the active directory...) Thanks a lot, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Applying head to wall to figure out permissions issues.
I have a permissions issue on a Samba DC running 3.5.6. UserA does not have permissions to write to file opened by UserB. Specifically, a file created by UserA gets 764 permissions and UserB can't write to the file until permissions are changed either on the server to +w for other or UserA changes the permissions on the file from Windows for Everyone to have write permissions. I have tried nt acl support = no. I have gone line by line through the conf and can't see why this is not working. What information can I provide to for someone to better understand the issue? Attached my smb.conf. -- Wayne Edgar http://j.mp/wayneedgar [global] netbios name = Sampson netbios aliases = gatr workgroup = GATRHSV server string = GATR File Server wins support = yes ; wins server = w.x.y.z dns proxy = no name resolve order = lmhosts host wins bcast time server = yes interfaces = eth0 hosts deny = 10.56.61.0/255.255.255.0 bind interfaces only = yes log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes domain logons = yes logon path = logon drive = H: logon home = \\%N\%U preexec = /etc/samba/bin/netlogon %U logon script = %U.bat add user script = /usr/sbin/adduser --quiet --disabled-password --gecos %u add machine script = /usr/sbin/useradd -g machines -c %u machine account -d /home/samba/machines/ -s /bin/false %u add group script = /usr/sbin/addgroup --force-badname %g ; printing = bsd ; printcap name = /etc/printcap ; printing = cups ; printcap name = cups ; include = /home/samba/etc/smb.conf.%m socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 ; message command = /bin/sh -c '/usr/bin/linpopup %f %m %s; rm %s' domain master = yes preferred master = yes local master = yes os level = 255 ; idmap uid = 1-2 ; idmap gid = 1-2 ; template shell = /bin/bash ; winbind enum groups = yes ; winbind enum users = yes ; usershare max shares = 100 [homes] comment = Home Directories browseable = no read only = no create mask = 0775 directory mask = 0775 valid users = %S profile acls = yes nt acl support = no [netlogon] comment = Network Logon Service path = /home/samba/netlogon browsable = no guest ok = yes read only = yes share modes = no [sysadmin] comment = Systems Administration Files writeable = yes valid users = @sysadmin path = /home/samba/sysadmin browseable = no guest ok = no create mask = 0775 directory mask = 0775 [finance] comment = Accounting Directory writeable = yes valid users = @finance,@quickbooks path = /home/samba/finance guest ok = no create mask = 0775 directory mask = 0775 oplocks = no [busdev] comment = Business Development Directory writeable = yes valid users = @busdev path = /home/samba/busdev guest ok = no create mask = 0775 directory mask = 0775 hide unreadable = true [hr] comment = Human Resources Directory writeable = yes valid users = @hr path = /home/samba/hr guest ok = no create mask = 0775 directory mask = 0775 hide unreadable = true [shared] comment = Shared Directory writeable = yes valid users = @gatr path = /home/samba/shared create mask = 0775 directory mask = 0775 nt acl support = no [oldserver] comment = Old Server Data writeable = yes valid users = @gatr, rick path = /home/samba/oldserver create mask = 0775 directory mask = 0775 follow symlinks = yes wide links = yes force group = gatr force create mode = 775 force directory mode = 775 [design] comment = Design Drive writeable = yes #valid users = @design read list = @gatr write list = @design path = /home/samba/design create mask = 0775 directory mask = 0775 [vault] comment = Solidworks Vault writeable = yes valid users = @design path = /home/samba/swvault create mask = 0775 directory mask = 0775 [production] comment = Production Management writeable = yes valid users = @production path = /home/samba/production create mask = 0775 directory mask = 0775 [scans] comment = Printer Scans writeable = yes valid users = @gatr path = /home/scans create mask = 0775 directory mask = 0775 [purchasing] comment = Purchasing writeable = yes valid users = @purchasing path = /home/samba/purchasing create mask = 0775 directory mask = 0775 [qms] comment = Quality Management System writeable = yes
[Samba] New Windows 8 RSAT and OU=Domain Controllers support?
Hello, We have two DCs. One runs Windows 2003 R2, and the other Samba 4.0.5. Forest functional level is Windows 2000 native. I recently demoted (worked flawlessy now, which was a great relief), rebuilt and re-promoted my Samba 4 DC, as my problems that I posted to this list about two monts were still unresolved (see https://lists.samba.org/archive/samba/2013-February/171898.html), and I thoght that I might as well give it a shot. And yes, it all seems to work now. (I even got the rfc2307 uid/gid support working, finally! Doesn't matter a lot on a DC-only box, but still.) Everything, this far, except one thing: if 1. RSAT, specifically one shipped with Windows Vista or newer (older tools do not seem to be affected) is used to manage the domain, 2. Samba 4 DC is the domain controller that RSAT's AD User and Computers console connects to, and 3. one clicks the Domain Controllers OU in the tree then the following error message will result: Data from Domain Controllers is not available from Domain Controller SAMBA4DC.mydomain.site because: An operations error occurred. Try again later, or choose another DC by selecting Connect to Domain Controller on the Domain context menu. At the same time the following is written to log.samba: [2013/04/17 18:03:24, 0] ../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug) ldb: acl_read: CN=W2K3R2DC,OU=Domain Controllers,DC=mydomain,DC=site cannot find attr[msDS-isRODC] in of schema If the RSAT's AD Users Computers console is deliberately changed to use our Windows DC, the problem disappears. The console reports DC version for the domain controllers as W2K3 for the Windows DC and as W2K for the Samba DC. Is this error expected? I find the error message in log.samba a bit peculiar, because it talks about msDS-isRODC attribute. But the way I see it there shouldn't even be anything RODC-related in the schema, as a prerequisite for any RODCs is Windows 2003 forest functional level, and even then the schema should be extended first (see http://technet.microsoft.com/en-us/library/cc731243%28v=ws.10%29.aspx for Microsoft's documentation). Because Samba doesn't really seem to support Windows 2000 functional level properly anymore (samba-tool domain level just showed the following error: ERROR: Could not retrieve the actual domain, forest level and/or lowest DC function level!), and we no longer had real reasons to stick to that, I tried to promote the forest. Now that failed too, and I had to demote Samba (so that Windows doesn't think it is just a W2k box), raise forest level on Windows, and then purge Samba's config and re-join it. (Simply running samba-tool domain dcpromo doesn't work either--it just gives an error Account SAMBA4DC$ appears to be an active DC, use 'samba-tool domain join' if you must re-create this account.) But: now the forest functional level *is* Windows 2003, RSAT AD User Computers reports the Samba DC as W2k8 R2, and all this still didn't affect the actual RSAT / ldb: acl_read error at all. The issue is still reproducible! I don't know if running the MS adprep tool on the Windows DC would help (see the Technet article linked above), but that tool is anyway only shipped with Windows 2008, and I don't have that. Should I file a bug? Or is this error expected? Any experiences by people who regularly run newer RSATs? What about those that also have Windows DCs, like me? Thanks, Pekka L.J. Jalkanen PS. The Win 8 RSAT that I've been trying to use is actually hugely problematic, because there is no way to install the Server for NIS tools that are required for RFC2307 management, even though MS does claim (http://support.microsoft.com/kb/2693643) that those tools are still supported. I can't recommend it to anyone. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] New Windows 8 RSAT and OU=Domain Controllers support?
That attribute is a 2008+ schema attribute, as far as I was aware when you provision with Samba your DC functionality is at 2008 R2 but forest/domain is at 2003 and can be raised to 2008 R2 try samba-tool domain level raise --domain 2008_R2 --forest 2008_R2 maybe that will add the attribute to the schema. On Tue, Apr 23, 2013 at 4:43 AM, Pekka L.J. Jalkanen pekka.jalka...@vihreat.fi wrote: Hello, We have two DCs. One runs Windows 2003 R2, and the other Samba 4.0.5. Forest functional level is Windows 2000 native. I recently demoted (worked flawlessy now, which was a great relief), rebuilt and re-promoted my Samba 4 DC, as my problems that I posted to this list about two monts were still unresolved (see https://lists.samba.org/archive/samba/2013-February/171898.html), and I thoght that I might as well give it a shot. And yes, it all seems to work now. (I even got the rfc2307 uid/gid support working, finally! Doesn't matter a lot on a DC-only box, but still.) Everything, this far, except one thing: if 1. RSAT, specifically one shipped with Windows Vista or newer (older tools do not seem to be affected) is used to manage the domain, 2. Samba 4 DC is the domain controller that RSAT's AD User and Computers console connects to, and 3. one clicks the Domain Controllers OU in the tree then the following error message will result: Data from Domain Controllers is not available from Domain Controller SAMBA4DC.mydomain.site because: An operations error occurred. Try again later, or choose another DC by selecting Connect to Domain Controller on the Domain context menu. At the same time the following is written to log.samba: [2013/04/17 18:03:24, 0] ../lib/ldb-samba/ldb_wrap.c:69(ldb_wrap_debug) ldb: acl_read: CN=W2K3R2DC,OU=Domain Controllers,DC=mydomain,DC=site cannot find attr[msDS-isRODC] in of schema If the RSAT's AD Users Computers console is deliberately changed to use our Windows DC, the problem disappears. The console reports DC version for the domain controllers as W2K3 for the Windows DC and as W2K for the Samba DC. Is this error expected? I find the error message in log.samba a bit peculiar, because it talks about msDS-isRODC attribute. But the way I see it there shouldn't even be anything RODC-related in the schema, as a prerequisite for any RODCs is Windows 2003 forest functional level, and even then the schema should be extended first (see http://technet.microsoft.com/en-us/library/cc731243%28v=ws.10%29.aspx for Microsoft's documentation). Because Samba doesn't really seem to support Windows 2000 functional level properly anymore (samba-tool domain level just showed the following error: ERROR: Could not retrieve the actual domain, forest level and/or lowest DC function level!), and we no longer had real reasons to stick to that, I tried to promote the forest. Now that failed too, and I had to demote Samba (so that Windows doesn't think it is just a W2k box), raise forest level on Windows, and then purge Samba's config and re-join it. (Simply running samba-tool domain dcpromo doesn't work either--it just gives an error Account SAMBA4DC$ appears to be an active DC, use 'samba-tool domain join' if you must re-create this account.) But: now the forest functional level *is* Windows 2003, RSAT AD User Computers reports the Samba DC as W2k8 R2, and all this still didn't affect the actual RSAT / ldb: acl_read error at all. The issue is still reproducible! I don't know if running the MS adprep tool on the Windows DC would help (see the Technet article linked above), but that tool is anyway only shipped with Windows 2008, and I don't have that. Should I file a bug? Or is this error expected? Any experiences by people who regularly run newer RSATs? What about those that also have Windows DCs, like me? Thanks, Pekka L.J. Jalkanen PS. The Win 8 RSAT that I've been trying to use is actually hugely problematic, because there is no way to install the Server for NIS tools that are required for RFC2307 management, even though MS does claim (http://support.microsoft.com/kb/2693643) that those tools are still supported. I can't recommend it to anyone. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Breaking up user homes by letter
Hi, I've been digging all over and I can't seem to find an answer to this. Is there a way to have Samba assign home directory paths by the first letter of a username and then the actual username underneath? Like this: /Users/j/Johnson If I can, is there a way for Samba to also still direct the user right into that folder if in Windows they were to enter \\sbmserver\username file:///\\sbmserver\username ? I'm just trying to separate out the home directories as this may possibly be used by 1000+ at once and I'm worried about performance having all the homes in one directory. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [samba4] crash of winbind after ls -l /usr/local/samba/var/locks/sysvol
[Ooops, sorry Michael for my first message, I have made a mistake with the recipients] Hello, Le 22/04/2013 13:29, Michael Wood a écrit : Did winbind also crash when you ran it under valgrind? Yes, I think so. I have done 2 tests with valgrind --leak-check=full samba -i M single out 21 and for the 2 tests I have the same problem: -- ~# wbinfo -u Administrator Guest krbtgt test1 ~# time ls -l /usr/local/samba/var/locks/sysvol/ total 8 drwxrws---+ 4 root 300 4096 Apr 21 13:00 chezmoi.priv real1m13.350s user0m0.000s sys 0m0.068s ~# wbinfo -u Error looking up domain users -- Perhaps you should attach the two logs directly to the bug instead of just linking to them. Ok, it's done. One of the Samba developers will have to let you know if the information you have provided is enough. Ok, thanks for your help Michael. :) -- François Lafont -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] tree connect failed: NT_STATUS_PIPE_BROKEN
Hi~ Samba(Version 4.0.4) run on an embedded system (kernel version: linux 2.6.32) with conf file like this: [global] workgroup = MYGROUP netbios name = DFTNAS server string = Samba Server security = user log file = /var/log.%m passdb backend = tdbsam [smbshared] comment = Stuff path = /var/smbshared public = no writable = yes printable = no Everything is OK when I'm using the root to connect the samba. But errors occur when I'm using the non root to connect it. # smbclient -L 192.168.100.144 -U hg tree connect failed: NT_STATUS_PIPE_BROKEN Log info : [2013/04/23 09:51:54.636358, 0] lib/util_sec.c:121(assert_gid) Failed to set gid privileges to (-1,1000) now set to (0,0) uid=(0,0) [2013/04/23 09:51:54.636483, 0] lib/util.c:810(smb_panic_s3) PANIC (pid 2105): failed to set gid Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Applying head to wall to figure out permissions issues.
-Original Message- From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of Wayne Edgar Sent: Monday, April 22, 2013 12:33 PM To: samba@lists.samba.org Subject: [Samba] Applying head to wall to figure out permissions issues. I have a permissions issue on a Samba DC running 3.5.6. UserA does not have permissions to write to file opened by UserB. Specifically, a file created by UserA gets 764 permissions and UserB can't write to the file until permissions are changed either on the server to +w for other or UserA changes the permissions on the file from Windows for Everyone to have write permissions. I have tried nt acl support = no. I have gone line by line through the conf and can't see why this is not working. What information can I provide to for someone to better understand the issue? Attached my smb.conf. -- Wayne Edgar http://j.mp/wayneedgar Have you considered the force create mode and/or force directory mode parameters in your share? PV If it ain't broken you're not trying -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Applying head to wall to figure out permissions issues.
That did alleviate the symptoms. I still don't know what caused this server to suddenly start doing this. It's worked fine for a long time. I've inherited this DC from a previous IT guy who had crazy tight security. Thanks for the assistance! On Mon, Apr 22, 2013 at 8:59 PM, Paul Venzke venz...@srt.com wrote: -Original Message- From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of Wayne Edgar Sent: Monday, April 22, 2013 12:33 PM To: samba@lists.samba.org Subject: [Samba] Applying head to wall to figure out permissions issues. I have a permissions issue on a Samba DC running 3.5.6. UserA does not have permissions to write to file opened by UserB. Specifically, a file created by UserA gets 764 permissions and UserB can't write to the file until permissions are changed either on the server to +w for other or UserA changes the permissions on the file from Windows for Everyone to have write permissions. I have tried nt acl support = no. I have gone line by line through the conf and can't see why this is not working. What information can I provide to for someone to better understand the issue? Attached my smb.conf. -- Wayne Edgar http://j.mp/wayneedgar Have you considered the force create mode and/or force directory mode parameters in your share? PV If it ain't broken you're not trying -- Wayne Edgar http://j.mp/wayneedgar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Applying head to wall to figure out permissions issues.
HI, MS Office files or all files? Office files can have this issue. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Wayne Edgar Gesendet: Montag, 22. April 2013 19:33 An: samba@lists.samba.org Betreff: [Samba] Applying head to wall to figure out permissions issues. I have a permissions issue on a Samba DC running 3.5.6. UserA does not have permissions to write to file opened by UserB. Specifically, a file created by UserA gets 764 permissions and UserB can't write to the file until permissions are changed either on the server to +w for other or UserA changes the permissions on the file from Windows for Everyone to have write permissions. I have tried nt acl support = no. I have gone line by line through the conf and can't see why this is not working. What information can I provide to for someone to better understand the issue? Attached my smb.conf. -- Wayne Edgar http://j.mp/wayneedgar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] CTDB repository - branch 1.2.40 updated - ctdb-1.2.61-17-g2cf0ceb
The branch, 1.2.40 has been updated via 2cf0ceb20c87756cf2e012d67129c0205c6db9aa (commit) via 02e349d158cfa5413e391066e098413f981c592b (commit) via 905a5a6fdf69a79574fcfff272aaa9b292eac159 (commit) via 5e157d829efff1bed94c1cc65a220148c769e559 (commit) via 57e520c86cd59776e6e850be6ae02b3345e6ab3a (commit) via e71243dc514752bd19dfd8cdf1eda30809d67494 (commit) via 485b32d77972271dd0c5938ab5aa1d657484ae5e (commit) via 0f39c9bf47a5d84b1b5e3af19e6e8cd610dbfef6 (commit) via f4c04ee072772450e269c71db3c6c0f4331537a8 (commit) via b90249874c45c291e25515286a81c3cfe1b0ca6f (commit) via 764359b2081b7b6aad6af17e9b86b7df0e422416 (commit) via 64bbe9f35f58b5f2af23acfa6ded9751839b9ece (commit) via 63debc8aecd8ab626d827d508109fefa9503c101 (commit) via dd465bfcf5bc8cffcae3abb58100b68d46ccda49 (commit) via 7dc9c1d3edcba5b61bdffb4ed213a216cd8ee809 (commit) via 859e72b1f6e7f438fe36e5ae303ef2ee713f5f41 (commit) via 4de7ec7931062e640665c91a53182bb34d6f55cc (commit) from f7a21af8adc65c72326c0f955e5e1712467951ad (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.2.40 - Log - commit 2cf0ceb20c87756cf2e012d67129c0205c6db9aa Author: Amitay Isaacs ami...@gmail.com Date: Mon Apr 22 14:26:56 2013 +1000 New version 1.2.62 Signed-off-by: Amitay Isaacs ami...@gmail.com commit 02e349d158cfa5413e391066e098413f981c592b Author: Amitay Isaacs ami...@gmail.com Date: Fri Apr 19 13:29:04 2013 +1000 ctdbd: Set num_clients statistic from ctdb-num_clients This fixes the problem of ctdb statisticsreset clearing the number of clients even when there are active clients. Values returned in statistics for frozen, recovering, memory_used are based on the current state of CTDB and are not maintained as statistics. This should include num_clients as well. Currently ctdb-num_clients is unused. So use that to track the number of clients and fill in statistics field only when requested. Signed-off-by: Amitay Isaacs ami...@gmail.com (cherry picked from commit dc4ca816630ed44b419108da53421331243fb8c7) commit 905a5a6fdf69a79574fcfff272aaa9b292eac159 Author: Martin Schwenke mar...@meltin.net Date: Mon Apr 22 13:52:04 2013 +1000 ctdbd: Log PID file creation and removal at NOTICE level Unexpected removal of this file can have serious consequences, so it is best if this is logged at the default level. Signed-off-by: Martin Schwenke mar...@meltin.net (cherry picked from commit bfed6a8d1771db3401d12b819204736c33acb312) commit 5e157d829efff1bed94c1cc65a220148c769e559 Author: Martin Schwenke mar...@meltin.net Date: Tue Apr 16 16:10:04 2013 +1000 scripts: Crash cleanup script should pass a tag to logger Signed-off-by: Martin Schwenke mar...@meltin.net commit 57e520c86cd59776e6e850be6ae02b3345e6ab3a Author: Martin Schwenke mar...@meltin.net Date: Mon Apr 15 15:42:55 2013 +1000 scripts: ctdb-crash-cleanup.sh uses initscript to see if ctdbd is running ctdb ping (or ctdb status) can time out. How many times should we try? Instead, depend on the initscript to implement something sane. Signed-off-by: Martin Schwenke mar...@meltin.net Reviewed-by: Michael Adam ob...@samba.org (cherry picked from commit 90cb337e5ccf397b69a64298559a428ff508f196) Conflicts: config/ctdb-crash-cleanup.sh commit e71243dc514752bd19dfd8cdf1eda30809d67494 Author: Martin Schwenke mar...@meltin.net Date: Mon Apr 15 15:18:12 2013 +1000 initscript: Use a PID file to implement the status option Using ctdb ping and ctdb status is fraught with danger. These commands can timeout when ctdbd is running, leading callers to believe that ctdbd is not running. Timeouts could be increased but we would still have to handle potential timeouts. Everything else in the world implements the status option by checking if the relevant process is running. This change makes CTDB do the same thing and uses standard distro functions. This change is backward compatible in sense that a missing /var/run/ctdb/ directory means that we don't do a PID file check but just depend on the distro's checking method. Therefore, if CTDB was started with an older version of this script then service ctdb status will still work. This script does not support changing the value of CTDB_VALGRIND between calls. If you start with CTDB_VALGRIND=yes then you need to check status with the same setting. CTDB_VALGRIND is a debug variable, so this is acceptable. This also adds sourcing of /lib/lsb/init-functions to make the Debian function status_of_proc() available. Signed-off-by: Martin Schwenke mar...@meltin.net
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 8bb8f00 Bug 9807 - wbinfo: fix segfault in wbinfo_pam_logon from afcbaf3 BUG 9766: Cache name_to_sid/sid_to_name correctly. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 8bb8f0011e567501a98a901adcfffbf4f34e73ae Author: David Disseldorp dd...@samba.org Date: Wed Apr 17 10:39:12 2013 -0700 Bug 9807 - wbinfo: fix segfault in wbinfo_pam_logon wbinfo_pam_logon() incorrectly assumes that wbcLogonUser() always returns an allocated wbcAuthErrorInfo struct on failure. Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Wed Apr 17 21:29:29 CEST 2013 on sn-devel-104 --- Summary of changes: nsswitch/wbinfo.c |7 +++ 1 files changed, 3 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c index ac07175..9d25f59 100644 --- a/nsswitch/wbinfo.c +++ b/nsswitch/wbinfo.c @@ -1728,7 +1728,7 @@ static bool wbinfo_pam_logon(char *username) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; struct wbcLogonUserParams params; - struct wbcAuthErrorInfo *error; + struct wbcAuthErrorInfo *error = NULL; char *s = NULL; char *p = NULL; TALLOC_CTX *frame = talloc_tos(); @@ -1779,16 +1779,15 @@ static bool wbinfo_pam_logon(char *username) d_printf(plaintext password authentication %s\n, WBC_ERROR_IS_OK(wbc_status) ? succeeded : failed); - if (!WBC_ERROR_IS_OK(wbc_status)) { + if (!WBC_ERROR_IS_OK(wbc_status) (error != NULL)) { d_fprintf(stderr, error code was %s (0x%x)\nerror message was: %s\n, error-nt_string, (int)error-nt_status, error-display_string); wbcFreeMemory(error); - return false; } - return true; + return WBC_ERROR_IS_OK(wbc_status); } /* Save creds with winbind */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 61d591b Fix bug 9811 - Old DOS SMB CTEMP request uses a non-VFS function to access the filesystem. from 8bb8f00 Bug 9807 - wbinfo: fix segfault in wbinfo_pam_logon http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 61d591bb1eacbd7bcdf6a1c4abe8442edfece524 Author: Jeremy Allison j...@samba.org Date: Thu Apr 18 11:19:20 2013 -0700 Fix bug 9811 - Old DOS SMB CTEMP request uses a non-VFS function to access the filesystem. Fix bug in old create temp SMB request. Only use VFS functions. Signed-off-by: Jeremy Allison j...@samba.org --- Summary of changes: source3/smbd/reply.c | 118 +++-- 1 files changed, 65 insertions(+), 53 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 31f4e2f..ca3a08f 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -2239,13 +2239,14 @@ void reply_ctemp(struct smb_request *req) { connection_struct *conn = req-conn; struct smb_filename *smb_fname = NULL; + char *wire_name = NULL; char *fname = NULL; uint32 fattr; files_struct *fsp; int oplock_request; - int tmpfd; char *s; NTSTATUS status; + int i; TALLOC_CTX *ctx = talloc_tos(); START_PROFILE(SMBctemp); @@ -2258,77 +2259,86 @@ void reply_ctemp(struct smb_request *req) fattr = SVAL(req-vwv+0, 0); oplock_request = CORE_OPLOCK_REQUEST(req-inbuf); - srvstr_get_path_req(ctx, req, fname, (const char *)req-buf+1, + srvstr_get_path_req(ctx, req, wire_name, (const char *)req-buf+1, STR_TERMINATE, status); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); goto out; } - if (*fname) { - fname = talloc_asprintf(ctx, - %s/TMXX, - fname); - } else { - fname = talloc_strdup(ctx, TMXX); - } - if (!fname) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - goto out; - } + for (i = 0; i 10; i++) { + if (*wire_name) { + fname = talloc_asprintf(ctx, + %s/TMP%s, + wire_name, + generate_random_str_list(ctx, 5, 0123456789)); + } else { + fname = talloc_asprintf(ctx, + TMP%s, + generate_random_str_list(ctx, 5, 0123456789)); + } - status = filename_convert(ctx, conn, + if (!fname) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + goto out; + } + + status = filename_convert(ctx, conn, req-flags2 FLAGS2_DFS_PATHNAMES, fname, 0, NULL, smb_fname); - if (!NT_STATUS_IS_OK(status)) { - if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) { - reply_botherror(req, NT_STATUS_PATH_NOT_COVERED, + if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_EQUAL(status,NT_STATUS_PATH_NOT_COVERED)) { + reply_botherror(req, NT_STATUS_PATH_NOT_COVERED, ERRSRV, ERRbadpath); + goto out; + } + reply_nterror(req, status); goto out; } - reply_nterror(req, status); - goto out; - } - - tmpfd = mkstemp(smb_fname-base_name); - if (tmpfd == -1) { - reply_nterror(req, map_nt_error_from_unix(errno)); - goto out; - } - - SMB_VFS_STAT(conn, smb_fname); - - /* We should fail if file does not exist. */ - status = SMB_VFS_CREATE_FILE( - conn, /* conn */ - req,/* req */ - 0, /* root_dir_fid */ - smb_fname, /* fname */ - FILE_GENERIC_READ | FILE_GENERIC_WRITE, /* access_mask */ - FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */ - FILE_OPEN, /* create_disposition*/ - 0, /*
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 07d6347 Fix bug in old create temp SMB request. Only use VFS functions. via 389face Bug 9807 - wbinfo: fix segfault in wbinfo_pam_logon via 376c36b wafsamba: display the default value in help for SAMBA3_ADD_OPTION via 35000ea s3:wscript: change --with-dmapi to default=auto to match the autoconf build from 9bfcb9f Ensure we test the dirsort module in make test. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 07d6347ee3ad546842c7a8704bc79710f84be41a Author: Jeremy Allison j...@samba.org Date: Wed Apr 17 14:42:20 2013 -0700 Fix bug in old create temp SMB request. Only use VFS functions. Signed-off-by: Jeremy Allison j...@samba.org Fix bug #9811 - Old DOS SMB CTEMP request uses a non-VFS function to access the filesystem. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Apr 22 11:28:04 CEST 2013 on sn-devel-104 commit 389faceaa365d314ec49c9629b835d0418e6d222 Author: David Disseldorp dd...@samba.org Date: Wed Apr 17 10:39:12 2013 -0700 Bug 9807 - wbinfo: fix segfault in wbinfo_pam_logon wbinfo_pam_logon() incorrectly assumes that wbcLogonUser() always returns an allocated wbcAuthErrorInfo struct on failure. Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Wed Apr 17 21:29:29 CEST 2013 on sn-devel-104 commit 376c36b61d2984b52cd7aaa5ef1513fe5464bb32 Author: Stefan Metzmacher me...@samba.org Date: Fri Mar 22 09:37:09 2013 +0100 wafsamba: display the default value in help for SAMBA3_ADD_OPTION Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit 81cc940c994424d351ac282383df4d1a57d6b614) Fix bug #9804 - wafsamba: display the default value in help for SAMBA3_ADD_OPTION. commit 35000eabcd6dd170ad6ac0ddb7424979b4cfc76a Author: Stefan Metzmacher me...@samba.org Date: Fri Mar 22 09:39:42 2013 +0100 s3:wscript: change --with-dmapi to default=auto to match the autoconf build Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Wed Apr 3 11:45:12 CEST 2013 on sn-devel-104 (cherry picked from commit 79038397aa8786c92401312973185c7b14e8fa66) Fix bug #9803 - change --with-dmapi to default=auto to match the autoconf build. --- Summary of changes: buildtools/wafsamba/samba3.py | 11 - nsswitch/wbinfo.c |7 +-- source3/smbd/reply.c | 117 ++-- source3/wscript |2 +- 4 files changed, 78 insertions(+), 59 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba3.py b/buildtools/wafsamba/samba3.py index 476d8fc..fd063ad 100644 --- a/buildtools/wafsamba/samba3.py +++ b/buildtools/wafsamba/samba3.py @@ -8,8 +8,17 @@ from samba_autoconf import library_flags def SAMBA3_ADD_OPTION(opt, option, help=(), dest=None, default=True, with_name=with, without_name=without): +if default is None: +default_str=auto +elif default == True: +default_str=yes +elif default == False: +default_str=no +else: +default_str=str(default) + if help == (): -help = (Build with %s support % option) +help = (Build with %s support (default=%s) % (option, default_str)) if dest is None: dest = with_%s % option.replace('-', '_') diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c index aee4004..762382c 100644 --- a/nsswitch/wbinfo.c +++ b/nsswitch/wbinfo.c @@ -1736,7 +1736,7 @@ static bool wbinfo_pam_logon(char *username) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; struct wbcLogonUserParams params; - struct wbcAuthErrorInfo *error; + struct wbcAuthErrorInfo *error = NULL; char *s = NULL; char *p = NULL; TALLOC_CTX *frame = talloc_tos(); @@ -1787,16 +1787,15 @@ static bool wbinfo_pam_logon(char *username) d_printf(plaintext password authentication %s\n, WBC_ERROR_IS_OK(wbc_status) ? succeeded : failed); - if (!WBC_ERROR_IS_OK(wbc_status)) { + if (!WBC_ERROR_IS_OK(wbc_status) (error != NULL)) { d_fprintf(stderr, error code was %s (0x%x)\nerror message was: %s\n, error-nt_string, (int)error-nt_status, error-display_string); wbcFreeMemory(error); -
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5512a43 docs: Fix bug 9809 -- missing entry in specfile from 5727bfa Fix bug in old create temp SMB request. Only use VFS functions. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5512a43a93833d3d6f1721d69c894db0e2c77ef8 Author: Volker Lendecke v...@samba.org Date: Fri Apr 19 16:17:13 2013 +0200 docs: Fix bug 9809 -- missing entry in specfile Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Karolin Seeger ksee...@samba.org Autobuild-User(master): Karolin Seeger ksee...@samba.org Autobuild-Date(master): Mon Apr 22 11:35:52 CEST 2013 on sn-devel-104 --- Summary of changes: packaging/RHEL/samba.spec.tmpl |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/packaging/RHEL/samba.spec.tmpl b/packaging/RHEL/samba.spec.tmpl index 8439256..7df7cb5 100644 --- a/packaging/RHEL/samba.spec.tmpl +++ b/packaging/RHEL/samba.spec.tmpl @@ -370,6 +370,7 @@ fi %{_mandir}/man8/winbindd.8* %{_mandir}/man1/ntlm_auth.1* %{_mandir}/man1/wbinfo.1* +%{_mandir}/man1/dbwrap_*.1* %{_mandir}/man8/vfs_*.8* %{_mandir}/man8/idmap_*.8* -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 7441f3d docs: Fix bug 9809 -- missing entry in specfile from 61d591b Fix bug 9811 - Old DOS SMB CTEMP request uses a non-VFS function to access the filesystem. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 7441f3d9f1d2cec29e0caaeaf7a4fc92761fe82f Author: Volker Lendecke v...@samba.org Date: Fri Apr 19 16:17:13 2013 +0200 docs: Fix bug 9809 -- missing entry in specfile Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Karolin Seeger ksee...@samba.org Autobuild-User(master): Karolin Seeger ksee...@samba.org Autobuild-Date(master): Mon Apr 22 11:35:52 CEST 2013 on sn-devel-104 (cherry picked from commit 5512a43a93833d3d6f1721d69c894db0e2c77ef8) --- Summary of changes: packaging/RHEL/samba.spec.tmpl |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/packaging/RHEL/samba.spec.tmpl b/packaging/RHEL/samba.spec.tmpl index adbc6df..a689435 100644 --- a/packaging/RHEL/samba.spec.tmpl +++ b/packaging/RHEL/samba.spec.tmpl @@ -370,6 +370,7 @@ fi %{_mandir}/man8/winbindd.8* %{_mandir}/man1/ntlm_auth.1* %{_mandir}/man1/wbinfo.1* +%{_mandir}/man1/dbwrap_*.1* %{_mandir}/man8/vfs_*.8* %{_mandir}/man8/idmap_*.8* -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 3f8ea16 docs: Fix bug 9809 -- missing entry in specfile from 07d6347 Fix bug in old create temp SMB request. Only use VFS functions. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 3f8ea16a7be1ac6ba3fe9bf8a3f722f2d3fc6469 Author: Volker Lendecke v...@samba.org Date: Fri Apr 19 16:17:13 2013 +0200 docs: Fix bug 9809 -- missing entry in specfile Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Karolin Seeger ksee...@samba.org Autobuild-User(master): Karolin Seeger ksee...@samba.org Autobuild-Date(master): Mon Apr 22 11:35:52 CEST 2013 on sn-devel-104 (cherry picked from commit 5512a43a93833d3d6f1721d69c894db0e2c77ef8) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Apr 22 13:39:14 CEST 2013 on sn-devel-104 --- Summary of changes: packaging/RHEL/samba.spec.tmpl |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/packaging/RHEL/samba.spec.tmpl b/packaging/RHEL/samba.spec.tmpl index 8439256..7df7cb5 100644 --- a/packaging/RHEL/samba.spec.tmpl +++ b/packaging/RHEL/samba.spec.tmpl @@ -370,6 +370,7 @@ fi %{_mandir}/man8/winbindd.8* %{_mandir}/man1/ntlm_auth.1* %{_mandir}/man1/wbinfo.1* +%{_mandir}/man1/dbwrap_*.1* %{_mandir}/man8/vfs_*.8* %{_mandir}/man8/idmap_*.8* -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 19242b2 docs-xml: document dbwrap_tool exists via 26515c5 s3:utils/dbwrap_tool add exists operation from 5512a43 docs: Fix bug 9809 -- missing entry in specfile http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 19242b2916b55d2f1d97855e038395d5c87ca421 Author: Christian Ambach a...@samba.org Date: Mon Apr 22 13:56:24 2013 +0200 docs-xml: document dbwrap_tool exists Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Mon Apr 22 18:43:42 CEST 2013 on sn-devel-104 commit 26515c5d473c12f638e7405a5df3b1e24cd82ec8 Author: Christian Ambach a...@samba.org Date: Mon Apr 22 13:51:52 2013 +0200 s3:utils/dbwrap_tool add exists operation Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Volker Lendecke v...@samba.org --- Summary of changes: docs-xml/manpages/dbwrap_tool.1.xml |7 ++ source3/utils/dbwrap_tool.c | 38 +++--- 2 files changed, 41 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/dbwrap_tool.1.xml b/docs-xml/manpages/dbwrap_tool.1.xml index 59ef968..e2b2cee 100644 --- a/docs-xml/manpages/dbwrap_tool.1.xml +++ b/docs-xml/manpages/dbwrap_tool.1.xml @@ -49,6 +49,7 @@ listitemparafetch: fetch a record/para/listitem listitemparastore: create or modify a record/para/listitem listitemparadelete: remove a record/para/listitem + listitemparaexists: test for existance of a record/para/listitem listitemparaerase: remove all records/para/listitem listitemparalistkeys: list all available records/para/listitem listitemparalistwatchers: list processes, which are waiting for changes in a record/para/listitem @@ -101,6 +102,12 @@ /cmdsynopsis /refsect2 refsect2 + titleexists/title + cmdsynopsis + commanddbwrap_tool/command lt;databasegt; exists lt;keygt; + /cmdsynopsis + /refsect2 + refsect2 titleerase/title cmdsynopsis commanddbwrap_tool/command lt;databasegt; erase /cmdsynopsis diff --git a/source3/utils/dbwrap_tool.c b/source3/utils/dbwrap_tool.c index aab5773..79b40d2 100644 --- a/source3/utils/dbwrap_tool.c +++ b/source3/utils/dbwrap_tool.c @@ -30,7 +30,7 @@ #include util_tdb.h enum dbwrap_op { OP_FETCH, OP_STORE, OP_DELETE, OP_ERASE, OP_LISTKEYS, -OP_LISTWATCHERS }; +OP_LISTWATCHERS, OP_EXISTS }; enum dbwrap_type { TYPE_INT32, TYPE_UINT32, TYPE_STRING, TYPE_HEX, TYPE_NONE }; @@ -263,6 +263,24 @@ static int dbwrap_tool_delete(struct db_context *db, return 0; } +static int dbwrap_tool_exists(struct db_context *db, + const char *keyname, + const char *data) +{ + bool result; + + result = dbwrap_exists(db, string_term_tdb_data(keyname)); + + if (result) { + d_fprintf(stdout, Key %s exists\n, keyname); + } else { + d_fprintf(stdout, Key %s does not exist\n, keyname); + } + + return (result)?0:1; +} + + static int delete_fn(struct db_record *rec, void *priv) { dbwrap_record_delete(rec); @@ -373,6 +391,7 @@ struct dbwrap_op_dispatch_table dispatch_table[] = { { OP_ERASE, TYPE_INT32, dbwrap_tool_erase }, { OP_LISTKEYS, TYPE_INT32, dbwrap_tool_listkeys }, { OP_LISTWATCHERS, TYPE_NONE, dbwrap_tool_listwatchers }, + { OP_EXISTS, TYPE_STRING, dbwrap_tool_exists }, { 0, 0, NULL }, }; @@ -437,8 +456,8 @@ int main(int argc, const char **argv) d_fprintf(stderr, USAGE: %s [options] database op [key [type [value]]]\n -ops: fetch, store, delete, erase, listkeys, - listwatchers\n +ops: fetch, store, delete, exists, + erase, listkeys, listwatchers\n types: int32, uint32, string, hex\n, argv[0]); goto done; @@ -496,10 +515,20 @@ int main(int argc, const char **argv) } op = OP_LISTWATCHERS; keytype = none; + } else if (strcmp(opname, exists) == 0) { + if (extra_argc != 3) { + d_fprintf(stderr, ERROR: operation 'exists' does + not allow type nor value argument\n); +