Re: [Samba] Authenticating IMAP using kerberos
Found the problem. When creating the SPN you shouldn't put @YOUR_REALM_NAME.TLD in the principal name (also shouldn't be there for the export). The wiki should probably be updated to reflect this. Cheers, Justin. Sent: Tuesday, 4 June 2013 5:42 PM Hi, I'm trying to get an IMAP server to authenticate using Kerberos rather than storing and sending passwords all over the place. I've tried to do this following the instructions for setting up Apache SSO (https://wiki.samba.org/index.php/Samba4/beyond#Apache_Single_Sign- On) but am unable to export the keytab. Searching through the list it looks like a few others have experienced the same problem but I don't see any solutions. The error I get when exporting is as follows. ERROR(runtime): uncaught exception - Key table entry not found File /usr/local/samba/lib/python2.7/site- packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site- packages/samba/netcmd/domain.py, line 103, in run net.export_keytab(keytab=keytab, principal=principal) I've checked to see that the spn has been created and is associated with the user and it is. Any ideas on what could be causing this? Also, wouldn't it be a better idea to add the spn to the machine account rather than create a user account? How could this be done? Is there a way to create machine accounts from the command line rather than through AD Users and Computers on a Windows box? Cheers, Justin. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] bug in samba-tool w.r.t. (sub)domains
On 06/04/2013 11:33 PM, Andrew Bartlett wrote: On Tue, 2013-06-04 at 12:20 +0200, NOC wrote: Hi all I'm trying to import our bind dns data for our domain into samba4 using sambatool. Unfortunately, our domain has lots of (unnecessary) subdomains, but that's hard to revert after a long time. So I will have to parse the bind data and do a zonecreate for each subdomain that comes out of bind. I can deal with this, but it's cumbersome :-( The bug I'm talking about is this, when I was trying to add a subdomain, I found that samba4 retains a trailing . (dot), the root of the fqdn tree, which is usually omitted. To make this even weirder, I can add foo.bar.com and foo.bar.com. and both will be listed as pszZoneName when asking samba-tool for dns zonelist localhost. This is treated by samba as a different subdomain, so when I add x.foo.bar.com and I later query the address for x in subdomain foo.bar.com., I get an exception. (Which is also ugly, I'd rather get a nice error message and proper exit code). I think this just got fixed in master, and might be on the way to the next 4.0.x. Can you re-test GIT master so we know if we need to look into this more? I'll see what I can do. I noticed something else, which may be confusing or even wrong... I can add both an A record and a CNAME for the same Name, I'm not sure if this is wrong in the DNS sense, but it seems confusing to me. When I query for ALL types, both are printed. dig also shows both records when requesting ANY, but the host command can't resolve the name with both A and CNAME records. It can resolve a name with just an A record. This may not be a good test, because host appears to have trouble resolving any CNAME. Cheers Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Symbolic links do NOT work if the source file is present BOTH on client server !!!
Dear all I struggle with a very annoying bug ! The problem is very simple to reproduce (NO Windows stuff needed, ONLY Linux !): 1. Samba 3.5.6 running on a Debian 6 (Squeeze) Server with following configuration: /etc/samba/smb.conf: security = user guest account = nobody map to guest = bad user null passwords = yes case sensitive = yes [myshare] path = /raid/samba/share guest ok = yes read only = no /etc/fstab: /dev/md0 /raid ext4 auto,acl 0 1 2. Debian 6 Client mounts the Samba myshare with: cc@Client:/# mount.cifs //Server/share/ /mnt/testshare/ -o rw,guest,uid=cc,gid=cc 3. Create a symbolic link onto the share, from a file (example /tmp/tt) everything works fine: cc@Client:/# ln -s /tmp/tt /mnt/testshare/ttlink cc@Client:/# cat /mnt/testshare/ttlink I am on Client ! 4. Now, if you create a file with the SAME name /tmp/tt on the Server: cc@Server:/# echo ' I am on Server !' /tmp/tt 5. Then, you will lose the access to your link, from the Client side !! cc@Client:/# cat /mnt/testshare/ttlink cat: /mnt/testshare/ttlink: Permission denied 6. It's enough to remove (or only rename) the /tmp/tt file from the Server and the link will work again perfect: cc@Server:/# rm /tmp/tt cc@Client:/# cat /mnt/testshare/ttlink I am on Client ! Please, please help with a solution, or take it in your bug list with very high priority, because if it cannot be fixed by parameters, then it's a very serious bug ! Thanks in advance CC -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] domain not available
Hi list Im using samba 3.5.6 with openldap in a debian squeeze using a domain, and now Im with a problem inside the LAN using roaming profiles, only I can't join in the domain. Appears domain not available message. My smb.conf [profiles] comment = Users profiles path = /var/lib/samba/profiles browseable = no writable = yes read only = no create mask = 0700 directory mask = 0700 csc policy = disable force user = %U map system = no map hidden = no map archive = no map readonly = no ea support = yes store dos attributes = yes And log error is: [2013/06/05 12:13:27.683220, 1, pid=4095, effective(0, 0), real(0, 0)] [2013/06/05 12:13:27.683266, 2, pid=4095, effective(0, 0), real(0, 0)] getpeername failed. Error was Transport endpoint is not connected pid[4095] Error writing 4 bytes to client 0.0.0.0. -1. (Connection reset by peer) Where can be the problem? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] domain not available
More info doing netstat: tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN 5831/smbd but nmbd daemon not appear. log says: [2013/06/05 13:07:14, 2] nmbd/nmbd_become_lmb.c:538(become_local_master_browser) become_local_master_browser: Starting to become a master browser for workgroup MYDOMAIN on subnet 10.0.0.2 [2013/06/05 13:07:22, 0] nmbd/nmbd_become_lmb.c:397(become_local_master_stage2) * Samba name server MYDOMAIN-PDC is now a local master browser for workgroup MYDOMAIN on subnet 10.0.0.2 * [2013/06/05 13:07:22, 2] nmbd/nmbd_browsesync.c:108(announce_local_master_browser_to_domain_master_browser) announce_local_master_browser_to_domain_master_browser: We are both a domain and a local master browser for workgroup MYDOMAIN. Do not announce to ourselves. [2013/06/05 13:07:22, 2] nmbd/nmbd_browsesync.c:152(sync_with_dmb) sync_with_dmb: Initiating sync with domain master browser MYDOMAIN-PDC20 at IP 10.0.0.2 for workgroup MYDOMAIN but not appears listening nmbd. Is normal? Thanks El 05/06/13 12:15, deconya escribió: Hi list Im using samba 3.5.6 with openldap in a debian squeeze using a domain, and now Im with a problem inside the LAN using roaming profiles, only I can't join in the domain. Appears domain not available message. My smb.conf [profiles] comment = Users profiles path = /var/lib/samba/profiles browseable = no writable = yes read only = no create mask = 0700 directory mask = 0700 csc policy = disable force user = %U map system = no map hidden = no map archive = no map readonly = no ea support = yes store dos attributes = yes And log error is: [2013/06/05 12:13:27.683220, 1, pid=4095, effective(0, 0), real(0, 0)] [2013/06/05 12:13:27.683266, 2, pid=4095, effective(0, 0), real(0, 0)] getpeername failed. Error was Transport endpoint is not connected pid[4095] Error writing 4 bytes to client 0.0.0.0. -1. (Connection reset by peer) Where can be the problem? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] domain not available
Hi in log.smbd appears the error [2013/06/05 13:13:43.397318, 2, pid=5831, effective(0, 0), real(0, 0)] getpeername failed. Error was Transport endpoint is not connected [2013/06/05 13:13:43.397427, 2, pid=5831, effective(0, 0), real(0, 0)] getpeername failed. Error was Transport endpoint is not connected [2013/06/05 13:13:43.399714, 2, pid=5992, effective(0, 0), real(0, 0)] getpeername() failed - Transport endpoint is not connected [2013/06/05 13:14:27.190705, 2, pid=6004, effective(0, 0), real(0, 0)] getpeername() failed - Transport endpoint is not connected I don't know where can be the problem. Any idea? Thanks El 05/06/13 13:12, deconya escribió: More info doing netstat: tcp0 0 0.0.0.0:139 0.0.0.0:* LISTEN 5831/smbd but nmbd daemon not appear. log says: [2013/06/05 13:07:14, 2] nmbd/nmbd_become_lmb.c:538(become_local_master_browser) become_local_master_browser: Starting to become a master browser for workgroup MYDOMAIN on subnet 10.0.0.2 [2013/06/05 13:07:22, 0] nmbd/nmbd_become_lmb.c:397(become_local_master_stage2) * Samba name server MYDOMAIN-PDC is now a local master browser for workgroup MYDOMAIN on subnet 10.0.0.2 * [2013/06/05 13:07:22, 2] nmbd/nmbd_browsesync.c:108(announce_local_master_browser_to_domain_master_browser) announce_local_master_browser_to_domain_master_browser: We are both a domain and a local master browser for workgroup MYDOMAIN. Do not announce to ourselves. [2013/06/05 13:07:22, 2] nmbd/nmbd_browsesync.c:152(sync_with_dmb) sync_with_dmb: Initiating sync with domain master browser MYDOMAIN-PDC20 at IP 10.0.0.2 for workgroup MYDOMAIN but not appears listening nmbd. Is normal? Thanks El 05/06/13 12:15, deconya escribió: Hi list Im using samba 3.5.6 with openldap in a debian squeeze using a domain, and now Im with a problem inside the LAN using roaming profiles, only I can't join in the domain. Appears domain not available message. My smb.conf [profiles] comment = Users profiles path = /var/lib/samba/profiles browseable = no writable = yes read only = no create mask = 0700 directory mask = 0700 csc policy = disable force user = %U map system = no map hidden = no map archive = no map readonly = no ea support = yes store dos attributes = yes And log error is: [2013/06/05 12:13:27.683220, 1, pid=4095, effective(0, 0), real(0, 0)] [2013/06/05 12:13:27.683266, 2, pid=4095, effective(0, 0), real(0, 0)] getpeername failed. Error was Transport endpoint is not connected pid[4095] Error writing 4 bytes to client 0.0.0.0. -1. (Connection reset by peer) Where can be the problem? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Security = ADS and uidnumbers
Hi JAB I've tried this every whichway, including making ranges not overlap. It looks to me to depend on this line: idmap config BECAUSE : range = 1000-8000 If I add it, wbinfo SID-ToUID option for jingram gives a UID of 2338, but no getent passwd entry. If I remove it, getent passwd jingram gives a uidnumber in the idmap config * : range =... range. I can't replicate the state of affairs I had in the first email where one user had the correct uidnumber - no users have the correct number now. Does it make any difference that the BECAUSE domain trusts another domain? I've tried it on samba4 as well now. what goes on? Does anyone have this setup working? If anyone could send me a complete smb.conf that works for them, I could start narrowing down where the problem is here. cheers Jim On 4 June 2013 13:57, Jonathan Buzzard jonat...@buzzard.me.uk wrote: On Tue, 2013-06-04 at 13:20 +0100, Jim Potter wrote: [SNIP] idmap config * : base_rid = 0 idmap config * : backend = tdb idmap config * : range = 1000 - 6 # idmap config BECAUSE : default = yes # idmap config BECAUSE : backend = ad # idmap config BECAUSE : schema_mode = rfc2307 # idmap config BECAUSE : range= 1000-8000 # idmap config BECAUSE : cache time = 1800 ### idmap alloc config:range = 5000- Two backends with overlapping ranges, won't work. The ranges *must* be orthogonal. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Security = ADS and uidnumbers
Hi, I gave up on winbind, it is just too complicated and most, if not all, of the webpages I found via google are incomplete or just down right wrong. Why not try sssd, it just works, all you need to do is add uidNumbers to your users, set up sssd and away you go, have a look here: http://linuxcostablanca.blogspot.co.uk/2013/04/sssd-in-samba-40.html On 5 June 2013 13:15, Jim Potter jimpot...@orange.net wrote: Hi JAB I've tried this every whichway, including making ranges not overlap. It looks to me to depend on this line: idmap config BECAUSE : range = 1000-8000 If I add it, wbinfo SID-ToUID option for jingram gives a UID of 2338, but no getent passwd entry. If I remove it, getent passwd jingram gives a uidnumber in the idmap config * : range =... range. I can't replicate the state of affairs I had in the first email where one user had the correct uidnumber - no users have the correct number now. Does it make any difference that the BECAUSE domain trusts another domain? I've tried it on samba4 as well now. what goes on? Does anyone have this setup working? If anyone could send me a complete smb.conf that works for them, I could start narrowing down where the problem is here. cheers Jim On 4 June 2013 13:57, Jonathan Buzzard jonat...@buzzard.me.uk wrote: On Tue, 2013-06-04 at 13:20 +0100, Jim Potter wrote: [SNIP] idmap config * : base_rid = 0 idmap config * : backend = tdb idmap config * : range = 1000 - 6 # idmap config BECAUSE : default = yes # idmap config BECAUSE : backend = ad # idmap config BECAUSE : schema_mode = rfc2307 # idmap config BECAUSE : range= 1000-8000 # idmap config BECAUSE : cache time = 1800 ### idmap alloc config:range = 5000- Two backends with overlapping ranges, won't work. The ranges *must* be orthogonal. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Security = ADS and uidnumbers
Why not use the rid backend for your idmap. That is what I use for my member servers and my accounts have identical ids across machines. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Security = ADS and uidnumbers
Yes, he could do that, providing his users never go anywhere near any files or directories stored on a samba4 server, if they do, they will suddenly find that have a different id on the server, I have been there and it is just a mess, it took me a bit to realise why users did not own the files they had just created on a cifs mount. Go with sssd, it is a lot less bother. On 5 June 2013 14:18, Franz Strebel franz.stre...@gmail.com wrote: Why not use the rid backend for your idmap. That is what I use for my member servers and my accounts have identical ids across machines. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cross Compiling Samba 4.0.6 for ARM increases size of binaries
On Fri, 2013-05-31 at 11:05 -0700, pranav desai wrote: Hi, I have cross-compiled just the basic samba 4.0.6 using bitbake recipe for ARM, which succeeded. However the resulting binaries are large in size. I used the exact same configuration options in both the cases. There is at least a 10 fold increase in the smbd compared to native x86. --- Native x86 -rwxr-xr-x 1 pranavd users 92979 May 31 10:57 /usr/sbin/smbd -rwxr-xr-x 1 pranavd users 351196 May 31 10:57 /usr/sbin/nmbd --- Cross Compiled -rwxr-xr-x 2 pranavd users 9624696 May 30 18:11 /work/armv7a-vfp-neon-oe-linux-gnueabi/samba-4.0.6-r8/packages-split/samba/usr/sbin/smbd -rwxr-xr-x 2 pranavd users 6020020 May 30 18:11 /work/armv7a-vfp-neon-oe-linux-gnueabi/samba-4.0.6-r8/packages-split/samba/usr/sbin/nmbd Can someone please suggest me how to reduce the size of the binaries? I have included the configuration options used. The reason is that your native build uses our waf build, but the cross-compile uses our autoconf build, which statically links all the required code into each binary. Sadly there is still a little work to be done to finish cross-compile support in our waf build - it mostly needs an interested developer to take on injecting the remote python version and flags into the system, rather than these from inside the python that is running the build. Other than that, the build system was built to do this, but it just hasn't been finished, and most cross-compile recipes remain for autoconf, because that is what all the hand-tuning was done for. Note that the autoconf build is fully supported for Samba 4.0, but won't be included in Samba 4.1. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Security = ADS and uidnumbers
On Wed, 2013-06-05 at 13:30 +0100, Rowland Penny wrote: Hi, I gave up on winbind, it is just too complicated and most, if not all, of the webpages I found via google are incomplete or just down right wrong. It's actually dead simple, and these days the manual page is actually accurate. Really if you cannot get it working you cannot read. Now assuming that the BECAUSE domain actually has the uidNumber field populated a working configuration would be (this was taken from a working configuration and modified to change the domain). # deal with NSS and the whole UID/SID id mapping stuff idmap config * : backend = tdb idmap config * : range = 200 - 299 idmap config BECAUSE : backend = ad idmap config BECAUSE : schema_mode = rfc2307 idmap config BECAUSE : readonly = yes idmap config BECAUSE : range = 500 - 199 idmap cache time = 604800 idmap negative cache time = 20 winbind cache time = 600 winbind nss info = rfc2307 winbind expand groups = 2 winbind nested groups = yes winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind refresh tickets = yes winbind offline logon = false Noting of cause that you must have a valid join to the domain, that winbind is running, that nscd is *NOT* running and you have an appropriate /etc/nsswitch.conf You might also have badly messed up tdb files from previous experiments. I would recommend nuking them from orbit and starting afresh. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Automated winbind domain join with kickstart
Hello Folks, Would anyone know if it is possible to automate the joining of a Linux machine to a Samba 4 domain using Kickstart? It seems that it is not ready yet: https://fedoraproject.org/wiki/Features/AnacondaRealmIntegration We want to automate the installation of Linux winbind clients. Anyone have a working solution? Thank You! -- Luc Lalonde, analyste - Département de génie informatique: École polytechnique de Montréal (514) 340-4711 x5049 luc.lalo...@polymtl.ca - If you are not paying for it, you're not the customer; you're the product being sold. (Andrew Lewis) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Security = ADS and uidnumbers
I never said that I couldn't get it to work, I just said that it is just too complicated. Yes I can read and there was no need to get personal You can have an smb.conf like this: [global] workgroup = DOMAIN security = ADS realm = DOMAIN.LAN encrypt passwords = yes client signing = yes client use spnego = yes kerberos method = secrets and keytab The main part of sssd.conf: [domain/domain.lan] description = AD domain with Samba 4 server cache_credentials = true id_provider = ldap auth_provider = krb5 chpass_provider = krb5 access_provider = ldap # Where is the AD server etc? krb5_server = domainserver.domain.lan krb5_kpasswd = domainserver.domain.lan krb5_realm = DOMAIN.LAN ldap_referrals = false ldap_sasl_mech = GSSAPI ldap_schema = rfc2307bis ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true # Change a few default settings ldap_user_object_class = user ldap_user_name = sAMAccountName ldap_user_home_directory = unixdomainDirectory ldap_user_principal = userPrincipalName ldap_group_object_class = group ldap_group_name = sAMAccountName There is no messing with ranges, making sure that they do not overlap etc. I know what I think is easier, and it isn't winbind On 5 June 2013 14:23, Jonathan Buzzard jonat...@buzzard.me.uk wrote: On Wed, 2013-06-05 at 13:30 +0100, Rowland Penny wrote: Hi, I gave up on winbind, it is just too complicated and most, if not all, of the webpages I found via google are incomplete or just down right wrong. It's actually dead simple, and these days the manual page is actually accurate. Really if you cannot get it working you cannot read. Now assuming that the BECAUSE domain actually has the uidNumber field populated a working configuration would be (this was taken from a working configuration and modified to change the domain). # deal with NSS and the whole UID/SID id mapping stuff idmap config * : backend = tdb idmap config * : range = 200 - 299 idmap config BECAUSE : backend = ad idmap config BECAUSE : schema_mode = rfc2307 idmap config BECAUSE : readonly = yes idmap config BECAUSE : range = 500 - 199 idmap cache time = 604800 idmap negative cache time = 20 winbind cache time = 600 winbind nss info = rfc2307 winbind expand groups = 2 winbind nested groups = yes winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind refresh tickets = yes winbind offline logon = false Noting of cause that you must have a valid join to the domain, that winbind is running, that nscd is *NOT* running and you have an appropriate /etc/nsswitch.conf You might also have badly messed up tdb files from previous experiments. I would recommend nuking them from orbit and starting afresh. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Security = ADS and uidnumbers
On Wed, 2013-06-05 at 15:42 +0100, Rowland Penny wrote: I never said that I couldn't get it to work, I just said that it is just too complicated. Yes I can read and there was no need to get personal You said you gave up because it was too complicated. Also if you are setting up a Samba file server and need UID/GID to SID mappings the only supported option is Winbind if sssd works at all. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Security = ADS and uidnumbers
Oh yes it works ok on the samba4 server, using winbind getent passwd user DOMAIN\user:*:3001106:20513::/home/DOMAIN/user:/bin/bash uid=3001106(DOMAIN\user) gid=20513(DOMAIN\Domain Users) groups=20513(DOMAIN\Domain Users),21110(DOMAIN\linuxusers) change to sssd getent passwd user user:*:3001106:20513:user:/home/DOMAIN/user:/bin/bash id user uid=3001106(user) gid=20513(Domain Users) groups=20513(Domain Users),21110(linuxusers) on the client, using sssd user:*:3001106:20513:user:/home/DOMAIN/user:/bin/bash id user uid=3001106(user) gid=20513(Domain Users) groups=20513(Domain Users),21110(linuxusers) As far as I can see, the only difference when you use winbind on the server is you cannot turn of the displaying the domain name otherwise the outputs are identical. On 5 June 2013 16:22, Jonathan Buzzard jonat...@buzzard.me.uk wrote: On Wed, 2013-06-05 at 15:42 +0100, Rowland Penny wrote: I never said that I couldn't get it to work, I just said that it is just too complicated. Yes I can read and there was no need to get personal You said you gave up because it was too complicated. Also if you are setting up a Samba file server and need UID/GID to SID mappings the only supported option is Winbind if sssd works at all. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] NT_STATUS_BAD_NETWORK_NAME for Windows Server 2008
Hi, Our smbclient calls have started failing on connections to Windows 2008 AD servers. (Previously there were only Windows 2003 Servers, so we had no issues.) Domain=[INTRANET] OS=[Windows Server 2008 R2 Enterprise 7601 Service Pack 1] Server=[Windows Server 2008 R2 Enterprise 6.1] tree connect failed: NT_STATUS_BAD_NETWORK_NAME Is this post [ http://serverfault.com/a/303483 ] correct when it says that Samba cannot connect to Win2k8? (We have issues with smbclient versions 3.0 - 3.6.) Thanks, Sam ___ This message is for information purposes only, it is not a recommendation, advice, offer or solicitation to buy or sell a product or service nor an official confirmation of any transaction. It is directed at persons who are professionals and is not intended for retail customer use. Intended for recipient only. This message is subject to the terms at: www.barclays.com/emaildisclaimer. For important disclosures, please see: www.barclays.com/salesandtradingdisclaimer regarding market commentary from Barclays Sales and/or Trading, who are active market participants; and in respect of Barclays Research, including disclosures relating to specific issuers, please see http://publicresearch.barclays.com. ___ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Security = ADS and uidnumbers
On Wed, 2013-06-05 at 16:22 +0100, Jonathan Buzzard wrote: On Wed, 2013-06-05 at 15:42 +0100, Rowland Penny wrote: I never said that I couldn't get it to work, I just said that it is just too complicated. Yes I can read and there was no need to get personal You said you gave up because it was too complicated. Also if you are setting up a Samba file server and need UID/GID to SID mappings the only supported option is Winbind if sssd works at all. Hi Why don't we simply store the uid in the directory along with everything else concerming the user? Why store that information somewhere else? All the OP wants is consistent uidNumbers. The only way I know how to do that is to store the uidNumber in the DN of the object. All DC's pull the same attribute at all times. Forget idmap ranges. You can use winbind to do that and prolly pull stuff from AD too. However, those of us who have tried alternatives for pulling rfc2307 from AD find the alternatives easier to install and configure. Anyone who has tried sssd is unlikely to return to winbind. It also has the advantage that it works fully on a S4 DC, not just for uid and gid but for the whole of rfc2307. For good measure, it throws in dynamic dns updates for fwd and reverse zones. For free. sssd does what it says on the tin. With winbind, there are too many different tins;) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA4 vs Windows 2008 AD
2013-06-05 09:29 keltezéssel, Mario Almeida írta: Thanks Geza, We only need for centralist authentication and for deploying group policies. Using windows XP I create group policy and keep in sysvol folder and sync the sysvol folder on BDC (samba) everything should work fine? Regards, Remy Basically yes, but please test your setup before deployment (preferably on a separate lan) Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] reverse zone dns updates
Version 4.1.0pre1-GIT-1a6eac2 Hi I added a reverse zone to my internal dns. It won't update the reverse zone. With bind, it does. Before I go any further, is it possible that the internal dns server update the reverse zone from a nsupdate request? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Security = ADS and uidnumbers
Well said Steve From what I have read on the two samba mailing lists, Samba 4 is supposed to be a clone of windows AD, well windows AD does not have winbind, so I suppose this begs the question, why when running as a DC controller does Samba4? On 5 June 2013 17:56, steve st...@steve-ss.com wrote: On Wed, 2013-06-05 at 16:22 +0100, Jonathan Buzzard wrote: On Wed, 2013-06-05 at 15:42 +0100, Rowland Penny wrote: I never said that I couldn't get it to work, I just said that it is just too complicated. Yes I can read and there was no need to get personal You said you gave up because it was too complicated. Also if you are setting up a Samba file server and need UID/GID to SID mappings the only supported option is Winbind if sssd works at all. Hi Why don't we simply store the uid in the directory along with everything else concerming the user? Why store that information somewhere else? All the OP wants is consistent uidNumbers. The only way I know how to do that is to store the uidNumber in the DN of the object. All DC's pull the same attribute at all times. Forget idmap ranges. You can use winbind to do that and prolly pull stuff from AD too. However, those of us who have tried alternatives for pulling rfc2307 from AD find the alternatives easier to install and configure. Anyone who has tried sssd is unlikely to return to winbind. It also has the advantage that it works fully on a S4 DC, not just for uid and gid but for the whole of rfc2307. For good measure, it throws in dynamic dns updates for fwd and reverse zones. For free. sssd does what it says on the tin. With winbind, there are too many different tins;) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Security = ADS and uidnumbers
On Wed, 2013-06-05 at 18:32 +0100, Rowland Penny wrote: Well said Steve From what I have read on the two samba mailing lists, Samba 4 is supposed to be a clone of windows AD, well windows AD does not have winbind, so I suppose this begs the question, why when running as a DC controller does Samba4? I think it's still needed because not everything is stored in the directory. sids are stored alongside (what become) their uid or gid in the idmap database, rather than AD. As end users, we can choose to work only with AD, however, every object we add also ends up in idmap too. I can see one of the reasons is so that a unique sid to uid can be guaranteed. There's a counter object in idmap which gets incremented each time we add something ourselves. However, once the xid from idmap has been transferred to AD, or we've allocated our own, we can then delete the idmap entry. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade Samba 3.5.6 to 3.6.6
Hi, After ugrade samba (3.5.6) to 3.6.6 (debian wheezy), the command smbclient -L 127.0.0.1 -U user show a message error : session setup failed: NT_STATUS_UNSUCCESSFUL Thanks, Marcos. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 and NVSv4
Short story: cannot get Kerberized NFSv4 to work. I've googled a great deal and cannot find where I have goofed (and there sure is a lot of misleading and just plain incorrect information out there), so would appreciate another pair of eyes. NFSv4 without Kerberos does work fine, as does ID mapping. We're using NFSv4 in production with sec=sys, but I'm not happy with that. My kerberized NFSv4 attempts are on a separate test cluster. Longer story (sorry for the length): All servers and clients are CentOS 6.4 with kernel 2.6.32-358.6.2.el6 and nfs-utils 1.2.3-36.el6; patches are up to date. NFSv4 servers are x86_64, clients are both x86_64 and i686. Two DC's are both i686, running Samba 4.0.5 with bind 9.91 + bind_dlz. Replication is good. All CentOS systems use sssd only and no winbind; this is also working (kinit, sudo, ssh, etc all good). Samba is at 3.6.9 on all systems except for the DC's. Samba4 works; DNS works; Kerberos works; NFSv4 works with sec=sys. I joined the clients to the domain (TITAN.TEST.CORNELL.EDU) with: # net ads join -U Administrator ... # net ads testjoin and created the nfs service principals (on the client and NFSv4 server) with: # net ads keytab add nfs -U Administrator This all works. I can see that the nfs service principals have been added; on the client abbott.test.cornell.edu, for example: # net ads keytab list | grep -i nfs 2 DES cbc mode with CRC-32 nfs/abbott.test.cornell@titan.test.cornell.edu 2 DES cbc mode with RSA-MD5 nfs/abbott.test.cornell@titan.test.cornell.edu 2 ArcFour with HMAC/md5 nfs/abbott.test.cornell@titan.test.cornell.edu 2 AES-128 CTS mode with 96-bit SHA-1 HMAC nfs/abbott.test.cornell@titan.test.cornell.edu 2 AES-256 CTS mode with 96-bit SHA-1 HMAC nfs/abbott.test.cornell@titan.test.cornell.edu 2 DES cbc mode with CRC-32 nfs/abb...@titan.test.cornell.edu 2 DES cbc mode with RSA-MD5 nfs/abb...@titan.test.cornell.edu 2 ArcFour with HMAC/md5 nfs/abb...@titan.test.cornell.edu 2 AES-128 CTS mode with 96-bit SHA-1 HMAC nfs/abb...@titan.test.cornell.edu 2 AES-256 CTS mode with 96-bit SHA-1 HMAC nfs/abb...@titan.test.cornell.edu and on one of the DC's: # ldbsearch cn=abbott | grep -i nfs servicePrincipalName: NFS/abbott servicePrincipalName: NFS/abbott.test.cornell.edu and on the client net ads search '(sAMAccountName=abbott$)' also works, as does klist: # klist -ke | grep -i nfs 2 nfs/abbott.test.cornell@titan.test.cornell.edu (des-cbc-crc) 2 nfs/abbott.test.cornell@titan.test.cornell.edu (des-cbc-md5) 2 nfs/abbott.test.cornell@titan.test.cornell.edu (arcfour-hmac) 2 nfs/abbott.test.cornell@titan.test.cornell.edu (aes128-cts-hmac-sha1-96) 2 nfs/abbott.test.cornell@titan.test.cornell.edu (aes256-cts-hmac-sha1-96) 2 nfs/abb...@titan.test.cornell.edu (des-cbc-crc) 2 nfs/abb...@titan.test.cornell.edu (des-cbc-md5) 2 nfs/abb...@titan.test.cornell.edu (arcfour-hmac) 2 nfs/abb...@titan.test.cornell.edu (aes128-cts-hmac-sha1-96) 2 nfs/abb...@titan.test.cornell.edu (aes256-cts-hmac-sha1-96) In /etc/sysconfig/nfs, SECURE_NFS=yes on all clients and servers, and rpc.gssd and rpc.svcgssd are running (although no need for the latter on the clients). The NFSv4 server exports with sec=sys:krb5 (and as I said, NFSv4 works fine without krb5, so I believe the exports file to be correct). But when I try to mount, I get the catch-all error: # mount -t nfs4 -o sec=krb5 costello.test.cornell.edu:/data /mnt/tmp mount.nfs4: access denied by server while mounting costello.test.cornell.edu:/data and in /var/log/messages on the same client: Jun 5 17:11:13 abbott rpc.gssd[1439]: Success getting keytab entry for 'nfs/abbott.test.cornell@titan.test.cornell.edu' Jun 5 17:11:13 abbott rpc.gssd[1439]: WARNING: Client 'nfs/abbott.test.cornell@titan.test.cornell.edu' not found in Kerberos database while getting initial ticket for principal 'nfs/abbott.test.cornell@titan.test.cornell.edu' using keytab 'FILE:/etc/krb5.keytab' Jun 5 17:11:13 abbott rpc.gssd[1439]: ERROR: No credentials found for connection to server costello.test.cornell.edu With tcpdump I can see that the DC is contacted during the mount, but the NFSv4 server is not. The log files on the NFSv4 server are silent. I have tried (everything was restarted between tests); no change means that it still does not work and gives the same exact errors: - verified that /etc/idmapd.conf on all systems has the same domains and realms. This works anyway with sec=sys. - reduced the keytab to the DES enctypes for nfs/... on all systems; no change. - used allow_weak_crypto=true in /etc/krb5.conf; no change. - set default_tgs_enctypes and default_tkt_enctypes to des-cbc-md5 des-cbc-md4 des-cbc-crc in /etc/krb5.conf; no change. - tried adding the service principals on the DC with
Re: [Samba] Security = ADS and uidnumbers
On 05/06/13 17:56, steve wrote: On Wed, 2013-06-05 at 16:22 +0100, Jonathan Buzzard wrote: On Wed, 2013-06-05 at 15:42 +0100, Rowland Penny wrote: I never said that I couldn't get it to work, I just said that it is just too complicated. Yes I can read and there was no need to get personal You said you gave up because it was too complicated. Also if you are setting up a Samba file server and need UID/GID to SID mappings the only supported option is Winbind if sssd works at all. Hi Why don't we simply store the uid in the directory along with everything else concerming the user? Why store that information somewhere else? You do store the UID in the directory along with everything else. You just need some way of looking it up. All the OP wants is consistent uidNumbers. Actually that is not clear. They want consistent UID's on a machine that is running Samba which complicates things because it might mean they want consistent and secure SID to UID mapping as well as consistent UID's. The only way I know how to do that is to store the uidNumber in the DN of the object. All DC's pull the same attribute at all times. Forget idmap ranges. You can use winbind to do that and prolly pull stuff from AD too. However, those of us who have tried alternatives for pulling rfc2307 from AD find the alternatives easier to install and configure. Anyone who has tried sssd is unlikely to return to winbind. Really, don't think so. It also has the advantage that it works fully on a S4 DC, not just for uid and gid but for the whole of rfc2307. For good measure, it throws in dynamic dns updates for fwd and reverse zones. For free. Your file servers have dynamic DNS!!! sssd does what it says on the tin. With winbind, there are too many different tins;) As far as I can tell sssd does not provide a mechanism for the smbd on at least 3.5 (the 4.x series might be different but the OP is running 3.6) to see an incoming SID and work out the UID. Why would it, a SID is an entirely Windows concept and sssd is a Linux/Unix thing. Samba 3.x requires as far as I have been able to tell a running winbind or bad things happen. The reason for the ranges, which is why winbind is better than sssd for a Samba file server is that Samba has some builtin SID's that it needs to assign UID/GID's to. With winbind you can make sure that these don't incorrectly overlap which would be a security issue. With sssd you can't. In fact if you have more than one AD domain in a forest then sssd is probably not a good idea anyway. Now if you have random Linux box that is not acting as a Samba file server then by all means use sssd. But this is a Samba mailing list and presumably the majority of people are trying to get a Samba file server working. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] authentication problem with samba4 as a dcerpc server
Hi All, I’m trying to configure samba4 to run as a dcerpc server, listend on TCP port 135 only for ncacn_ip_tcp. when the msrpc request comes for the GSSAPI authentication, it fails to find the account related information in local database. I join it into a AD domain as a member, I noticed the account related information is stored in the secrets.tdb, not the secrets.ldb, but the samba4 server(the samba daemon) is trying to look for the secrets.ldb for these information. what can I do to pass the GSSAPI authentication (kerberos, or NTLM) for the msrpc, is there anything I missed? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4.0.6 update - login issues
I updated all 14 of our Domain Controllers to 4.0.6, and now I am having random authentication issues. Our radius server uses ntlm_auth to authenticate users. Every morning at 3AM since the update, ntlm_auth fails to authenticate. If I restart Samba 4 on the domain controller that the radius server connects to, then authentication works again. In addition, I am running Samba 3.5.10-125.el6 with winbind on all of our file servers. Users randomly become unable to authenticate and connect to file shares. If I restart Samba 4 on the domain controller closest to the file server, they are able to authenticate again. Simply restarting winbind doesn't resolve it. I need to restart the samba daemons on the domain controller. What might be causing this? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-06-05-0852/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-06-05-0852/samba3.stderr http://git.samba.org/autobuild.flakey/2013-06-05-0852/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-06-05-0852/samba.stderr http://git.samba.org/autobuild.flakey/2013-06-05-0852/samba.stdout The top commit at the time of the failure was: commit 1a6eac2c37f4d80033e450731bd36a9af4b2bd1d Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed May 29 22:17:35 2013 +0200 s4:samldb LDB module - permit userAccountControl modifications without acct. type Obviously this defaults to UF_NORMAL_ACCOUNT. Some background can be found in MS-SAMR section 3.1.1.8.10. Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Jun 5 03:26:25 CEST 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via fe51e23 Fix bug #9822 - Samba crashing during Win8 sync. via abff441 Remove dependency on detection of HAVE_DIRFD for use of fdopendir(). via 8d96eb3 Remove the Ugly hack that was the second use of dirfd(). via 93417c9 In the struct smb_Dir destructor, use the fsp back pointer to release resources. via 2683c9b Maintain a back-pointer to the fsp in struct smb_Dir when opening with FDOPENDIR. from 577b2e5 Fix bug 9900: is_printer_published GUID retrieval http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit fe51e23801b24af43ce605f51f3e607fae74d3b7 Author: Jeremy Allison j...@samba.org Date: Fri Apr 26 10:47:41 2013 -0700 Fix bug #9822 - Samba crashing during Win8 sync. When refactoring the dptr desctructor in the fix for bug: 9778 (Samba directory code uses dirfd() without vectoring through a VFS call) I removed the code to NULL out the struct smb_Dir * pointer inside the fsp struct by mistake. Re-add the NULLing out of that pointer when closing a directory pointer associated with an open file. Reporter confirms it fixes the crash. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@samba.org Autobuild-User(master): David Disseldorp dd...@samba.org Autobuild-Date(master): Sat Apr 27 20:44:55 CEST 2013 on sn-devel-104 (cherry picked from commit 251767cde9a146d8122d76e257ab232c05ad452a) commit abff441e445431970d1e25fa79e10276e576d9e3 Author: Jeremy Allison j...@samba.org Date: Wed Apr 10 16:30:10 2013 -0700 Remove dependency on detection of HAVE_DIRFD for use of fdopendir(). Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Fri Apr 12 16:21:10 CEST 2013 on sn-devel-104 (cherry picked from commit 7a4dd845958f1411daa8031ca242987001ab2f26) commit 8d96eb3666ce2e0f016068dfae60eb32ed2b518e Author: Jeremy Allison j...@samba.org Date: Wed Apr 10 16:29:03 2013 -0700 Remove the Ugly hack that was the second use of dirfd(). The destructor does all the resource deallocation needed. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit 0fe894fb89f4867e266bb04670a58101311e0234) commit 93417c945e12c3d03ba5c4b1cc0b02fb8dd692e0 Author: Jeremy Allison j...@samba.org Date: Wed Apr 10 16:24:15 2013 -0700 In the struct smb_Dir destructor, use the fsp back pointer to release resources. Removes one use of dirfd(). Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit ea14c9443178da9ae6ccbe71e573156396f6f699) commit 2683c9ba9d85ca7f341ae3b21d6e0430a4e7b8d7 Author: Jeremy Allison j...@samba.org Date: Wed Apr 10 16:21:39 2013 -0700 Maintain a back-pointer to the fsp in struct smb_Dir when opening with FDOPENDIR. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit e89ec641fc98ffd7f7193deb3728b0a284a093eb) --- Summary of changes: source3/lib/system.c |8 +++- source3/smbd/dir.c | 46 +++--- 2 files changed, 26 insertions(+), 28 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/system.c b/source3/lib/system.c index 7c0bb3f..1ca2f5e 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -882,16 +882,14 @@ SMB_STRUCT_DIR *sys_opendir(const char *name) } /*** - An fdopendir wrapper that will deal with 64 bit filesizes. - Ugly hack - we need dirfd for this to work correctly in the - calling code.. JRA. + An fdopendir wrapper. / SMB_STRUCT_DIR *sys_fdopendir(int fd) { -#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) defined(HAVE_FDOPENDIR64) defined(HAVE_DIRFD) +#if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) defined(HAVE_FDOPENDIR64) return fdopendir64(fd); -#elif defined(HAVE_FDOPENDIR) defined(HAVE_DIRFD) +#elif defined(HAVE_FDOPENDIR) return fdopendir(fd); #else errno = ENOSYS; diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index f7bc325..e6c8106 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -49,6 +49,8 @@ struct smb_Dir { struct name_cache_entry *name_cache; unsigned int name_cache_index; unsigned int file_number; + files_struct *fsp; /* Back pointer to containing fsp, only + set from
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 1d610ce s4:winbind: don't leak libnet_context into the main event context (bug #9929) from 62e25dc Fix bug 9900: is_printer_published GUID retrieval http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 1d610ce1a14f5a97c9b5cacca839b245df4bae6a Author: Stefan Metzmacher me...@samba.org Date: Fri May 31 16:04:26 2013 +0200 s4:winbind: don't leak libnet_context into the main event context (bug #9929) This needs to be a talloc child of struct wbsrv_domain otherwise the cleanup of a broken connection doesn't work. The following command can trigger the leak on a domain controller. root@dc:~/samba# ls -l /var/lib/samba/sysvol/samba.private/ total 16 drwxrwx---+ 5 root 300 4096 May 14 14:46 Policies drwxrwx---+ 2 root 300 4096 May 14 11:45 scripts gid 300 belongs to Builtin\Administrators. The code triggers a ncacn_np: connection to the local smbd and complains that domain BUILTIN is not available: [2013/05/29 17:28:03, 2] ../source4/winbind/wb_init_domain.c:376(init_domain_recv_queryinfo) Expected domain name BUILTIN, DC dc.samba.private said SAMBA In that case the connection was not closed, which is fixed by this commit. Using ncalrpc: for all local SIDs and serving the BUILTIN domain is a project for another day... Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Jun 4 11:05:09 CEST 2013 on sn-devel-104 (cherry picked from commit 097a8c723925d3e35606215cb16be28a37b0112e) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Wed Jun 5 13:57:16 CEST 2013 on sn-devel-104 --- Summary of changes: source4/winbind/wb_init_domain.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/winbind/wb_init_domain.c b/source4/winbind/wb_init_domain.c index 5e2aa47..70dbaa9 100644 --- a/source4/winbind/wb_init_domain.c +++ b/source4/winbind/wb_init_domain.c @@ -144,6 +144,8 @@ struct composite_context *wb_init_domain_send(TALLOC_CTX *mem_ctx, state-domain-libnet_ctx = libnet_context_init(service-task-event_ctx, service-task-lp_ctx); + if (state-domain-libnet_ctx == NULL) goto failed; + talloc_steal(state-domain, state-domain-libnet_ctx); /* Create a credentials structure */ state-domain-libnet_ctx-cred = cli_credentials_init(state-domain); -- Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-06-05-1504/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-06-05-1504/samba3.stderr http://git.samba.org/autobuild.flakey/2013-06-05-1504/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-06-05-1504/samba.stderr http://git.samba.org/autobuild.flakey/2013-06-05-1504/samba.stdout The top commit at the time of the failure was: commit 1a6eac2c37f4d80033e450731bd36a9af4b2bd1d Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed May 29 22:17:35 2013 +0200 s4:samldb LDB module - permit userAccountControl modifications without acct. type Obviously this defaults to UF_NORMAL_ACCOUNT. Some background can be found in MS-SAMR section 3.1.1.8.10. Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Wed Jun 5 03:26:25 CEST 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7d8354c smbd: Change logging when SET_OFFLINE is not supported from 1a6eac2 s4:samldb LDB module - permit userAccountControl modifications without acct. type http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7d8354c719fa620a580f6d7d322ca80185c50c7e Author: Christof Schmitt christof.schm...@us.ibm.com Date: Wed Jun 5 17:08:03 2013 -0700 smbd: Change logging when SET_OFFLINE is not supported A client can send a request to set the OFFLINE attribute. In the default code this is not supported and triggers a log message each time. Change this to only log with level 0 when an actual errors occurs, and log ENOTSUP with level 10. Signed-off-by: Christof Schmitt christof.schm...@us.ibm.com Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Jun 6 04:30:26 CEST 2013 on sn-devel-104 --- Summary of changes: source3/smbd/dosmode.c | 25 +++-- 1 files changed, 15 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index 04d27c7..a6ad107 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -732,16 +732,21 @@ int file_set_dosmode(connection_struct *conn, struct smb_filename *smb_fname, old_mode = dos_mode(conn, smb_fname); - if (dosmode FILE_ATTRIBUTE_OFFLINE) { - if (!(old_mode FILE_ATTRIBUTE_OFFLINE)) { - lret = SMB_VFS_SET_OFFLINE(conn, smb_fname); - if (lret == -1) { - DEBUG(0, (set_dos_mode: client has asked to - set FILE_ATTRIBUTE_OFFLINE to - %s/%s but there was an error while - setting it or it is not - supported.\n, parent_dir, - smb_fname_str_dbg(smb_fname))); + if ((dosmode FILE_ATTRIBUTE_OFFLINE) + !(old_mode FILE_ATTRIBUTE_OFFLINE)) { + lret = SMB_VFS_SET_OFFLINE(conn, smb_fname); + if (lret == -1) { + if (errno == ENOTSUP) { + DEBUG(10, (Setting FILE_ATTRIBUTE_OFFLINE for + %s/%s is not supported.\n, + parent_dir, + smb_fname_str_dbg(smb_fname))); + } else { + DEBUG(0, (An error occurred while setting + FILE_ATTRIBUTE_OFFLINE for + %s/%s: %s, parent_dir, + smb_fname_str_dbg(smb_fname), + strerror(errno))); } } } -- Samba Shared Repository