[Samba] Winbind in Samba 4 suite and the template homedir parameter

2013-07-19 Thread Davor Vusir 
Hi!

The command samba-tool testparm -v returns template homedir = 
/home/%WORKGROUP%/%ACCOUNTNAME%.

Is there other variables that can be used?

It is possible to add one or more uPNSuffixes to Samba 4 AD DC to alter the 
userPrincipalName. Both on the domain level 
(cn=uPNSuffixes,cn=Partitions,...) and on OU-level 
(cn=uPNSuffixes,ou=example.org,dc=...) But is it possible to return the dns 
domain part, %UPNSUFFIXES%, in winbind? And use it for domain separated paths 
to home directories?

For example:
uPNSuffixes = example.org, example.net

[global]
template homedir = /home/%UPNSUFFIXES%/%ACCOUNTNAME%

And winbind returns /home/example.org/username and 
/home/example.net/username respectivly.

Regards
Davor
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] dns query not giving back all registers

2013-07-19 Thread felix 

Hello list.

If I query my samba4 Active Directory domain with dig mydomain ANY or MX
it answers just with SOA and NS records, but not MX or some others I have
already defined. Is it right??

I've tried from the own samba4 server and from another linux host.

My samba4 is up-to-date.
Using bind9.7.3 with samba_dlz.

Thanks in advance.
Felix.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba4 PDC to Samba4 DC works great, Win2003 PDC to Samba4 DC not so great

2013-07-19 Thread Garth Keesler 

I've posted before about this but I'll add more info.

I've set up two Samba DCs in a domain, using both 4.0.7 and 4.1RC1, and 
all works great including Forest and Domain DNS repl in both directions. 
When I add a Samba 4.0.7 or 4.1RC1 DC to an existing Win2003 PDC with 
Forest level of 2003, Forest and Domain DNS repl is only from PDC to DC, 
never in the other direction. I've followed just about every thread on 
this topic but never with any success. This has to work in order to 
demote the WinPDC and use Samba as the only DCs in the domain.


Has anyone successfully done this? Should this work? If not, is there 
another way to do this? I've even looked at LDIFDE as a possibility but 
I don't think that'll do it.


Any help/advice greatly appreciated.

Thanx,
Garth
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Shares on failover IP

2013-07-19 Thread Robert Gurdon 

Hi,

Anyone has any thought why I could not acces the shares on the failover IP?

Robert

2013-07-18 14:46 keltezéssel, Sandbox írta:

Hi,


I have a failover configuration.

The domain controller's IP: 10.23.14.150 as dc01
The failover IP is: 10.23.14.155 as dcha

I added an A and a CNAME record to the dns for the failover IP.


It is working, i can see the shares, but I could not enter to any 
share as user, as Administrator it works.
I tried to add the interface variable (i am not sure this is available 
in samba4), that wasn't helped.


Thanks, Robert


--
Kind regards:

Robert



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

autobuild: intermittent test failure detected

2013-07-19 Thread autobuild 
The autobuild test system has detected an intermittent failing test in 
the current master tree.

The autobuild log of the failure is available here:

   http://git.samba.org/autobuild.flakey/2013-07-19-1145/flakey.log

The samba3 build logs are available here:

   http://git.samba.org/autobuild.flakey/2013-07-19-1145/samba3.stderr
   http://git.samba.org/autobuild.flakey/2013-07-19-1145/samba3.stdout

The source4 build logs are available here:

   http://git.samba.org/autobuild.flakey/2013-07-19-1145/samba.stderr
   http://git.samba.org/autobuild.flakey/2013-07-19-1145/samba.stdout
  
The top commit at the time of the failure was:

commit 51c68c28b27cd1644187af32cc4f630a7471cd28
Author: Shekhar Amlekar samle...@in.ibm.com
Date:   Thu Jul 11 21:12:29 2013 +0530

librpc: srvsvc.idl: define level 1005 share info flags

define level 1005 share info flags.

Reviewed-by: Günther Deschner g...@samba.org

Autobuild-User(master): Günther Deschner g...@samba.org
Autobuild-Date(master): Thu Jul 18 16:35:51 CEST 2013 on sn-devel-104

[SCM] Samba Shared Repository - branch master updated

2013-07-19 Thread Andrew Bartlett 
The branch, master has been updated
   via  bb21fc5 Add torture tests to raw.eas to check sending Windows 
invalid names in the middle of an EA list.
   via  5d54ac4 Reply with correct trans2 message on a setpathinfo with a 
bad EA name.
   via  b50b006 Ensure we do pathname processing before SD and EA 
processing in NTTRANS_CREATE.
   via  4a43600 Ensure we can't create a file using NTTRANS with an invalid 
EA list.
   via  66fb5ee Ensure we can't create a file using TRANS2_OPEN with an 
invalid EA list.
   via  fe542fc Add error map of STATUS_INVALID_EA_NAME - ERRDOS, 
ERRbadfile
   via  50a288c Add the ability to send an NTSTATUS result back with a 
trans2 reply so we can return a parameter block with an error code.
   via  21c9296 Ensure we can't create a file using SMB2_CREATE with an 
invalid EA list.
   via  66e7b15 Ensure we never return an EA name to a Windows client it 
can't handle.
   via  f246d69 Ensure set_ea cannot set invalid Windows EA names.
   via  1766f9e Add ea_list_has_invalid_name() function.
  from  51c68c2 librpc: srvsvc.idl: define level 1005 share info flags

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit bb21fc51e42c830d7fab4e89d83f8ef4d122fa1a
Author: Jeremy Allison j...@samba.org
Date:   Tue Jul 9 16:37:48 2013 -0700

Add torture tests to raw.eas to check sending Windows invalid names in the 
middle of an EA list.

Add torture tests to probe the set of invalid
Windows EA names.

Bug 9992 - Windows error 0x800700FE when copying files with xattr names 
containing :

Signed-off-by: Jeremy Allison j...@samba.org

Reviewed-by: Andrew Bartlett abart...@samba.org

Autobuild-User(master): Andrew Bartlett abart...@samba.org
Autobuild-Date(master): Fri Jul 19 11:50:25 CEST 2013 on sn-devel-104

commit 5d54ac414f2130fcbd434b7c96e1efe4a22cc1ff
Author: Jeremy Allison j...@samba.org
Date:   Tue Jul 16 09:14:12 2013 -0700

Reply with correct trans2 message on a setpathinfo with a bad EA name.

Bug 9992 - Windows error 0x800700FE when copying files with xattr names 
containing :

Signed-off-by: Jeremy Allison j...@samba.org

Reviewed-by: Andrew Bartlett abart...@samba.org

commit b50b006ace92bb0781173b1244e84ae7bf64732f
Author: Jeremy Allison j...@samba.org
Date:   Tue Jul 16 11:05:10 2013 -0700

Ensure we do pathname processing before SD and EA processing in 
NTTRANS_CREATE.

Bug 9992 - Windows error 0x800700FE when copying files with xattr names 
containing :

Signed-off-by: Jeremy Allison j...@samba.org

Reviewed-by: Andrew Bartlett abart...@samba.org

commit 4a4360070589a314667166f86c395878659123e1
Author: Jeremy Allison j...@samba.org
Date:   Tue Jul 9 15:54:39 2013 -0700

Ensure we can't create a file using NTTRANS with an invalid EA list.

Bug 9992 - Windows error 0x800700FE when copying files with xattr names 
containing :

Signed-off-by: Jeremy Allison j...@samba.org

Reviewed-by: Andrew Bartlett abart...@samba.org

commit 66fb5eeb968e12049381337d7c01401815537a34
Author: Jeremy Allison j...@samba.org
Date:   Tue Jul 9 15:59:53 2013 -0700

Ensure we can't create a file using TRANS2_OPEN with an invalid EA list.

Bug 9992 - Windows error 0x800700FE when copying files with xattr names 
containing :

Signed-off-by: Jeremy Allison j...@samba.org

Reviewed-by: Andrew Bartlett abart...@samba.org

commit fe542fc170053a370092fcf442075dc44189f23e
Author: Jeremy Allison j...@samba.org
Date:   Wed Jul 10 12:18:36 2013 -0700

Add error map of STATUS_INVALID_EA_NAME - ERRDOS, ERRbadfile

(from Windows2012 tests).

Bug 9992 - Windows error 0x800700FE when copying files with xattr names 
containing :

Signed-off-by: Jeremy Allison j...@samba.org

Reviewed-by: Andrew Bartlett abart...@samba.org

commit 50a288cb6a9bfff1d16cf488bbc0eedcb6ad4602
Author: Jeremy Allison j...@samba.org
Date:   Wed Jul 10 12:38:41 2013 -0700

Add the ability to send an NTSTATUS result back with a trans2 reply so we 
can return a parameter block with an error code.

This is needed when returning a STATUS_INVALID_NAME result (tested
from Windows 2012).

Bug 9992 - Windows error 0x800700FE when copying files with xattr names 
containing :

Signed-off-by: Jeremy Allison j...@samba.org

Reviewed-by: Andrew Bartlett abart...@samba.org

commit 21c92969b8d0ad7a77028d24c5b3fea63264e473
Author: Jeremy Allison j...@samba.org
Date:   Tue Jul 9 16:02:50 2013 -0700

Ensure we can't create a file using SMB2_CREATE with an invalid EA list.

Bug 9992 - Windows error 0x800700FE when copying files with xattr names 
containing :

Signed-off-by: Jeremy Allison j...@samba.org

Reviewed-by: Andrew Bartlett abart...@samba.org

commit

[SCM] Samba Shared Repository - branch master updated

2013-07-19 Thread Günther Deschner 
The branch, master has been updated
   via  44429f9 s3-printing: avoid KRB5CCNAME overwrite in printer 
publishing (Bug #7444).
  from  bb21fc5 Add torture tests to raw.eas to check sending Windows 
invalid names in the middle of an EA list.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 44429f948b72e7bcf968da492592c57864f211c7
Author: Günther Deschner g...@samba.org
Date:   Fri Jul 19 15:10:05 2013 +0200

s3-printing: avoid KRB5CCNAME overwrite in printer publishing (Bug #7444).

Guenther

Signed-off-by: Günther Deschner g...@samba.org
Reviewed-by: Andreas Schneider a...@samba.org

Autobuild-User(master): Günther Deschner g...@samba.org
Autobuild-Date(master): Fri Jul 19 17:53:08 CEST 2013 on sn-devel-104

---

Summary of changes:
 source3/printing/nt_printing_ads.c |   13 +
 1 files changed, 13 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/printing/nt_printing_ads.c 
b/source3/printing/nt_printing_ads.c
index dcd31b7..5d5f564 100644
--- a/source3/printing/nt_printing_ads.c
+++ b/source3/printing/nt_printing_ads.c
@@ -417,6 +417,7 @@ WERROR nt_printer_publish(TALLOC_CTX *mem_ctx,
ADS_STATUS ads_rc;
ADS_STRUCT *ads = NULL;
WERROR win_rc;
+   char *old_krb5ccname = NULL;
 
sinfo2 = talloc_zero(mem_ctx, struct spoolss_SetPrinterInfo2);
if (!sinfo2) {
@@ -454,6 +455,7 @@ WERROR nt_printer_publish(TALLOC_CTX *mem_ctx,
win_rc = WERR_SERVER_UNAVAILABLE;
goto done;
}
+   old_krb5ccname = getenv(KRB5_ENV_CCNAME);
setenv(KRB5_ENV_CCNAME, MEMORY:prtpub_cache, 1);
SAFE_FREE(ads-auth.password);
ads-auth.password = secrets_fetch_machine_password(lp_workgroup(),
@@ -479,6 +481,11 @@ WERROR nt_printer_publish(TALLOC_CTX *mem_ctx,
 
 done:
ads_destroy(ads);
+   ads_kdestroy(MEMORY:prtpub_cache);
+   unsetenv(KRB5_ENV_CCNAME);
+   if (old_krb5ccname) {
+   setenv(KRB5_ENV_CCNAME, old_krb5ccname, 0);
+   }
return win_rc;
 }
 
@@ -493,6 +500,7 @@ WERROR check_published_printers(struct messaging_context 
*msg_ctx)
struct spoolss_PrinterInfo2 *pinfo2;
NTSTATUS status;
WERROR result;
+   char *old_krb5ccname = NULL;
 
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) return WERR_NOMEM;
@@ -502,6 +510,7 @@ WERROR check_published_printers(struct messaging_context 
*msg_ctx)
DEBUG(3, (ads_init() failed\n));
return WERR_SERVER_UNAVAILABLE;
}
+   old_krb5ccname = getenv(KRB5_ENV_CCNAME);
setenv(KRB5_ENV_CCNAME, MEMORY:prtpub_cache, 1);
SAFE_FREE(ads-auth.password);
ads-auth.password = secrets_fetch_machine_password(lp_workgroup(),
@@ -546,6 +555,10 @@ WERROR check_published_printers(struct messaging_context 
*msg_ctx)
 done:
ads_destroy(ads);
ads_kdestroy(MEMORY:prtpub_cache);
+   unsetenv(KRB5_ENV_CCNAME);
+   if (old_krb5ccname) {
+   setenv(KRB5_ENV_CCNAME, old_krb5ccname, 0);
+   }
talloc_free(tmp_ctx);
return result;
 }


-- 
Samba Shared Repository