Re: [Samba] Upgrade
On Fri, 2013-08-09 at 11:49 +0200, Sandbox wrote: Hi Guys, Well I made a bad decision and installed Samba4 from zentyal repo, I would like to upgrade it, is it enough to backup all files from %installation folder%/private directory and then copy into the newly installed version's private folder? Ensure you also move the sysvol tree, the lock, locks and state dirs and the etc/smb.conf file, and keep the xattrs. Essentially find the new location for all the files, and move them to match. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 with LDAP proxy in DMZ
On Thu, 2013-08-08 at 17:14 +0100, Julian Pilfold-Bagwell wrote: Hi All, I'm setting up a Samba AD domain which works perfectly with the WIn 7 server tools and so far everything is going fine. What has me stumped is setting up an LDAP proxy in our DMZ against which I can authenticate our email and web services. I've got port 389 open on my main Samba 4 DC and if I use the domain administrator account to bind the proxy, everything works. In order to give a degree of separation however, I've created a user called ldapbindacc and have used the server remote admin tools to delegate control of the directory server to that user with read only access to user and group details. When I try to access the directory using this account, I get the following error message (the password is definitely correct): # ldapsearch -LLL -H ldap://127.0.0.1 -b 'dc=bordengrammar,dc=kent,dc=sch,dc=uk' -D 'cn=ldapbindacc,cn=Users,dc=bordengrammar,dc=kent,dc=sch,dc=uk' -W '(sAMAccountName=Test.User)' Enter LDAP Password: ldap_bind: Invalid credentials (49) additional info: Simple Bind Failed: NT_STATUS_LOGON_FAILURE As I'm moving fro Samba 3 to 4, my AD knowledge is limited so I've been patching things together from various howto's. Has anyone succeeded in this who can give me some tips. Try just setting the DN as ldapbind...@bordengrammer.kent.sch.uk (AD allows these kind of DNs for binds). Otherwise, just turn up the logging on the Samba side and see what it says. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade
On 9-8-2013 11:49, Sandbox wrote: Hi Guys, Well I made a bad decision and installed Samba4 from zentyal repo, Why was that a bad decision? I have been looking at it and for certain use cases it looks nice. Regards, Joop -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 Using AD/UNIX attributes for home directory and shell not possible?
Hi, while googling around I already suspected that using winbind and samba4 is not a perfect solution. I tried to setup sssd on my debian wheezy machine but I'm not able to get a running setup: When starting up sssd the following error appear: (Mon Aug 12 09:57:43 2013) [sssd[be[shadow.local]]] [setup_child] (0x0010): Could not verify keytab (Mon Aug 12 09:57:43 2013) [sssd[be[shadow.local]]] [load_backend_module] (0x0010): Error (2) in module (ldap) initialization (sssm_ldap_id_init)! (Mon Aug 12 09:57:43 2013) [sssd[be[shadow.local]]] [be_process_init] (0x0010): fatal error initializing data providers (Mon Aug 12 09:57:43 2013) [sssd[be[shadow.local]]] [main] (0x0010): Could not initialize backend [2] My /etc/sssd/sssd.conf looks like: [sssd] config_file_version = 2 domains = shadow.local services = nss, pam debug_level = 7 [nss] [pam] [domain/shadow.local] cache_credentials = true id_provider = ldap auth_provider = krb5 chpass_provider = krb5 access_provider = ldap krb5_realm = SHADOW.LOCAL ldap_referrals = false ldap_sasl_mech = GSSAPI ldap_schema = rfc2307bis ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true ldap_user_object_class = user ldap_user_name = sAMAccountName ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_group_object_class = group ldap_group_name = sAMAccountName sssd version on debian wheezy is 1.8.4. Any ideas whats wrong? Best Regards Markus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Speed differences for windows clients
Hi, we have a strange phenomenon with the transfer speed between windows clients and samba servers. Here's the setup: server 1: centos 6.3 with samba 3.5.10 server 2: centos 6.4 with samba 3.6.9 both servers are configured as BDC and have - aside from netbios name - identical smb.conf which contains ldapsam as backend and all other parameters are not set (i.e. default) When I mount a share from a linux client, the transfer speed is ~112MB/sec to either server from any linux client. However, when I mount a share from Windows clients, the speed to server 1 is ~95MB/s and to server 2 ~85MB/s. We tested this with several windows clients (all running Windows 7 with all updates). The speed difference between linux client and windows client is not what's confusing me but that server 2 is always slower than server 1. Any ideas what could cause this? Philipp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Using AD/UNIX attributes for home directory and shell not possible?
On 12/08/13 10:04, Markus Gillmeister wrote: Hi, while googling around I already suspected that using winbind and samba4 is not a perfect solution. I tried to setup sssd on my debian wheezy machine but I'm not able to get a running setup: When starting up sssd the following error appear: (Mon Aug 12 09:57:43 2013) [sssd[be[shadow.local]]] [setup_child] (0x0010): Could not verify keytab (Mon Aug 12 09:57:43 2013) [sssd[be[shadow.local]]] [load_backend_module] (0x0010): Error (2) in module (ldap) initialization (sssm_ldap_id_init)! (Mon Aug 12 09:57:43 2013) [sssd[be[shadow.local]]] [be_process_init] (0x0010): fatal error initializing data providers (Mon Aug 12 09:57:43 2013) [sssd[be[shadow.local]]] [main] (0x0010): Could not initialize backend [2] My /etc/sssd/sssd.conf looks like: [sssd] config_file_version = 2 domains = shadow.local services = nss, pam debug_level = 7 [nss] [pam] [domain/shadow.local] cache_credentials = true id_provider = ldap auth_provider = krb5 chpass_provider = krb5 access_provider = ldap krb5_realm = SHADOW.LOCAL ldap_referrals = false ldap_sasl_mech = GSSAPI ldap_schema = rfc2307bis ldap_access_order = expire ldap_account_expire_policy = ad ldap_force_upper_case_realm = true ldap_user_object_class = user ldap_user_name = sAMAccountName ldap_user_home_directory = unixHomeDirectory ldap_user_principal = userPrincipalName ldap_group_object_class = group ldap_group_name = sAMAccountName sssd version on debian wheezy is 1.8.4. Any ideas whats wrong? Best Regards Markus Hi mmm, 1.8.4. For AD out of the box you need version 1.10.1 but you could try this. You haven't specified the DC or any of the gssapi stuff: remove: access_provider = and add : krb5_realm = krb5_server = krb5_kpasswd = ldap_sasl_authid = ldap_krb5_keytab = /etc/krb5.keytab ldap_krb5_init_creds = true krb5_validate = False for server and kpasswd use names not IP's for ldap_sasl_authid use the machine key from the keytab it prodv¡ded when you joined the domain, something like MACHINE$ There are example configs for both rfc2307bis and AD schemas here: http://linuxcostablanca.blogspot.com.es/2013/04/sssd-in-samba-40.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba/winbind UID mismatch.
Hello everyone, I am running Samba 4.0.8 on Arch Linux (installed from the Arch Repo) I have winbind authentication configured and working. I am able to login via ssh, and at the machine console with my samba credentials. I also have a Windows 8 client and an OS X client which is able to connect to this system via smb. However, when I create files or directories via smb I seem to have a UID mismatch compared to when I create files/directories via shell or at the console When I type id at the shell, it tells me my uid is 318 . Files created at the shell or console have this as the owner. When I copy files via smb the uid is 300. In idmap.ldb , my xidNumber is 318. Am I missing something ? Thanks in advance, - Pramod signature.asc Description: Message signed with OpenPGP using GPGMail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] drs failed on version 4.1.0rc2: RID Manager failed RID allocation - WERR_BADFILE
I installed samba as an AD as described on the wiki and set up replication as described on the wiki. I checked and users are not replicated. I am getting the following messages Primary server (SambaCK): LOG: Copyright Andrew Tridgell and the Samba Team 1992-2013 [2013/08/12 08:48:46.359901, 0] ../source4/smbd/server.c:492(binary_smbd_main) samba: using 'standard' process model [2013/08/12 08:48:46.582463, 0] ../source4/lib/tls/tlscert.c:70(tls_cert_generate) Attempting to autogenerate TLS self-signed keys for https for hostname ' SAMBACK.ec.sbat.be' [2013/08/12 08:48:47.078082, 0] ../source4/lib/tls/tlscert.c:166(tls_cert_generate) TLS self-signed keys generated OK [2013/08/12 11:25:55.632341, 0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler) /usr/sbin/rndc: rndc: connect failed: 127.0.0.1#953: connection refused root@SambaCK:/usr/src/samba-4.1.0rc2# samba-tool drs showrepl Default-First-Site-Name\SAMBACK DSA Options: 0x0001 DSA object GUID: 7040f3b8-017f-4083-9e9d-4476d02f6993 DSA invocationId: b1d14df0-427b-43aa-8cc5-22a6f3ead48d INBOUND NEIGHBORS DC=DomainDnsZones,DC=ec,DC=sbat,DC=be 1016\SAMBA1016 via RPC DSA object GUID: 652575fc-ccf4-4d1e-9379-70c817e0cb75 Last attempt @ Mon Aug 12 12:44:02 2013 CEST failed, result 2 (WERR_BADFILE) 15 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=ec,DC=sbat,DC=be 1016\SAMBA1016 via RPC DSA object GUID: 652575fc-ccf4-4d1e-9379-70c817e0cb75 Last attempt @ Mon Aug 12 12:44:02 2013 CEST failed, result 2 (WERR_BADFILE) 15 consecutive failure(s). Last success @ NTTIME(0) DC=ec,DC=sbat,DC=be 1016\SAMBA1016 via RPC DSA object GUID: 652575fc-ccf4-4d1e-9379-70c817e0cb75 Last attempt @ Mon Aug 12 12:44:02 2013 CEST failed, result 2 (WERR_BADFILE) 15 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=ec,DC=sbat,DC=be 1016\SAMBA1016 via RPC DSA object GUID: 652575fc-ccf4-4d1e-9379-70c817e0cb75 Last attempt @ Mon Aug 12 12:44:02 2013 CEST failed, result 2 (WERR_BADFILE) 15 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=ec,DC=sbat,DC=be 1016\SAMBA1016 via RPC DSA object GUID: 652575fc-ccf4-4d1e-9379-70c817e0cb75 Last attempt @ Mon Aug 12 12:44:02 2013 CEST failed, result 2 (WERR_BADFILE) 15 consecutive failure(s). Last success @ NTTIME(0) OUTBOUND NEIGHBORS DC=DomainDnsZones,DC=ec,DC=sbat,DC=be 1016\SAMBA1016 via RPC DSA object GUID: 652575fc-ccf4-4d1e-9379-70c817e0cb75 Last attempt @ Mon Aug 12 12:44:29 2013 CEST failed, result 2 (WERR_BADFILE) 905 consecutive failure(s). Last success @ NTTIME(0) DC=ForestDnsZones,DC=ec,DC=sbat,DC=be 1016\SAMBA1016 via RPC DSA object GUID: 652575fc-ccf4-4d1e-9379-70c817e0cb75 Last attempt @ Mon Aug 12 12:44:29 2013 CEST failed, result 2 (WERR_BADFILE) 905 consecutive failure(s). Last success @ NTTIME(0) DC=ec,DC=sbat,DC=be 1016\SAMBA1016 via RPC DSA object GUID: 652575fc-ccf4-4d1e-9379-70c817e0cb75 Last attempt @ Mon Aug 12 12:44:29 2013 CEST failed, result 2 (WERR_BADFILE) 905 consecutive failure(s). Last success @ NTTIME(0) CN=Schema,CN=Configuration,DC=ec,DC=sbat,DC=be 1016\SAMBA1016 via RPC DSA object GUID: 652575fc-ccf4-4d1e-9379-70c817e0cb75 Last attempt @ Mon Aug 12 12:44:29 2013 CEST failed, result 2 (WERR_BADFILE) 905 consecutive failure(s). Last success @ NTTIME(0) CN=Configuration,DC=ec,DC=sbat,DC=be 1016\SAMBA1016 via RPC DSA object GUID: 652575fc-ccf4-4d1e-9379-70c817e0cb75 Last attempt @ Mon Aug 12 12:44:29 2013 CEST failed, result 2 (WERR_BADFILE) 905 consecutive failure(s). Last success @ NTTIME(0) KCC CONNECTION OBJECTS Connection -- Connection name: 399cadb6-df56-4b6b-8841-7a59f070a01a Enabled: TRUE Server DNS name : SAMBA1016.ec.sbat.be Server DN name : CN=NTDS Settings,CN=SAMBA1016,CN=Servers,CN=1016,CN=Sites,CN=Configuration,DC=ec,DC=sbat,DC=be TransportType: RPC options: 0x0001 Warning: No NC replicated for Connection! Secondary server ( samba1016 ): root@samba1016:~# samba-tool drs showrepl 1016\SAMBA1016 DSA Options: 0x0001 DSA object GUID: 652575fc-ccf4-4d1e-9379-70c817e0cb75 DSA invocationId: 0219cdda-0ded-47c4-abf7-2d9743b20669 INBOUND NEIGHBORS DC=ec,DC=sbat,DC=be
Re: [Samba] Samba/winbind UID mismatch.
On 12/08/13 13:04, Pramod Venugopal wrote: Hello everyone, I am running Samba 4.0.8 on Arch Linux (installed from the Arch Repo) I have winbind authentication configured and working. I am able to login via ssh, and at the machine console with my samba credentials. I also have a Windows 8 client and an OS X client which is able to connect to this system via smb. However, when I create files or directories via smb I seem to have a UID mismatch compared to when I create files/directories via shell or at the console When I type id at the shell, it tells me my uid is 318 . Files created at the shell or console have this as the owner. When I copy files via smb the uid is 300. In idmap.ldb , my xidNumber is 318. Am I missing something ? Thanks in advance, - Pramod Hi A quick fix maybe. 1. Add the line: idmap_ldb use:rfc2307 = Yes to smb.conf 2. add: uidNumber: 318 to the DN of the user 3. Always work on the DC either by ssh or at the console. Then the uidNumber will _always_ be 318. There are many ways to do the same but I don't know Arch so dare not suggest. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Classic Upgrade: Unable to enumerate group memberships
Hello. I'm using Version 4.0.8-SerNet-Ubuntu-5.precise (Also, a heads up on this release; the folder /var/run/samba must be created upon reboot. When starting Samba I get this error: ERROR: can't open /var/run/samba/samba.pid: Error was No such file or directory) So anyway, when trying to do a classic upgrade/migration in order to preserve authentication information on a new domain. After rsyncing the required files over and downloading samba4, I execute this command: samba-tool domain classicupgrade --dbdir=samba --use-xattrs=yes --realm=[domain_name_of_samba3] smb.conf Reading smb.conf Provisioning Exporting account policy Exporting groups Ignoring group 'Domain Admins' S-1-5-21-2050790810-484269470-3964389469-1001 listed but then not found: Unable to enumerate group members, (-1073741722,No such group) Ignoring group 'Students' S-1-5-21-2050790810-484269470-3964389469-1045 listed but then not found: Unable to enumerate group members, (-1073741722,No such group) Ignoring group 'exams' S-1-5-21-2050790810-484269470-3964389469-1374 listed but then not found: Unable to enumerate group members, (-1073741722,No such group) Ignoring group 'Teachers' S-1-5-21-2050790810-484269470-3964389469-1046 listed but then not found: Unable to enumerate group members, (-1073741722,No such group) Exporting users Ignoring group memberships of 'PORTAGE-E49E7EA$' S-1-5-21-2050790810-484269470-3964389469-1158: Unable to enumerate group memberships, (-1073741724,No such user) Ignoring group memberships of 'OUTREACH-04$' S-1-5-21-2050790810-484269470-3964389469-1036: Unable to enumerate group memberships, (-1073741724,No such user) ...over and over for each user. Then the usual provisioning info displays and the AD is up and running, then this message: DOMAIN SID:S-1-5-21-2050790810-484269470-3964389469 Importing WINS database ERROR(ldb): uncaught exception - Entry name=OUTREACHLAB-07,type=0x20 already exists File /usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/lib/python2.7/dist-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/lib/python2.7/dist-packages/samba/upgrade.py, line 860, in upgrade_from_samba3 import_wins(Ldb(result.paths.winsdb), samba3_winsdb) File /usr/lib/python2.7/dist-packages/samba/upgrade.py, line 365, in import_wins address: ips}) I've tried migrating the groups before/after/inbetween, according to this: https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO#Migrating_Groups Samba-tool seemed to be inconsistent in this regard, sometimes adding a group without issue, sometimes failing due to a bad dn (possibly, I forget the error.) Regardless, the users would never add to AD. So any direction would be valued at this point. Thanks! (Here's the smb.conf I'm working with:) [global] ## Browsing/Identification ### netbios name = PROTEUS # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = BSO # server string is the equivalent of the NT Description field server string = %h server # This gets rid of a bunch of stupid error messages in the logs smb ports = 139 # Act as a time server time server = yes wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # This will prevent nmbd to search for NetBIOS names through DNS. dns proxy = no # What naming service and in what order should we use to resolve host names # to IP addresses ; name resolve order = lmhosts host wins bcast Networking # The specific set of interfaces / networks to bind to # This can be either the interface name or an IP address/netmask; # interface names are normally preferred ; interfaces = 127.0.0.0/8 eth0 # Only bind to the named interfaces and/or networks; you must use the # 'interfaces' option above to use this. # It is recommended that you enable this feature if your Samba machine is # not protected by a firewall or is a firewall itself. However, this # option cannot handle dynamic or non-broadcast interfaces correctly. ; bind interfaces only = yes Debugging/Accounting log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 # Do something sensible when Samba crashes: mail the admin a backtrace panic action = /usr/share/samba/panic-action %d ### Authentication ### security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user server signing = auto ## Domains ### domain logons =
[Samba] Samba 3.6 File server with W2k3 DC
Hi, I've been fighting against a file server with samba 3.6.9-151.el6 authenticating from a windows 2003 server. I've read a thousand posts and howtos with all kind of samba versions without success. It looks like windbind is not processing things right. I've set the unix permissions on the folder to CANAL4\graficos right and the parent folder is world readable so this should not be the problem. Any hints are appreciate. This is the samba log for a client: [2013/08/12 13:56:21.449931, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.2.118 (192.168.2.118) [2013/08/12 13:56:21.450014, 3] smbd/oplock.c:922(init_oplocks) init_oplocks: initializing messages. [2013/08/12 13:56:21.450084, 3] smbd/oplock_linux.c:239(linux_init_kernel_oplocks) Linux kernel oplocks enabled [2013/08/12 13:56:21.450175, 3] smbd/process.c:1662(process_smb) Transaction 0 of length 159 (0 toread) [2013/08/12 13:56:21.450217, 3] smbd/process.c:1467(switch_message) switch message SMBnegprot (pid 27114) conn 0x0 [2013/08/12 13:56:21.450509, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2013/08/12 13:56:21.450555, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN1.0] [2013/08/12 13:56:21.450587, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [Windows for Workgroups 3.1a] [2013/08/12 13:56:21.450621, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LM1.2X002] [2013/08/12 13:56:21.450663, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [LANMAN2.1] [2013/08/12 13:56:21.450701, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [NT LM 0.12] [2013/08/12 13:56:21.450734, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [SMB 2.002] [2013/08/12 13:56:21.450767, 3] smbd/negprot.c:598(reply_negprot) Requested protocol [SMB 2.???] [2013/08/12 13:56:21.450857, 3] smbd/negprot.c:419(reply_nt1) using SPNEGO [2013/08/12 13:56:21.450894, 3] smbd/negprot.c:704(reply_negprot) Selected protocol NT LM 0.12 [2013/08/12 13:56:21.480917, 3] smbd/process.c:1662(process_smb) Transaction 1 of length 1500 (0 toread) [2013/08/12 13:56:21.481068, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 27114) conn 0x0 [2013/08/12 13:56:21.481122, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2013/08/12 13:56:21.481159, 2] smbd/sesssetup.c:1279(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2013/08/12 13:56:21.481193, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2013/08/12 13:56:21.481240, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2013/08/12 13:56:21.481306, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1354 [2013/08/12 13:56:21.501097, 3] libads/authdata.c:332(decode_pac_data) Found account name from PAC: Graficos [Graficos] [2013/08/12 13:56:21.501177, 3] auth/user_krb5.c:50(get_user_from_kerberos_info) Kerberos ticket principal name is [grafi...@montecarlotv.com.uy] [2013/08/12 13:56:21.502480, 3] smbd/password.c:298(register_existing_vuid) register_existing_vuid: User name: CANAL4\graficosReal name: Graficos [2013/08/12 13:56:21.502527, 3] smbd/password.c:308(register_existing_vuid) register_existing_vuid: UNIX uid 10002 is UNIX user CANAL4\graficos, and will be vuid 101 [2013/08/12 13:56:21.502606, 3] smbd/password.c:238(register_homes_share) Adding homes service for user 'CANAL4\graficos' using home directory: '/home/CANAL4/graficos' [2013/08/12 13:56:21.502674, 3] param/loadparm.c:6582(lp_add_home) adding home's share [graficos] for user 'CANAL4\graficos' at '/home/CANAL4/graficos' [2013/08/12 13:56:21.503302, 3] smbd/process.c:1662(process_smb) Transaction 2 of length 118 (0 toread) [2013/08/12 13:56:21.503371, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 27114) conn 0x0 [2013/08/12 13:56:21.503491, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.2.118 (192.168.2.118) [2013/08/12 13:56:21.503540, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID CANAL4\Datos is not in a valid format [2013/08/12 13:56:21.504880, 2] smbd/service.c:627(create_connection_session_info) user 'CANAL4\graficos' (from session setup) not permitted to access this share (Datos) [2013/08/12 13:56:21.504930, 1] smbd/service.c:805(make_connection_snum) create_connection_session_info failed: NT_STATUS_ACCESS_DENIED [2013/08/12 13:56:21.504969, 3] smbd/error.c:81(error_packet_set) error packet at smbd/reply.c(803) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED [2013/08/12 13:56:21.505345, 3] smbd/process.c:1662(process_smb) Transaction 3 of length 43 (0 toread) [2013/08/12 13:56:21.505412, 3] smbd/process.c:1467(switch_message) switch message SMBulogoffX (pid 27114) conn 0x0
Re: [Samba] samba 4.0.x : samba_backup wrong path line 54
Hello, Am 12.08.2013 07:33, schrieb m...@electronico.nc: (samba 4.0.8 compiled from git source) Just tried the samba_backup from https://wiki.samba.org/index.php/Backup_and_Recovery line 54 mention : tdbbackup $ldb where it should be /usr/local/samba/bin/tdbbackup $ldb Thanks for this nice samba version ! Simply add your samba directory to your $PATH variable. http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Paths Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 with LDAP proxy in DMZ
Hello Julian, Am 08.08.2013 18:14, schrieb Julian Pilfold-Bagwell: I'm setting up a Samba AD domain which works perfectly with the WIn 7 server tools and so far everything is going fine. What has me stumped is setting up an LDAP proxy in our DMZ against which I can authenticate our email and web services. I've got port 389 open on my main Samba 4 DC and if I use the domain administrator account to bind the proxy, everything works. In order to give a degree of separation however, I've created a user called ldapbindacc and have used the server remote admin tools to delegate control of the directory server to that user with read only access to user and group details. When I try to access the directory using this account, I get the following error message (the password is definitely correct): # ldapsearch -LLL -H ldap://127.0.0.1 -b 'dc=bordengrammar,dc=kent,dc=sch,dc=uk' -D 'cn=ldapbindacc,cn=Users,dc=bordengrammar,dc=kent,dc=sch,dc=uk' -W '(sAMAccountName=Test.User)' Enter LDAP Password: ldap_bind: Invalid credentials (49) additional info: Simple Bind Failed: NT_STATUS_LOGON_FAILURE As I'm moving fro Samba 3 to 4, my AD knowledge is limited so I've been patching things together from various howto's. Has anyone succeeded in this who can give me some tips. Here I described how to setup an openLDAP proxy to AD: http://wiki.samba.org/index.php/Authenticating_other_services_against_AD (incl. authenticating other ldap based services) Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 + winbind did not work
Hello Darek, Am 12.08.2013 20:03, schrieb Darek Frączkiewicz: unfortunately this howto (https://wiki.samba.org/index.php/Samba4/Domain_Member ) did'n work. After configure with options: ./configure --with-ads --with-shared-modules=idmap_ad and change files ktrb.conf and smb.conf samba didn't starting. What are the samba logs saying? /net ads join -U administrator/ Host is not configured as a member server. Invalid configuration. Exiting Can you show your smb.conf/testparm output? Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] os level permissions for samba 4 share
I read at the samba4 wiki that to setup a samba4 share you need to Create a folder that you want to share # mkdir -p /srv/samba/Demo/ Add a new share to your smb.conf: [Demo] path = /srv/samba/Demo/ read only = no but what about permission at os level? I mean do I have to chmod 770 or chmod 2770 the folder or else? I read somewhere that it was necessary to chmod 777 but that configuration is very unsecure at os level. thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Compiling Samba 4.0.7 - make test results
Al 24/07/13 14:07, En/na Mgr. Peter Tuharsky, MsU Banska Bystrica ha escrit: The tests eventually finished, however several errors have been reported. Sincerely, I don't understand them. I'm sending the st/summary file in attachment. I could replicate the same results (i.e. test 96 taking about half an hour then failing, many more errors) trying to compile samba 4.0.8 under mageia 3. Suspecting some wrong ./configure option, I took the fedora source rpm and coaxed it to build under mageia (by changing some of the missing dependencies to the bundled libraries) and the tests failed the same way. Are those tests supposed to fail or is there something wrong in the build instructions? Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 + winbind did not work
Hello Darek, Am 12.08.2013 21:09, schrieb Darek Frączkiewicz: I was add in smb.conf log file = /var/log/samba.log and now i see: [2013/08/12 21:02:08, 0] ../source4/smbd/server.c:461(binary_smbd_main) At this time the 'samba' binary should only be used for either: 'server role = active directory domain controller' or to access the ntvfs file server with 'server services = +s$ You should start smbd/nmbd/winbindd instead for domain member and standalone file server tasks I don't understand this log... Just to clarify some things: - Is your winbind configuration on the same machine as your DC? - Or are you configuring winbind on a member server (a different machine)? - And you are running Samba 4 as AD DC (not an NT4-style domain), right? The configuration I described in the Wiki is only tested on a member server. If you require to have the Samba AD accounts local on your Samba DC (not on a member server), then the winbind configuration may be a bit different (haven't done that yet). But you can use nslcd (adapt the config from here: http://wiki.samba.org/index.php/Authenticating_other_services_against_AD#Nslcd:_User.2FGroups_from_AD_through_openLDAP_proxy) or sssd (if you google, there are some configuration examples for setting up sssd with AD). Regards Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] os level permissions for samba 4 share
Hello Eduardo, Am 12.08.2013 20:15, schrieb Eduardo Sotomayor: I read at the samba4 wiki that to setup a samba4 share you need to Create a folder that you want to share # mkdir -p /srv/samba/Demo/ Add a new share to your smb.conf: [Demo] path = /srv/samba/Demo/ read only = no but what about permission at os level? I mean do I have to chmod 770 or chmod 2770 the folder or else? I read somewhere that it was necessary to chmod 777 but that configuration is very unsecure at os level. The ACLs on the share/filesystem are now fully manageable through windows. The filesystem ACLs are stored in extended attributes (that's why you need an filesystem supporting ext. ACLs). Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 + winbind did not work
Am 12.08.2013 22:04, schrieb Darek Frączkiewicz: I'm testing samba4 (with https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO) since one year and this config: debian + samba4 +bind9+dhcp+ntp+LAMP gives me domain, joining workstations, menage users and GPO. All works good. In this howto I don't see anything about config winbind. This HowTo was written just as a guide for setting up a member server, not for setting up winbind on top of a DC. If you require to have the Samba AD accounts local on your Samba DC (not on a member server), then the winbind configuration may be a bit different (haven't done that yet). But you can use nslcd (adapt the config from here: http://wiki.samba.org/index.__php/Authenticating_other___services_against_AD#Nslcd:___User.2FGroups_from_AD_through___openLDAP_proxy http://wiki.samba.org/index.php/Authenticating_other_services_against_AD#Nslcd:_User.2FGroups_from_AD_through_openLDAP_proxy) or sssd (if you google, there are some configuration examples for setting up sssd with AD). As you have just a single DC, nslcd, sssd or winbind is what you should try. I haven't tried sssd, but as I heard a lot from others here on the list, it would be currently a good choice for that. But use a recent version. I already planed about writing a new HowTo about the three daemons, but currently doesn't had the time for it. But it's still on my list. Regards Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Network browsing in S4
Hello Greg, Am 12.08.2013 22:32, schrieb Gregory Sloop: So, if I understand things correctly, NMBD or network browsing isn't functional under S4 yet. [At least I don't believe it was in 4.03 - and I don't think that's changed.] Currently Samba still doesn't support network neighbourhood. I have some cases where I need accurate NetBIOS name resolution, [and perhaps Network browsing services.] What is the best way of handling this? Is this going to be supported? [or already is with something newer than 4.03] There is a way to start nmbd on a Samba 4 DC manually with doing some special settings in smb.conf. Andrew told me that secret some time ago. But it's nothing that is recommended and not supported. But my experiences with it is, that the browsing list is always much smaller than it should. So it's better not to use this workaround. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Network browsing in S4
On Mon, Aug 12, 2013 at 4:32 PM, Gregory Sloop gr...@sloop.net wrote: So, if I understand things correctly, NMBD or network browsing isn't functional under S4 yet. [At least I don't believe it was in 4.03 - and I don't think that's changed.] I have some cases where I need accurate NetBIOS name resolution, [and perhaps Network browsing services.] If not, should I run nmbd on it's own outside the the S4 servers - that's something perfectly easy for me to do. I could be mistaken (definitely not an expert) but I believe NetBIOS function is defaulted to On regarding samba shares under the file server services; but, as far as the AD DC folders relating to profiles, GPO's, and other domain user content, I think you're correct -- network browsing is not functional at this time. From Samba 4.0.8 man samba: disable netbios (G) Enabling this parameter will disable netbios support in Samba. Netbios is the only available form of browsing in all windows versions except for 2000 and XP. Note Clients that only support netbios won't be able to see your samba server when netbios support is disabled. Default: disable netbios = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 + winbind did not work
Am 12.08.2013 22:40, schrieb Darek Frączkiewicz: If you require to have the Samba AD accounts local on your Samba DC (not on a member server), then the winbind configuration may be a bit different (haven't done that yet). But you can use nslcd (adapt the config from here: http://wiki.samba.org/index.__php/Authenticating_other___services_against_AD#Nslcd:___User.2FGroups_from_AD_through___openLDAP_proxy http://wiki.samba.org/index.php/Authenticating_other_services_against_AD#Nslcd:_User.2FGroups_from_AD_through_openLDAP_proxy) or sssd (if you google, there are some configuration examples for setting up sssd with AD). in this howto i'm reading : *Use the following slapd.conf example*: I remember new openldap has not file slapd.conf I'm running the version shipped with RHL 6.4. This works fine with the slapd.conf. Haven't tried the latest version and I don't know if something changed there. What version of openldap do you use? And what does the manpage says? I found about sssd: http://debian.2.n7.nabble.com/Fwd-Samba4-and-SSSD-td2793432.html The easiest way to get Linux clients to work with samba4 is to start by creating an unprivileged binduser account. samba-tool user add binduser will do that for you. Then *on the client side*, install sssd (apt-get install sssd) and write something like that in /etc/sssd/sssd.conf: I think it doesn't work Why? I haven't tried sssd yet. But if you reply to the list and not just to my mail address, others could help you, too. :-) Steve often recommends sssd. When I remember right, he already posted a few times configuration examples to the list. You can google for that. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Network browsing in S4
MM Am 12.08.2013 22:32, schrieb Gregory Sloop: So, if I understand things correctly, NMBD or network browsing isn't functional under S4 yet. [At least I don't believe it was in 4.03 - and I don't think that's changed.] MM Currently Samba still doesn't support network neighbourhood. Is nmbd support planned, and if so, when? [If you know...] I have some cases where I need accurate NetBIOS name resolution, [and perhaps Network browsing services.] What is the best way of handling this? Is this going to be supported? [or already is with something newer than 4.03] MM There is a way to start nmbd on a Samba 4 DC manually with doing some MM special settings in smb.conf. Andrew told me that secret some time ago. MM But it's nothing that is recommended and not supported. But my MM experiences with it is, that the browsing list is always much smaller MM than it should. So it's better not to use this workaround. So, we'll assume that nmbd doesn't work properly on an S4 AD. Can I run nmbd alone, on an independent box? (I'd guess not.) Or should I run an S3 server as a member of the AD also running nmbd? [This instance won't do any file sharing, as that will all happen on the two S4 servers.] If I run an S3 member, can anyone give me an estimated memory footprint? [Really rough is fine.] -Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Odd Samba 4 (4.2.0pre1-GIT-b505111; actually only using client) behaviour #1 - Could not fetch trust account password for domain ....
Good day oh technical ones . I was running Samba 4 (client only, not using it as a DC so effectively running Samba 3 code from the Samba 4 tree) and, other than a little Gotcha! regarding decoding Kerberos PACs, it was all working perfectly. Then recently I had to upgrade, to 4.2.0pre1-GIT-b505111 (I had to upgrade the OS on the server running Samba - 'twas OpenSolaris and is now Solaris 11.1) so I recompiled it all up and installed afresh (so no .tdbs from the previous installation or anything). It's all working (well, except for the PAC issue which is still being worked on). I set the LDAP admin. Password using smbpasswd -W. Kerberos is set up fine. I'm joined to the domain and both net ads testjoin and net rpc testjoin (as well as wbinfo -t) all agree that the join is good. wbinfo -u reports my AD users; wbinfo -g reports my AD groups (with the domain prefix removed); wbinfo -U gives me the correct SID for UID . But here's a funny thing (#1) - wbinfo -S gives me a UID for SID . However it's not the same UID as, when given to wbinfo -U , would return that SID. Duh? So the mapping is only currently one way. UID-SID = OK; SID-UID = not OK (no error but allocated value not the one stored in the LDAP schema). This kinda-almost-sorta works. The most annoying symptom is that any UNC path which a workstation accesses winds up with an irritating $RECYCLE.BIN folder being created on it, which every time that UNC path is accessed results in a The recycle bin for \\server\path\to\unc\folder file:///\\server\path\to\unc\folder has become corrupted. Would you like to delete it?. I *suspect* that it may have something to do with the following messages, which get logged over and over (and over and .) together in the system log file: Aug 12 20:38:31 Gateway smbd[22736]: [ID 702911 daemon.error] [2013/08/12 20:38:31.381776, 0] ../source3/auth/auth_domain.c:266(domain_client_validate) Aug 12 20:38:31 Gateway smbd[22736]: [ID 702911 daemon.error] domain_client_validate: unable to validate password for user in domain to Domain controller PDC.MYDOMAIN. Error was NT_STATUS_NO_SUCH_USER. Aug 12 20:38:31 Gateway smbd[22736]: [ID 702911 daemon.error] [2013/08/12 20:38:31.382811, 0] ../source3/auth/auth_domain.c:419(check_trustdomain_security) Aug 12 20:38:31 Gateway smbd[22736]: [ID 702911 daemon.error] check_trustdomain_security: could not fetch trust account password for domain MYDOMAIN And no, that's not me editing out the username and domain in the second message, it is an empty username and an empty domain name. It's probably that I've been stupid and missed a configuration step. However I can't think what, and I've had a quick dig around in auth_domain.c and can't see what user (and domain) it might be failing to get from where. Plus, of course, it's pure speculation that this is causing the lack of a coherent bidirectional mapping between UIDs and SIDs . Anyway, if anyone has any helpful suggestions either to resolve, or to get to the bottom of, this little hiccup, I'd much appreciate hearing them :) Cheers folks! Tris. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Network browsing in S4
Am 12.08.2013 23:28, schrieb Gregory Sloop: So, we'll assume that nmbd doesn't work properly on an S4 AD. Can I run nmbd alone, on an independent box? (I'd guess not.) Or should I run an S3 server as a member of the AD also running nmbd? [This instance won't do any file sharing, as that will all happen on the two S4 servers.] If I run an S3 member, can anyone give me an estimated memory footprint? [Really rough is fine.] The domain master browser must be on the DC with the PDC emulator FSMO role: http://support.microsoft.com/kb/324801/en So you can't run it on a s3 member server, because you need an AD DC for the FSMO stuff. So currently you can't have network neighbourhood on a s4 DC. I know that the developers have this on their list. But I don't know if theres already a plan when it'll be included. Here first some users missed the network neighbourhood browsing. Meanwhile they had learned, that it's much easier to direclty connect via \\servername. Do you have a special need for it? Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Odd Samba 4 (4.2.0pre1-GIT-b505111; actually only using client) behaviour #2 - accept: Software caused connection abort.
Good day oh technical ones . I was running Samba 4 (client only, not using it as a DC so effectively running Samba 3 code from the Samba 4 tree) and, other than a little Gotcha! regarding decoding Kerberos PACs, it was all working perfectly. Then recently I had to upgrade, to 4.2.0pre1-GIT-b505111 (I had to upgrade the OS on the server running Samba - 'twas OpenSolaris and is now Solaris 11.1) so I recompiled it all up and installed afresh (so no .tdbs from the previous installation or anything). But here's a funny thing (#2). The log file gets absolutely ridiculous numbers of messages thus: Aug 12 22:45:01 Gateway smbd[16327]: [ID 702911 daemon.error] [2013/08/12 22:45:01.731562, 0] ../source3/smbd/server.c:556(smbd_accept_connection) Aug 12 22:45:01 Gateway smbd[16327]: [ID 702911 daemon.error] accept: Software caused connection abort Aug 12 22:45:03 Gateway smbd[16327]: [ID 702911 daemon.error] [2013/08/12 22:45:03.556423, 0] ../source3/smbd/server.c:556(smbd_accept_connection) Aug 12 22:45:03 Gateway smbd[16327]: [ID 702911 daemon.error] accept: Software caused connection abort Aug 12 22:45:03 Gateway smbd[16327]: [ID 702911 daemon.error] [2013/08/12 22:45:03.556688, 0] ../source3/smbd/server.c:556(smbd_accept_connection) Aug 12 22:45:03 Gateway smbd[16327]: [ID 702911 daemon.error] accept: Software caused connection abort And so on. These will come in spurts; there won't be any such messages for several minutes then a whole load will come along all at once. Rather like busses . It doesn't seem to be affecting the operation so far as any client is concerned. Or rather it evidently will be having some effect, but it's not a noticeable one. However it is really irritating having the system log getting filled up with all these messages! Murphy's law, of course, states that trying to catch one of these messages being created, so I can include a suitable system call trace in this message, will be impossible - there will be no such messages logged until the instant I click Send (at which point probably about half-a-dozen will be logged all at once). That does indeed seem to be the case - I've now been trying to persuade one of these, normally very regularly occurring, messages to be logged for about 20 minutes and still, stubbornly, nothing continues to happen. I will catch smbd in the act at some point though, and when I do I'll follow-up with a system call trace to show exactly what is happening when this message gets triggered. It will, of course, be something bizarrely Solaris specific (you didn't set the SO_DONT_RANDOMLY_ABORT_CONNECTIONS socket() option, did you? Tsk tsk tsk .). Cheers, Tris. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Speed differences for windows clients
On Mon, Aug 12, 2013 at 10:00:18AM +0200, Philipp Lies wrote: Hi, we have a strange phenomenon with the transfer speed between windows clients and samba servers. Here's the setup: server 1: centos 6.3 with samba 3.5.10 server 2: centos 6.4 with samba 3.6.9 both servers are configured as BDC and have - aside from netbios name - identical smb.conf which contains ldapsam as backend and all other parameters are not set (i.e. default) When I mount a share from a linux client, the transfer speed is ~112MB/sec to either server from any linux client. However, when I mount a share from Windows clients, the speed to server 1 is ~95MB/s and to server 2 ~85MB/s. We tested this with several windows clients (all running Windows 7 with all updates). The speed difference between linux client and windows client is not what's confusing me but that server 2 is always slower than server 1. Any ideas what could cause this? Nope. Need more data :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6a081e9 tevent: Fix tutorial reference via d672535 libcli: Fix improper use of tevent_req_simple_recv_ntstatus via 2e59d6c libsmb: Remove an unnecessary variable assignment via f584474 libsmb: Avoid an unnecessary else via adc3ac9 smbd: Fix CID 1035550 Structurally dead code via 8420d1c smbd: Fix nonblank line endings via 68e6e7e lib: Remove unused get_peer_name via 52c5175 lib: Remove unused client_name via 2175024 lsa4: Fix an set but unused variable warning via 55c3f8e lsa4: Remove an unused variable via c17e5bd s3:rpcclient: fix compiler warnings via a560d1d s3:pylibsmb: remove compiler warnings via 82e969b s4:wrepl_out_helpers.c: avoid talloc_reference() in most cases via 6b99779 s4:torture/rpc: s/getgroups/getgr to avoid compiler warnings via 72dec3c s4:nbt_server: avoid talloc_reference() via 270aee5 s4:torture/rpc/samsync: avoid talloc_reference() via fd54ffa s4:libcli: avoid talloc_reference() in finddcs_nbt_send() via ae6166a s4:librpc: avoid talloc_reference() in dcerpc_epm_map_binding_send() via b055b31 auth/credentials: make sure cli_credentials_get_nt_hash() always returns a talloc object from 20b64ea waf: replace dependency to libintl with samba_intl http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6a081e991923b7d089be4a5cdb1a351c2e863db1 Author: Volker Lendecke v...@samba.org Date: Tue Jul 30 14:37:16 2013 +0200 tevent: Fix tutorial reference Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Mon Aug 12 09:17:10 CEST 2013 on sn-devel-104 commit d672535551e794574d25a3f553011af5fbb7a0a9 Author: Volker Lendecke v...@samba.org Date: Sat Jun 15 20:39:53 2013 +0200 libcli: Fix improper use of tevent_req_simple_recv_ntstatus tevent_req_simple_recv_ntstatus is just for the simple return without anything to do after it. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 2e59d6c37002734887f9d26be2ea078775dc0c1e Author: Volker Lendecke v...@samba.org Date: Sun Jun 9 18:02:27 2013 +0200 libsmb: Remove an unnecessary variable assignment Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit f584474d7dc1fdb4a778eb1ede8c5321e606341b Author: Volker Lendecke v...@samba.org Date: Sun Jun 9 11:41:32 2013 +0200 libsmb: Avoid an unnecessary else Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit adc3ac9ecdd7000c629b74d6477bbd59124cc7d2 Author: Volker Lendecke v...@samba.org Date: Sat Jun 22 18:43:00 2013 +0200 smbd: Fix CID 1035550 Structurally dead code Just a single ctl_code from my point of view is okay with an if(). All other cases are handled behind the VFS these days. The dead code was the last tevent_req_nterror and post routines. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 8420d1c8ee031bb48d3bd845515355251a799633 Author: Volker Lendecke v...@samba.org Date: Sat Jun 22 18:40:31 2013 +0200 smbd: Fix nonblank line endings Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 68e6e7e8e894312efb6d550d57fcafcd09b5fe4d Author: Volker Lendecke v...@samba.org Date: Fri Jun 21 18:33:56 2013 +0200 lib: Remove unused get_peer_name Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 52c51752e8e8d64f4332cae990688b5b11f1b422 Author: Volker Lendecke v...@samba.org Date: Thu Jun 20 13:49:45 2013 +0200 lib: Remove unused client_name Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 2175024f9750d858847c2c0ad1c84ea9a14e0e02 Author: Volker Lendecke v...@samba.org Date: Fri Jun 21 18:11:30 2013 +0200 lsa4: Fix an set but unused variable warning Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 55c3f8efc3982a49ba154bcb9b797aede0152227 Author: Volker Lendecke v...@samba.org Date: Fri Jun 21 18:11:07 2013 +0200 lsa4: Remove an unused variable Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit c17e5bd43ca54fdf34563b275a75937079e7adb8 Author: Stefan Metzmacher me...@samba.org Date: Fri Aug 9 10:23:12 2013 +0200 s3:rpcclient: fix compiler warnings
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 3a8cab3 WHATSNEW: Prepare release notes for Samba 3.6.18. from 9ef80fc Ensure gpfs kernel leases are wrapped in a become_root()/unbecome_root() pair. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 3a8cab366ce6ce0f2a32a6df2f6f8fcf549a9dd3 Author: Karolin Seeger ksee...@samba.org Date: Mon Aug 12 09:20:38 2013 +0200 WHATSNEW: Prepare release notes for Samba 3.6.18. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: WHATSNEW.txt | 23 +++ 1 files changed, 19 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 125d793..c8e7607 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -6,15 +6,30 @@ This is is the latest stable release of Samba 3.6. -Major enhancements in Samba 3.6.18 include: - -o - Changes since 3.6.17: - o Jeremy Allison j...@samba.org +* BUG 9777: vfs_dirsort uses non-stackable calls, dirfd(), malloc instead + of talloc and doesn't cope with directories being modified whilst reading. + + +o Gregor Beck gb...@sernet.de +* BUG 9678: Windows 8 Roaming profiles fail. + + +o Alexander Bokovoy a...@samba.org +* BUG 9636: Fix parsing linemarkers in preprocessor output. + + +o Björn Jacke b...@sernet.de +* BUG 9880: Use of wrong RFC2307 primary group field. +* BUG 9983: Fix output of syslog-facility check. + + +o Ralph Wuerthner ral...@de.ibm.com +* BUG 10064: Linux kernel oplock breaks can miss signals. ## -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 906de70 docs: Add man page for vfs_linux_xfs_sgid. via c909c01 rpc_server3: Fix two const warnings via 7701053 librpc: Use tevent_req_simple_recv_ntstatus via a39c956 tevent: Add tevent_received to tevent_req_simple_recv_ntstatus from 6a081e9 tevent: Fix tutorial reference http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 906de702e641bb0da8ec9074b80d6e94bdb17cfe Author: Karolin Seeger ksee...@samba.org Date: Mon Aug 12 10:02:31 2013 +0200 docs: Add man page for vfs_linux_xfs_sgid. Signed-off-by: Karolin Seeger ksee...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Aug 13 02:06:30 CEST 2013 on sn-devel-104 commit c909c0131a6b4290d53c538c17cc3ae15591512b Author: Volker Lendecke v...@samba.org Date: Tue Jun 11 19:37:47 2013 +0200 rpc_server3: Fix two const warnings Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit 7701053806e3cc98f8d7d4d9bd1d7b63c0b504e8 Author: Volker Lendecke v...@samba.org Date: Thu Jun 6 11:42:55 2013 +0200 librpc: Use tevent_req_simple_recv_ntstatus Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit a39c9563158cb15835f8a40fb9e79609440b5443 Author: Volker Lendecke v...@samba.org Date: Thu Jun 6 11:42:15 2013 +0200 tevent: Add tevent_received to tevent_req_simple_recv_ntstatus Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org --- Summary of changes: ...s_fake_perms.8.xml = vfs_linux_xfs_sgid.8.xml} | 33 ++- docs-xml/wscript_build |1 + lib/util/tevent_ntstatus.c | 13 +--- librpc/rpc/binding_handle.c| 10 +- source3/rpc_server/rpc_sock_helper.c |4 +- 5 files changed, 29 insertions(+), 32 deletions(-) copy docs-xml/manpages/{vfs_fake_perms.8.xml = vfs_linux_xfs_sgid.8.xml} (55%) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/vfs_fake_perms.8.xml b/docs-xml/manpages/vfs_linux_xfs_sgid.8.xml similarity index 55% copy from docs-xml/manpages/vfs_fake_perms.8.xml copy to docs-xml/manpages/vfs_linux_xfs_sgid.8.xml index 4e1b940..17ed1ac 100644 --- a/docs-xml/manpages/vfs_fake_perms.8.xml +++ b/docs-xml/manpages/vfs_linux_xfs_sgid.8.xml @@ -1,9 +1,9 @@ ?xml version=1.0 encoding=iso-8859-1? !DOCTYPE refentry PUBLIC -//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN http://www.samba.org/samba/DTD/samba-doc; -refentry id=vfs_fake_perms.8 +refentry id=vfs_linux_xfs_sgid.8 refmeta - refentrytitlevfs_fake_perms/refentrytitle + refentrytitlevfs_syncops/refentrytitle manvolnum8/manvolnum refmiscinfo class=sourceSamba/refmiscinfo refmiscinfo class=manualSystem Administration tools/refmiscinfo @@ -12,13 +12,13 @@ refnamediv - refnamevfs_fake_perms/refname - refpurposeenable read only Roaming Profiles/refpurpose + refnamevfs_linux_xfs_sgid/refname + refpurpose/refpurpose /refnamediv refsynopsisdiv cmdsynopsis - commandvfs objects = fake_perms/command + commandvfs objects = linux_xfs_sgid/command /cmdsynopsis /refsynopsisdiv @@ -29,13 +29,14 @@ citerefentryrefentrytitlesamba/refentrytitle manvolnum7/manvolnum/citerefentry suite./para - paraThe commandvfs_fake_perms/command VFS module was created - to allow Roaming Profile files and directories to be set (on - the Samba server under UNIX) as read only. This module will, - if installed on the Profiles share, report to the client that - the Profile files and directories are writeable. This satisfies - the client even though the files will never be overwritten as - the client logs out or shuts down. + para + commandvfs_linux_xfs_sgid/command is a VFS module to work around an + old Linux XFS bug that still exists: Under certain circumstances the + SGID bit is not inherited (ulink url=http://oss.sgi.com/bugzilla/show_bug.cgi?id=280; + http://oss.sgi.com/bugzilla/show_bug.cgi?id=280/ulink). + The commandvfs_linux_xfs_sgid/command VFS module will work around this + bug by manually setting the SGID bit after a commandmkdir/command + if the parent directory had the SGID bit set. /para paraThis module is stackable./para @@ -45,10 +46,10 @@ refsect1 titleEXAMPLES/title + paraAdd syncops functionality for [share]:/para programlisting -smbconfsection name=[Profiles]/ - smbconfoption
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0260601 s3: smbd/connection: added routines to compute share connections from 906de70 docs: Add man page for vfs_linux_xfs_sgid. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0260601b19a003ef03072e676ee6869f3cbe0b3f Author: Shekhar Amlekar samle...@in.ibm.com Date: Sun Jun 23 19:44:34 2013 +0530 s3: smbd/connection: added routines to compute share connections Added routines to compute share connections and used it in srvsvc NetShareEnum call. Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Richard Sharpe realrichardsha...@gmail.com Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Aug 13 07:42:23 CEST 2013 on sn-devel-104 --- Summary of changes: source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 48 - 1 files changed, 47 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c index 655b0c7..1af350a 100644 --- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c +++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c @@ -250,7 +250,7 @@ static void init_srv_share_info_2(struct pipes_struct *p, r-comment = remark ? remark : ; r-permissions = 0; r-max_users= max_uses; - r-current_users= count_current_connections(net_name, false); + r-current_users= 0; /* computed later */ r-path = path ? path : ; r-password = ; } @@ -464,6 +464,49 @@ static bool is_enumeration_allowed(struct pipes_struct *p, FILE_READ_DATA, NULL); } +/ + Count an entry against the respective service. +/ + +static int count_for_all_fn(struct smbXsrv_tcon_global0 *tcon, void *udp) +{ + union srvsvc_NetShareCtr *ctr = NULL; + struct srvsvc_NetShareInfo2 *info2 = NULL; + int share_entries = 0; + int i = 0; + + ctr = (union srvsvc_NetShareCtr *) udp; + + /* for level 2 */ + share_entries = ctr-ctr2-count; + info2 = ctr-ctr2-array[0]; + + for (i = 0; i share_entries; i++, info2++) { + if (strequal(tcon-share_name, info2-name)) { + info2-current_users++; + break; + } + } + + return 0; +} + +/ + Count the entries belonging to all services in the connection db. +/ + +static void count_connections_for_all_shares(union srvsvc_NetShareCtr *ctr) +{ + NTSTATUS status; + status = smbXsrv_tcon_global_traverse(count_for_all_fn, ctr); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,(count_connections_for_all_shares: traverse of + smbXsrv_tcon_global.tdb failed - %s\n, + nt_errstr(status))); + } +} + /*** Fill in a share info structure. / @@ -568,6 +611,7 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p, } } + count_connections_for_all_shares(ctr); break; case 501: @@ -1382,6 +1426,8 @@ WERROR _srvsvc_NetShareGetInfo(struct pipes_struct *p, info-info2 = talloc(p-mem_ctx, struct srvsvc_NetShareInfo2); W_ERROR_HAVE_NO_MEMORY(info-info2); init_srv_share_info_2(p, info-info2, snum); + info-info2-current_users = + count_current_connections(info-info2-name, false); break; case 501: info-info501 = talloc(p-mem_ctx, struct srvsvc_NetShareInfo501); -- Samba Shared Repository