Re: [Samba] Bind9 AD SDLZ driver failed to load
This is mine working on centos 6: [root@s4master ~]# named -V BIND 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 built with '--host=x86_64-redhat-linux-gnu' '--build=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=/usr/include/gssapi' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g' 'CPPFLAGS= -DDIG_SIGCHASE' using OpenSSL version: OpenSSL 1.0.0 29 Mar 2010 using libxml2 version: 2.7.6 What about with-dlopen and your correct path to '--with-geoip=/usr' --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Robert Millott Gesendet: Mittwoch, 11. September 2013 17:33 An: samba@lists.samba.org Betreff: [Samba] Bind9 AD SDLZ driver failed to load I installed Bind9 on a new ubuntu 13.04 server using apt-get install bind9 and am trying to integrate AD into it. Bind starts fine and will resolve my domain and computer names, but when I add the line include /usr/local/samba/private/named.conf into /etc/bind/named.conf, Bind9 fails to start. I have edited that file to ensure the correct line is included for Bind 9.9, and I am not getting any apparmor errors in my logs, but it will not start. The last paste to this message is me running named -g -d 9 and you can see where SDLZ failes to load, but no reason is given. I see no useful errors, so don't know where to begin fixing it Thanx for the help Here is some of my configurations named -V BIND 9.9.2-P1 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' using OpenSSL version: OpenSSL 1.0.1c 10 May 2012 using libxml2 version: 2.9.0 cat /etc/bind/named.conf // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include /etc/bind/named.conf.options; include /etc/bind/named.conf.local; include /etc/bind/named.conf.default-zones; include /usr/local/samba/private/named.conf; cat /etc/bind/named.conf.options options { directory /etc/bind; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 8.8.8.8; 8.8.4.4; }; // // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys // dnssec-validation auto; auth-nxdomain yes;# conform to RFC1035 listen-on-v6 { none; }; allow-transfer {none;}; notify no; allow-query { xxx.xxx.xxx.xxx/24; // other networks you want to allow to query your DNS }; allow-recursion { xxx.xxx.xxx.xxx/24; //other networks you want to allow to do recurrsive queries }; tkey-gssapi-keytab /usr/local/samba/private/dns.keytab; }; cat /usr/local/samba/private/named.conf # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support. # # This file should be
Re: [Samba] Network Neighbourhood samba 4
With samba4 you do not need any netbios. If you want to see your network neighbourhood again you may install samba4wins: ftp://ftp.sernet.de/pub/samba4wins/. It is a wins and doing the job again for you. Good luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Andrew Bartlett Gesendet: Sonntag, 15. September 2013 02:24 An: Eduardo Sotomayor Cc: Lista Samba Betreff: Re: [Samba] Network Neighbourhood samba 4 On Fri, 2013-09-13 at 17:29 +, Eduardo Sotomayor wrote: When you say, there is not network neighbourhood in samba 4 you mean that: 1: all the workstations show in the network neighbourhood except the domain controller. 2: There is absolutly nothing in the network neighbourhod, no workstations nor DC. 2). The master browser code in smbd does not collect names because the netbios server in the AD DC does not have the browsing code in it. We would like to add that, but it just is a matter of a developer finding it to be a personal (or employer) priority. (Sadly on the AD DC, there isn't spare developer time just floating around). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 AD with bind DNS / TKEY is unacceptable
Am 14.09.2013 07:18, schrieb Thomas Harold: On 9/12/2013 2:00 AM, Stefan Schäfer wrote: Sorry my English isn't as good as it should be. ;-) Am 12.09.2013 00:01, schrieb Patrick Gray: Is your existing server SBS by any chance? What's the meaning of this sentence? SBS = Small Business Server - Which was always a cut-down version of the full-blown Windows Server with lots of restrictions. No, in our tests it was a w2k3 Standard Server, but last weekend I tried to migrate a w2k3 sbs to samba 4. I think that Patricks question pointed at the differences in the LDAP structure for DNS zones between Standard and SBS. With SBS it seems to be impossible to use bind with BIND9_DLZ driver as a nameserver. bind didn't find any DNS Records, but the samba internal DNS works. With the internal DNS evereything seems to work, just samba_dnsupdate did'nt. It produces the same error message (dns_tkey_negotiategss: TKEY is unacceptable) as before in our tests. Does anybody have any experiences with migration of w2k3 SBS to Samba4? In my first tests I used VMs, every VM had two network interfaces, one internal for connection between the VMs and one bridged interface to my physical net. This tests results in the problems discribed above. I repeated the test with just one internal interface on every VM and everything worked. I think that the double connection between the VMs over the brigded network interfaces caused my problems. Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] question about idmap config in multi-forest environment
Hi there We're having problems with users attaching to our (winbind) Samba servers and being assigned the same UID. Rarely happens - not repeatable - but definitely a pattern Anyway, I've been googling about and I think I've figured out the root cause, so I thought I'd check with the community first, because if I go off an change to my new model, it could take months before I find out if the change worked or not On our CentOS-6 servers, running samba-3.5.16-1, our smb.conf currently contains winbind uid = 1-2 idmap backend = tdb idmap config * : range = 1-20 I *think* the problem is that users connecting from different trusted domains are being mapped onto the same uid because Samba doesn't magically figure that out? ie you have to explicitly reference EVERY domain you have in smb.conf - giving EVERY one of those domains a separate range of uids? Is that correct? We have over 20 trusted domains (although that number depends on what domain a given samba server is joined to) - so do I have to create a different idmap config : range = 1-19 for every one of those domains, otherwise at some stage I might get a conflict? That seems like such an overhead. Couldn't samba have a new feature like idmap config *: domain block = 1 - so that Samba automagically splits any domain into it's own chunk of the range? eg you set range to 1 - 100 and then block = 1 would allow up to 99 domains without any effort? I know there are ldap and ad backends - but they all assume your Windows environment is Unix friendly which ours isn't. I'm just trying to make our Samba servers play nicely within our Windows-dominated empire ;-) Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group share directory
On Sun, 2013-09-15 at 13:57 -0700, David Christensen wrote: but copying and moving didn't. How about a big hammer? cron: find /mnt/z/data -type f -exec chmod 777 {} \; as often as you think users may mv or cp. Try exec+ if they move a lot of files. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 AD with bind DNS / TKEY is unacceptable
Hello, after resolving my problem (more or less), i try to migrate an W2k3 SBS. Here i found new but similar problems. It seems that the LDAP Structure for the DNS Zones of a SBS is different from w2k3 standard or enterprise. It seems that the BIND9_DLZ driver, samba-tool and samba_dnsupdate have problems with this structure. We switched the DNS to samba internal. After this resolving names is possible: s4ad:~ # dig @localhost s4ad..local ; DiG 9.9.3-P2 @localhost s4ad..local ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 61943 ;; flags: qr aa rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;s4ad..local. IN A ;; ANSWER SECTION: s4ad..local. 900 IN A 192.168.1.10 ...but using samba-tool didn't work: samba-tool dns zonelist s4ad..local GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:s4ad..local[,sign] Ticket in credentials cache for administrator@.LOCAL expired, will refresh Password for [administrator@.LOCAL]: ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') File /usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/lib64/python2.6/site-packages/samba/netcmd/dns.py, line 812, in run request_filter) The Samba Logfile shows: [2013/09/16 11:12:30.197554, 3] ../source4/smbd/service_stream.c:66(stream_terminate_connection) Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED' [2013/09/16 11:12:30.197757, 3] ../source4/smbd/process_single.c:114(single_terminate) single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED] [2013/09/16 11:12:39.875479, 3] ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect) ldb_wrap open of secrets.ldb [2013/09/16 11:12:39.903960, 2] ../source4/rpc_server/dnsserver/dnsdb.c:140(dnsserver_db_enumerate_zones) dnsserver: Found DNS zone . [2013/09/16 11:12:39.908238, 3] ../source4/smbd/service_stream.c:66(stream_terminate_connection) Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED' [2013/09/16 11:12:39.908471, 3] ../source4/smbd/process_single.c:114(single_terminate) single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED] It seems, that samba-tool and samba_dnsupdate didn't know where to find the DNS Zones in the LDAP DID of the SBS LDAP-Structure. Does anybody knows this behavior or any workarounds? Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] need help with samba4 sharing files with mac osx 10.8.3
Hi here is a little up of my last message : Having an issue on my new samba4 AD I was able to set it up, joint windows clients and share folder. Also as i work in a mixed environmment i have some mac osx clients, that i was able to koint on domaine. The problem is that i can not write to my samba share from mac clients. the mac seems to understand the file permissions as i can view/edit them from file info. i simply can not write to any smb share. is there a work around on samba 4 special for mac clients ? any help is very apréciate :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] On Machine Accounts
On 09/14/2013 05:33 PM, Andrew Bartlett wrote: On Fri, 2006-10-06 at 12:32 -0400, Yannick Gingras wrote: [...] You can't do a domain logon without a machine account. You could set them up as just standalone workstation however. Andrew Bartlett Andrew, while I appreciate you taking the time to answer this question, I have to confess that this was a problem that I had 7 years ago and that I am no longer in charge of these machines. Wishing you an excellent day, -- Yannick Gingras -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrading samba 2.2.8a to 3.6.15 on Solaris 9 -- 3.6.15 brings all inetd services down
Hi samba friends, I'm upgrading our Samba 2.2.8a server to 3.6.15 on a Solaris 9 box, we need to do this as all our latest Mac OS X 10.8 clients cannot map to the 2.2.8a network share, and need the newer Samba (well known issue for mountain lion). I've compiled 3.6.15 and this seemed to go ok, no obvious errors were shown during .configure make and make install, and smbd -V gives output and seems ok, I've updated /etc/inet/inetd.conf and also added the same users to smbpasswd, and smb.conf lists the same shares and passes testparm. However, after rebooting I can log on to swat and see that the smbd and nmbd services are running and I can make quick changes to the configuration, like adding a new user or updating the password, and I can even map to the share... for about a minute! After about 1 minute the swat/smbd/nmbd services stop... as well as all inetd services!! I cannot rlogin from a new terminal, or rsh or finger in the current terminal, however ssh still works but this isn't an inetd service. Has anyone got a clue as to what might be happening? I can attach log files for anyone who might like to help a samba friend out, thanks for reading. Cheers, Jordan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] automatically create users home directories samba 4.0.9
Hi all same problem as here https://lists.samba.org/archive/samba/2013-January/170817.html I can create a user called xlinuxd but it does not automatically create a home directory. I use the following command: samba-tool user add xlinuxd --given-name=Linux --surname=Delta --home-drive=H --home-directory=\\\mydomain\Users\xlinuxd --mail-address= linux.de...@mydomain.co.za --script-path=xlinuxd.cmd When going to a windows machine, if I open dsa.msc it shows the home folder correctly, but does not physically create a home folder. I have tried to create a physical directory and then invoke : chmod 770 /home/Users/xlinuxd -R but this does not work either I am also creating hundreds of users, so would like a command line option instead of editing each user through the dsa.msc and creating home directories. Any assistance would be appreciated. Kind Regards -- -- *Shaun Megaw* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] On Machine Accounts
Hi, machine account is a rules of windows domains. since NT4 domain, W2k domain, AD domain, all requiere a machine account. It's a security purpose who exist in samba and microsoft domain controler. You cannot bypass this rules if your network use a domain controler. You have to possibility : put your DC on standalone server who just have share (no home and no profile) or create your full disk image on a client out of your domain and sysadmin just change machine name and add to the domain. best regards Stéphane --- Stéphane PURNELLE Admin. Systèmes et Réseaux Service Informatique Corman S.A. Tel : 00 32 (0)87/342467 samba-boun...@lists.samba.org wrote on 15/09/2013 20:53:11: De : Yannick Gingras yging...@ygingras.net A : Andrew Bartlett abart...@samba.org, Cc : samba@lists.samba.org Date : 16/09/2013 14:04 Objet : Re: [Samba] On Machine Accounts Envoyé par : samba-boun...@lists.samba.org On 09/14/2013 05:33 PM, Andrew Bartlett wrote: On Fri, 2006-10-06 at 12:32 -0400, Yannick Gingras wrote: [...] You can't do a domain logon without a machine account. You could set them up as just standalone workstation however. Andrew Bartlett Andrew, while I appreciate you taking the time to answer this question, I have to confess that this was a problem that I had 7 years ago and that I am no longer in charge of these machines. Wishing you an excellent day, -- Yannick Gingras -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] automatically create users home directories samba 4.0.9
On Mon, 2013-09-16 at 13:55 +0200, Shaun Megaw wrote: I have tried to create a physical directory and then invoke : chmod 770 /home/Users/xlinuxd -R but this does not work either Try this first: samba-tool user delete xlinuxd The recreate it but with: --home-directory=\\mydomain\Users\xlinuxd When that doesn't work, try this too: I think you'll need to set the permissions. wbinfo -i xlinuxd then chown uidNumber:gidNumber /home/Users/xlinuxd chmod 755 /home/Users/xlinuxd In windows, it'll then appear as H:\ HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [SOLVED] Re: samba4+bind9.9 will not start: samba_dlz: dns_rdata_fromtext: buffer-0x7f1c0cbcd680:1: near 'hostmaster.domain.de': not a valid number
Hello, I solved my bind problem: Am Donnerstag, den 12.09.2013, 16:16 +0200 schrieb Noël Köthe: 12-Sep-2013 15:43:07.495 samba_dlz: started for DN DC=domain,DC=de 12-Sep-2013 15:43:07.495 samba_dlz: starting configure 12-Sep-2013 15:43:07.496 dns_rdata_fromtext: buffer-0x7f1c0cbcd680:1: near 'hostmaster.domain.de': not a valid number realm = DOMAIN.DE netbios name = sso-test System The netbios name was sso-test System (my failure to add a additional and wrong space) with the result in the machine account SSO-TEST SYSTEM $@DOMAIN.DE but the system name is just sso-test. Comment out this option and reprovisioning solves my bind problem. Just if somebody have the same problem. Is it worth to file a bug to have the option checked? -- Noël Köthe noel debian.org Debian GNU/Linux, www.debian.org signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] AD DC eventually not browsable without restart, RPC server unavailable for user selection
I'm now getting another error in a different spot that I hadn't tried before. If I go to a share \\newdc\\whatever, right-click a folder in it, go Properties, then the Security tab, then Advanced, then Effective Permissions, then Select, I get this: The program cannot open the required dialog box because it cannot determine whether the computer named newdc is joined to a domain. Close this message, and try again. [Close] And upon clicking Close: --- Security --- Unable to display the user selection dialog. The RPC server is unavailable. --- OK --- I'm using this particular share in production at the moment so I'll have to wait until after-hours to try restarting Samba to see if it goes away. Has anyone else come across either of these errors? Why does Samba's equivalent of the RPC server seem to function fine and then after some amount of time no longer seem to be available? Thanks, Kev On 2013-09-06 2:49 PM, Kevin Field wrote: Nothing too interesting: $ sudo tail -n 50 /var/log/samba/log.smbd smbd version 4.0.8-SerNet-RedHat-4.el6 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 [2013/08/15 17:56:21.535409, 0] ../source3/smbd/server.c:1253(main) server role = 'active directory domain controller' not compatible with running smbd standalone. You should start 'samba' instead, and it will control starting smbd if required [2013/08/15 22:57:15, 0] ../source3/smbd/server.c:1201(main) smbd version 4.0.8-SerNet-RedHat-4.el6 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 [2013/08/15 22:57:15, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter dns recursive queries [2013/08/15 22:57:15.902304, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter dns recursive queries [2013/08/15 22:57:15.909854, 0] ../source3/smbd/server.c:1281(main) standard input is not a socket, assuming -D option [2013/08/15 22:57:16.631301, 0] ../source3/printing/print_cups.c:151(cups_connect) Unable to connect to CUPS server localhost:631 - Connection refused [2013/08/15 22:57:16.632045, 0] ../source3/printing/print_cups.c:528(cups_async_callback) failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL [2013/08/15 22:58:16.689780, 0] ../source3/printing/print_cups.c:151(cups_connect) Unable to connect to CUPS server localhost:631 - Connection refused [2013/08/15 22:58:16.690368, 0] ../source3/printing/print_cups.c:528(cups_async_callback) failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL [2013/08/15 23:00:37.725980, 0] ../source3/param/loadparm.c:3033(lp_set_enum_parm) WARNING: Ignoring invalid value 'unsecure' for parameter 'allow dns updates' [2013/08/15 23:00:37.726249, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter dns recursive queries [2013/08/15 23:00:37.772626, 0] ../source3/param/loadparm.c:3033(lp_set_enum_parm) WARNING: Ignoring invalid value 'unsecure' for parameter 'allow dns updates' [2013/08/15 23:00:37.772883, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter dns recursive queries [2013/08/15 23:00:38.037790, 0] ../source3/param/loadparm.c:3033(lp_set_enum_parm) WARNING: Ignoring invalid value 'unsecure' for parameter 'allow dns updates' [2013/08/15 23:00:38.038080, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter dns recursive queries [2013/08/15 23:02:35.872174, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter dns recursive queries [2013/08/15 23:02:35.935461, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter dns recursive queries [2013/08/15 23:02:36.200408, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter dns recursive queries [2013/08/15 23:02:39.710286, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter dns recursive queries [2013/08/15 23:02:39.792444, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter dns recursive queries [2013/08/15 23:02:40.054341, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter dns recursive queries [2013/08/15 23:02:55.374983, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter dns recursive queries [2013/08/15 23:04:13.125656, 0] ../source3/param/loadparm.c:3121(lp_do_parameter) Ignoring unknown parameter dns recursive queries And: top - 14:47:13 up 14 days, 22:05, 1 user, load average: 0.13, 0.12, 0.09 Tasks: 222 total, 1 running, 221 sleeping, 0 stopped, 0 zombie Cpu(s): 0.0%us, 0.0%sy, 0.0%ni,100.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 12194316k total, 6204420k used, 5989896k free, 810524k buffers Swap: 6168568k total, 2784k used, 6165784k free,
[Samba] Fwd: Samba4 DC with multiple IPs
Hi, I installed a samba 4 DC. It works fine, however it autoregisters all IPs in DNS (Dynmaic Update). This bears the problem that when a client wants to connect to the DC it connects using a wrong ip. I tried to remove the IP using dnsmgmt.msc, this works for around an hour than the wrong address is back again. Is there a way to limit dynamic updates to a specific interface or can I disable it altogether on the DC? Thanks for your help in advance! Best Regards, Rafael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group share directory
On 09/16/13 02:10, steve wrote: How about a big hammer? cron: find /mnt/z/data -type f -exec chmod 777 {} \; as often as you think users may mv or cp. Try exec+ if they move a lot of files. Thanks for the reply. :-) I would also need to do directories. Ignoring the group sticky bit, the desired mode is the same. So, I could lose the find and just chmod -R 0777. But, what about symbolic links? Or sockets, named pipes, block or character specials, etc.? Hmmm... Perhaps I need to forget about local access and settle for a Samba solution for regular files and directories only -- e.g. configure Samba to provide the needed functionality and then make Samba the only way into or out of GroupShare. David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: Samba4 DC with multiple IPs
Hello Rafael, Am 16.09.2013 17:18, schrieb Rafael Steiner: Is there a way to limit dynamic updates to a specific interface or can I disable it altogether on the DC? Do you want to listen Samba on any interface and only limit dynamic updates to a defined interface? In this case I don't think this is possible. If you want Samba to listen on defined interfaces in general: https://wiki.samba.org/index.php/Samba_port_usage#Prevent_Samba_from_listening_on_all_interfaces Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group share directory
On 09/16/13 09:58, David Christensen wrote: Perhaps I need to forget about local access and settle for a Samba solution for regular files and directories only -- e.g. configure Samba to provide the needed functionality and then make Samba the only way into or out of GroupShare. This seems to work: # grep groupshare /etc/passwd groupshare:x:999:999::/home/groupshare:/bin/false # grep groupshare /etc/group groupshare:x:999: # ls -ld /mnt/z/groupshare/ drwxrwxrwx 3 groupshare groupshare 4096 Sep 16 12:24 /mnt/z/groupshare/ # grep -A 99 groupshare /etc/samba/smb.conf [groupshare] path = /mnt/z/groupshare force user = groupshare read only = No create mask = 0777 force create mode = 0666 force security mode = 0666 directory mask = 0777 force directory mode = 0777 force directory security mode = 0777 force unknown acl user = Yes HTH, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group share directory
On Mon, 2013-09-16 at 09:58 -0700, David Christensen wrote: On 09/16/13 02:10, steve wrote: How about a big hammer? cron: find /mnt/z/data -type f -exec chmod 777 {} \; as often as you think users may mv or cp. Try exec+ if they move a lot of files. Thanks for the reply. :-) I would also need to do directories. Ignoring the group sticky bit, the desired mode is the same. So, I could lose the find and just chmod -R 0777. But, what about symbolic links? Or sockets, named pipes, block or character specials, etc.? Hmmm... Perhaps I need to forget about local access and settle for a Samba solution for regular files and directories only -- e.g. configure Samba to provide the needed functionality and then make Samba the only way into or out of GroupShare. David Hi It picks up directories too. It will be slow without the find. Just find all the files without 777. If it doesn't find any, it won't do anything: find / -type f ! -perm 777 For symlinks everyone here will tell you not to use smb.conf: follow symlinks = Yes wide links = Yes sockets and pipes, don't know. Cheers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrading samba 2.2.8a to 3.6.15 on Solaris 9 -- 3.6.15 brings all inetd services down
Hi samba friends, I'm upgrading our Samba 2.2.8a server to 3.6.15 on a Solaris 9 box, we need to do this as all our latest Mac OS X 10.8 clients cannot map to the 2.2.8a network share, and need the newer Samba (well known issue for mountain lion). I've compiled 3.6.15 and this seemed to go ok, no obvious errors were shown during .configure make and make install, and smbd -V gives output and seems ok, I've updated /etc/inet/inetd.conf and also added the same users to smbpasswd, and smb.conf lists the same shares and passes testparm. However, after rebooting I can log on to swat and see that the smbd and nmbd services are running and I can make quick changes to the configuration, like adding a new user or updating the password, and I can even map to the share... for about a minute! After about 1 minute the swat/smbd/nmbd services stop... as well as all inetd services!! I cannot rlogin from a new terminal, or rsh or finger in the current terminal, however ssh still works but this isn't an inetd service. Has anyone got a clue as to what might be happening? I can attach log files for anyone who might like to help a samba friend out, thanks for reading. Cheers, Jordan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrading samba 2.2.8a to 3.6.15 on Solaris 9 -- 3.6.15 brings all inetd services down
Hello Jordan, Am 17.09.2013 01:28, schrieb Jordan Verschuer: However, after rebooting I can log on to swat and see that the smbd and nmbd services are running and I can make quick changes to the configuration, like adding a new user or updating the password, and I can even map to the share... for about a minute! After about 1 minute the swat/smbd/nmbd services stop... as well as all inetd services!! I don't know Solaris, but why are you starting Samba through Inetd and not as standalone? And what happens if you start it standalone? I never saw Samba through Inetd. But as I said: I'm not familiar with Solaris. :-) I cannot rlogin from a new terminal, or rsh or finger in the current terminal, however ssh still works but this isn't an inetd service. Has anyone got a clue as to what might be happening? It seems that something crashes the whole Inetd, what causes it's child processes automatically also to die. I haven't used Inetd any more for almost 15 years. Is there anything in the logs or a way to increase Inetd loglevel? I would try to avoid Inetd for starting samba. And why not updating to the latest Samba version? 3.6 goes into security only maintainance mode with it's next version. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via d1bf6e4 s3:libnet increase timeout for machine password change via a43c682 s3: Give machine password changes 10 minutes of time from 037f9ea s3-serverid: call serverid_init_readonly() from commandline tools. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit d1bf6e401a41172a47684518b9836899844fdefd Author: Christian Ambach a...@samba.org Date: Tue Mar 5 11:44:03 2013 +0100 s3:libnet increase timeout for machine password change DCs might run password filter modules that can delay the setting of the machine password for a significant amount of time use the same timeout as in the other paths of domain join (e.g. rpccli_netlogon_set_trust_password) Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit 9755541ed156d71df98607375ee3b925266c3c74) The last 2 patches address bug #8955 - NetrServerPasswordSet2 timeout is too short. commit a43c682553e5a731f9fbca8649ba042ae2bb5eba Author: Volker Lendecke v...@samba.org Date: Fri Jun 22 14:26:45 2012 +0200 s3: Give machine password changes 10 minutes of time This is what we do at domain join time as well, see lib/netapi/joindomain.c:141 Signed-off-by: Stefan Metzmacher me...@samba.org (cherry picked from commit b9a15f1bfad30a824f9ec87bc9f7c65adf50dae0) --- Summary of changes: source3/libnet/libnet_join.c |9 + source3/rpc_client/cli_netlogon.c | 13 + 2 files changed, 22 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 7bb436b..e84682d 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -850,6 +850,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, struct samr_Ids name_types; union samr_UserInfo user_info; struct dcerpc_binding_handle *b = NULL; + unsigned int old_timeout = 0; struct samr_CryptPassword crypt_pwd; struct samr_CryptPasswordEx crypt_pwd_ex; @@ -1061,6 +1062,12 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, /* Set password on machine account - first try level 26 */ + /* +* increase the timeout as password filter modules on the DC +* might delay the operation for a significant amount of time +*/ + old_timeout = rpccli_set_timeout(pipe_hnd, 60); + init_samr_CryptPasswordEx(r-in.machine_password, cli-user_session_key, crypt_pwd_ex); @@ -1092,6 +1099,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, result); } + old_timeout = rpccli_set_timeout(pipe_hnd, old_timeout); + if (!NT_STATUS_IS_OK(status)) { dcerpc_samr_DeleteUser(b, mem_ctx, diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c index bd3232d..c69a933 100644 --- a/source3/rpc_client/cli_netlogon.c +++ b/source3/rpc_client/cli_netlogon.c @@ -625,11 +625,14 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli, if (cli-dc-negotiate_flags NETLOGON_NEG_PASSWORD_SET2) { struct netr_CryptPassword new_password; + uint32_t old_timeout; init_netr_CryptPassword(new_trust_pwd_cleartext, cli-dc-session_key, new_password); + old_timeout = dcerpc_binding_handle_set_timeout(b, 60); + status = dcerpc_netr_ServerPasswordSet2(b, mem_ctx, cli-srv_name_slash, cli-dc-account_name, @@ -639,6 +642,9 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli, srv_cred, new_password, result); + + dcerpc_binding_handle_set_timeout(b, old_timeout); + if (!NT_STATUS_IS_OK(status)) { DEBUG(0,(dcerpc_netr_ServerPasswordSet2 failed: %s\n, nt_errstr(status))); @@ -647,9 +653,13 @@ NTSTATUS rpccli_netlogon_set_trust_password(struct rpc_pipe_client *cli, } else { struct samr_Password new_password; + uint32_t old_timeout; + memcpy(new_password.hash, new_trust_passwd_hash, sizeof(new_password.hash));
[SCM] Samba Shared Repository - branch v4-1-test updated
The branch, v4-1-test has been updated via 1e969dc s3:smb2_find: Return that timestamps do not exist as directories from ebfa34b docs: Fix typos. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log - commit 1e969dcdccab1e1b3db2548f60bdcfeaa7e49ab1 Author: Christof Schmitt christof.schm...@us.ibm.com Date: Thu Aug 29 19:36:00 2013 +0200 s3:smb2_find: Return that timestamps do not exist as directories When a Windows client receives a large directory listing while querying snapshots, it sends a find request asking for the timestamp as a directory. A Windows server returns NO_SUCH_FILE, so make sure Samba returns the same. Otherwise the client will get confused and display timestamps in the 'previous versions' dialog. Signed-off-by: Christof Schmitt christof.schm...@us.ibm.com Reviewed-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Sep 10 22:38:51 CEST 2013 on sn-devel-104 (cherry picked from commit c8c0632c871e838fc4465b2a69b4e059e9a126c0) Fix bug #10137 - shadow_copy2 does not display previous versions correctly over SMB2. Autobuild-User(v4-1-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-1-test): Mon Sep 16 11:33:39 CEST 2013 on sn-devel-104 --- Summary of changes: source3/include/smb.h |3 +++ source3/modules/vfs_shadow_copy2.c |3 --- source3/smbd/smb2_find.c | 13 + 3 files changed, 16 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/smb.h b/source3/include/smb.h index 9dd8c58..cfc12a7 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -567,6 +567,9 @@ Offset Datalength. #define NOTIFY_ACTION_REMOVED_STREAM 7 #define NOTIFY_ACTION_MODIFIED_STREAM 8 +/* timestamp format used in previous versions */ +#define GMT_NAME_LEN 24 /* length of a @GMT- name */ +#define GMT_FORMAT @GMT-%Y.%m.%d-%H.%M.%S /* where to find the base of the SMB packet proper */ #define smb_base(buf) (((const char *)(buf))+4) diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c index 60f9628..aa7e50f 100644 --- a/source3/modules/vfs_shadow_copy2.c +++ b/source3/modules/vfs_shadow_copy2.c @@ -107,9 +107,6 @@ #include ccan/hash/hash.h #include util_tdb.h -#define GMT_NAME_LEN 24 /* length of a @GMT- name */ -#define GMT_FORMAT @GMT-%Y.%m.%d-%H.%M.%S - static bool shadow_copy2_find_slashes(TALLOC_CTX *mem_ctx, const char *str, size_t **poffsets, unsigned *pnum_offsets) diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c index c2c0559..c39a35d 100644 --- a/source3/smbd/smb2_find.c +++ b/source3/smbd/smb2_find.c @@ -224,6 +224,8 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx, uint32_t dirtype = FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_DIRECTORY; bool dont_descend = false; bool ask_sharemode = true; + struct tm tm; + char *p; req = tevent_req_create(mem_ctx, state, struct smbd_smb2_find_state); @@ -259,6 +261,17 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } + p = strptime(in_file_name, GMT_FORMAT, tm); + if ((p != NULL) (*p =='\0')) { + /* +* Bogus find that asks for a shadow copy timestamp as a +* directory. The correct response is that it does not exist as +* a directory. +*/ + tevent_req_nterror(req, NT_STATUS_NO_SUCH_FILE); + return tevent_req_post(req, ev); + } + if (in_output_buffer_length smb2req-sconn-smb2.max_trans) { DEBUG(2,(smbd_smb2_find_send: client ignored max trans:%s: 0x%08X: 0x%08X\n, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 5f3fa21 s3:smb2_find: Return that timestamps do not exist as directories from 71e2a9a docs: Fix typos. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 5f3fa215d9f88aa83f2f0daa5e1e540ffc6294a3 Author: Christof Schmitt christof.schm...@us.ibm.com Date: Thu Aug 29 19:36:00 2013 +0200 s3:smb2_find: Return that timestamps do not exist as directories When a Windows client receives a large directory listing while querying snapshots, it sends a find request asking for the timestamp as a directory. A Windows server returns NO_SUCH_FILE, so make sure Samba returns the same. Otherwise the client will get confused and display timestamps in the 'previous versions' dialog. Signed-off-by: Christof Schmitt christof.schm...@us.ibm.com Reviewed-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Sep 10 22:38:51 CEST 2013 on sn-devel-104 (cherry picked from commit c8c0632c871e838fc4465b2a69b4e059e9a126c0) Fix bug #10137 - shadow_copy2 does not display previous versions correctly over SMB2. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Sep 16 11:38:36 CEST 2013 on sn-devel-104 --- Summary of changes: source3/include/smb.h |3 +++ source3/modules/vfs_shadow_copy2.c |3 --- source3/smbd/smb2_find.c | 13 + 3 files changed, 16 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/smb.h b/source3/include/smb.h index 2aa2ab3..568ba54 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -567,6 +567,9 @@ Offset Datalength. #define NOTIFY_ACTION_REMOVED_STREAM 7 #define NOTIFY_ACTION_MODIFIED_STREAM 8 +/* timestamp format used in previous versions */ +#define GMT_NAME_LEN 24 /* length of a @GMT- name */ +#define GMT_FORMAT @GMT-%Y.%m.%d-%H.%M.%S /* where to find the base of the SMB packet proper */ #define smb_base(buf) (((const char *)(buf))+4) diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c index 1cf8e37..e96eb02 100644 --- a/source3/modules/vfs_shadow_copy2.c +++ b/source3/modules/vfs_shadow_copy2.c @@ -107,9 +107,6 @@ #include ccan/hash/hash.h #include util_tdb.h -#define GMT_NAME_LEN 24 /* length of a @GMT- name */ -#define GMT_FORMAT @GMT-%Y.%m.%d-%H.%M.%S - static bool shadow_copy2_find_slashes(TALLOC_CTX *mem_ctx, const char *str, size_t **poffsets, unsigned *pnum_offsets) diff --git a/source3/smbd/smb2_find.c b/source3/smbd/smb2_find.c index c2c0559..c39a35d 100644 --- a/source3/smbd/smb2_find.c +++ b/source3/smbd/smb2_find.c @@ -224,6 +224,8 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx, uint32_t dirtype = FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM | FILE_ATTRIBUTE_DIRECTORY; bool dont_descend = false; bool ask_sharemode = true; + struct tm tm; + char *p; req = tevent_req_create(mem_ctx, state, struct smbd_smb2_find_state); @@ -259,6 +261,17 @@ static struct tevent_req *smbd_smb2_find_send(TALLOC_CTX *mem_ctx, return tevent_req_post(req, ev); } + p = strptime(in_file_name, GMT_FORMAT, tm); + if ((p != NULL) (*p =='\0')) { + /* +* Bogus find that asks for a shadow copy timestamp as a +* directory. The correct response is that it does not exist as +* a directory. +*/ + tevent_req_nterror(req, NT_STATUS_NO_SUCH_FILE); + return tevent_req_post(req, ev); + } + if (in_output_buffer_length smb2req-sconn-smb2.max_trans) { DEBUG(2,(smbd_smb2_find_send: client ignored max trans:%s: 0x%08X: 0x%08X\n, -- Samba Shared Repository
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-09-16-2249/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-09-16-2249/samba3.stderr http://git.samba.org/autobuild.flakey/2013-09-16-2249/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-09-16-2249/samba.stderr http://git.samba.org/autobuild.flakey/2013-09-16-2249/samba.stdout The top commit at the time of the failure was: commit 20999fcaa192517b12eb3334963d58c6fb436ede Author: Björn Jacke b...@sernet.de Date: Thu Sep 12 11:07:17 2013 +0200 tdb: Fix some typos in comments. Thanks to Stewart A. Levin for reporting. fixes bug #10136 (Documentation typos). Signed-off-by: Bjoern Jacke b...@sernet.de Reviewed-by: Karolin Seeger ksee...@samba.org Autobuild-User(master): Karolin Seeger ksee...@samba.org Autobuild-Date(master): Thu Sep 12 13:54:41 CEST 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ef830f7 samba-tool domain join: Set server role correctly to active directory domain controller via f75dc8f s4-rpc_server/drsuapi: Print ldb error showing why we failed to perform the access check via 1d92d5b samba-tool domian join: Only print adminpass warning on subdomain creation via 84dc9f8 samba-tool domain join: Add --quite and --verbose via 35e56d2 dsdb: Use dsdb_next_callback() rather than a no-op per-module callback via 650eca0 join.py: Restore support for joining as a subdomain via 0de dsdb: Add DSDB_SEARCH_ONE_ONLY support to dsdb_module_search*() via 3af4f03 join.py: Handle more error cases with useful exceptions via a5e4c45 samba-tool domain join subdomain: Set reveal_internals:0 control so we can see the ncName via 347b2c6 ldb: Show the type of failing operation in default error message via bbeca62 join.py: Show which database we failed to find the DN on (clarify local v remote) via ccb1beb join.py: Handle exceptions when looking for GUID in a DN from 20999fc tdb: Fix some typos in comments. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ef830f7e7107cd5287903d83519588c9d31b526f Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 9 12:15:36 2013 +1200 samba-tool domain join: Set server role correctly to active directory domain controller We changed the magic string when we reworked the list of server roles. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Mon Sep 16 23:33:41 CEST 2013 on sn-devel-104 commit f75dc8f4a54581ed207e7caa2e52211ea24e3554 Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 9 09:57:27 2013 +1200 s4-rpc_server/drsuapi: Print ldb error showing why we failed to perform the access check Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 1d92d5b19b36ddf15a70e3110caabfe06ba78619 Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 9 09:56:58 2013 +1200 samba-tool domian join: Only print adminpass warning on subdomain creation Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 84dc9f8cc17d49bef5b9c37fd818c7599bf5897a Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 9 09:53:37 2013 +1200 samba-tool domain join: Add --quite and --verbose This means we now use logger consistently between doimin join, domain dcpromo and domain provision. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 35e56d2b71b1dcd906baa70509ec50af39504b5a Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 6 15:46:36 2013 +1200 dsdb: Use dsdb_next_callback() rather than a no-op per-module callback Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 650eca0e061c731614b5fa49756872d11b7b67f0 Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 6 15:46:05 2013 +1200 join.py: Restore support for joining as a subdomain This set of patches fixes up the errors that were introduced into the partial support during the past couple of years. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 0dee04e2e3aecd82ed4cf887f9e36dd4962d Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 6 15:39:50 2013 +1200 dsdb: Add DSDB_SEARCH_ONE_ONLY support to dsdb_module_search*() Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 3af4f0377e1ff8b23d415bc4b241bf8cb83c130c Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 6 15:38:36 2013 +1200 join.py: Handle more error cases with useful exceptions This will help track down strange failures in the future. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit a5e4c4520af9f7a99aac4117d1225c85b891554d Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 16 10:23:07 2013 -0700 samba-tool domain join subdomain: Set reveal_internals:0 control so we can see the ncName The issue here is that we create the ncName remotely with DsAddEntry, and then replicate it back. However, at this point the naming context pointed at by the ncName does not exist! The issue is that the extended_dn_out module then hides the link, because it points to a missing object. The
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4dacaef dsdb: Use credentials.get_forced_sasl_mech() via 3f464ca auth/credentials: Add cli_credentials_{set,get}_forced_sasl_mech() via 68f7cd1 samba-tool domain provision: Make ldap_backend_startup.sh +x and take optional arguments from ef830f7 samba-tool domain join: Set server role correctly to active directory domain controller http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4dacaef2eae46a8d5d4729c8a607b9d928c70c25 Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 16 09:39:12 2013 -0700 dsdb: Use credentials.get_forced_sasl_mech() This will allow us to force the use of only DIGEST-MD5, for example, which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Nadezhda Ivanova nivan...@symas.com Autobuild-User(master): Nadezhda Ivanova nivan...@samba.org Autobuild-Date(master): Tue Sep 17 01:41:41 CEST 2013 on sn-devel-104 commit 3f464ca1f5672491edf5daf15389cf7f2dc68e2b Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 16 09:38:09 2013 -0700 auth/credentials: Add cli_credentials_{set,get}_forced_sasl_mech() This will allow us to force the use of only DIGEST-MD5, for example, which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Nadezhda Ivanova nivan...@symas.com commit 68f7cd1724480a9bae36692d19b94e10fb1b9e73 Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 16 09:35:39 2013 -0700 samba-tool domain provision: Make ldap_backend_startup.sh +x and take optional arguments Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Nadezhda Ivanova nivan...@symas.com --- Summary of changes: auth/credentials/credentials.c | 14 ++ auth/credentials/credentials.h |3 +++ auth/credentials/credentials_internal.h |3 +++ auth/credentials/pycredentials.c| 26 ++ auth/gensec/gensec_start.c | 14 ++ python/samba/provision/backend.py |9 +++-- source4/dsdb/samdb/ldb_modules/samba_dsdb.c |1 + 7 files changed, 68 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index 57a7c0b..e98dfbd 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -112,6 +112,8 @@ _PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) cli_credentials_set_gensec_features(cred, 0); cli_credentials_set_krb_forwardable(cred, CRED_AUTO_KRB_FORWARDABLE); + cred-forced_sasl_mech = NULL; + return cred; } @@ -161,6 +163,13 @@ _PUBLIC_ void cli_credentials_set_kerberos_state(struct cli_credentials *creds, creds-use_kerberos = use_kerberos; } +_PUBLIC_ void cli_credentials_set_forced_sasl_mech(struct cli_credentials *creds, + const char *sasl_mech) +{ + TALLOC_FREE(creds-forced_sasl_mech); + creds-forced_sasl_mech = talloc_strdup(creds, sasl_mech); +} + _PUBLIC_ void cli_credentials_set_krb_forwardable(struct cli_credentials *creds, enum credentials_krb_forwardable krb_forwardable) { @@ -172,6 +181,11 @@ _PUBLIC_ enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct return creds-use_kerberos; } +_PUBLIC_ const char *cli_credentials_get_forced_sasl_mech(struct cli_credentials *creds) +{ + return creds-forced_sasl_mech; +} + _PUBLIC_ enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(struct cli_credentials *creds) { return creds-krb_forwardable; diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h index 766a513..fdd35bb 100644 --- a/auth/credentials/credentials.h +++ b/auth/credentials/credentials.h @@ -118,6 +118,8 @@ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, struct loadparm_context *lp_ctx, struct gssapi_creds_container **_gcc, const char **error_string); +void cli_credentials_set_forced_sasl_mech(struct cli_credentials *creds, + const char *sasl_mech); void cli_credentials_set_kerberos_state(struct cli_credentials *creds, enum credentials_use_kerberos use_kerberos); void
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-09-17-0417/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-09-17-0417/samba3.stderr http://git.samba.org/autobuild.flakey/2013-09-17-0417/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-09-17-0417/samba.stderr http://git.samba.org/autobuild.flakey/2013-09-17-0417/samba.stdout The top commit at the time of the failure was: commit 4dacaef2eae46a8d5d4729c8a607b9d928c70c25 Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 16 09:39:12 2013 -0700 dsdb: Use credentials.get_forced_sasl_mech() This will allow us to force the use of only DIGEST-MD5, for example, which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking to OpenLDAP and Cyrus-SASL. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Nadezhda Ivanova nivan...@symas.com Autobuild-User(master): Nadezhda Ivanova nivan...@samba.org Autobuild-Date(master): Tue Sep 17 01:41:41 CEST 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6ef3c98 docs-xml: document SMB3_02 as available protocol for the client side via 4912378 s3:torture: add PROTOCOL_SMB3_02 handling via 66d3064 lib/param: add PROTOCOL_SMB3_02 handling via f8b3c71 libcli/smb: negotiate SMB3_DIALECT_REVISION_302 if PROTOCOL_SMB3_02 is requested via 80623b8 libcli/smb: add PROTOCOL_SMB3_02 via 4a401d6 libcli/smb: add SMB3_DIALECT_REVISION_302 from 4dacaef dsdb: Use credentials.get_forced_sasl_mech() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6ef3c98ade76e361d210366a0fe79fc3b66e63be Author: Stefan Metzmacher me...@samba.org Date: Sun Sep 15 17:09:35 2013 +0200 docs-xml: document SMB3_02 as available protocol for the client side Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Sep 17 05:55:04 CEST 2013 on sn-devel-104 commit 491237840269943550bb0189c19a460d7a3cf0e7 Author: Stefan Metzmacher me...@samba.org Date: Fri Sep 13 11:28:03 2013 +0200 s3:torture: add PROTOCOL_SMB3_02 handling Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit 66d306491bbd7e07e504c5d246498c1f748a Author: Stefan Metzmacher me...@samba.org Date: Fri Sep 13 11:27:39 2013 +0200 lib/param: add PROTOCOL_SMB3_02 handling Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit f8b3c712f0dcb635bb750ebd218df77eeb584940 Author: Stefan Metzmacher me...@samba.org Date: Fri Sep 13 11:27:01 2013 +0200 libcli/smb: negotiate SMB3_DIALECT_REVISION_302 if PROTOCOL_SMB3_02 is requested Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit 80623b8593700eb9b14e6d50b5687cc7d37de764 Author: Stefan Metzmacher me...@samba.org Date: Fri Sep 13 11:26:20 2013 +0200 libcli/smb: add PROTOCOL_SMB3_02 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit 4a401d6fccfe75c34047427226bb1004e83a6563 Author: Stefan Metzmacher me...@samba.org Date: Fri Sep 13 11:25:42 2013 +0200 libcli/smb: add SMB3_DIALECT_REVISION_302 Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org Reviewed-by: Jeremy Allison j...@samba.org --- Summary of changes: docs-xml/manpages/smb.conf.5.xml |2 +- docs-xml/smbdotconf/protocol/clientmaxprotocol.xml |3 +++ lib/param/param_table.c|1 + libcli/smb/smb2_constants.h|1 + libcli/smb/smbXcli_base.c |1 + libcli/smb/smb_constants.h |5 +++-- source3/torture/test_smb2.c|3 +++ 7 files changed, 13 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/smb.conf.5.xml b/docs-xml/manpages/smb.conf.5.xml index 975d105..399e996 100644 --- a/docs-xml/manpages/smb.conf.5.xml +++ b/docs-xml/manpages/smb.conf.5.xml @@ -471,7 +471,7 @@ chmod 1770 /usr/local/samba/lib/usershares varlistentry term%R/term listitemparathe selected protocol level after protocol negotiation. It can be one of CORE, COREPLUS, - LANMAN1, LANMAN2, NT1, SMB2_02, SMB2_10, SMB2_22, SMB2_24, SMB3_00 or SMB2_FF./para/listitem + LANMAN1, LANMAN2, NT1, SMB2_02, SMB2_10, SMB2_22, SMB2_24, SMB3_00, SMB3_02 or SMB2_FF./para/listitem /varlistentry varlistentry diff --git a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml index 06fda5a..c7a9fd1 100644 --- a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml +++ b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml @@ -60,6 +60,9 @@ listitem paraconstantSMB3_00/constant: Windows 8 SMB3 version. (mostly the same as SMB2_24)/para /listitem + listitem + paraconstantSMB3_02/constant: Windows 8.1 SMB3 version./para + /listitem /itemizedlist paraBy default SMB3 selects the SMB3_00 variant./para /listitem diff --git a/lib/param/param_table.c b/lib/param/param_table.c index 7b32998..10cf046 100644 --- a/lib/param/param_table.c +++
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6ed5b1c Cleanup map return codes via dcbd4ed Fix OpenLDAP partition configs via f2bcceb lib/ldb-samba/ldb_ildap: Also skip special base DNs from 6ef3c98 docs-xml: document SMB3_02 as available protocol for the client side http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6ed5b1c159867466e54a54a10adcc6c49a0a7837 Author: Howard Chu h...@symas.com Date: Mon Sep 16 19:02:26 2013 -0700 Cleanup map return codes -1 was never a valid LDB return code, just use OPERATIONS_ERROR Signed-off-by: Howard Chu h...@symas.com Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Nadezhda Ivanova nivan...@samba.org Autobuild-Date(master): Tue Sep 17 07:51:45 CEST 2013 on sn-devel-104 commit dcbd4ede2f320df9264a138685a2214bfa1ef6a1 Author: Howard Chu h...@symas.com Date: Mon Sep 16 14:14:10 2013 -0700 Fix OpenLDAP partition configs Update to use LMDB backend, BDB is deprecated Update to support DomainDNSZones and ForestDNSZones partitions. Signed-off-by: Howard Chu h...@symas.com Reviewed-by: Andrew Bartlett abart...@samba.org commit f2bccebd913f023e3d99282be4e831d012cd3578 Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 16 14:22:53 2013 -0700 lib/ldb-samba/ldb_ildap: Also skip special base DNs This is so we do not search for @REPLCHANGED against ldap Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Nadezhda Ivanova nivan...@symas.com --- Summary of changes: lib/ldb-samba/ldb_ildap.c |3 ++ lib/ldb/ldb_map/ldb_map_outbound.c | 35 +++ python/samba/provision/backend.py | 22 +++ source4/setup/slapd.conf | 53 +-- 4 files changed, 92 insertions(+), 21 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb-samba/ldb_ildap.c b/lib/ldb-samba/ldb_ildap.c index 3c28690..18853eb 100644 --- a/lib/ldb-samba/ldb_ildap.c +++ b/lib/ldb-samba/ldb_ildap.c @@ -681,6 +681,9 @@ static bool ildb_dn_is_special(struct ldb_request *req) struct ldb_dn *dn = NULL; switch (req-operation) { + case LDB_SEARCH: + dn = req-op.search.base; + break; case LDB_ADD: dn = req-op.add.message-dn; break; diff --git a/lib/ldb/ldb_map/ldb_map_outbound.c b/lib/ldb/ldb_map/ldb_map_outbound.c index 2c517a6..c6c86e3 100644 --- a/lib/ldb/ldb_map/ldb_map_outbound.c +++ b/lib/ldb/ldb_map/ldb_map_outbound.c @@ -195,7 +195,7 @@ static int ldb_msg_replace(struct ldb_message *msg, const struct ldb_message_ele /* no local result, add as new element */ if (old == NULL) { if (ldb_msg_add_empty(msg, el-name, 0, old) != 0) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } talloc_free(discard_const_p(char, old-name)); } @@ -205,10 +205,10 @@ static int ldb_msg_replace(struct ldb_message *msg, const struct ldb_message_ele /* and make sure we reference the contents */ if (!talloc_reference(msg-elements, el-name)) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } if (!talloc_reference(msg-elements, el-values)) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } return 0; @@ -480,7 +480,7 @@ static int map_reply_remote(struct map_context *ac, struct ldb_reply *ares) msg = ldb_msg_new(ares); if (msg == NULL) { map_oom(ac-module); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } /* Merge remote message into new message */ @@ -494,7 +494,7 @@ static int map_reply_remote(struct map_context *ac, struct ldb_reply *ares) dn = ldb_dn_map_rebase_remote(ac-module, msg, ares-message-dn); if (dn == NULL) { talloc_free(msg); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } msg-dn = dn; @@ -581,7 +581,7 @@ static int map_subtree_select_local_not(struct ldb_module *module, void *mem_ctx *new = talloc_memdup(mem_ctx, tree, sizeof(struct ldb_parse_tree)); if (*new == NULL) { map_oom(module); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } /* Generate new subtree */ @@ -613,7 +613,7 @@ static int map_subtree_select_local_list(struct ldb_module *module, void *mem_ct *new = talloc_memdup(mem_ctx, tree, sizeof(struct ldb_parse_tree)); if (*new == NULL) { map_oom(module); - return -1; + return