Re: [Samba] Failover
By the way! All your DCs should be able to run the 10.48.16.155!?? And all your shares are mapped like this : \\10.48.16.155\share!? How do you manage the second Controller to take over when the Master DC is down. It is important to have the DC slave dns working. With the internal DNS or dlz_bind I did not succeed to manage this. Only flat files could do the job for me. So the best thing to do Is to map like \\your.domain\share. No failover Ip is needed. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Robert Gurdon Gesendet: Montag, 7. Oktober 2013 16:15 An: samba@lists.samba.org Betreff: [Samba] Failover Hi guys, I have a domain with Samba 4.0.5 domain controllers and also a failover DRBD shared disk, where the active DC controlls the access to the disk. DOMAINC01 - 10.48.16.150 DOMAINC02 - 10.48.16.151 DOMAINCHA - 10.48.16.155 this would be the failover IP, which works perfectly on Windows XP clients. I can see the shares, just like on DOMAINC01 or DOMAINC02 and if the users has the proper credentials they can write open etc. But when I try to do the same on a Windows 7 client I simply get an error message You dont have the proper rights to open the directory I guess because of the DOMAINCHA virtual controller is not in the AC, but shall I add a computer to the AC so my win7 clients could open the available shares? Thanks, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 internal DNS - how to modify SOA record
Hey guys, Just wanted to update this thread, I upgrade my samba installation to 4.1 and updated SOA record. Now dynamic DNS works fine for me!! Thanks for implementing the feature!!! Cheers!! 2013/8/9 Rustam K. rkovh...@gmail.com I thought I would update this email thread. So far editing the records via ADSI messes up ldb database, if you do that zones won't load anymore, just like Dmitry stated in his first email. I had to revert to a snapshot to get samba back, up and running. I am curious If I have to modify record manually via ldbmodify(ldbedit), would it understand hex/binary? because when I run ldbedit it shows me nothing compared to hex in my previous email, what is this format? # record 50 dn: DC=@,DC=officenet.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=officenet,DC=local objectClass: top objectClass: dnsNode . (cut) dnsRecord:: BAABAAXwAAB6AAADhAAAwKj6Aw== dnsRecord:: BAABAAXwAABuAAACWAAAwKj6Bg== dnsRecord:: GwACAAXwAAB6AAAjKzcAGQMHc3J2LXdpbglvZmZpY2VuZXQFbG9jYW wA dnsRecord:: GgACAAXwAACGAAADhAArtw0IGAMGYWxmYWRjCW9mZmljZW5ldAVsb2NhbA A= dnsRecord:: TgAGAAXwAAC9AAAYMDcAvQAAA4QAAAJYAAFRgAAaAwhzcn YtYWxmYQlvZmZpY2VuZXQFbG9jYWwAHAMKaG9zdG1hc3RlcglvZmZpY2VuZXQFbG9jYWwA Cheers 2013/8/9 Rustam K. rkovh...@gmail.com Hi, thanks for the follow up. I found the SOA record via ADSI edit : DC=@,DC=officenet.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=officenet,DC=local DC=@,DC=_msdcs.officenet.local,CN=MicrosoftDNS,DC=ForestDnsZones,DC=officenet,DC=local there are two of them,and every one of them has attribute dnsRecord which is in hex, and it has string srv-alfa (apart from hostmaster email ttl etc) which I need to change to alfadc 4E 00 06 00 05 F0 00 00 BE 00 00 00 00 00 00 00 00 00 00 00 1C 30 37 00 00 00 00 BE 00 00 03 84 00 00 02 58 00 01 51 80 00 00 00 00 1A 03 08 73 72 76 2D 61 6C 66 61 09 6F 66 66 69 63 65 6E 65 74 05 6C 6F 63 61 6C 00 1C 03 0A 68 6F 73 74 6D 61 73 74 65 72 09 6F 66 66 69 63 65 6E 65 74 05 6C 6F 63 61 6C 00 This is where I am headed, and I'll try not to screw it up. Cheers 2013/8/9 Nico Kadel-Garcia nka...@gmail.com On Thu, Aug 8, 2013 at 4:14 AM, Kai Blin k...@samba.org wrote: On 2013-08-08 10:02, Rustam K. wrote: Hello, I run samba 4.0.7, samba tool can't do the job, at least help/syntax doesn't show that I can Ah, yes. Apparently this functionality only exists in 4.1 and master, sorry. Should you try and run with that the command syntax is samba-tool dns update SOA fqdn_dns fqdn_email serial refresh retry expire minimumttl HTH, Kai Rustam, I do hope that if you're manipulating your SOA directly, that you've actually looked up the guidelines for manipulating them? Just so you don't get surprised by things like the wraparound values for the serial numbers, or what reasonable values are for TTL's. -- Rustam -- Rustam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using samba 4 as plugin replacement for samba 3
THIS WILL NOT WORK: can I simply give samba 4 a copy of the old smb.conf file? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Klaus Hartnegg Gesendet: Freitag, 11. Oktober 2013 17:01 An: samba@lists.samba.org Betreff: [Samba] using samba 4 as plugin replacement for samba 3 Hi, when I don't want to switch to Active Directory, but don't want to be stuck on version 3.6 either, can I simply give samba 4 a copy of the old smb.conf file? Will it be able to store all windows acl's in extended attributes, or is this improvement only available in combination with letting it run as active directory domain controller? thanks, Klaus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Failover
Hi, Actually my main problem atm, I can't open the shares from windows 7 clients (object couldn't found), \\domain\share and also \10.48.16.155\share is working perfectly from windows XP clients. Both DC are running his own DNS server (i am using bind9) and also their own sysvol and stuffz. Only the data part controlled by drbd+heartbeat. Refards, Robert 2013/10/14 Daniel Müller muel...@tropenklinik.de By the way! All your DCs should be able to run the 10.48.16.155!?? And all your shares are mapped like this : \\10.48.16.155\share!? How do you manage the second Controller to take over when the Master DC is down. It is important to have the DC slave dns working. With the internal DNS or dlz_bind I did not succeed to manage this. Only flat files could do the job for me. So the best thing to do Is to map like \\your.domain\share. No failover Ip is needed. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Robert Gurdon Gesendet: Montag, 7. Oktober 2013 16:15 An: samba@lists.samba.org Betreff: [Samba] Failover Hi guys, I have a domain with Samba 4.0.5 domain controllers and also a failover DRBD shared disk, where the active DC controlls the access to the disk. DOMAINC01 - 10.48.16.150 DOMAINC02 - 10.48.16.151 DOMAINCHA - 10.48.16.155 this would be the failover IP, which works perfectly on Windows XP clients. I can see the shares, just like on DOMAINC01 or DOMAINC02 and if the users has the proper credentials they can write open etc. But when I try to do the same on a Windows 7 client I simply get an error message You dont have the proper rights to open the directory I guess because of the DOMAINCHA virtual controller is not in the AC, but shall I add a computer to the AC so my win7 clients could open the available shares? Thanks, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] execute permissions missing after upgrade to Samba 4
Andrew Bartlett wrote: On Sun, 2013-10-13 at 15:39 +0200, Frantisek Hanzlik wrote: After upgrading from samba-3.6.12 to samba-4.0.9 (Fedora 17 i686 - Fedora 19 i686, smb.conf stayed same) I see weird behavior - windows client can not run executable files due to insufficient permissions. However, when I in Linux set (with 'chmod u+x,g+x ...') execution bit for these files, all is fine and windows client can run their. It seems for me as samba4 (contrary to samba3) now check x bit for some 'Read-And-Execute' (or how are executables called from windows) and deny access although client has all other rights (read and write) to this .exe file. Data are stored on ext4 volume which is mounted with 'user_xattr acl' option. My smb.conf look as (some IMO unimportant items omitted from 'testparm -s' output): [global] logon script = %m.bat logon path = domain logons = Yes os level = 63 preferred master = Yes domain master = Yes wins support = Yes idmap config * : backend = tdb ea support = Yes map archive = No map readonly = no store dos attributes = Yes [info] comment = Data info path = /home/DATA/info read list = @info write list = @info force group = info create mask = 0770 directory mask = 0771 force create mode = 0660 force directory mode = 02770 - How is possible solve this issue? Win client self did not set x bit on executables (e.g. when I from windows client extract ZIP archive with executables, they have no x-bit set). Should Samba4 itself set 'Read-And-Execute' rights, either by settin x bit or by setting these rights in extended attributes? See the new parameter in Samba 4.0.10 'acl allow execute always' Andrew Bartlett Andrew, thanks for help. Unfortunately, my distro (Fedora 19) still not has Samba 4.0.10 by that time, and maybe in older, still active, Fedora 18 this version will never be. Please is this problem solvable on Samba4 prior v4.0.10? One solution which invades me is force create mode = 0770 (no Linux user/program access files on these shares), but from Linux view, x bit on data files looks terribly :) Thanks, Franta Hanzlik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File share permissions act different on member server than on DC
On Sun, 2013-10-13 at 22:31 +0200, Marc Muehlfeld wrote: Hello, a while ago I wrote the http://wiki.samba.org/index.php/Setup_and_configure_file_shares HowTo. When I wrote the HowTo, I setup and configured the share on a DC - what still works like described. Today I tried the first time to do exactly the same on a 4.0.10 and 4.1.0 _member server_, and it doesn't work there. The share in smb.conf: [demo] path = /srv/samba/Demo read only = no The folder in the filesystem (XFS): drwxr-xr-x 2 root root6 13. Okt 22:16 /srv/samba/Demo I connect to the share as Domain Admin, right-click to it and go to the security tab. Here I see now everyone and two root entries. - I click the edit button and remove the two root entries. When I click apply, everything is reset (the two entries went back. - If i grant modify to everyone - where all allow entries are empty per default and click apply, then all boxes are checked automatically (full access) and CREATOR OWNER and CREATOR GROUP appear. And this two can't be removed as well any more. If I do exactly the same on a DC, then already the security tab shows on the first time I open it very different settings. The wiki screenshot shows them: http://wikiupload.samba.org/images/8/8f/Demo_Share_Security.png). But the folder on Linux side is also just 755 (and without any extended ACLs when I begin). Also whatever I change (like remove root from the ACLs) everything is done like expected and saved. The member server is also self compiled. I installed all packages on my RHEL6 that I have installed on the DC too. Any idea what could be different on a 4.x member than on a DC? Or did I find a bug? Regards Marc Hi It looks like that on the DC, Administrator already has admin permissions on the share (like root in Linux) but on a file server he doesn't. You have to specify Administrator as an admin user or give him full posix rights on the share using setfacl. Summary.mAdministrator behaves as: DC: like root on a Linux box File server: a normal unprivileged domain user I think the file server is correct. Windows doesn't have a user like root. HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba release series
On Sat, Oct 12, 2013 at 08:14:37AM +1300, Andrew Bartlett wrote: On Fri, 2013-10-11 at 11:27 +0200, Karolin Seeger wrote: On Fri, Oct 11, 2013 at 10:17:31AM +0100, Rowland Penny wrote: On 11/10/13 09:55, Karolin Seeger wrote: Hi, with today's release of Samba 4.1.0, Samba 4.0 has been turned into the maintenance mode and Samba 3.6 into the security fixes only mode. Samba 3.5 is officially unsupported now. For more details on the modi and other release planning information, please see https://wiki.samba.org/index.php/Samba_Release_Planning Cheers, Karolin HI, My, but the release page has gone posh ;-) but shouldn't the 'started' column really be 'released' and I think a few of the boxes require filling in Sure, will do that as soon as possible. While we are talking about the release pages, I wonder with the new colour table on that page, should we remove the Branch policy page, and just fold the text into this page? That way, we don't have two pages to keep updated. (I'm happy to do it, just wanted to ask first). +1 Karolin -- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using samba 4 as plugin replacement for samba 3
On Mon, Oct 14, 2013 at 08:22:35AM +0200, Daniel Müller wrote: THIS WILL NOT WORK: can I simply give samba 4 a copy of the old smb.conf file? With the usual caveats that came with every 3.x to 3.y upgrade, yes. Nothing special when going from 3.6 to 4.0 that would not in principle have hit you from 3.5 to 3.6. Read the WHATSNEW and release notes about changed parameters. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Fix Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
Hi Jacó, we had the same problem and this patch worked for us: https://attachments.samba.org/attachment.cgi?id=9210 Cheers. On Sunday 13 October 2013 19:13:10 Jacó Ramos wrote: Hi Andrew... Aplied patch but not work! Same error! Thanks! Jacó Ramos 2013/10/12 Andrew Bartlett abart...@samba.org On Fri, 2013-10-11 at 12:06 -0300, Jacó Ramos wrote: Hi guys, When run join in DC root@samba4:~# samba-tool domain join jacoramos.net.br DC -Uadministrador --realm=jacoramos.net.br --dns-backend=BIND9_DLZ Finding a writeable DC for domain 'jacoramos.net.br' Found DC win2003.jacoramos.net.br Password for [WORKGROUP\administrador]: workgroup is JACORAMOS realm is jacoramos.net.br checking sAMAccountName Adding CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Adding CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC= jacoramos,DC=net,DC=br Adding CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configur ation,DC=jacoramos,DC=net,DC=br Adding SPNs to CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Setting account password for SAMBA4$ Enabling account Adding DNS account CN=dns-SAMBA4,CN=Users,DC=jacoramos,DC=net,DC=br with dns/ SPN Join failed - cleaning up checking sAMAccountName Deleted CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Deleted CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configur ation,DC=jacoramos,DC=net,DC=br Deleted CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC= jacoramos,DC=net,DC=br ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - 052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1169, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1072, in do_join ctx.join_add_objects() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 616, in join_add_objects ctx.samdb.add(msg) root@samba4:~# Sorry about that. Try the attached patch. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- Samuel Cabrero - Developer scabr...@zentyal.com Easy IT for small business www.zentyal.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Fix Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
On Mon, 2013-10-14 at 09:35 +0200, Samuel Cabrero wrote: Hi Jacó, we had the same problem and this patch worked for us: https://attachments.samba.org/attachment.cgi?id=9210 Cheers. Thanks, can you prepare it as a signed off git commit with 'git commit -s' so I can apply it with all the right author stuff etc? Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 internal DNS and reverse zones
Hi All, I currently have another thread open on squid authentication with Samba 4 and am going to try authenticating against kerberos instead of NTLM. According to the docs for the web filter I'm using, it's essential for Kerberos to be able to resolve reverse DNS so I've spent the last weekend trying to get this working. Various different documents and howtos exist but none of them worked out of the box. The Samba wiki suggests creating the zones with the RSAT DNS tool and various people I've come across have commented that from that point onwards records were added by Windows clients joining. I couldn't get this working so I tried the script on Michael Kuron's site as it threw up messages about GSS failing before DHCP server would eventually hang. While it ran, it would add entries consisting of the mac address as it failed to pick up the name of the machine. Is there an easy way to achieve this or do I carry on plugging away with the script? Should, as come people have claimed, reverse entries just happen if you manually create zones. It's tricy to get a definitive answer on this and where people claim it's worked, they don't seem to advertise the method. Thanks, Julian http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ -- Borden Grammar School, Avenue of Remembrance, Sittingbourne, Kent, ME10 4DB. Tel: 01795 424192 This e-mail is from Borden Grammar School Trust. This e-mail, together with any files transmitted with it, are confidential, and are intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised dissemination or copying of this e-mail or its attachments, and any use or disclosure of any information contained in them, is strictly prohibited, and may also be illegal. If you are not the intended recipient you must not use, disclose, distribute, copy, print or relay this e-mail. Please note that any views expressed by an individual within this e-mail, do not necessarily reflect the views of the Borden Grammar School Trust. Borden Grammar School Trust has taken reasonable precautions to ensure no viruses are present in this e-mail, the Academy cannot accept responsibility for any loss or damage arising from the use of this e-mail and/or files attached. Registered office: Borden Grammar School, Avenue of Remembrance, Sittingbourne, Kent, ME10 4DB Registered in England: 07827591 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using samba 4 as plugin replacement for samba 3
Hi Daniel, so... is there a list what options to change? I've already seen the Wiki page with the minimal working configuration, but is there more information available? thanks, christian -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Daniel Müller Gesendet: Montag, 14. Oktober 2013 08:23 An: 'Klaus Hartnegg'; samba@lists.samba.org Betreff: Re: [Samba] using samba 4 as plugin replacement for samba 3 THIS WILL NOT WORK: can I simply give samba 4 a copy of the old smb.conf file? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Klaus Hartnegg Gesendet: Freitag, 11. Oktober 2013 17:01 An: samba@lists.samba.org Betreff: [Samba] using samba 4 as plugin replacement for samba 3 Hi, when I don't want to switch to Active Directory, but don't want to be stuck on version 3.6 either, can I simply give samba 4 a copy of the old smb.conf file? Will it be able to store all windows acl's in extended attributes, or is this improvement only available in combination with letting it run as active directory domain controller? thanks, Klaus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 internal DNS - how to modify SOA record
Hi, guys... What line command for modify SOA record? Thanks! Jacó Ramos 2013/10/14 Rustam K. rkovh...@gmail.com Hey guys, Just wanted to update this thread, I upgrade my samba installation to 4.1 and updated SOA record. Now dynamic DNS works fine for me!! Thanks for implementing the feature!!! Cheers!! 2013/8/9 Rustam K. rkovh...@gmail.com I thought I would update this email thread. So far editing the records via ADSI messes up ldb database, if you do that zones won't load anymore, just like Dmitry stated in his first email. I had to revert to a snapshot to get samba back, up and running. I am curious If I have to modify record manually via ldbmodify(ldbedit), would it understand hex/binary? because when I run ldbedit it shows me nothing compared to hex in my previous email, what is this format? # record 50 dn: DC=@,DC=officenet.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=officenet,DC=local objectClass: top objectClass: dnsNode . (cut) dnsRecord:: BAABAAXwAAB6AAADhAAAwKj6Aw== dnsRecord:: BAABAAXwAABuAAACWAAAwKj6Bg== dnsRecord:: GwACAAXwAAB6AAAjKzcAGQMHc3J2LXdpbglvZmZpY2VuZXQFbG9jYW wA dnsRecord:: GgACAAXwAACGAAADhAArtw0IGAMGYWxmYWRjCW9mZmljZW5ldAVsb2NhbA A= dnsRecord:: TgAGAAXwAAC9AAAYMDcAvQAAA4QAAAJYAAFRgAAaAwhzcn YtYWxmYQlvZmZpY2VuZXQFbG9jYWwAHAMKaG9zdG1hc3RlcglvZmZpY2VuZXQFbG9jYWwA Cheers 2013/8/9 Rustam K. rkovh...@gmail.com Hi, thanks for the follow up. I found the SOA record via ADSI edit : DC=@,DC=officenet.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=officenet,DC=local DC=@,DC=_msdcs.officenet.local,CN=MicrosoftDNS,DC=ForestDnsZones,DC=officenet,DC=local there are two of them,and every one of them has attribute dnsRecord which is in hex, and it has string srv-alfa (apart from hostmaster email ttl etc) which I need to change to alfadc 4E 00 06 00 05 F0 00 00 BE 00 00 00 00 00 00 00 00 00 00 00 1C 30 37 00 00 00 00 BE 00 00 03 84 00 00 02 58 00 01 51 80 00 00 00 00 1A 03 08 73 72 76 2D 61 6C 66 61 09 6F 66 66 69 63 65 6E 65 74 05 6C 6F 63 61 6C 00 1C 03 0A 68 6F 73 74 6D 61 73 74 65 72 09 6F 66 66 69 63 65 6E 65 74 05 6C 6F 63 61 6C 00 This is where I am headed, and I'll try not to screw it up. Cheers 2013/8/9 Nico Kadel-Garcia nka...@gmail.com On Thu, Aug 8, 2013 at 4:14 AM, Kai Blin k...@samba.org wrote: On 2013-08-08 10:02, Rustam K. wrote: Hello, I run samba 4.0.7, samba tool can't do the job, at least help/syntax doesn't show that I can Ah, yes. Apparently this functionality only exists in 4.1 and master, sorry. Should you try and run with that the command syntax is samba-tool dns update SOA fqdn_dns fqdn_email serial refresh retry expire minimumttl HTH, Kai Rustam, I do hope that if you're manipulating your SOA directly, that you've actually looked up the guidelines for manipulating them? Just so you don't get surprised by things like the wraparound values for the serial numbers, or what reasonable values are for TTL's. -- Rustam -- Rustam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Fix Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
I type... tar zxvf samba-4.1.0.tar.gz cd samba-4.1.0 patch -p1 0001-provision-Do-not-set-dns-HOSTNAME-password-during-ad.patch ./configure make make install This procedure is correct? Thanks! Jacó Ramos 2013/10/14 Andrew Bartlett abart...@samba.org On Mon, 2013-10-14 at 09:35 +0200, Samuel Cabrero wrote: Hi Jacó, we had the same problem and this patch worked for us: https://attachments.samba.org/attachment.cgi?id=9210 Cheers. Thanks, can you prepare it as a signed off git commit with 'git commit -s' so I can apply it with all the right author stuff etc? Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba is still crashing
On Sun, Oct 13, 2013 at 11:11:29PM -0600, Wayne Andersen wrote: I have had a problem for a couple of weeks now. I get very regular crashes on two of my three Domain Controllers. I just updated to 4.1.0 and I am still getting the same problem. This looks like https://bugzilla.samba.org/show_bug.cgi?id=10052 Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using samba 4 as plugin replacement for samba 3
First of all no more [homes] but [home]!! EX: [home] path= /mnt/glusterfs/ads/home readonly = No posix locking =NO [share1] path= /mnt/glusterfs/ads/share1 readonly= NO Best no acls defined in the conf but from the ads-tool/Microsoft or by the administrator from a windows client. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Masopust, Christian [mailto:christian.masop...@siemens.com] Gesendet: Montag, 14. Oktober 2013 12:21 An: muel...@tropenklinik.de; 'Klaus Hartnegg'; samba@lists.samba.org Betreff: AW: [Samba] using samba 4 as plugin replacement for samba 3 Hi Daniel, so... is there a list what options to change? I've already seen the Wiki page with the minimal working configuration, but is there more information available? thanks, christian -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Daniel Müller Gesendet: Montag, 14. Oktober 2013 08:23 An: 'Klaus Hartnegg'; samba@lists.samba.org Betreff: Re: [Samba] using samba 4 as plugin replacement for samba 3 THIS WILL NOT WORK: can I simply give samba 4 a copy of the old smb.conf file? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Klaus Hartnegg Gesendet: Freitag, 11. Oktober 2013 17:01 An: samba@lists.samba.org Betreff: [Samba] using samba 4 as plugin replacement for samba 3 Hi, when I don't want to switch to Active Directory, but don't want to be stuck on version 3.6 either, can I simply give samba 4 a copy of the old smb.conf file? Will it be able to store all windows acl's in extended attributes, or is this improvement only available in combination with letting it run as active directory domain controller? thanks, Klaus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems joining Samba4 domain [resolved]
Am 14.10.2013 06:43, schrieb Andrew Bartlett: On Sun, 2013-10-13 at 14:29 +0100, Rowland Penny wrote: Just how closely did you follow the webpage you posted in your OP? , it seems to be using the standard samba4 packages from Ubuntu, which if I remember correctly are broken. Also there is a howler on the webpage you posted, you are advised to create a share called [global] , this is the standard top share that you will find in any smb.conf. I would advise you to compile samba4 yourself, it is easy, see here: https://wiki.samba.org/index.php/Build_Samba I would also suggest that you use the latest tarball (4.1.0) I totally agree. We are only now getting current Samba 4.0 packages into Debian unstable, and Ubuntu's package, particularly on 12.04 is very, very old. Start with current code, and then get network traces and log files if you still have issues. Andrew Bartlett I'm using Samba 4.0.5 from Zentyal 3.0 PPA now, and this resolved my problem! But after updating from Samba 4 alpha 17 to Samba 4.0.5, i have file permission problems now. I will describe my problems in another mail to the samba mailing list. Thanks so far guys! :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems joining Samba4 domain [resolved]
On 14/10/13 13:29, X-Dimension wrote: Am 14.10.2013 06:43, schrieb Andrew Bartlett: On Sun, 2013-10-13 at 14:29 +0100, Rowland Penny wrote: Just how closely did you follow the webpage you posted in your OP? , it seems to be using the standard samba4 packages from Ubuntu, which if I remember correctly are broken. Also there is a howler on the webpage you posted, you are advised to create a share called [global] , this is the standard top share that you will find in any smb.conf. I would advise you to compile samba4 yourself, it is easy, see here: https://wiki.samba.org/index.php/Build_Samba I would also suggest that you use the latest tarball (4.1.0) I totally agree. We are only now getting current Samba 4.0 packages into Debian unstable, and Ubuntu's package, particularly on 12.04 is very, very old. Start with current code, and then get network traces and log files if you still have issues. Andrew Bartlett I'm using Samba 4.0.5 from Zentyal 3.0 PPA now, and this resolved my problem! But after updating from Samba 4 alpha 17 to Samba 4.0.5, i have file permission problems now. I will describe my problems in another mail to the samba mailing list. Thanks so far guys! :) Well, if you will not compile the latest greatest Samba 4, you might as well use the latest available deb from here: http://enterprisesamba.com/ You will have to register, but will get 4.0.10 which is the latest in the 4.0 series. I still think that you would be better off compiling it yourself, it is very very easy. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] File permission problems after update from Samba 4 alpha 17 to Samba 4.0.5
We had used Samba alpha 17 (included in Resara Server 1.2) for a long time and has now migrate it to Samba 4.0.5 (Ubuntu + Zentyal 3.0 PPA) with NTVFS enabled . Most things seems to work: DNS with Bind9_DLZ, domain join, user login and also GPO are still working fine :) But we have trouble with file permissions now! All domain users can't rename or delete their own files which they had created with Samba 4 alpha 17 before. It looks like they only had 'read only' access to their files. For example when the user peter@mydomain wants to rename/delete a file he had created before, then he gets an error message like only peter@mydomain can rename this file or file is locked by peter@mydomain. Our global section of /etc/samba/smb.conf looks like this: -- [global] interfaces = eth0 workgroup = MYDOMAIN realm = mydomain.lan netbios name = PDC server string = PDC server role = active directory domain controller passdb backend = samba4 server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, smb dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, winreg, srvsvc -- Because Samba 4 alpha 17 was using NTVFS, i thought it is the best idea to stay on NTVFS even on Samba 4.0.5. But it looks, like i was wrong. Thanks for any ideas that helps us to fix our permission problem. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [3.6.8] XP fails with error 1326
No, but I finally found the issue: I was using an older version of the OS instead of checking if a new version was available :-/ The latest worked right away after downloading and activating the Samba module. I should have checked that, first thing. Then, all I needed to share files with any user without adding any user account to Slax (either Unix or Samba) is this smb.conf: code [global] workgroup = WORKGROUP ;Not neeeded, but in case you don't like the hostname netbios name = LINUX ;Important: Otherwise, doesn't switch to Unix nobody - Err 5 Access denied security = share ;if you need to investigate : 2 or 3 ;log level = 2 [test] path=/tmp read only = yes guest ok = yes /code What I've learned: 1. Use the latest OS 2. In case Samba isn't working as exepcted, use log level =2 or even = 3 to investigate, as it provides more information than what Windows says. Thanks a lot for your help. -- View this message in context: http://samba.2283325.n4.nabble.com/3-6-8-XP-fails-with-error-1326-tp4654631p4655055.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba_kcc error in /var/log/messages
On 10/12/2013 08:43 AM, George ITee wrote: Hello, I am getting these errors in /var/log/messages : Oct 12 16:36:15 sambadc samba[7147]: [2013/10/12 16:36:15.817541, 0] ../source4/dsdb/kcc/kcc_periodic.c:664(kccsrv_samba_kcc) Oct 12 16:36:15 sambadc samba[7147]: Calling samba_kcc script Oct 12 16:36:15 sambadc abrt: detected unhandled Python exception in '/usr/local/samba/sbin/samba_kcc' Oct 12 16:36:15 sambadc samba[7147]: [2013/10/12 16:36:15.959943, 0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler) Oct 12 16:36:15 sambadc samba[7147]: /usr/local/samba/sbin/samba_kcc: close failed in file object destructor: Oct 12 16:36:15 sambadc abrtd: New client connected Oct 12 16:36:15 sambadc abrtd: Directory 'pyhook-2013-10-12-16:36:15-7630' creation detected Oct 12 16:36:15 sambadc abrt-server[7633]: Saved Python crash dump of pid 7630 to /var/spool/abrt/pyhook-2013-10-12-16:36:15-7630 Oct 12 16:36:15 sambadc samba[7147]: [2013/10/12 16:36:15.973347, 0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler) Oct 12 16:36:15 sambadc samba[7147]: /usr/local/samba/sbin/samba_kcc: IOError: [Errno 10] No child processes Oct 12 16:36:15 sambadc samba[7147]: [2013/10/12 16:36:15.994361, 0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler) Oct 12 16:36:15 sambadc samba[7147]: /usr/local/samba/sbin/samba_kcc: close failed in file object destructor: Oct 12 16:36:15 sambadc samba[7147]: [2013/10/12 16:36:15.994469, 0] ../lib/util/util_runcmd.c:317(samba_runcmd_io_handler) Oct 12 16:36:15 sambadc samba[7147]: /usr/local/samba/sbin/samba_kcc: IOError: [Errno 10] No child processes Oct 12 16:36:16 sambadc abrtd: Executable '/usr/local/samba/sbin/samba_kcc' doesn't belong to any package Oct 12 16:36:16 sambadc abrtd: 'post-create' on '/var/spool/abrt/pyhook-2013-10-12-16:36:15-7630' exited with 1 Oct 12 16:36:16 sambadc abrtd: Corrupted or bad directory '/var/spool/abrt/pyhook-2013-10-12-16:36:15-7630', deleting The thing is, these errors appear exactly every 5 minutes. The domain controller seems to be working fine in my test environment so far, but I don't recall seeing these errors with Samba 4.0.7. This was also with 4.0.9, now I just compiled 4.1.0 and the same thing. Any cause of concern, or is it just supposed to happen ? Thank you, George I asked the same question on dev list and never got an answer! Jonn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] GPFS Samba CTDB cluster how to
Hi List, I've created an extensive how to for setup of clustered Samba on GPFS using CTDB . Can anyone suggest an appropriate forum to share this information . Perhaps the Samba Wiki ?. Ian Clancy IS Department Valeo Vision Systems (VVS) This e-mail message is intended only for the use of the intended recipient(s). The information contained therein may be confidential or privileged, and its disclosure or reproduction is strictly prohibited. If you are not the intended recipient, please return it immediately to its sender at the above address and destroy it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - PDC - RHEL6 - Slow browsing from Mac clients
I've been running netatalk for my OS X clients with great success. The performance isn't as good as Windows to Samba, but its a HUGE improvement over any version of OS X with any SMB server. 30 seconds with wireshark will tell you why OS X's browsing performance is so horrible. Another point of OS X/Samba misinformation is that Apple dropped Samba which is an SMB server. OS X's SMB client never shared any code with Samba any did not change as a result of the Samba purge. Here's hoping 10.9's SMB driver is as improved as Apple is claiming it to be. On Oct 11, 2013 12:40 PM, Jeremy Allison j...@samba.org wrote: On Fri, Oct 11, 2013 at 04:15:35PM +, Paul Older wrote: On 11/10/2013 17:04, Jeremy Allison j...@samba.org wrote: On Fri, Oct 11, 2013 at 11:36:41AM +, Paul Older wrote: * A few years ago, Samba made changes to their licensing meaning Apple could apparently no longer use it in a commercial release (so I've read) No No No ! Apple could apparently no longer use it in a commercial release I *hate* this myth, it's *completely* untrue. Where did you read this ? Apologies - my source is quite unofficial and now also apparently wrong. For info, I read it here: http://www.tuaw.com/2011/03/24/apple-to-drop-samba-networking-tools-from-li on As Mac OS X adopted more of Samba's tools, the team behind Samba gradually transformed the open source licensing for its software. The latest version of Samba is offered only with General Public License Version 3 (GPLv3 http://www.gnu.org/licenses/gpl.html) licensing, which includes restrictions that essentially prevent Apple from incorporating it into commercially packaged software like Mac OS X. essentially prevent == Stops Apple from suing Samba or Samba users over their patents. Is how you have to read that. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Moving files from NTFS to NTFS
Hi, I'm trying to move files from one folder on a remote ntfs to another remote ntfs which are on Samba. When I do it with some java code I get an error saying I don't have permissions. Any ideas? Sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Clients Windows not update record DNS on zone BIND9_DLZ
Hi List, My clients windows not update record DNS on zones! Show my log: -- samba_dlz: starting transaction on zone jacoramos.net.br client 192.168.0.20#1080: update 'jacoramos.net.br/IN' denied samba_dlz: cancelling transaction on zone jacoramos.net.br -- Anyone have any ideas? Thanks! Jacó Ramos -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - PDC - RHEL6 - Slow browsing from Mac clients
On 14 Oct 2013, at 15:59, Ryan Bair ryandb...@gmail.com wrote: I've been running netatalk for my OS X clients with great success. The performance isn't as good as Windows to Samba, but its a HUGE improvement over any version of OS X with any SMB server. 30 seconds with wireshark will tell you why OS X's browsing performance is so horrible. This is good news. I'm attempting to get Netatalk 3 up and running but am struggling to link the authentication into the Samba4 setup. On a slightly different note, I've been advised by an Apple Premium Reseller and Systems Integrator here in the UK that they recommend people use NFS in their Linux / Mac environments. I'd be interested to hear the voice of experience on that one if anyone care comment? Another point of OS X/Samba misinformation is that Apple dropped Samba which is an SMB server. OS X's SMB client never shared any code with Samba any did not change as a result of the Samba purge. Thanks for the clarification. Hopefully this thread will help dispel myths that I've obviously come across out there in internet land. Here's hoping 10.9's SMB driver is as improved as Apple is claiming it to be. From my testing with my chosen problematic directory of 80 images, I found directory listing times to be : 10.8 - about 60 seconds (very laggy scrolling) 10.9 (pre-release) - about 3 seconds, scrolling is fine 10.8 running Dave from Thursby, - near instant and no issues with scrolling Apple should clearly buy the technology from Dave and implement it in their OS. Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 DNS failing on one server
I have two samba 4 AD DC running using the internal DNS. On one of them, DNS will fail after a short time (10-15 minutes). Restarting samba on this AD DC corrects the issue temporarily. This behavior started about 2 weeks ago. We had not made any changes to either system during this time so it is a complete mystery. I unfortunately used the latest version of samba from git (4.2) for creating these systems. I am in the process of building a new 4.1 server and will join it to the domain as an AD DC (hoping that this will work correctly). In /etc/krb5.conf, the server with failing dns is also listed as the admin_server for the realm. No idea what the effect of this is if I can point to the other server and still resolve dns. First though, what log files I should even be looking at for the DNS issues. I can run all the tests for a properly operating DNS and they all return the correct values (up until DNS fails). e.g. host -t SRV _ldap._tcp.ncs.k12.de.us host -t SRV _kerberos._udp.ncs.k12.de.us host -t A ncssamba1.ncs.k12.de.us all return correct information. kinit also works correctly, smbclient -L server -U% returns the correct information. I am running nslcd on both servers and that is also working. Completely lost on what to try to fix this dns issue. Sincerely, Dave Hopkins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Samba 4.0.9 | Win 7 x64 | Office 2007 x86 | Folder Redirection | Local Cache] : Word-documents, Corrupt
Hello, First of all I would like to thank the Samba Project Group for this state of the art software. I would like to thank every body for helping each other out. Please ignore my poor English writing. It is not my native language. Although: I do the best I can. We use Samba for a while now. We started with version 4.0.6 and updated each time. Now we are at version 4.0.9 and we are planning to update our installation to version 4.1.0. We use Samba 4 as Active Directory Domain Controller. We also got some shares on this same Samba server. We use the share 'profiles' for the user profiles. Everything seems to work well but sometime we got issues with Word-documents. These files get corrupted while working for 45 minutes to a couple of hours. Before we decided to work with roaming profiles I read the Samba-documents about this option. We decided to use folder redirection including local cache (we use desktops and notebooks). I tried a lot of things to solve this issue (with the Word-documents): - re-installed notebook (also replaced HDD; I installed a SSD) - tested network wiring - ran HDD checks (server) - tested switches - changed smb.conf (oplocks, locks, et cetera) - added registry key 'RoundUpWriteTimeOnSync' to client computers at boot time - - REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\NetCache /v RoundUpWriteTimeOnSync /t REG_DWORD /d 0001 /f Maybe there is somebody who is able to help us with this issue. I have listed our /opt/samba/etc/smb.conf file at the end. Thanks in advance. Bouke [global] workgroup = TH01 realm = TH01.INET netbios name = COMSRV01A server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536 guest account = nobody map to guest = bad user #printing = cups #printcap name = cups kernel oplocks = no [netlogon] path = /opt/samba/var/locks/sysvol/th01.inet/scripts read only = No [sysvol] path = /opt/samba/var/locks/sysvol read only = No [profiles] comment = Profiles path = /data/profiles browsable = no read only = no writable = yes directory mask = 0700 create mask = 0600 # # oplocks are disabled for this share # oplocks = False level2 oplocks = False # # 'blocking locks' set to 'no' for Word documents # blocking locks = no # # do not oplock the following files # veto oplock files = /*.doc*/*.DOC*/*.xls*/*.XLS*/*.txt/*.TXT/*.log/*.LOG/*.csv/*.CSV/*.*-ms/*. *-MS/ # csc policy = documents [pdf-prints] comment = PDF Files path = /data/pdf browsable = yes read only = no writable = yes directory mask = 0775 create mask = 0664 [wpkg] comment = Software Deployment path = /opt/wpkg browsable = no read only = no write list = 300,administrator,root directory mask = 0755 create mask = 0644 guest ok = yes strict locking = no oplocks = False level2 oplocks = False blocking locks = no veto oplock files = /*.log/*.LOG/ [packages] comment = Software Packages path = /extra/packages browsable = no read only = no write list = 300,administrator,root create mask = 0644 directory mask = 0755 guest ok = yes [wsus] comment = WSUS path = /extra/wsus browsable = no read only = no writelist = 300,administrator,root create mask = 0644 directory mask = 0755 guest ok = yes [log] comment = Log Files path = /data/log browsable = no read only = no force create mode = 0664 force directory mode = 0775 guest ok = yes [printers] comment = All Printers path = /opt/samba/var/spool browsable = no public = yes guest ok = yes writable = no printable = yes # Windows clients look for this share name as a source of downloadable # printer drivers [print$] comment = Printer Drivers path = /opt/samba/lib/printers browseable = yes guest ok = no read only = yes write list = root -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] One user getting: Primary group is 0 and contains 0 supplementary groups on standalone server
On 10/11/2013 11:36 AM, Stuart Reedy wrote: Greetings, We are having some rights issues on Samba 3.6.18 running on Slackware64 14.0 (the official Slackware Package). One of our users is having access issues and I believe I have traced the problem to the following entry in the log.smbd: Primary group is 0 and contains 0 supplementary groups Issuing the groups command for this user returns the 8 Linux groups in which the user has membership. In researching this, I found another reference to this log entry for which the solution had to do with Windows groups and their relationship to local groups. Since we are using Samba stand-alone, we do not create any Windows groups and use local Linux groups for privileges. (I'm assuming Samba can still be used this way.) My question is: How does Samba calculate these group memberships? I'll look through the source code and see what I can see, but I am no programming wizard, so I doubt I'll find what I need there. Thanks! Stu... OK, I found where Samba gets the Linux group information created a C program that uses the same function (getgroups). Of course, this returns the correct groups for the user for which Samba claims: Primary group is 0 and contains 0 supplementary groups Also, the id command returns the Linux groups as expected: uid=6032(REDACTED) gid=6000(REDACTED) groups=6000(REDACTED),6001(REDACTED),6007(REDACTED),6009(REDACTED),6010(REDACTED),6011(REDACTED),6012(REDACTED),6013(REDACTED),6014(REDACTED) I'm a a loss as to why this user is not getting the proper rights from Samba. Any ideas? -- Stuart Reedy Working hard for a great university! s...@coe.uky.edu 859 257-7966 http://www.coe.uky.edu/~stu/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] GPFS Samba CTDB cluster how to
On Mon, Oct 14, 2013 at 03:35:13PM +0100, Ian CLANCY wrote: Hi List, I've created an extensive how to for setup of clustered Samba on GPFS using CTDB . Can anyone suggest an appropriate forum to share this information . Perhaps the Samba Wiki ?. Putting this into the Samba Wiki would be much appreciated ! Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba login using upn
When I try to use t...@realm.com, it gives NT_STATUS_NO_SUCH_USER. Can you please let me know if there is patch or configuration needed for samba 3.5 to support login using the UPN instead of the samaccountname? On Sun, Oct 13, 2013 at 11:35 PM, Angelica Delgado angelicadel...@gmail.com wrote: I want to know if we can configure samba to authenticate to active directory using the user principal name (upn). Currently, it is working using the samaccountname but we need to use the upn. I am using samba 3.5 Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Powerpoint 2007 not advancing slides
Hi Everyone Samba 3.6.7 on OpenSuse 12.2 x86_64 I have an unusual problem for which I have not been able to find a solution on the Internet. With Powerpoint 2003, there was no issue. With Powerpoint 2007, the user cannot advance slides unless the file is saved locally on the client (Windows XP SP3, ntfs filesystem). When the file is loaded from the samba share, the user can edit and save their powerpoint. They simply cannot run a slideshow. Regardless of the slideshow settings, you cannot advance to the next slide. Any assistance would be appreciated. Kevin Hall -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [homes] support in Samba 4.x
On Mon, 2013-10-14 at 13:06 +0200, Daniel Müller wrote: First of all no more [homes] but [home]!! If you can please demonstrate a configuration that worked with Samba 3.x and fails with Samba 4.0 regarding [homes] support, we would very much like to fix it. There has been no intentional change in this area. It is actually also meant to work on our AD DC, but I know a number of folks don't use it because a [home] share works better with ADUC (because that creates the home directory). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using samba 4 as plugin replacement for samba 3
On Mon, 2013-10-14 at 08:22 +0200, Daniel Müller wrote: THIS WILL NOT WORK: can I simply give samba 4 a copy of the old smb.conf file? Except for the parameters that were removed (security=share, security=server in particular), it really should work. If it does not, please file a bug with exact directions to reproduce. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Fix Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
On Mon, 2013-10-14 at 07:42 -0300, Jacó Ramos wrote: I type... tar zxvf samba-4.1.0.tar.gz cd samba-4.1.0 patch -p1 0001-provision-Do-not-set-dns-HOSTNAME-password-during-ad.patch ./configure make make install This procedure is correct? As has been pointed out elsewhere, the patch is incorrect. Try this one instead: https://attachments.samba.org/attachment.cgi?id=9210 Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Question about DNS Ghost Records
Am Donnerstag, 10. Oktober 2013, 17:13:28 schrieb Gerhard Stein: nope, it didn't help: gerstrong@ZController:~$ /usr/local/samba/bin/samba-tool dns add zcontroller calcdom.local Z37 A IP -k yes ERROR(runtime): uncaught exception - (-1073741811, 'Unexpected information received') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py, line 1053, in run 0, server, zone, name, add_rec_buf, None) gerstrong@ZController:~$ /usr/local/samba/bin/samba-tool dns delete zcontroller calcdom.local Z37 A IP -k yes ERROR: Record does not exist Regards - Gerd Am 10.10.2013 16:43, schrieb Gerhard Stein: I just found this: https://wiki.samba.org/index.php/DNS - Under troubleshoot Let me try it out first. Am 10.10.2013 15:07, schrieb Gerhard Stein: I have had an IP Address Record of the name Z37 which was 192.168.2.203. Using nslookup I find it, but samba-tool queries the name and shows 0 Records? $ nslookup Z37 Server:192.168.2.1 Address:192.168.2.1#53 Name:Z37.calcdom.local Address: 192.168.2.203 $ samba-tool dns query localhost calcdom.local @ ALL Name=, Records=4, Children=0 SOA: serial=119, refresh=900, retry=600, expire=86400, ns=zcontroller.calcdom.local., email=hostmaster.calcdom.local. (flags=60f0, serial=119, ttl=3600) NS: zcontroller.calcdom.local. (flags=60f0, serial=1, ttl=900) A: 134.147.57.144 (flags=60f0, serial=110, ttl=900) A: 192.168.2.1 (flags=60f0, serial=110, ttl=900) Name=_msdcs, Records=0, Children=0 Name=_sites, Records=0, Children=1 Name=_tcp, Records=0, Children=4 Name=_udp, Records=0, Children=2 Name=DomainDnsZones, Records=0, Children=2 Name=ForestDnsZones, Records=0, Children=2 Name=Y15, Records=1, Children=0 A: 192.168.2.192 (flags=f0, serial=110, ttl=1200) Name=Y16, Records=1, Children=0 A: 192.168.2.122 (flags=f0, serial=110, ttl=1200) Name=Z34, Records=1, Children=0 A: 192.168.2.169 (flags=f0, serial=110, ttl=1200) Name=Z35, Records=1, Children=0 A: 192.168.2.206 (flags=f0, serial=115, ttl=0) Name=Z36, Records=1, Children=0 A: 192.168.2.205 (flags=f0, serial=116, ttl=0) Name=Z37, Records=0, Children=0 Name=zcontroller, Records=2, Children=0 A: 134.147.57.144 (flags=f0, serial=110, ttl=900) A: 192.168.2.1 (flags=f0, serial=110, ttl=900) Name=Ztest, Records=0, Children=0 Now in order to fix that I tried to delete that record and get this: $ samba-tool dns update localhost calcdom.local Z37 A 192.168.2.203 192.168.2.210 Password for [Administrator@CALCDOM.LOCAL]: ERROR: Record does not exist I can believe that, but when I try then to add a new record with that name: $ samba-tool dns add localhost calcdom.local Z37 A 192.168.2.203 Password for [Administrator@CALCDOM.LOCAL]: ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py, line 1053, in run 0, server, zone, name, add_rec_buf, None) So, no record, but I cannot add this one...? A bit strange. I did a recent update where also the automatic DNS updates got better on the other computers. I'm still trying to remove that record...What works is to add a Record with another data: $ samba-tool dns add localhost calcdom.local Z37 A 192.168.2.210 Password for [Administrator@CALCDOM.LOCAL]: Record added successfully But I cannot update or remove the one with the 192.168.2.203: now both are shown : $ nslookup z37 Server:192.168.2.1 Address:192.168.2.1#53 Name:z37.calcdom.local Address: 192.168.2.203 Name:z37.calcdom.local Address: 192.168.2.210 Btw. I have no bind installed. I hope you can help, because I have no way to remove that record. Can I clear the DNS Cache maybe? How? Kind Regards, atm i have no working system around, but afair you need to specify a temporary ip address: /usr/local/samba/bin/samba-tool dns add zcontroller calcdom.local Z37 A here.some.temp.ip -k yes Cheers, Günter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba is still crashing
You are correct, it was the same issue. There is a patch associated with the problem and it corrected it for me on both servers. Wayne Andersen On 10/14/2013 04:48 AM, Volker Lendecke wrote: On Sun, Oct 13, 2013 at 11:11:29PM -0600, Wayne Andersen wrote: I have had a problem for a couple of weeks now. I get very regular crashes on two of my three Domain Controllers. I just updated to 4.1.0 and I am still getting the same problem. This looks like https://bugzilla.samba.org/show_bug.cgi?id=10052 Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Clients Windows not update record DNS on zone BIND9_DLZ
This issue frustrates a lot of people (myself included). I ended up having to ditch the Windows client DNS updates, and instead have my dhcp server update the records. Refer to a previous thread between Rowland and myself. In there he gives a very useful link for doing this. *Scott Goodwin* IT Lead Mimic Technologies, Inc 811 First Avenue, Suite 408 | Seattle, WA 98104 phone: 1.800.918.1670 | direct: 206.456.9180 fax: 206.623.3491 | cell: 206.355.7767 2013/10/14 Jacó Ramos j4c0r4...@gmail.com Hi List, My clients windows not update record DNS on zones! Show my log: -- samba_dlz: starting transaction on zone jacoramos.net.br client 192.168.0.20#1080: update 'jacoramos.net.br/IN' denied samba_dlz: cancelling transaction on zone jacoramos.net.br -- Anyone have any ideas? Thanks! Jacó Ramos -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Multiple A records on my parent domain name are confusing hosts
BTW, I commented out the first two lines in dns_update_list, then removed the spare entries from DNS. Now they don't refresh the bad entries. Problem solved. (really, I'm only interested in samba keeping the ms-specific dns entries up to date) *Scott Goodwin* IT Lead Mimic Technologies, Inc 811 First Avenue, Suite 408 | Seattle, WA 98104 phone: 1.800.918.1670 | direct: 206.456.9180 fax: 206.623.3491 | cell: 206.355.7767 On Fri, Oct 11, 2013 at 12:43 PM, Gregory Sloop gr...@sloop.net wrote: AB On Tue, 2013-10-08 at 10:23 -0700, Scott Goodwin wrote: I'm using Samba 4.0.9, Bind 9.9.4 w/ dlz My domain is example.com My Samba4 server is myserver.example.com myserver has two nics: 10.10.10.5 and 192.168.10.2 My externally hosted web site is www.example.com, and is hosted at 123.123.123.123 I have an A and CNAME in DNS like so: @ A 123.123.123.123 www CNAME example.com. The above allows internal web browsers to access the external site via www.example.com or example.com. This works great. The problem is that every ten minutes when samb's dns update happens, it keeps putting the following two entries in, which points internal hosts to the dns server, instead of the externally hosted web site: @ A 10.10.10.5 @ A 192.168.10.2 Why do these keep showing up? I'm sure there is a place that the info is coming from, but I don't know where, and I desperately need to prevent this from happening. I mean, don't get me wrong, I realize what the records mean, but what I'm trying to do is prevent them from repopulating and preventing my internal hosts from browsing the web site. I didn't have this problem when I could edit the bind files directly, but now that I'm using bind_dlz for samba, I'm a little lost. AB The issue is that Samba controls that name, and tries to set it to match AB the network interfaces of the DC, because AD clients may (few actually AB do, in this specific case) use this name to find a DC. See AB dns_update_list. AB I suggest breaking the CNAME and not using example.com to find your AB website internally. Wouldn't it make a lot of sense, provided one had the infrastructure [extra servers/hardware] to handle DNS like this: (And at a smaller site, you could do this in a VM like virtualbox on the same hardware as the S4/AD server - memory is cheap, and at a small site, I/O load is going to be trivial.) --- Setup a DNS+DHCP server, external to/outside of the AD. Say, mydomain.local DHCP and DDNS would apply against mydomain.local Put the S4/Windows AD in a 3rd level domain - say samba.mydomain.local. Point all queries for the 3rd level DNS [samba.mydomain.local] to the AD/ DNS controller. [i.e. A forward zone for samba.mydomain.local - S4AD server] This resolves issues with DHCP/DDNS - since you're not trying to make the AD controller handle it. Next by using something like .local as your 1st level domain, you don't have conflicts with real-world external domains. [And even if you did use something like .com - you could tweak the DNS server to handle it without messing with the AD domain - provided you didn't use anything in that 3rd level domain (samba.mydomain.local) out in the open/public internet.] I know it's extra work, but it just seems to make things a lot cleaner and keeps DNS from becoming such a tangle in AD, IMO Thoughts? -Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] File share permissions act different on member server than on DC
Hi, To enable my member server's ACLs to work just like the DC, as far as Windows is concerned, I needed to add the following parameters to the global section of smb.conf file on the member server: vfs objects = acl_xattr map acl inherit = yes store dos attributes = Yes These parameters are apparently added in the background by default for the smbd processes that are spawned by samba. Until I added those items, just like you I could never get the ACLs to stick and work correctly. Many of them were incorrectly labeled, also, even though the number was correct and the same as on the DC. Something to note: I believe the vfs object parameter does require that xattrs work on the file system that you use. Cheers, KeithM On Sun, 2013-10-13 at 22:31 +0200, Marc Muehlfeld wrote: Hello, a while ago I wrote the http://wiki.samba.org/index.php/Setup_and_configure_file_shares HowTo. When I wrote the HowTo, I setup and configured the share on a DC - what still works like described. Today I tried the first time to do exactly the same on a 4.0.10 and 4.1.0 _member server_, and it doesn't work there. The share in smb.conf: [demo] path = /srv/samba/Demo read only = no The folder in the filesystem (XFS): drwxr-xr-x 2 root root6 13. Okt 22:16 /srv/samba/Demo I connect to the share as Domain Admin, right-click to it and go to the security tab. Here I see now everyone and two root entries. - I click the edit button and remove the two root entries. When I click apply, everything is reset (the two entries went back. - If i grant modify to everyone - where all allow entries are empty per default and click apply, then all boxes are checked automatically (full access) and CREATOR OWNER and CREATOR GROUP appear. And this two can't be removed as well any more. If I do exactly the same on a DC, then already the security tab shows on the first time I open it very different settings. The wiki screenshot shows them: http://wikiupload.samba.org/images/8/8f/Demo_Share_Security.png). But the folder on Linux side is also just 755 (and without any extended ACLs when I begin). Also whatever I change (like remove root from the ACLs) everything is done like expected and saved. The member server is also self compiled. I installed all packages on my RHEL6 that I have installed on the DC too. Any idea what could be different on a 4.x member than on a DC? Or did I find a bug? Regards Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-10-14-0938/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-10-14-0938/samba3.stderr http://git.samba.org/autobuild.flakey/2013-10-14-0938/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-10-14-0938/samba.stderr http://git.samba.org/autobuild.flakey/2013-10-14-0938/samba.stdout The top commit at the time of the failure was: commit 064433f265d2215389f2a377b6e8243318669b65 Author: Volker Lendecke v...@samba.org Date: Sun Oct 13 12:20:29 2013 +0200 libcli4: Remove an unused variable Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Sun Oct 13 17:58:23 CEST 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 63f370b Fix bug #10187 - Missing talloc_free can leak stackframe in error path. from ee0ef2a Fix is_legal_name() to not emit character conversion error messages. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 63f370bdbad94d6aba7a4783d4238fcfc524b055 Author: Jeremy Allison j...@samba.org Date: Tue Oct 8 15:01:38 2013 -0700 Fix bug #10187 - Missing talloc_free can leak stackframe in error path. Fix error path. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@samba.org Autobuild-User(master): David Disseldorp dd...@samba.org Autobuild-Date(master): Wed Oct 9 03:50:56 CEST 2013 on sn-devel-104 --- Summary of changes: source3/winbindd/winbindd_msrpc.c |5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/winbindd_msrpc.c b/source3/winbindd/winbindd_msrpc.c index b14a4f8..b426884 100644 --- a/source3/winbindd/winbindd_msrpc.c +++ b/source3/winbindd/winbindd_msrpc.c @@ -944,8 +944,9 @@ static NTSTATUS msrpc_trusted_domains(struct winbindd_domain *domain, } status = cm_connect_lsa(domain, tmp_ctx, lsa_pipe, lsa_policy); - if (!NT_STATUS_IS_OK(status)) - return status; + if (!NT_STATUS_IS_OK(status)) { + goto done; + } status = rpc_trusted_domains(tmp_ctx, lsa_pipe, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 80a5575 s3-winbind: Send online/offline message of the domain to the parent. via 920f801 s3-winbind: Register handlers for domain online/offline messages. via 2d226b2 s3-winbind: Add functions for domain online/offline handling. via 272a22e idl: Add a new message for winbind domain states. from 63f370b Fix bug #10187 - Missing talloc_free can leak stackframe in error path. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 80a5575849c903a3cb4a9bd74f029e5b7c293aa3 Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 10:03:32 2013 +0200 s3-winbind: Send online/offline message of the domain to the parent. https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Fri Oct 11 13:37:56 CEST 2013 on sn-devel-104 (cherry picked from commit 275f6586c4d4547978c6ff2f04670b0d8f89fd4b) commit 920f8013ad5c57aaa941d5c7aea335726ed0bbae Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 10:02:27 2013 +0200 s3-winbind: Register handlers for domain online/offline messages. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit fc5941622010843d823b5c245eccc68d1d3bce19) commit 2d226b2717d0a30186636d17a8d890e1b7de8151 Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 10:01:40 2013 +0200 s3-winbind: Add functions for domain online/offline handling. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit 447ec17a6bec814a2ac5cadb74dbef5789f07c52) commit 272a22e2dba836f60a1f628206c14fe1a24f49c5 Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 09:15:57 2013 +0200 idl: Add a new message for winbind domain states. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit 1a884636542ba0e54c6d209662a5d1613d727a85) --- Summary of changes: source3/librpc/idl/messaging.idl |2 + source3/winbindd/winbindd.c |6 +++ source3/winbindd/winbindd_cm.c| 62 + source3/winbindd/winbindd_dual.c |5 +++ source3/winbindd/winbindd_proto.h | 10 ++ 5 files changed, 85 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/librpc/idl/messaging.idl b/source3/librpc/idl/messaging.idl index 8618d53..df99063 100644 --- a/source3/librpc/idl/messaging.idl +++ b/source3/librpc/idl/messaging.idl @@ -91,6 +91,8 @@ interface messaging MSG_WINBIND_VALIDATE_CACHE = 0x0408, MSG_WINBIND_DUMP_DOMAIN_LIST= 0x0409, MSG_WINBIND_IP_DROPPED = 0x040A, + MSG_WINBIND_DOMAIN_ONLINE = 0x040B, + MSG_WINBIND_DOMAIN_OFFLINE = 0x040C, /* event messages */ MSG_DUMP_EVENT_LIST = 0x0500, diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index 30771eb..f447059 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -1078,6 +1078,12 @@ void winbindd_register_handlers(void) messaging_register(winbind_messaging_context(), NULL, MSG_WINBIND_ONLINESTATUS, winbind_msg_onlinestatus); + /* Handle domain online/offline messages for domains */ + messaging_register(winbind_messaging_context(), NULL, + MSG_WINBIND_DOMAIN_OFFLINE, winbind_msg_domain_offline); + messaging_register(winbind_messaging_context(), NULL, + MSG_WINBIND_DOMAIN_ONLINE, winbind_msg_domain_online); + messaging_register(winbind_messaging_context(), NULL, MSG_DUMP_EVENT_LIST, winbind_msg_dump_event_list); diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index c502e83..8271279 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -337,6 +337,46 @@ static void calc_new_online_timeout_check(struct winbindd_domain *domain) } } +void winbind_msg_domain_offline(struct messaging_context *msg_ctx, + void *private_data, + uint32_t msg_type, + struct server_id server_id, +
[SCM] Samba Shared Repository - branch v4-1-test updated
The branch, v4-1-test has been updated via 06c6866 s3-winbind: Send online/offline message of the domain to the parent. via 944c3e5 s3-winbind: Register handlers for domain online/offline messages. via 393f6a8 s3-winbind: Add functions for domain online/offline handling. via 7ea11ba idl: Add a new message for winbind domain states. via 45a1cbb ccan: Fix calling memset with zero length parameter via d932142 Fix bug #10187 - Missing talloc_free can leak stackframe in error path. from ff0cd26 VERSION: Bump version number up to 4.1.1... http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log - commit 06c6866f2d3ffb781a270438db85bd6d61dce39c Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 10:03:32 2013 +0200 s3-winbind: Send online/offline message of the domain to the parent. https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Fri Oct 11 13:37:56 CEST 2013 on sn-devel-104 (cherry picked from commit 275f6586c4d4547978c6ff2f04670b0d8f89fd4b) Autobuild-User(v4-1-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-1-test): Mon Oct 14 12:06:45 CEST 2013 on sn-devel-104 commit 944c3e5552b6fbb166158a8740dc06ac359cf3d6 Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 10:02:27 2013 +0200 s3-winbind: Register handlers for domain online/offline messages. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit fc5941622010843d823b5c245eccc68d1d3bce19) commit 393f6a8c7563992fee6cbe9dbf5d46c6f2898b26 Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 10:01:40 2013 +0200 s3-winbind: Add functions for domain online/offline handling. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit 447ec17a6bec814a2ac5cadb74dbef5789f07c52) commit 7ea11ba9ade511b6940cde2f86878eb5da2c2fbf Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 09:15:57 2013 +0200 idl: Add a new message for winbind domain states. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit 1a884636542ba0e54c6d209662a5d1613d727a85) commit 45a1cbb7514f9db5fe2d7c2207d7723092aa164d Author: Volker Lendecke v...@samba.org Date: Thu Jul 11 14:57:53 2013 +0200 ccan: Fix calling memset with zero length parameter Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Thu Jul 11 16:55:49 CEST 2013 on sn-devel-104 Signed-off-by: Andreas Schneider a...@samba.org Fix bug #10190 - Fix memset used with constant zero length parameter. commit d9321421b88a3ba7c98186934b5fe8872f764f15 Author: Jeremy Allison j...@samba.org Date: Tue Oct 8 15:01:38 2013 -0700 Fix bug #10187 - Missing talloc_free can leak stackframe in error path. Fix error path. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@samba.org Autobuild-User(master): David Disseldorp dd...@samba.org Autobuild-Date(master): Wed Oct 9 03:50:56 CEST 2013 on sn-devel-104 --- Summary of changes: lib/ccan/tally/tally.c|2 +- source3/librpc/idl/messaging.idl |2 + source3/winbindd/winbindd.c |6 +++ source3/winbindd/winbindd_cm.c| 62 + source3/winbindd/winbindd_dual.c |5 +++ source3/winbindd/winbindd_msrpc.c |5 ++- source3/winbindd/winbindd_proto.h | 10 ++ 7 files changed, 89 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ccan/tally/tally.c b/lib/ccan/tally/tally.c index 774373c..29f0555 100644 --- a/lib/ccan/tally/tally.c +++ b/lib/ccan/tally/tally.c @@ -506,11 +506,11 @@ char *tally_histogram(const struct tally *tally, if (count covered) { count -= covered; + memset(p, '*', count); } else { count = 0; } - memset(p, '*', count); p += count; *p = '\n'; p++; diff --git a/source3/librpc/idl/messaging.idl
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via a1d0339 s3-winbind: Send online/offline message of the domain to the parent. via ddd3302 s3-winbind: Register handlers for domain online/offline messages. via 16dcb6c s3-winbind: Add functions for domain online/offline handling. via e052e65 idl: Add a new message for winbind domain states. via 5a65f86 Fix bug #10187 - Missing talloc_free can leak stackframe in error path. via c388828 s4:smb_server: call irpc_add_name() at startup (bug #9905) via 2c6ef14 s4:rpc_server: call irpc_add_name() at startup (bug #9905) via 95d66d0 s4:ldap_server: call irpc_add_name() at startup (bug #9905) from acf4fe4 doc: Update documentation of pam_winbind krb5 support. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit a1d0339908ec80d39ba5c6d5a82bc2f39f2ebf39 Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 10:03:32 2013 +0200 s3-winbind: Send online/offline message of the domain to the parent. https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Fri Oct 11 13:37:56 CEST 2013 on sn-devel-104 (cherry picked from commit 275f6586c4d4547978c6ff2f04670b0d8f89fd4b) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Mon Oct 14 12:10:14 CEST 2013 on sn-devel-104 commit ddd330241cbea366f1fb8a10fa936091aff185a6 Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 10:02:27 2013 +0200 s3-winbind: Register handlers for domain online/offline messages. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit fc5941622010843d823b5c245eccc68d1d3bce19) commit 16dcb6cf028e20281db16aab5861cc3f16e74d99 Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 10:01:40 2013 +0200 s3-winbind: Add functions for domain online/offline handling. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit 447ec17a6bec814a2ac5cadb74dbef5789f07c52) commit e052e6587f3270bb186dda4b34cfd8f153cfb055 Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 09:15:57 2013 +0200 idl: Add a new message for winbind domain states. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org (cherry picked from commit 1a884636542ba0e54c6d209662a5d1613d727a85) commit 5a65f86bf2d43ccb5719a5734ee278e7c5d83921 Author: Jeremy Allison j...@samba.org Date: Tue Oct 8 15:01:38 2013 -0700 Fix bug #10187 - Missing talloc_free can leak stackframe in error path. Fix error path. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: David Disseldorp dd...@samba.org Autobuild-User(master): David Disseldorp dd...@samba.org Autobuild-Date(master): Wed Oct 9 03:50:56 CEST 2013 on sn-devel-104 commit c388828165ce0ab5ae91a656b09c3db99cab5e55 Author: Stefan Metzmacher me...@samba.org Date: Mon May 27 12:10:57 2013 +0200 s4:smb_server: call irpc_add_name() at startup (bug #9905) We should call irpc_add_name() when we start the smb_server task. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit afb2bcc08489dbece732fc8f842cbd83862320be) commit 2c6ef147c69bb4cb70c237870d650edaebeb0b52 Author: Stefan Metzmacher me...@samba.org Date: Mon May 27 12:10:57 2013 +0200 s4:rpc_server: call irpc_add_name() at startup (bug #9905) We should call irpc_add_name() when we start the rpc_server task. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit 12d9728131afab7fa093a9cd7ccaff076a74f271) commit 95d66d039afae4eef284e3d2d4b20c66ac88f35a Author: Stefan Metzmacher me...@samba.org Date: Mon May 27 12:10:57 2013 +0200 s4:ldap_server: call irpc_add_name() at startup (bug #9905) We should call irpc_add_name() when we start the ldap_server task. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit a1a4302a4eaf7e210e8084416cd2a0d14384) --- Summary of changes: source3/librpc/idl/messaging.idl |2 + source3/winbindd/winbindd.c |6 +++
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 13a10d4 s4-samldb: Do not allow deletion of objects with RID 1000 from 064433f libcli4: Remove an unused variable http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 13a10d43141c29dad61868b451c0c1dca82360de Author: Nadezhda Ivanova nivan...@symas.com Date: Mon Oct 14 12:38:10 2013 +0300 s4-samldb: Do not allow deletion of objects with RID 1000 According to [MS-SAMR] 3.1.5.7 Delete Pattern we should not allow deletion of security objects with RID 1000. This patch will prevent deletion of well-known accounts and groups. Signed-off-by: Nadezhda Ivanova nivan...@symas.com Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Nadezhda Ivanova nivan...@samba.org Autobuild-Date(master): Mon Oct 14 13:31:50 CEST 2013 on sn-devel-104 --- Summary of changes: python/samba/tests/samba3sam.py | 12 +- source4/dsdb/samdb/ldb_modules/samldb.c |5 source4/dsdb/samdb/samdb.h |1 + source4/dsdb/tests/python/sam.py| 37 -- testdata/samba3/samba3.ldif |4 +- 5 files changed, 48 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/tests/samba3sam.py b/python/samba/tests/samba3sam.py index 9c017fb..7cd6566 100644 --- a/python/samba/tests/samba3sam.py +++ b/python/samba/tests/samba3sam.py @@ -172,7 +172,7 @@ class Samba3SamTestCase(MapBaseTestCase): self.assertEquals(str(msg[0].dn), cn=Replicator,ou=Groups,dc=vernstok,dc=nl) self.assertTrue(objectSid in msg[0]) -self.assertSidEquals(S-1-5-21-4231626423-2410014848-2360679739-552, +self.assertSidEquals(S-1-5-21-4231626423-2410014848-2360679739-1052, msg[0][objectSid]) oc = set(msg[0][objectClass]) self.assertEquals(oc, set([group])) @@ -345,7 +345,7 @@ dnsHostName: x nextRid: y lastLogon: x description: x -objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 +objectSid: S-1-5-21-4231626423-2410014848-2360679739-1052 ) self.ldb.add({ @@ -380,7 +380,7 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 sambaBadPasswordCount: x, sambaLogonTime: x, description: x, -sambaSID: S-1-5-21-4231626423-2410014848-2360679739-552, +sambaSID: S-1-5-21-4231626423-2410014848-2360679739-1052, sambaPrimaryGroupSID: S-1-5-21-4231626423-2410014848-2360679739-512}) self.samba3.db.add({ @@ -483,20 +483,20 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552 # TODO: # Using the SID directly in the parse tree leads to conversion # errors, letting the search fail with no results. -#res = self.ldb.search((objectSid=S-1-5-21-4231626423-2410014848-2360679739-552), scope=SCOPE_DEFAULT, attrs) +#res = self.ldb.search((objectSid=S-1-5-21-4231626423-2410014848-2360679739-1052), scope=SCOPE_DEFAULT, attrs) res = self.ldb.search(expression=(objectSid=*), base=None, scope=SCOPE_DEFAULT, attrs=[dnsHostName, lastLogon, objectSid]) self.assertEquals(len(res), 4) res = sorted(res, key=attrgetter('dn')) self.assertEquals(str(res[1].dn), self.samba4.dn(cn=X)) self.assertEquals(str(res[1][dnsHostName]), x) self.assertEquals(str(res[1][lastLogon]), x) -self.assertSidEquals(S-1-5-21-4231626423-2410014848-2360679739-552, +self.assertSidEquals(S-1-5-21-4231626423-2410014848-2360679739-1052, res[1][objectSid]) self.assertTrue(objectSid in res[1]) self.assertEquals(str(res[0].dn), self.samba4.dn(cn=A)) self.assertTrue(not dnsHostName in res[0]) self.assertEquals(str(res[0][lastLogon]), x) -self.assertSidEquals(S-1-5-21-4231626423-2410014848-2360679739-552, +self.assertSidEquals(S-1-5-21-4231626423-2410014848-2360679739-1052, res[0][objectSid]) self.assertTrue(objectSid in res[0]) diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index 603370f..b798102 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -2552,6 +2552,11 @@ static int samldb_prim_group_users_check(struct samldb_ctx *ac) /* Special object (security principal?) */ return LDB_SUCCESS; } + /* do not allow deletion of well-known sids */ + if (rid DSDB_SAMDB_MINIMUM_ALLOWED_RID + (ldb_request_get_control(ac-req, LDB_CONTROL_RELAX_OID) == NULL)) { + return LDB_ERR_OTHER; + } /* Deny delete requests
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-10-14-1341/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-10-14-1341/samba3.stderr http://git.samba.org/autobuild.flakey/2013-10-14-1341/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-10-14-1341/samba.stderr http://git.samba.org/autobuild.flakey/2013-10-14-1341/samba.stdout The top commit at the time of the failure was: commit 064433f265d2215389f2a377b6e8243318669b65 Author: Volker Lendecke v...@samba.org Date: Sun Oct 13 12:20:29 2013 +0200 libcli4: Remove an unused variable Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Sun Oct 13 17:58:23 CEST 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fec8411 asn1: fix use-after-free in asn1_write from 13a10d4 s4-samldb: Do not allow deletion of objects with RID 1000 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fec84112f3f7bdca9088ed7cabfe827bb21b0118 Author: Jeff Layton jlay...@samba.org Date: Sun Oct 13 21:26:55 2013 -0400 asn1: fix use-after-free in asn1_write On talloc_realloc failure, asn1_write calls talloc_free on an asn1_data pointer and then tries to immediately set the has_error flag on it. Skip the free and just set the has_error flag. Signed-off-by: Jeff Layton jlay...@redhat.com Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Mon Oct 14 16:54:35 CEST 2013 on sn-devel-104 --- Summary of changes: lib/util/asn1.c |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/asn1.c b/lib/util/asn1.c index 70637a3..7e85d4b 100644 --- a/lib/util/asn1.c +++ b/lib/util/asn1.c @@ -44,7 +44,6 @@ bool asn1_write(struct asn1_data *data, const void *p, int len) uint8_t *newp; newp = talloc_realloc(data, data-data, uint8_t, data-ofs+len); if (!newp) { - asn1_free(data); data-has_error = true; return false; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 477e53a param: disable print notify backchannel by default from fec8411 asn1: fix use-after-free in asn1_write http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 477e53a8cb5eda594cfe1cccb9890a4fcd586ff1 Author: David Disseldorp dd...@samba.org Date: Mon Oct 14 13:53:22 2013 +0200 param: disable print notify backchannel by default In handling RemoteFindFirstPrinterChangeNotifyEx requests, the spoolss server can establish a backchannel connection to the print client, as a mechanism for sending print notifications. This behaviour is governed by the print notify backchannel smb.conf parameter. This change sets print notify backchannel to no by default, which sees Samba respond to RemoteFindFirstPrinterChangeNotifyEx requests with WERR_SERVER_UNAVAILABLE. In recieving such a response, print clients can fall back to polling for print queue changes. Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Günther Deschner g...@samba.org Autobuild-User(master): Günther Deschner g...@samba.org Autobuild-Date(master): Mon Oct 14 18:49:41 CEST 2013 on sn-devel-104 --- Summary of changes: .../smbdotconf/printing/printnotifybackchannel.xml | 10 -- selftest/target/Samba3.pm |1 + selftest/target/Samba4.pm |1 + source3/param/loadparm.c |2 +- 4 files changed, 7 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/printing/printnotifybackchannel.xml b/docs-xml/smbdotconf/printing/printnotifybackchannel.xml index 4046322..ce6a595 100644 --- a/docs-xml/smbdotconf/printing/printnotifybackchannel.xml +++ b/docs-xml/smbdotconf/printing/printnotifybackchannel.xml @@ -8,12 +8,10 @@ the server to open a backchannel SMB connection to them. Due to client firewall settings this can cause considerable timeouts and will often fail, as there is no guarantee the client is even - running an SMB server. By setting this parameter to constantno/constant - the Samba print server will not try to connect back to clients - and treat corresponding requests as if the connection back to - the client failed. The default setting of constantyes/constant - causes smbd to attempt this connection. + running an SMB server. By default, the Samba print server will + not try to connect back to clients, and will treat corresponding + requests as if the connection back to the client failed. /para /description -value type=defaultyes/value +value type=defaultno/value /samba:parameter diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 0972457..fbbddcc 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -998,6 +998,7 @@ sub provision($$) queue pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queuepause %p queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p lpq cache time = 0 + print notify backchannel = yes ncalrpc dir = $prefix_abs/ncalrpc resolv:host file = $dns_host_file diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index d7aa9c5..646ac73 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -1451,6 +1451,7 @@ sub provision_plugin_s4_dc($$) queue pause command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queuepause %p queue resume command = $bindir_abs/vlp tdbfile=$lockdir/vlp.tdb queueresume %p lpq cache time = 0 + print notify backchannel = yes ; diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index e702420..3daebdb 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -218,7 +218,7 @@ static struct loadparm_service sDefault = .bAdministrative_share = false, .bGuest_ok = false, .bPrint_ok = false, - .bPrintNotifyBackchannel = true, + .bPrintNotifyBackchannel = false, .bMap_system = false, .bMap_hidden = false, .bMap_archive = true, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2343df4 talloc: Add a warning to talloc_reference() documentation. from 477e53a param: disable print notify backchannel by default http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2343df451a13115eebfd46f9247ec2ae8c3a85c0 Author: Andreas Schneider a...@samba.org Date: Mon Oct 14 13:17:12 2013 +0200 talloc: Add a warning to talloc_reference() documentation. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Kai Blin k...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Mon Oct 14 23:05:54 CEST 2013 on sn-devel-104 --- Summary of changes: lib/talloc/talloc.h |8 1 files changed, 8 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/talloc/talloc.h b/lib/talloc/talloc.h index 1b59390..5d29a8d 100644 --- a/lib/talloc/talloc.h +++ b/lib/talloc/talloc.h @@ -961,6 +961,10 @@ size_t talloc_reference_count(const void *ptr); * @return The original pointer 'ptr', NULL if talloc ran out of * memory in creating the reference. * + * @warning You should try to avoid using this interface. It turns a beautiful + * talloc-tree into a graph. It is often really hard to debug if you + * screw something up by accident. + * * Example: * @code * unsigned int *a, *b, *c; @@ -1001,6 +1005,10 @@ void *_talloc_reference_loc(const void *context, const void *ptr, const char *lo * this function will fail and will return -1. Likewise, if ptr is NULL, * then the function will make no modifications and return -1. * + * @warning You should try to avoid using this interface. It turns a beautiful + * talloc-tree into a graph. It is often really hard to debug if you + * screw something up by accident. + * * Example: * @code * unsigned int *a, *b, *c; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 54019ca docs: Explain why this option should not be used via e512491 s3-winbindd: Remove undocumented winbindd:socket dir parameter via 13495c7 auth4: Remove an unused variable from 2343df4 talloc: Add a warning to talloc_reference() documentation. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 54019ca9aaf9d200c60e8d234259c439875c85f7 Author: Andrew Bartlett abart...@samba.org Date: Fri Oct 11 13:39:09 2013 +1300 docs: Explain why this option should not be used Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Tue Oct 15 01:51:39 CEST 2013 on sn-devel-104 commit e512491552d9ed0dc1005a23ffc8f77ba237f863 Author: Andrew Bartlett abart...@samba.org Date: Fri Oct 11 13:34:13 2013 +1300 s3-winbindd: Remove undocumented winbindd:socket dir parameter This uses the documeted winbindd socket directory parameter instead. This came about due to the merge of the two smb.conf tables in s3 and s4 for the Samba 4.0 release. The s4 code used a real parameter, which caused this to be documented, whereas no automatic procedure existed to notice the parametric option and the need to document that. The fact that this was not used consistently in both codebases is one of the many areas of technical debt we still need to pay off here. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit 13495c7eb3a3feac93d81356acdf880d474319a8 Author: Volker Lendecke v...@samba.org Date: Sun Oct 13 13:58:44 2013 +0200 auth4: Remove an unused variable Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org --- Summary of changes: .../smbdotconf/winbind/winbinddsocketdirectory.xml |5 + selftest/target/Samba3.pm |2 +- source3/include/proto.h|1 + source3/param/loadparm.c |1 + source3/winbindd/winbindd.c|9 ++--- source3/winbindd/winbindd_proto.h |1 - source4/auth/session.c |1 - 7 files changed, 10 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/winbind/winbinddsocketdirectory.xml b/docs-xml/smbdotconf/winbind/winbinddsocketdirectory.xml index 1f8c579..5fd32ff 100644 --- a/docs-xml/smbdotconf/winbind/winbinddsocketdirectory.xml +++ b/docs-xml/smbdotconf/winbind/winbinddsocketdirectory.xml @@ -5,6 +5,11 @@ xmlns:samba=http://www.samba.org/samba/DTD/samba-doc; description paraThis setting controls the location of the winbind daemon's socket./para + paraExcept within automated test scripts, this should not be + altered, as the client tools (nss_winbind etc) do not honour + this parameter. Client tools must then be advised of the + altered path with the WINBINDD_SOCKET_DIR environment + varaible./para /description relatedwinbindd privileged socket directory/related diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index fbbddcc..c3a4345 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -968,7 +968,7 @@ sub provision($$) printing = bsd printcap name = /dev/null - winbindd:socket dir = $wbsockdir + winbindd socket directory = $wbsockdir nmbd:socket dir = $nmbdsockdir idmap config * : range = 10-20 winbind enum users = yes diff --git a/source3/include/proto.h b/source3/include/proto.h index 023fbd0..9612a07 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1060,6 +1060,7 @@ char *lp_wins_hook(TALLOC_CTX *ctx); const char *lp_template_homedir(void); const char *lp_template_shell(void); const char *lp_winbind_separator(void); +const char *lp_winbindd_socket_directory(void); bool lp_winbind_enum_users(void); bool lp_winbind_enum_groups(void); bool lp_winbind_use_default_domain(void); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 3daebdb..62cba4d 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -959,6 +959,7 @@ static void init_globals(bool reinit_globals) string_set(Globals.szTemplateShell, /bin/false); string_set(Globals.szTemplateHomedir, /home/%D/%U); string_set(Globals.szWinbindSeparator, \\); + string_set(Globals.szWinbinddSocketDirectory, dyn_WINBINDD_SOCKET_DIR); string_set(Globals.szCupsServer, ); string_set(Globals.szIPrintServer, ); diff
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9646dfc smbd: Inline break_level2_to_none_async via 1d2c6f4 smbd: Remove a special case for level2 break via cc9cd51 smbd: Remove some FAKE_LEVEL_II comments via 47f65d5 smbd: Add debugs to brlock.c via c92ac4c torture: Extend raw.oplock.batch10 via fcafaf6 smbd: Remove FAKE_LEVEL_II_OPLOCK via eb50c18 smbd: Put have_read_oplocks into brlock.tdb from 54019ca docs: Explain why this option should not be used http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9646dfcdf2ffe0fbd56284a87007b63a9ab34a30 Author: Volker Lendecke v...@samba.org Date: Fri Oct 4 10:11:38 2013 + smbd: Inline break_level2_to_none_async With the special case for bug 5980 in do_break_to_none we only have one caller: process_oplock_async_level2_break_message. The further goal is to merge process_oplock_async_level2_break_message with process_oplock_break_message. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Oct 15 03:42:53 CEST 2013 on sn-devel-104 commit 1d2c6f477b5bc17ac8b940de56432c69d7039304 Author: Volker Lendecke v...@samba.org Date: Fri Oct 4 09:24:29 2013 + smbd: Remove a special case for level2 break With the level2 indicator in brlock.tdb this race condition does not exist anymore Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit cc9cd5142a861360861407fd6018385524bf150d Author: Volker Lendecke v...@samba.org Date: Fri Sep 13 15:18:15 2013 +0200 smbd: Remove some FAKE_LEVEL_II comments Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit 47f65d5829167f061756621e50b480a8c16e4fbc Author: Volker Lendecke v...@samba.org Date: Fri Sep 13 14:13:51 2013 +0200 smbd: Add debugs to brlock.c Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit c92ac4c8eebf4ddaaab4e8b640650406b259b05d Author: Volker Lendecke v...@samba.org Date: Mon Sep 9 18:53:15 2013 + torture: Extend raw.oplock.batch10 With FAKE_LEVEL_II_OPLOCKS around we did not grant LEVEL2 after a NO_OPLOCK file got written to. Windows does grant LEVEL2 in this case. With the have_level2_oplocks in brlocks.tdb we can now grant LEVEL2 in this case as well. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit fcafaf6022832835fc8fa76a4c33056605dc53e4 Author: Volker Lendecke v...@samba.org Date: Wed Sep 11 16:07:33 2013 + smbd: Remove FAKE_LEVEL_II_OPLOCK FAKE_LEVEL_II_OPLOCK was an indicator to break level2 oplock holders on write. This information is now being held in brlock.tdb, which makes the FAKE_LEVEL_II_OPLOCK type unnecessary. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit eb50c18c4a2d0caa3b8d21b2e1b536adc8dc0276 Author: Volker Lendecke v...@samba.org Date: Wed Sep 11 12:48:14 2013 + smbd: Put have_read_oplocks into brlock.tdb This implements an idea by metze: Right now Samba does not grant level2 oplocks where it should: After an initial no-oplock open that has been written to, we don't have the FAKE_LEVEL2_OPLOCK entry in locking.tdb around anymore, this downgraded to NO_OPLOCK. Windows in this case will grant level2 if being asked, we don't. Part of the reason for this is that we don't have a proper mechanism to communicate the fact that level2 needs to be broken to other smbds. Metze's insight was that we have to look into brlock.tdb for every write anyway, so this might be the right place to store this information. My first reaction was that this is really hackish, but on further thought this is not. oplocks depend on brlocks anyway, and we have the proper mechanisms in place for brlocks. The format for this change is to add one byte to the end of the brlock.tdb record with value 1 if we have level2 oplocks around. Thus this patch effectively reverts 8f41142 which I discovered while writing this change. We now legally have unaligned records. We can certainly talk about the format, but I'm not yet convinced we need an idl for this yet. This is a potentially very hot code path, and ndr marshalling has a cost. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org --- Summary of changes: source3/include/smb.h|5 +- source3/locking/brlock.c | 70 ++--