Re: [Samba] ldap user suffix
On Wed, 20 Oct 2010 11:19:12 +0530, vishesh kumar linuxtovish...@gmail.com wrote: Dear friends My domain users in two diffrent OU, one OU is TEMP_USERS and other OU is PEOPLE. What i should mention in smb.conf ? If i mention ldap user suffix = ou=PEOPLE, then users of ou TEMP_USERS is not able to authenticate. Please guide me. Thanks -- http://linuxinterviews.blogspot.com Hi, is it possible to put the two OU into a specific OU that you could mention in your smb.conf ?? I had a similar problem, i solved it this way. Olivier --- Le domaine famille-fontes.net est auto hébergé à mon domicile. Contactez moi si vous souhaitez faire de même. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldap user suffix
Thanks oliver for your reply, But No this is not possible in my case Thanks On 10/20/10, Olivier FONTES oliv...@famille-fontes.net wrote: On Wed, 20 Oct 2010 11:19:12 +0530, vishesh kumar linuxtovish...@gmail.com wrote: Dear friends My domain users in two diffrent OU, one OU is TEMP_USERS and other OU is PEOPLE. What i should mention in smb.conf ? If i mention ldap user suffix = ou=PEOPLE, then users of ou TEMP_USERS is not able to authenticate. Please guide me. Thanks -- http://linuxinterviews.blogspot.com Hi, is it possible to put the two OU into a specific OU that you could mention in your smb.conf ?? I had a similar problem, i solved it this way. Olivier --- Le domaine famille-fontes.net est auto hébergé à mon domicile. Contactez moi si vous souhaitez faire de même. -- http://linuxinterviews.blogspot.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ldap user suffix
On 10/20/2010 08:16 AM, vishesh kumar wrote: Thanks oliver for your reply, But No this is not possible in my case Thanks Why do you want to store users in two separate OU's? What is the rule that defines which OU should be used? You could look into openldap overlays, which might allow you to do dynamic re-write of dn's (amongst other things). Some distros ship openldap without overlays enabled so you need to check (this approach sounds like an overkill though, and might be more trouble than its worth) I'm assuming you are using openldap Regards Luk On 10/20/10, Olivier FONTESoliv...@famille-fontes.net wrote: On Wed, 20 Oct 2010 11:19:12 +0530, vishesh kumar linuxtovish...@gmail.com wrote: Dear friends My domain users in two diffrent OU, one OU is TEMP_USERS and other OU is PEOPLE. What i should mention in smb.conf ? If i mention ldap user suffix = ou=PEOPLE, then users of ou TEMP_USERS is not able to authenticate. Please guide me. Thanks -- http://linuxinterviews.blogspot.com Hi, is it possible to put the two OU into a specific OU that you could mention in your smb.conf ?? I had a similar problem, i solved it this way. Olivier --- Le domaine famille-fontes.net est auto hébergé à mon domicile. Contactez moi si vous souhaitez faire de même. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.5. id-map issues with Active Directory
On Tue, Oct 12, 2010 at 4:03 PM, Haven ha...@thehavennet.org.uk wrote: Hi Andrew, On 10/12/10 08:26, Andrew Lyon wrote: I've run into the same problem trying to get 3.5.5 and 3.5.6 idmap working in rfc2307 mode, wbinfo -u and -g return users and groups, but wbinfo -iuser fails, other test I tried is: net ads search '(|(uidNumber=*)(gidNumber=*))' objectCategory sAMAccountName uidNumber gidNumber -P Which shows that I have 3 users and 2 groups which have rfc2307 attributes, however mapping is not working, files owned by the mapped uid/gid do not show the username or group when listed, and users are unable to authenticate to the samba server. I've noticed some errors in winbindd log: [2010/10/12 08:24:53.276576, 3] winbindd/winbindd_misc.c:352(winbindd_interface_version) [ 8296]: request interface version [2010/10/12 08:24:53.276748, 3] winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir) [ 8296]: request location of privileged pipe [2010/10/12 08:24:53.276975, 3] winbindd/winbindd_list_users.c:58(winbindd_list_users_send) list_users [2010/10/12 08:24:56.764312, 3] winbindd/winbindd_misc.c:352(winbindd_interface_version) [ 8381]: request interface version [2010/10/12 08:24:56.764473, 3] winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir) [ 8381]: request location of privileged pipe [2010/10/12 08:24:56.794828, 3] winbindd/winbindd_getpwnam.c:55(winbindd_getpwnam_send) getpwnam test [2010/10/12 08:24:56.927925, 3] libads/ldap_schema.c:324(ads_check_posix_schema_mapping) ads_check_posix_schema_mapping: failed STATUS_SOME_UNMAPPED [2010/10/12 08:24:56.927999, 2] winbindd/idmap_ad.c:185(ad_idmap_cached_connection) ad_idmap_cached_connection: Failed to obtain schema details! Your errors look different but the symptoms are the same. I've another person with the same issue, the link below explains the exact problem I have: http://www.spinics.net/lists/samba/msg92328.html A snippet from one of my logs shows the issue: [2010/10/12 12:54:42.931329, 5] winbindd/winbindd_getpwnam.c:138(winbindd_getpwnam_recv) Could not convert sid S-1-5-21-4140011924-985775245-1159988818-1608: NT_STATUS_NONE_MAPPED [2010/10/12 12:54:42.931436, 10] winbindd/winbindd.c:655(wb_request_done) wb_request_done[25718:GETPWNAM]: NT_STATUS_NONE_MAPPED If I wbinfo -S S-1-5-21-4140011924-985775245-1159988818-1608 then I get the right UID returned. When I type id I get No such user wbinfo -u and -g show all my users and groups fine. I've found an odd hack that gets me up and running for a short while but I'm not entirely sure why its working, I've described it below. Old broken: idmap backend = ad winbind nss info = rfc2307 New working: idmap uid = 1-2 idmap gid = 1-2 Doesn't that change work around the problem by disabling idmap altogether? it may work but the mappings will not be consistent if you have multiple samba servers. If I replace my standard smb.conf with the changes above and then net ads join and restart winbind I can get an id for any of my users. I only need to do this for one user. Then I switch back to the original idmap backend = ad smb.conf and restart winbind again. At this point all my user id's work once again with the exception of the test user that I used which now has an invalidly cached uid. If I net cache flush then this breaks the id mapping once again. So basically something is screwy and somehow cache files are involved, I'm pretty sure its /var/run/samba/gencache* that is storing this data but that could be a symptom and not the cause. I've not had chance to start decoding cache files and examining their contents yet. An alternative option that I've tried is to switch to an rid back end across all of our systems, this is obviously going to take some more verification and planning before going into effect but I've included my test rid config below in-case it is of use to you. The few test cases I've run so far gave good results. If you manage to get any further then let me know as curiosity has long since moved onto frustration :) [global] dos charset = 850 workgroup = DOMAIN realm = DOMAIN.NET server string = Samba Server Version %v security = ADS password server = 192.168.1.2, 192.168.1.3, * client NTLMv2 auth = Yes kerberos method = system keytab log level = 10 debug timestamp = No disable netbios = Yes name resolve order = host lmhosts socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 local master = No domain master = No dns proxy = No idmap uid = 9000- idmap gid = 9000- template homedir = /home/%U template shell = /bin/bash winbind separator = + winbind use default domain = Yes winbind
Re: [Samba] Highly-available file server question..
To have something like dfs in the windows server world does: you have to use something like cluster and drbd master master and two samba servers/openldap in master server repl. or master master On Tue, 19 Oct 2010 20:09:31 -0400, simo i...@samba.org wrote: On Tue, 2010-10-19 at 16:52 -0700, Jeremy Allison wrote: On Wed, Oct 20, 2010 at 10:19:36AM +1030, Indexer wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/10/2010, at 4:31 AM, john_deli...@ceridian.ca wrote: I wasn't sure DFS was a good fit, my understanding of DFS is limited (reading up today..). As i understood it, Samba does not support DFS? Am i wrong? I have done some googling into this and cant find any results about it. Yes you are wrong. Samba supports DFS. Samba supports the DFS mechanism but I think that some Windows Admins tend to also imply the related File Replication when they say DFS. We do not support the File Replication Protocol, yet. Simo. -- Simo Sorce Samba Team GPL Compliance Officer s...@samba.org Principal Software Engineer at Red Hat, Inc. s...@redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrading Samba-LDAP
I just did that from an older sidux to centos5.5. It worked on the fly. Just grep the old domain sid and give it to your new samba . Export the old ldap database and import it to the new ldap. thats all On Tue, 19 Oct 2010 16:33:06 -0400, John Drescher dresche...@gmail.com wrote: I am looking to upgrade my Samba server to Samba 3.5.x from Samba 3.0.20 and openldap from 2.2.13 to 2.3.43. Is there anyway to do this and still keep my current domain intact? The interest in upgrading is so that we can suppport Win 7 systems. Of course you can keep your current domain intact. Do you have more than 1 ldap server? I highly recommend that. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problems with login and browsing on 3.5.4 LDAP PDC
I think yor problem is netbios especially nmbd. What about your wins-servers? I have 4 subnets with 2 samba domains acting without error with one and only wins: samba4wins. If you have problems to resolve hostnames you pherhaps need a dns-server, so a ping hostname must be successfull from all clients. Or you try remote announce = a.b.c.d [e.f.g.h] ... Where a.b.c.d ist the master browser in your other subnet On Tue, 19 Oct 2010 13:49:10 -0400, Gaiseric Vandal gaiseric.van...@gmail.com wrote: Maybe I missed it- but do you have problems if the client and server are on the same network segment? Are all the local WINS servers samba servers or something else? On 10/19/2010 12:45 PM, Eric A. Hall wrote: On 10/19/2010 9:47 AM, Gaiseric Vandal wrote: Is your samba server also a WINS server? That may help browsing issues. The nodes don't have any problems finding or communicating with the server, the server just does not want to provide data. I have three distinct networks that are interconnected by routers. Each segment has a local DHCP/DNS/WINS/etc server that assigns H-Node WINS options to the local clients, and in addition the broadcasts on 137/138 are also forwarded from each segment to the WINS servers on the other segments. What this means is clients try to resolve a name by asking the local server, then will broadcast a query which is forwarded to the other servers, which they answer. If a TCP session is required (such as fetching a browse list via port 139) then that also happens as expected, once the client knows the server to contact. This works for local and remote nodes alike. From a client on network A that is trying to browse Windows 2003 domain on network B, I can see the TCP session established, the challenge and response negotiation, the Tree Connect AndX Request and Response, the LANMAN server enumeration exchange, and orderly shutdown. When using the same client to browse the Samba domain on network C, I can see the TCP session established, the challenge and response negotiation, the Tree Connect AndX Request and Response, but then the client shuts down the session without trying to enumerate the LANMAN servers. This cycle repeats 4 times for every failed browse attempt indicating that the client believes it should be able to get an answer from the server. Both responses show STATUS_SUCCESS in the SMB message. The only potential difference that I can see between them is that the Samba response shows Security signatures are not supported in the reply message. Perhaps this is preventing the client from following up with the LANMAN request to enumerate the servers? Also I have long since set the registry options needed for signatures, and this same configuration was working before the upgrade. Did something about this change recently? Do you have smb ports defined in smb.conf? I don't have it defined and am using the defaults. It does not seem to be causing any problems. wiki.samba.org should have the registry settings required to let Windows 7 machines join on a Samba domain. I have already made those changes and like I said I am able to join the Win7 client to the domain and can view \\SERVER shares, but cannot browse the domain or login to the server. I would concentrate on the XP machines first since they don't need the registry changes. Yes that is what I'm doing. I have XP/SP3, Windows Server 2003 (and R2), and Windows 7, but am focusing on XP/SP3. Also, make sure that you do have correct group mappings for the key well know windows groups (including Administrators, Domain Admins, Users) # net groupmap list [ 12:39:47 -- bulldog:/root/ ] [ root# ] net groupmap list Domain Admins (S-1-5-21-[...]-512) - Domain Admins Domain Users (S-1-5-21-[...]-513) - Domain Users Domain Guests (S-1-5-21-[...]-514) - Domain Guests Domain Computers (S-1-5-21-[...]-515) - Domain Computers Local Admins (S-1-5-32-544) - Local Admins Local Users (S-1-5-32-545) - users Local Guests (S-1-5-32-546) - nobody For a while I thought it might be related to guest/nobody mapping but I have exhausted all of the permutations there. I have tried smbusers mapping, putting guest into LDAP, etc., and none of it seems to make much any difference in the logs or with the problem at hand. Also, the windows diagnostic tools (netdiag, dcdiag, nbtstat ?) may help you determine which domain controller and master browser the client is using. nbtstat is able to display remote data but it does not use the SMB/LANMAN enumeration over IPC$ which is where the problem seems to lie. Local utilities on the Samba server also seem to express normally although I am happy to try specific things if somebody will name them. I am able to use USRMGR.EXE to connect to the server and view/modify user accounts successfully. I have not looked at the others yet.
Re: [Samba] Error was Transport endpoint is not connected
Why are you shure samba is the point of failure. This could also be your backup or windows xp!?? http://www.petri.co.il/whats_port_445_in_w2k_xp_2003.htm On Tue, 19 Oct 2010 09:39:42 -0400, Gaiseric Vandal gaiseric.van...@gmail.com wrote: The following may help explain the error: http://wiki.samba.org/index.php/Samba_Myths So if you copy the file it is OK, but if the backup job runs an integrity check first it fails? What is involved in the integrity check? Is it somehow opening a connection to the server before starting the integrity check? On 10/19/2010 03:05 AM, robert.gehr wrote: I tried it with smb ports 139 to no avail. Same problem. The backup job takes that long because the windows box first runs an integrity check. If I just copy the file manually it takes a couple of minutes. As already mentioned the other samba server 3.4.7 works without any problems. What does that error message actually mean? Does it mean a network error has occurred, the server has run into a timeout, the server can no longer resolve the name of the client or what? Ideas are welcome. Rob On Fri, 2010-10-15 at 14:57 +0200, Gaiseric Vandal wrote: Did you try changing smb.conf on the NAS to be port 139 only? Also, it seems that 55 GB should not take one hour to copy (55 GBytes is 440 Gbit, and at 1 Gbit/sec and 60 secs / min, the transfer sohuld take about minutes- at least in theory.) I am guessing it is dropping because it tries to reestablish a connection part way through the transfer. On 10/15/2010 07:12 AM, robert.gehr wrote: Nice try. The backup fails exactly the moment the message appears in the log. So I would say it is something to worry about. Has really no one any ideas why this all of a sudden comes up. Thanks for any hints Rob On Tue, 2010-10-12 at 08:41 +0200, Daniel Müller wrote: This message only says: I established to one of the ports 139 or 445 and dropped the other. It is nothing to trouble about. --- EDV Daniel Mller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tbingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gaiseric Vandal Gesendet: Montag, 11. Oktober 2010 16:48 An: samba@lists.samba.org Betreff: Re: [Samba] Error was Transport endpoint is not connected By default samba listens on two TCP ports- 445 and 139. You can specify this in smb.conf smb ports = 445 139 445 is the newer smb over tcp.139 is the older smb over netbios over tcp/ip. 445 was for Windows 2000 and newer clients.. I am not sure why samba enables 445 by default since as far as I know it does not support smb-over-tcp (without the NBT/netbios over tcp stuff.) If you set smb ports = 139 in your smb.conf you should see endpoint messages disappear. I think what happens is Win 2000 (and newer) clients will initially try to connect on port 445, find it isn't really compatible, and then dump down to NBT on port 139. So your NAS may be occasionally connecting on port 139 without problems and occasionally connecting on port 445, and which point it fails. OR- the endpoint errors may be completely unrelated, but you just don't look for when when the NAS is working. Is the NAS part of the domain? Is it a windows or linux/samba based device? My samba server is a PDC. XP clients in the domain connect with no problems regardless of if smb ports is 139 only or 139 + 445. XP/Win7 clients NOT in the domain can't connect to shares if 445 is disabled, which indicates they are connecting to 445 1st. On 10/11/2010 08:57 AM, robert.gehr wrote: Hello All I used to back up a Mssql database (about 55GB) to a samba share without any problems. The samba server Server-A was running version 3.4.7 We just got one of those Netgear ReadyNas3200 things and I tried to backup up to a share there which sometimes works and sometimes not in wich case I get the following error: snip--- [2010/10/08 21:32:26.937834, 0] lib/util_sock.c:474(read_fd_with_timeout) [2010/10/08 21:32:26.966404, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. ---snap- The samba version on the ReadyNas is 3.5.4 On the windows side nothing has changed apart form the destination to the new share. The ReadyNas performs pretty well and I do not get any network errors or otherwise. To rule out some network problem I exported a nfs share on the ReadyNas which I
Re: [Samba] Samba 3.5.6 - configure creates Makefile with errors on Solaris 10
this is probably an error that comes into play by some additional sunfreeware packages that you installed. We have a Solaris 10 machine in the build farm which compiles fine with gcc and with the studio compiler: http://build.samba.org/?function=View+Build;host=sunX;tree=samba_3_current;compiler=cc You may compare the differences between that build and yours, especially the configure output. From the error you post I guess you have some gettext related stuff which requires some extra linker flags. Can you tell which package provides libintl on your box. If a simple installation of that package on our build box triggers the same problem here it's easier for us to fix. Cheers Björn On 2010-10-19 at 10:06 -0400 Robert M. Martel - CSU sent off: I was able to get 3.4.9 to build on my Solaris 10 boxes - but nothing later. I've been building my own samba from source for far longer than I care to admit (because I should know more about samba by now than I do.) I've never had so many problems building the source has I have had the past several months. I am going to look into the points that Gaiseric Vandal has brought up. I am already using Sunfreeware's gcc. I got past my latest make issue by using Sunfreeware's version of Make rather then the one found in /usr/ccs/bin (which has never been a problem in the past.) Following a tip I found at http://forums.sun.com/thread.jspa?threadID=5445706 I added -lintl to the LIBS option in the Makefile. Line 25 That got me as far as linking winbind: - ... Linking shared library bin/pam_winbind.so Undefined first referenced symbol in file libintl_bindtextdomain ../nsswitch/pam_winbind.o libintl_dgettext../nsswitch/pam_winbind.o ld: fatal: Symbol referencing errors. No output written to bin/pam_winbind.so collect2: ld returned 1 exit status make: *** [bin/pam_winbind.so] Error 1 - Which has me now stopped at the same place on both my Solaris 9 and Solaris 10 builds. On Solaris 9 I have not been able to get a FULLY working version of Samba with AD support past version 3.2.15. -Bob On 10/18/2010 02:25 PM, Joe Cammisa wrote: i've had no problem compiling up to 3.4.8 on several solaris10 boxes at varying patch levels; but for some reason i can't get anywhere with 3.5.x. has anyone else been successful in this regard? any tips appreciated--thanks all in advance... -joe On Mon, Oct 18, 2010 at 2:13 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Have you tried the precompiled samba version from sunfreeware.com? It is only 3.4.2 but should have AD support. It won't have ZFS support (an issue for Solaris 10 but Solaris 9.) the winbind nsswitch stuff may be require a little work to setup. -- *** Robert M. Martel I met someone who looks a lot like you System Administrator She does the things you do Levin College of Urban Affairs But she is an IBM Cleveland State University -Jeff Lynne (216) 687-2214 r.mar...@csuohio.edu *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba-winbind 3.5.4 primary group is always domainusers!!!???
Hi, Any news regarding this problem? I have testet samba 3.5.6 and the problem still persists. I had to downgrade to 3.3 on a few machines now. Regards, Oliver -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Oliver Weinmann Sent: Donnerstag, 9. September 2010 13:13 To: samba@lists.samba.org Subject: [Samba] Samba-winbind 3.5.4 primary group is always domainusers!!!??? Dear All, I stepped over a strange issue today. I have one installation of samba winbind 3.3.2 on a Ubuntu machine. Changing the primary unix group of a user is updated immediately. On a newer samba 3.5.4 installation the primary group is not updated at all. It always displays domain users. Is there a new setting for the smb.conf? Here is my smb.conf: [global] netbios name = gedail1 realm = SOMEDOMAIN.NET workgroup = SOMEDOMAIN security = ADS encrypt passwords = true password server = server1.somedomain.net server2.somedomain.net os level = 20 idmap backend = ad idmap config SOMEDOMAIN : backend = ad idmap config SOMEDOMAIN : schema_mode = sfu idmap config SOMEDOMAIN : range = 0- winbind nss info = sfu winbind enum users = yes winbind enum groups = yes preferred master = no winbind nested groups = Yes winbind use default domain = Yes max log size = 50 log level = 10 log file = /var/log/samba/log.%m dns proxy = no wins server = 172.20.200.18 172.18.200.20 allow trusted domains = no client use spnego = Yes use kerberos keytab = true winbind refresh tickets = yes idmap cache time = 1 winbind cache time = 1 It's a W2k3 AD Domain. Regards, Oliver -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5.6 pam problems
Hi, I've setup Samba 3.5.6 as a member server in a 2003R2 domain with a single dc, idmapping is by rfc2307 with a tdb backend for builtin accounts etc, I can list users and groups using wbinfo and I can create shares and access them from the windows server, files and folders owned by ad users show the correct user and group names so mapping appears to be working, I can su to ad accounts but I am unable to ssh into the system as a AD user. Relevant config files: cat /etc/samba/smb.conf [global] debug hires timestamp = yes workgroup = SAMBATEST security = ADS winbind use default domain = true realm = SAMBATEST.LOCAL server string = Samba file and print server log level = 3 max log size = 4192 printcap name = cups idmap config SAMBATEST : backend = ad idmap config SAMBATEST : range = 1-10020 idmap config SAMBATEST : schema_mode = rfc2307 idmap config SAMBATEST : default = yes idmap backend = tdb idmap uid = 10100-10110 idmap gid = 10100-10110 winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind refresh tickets = Yes winbind normalize names = Yes winbind nested groups = Yes client ntlmv2 auth = yes encrypt passwords = yes password server = w2k3r2svr.sambatest.local template shell = /bin/bash [homes] comment = Home Directories read only = No [printers] comment = All Printers guest ok = Yes printable = Yes browseable = No available = No cat /etc/pam.d/sshd auth include system-remote-login accountinclude system-remote-login password include system-remote-login sessioninclude system-remote-login cat /etc/pam.d/system-remote-login authinclude system-login account include system-login passwordinclude system-login session include system-login cat /etc/pam.d/system-login authrequiredpam_tally.so onerr=succeed authrequiredpam_shells.so authrequiredpam_nologin.so authinclude system-auth account requiredpam_access.so account requiredpam_nologin.so account include system-auth account requiredpam_tally.so onerr=succeed passwordinclude system-auth session requiredpam_env.so session optionalpam_lastlog.so session include system-auth session optionalpam_ck_connector.so nox11 session optionalpam_motd.so motd=/etc/motd session optionalpam_mail.so file /etc/pam.d/system-auth /etc/pam.d/system-auth: symbolic link to `system-auth-winbind' cat /etc/pam.d/system-auth-winbind #%PAM-1.0 # $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/3.5/system-auth-winbind.pam,v 1.1 2010/03/01 16:19:54 patrick Exp $ authrequired pam_env.so authsufficientpam_winbind.so authsufficientpam_unix.so likeauth nullok use_first_pass authrequired pam_deny.so account sufficientpam_winbind.so account sufficientpam_unix.so passwordrequired pam_cracklib.so retry=3 passwordsufficientpam_unix.so nullok use_authtok md5 shadow passwordrequired pam_deny.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_limits.so session sufficientpam_unix.so Trust is ok: wbinfo -t checking the trust secret for domain SAMBATEST via RPC calls succeeded I can authenticate the user using kerberos kinit testuser Password for testu...@sambatest.local: klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: testu...@sambatest.local Valid starting ExpiresService principal 10/20/10 12:28:11 10/20/10 19:08:11 krbtgt/sambatest.lo...@sambatest.local And with wbinfo: wbinfo -a testuser%abcABC123 plaintext password authentication failed Could not authenticate user testuser%abcABC123 with plaintext password challenge/response password authentication succeeded When authenticating with wbinfo the following events are logged to log.winbindd [2010/10/20 12:39:25.902284, 3] winbindd/winbindd_misc.c:352(winbindd_interface_version) [ 2329]: request interface version [2010/10/20 12:39:25.902435, 3] winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir) [ 2329]: request location of privileged pipe [2010/10/20 12:39:25.902626, 3] winbindd/winbindd_pam.c:818(winbindd_pam_auth) [ 2329]: pam auth testuser [2010/10/20 12:39:25.911435, 3] winbindd/winbindd_misc.c:352(winbindd_interface_version) [ 2329]: request interface version [2010/10/20 12:39:25.911533, 3] winbindd/winbindd_misc.c:340(winbindd_info) [ 2329]: request misc
Re: [Samba] Problem with Winbindd
Somebody know any diference between linux centos and openfiler for integration with active directory? I have tried a lot process doesnt works. On 10/18/10, Bruno Steven aspe...@gmail.com wrote: I have Openfiler box, I am trying integrated base user with Active directory . When start service winbindd show this message The log winbindd tail -n 10 /var/log/samba/winbindd.log [2010/10/18 16:07:05, 0] winbindd/winbindd_util.c:init_domain_list(736) Could not fetch our SID - did we join? [2010/10/18 16:07:05, 0] winbindd/winbindd.c:main(1274) unable to initialize domain list [2010/10/18 16:19:57, 0] winbindd/winbindd_cache.c:initialize_winbindd_cache(2374) initialize_winbindd_cache: clearing cache and re-creating with version number 1 [2010/10/18 16:19:57, 0] winbindd/winbindd_util.c:init_domain_list(736) Could not fetch our SID - did we join? [2010/10/18 16:19:57, 0] winbindd/winbindd.c:main(1274) unable to initialize domain list I have tried a lot forms for integration but nothing works !!! Please somebody can explain for me this message ? Thank very much . -- Bruno Steven - Administrador de sistemas. *CompTIA Security+ - Code: JYN7BD9BJGRECFM8 * *LPIC-1 - LPI ID: lpi000119659 / Code: p2e4wz47e4 * *MCP-Windows 2003 - TranscriptID: 793804 / Access Code: 080089100 * -- Sent from my mobile device Bruno Steven - Administrador de sistemas. *CompTIA Security+ - Code: JYN7BD9BJGRECFM8 * *LPIC-1 - LPI ID: lpi000119659 / Code: p2e4wz47e4 * *MCP-Windows 2003 - TranscriptID: 793804 / Access Code: 080089100 * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.6 pam problems
On Wed, Oct 20, 2010 at 12:46 PM, Andrew Lyon andrew.l...@gmail.com wrote: Hi, I've setup Samba 3.5.6 as a member server in a 2003R2 domain with a single dc, idmapping is by rfc2307 with a tdb backend for builtin accounts etc, I can list users and groups using wbinfo and I can create shares and access them from the windows server, files and folders owned by ad users show the correct user and group names so mapping appears to be working, I can su to ad accounts but I am unable to ssh into the system as a AD user. Relevant config files: cat /etc/samba/smb.conf [global] debug hires timestamp = yes workgroup = SAMBATEST security = ADS winbind use default domain = true realm = SAMBATEST.LOCAL server string = Samba file and print server log level = 3 max log size = 4192 printcap name = cups idmap config SAMBATEST : backend = ad idmap config SAMBATEST : range = 1-10020 idmap config SAMBATEST : schema_mode = rfc2307 idmap config SAMBATEST : default = yes idmap backend = tdb idmap uid = 10100-10110 idmap gid = 10100-10110 winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind refresh tickets = Yes winbind normalize names = Yes winbind nested groups = Yes client ntlmv2 auth = yes encrypt passwords = yes password server = w2k3r2svr.sambatest.local template shell = /bin/bash [homes] comment = Home Directories read only = No [printers] comment = All Printers guest ok = Yes printable = Yes browseable = No available = No cat /etc/pam.d/sshd auth include system-remote-login account include system-remote-login password include system-remote-login session include system-remote-login cat /etc/pam.d/system-remote-login auth include system-login account include system-login password include system-login session include system-login cat /etc/pam.d/system-login auth required pam_tally.so onerr=succeed auth required pam_shells.so auth required pam_nologin.so auth include system-auth account required pam_access.so account required pam_nologin.so account include system-auth account required pam_tally.so onerr=succeed password include system-auth session required pam_env.so session optional pam_lastlog.so session include system-auth session optional pam_ck_connector.so nox11 session optional pam_motd.so motd=/etc/motd session optional pam_mail.so file /etc/pam.d/system-auth /etc/pam.d/system-auth: symbolic link to `system-auth-winbind' cat /etc/pam.d/system-auth-winbind #%PAM-1.0 # $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/3.5/system-auth-winbind.pam,v 1.1 2010/03/01 16:19:54 patrick Exp $ auth required pam_env.so auth sufficient pam_winbind.so auth sufficient pam_unix.so likeauth nullok use_first_pass auth required pam_deny.so account sufficient pam_winbind.so account sufficient pam_unix.so password required pam_cracklib.so retry=3 password sufficient pam_unix.so nullok use_authtok md5 shadow password required pam_deny.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_limits.so session sufficient pam_unix.so Trust is ok: wbinfo -t checking the trust secret for domain SAMBATEST via RPC calls succeeded I can authenticate the user using kerberos kinit testuser Password for testu...@sambatest.local: klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: testu...@sambatest.local Valid starting Expires Service principal 10/20/10 12:28:11 10/20/10 19:08:11 krbtgt/sambatest.lo...@sambatest.local And with wbinfo: wbinfo -a testuser%abcABC123 plaintext password authentication failed Could not authenticate user testuser%abcABC123 with plaintext password challenge/response password authentication succeeded When authenticating with wbinfo the following events are logged to log.winbindd [2010/10/20 12:39:25.902284, 3] winbindd/winbindd_misc.c:352(winbindd_interface_version) [ 2329]: request interface version [2010/10/20 12:39:25.902435, 3] winbindd/winbindd_misc.c:385(winbindd_priv_pipe_dir) [ 2329]: request location of privileged pipe [2010/10/20 12:39:25.902626, 3] winbindd/winbindd_pam.c:818(winbindd_pam_auth) [ 2329]: pam auth testuser [2010/10/20 12:39:25.911435, 3] winbindd/winbindd_misc.c:352(winbindd_interface_version) [ 2329]:
Re: [Samba] Problem with Winbindd
On Wed, Oct 20, 2010 at 09:58:24AM -0200, Bruno Steven wrote: Somebody know any diference between linux centos and openfiler for integration with active directory? I have tried a lot process doesnt works. Can you answer the question that winbind asks: Could not fetch our SID - did we join? Did you execute the net ads join command successfully? Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Our success story with samba4
On Tue, Oct 19, 2010 at 5:12 AM, Lukasz Zalewski lu...@eecs.qmul.ac.uk wrote: One samba4 DC (running on centos 5.5 x64) with nsd dns backend Two samba 3.3.8 domain members (running on centos 5.5 x64) providing file services and printing Can Samba4 provide file and print services yet? If not can Samba4 and Samba3 co-exist on the same server? If not, what's the status of Franky? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error was Transport endpoint is not connected
Just read the mentioned article but I think this does not describe my problem. The error described there is more like a warning message to me. Moreover even if I define smb ports 139 the message still appears which it should not according to the article. Also, as mentioned, the backup fails. Here again the entries from the logfile. [2010/10/18 22:06:14.464881, 0] lib/util_sock.c:474(read_fd_with_timeout) [2010/10/18 22:06:14.499439, 0] lib/util_sock.c:1432(get_peer_addr_internal) getpeername failed. Error was Transport endpoint is not connected read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. Copying the file manually from windows works. Took the windows Box 14 minutes. Thing is that it sometimes works and sometimes not. Using the other (older version) samba server it always works. I pretty much rule out any hardware issues NIC, etc. because the ReadyNAS also exports NFS shares and rsync's a good deal of data every night without any trouble at all. Best regards Rob On Tue, 2010-10-19 at 15:39 +0200, Gaiseric Vandal wrote: The following may help explain the error: http://wiki.samba.org/index.php/Samba_Myths So if you copy the file it is OK, but if the backup job runs an integrity check first it fails? What is involved in the integrity check? Is it somehow opening a connection to the server before starting the integrity check? On 10/19/2010 03:05 AM, robert.gehr wrote: I tried it with smb ports 139 to no avail. Same problem. The backup job takes that long because the windows box first runs an integrity check. If I just copy the file manually it takes a couple of minutes. As already mentioned the other samba server 3.4.7 works without any problems. What does that error message actually mean? Does it mean a network error has occurred, the server has run into a timeout, the server can no longer resolve the name of the client or what? Ideas are welcome. Rob On Fri, 2010-10-15 at 14:57 +0200, Gaiseric Vandal wrote: Did you try changing smb.conf on the NAS to be port 139 only? Also, it seems that 55 GB should not take one hour to copy (55 GBytes is 440 Gbit, and at 1 Gbit/sec and 60 secs / min, the transfer sohuld take about minutes- at least in theory.) I am guessing it is dropping because it tries to reestablish a connection part way through the transfer. On 10/15/2010 07:12 AM, robert.gehr wrote: Nice try. The backup fails exactly the moment the message appears in the log. So I would say it is something to worry about. Has really no one any ideas why this all of a sudden comes up. Thanks for any hints Rob On Tue, 2010-10-12 at 08:41 +0200, Daniel Müller wrote: This message only says: I established to one of the ports 139 or 445 and dropped the other. It is nothing to trouble about. --- EDV Daniel Mller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tbingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Gaiseric Vandal Gesendet: Montag, 11. Oktober 2010 16:48 An: samba@lists.samba.org Betreff: Re: [Samba] Error was Transport endpoint is not connected By default samba listens on two TCP ports- 445 and 139. You can specify this in smb.conf smb ports = 445 139 445 is the newer smb over tcp.139 is the older smb over netbios over tcp/ip. 445 was for Windows 2000 and newer clients.. I am not sure why samba enables 445 by default since as far as I know it does not support smb-over-tcp (without the NBT/netbios over tcp stuff.)If you set smb ports = 139 in your smb.conf you should see endpoint messages disappear. I think what happens is Win 2000 (and newer) clients will initially try to connect on port 445, find it isn't really compatible, and then dump down to NBT on port 139. So your NAS may be occasionally connecting on port 139 without problems and occasionally connecting on port 445, and which point it fails. OR- the endpoint errors may be completely unrelated, but you just don't look for when when the NAS is working. Is the NAS part of the domain? Is it a windows or linux/samba based device? My samba server is a PDC. XP clients in the domain connect with no problems regardless of if smb ports is 139 only or 139 + 445. XP/Win7 clients NOT in the domain can't connect to shares if 445 is disabled, which indicates they are connecting to 445 1st. On 10/11/2010 08:57 AM, robert.gehr wrote: Hello All I used to back up a Mssql database (about 55GB) to a samba share without any
Re: [Samba] Guest shares in an ADS security model
Seems pathetic to reply to my own message, but since I cannot find any working examples via Google, I have to ask this question. Should be simple enough for the resident gurus to answer ? On Mon, Oct 18, 2010 at 10:38 AM, Madhusudan Singh singh.madhusu...@gmail.com wrote: Are these possible ? I am trying to setup a guest access printer attached to a working fileserver that authenticates its users against a Windows AD. I keep getting authentication requests on attempting to connect to the printer. Before I post my smb.conf, I need to know if what I am trying to do is even possible, Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot browse domain user list with 3.3.9
Hi, I am trying to upgrade Samba from 3.3.2 to 3.3.9 for Win7 compatibility issue. It is running on Redhat 9.0 (I've planned to upgrade to Centos 5.5 in a second setp) and without any ldap backend (tdbsam actually). As I have already done in the past for upgrading, I have done the following procedure : 1) Compile 3.3.9 . My configure option are : ./configure --with-acl-support --enable-cups --with-pam --with-configdir=/usr/local/samba/etc --with-quotas --with-winbind 2) Stop the 3.3.2 service , and backup all the /usr/local/samba dir 3) make install the 3.3.9 4) restart the 3.3.9 service Everything seems to work fine, except that : - I can't use USRMGR.EXE anymore. I get a popup error when I run it : Incorrect Parameter, do you want to select another domain to administer . - I can't explore the users domain when I try to list the users for adding permissions to share a folder, or adding a domain user in a local group. I can see only the domain groups. I really need some help, I will have to deploy Win7 in a very near futur :-S . I have done some debugging in log level 2, it seems I got an error about Bad char conversion : When I run USRMGR.EXE : [2010/10/20 19:01:02, 2] smbd/close.c:close_normal_file(606) smbadmin closed file USRMGR.EXE (numopen=2) NT_STATUS_OK [2010/10/20 19:01:02, 2] smbd/open.c:open_file(551) smbadmin opened file USRMGR.EXE read=Yes write=No (numopen=3) [2010/10/20 19:01:02, 1] librpc/ndr/ndr.c:ndr_push_error(493) ndr_push_error(5): Bad char conversion [2010/10/20 19:01:02, 0] rpc_server/srv_pipe.c:api_rpcTNP(2381) api_rpcTNP: samr: SAMR_QUERYDISPLAYINFO failed. [2010/10/20 19:02:49, 1] librpc/ndr/ndr.c:ndr_push_error(493) ndr_push_error(5): Bad char conversion [2010/10/20 19:02:49, 0] rpc_server/srv_pipe.c:api_rpcTNP(2381) api_rpcTNP: samr: SAMR_QUERYDISPLAYINFO failed. When I try to list the domain users : 2010/10/20 19:03:43, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) Returning domain sid for domain CIRAD_STP - S-1-5-21-3907834674-2055786620-3212856667 [2010/10/20 19:03:43, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) Returning domain sid for domain CIRAD_STP - S-1-5-21-3907834674-2055786620-3212856667 [2010/10/20 19:03:43, 1] librpc/ndr/ndr.c:ndr_push_error(493) ndr_push_error(5): Bad char conversion [2010/10/20 19:03:43, 0] rpc_server/srv_pipe.c:api_rpcTNP(2381) api_rpcTNP: samr: SAMR_QUERYDISPLAYINFO failed. [2010/10/20 19:03:43, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) Returning domain sid for domain CIRAD_STP - S-1-5-21-3907834674-2055786620-3212856667 [2010/10/20 19:03:43, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3456) Returning domain sid for domain CIRAD_STP - S-1-5-21-3907834674-2055786620-3212856667 Here is the global section on my smb.conf : [global] log level = 2 netbios name = server1 server string = My Server workgroup = CIRAD_STP wins support = yes os level = 255 local master = yes preferred master = yes domain master = yes domain logons = yes security = user encrypt passwords = yes passdb backend = tdbsam:/usr/local/samba/private/passdb.tdb enable privileges = yes printcap name = /etc/printcap load printers = no printing = cups nt acl support = yes map acl inherit = yes inherit acls = yes obey pam restrictions = yes time server = yes username map = /usr/local/samba/etc/smbusers name resolve order = wins host lmhosts bcast logon script = logon%a.cmd logon path = logon drive = H: logon home = \\server1\%U Thanks in advance , any help would be very appreciated . Henri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Revisit - Re: Default Hidden Disk Shares
Not to flog a dead horse I am building a replacement for my old NT server at home (been running undisturbed since '95) using the amahi.org distro, and turning on the advanced settings for PDC support. I have done a few things with the Amahi developers and have made mods to the DNS and DHCP setup script to suit my needs. Now for tackling the Samba stuff before configuring all new workstations as well (upgrading from W2K wrkstations to XP pro woo!). I am not so interested in C$ to access the whole drive, but to access all the user shares. So I was thinking about something like: [C$] comment = CC path = /home writeable = yes browseable = no valid users = admin1, admin2 write list = admin1, admin2 create mask = 0775 force create mode = 0664 directory mask = 0775 force directory mode = 0775 [D$] comment = DD path = /var/hda/files writeable = yes browseable = no valid users = admin1, admin2 write list = admin1, admin2 create mask = 0775 force create mode = 0664 directory mask = 0775 force directory mode = 0775 Of course, the Amahi front end won't let me name a share with a $ in it (or at least ending in one), and I am having to edit the smb.conf file to get this setup. Understanding that only Windows clients 'hide' $ shares, and given my goal of being able to view all shares from a couple shares, does this seem the way to go? On 07/05/2010 02:04 PM, Robert LeBlanc wrote: The Windows client will hide any share that ends with a '$' whether or not it is an administrator share, it's doesn't know or care. In this case there is no difference between hidden and normal because to Windows they are both hidden. Give it a try sometime. If you hit the server with a Mac client, it shows all the shares (at least it used to, I haven't tried in a long time), even the c$, d$, etc. I think the Linux SMB clients also do the same. So to rely on 'server' to 'hide' these shares, is a very false sense of security. It's the actual client that does the hiding from normal users. Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Mon, Jul 5, 2010 at 2:43 AM, Atkinson, Robertratkin...@tbs-ltd.co.ukwrote: Robert, the discussion was around the hidden ‘$’ shares, not normal ones. Rob. *From:* Robert LeBlanc [mailto:rob...@leblancnet.us] *Sent:* 02 July 2010 19:15 *To:* Atkinson, Robert *Cc:* Jeremy Allison; samba@lists.samba.org *Subject:* Re: [Samba] Default Hidden Disk Shares On Fri, Jul 2, 2010 at 2:05 AM, Atkinson, Robertratkin...@tbs-ltd.co.uk wrote: Interesting to see you say it's dangerous. The way the Windows version works is that you have to be part of the Administrator group to be able to see them, which I would have thought secure enough? This is not true, the share is advertised to anyone who asks. The Windows client only hides shares that end with a '$'. By default Windows gives access only to administrators (by default), but they are by no means hidden. Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University *** Any opinions expressed in email are those of the individual and not necessarily those of the company. This email and any files transmitted with it are confidential and solely for the use of the intended recipient or entity to whom they are addressed. It may contain material protected by attorney-client privilege. If you are not the intended recipient, or a person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use is strictly prohibited. Random House Group + 44 (0) 20 7840 8400 http://www.randomhouse.co.uk http://www.booksattransworld.co.uk http://www.kidsatrandomhouse.co.uk Generic email address - enquir...@randomhouse.co.uk Name Registered Office: THE RANDOM HOUSE GROUP LIMITED 20 VAUXHALL BRIDGE ROAD LONDON SW1V 2SA Random House Group Ltd is registered in the United Kingdom with company No. 00954009, VAT number 102838980 *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Guest shares in an ADS security model
On 20 October 2010 17:52, Madhusudan Singh singh.madhusu...@gmail.com wrote: Seems pathetic to reply to my own message, but since I cannot find any working examples via Google, I have to ask this question. Should be simple enough for the resident gurus to answer ? I would guess you need to enable to Guest user in Active Directory and then set up the share such that the Guest user has access. On Mon, Oct 18, 2010 at 10:38 AM, Madhusudan Singh singh.madhusu...@gmail.com wrote: Are these possible ? I am trying to setup a guest access printer attached to a working fileserver that authenticates its users against a Windows AD. I keep getting authentication requests on attempting to connect to the printer. Before I post my smb.conf, I need to know if what I am trying to do is even possible, -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 in production?
On 11 October 2010 22:19, Mark Rutherford m...@lowcountrybilling.com wrote: I have read many stories and testimonials from people that are running Samba 4 in production. This encouraged me to try it out in a couple of virtual machines and, as expected I encountered no problems that I could not overcome. (mostly DNS setup issues) We are running 3.5 right now just as a plain NT4 domain controller with DRBD and friends. This setup has worked for many, many years and the possibility of gaining AD is very appealing. When I tested Samba 4, I joined a few Samba 3 servers to it and used resources from those servers without any issues. How are others using it in production? Any pitfalls to using Samba 4 in this manner? Anyone care to share their stories, good or bad? Thanks everyone. I'm using it only for authentication of services on a Mac OS X server at the moment. No workstations, file/print sharing etc. It was a bit of trouble getting the user accounts migrated from Open Directory, but after that hurdle it's been very little trouble. I'm copying samba-technical, since you've not received any other answers on the samba list and the samba-technical list is, for now, still the place to report success/failure/etc. with Samba 4. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Bad password lockout
On 14 October 2010 15:05, Dave Thurston dthurs...@comcast.net wrote: I have a question about bad password lockout. Net pwsettings has settings for Complexity, Password history Length, Minimum password length, Minimum password age, and Maximum password age. But I can not see how to set a bad password login attempts. Can this be set using a group profile? Yes, I believe so, but have never tried. Copying samba-technical for a definitive answer. Getting ready to use samba 4 for authentication purposes but really do need this ability. Everything else has tested out great. Thanks All. Dave -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA 4 ACL support
On 18 October 2010 09:41, Vaclav Klecanda venca...@gmail.com wrote: Hi all, I am experimenting with samba 4. I have existing data on NTFS partition and want to share them via samba. But I have problems with permissions (ACL). There is an option: ntvfs handler that tells how mapping of permissions between unix and windows world shall behave. But there is lack of documentation. So I tried posix, simiple but in either case I wasnot able to write even set permissions via GUI from windows client. So I would like to ask if somebody knows where could I read something about this topic or if there is a guru that knows how this thing work, please could you share you knowledge? Thanks a lot, Vasek I'm not sure this is expected to work. I have never tried serving files from an NTFS filesystem. Does the Linux NTFS filesystem driver (ntfs3g?) allow reading/setting the ACLs? I've copied my reply to samba-technical in case someone there knows the answer. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba - Rejecting auth request debug log
On 11 October 2010 14:55, Martin Hochreiter linux...@wavenet.at wrote: Hi there! I set up a test enviroment and did a log level 256 of a domain user log on with a Samba 3.5.5 and a windows 7 machine to deliver more data for that _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client TESTPC1 machine account TESTPC1$ problem. Please find the logs enclosed (if a ~300kb rar log file is allowed here) and maybe somebody can have a look at it and elighten us. Your log seems to have been stripped from the message. -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Bad password lockout
Sorry, forgot to copy samba-technical. On 20 October 2010 23:01, Michael Wood esiot...@gmail.com wrote: On 14 October 2010 15:05, Dave Thurston dthurs...@comcast.net wrote: I have a question about bad password lockout. Net pwsettings has settings for Complexity, Password history Length, Minimum password length, Minimum password age, and Maximum password age. But I can not see how to set a bad password login attempts. Can this be set using a group profile? Yes, I believe so, but have never tried. Copying samba-technical for a definitive answer. Getting ready to use samba 4 for authentication purposes but really do need this ability. Everything else has tested out great. Thanks All. Dave -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 Bad password lockout
On Wed, 2010-10-20 at 23:08 +0200, Michael Wood wrote: Sorry, forgot to copy samba-technical. On 20 October 2010 23:01, Michael Wood esiot...@gmail.com wrote: On 14 October 2010 15:05, Dave Thurston dthurs...@comcast.net wrote: I have a question about bad password lockout. Net pwsettings has settings for Complexity, Password history Length, Minimum password length, Minimum password age, and Maximum password age. But I can not see how to set a bad password login attempts. Samba4 does not track bad password login attempts at this time. Sorry, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Cisco Inc. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] auto mount of home share
I have searched this list and googled for examples, but have not found the answer to this question: I would have thought that all the lines in the smb.conf was setting up an auto mount of the home share, and I did not have to put it in the logon.bat script. I have: [global] domain master = yes local master = yes domain logons = yes logon path = \\%L\profiles\%U logon drive = q: logon home = \\hda\%u [homes] comment = Home Directories read only = no writeable = yes browseable = yes create mask = 0640 directory mask = 0750 I would have thought that user john would have a share of q: of \\hda\john but this is not happening. I am seeing this share if I browse the server. Or do I HAVE to have an entry in the logon.bat of: net use q: \\hda\%u /persistent:no ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Revisit - Re: Default Hidden Disk Shares
On 10/20/2010 03:37 PM, Robert Moskowitz wrote: Not to flog a dead horse I am building a replacement for my old NT server at home (been running undisturbed since '95) using the amahi.org distro, and turning on the advanced settings for PDC support. I have done a few things with the Amahi developers and have made mods to the DNS and DHCP setup script to suit my needs. Now for tackling the Samba stuff before configuring all new workstations as well (upgrading from W2K wrkstations to XP pro woo!). I am not so interested in C$ to access the whole drive, but to access all the user shares. So I was thinking about something like: [C$] comment = CC path = /home writeable = yes browseable = no valid users = admin1, admin2 write list = admin1, admin2 create mask = 0775 force create mode = 0664 directory mask = 0775 force directory mode = 0775 Well, perhaps the masks are wrong because I see all of /home, but admin1 only can access /home/admin1 All the other directories gets access denied. So what would be the proper masks? [D$] comment = DD path = /var/hda/files writeable = yes browseable = no valid users = admin1, admin2 write list = admin1, admin2 create mask = 0775 force create mode = 0664 directory mask = 0775 force directory mode = 0775 Of course, the Amahi front end won't let me name a share with a $ in it (or at least ending in one), and I am having to edit the smb.conf file to get this setup. Understanding that only Windows clients 'hide' $ shares, and given my goal of being able to view all shares from a couple shares, does this seem the way to go? On 07/05/2010 02:04 PM, Robert LeBlanc wrote: The Windows client will hide any share that ends with a '$' whether or not it is an administrator share, it's doesn't know or care. In this case there is no difference between hidden and normal because to Windows they are both hidden. Give it a try sometime. If you hit the server with a Mac client, it shows all the shares (at least it used to, I haven't tried in a long time), even the c$, d$, etc. I think the Linux SMB clients also do the same. So to rely on 'server' to 'hide' these shares, is a very false sense of security. It's the actual client that does the hiding from normal users. Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University On Mon, Jul 5, 2010 at 2:43 AM, Atkinson, Robertratkin...@tbs-ltd.co.ukwrote: Robert, the discussion was around the hidden ‘$’ shares, not normal ones. Rob. *From:* Robert LeBlanc [mailto:rob...@leblancnet.us] *Sent:* 02 July 2010 19:15 *To:* Atkinson, Robert *Cc:* Jeremy Allison; samba@lists.samba.org *Subject:* Re: [Samba] Default Hidden Disk Shares On Fri, Jul 2, 2010 at 2:05 AM, Atkinson, Robertratkin...@tbs-ltd.co.uk wrote: Interesting to see you say it's dangerous. The way the Windows version works is that you have to be part of the Administrator group to be able to see them, which I would have thought secure enough? This is not true, the share is advertised to anyone who asks. The Windows client only hides shares that end with a '$'. By default Windows gives access only to administrators (by default), but they are by no means hidden. Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University *** Any opinions expressed in email are those of the individual and not necessarily those of the company. This email and any files transmitted with it are confidential and solely for the use of the intended recipient or entity to whom they are addressed. It may contain material protected by attorney-client privilege. If you are not the intended recipient, or a person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use is strictly prohibited. Random House Group + 44 (0) 20 7840 8400 http://www.randomhouse.co.uk http://www.booksattransworld.co.uk http://www.kidsatrandomhouse.co.uk Generic email address - enquir...@randomhouse.co.uk Name Registered Office: THE RANDOM HOUSE GROUP LIMITED 20 VAUXHALL BRIDGE ROAD LONDON SW1V 2SA Random House Group Ltd is registered in the United Kingdom with company No. 00954009, VAT number 102838980 *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Revisit - Re: Default Hidden Disk Shares
On Wed, Oct 20, 2010 at 09:31:39PM -0400, Robert Moskowitz wrote: On 10/20/2010 03:37 PM, Robert Moskowitz wrote: Not to flog a dead horse I am building a replacement for my old NT server at home (been running undisturbed since '95) using the amahi.org distro, and turning on the advanced settings for PDC support. I have done a few things with the Amahi developers and have made mods to the DNS and DHCP setup script to suit my needs. Now for tackling the Samba stuff before configuring all new workstations as well (upgrading from W2K wrkstations to XP pro woo!). I am not so interested in C$ to access the whole drive, but to access all the user shares. So I was thinking about something like: [C$] comment = CC path = /home writeable = yes browseable = no valid users = admin1, admin2 write list = admin1, admin2 create mask = 0775 force create mode = 0664 directory mask = 0775 force directory mode = 0775 Well, perhaps the masks are wrong because I see all of /home, but admin1 only can access /home/admin1 All the other directories gets access denied. So what would be the proper masks? The masks aren't what is denying you access, they specify the permissions created files/directories get. Remember Samba is looking at the UNIX permissions on the disk. admin1 probably only has access to /home/admin1 and no access to any other directory under /home. That's why you see what you see. I'm not clear on what exactly you're trying to do here ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Revisit - Re: Default Hidden Disk Shares
On 10/20/2010 09:35 PM, Jeremy Allison wrote: On Wed, Oct 20, 2010 at 09:31:39PM -0400, Robert Moskowitz wrote: On 10/20/2010 03:37 PM, Robert Moskowitz wrote: Not to flog a dead horse I am building a replacement for my old NT server at home (been running undisturbed since '95) using the amahi.org distro, and turning on the advanced settings for PDC support. I have done a few things with the Amahi developers and have made mods to the DNS and DHCP setup script to suit my needs. Now for tackling the Samba stuff before configuring all new workstations as well (upgrading from W2K wrkstations to XP pro woo!). I am not so interested in C$ to access the whole drive, but to access all the user shares. So I was thinking about something like: [C$] comment = CC path = /home writeable = yes browseable = no valid users = admin1, admin2 write list = admin1, admin2 create mask = 0775 force create mode = 0664 directory mask = 0775 force directory mode = 0775 Well, perhaps the masks are wrong because I see all of /home, but admin1 only can access /home/admin1 All the other directories gets access denied. So what would be the proper masks? The masks aren't what is denying you access, they specify the permissions created files/directories get. Remember Samba is looking at the UNIX permissions on the disk. admin1 probably only has access to /home/admin1 and no access to any other directory under /home. That's why you see what you see. oh well... I'm not clear on what exactly you're trying to do here ? I want admin to be able to access other user data to clean up any messes they have. Kind of standard here at home with my kids getting into challenges and asking for help. Or they did an assignment from the wrong login, and now I have to move it around. More my wife tends to just use my login and access her files. Well I will have to skin this cat another way. Most likely set up some symlinks and ID groups. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] auto mount of home share
On Wed, Oct 20, 2010 at 9:23 PM, Robert Moskowitz r...@htt-consult.com wrote: I would have thought that all the lines in the smb.conf was setting up an auto mount of the home share, and I did not have to put it in the logon.bat script. I have: The systems have to be domain members and the users must be domain users and logging on to the domain (not the local system). You may also need the [netlogon] share (although the logon script does not need to explicilty create map the home drive). Also your logon home looks possibly suspect, I have logon home = \\%N\%U (the default) on several servers (for years now) and they all work (for hundreds of users). Where are you getting your documentation? When in doubt don't fuck with the defaults (man smb.conf) unless you know what you're doing and have a very good reason. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] auto mount of home share
On 10/20/2010 11:01 PM, Chris Smith wrote: On Wed, Oct 20, 2010 at 9:23 PM, Robert Moskowitzr...@htt-consult.com wrote: I would have thought that all the lines in the smb.conf was setting up an auto mount of the home share, and I did not have to put it in the logon.bat script. I have: The systems have to be domain members and the users must be domain users and logging on to the domain (not the local system). I added the system to the domain successfully and now I get the log onto domain option. I used a user I created on the server, is there something special to define a domain user? And yes I logged onto the domain, creating a domain user on the system (user.domain). You may also need the [netlogon] share (although the logon script does not need to explicilty create map the home drive). The logon.bat is executing. I am getting all the shares from the bat file. I see the netlogon share and can mount it and open the logon.bat file. Also your logon home looks possibly suspect, I have logon home = \\%N\%U (the default) on several servers (for years now) and they all work (for hundreds of users). Where are you getting your documentation? When in doubt don't fuck with the defaults (man smb.conf) unless you know what you're doing and have a very good reason. This is what the developers of the Amahi.org distro have set up. hda is the Netbios name of the server. Does the case (%u instead of %U) matter? There is a bit to changing this if needed; I have to edit the script that builds smb.conf. Well I just made the change and now it is working. Now to find out if it is %N (how can I find out its value?) or %U. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] auto mount of home share
On 10/20/2010 11:29 PM, Robert Moskowitz wrote: On 10/20/2010 11:01 PM, Chris Smith wrote: On Wed, Oct 20, 2010 at 9:23 PM, Robert Moskowitzr...@htt-consult.com wrote: I would have thought that all the lines in the smb.conf was setting up an auto mount of the home share, and I did not have to put it in the logon.bat script. I have: The systems have to be domain members and the users must be domain users and logging on to the domain (not the local system). I added the system to the domain successfully and now I get the log onto domain option. I used a user I created on the server, is there something special to define a domain user? And yes I logged onto the domain, creating a domain user on the system (user.domain). You may also need the [netlogon] share (although the logon script does not need to explicilty create map the home drive). The logon.bat is executing. I am getting all the shares from the bat file. I see the netlogon share and can mount it and open the logon.bat file. Also your logon home looks possibly suspect, I have logon home = \\%N\%U (the default) on several servers (for years now) and they all work (for hundreds of users). Where are you getting your documentation? When in doubt don't fuck with the defaults (man smb.conf) unless you know what you're doing and have a very good reason. This is what the developers of the Amahi.org distro have set up. hda is the Netbios name of the server. Does the case (%u instead of %U) matter? There is a bit to changing this if needed; I have to edit the script that builds smb.conf. Well I just made the change and now it is working. Now to find out if it is %N (how can I find out its value?) or %U. Testing shows it is the %u instead of %U that is the error. Seems to be case sensitive. \\hda or \\%N both work. So I will file a bug report to the Amahi developers. Thanks for pointing me in the right direction. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Revisit - Re: Default Hidden Disk Shares
On Wed, Oct 20, 2010 at 10:29:41PM -0400, Robert Moskowitz wrote: I want admin to be able to access other user data to clean up any messes they have. Kind of standard here at home with my kids getting into challenges and asking for help. Or they did an assignment from the wrong login, and now I have to move it around. More my wife tends to just use my login and access her files. Well I will have to skin this cat another way. Most likely set up some symlinks and ID groups. Look into the admin user parameter. Anyone coming in as that user is mapped to root, with full priviliges. Just create an admin user, set admin user = admin in the [global] section and don't tell anyone else the password :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Wed Oct 20 06:00:03 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-10-19 00:00:03.0 -0600 +++ /home/build/master/cache/broken_results.txt 2010-10-20 00:00:45.0 -0600 @@ -1,4 +1,4 @@ -Build status as of Tue Oct 19 06:00:01 2010 +Build status as of Wed Oct 20 06:00:03 2010 Build counts: Tree Total Broken Panic @@ -15,8 +15,8 @@ samba-web0 0 0 samba_3_current 32 32 5 samba_3_master 32 24 0 -samba_3_next 32 29 0 -samba_4_0_test 36 33 1 +samba_3_next 32 31 0 +samba_4_0_test 36 30 0 talloc 32 8 0 tdb 30 11 0
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 6bc5373 web: removed broken link to israeli site from c1a4109 Fix German umlauts. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 6bc5373e3e6a8e2389445f7ba3d45e1b703b1c1c Author: Andrew Tridgell tri...@samba.org Date: Wed Oct 20 19:54:07 2010 +1100 web: removed broken link to israeli site it is not a samba site. It has a link to samba.org, but that link is broken. Looks like a standard Linux site, nothing to do with Samba. --- Summary of changes: index.html |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/index.html b/index.html index a741ebf..4c9eccb 100644 --- a/index.html +++ b/index.html @@ -82,7 +82,6 @@ p span class=labelDeutsch:/spana href=http://samba.sernet.de/; target=_blanksamba.sernet.de/a - span class=labelHebrew:/spana href=http://linux.israel.net/; target=_blanklinux.israel.net/a /p /div div class=specialBoxBottom/div -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via efb22bf s3: Add some DEBUG via da00021 s3: Cope with EINTR in smbd_[un]lock_socket from 4a8c17a libcli/ldap Don't try and encode a control with a NULL OID http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit efb22bf782fe49ca60650c87a0ead8ae93c06eca Author: Volker Lendecke v...@samba.org Date: Tue Oct 19 08:59:14 2010 +0200 s3: Add some DEBUG Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Wed Oct 20 11:58:20 UTC 2010 on sn-devel-104 commit da00021a7c236f9ac87442b96881bf0b2701ad0b Author: Volker Lendecke v...@samba.org Date: Tue Oct 19 08:53:21 2010 +0200 s3: Cope with EINTR in smbd_[un]lock_socket --- Summary of changes: source3/smbd/process.c | 14 -- 1 files changed, 12 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/process.c b/source3/smbd/process.c index f2aa23e..a1aed80 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -48,9 +48,14 @@ static bool smbd_lock_socket_internal(struct smbd_server_connection *sconn) DEBUG(10,(pid[%d] wait for socket lock\n, (int)sys_getpid())); - ok = fcntl_lock(sconn-smb1.echo_handler.socket_lock_fd, + do { + ok = fcntl_lock( + sconn-smb1.echo_handler.socket_lock_fd, SMB_F_SETLKW, 0, 0, F_WRLCK); + } while (!ok (errno == EINTR)); + if (!ok) { + DEBUG(1, (fcntl_lock failed: %s\n, strerror(errno))); return false; } @@ -80,9 +85,14 @@ static bool smbd_unlock_socket_internal(struct smbd_server_connection *sconn) return true; } - ok = fcntl_lock(sconn-smb1.echo_handler.socket_lock_fd, + do { + ok = fcntl_lock( + sconn-smb1.echo_handler.socket_lock_fd, SMB_F_SETLKW, 0, 0, F_UNLCK); + } while (!ok (errno == EINTR)); + if (!ok) { + DEBUG(1, (fcntl_lock failed: %s\n, strerror(errno))); return false; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0941099 ldb:ldb_index.c - fix some memory leaks via 3bf8ca6 ldb:ldb_index.c - let ldb_module_oom generate the return code via ec43a4d ldb:ldb_cache.c - fix memory contexts and memory leaks via 06053a0 ldb:ldb_tdb submodule - use ldb_msg_new where appropriate via 1427895 ldb:ldb_pack.c - remove superflous message-elements = NULL via caf6b36 libcli/security/access_check.c - fix a memory leak from efb22bf s3: Add some DEBUG http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0941099a2839812b18c2d3db86b18e92b152f1c8 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed Oct 20 14:27:04 2010 +0200 ldb:ldb_index.c - fix some memory leaks Autobuild-User: Matthias Dieter Wallnöfer m...@samba.org Autobuild-Date: Wed Oct 20 13:11:49 UTC 2010 on sn-devel-104 commit 3bf8ca67900a10e608808535358a148455827a2e Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed Oct 20 14:26:37 2010 +0200 ldb:ldb_index.c - let ldb_module_oom generate the return code commit ec43a4d29e3bb395e7a8d7edafb6dedfeb9baec2 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed Oct 20 14:08:53 2010 +0200 ldb:ldb_cache.c - fix memory contexts and memory leaks commit 06053a09cbf42cde12d69d0a296fb25f425aae67 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed Oct 20 13:53:14 2010 +0200 ldb:ldb_tdb submodule - use ldb_msg_new where appropriate It is saver than a manual talloc. commit 1427895531c259f4bb6c561972b79051807c2a4d Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed Oct 20 13:47:48 2010 +0200 ldb:ldb_pack.c - remove superflous message-elements = NULL It's already marked at this at the beginning of the call. commit caf6b3686fb7f18b17e0b89f519f216ac98df3be Author: Matthias Dieter Wallnöfer m...@samba.org Date: Wed Oct 20 13:40:19 2010 +0200 libcli/security/access_check.c - fix a memory leak --- Summary of changes: libcli/security/access_check.c | 19 --- source4/lib/ldb/ldb_tdb/ldb_cache.c | 23 --- source4/lib/ldb/ldb_tdb/ldb_index.c | 30 ++ source4/lib/ldb/ldb_tdb/ldb_pack.c |1 - source4/lib/ldb/ldb_tdb/ldb_tdb.c |8 5 files changed, 42 insertions(+), 39 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c index 35ee057..a00e42b 100644 --- a/libcli/security/access_check.c +++ b/libcli/security/access_check.c @@ -287,7 +287,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, uint32_t bits_remaining; struct object_tree *node; const struct GUID *type; - struct dom_sid *ps_sid = dom_sid_parse_talloc(NULL, SID_NT_SELF); +struct dom_sid *ps_sid = dom_sid_parse_talloc(sd, SID_NT_SELF); *access_granted = access_desired; bits_remaining = access_desired; @@ -304,13 +304,15 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, if (security_token_has_privilege(token, SEC_PRIV_SECURITY)) { bits_remaining = ~SEC_FLAG_SYSTEM_SECURITY; } else { +talloc_free(ps_sid); return NT_STATUS_PRIVILEGE_NOT_HELD; } } /* a NULL dacl allows access */ if ((sd-type SEC_DESC_DACL_PRESENT) sd-dacl == NULL) { - *access_granted = access_desired; +*access_granted = access_desired; +talloc_free(ps_sid); return NT_STATUS_OK; } @@ -356,6 +358,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, break; case SEC_ACE_TYPE_ACCESS_DENIED: if (bits_remaining ace-access_mask) { +talloc_free(ps_sid); return NT_STATUS_ACCESS_DENIED; } break; @@ -377,12 +380,13 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, if (ace-type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) { object_tree_modify_access(node, ace-access_mask); - if (node-remaining_access == 0) { - return NT_STATUS_OK; - } -} -else { +if (node-remaining_access == 0) { +talloc_free(ps_sid); +return NT_STATUS_OK; +} +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 71ac92b s4-schema_init: Print more info about syntax we fail to recognize via 099b005 asn1_tests.c: Make test data static const via d057ca3 lib/util/asn1.c: comment spelling from 0941099 ldb:ldb_index.c - fix some memory leaks http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 71ac92b67391d826b015fc4cffb104918d14594b Author: Kamen Mazdrashki kame...@samba.org Date: Wed Oct 20 13:43:00 2010 +0300 s4-schema_init: Print more info about syntax we fail to recognize Autobuild-User: Kamen Mazdrashki kame...@samba.org Autobuild-Date: Wed Oct 20 13:54:01 UTC 2010 on sn-devel-104 commit 099b0057bed73c3c7a2cf7d0123c8a1daaf53ed0 Author: Kamen Mazdrashki kame...@samba.org Date: Mon Oct 18 03:50:20 2010 +0300 asn1_tests.c: Make test data static const commit d057ca3e3fba8190030929cbd41ef9a61440a78c Author: Kamen Mazdrashki kame...@samba.org Date: Mon Oct 18 03:49:21 2010 +0300 lib/util/asn1.c: comment spelling --- Summary of changes: lib/util/asn1.c |2 +- lib/util/tests/asn1_tests.c | 12 ++-- source4/dsdb/schema/schema_init.c |6 -- 3 files changed, 11 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/asn1.c b/lib/util/asn1.c index 7635ce2..2a71f2f 100644 --- a/lib/util/asn1.c +++ b/lib/util/asn1.c @@ -282,7 +282,7 @@ bool ber_write_partial_OID_String(TALLOC_CTX *mem_ctx, DATA_BLOB *blob, const ch return false; } - /* Add partially endcoded subidentifier */ + /* Add partially encoded sub-identifier */ if (p) { DATA_BLOB tmp_blob = strhex_to_data_blob(tmp_ctx, p); data_blob_append(mem_ctx, blob, tmp_blob.data, tmp_blob.length); diff --git a/lib/util/tests/asn1_tests.c b/lib/util/tests/asn1_tests.c index 25c8222..b11e9d5 100644 --- a/lib/util/tests/asn1_tests.c +++ b/lib/util/tests/asn1_tests.c @@ -29,7 +29,7 @@ struct oid_data { }; /* Data for successful OIDs conversions */ -struct oid_data oid_data_ok[] = { +static const struct oid_data oid_data_ok[] = { { .oid = 2.5.4.0, .bin_oid = 550400 @@ -65,7 +65,7 @@ struct oid_data oid_data_ok[] = { }; /* Data for successful Partial OIDs conversions */ -struct oid_data partial_oid_data_ok[] = { +static const struct oid_data partial_oid_data_ok[] = { { .oid = 2.5.4.130:0x81, .bin_oid = 5504810281 @@ -100,7 +100,7 @@ static bool test_ber_write_OID_String(struct torture_context *tctx) char *hex_str; DATA_BLOB blob; TALLOC_CTX *mem_ctx; - struct oid_data *data = oid_data_ok; + const struct oid_data *data = oid_data_ok; mem_ctx = talloc_new(tctx); @@ -129,7 +129,7 @@ static bool test_ber_read_OID_String(struct torture_context *tctx) const char *oid; DATA_BLOB oid_blob; TALLOC_CTX *mem_ctx; - struct oid_data *data = oid_data_ok; + const struct oid_data *data = oid_data_ok; mem_ctx = talloc_new(tctx); @@ -157,7 +157,7 @@ static bool test_ber_write_partial_OID_String(struct torture_context *tctx) char *hex_str; DATA_BLOB blob; TALLOC_CTX *mem_ctx; - struct oid_data *data = oid_data_ok; + const struct oid_data *data = oid_data_ok; mem_ctx = talloc_new(tctx); @@ -202,7 +202,7 @@ static bool test_ber_read_partial_OID_String(struct torture_context *tctx) const char *oid; DATA_BLOB oid_blob; TALLOC_CTX *mem_ctx; - struct oid_data *data = oid_data_ok; + const struct oid_data *data = oid_data_ok; mem_ctx = talloc_new(tctx); diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 6dbf9ba..d80f209 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -631,8 +631,10 @@ WERROR dsdb_attribute_from_ldb(struct ldb_context *ldb, } if (dsdb_schema_setup_ldb_schema_attribute(ldb, attr) != LDB_SUCCESS) { - DEBUG(0,(__location__ : Unknown schema syntax for %s\n, -attr-lDAPDisplayName)); + DEBUG(0,(__location__ : Unknown schema syntax for %s - ldb_syntax: %s, ldap_oid: %s\n, +attr-lDAPDisplayName, +attr-syntax-ldb_syntax, +attr-syntax-ldap_oid)); return WERR_DS_ATT_SCHEMA_REQ_SYNTAX; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ab01d61 nsstest: no need for two copies of the same tool. via abb07fa s3-waf: more registry cleanup. via d05157a s3-waf: convert LIBSMBCONF into a subsystem. via 4a2e47b s3-waf: move RPC_CLIENT_SCHANNEL into a subsystem. from 71ac92b s4-schema_init: Print more info about syntax we fail to recognize http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ab01d6139fc7b2c4b651a0959a5816352d6bb49b Author: Günther Deschner g...@samba.org Date: Wed Oct 20 14:52:30 2010 +0200 nsstest: no need for two copies of the same tool. Guenther Autobuild-User: Günther Deschner g...@samba.org Autobuild-Date: Wed Oct 20 15:05:34 UTC 2010 on sn-devel-104 commit abb07fad043b141c3a3128c04f1e5a8d1c1507e8 Author: Günther Deschner g...@samba.org Date: Wed Oct 20 02:17:41 2010 +0200 s3-waf: more registry cleanup. Guenher commit d05157a47026632b1c231defeefa553811aef163 Author: Günther Deschner g...@samba.org Date: Wed Oct 20 01:54:12 2010 +0200 s3-waf: convert LIBSMBCONF into a subsystem. Guenther commit 4a2e47b74a7dbf8604d6a3eff6235819d13fd83f Author: Günther Deschner g...@samba.org Date: Fri Oct 8 13:17:21 2010 +0200 s3-waf: move RPC_CLIENT_SCHANNEL into a subsystem. Guenther --- Summary of changes: nsswitch/nsstest.c | 144 ++--- source3/Makefile.in|2 +- source3/auth/wscript_build |1 + source3/torture/nsstest.c | 495 source3/wscript_build | 54 -- 5 files changed, 152 insertions(+), 544 deletions(-) delete mode 100644 source3/torture/nsstest.c Changeset truncated at 500 lines: diff --git a/nsswitch/nsstest.c b/nsswitch/nsstest.c index 26f816f..8742b32 100644 --- a/nsswitch/nsstest.c +++ b/nsswitch/nsstest.c @@ -2,6 +2,7 @@ Unix SMB/CIFS implementation. nss tester for winbindd Copyright (C) Andrew Tridgell 2001 + Copyright (C) Tim Potter 2003 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -18,9 +19,15 @@ */ #include includes.h - #include nsswitch/nsstest.h +#ifdef malloc +#undef malloc +#endif +#ifdef realloc +#undef realloc +#endif + static const char *so_path = /lib/libnss_winbind.so; static const char *nss_name = winbind; static int nss_errno; @@ -29,11 +36,13 @@ static int total_errors; static void *find_fn(const char *name) { - char s[1024]; + char *s; static void *h; void *res; - snprintf(s,sizeof(s), _nss_%s_%s, nss_name, name); + if (asprintf(s, _nss_%s_%s, nss_name, name) 0) { + exit(1); + } if (!h) { h = dlopen(so_path, RTLD_LAZY); @@ -45,8 +54,11 @@ static void *find_fn(const char *name) res = dlsym(h, s); if (!res) { printf(Can't find function %s\n, s); + total_errors++; + SAFE_FREE(s); return NULL; } + SAFE_FREE(s); return res; } @@ -61,11 +73,16 @@ static void report_nss_error(const char *who, NSS_STATUS status) static struct passwd *nss_getpwent(void) { NSS_STATUS (*_nss_getpwent_r)(struct passwd *, char *, - size_t , int *) = find_fn(getpwent_r); + size_t , int *) = + (NSS_STATUS (*)(struct passwd *, char *, + size_t, int *))find_fn(getpwent_r); static struct passwd pwd; static char buf[1000]; NSS_STATUS status; + if (!_nss_getpwent_r) + return NULL; + status = _nss_getpwent_r(pwd, buf, sizeof(buf), nss_errno); if (status == NSS_STATUS_NOTFOUND) { return NULL; @@ -80,11 +97,16 @@ static struct passwd *nss_getpwent(void) static struct passwd *nss_getpwnam(const char *name) { NSS_STATUS (*_nss_getpwnam_r)(const char *, struct passwd *, char *, - size_t , int *) = find_fn(getpwnam_r); + size_t , int *) = + (NSS_STATUS (*)(const char *, struct passwd *, char *, + size_t, int *))find_fn(getpwnam_r); static struct passwd pwd; static char buf[1000]; NSS_STATUS status; + if (!_nss_getpwnam_r) + return NULL; + status = _nss_getpwnam_r(name, pwd, buf, sizeof(buf), nss_errno); if (status == NSS_STATUS_NOTFOUND) { return NULL; @@ -99,11 +121,16 @@ static struct passwd *nss_getpwnam(const char *name) static struct passwd *nss_getpwuid(uid_t uid) { NSS_STATUS (*_nss_getpwuid_r)(uid_t , struct
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via f74e696 s3: Cope with EINTR in smbd_[un]lock_socket (cherry picked from commit da00021a7c236f9ac87442b96881bf0b2701ad0b) via e245b70 s3: Add some DEBUG from f91c4b0 Add deadtime detection for SMB2. Correctly update lastused timestamp across all active tcons. Should fix dfree cache not updating bug. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit f74e6964db8748015ec1084441e66fc688e11c0b Author: Volker Lendecke v...@samba.org Date: Tue Oct 19 08:53:21 2010 +0200 s3: Cope with EINTR in smbd_[un]lock_socket (cherry picked from commit da00021a7c236f9ac87442b96881bf0b2701ad0b) commit e245b701ec6af2398dc920d1adcefa8bc6079240 Author: Volker Lendecke v...@samba.org Date: Tue Oct 19 08:59:14 2010 +0200 s3: Add some DEBUG Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Wed Oct 20 11:58:20 UTC 2010 on sn-devel-104 (cherry picked from commit efb22bf782fe49ca60650c87a0ead8ae93c06eca) --- Summary of changes: source3/smbd/process.c | 14 -- 1 files changed, 12 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 780b97d..0416a8b 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -59,9 +59,14 @@ static bool smbd_lock_socket_internal(struct smbd_server_connection *sconn) DEBUG(10,(pid[%d] wait for socket lock\n, (int)sys_getpid())); - ok = fcntl_lock(sconn-smb1.echo_handler.socket_lock_fd, + do { + ok = fcntl_lock( + sconn-smb1.echo_handler.socket_lock_fd, SMB_F_SETLKW, 0, 0, F_WRLCK); + } while (!ok (errno == EINTR)); + if (!ok) { + DEBUG(1, (fcntl_lock failed: %s\n, strerror(errno))); return false; } @@ -91,9 +96,14 @@ static bool smbd_unlock_socket_internal(struct smbd_server_connection *sconn) return true; } - ok = fcntl_lock(sconn-smb1.echo_handler.socket_lock_fd, + do { + ok = fcntl_lock( + sconn-smb1.echo_handler.socket_lock_fd, SMB_F_SETLKW, 0, 0, F_UNLCK); + } while (!ok (errno == EINTR)); + if (!ok) { + DEBUG(1, (fcntl_lock failed: %s\n, strerror(errno))); return false; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e1cfca1 Make getpwnam_alloc() static to lib/username.c, and ensure all username lookups go through Get_Pwnam_alloc(), which is the correct wrapper function. We were using it *some* of the time anyway, so this just makes us properly consistent. from ab01d61 nsstest: no need for two copies of the same tool. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e1cfca1e2e0f005ac9d73c6b0eb64bc99413aec6 Author: Jeremy Allison j...@samba.org Date: Wed Oct 20 08:16:23 2010 -0700 Make getpwnam_alloc() static to lib/username.c, and ensure all username lookups go through Get_Pwnam_alloc(), which is the correct wrapper function. We were using it *some* of the time anyway, so this just makes us properly consistent. Jeremy. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Wed Oct 20 16:02:12 UTC 2010 on sn-devel-104 --- Summary of changes: source3/Makefile.in|2 +- source3/auth/auth_util.c |4 +- source3/auth/server_info_sam.c |2 +- source3/auth/token_util.c |6 +- source3/include/proto.h| 10 +--- source3/lib/username.c | 74 +- source3/lib/util.c |2 +- source3/lib/util_pw.c | 88 source3/passdb/pdb_interface.c |4 +- source3/passdb/pdb_smbpasswd.c |4 +- source3/passdb/util_unixsids.c |2 +- source3/smbd/password.c|2 +- source3/smbd/uid.c |2 +- source3/torture/pdbtest.c |2 +- source3/utils/net_sam.c|4 +- source3/web/cgi.c |4 +- source3/wscript_build |2 +- 17 files changed, 97 insertions(+), 117 deletions(-) delete mode 100644 source3/lib/util_pw.c Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index 86cd88a..5d390de 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -453,7 +453,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \ lib/system.o lib/sendfile.o lib/recvfile.o lib/time.o \ lib/username.o \ ../libds/common/flag_mapping.o \ - lib/util_pw.o lib/access.o lib/smbrun.o \ + lib/access.o lib/smbrun.o \ lib/bitmap.o lib/dprintf.o $(UTIL_REG_OBJ) \ lib/wins_srv.o \ lib/util_str.o lib/clobber.o lib/util_sid.o \ diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 7371309..2fcee89 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -641,7 +641,7 @@ static NTSTATUS get_guest_info3(TALLOC_CTX *mem_ctx, struct passwd *pwd; const char *tmp; - pwd = getpwnam_alloc(mem_ctx, guest_account); + pwd = Get_Pwnam_alloc(mem_ctx, guest_account); if (pwd == NULL) { DEBUG(0,(SamInfo3_for_guest: Unable to locate guest account [%s]!\n, guest_account)); @@ -793,7 +793,7 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx, struct passwd *pwd; NTSTATUS status; - pwd = getpwnam_alloc(talloc_tos(), username); + pwd = Get_Pwnam_alloc(talloc_tos(), username); if (pwd == NULL) { return NT_STATUS_NO_SUCH_USER; } diff --git a/source3/auth/server_info_sam.c b/source3/auth/server_info_sam.c index 4731ad4..c09ae76 100644 --- a/source3/auth/server_info_sam.c +++ b/source3/auth/server_info_sam.c @@ -70,7 +70,7 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info, return NT_STATUS_NO_MEMORY; } - if ( !(pwd = getpwnam_alloc(result, username)) ) { + if ( !(pwd = Get_Pwnam_alloc(result, username)) ) { DEBUG(1, (User %s in passdb, but getpwnam() fails!\n, pdb_get_username(sampass))); TALLOC_FREE(result); diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index 1a7c481..4a702ef 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -757,14 +757,14 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, * about the mapping of guest sid to lp_guestaccount() * username and will return the unix_pw info for a guest * user. Use it if it's there, else lookup the *uid details -* using getpwnam_alloc(). See bug #6291 for details. JRA. +* using Get_Pwnam_alloc(). See bug #6291 for details. JRA. */ /* We must always assign the *uid. */ if (sam_acct-unix_pw == NULL) { - struct passwd *pwd = getpwnam_alloc(sam_acct, *found_username ); + struct passwd *pwd =
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7a194c6 s3: Make unpack_pjob static via 1d5cb51 s3: Use any_nt_status_not_ok in winbind via 347ca8f s3: Add any_nt_status_not_ok via 62bea12 s3: Don't use talloc_autofree_context in map_file via 97a7aec uid_wrapper: The gid wrapper does not require a destructor from e1cfca1 Make getpwnam_alloc() static to lib/username.c, and ensure all username lookups go through Get_Pwnam_alloc(), which is the correct wrapper function. We were using it *some* of the time anyway, so this just makes us properly consistent. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7a194c6e5ea75db67502005e5d40d1ddf3708895 Author: Volker Lendecke v...@samba.org Date: Mon Oct 18 09:48:30 2010 +0200 s3: Make unpack_pjob static Autobuild-User: Volker Lendecke vlen...@samba.org Autobuild-Date: Wed Oct 20 16:51:04 UTC 2010 on sn-devel-104 commit 1d5cb5125c9ed911e9560a3cd99bc428306539c5 Author: Volker Lendecke v...@samba.org Date: Mon Oct 18 10:10:43 2010 +0200 s3: Use any_nt_status_not_ok in winbind commit 347ca8f757d6a0b61bb22be21ec95986ad94 Author: Volker Lendecke v...@samba.org Date: Mon Oct 18 10:09:57 2010 +0200 s3: Add any_nt_status_not_ok This helps avoid quite a bit of repetitive code when looking at dcerpc_xx_recv results. commit 62bea12c5dbb0e6ec6d74a3d2f8988f183572782 Author: Volker Lendecke v...@samba.org Date: Sat Oct 9 10:12:06 2010 +0200 s3: Don't use talloc_autofree_context in map_file commit 97a7aec44aafde75208aaad24b42de1c93cdb97b Author: Volker Lendecke v...@samba.org Date: Sat Oct 9 09:44:43 2010 +0200 uid_wrapper: The gid wrapper does not require a destructor Don't use talloc_autofree_context --- Summary of changes: lib/uid_wrapper/uid_wrapper.c |4 ++-- lib/util/util_file.c|2 +- source3/include/printing.h |1 - source3/include/proto.h |1 + source3/lib/util.c | 13 + source3/printing/printing.c |2 +- source3/winbindd/wb_dsgetdcname.c |6 +- source3/winbindd/wb_gid2sid.c |6 +- source3/winbindd/wb_group_members.c |6 +- source3/winbindd/wb_lookupname.c|6 +- source3/winbindd/wb_lookupuseraliases.c |6 +- source3/winbindd/wb_lookupusergroups.c |6 +- source3/winbindd/wb_query_user_list.c |6 +- source3/winbindd/wb_queryuser.c |6 +- source3/winbindd/wb_seqnum.c|6 +- source3/winbindd/wb_sid2gid.c |6 +- source3/winbindd/wb_sid2uid.c |6 +- source3/winbindd/wb_uid2sid.c |6 +- source3/winbindd/winbindd_allocate_gid.c|6 +- source3/winbindd/winbindd_allocate_uid.c|6 +- source3/winbindd/winbindd_change_machine_acct.c |6 +- source3/winbindd/winbindd_check_machine_acct.c |6 +- source3/winbindd/winbindd_dsgetdcname.c |6 +- source3/winbindd/winbindd_lookuprids.c |6 +- source3/winbindd/winbindd_ping_dc.c |6 +- 25 files changed, 37 insertions(+), 100 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/uid_wrapper/uid_wrapper.c b/lib/uid_wrapper/uid_wrapper.c index 93ebb7c..c676797 100644 --- a/lib/uid_wrapper/uid_wrapper.c +++ b/lib/uid_wrapper/uid_wrapper.c @@ -52,7 +52,7 @@ static void uwrap_init(void) uwrap.enabled = true; /* put us in one group */ uwrap.ngroups = 1; - uwrap.groups = talloc_array(talloc_autofree_context(), gid_t, 1); + uwrap.groups = talloc_array(NULL, gid_t, 1); uwrap.groups[0] = 0; } } @@ -116,7 +116,7 @@ _PUBLIC_ int uwrap_setgroups(size_t size, const gid_t *list) uwrap.groups = NULL; if (size != 0) { - uwrap.groups = talloc_array(talloc_autofree_context(), gid_t, size); + uwrap.groups = talloc_array(NULL, gid_t, size); if (uwrap.groups == NULL) { errno = ENOMEM; return -1; diff --git a/lib/util/util_file.c b/lib/util/util_file.c index aa0b2d5..7c00dd8 100644 --- a/lib/util/util_file.c +++ b/lib/util/util_file.c @@ -235,7 +235,7 @@ _PUBLIC_ void *map_file(const char *fname, size_t size) } #endif if (!p) { - p = file_load(fname, s2, 0, talloc_autofree_context()); + p = file_load(fname, s2, 0, NULL); if (!p) return NULL; if (s2 != size) {
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c8000c9 smbtorture: Fix typo in status message. from 7a194c6 s3: Make unpack_pjob static http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c8000c94a59267326b13df3c631b9ac2921d0615 Author: James Peach jpe...@samba.org Date: Wed Oct 20 10:07:33 2010 -0700 smbtorture: Fix typo in status message. --- Summary of changes: source4/torture/raw/notify.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/raw/notify.c b/source4/torture/raw/notify.c index 7ccdbd7..d96ec93 100644 --- a/source4/torture/raw/notify.c +++ b/source4/torture/raw/notify.c @@ -74,7 +74,7 @@ static bool test_notify_dir(struct smbcli_state *cli, struct smbcli_state *cli2, struct smbcli_request *req, *req2; extern int torture_numops; - printf(TESTING CHANGE NOTIFY ON DIRECTRIES\n); + printf(TESTING CHANGE NOTIFY ON DIRECTORIES\n); /* get a handle on the directory -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via dde9059 Make getpwnam_alloc() static to lib/username.c, and ensure all username lookups go through Get_Pwnam_alloc(), which is the correct wrapper function. We were using it *some* of the time anyway, so this just makes us properly consistent. from f74e696 s3: Cope with EINTR in smbd_[un]lock_socket (cherry picked from commit da00021a7c236f9ac87442b96881bf0b2701ad0b) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit dde9059287f24e920d5100933dbff1f03c09f326 Author: Jeremy Allison j...@samba.org Date: Wed Oct 20 11:06:06 2010 -0700 Make getpwnam_alloc() static to lib/username.c, and ensure all username lookups go through Get_Pwnam_alloc(), which is the correct wrapper function. We were using it *some* of the time anyway, so this just makes us properly consistent. Jeremy. --- Summary of changes: source3/Makefile.in|2 +- source3/auth/auth_util.c |2 +- source3/auth/server_info_sam.c |2 +- source3/auth/token_util.c |6 +- source3/include/proto.h| 10 +--- source3/lib/username.c | 62 source3/lib/util.c |2 +- source3/lib/util_pw.c | 88 source3/passdb/pdb_interface.c |4 +- source3/passdb/pdb_smbpasswd.c |2 +- source3/passdb/util_unixsids.c |2 +- source3/smbd/password.c|2 +- source3/smbd/uid.c |2 +- source3/torture/pdbtest.c |2 +- source3/utils/net_sam.c|4 +- source3/web/cgi.c |4 +- 16 files changed, 83 insertions(+), 113 deletions(-) delete mode 100644 source3/lib/util_pw.c Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index ba75c9e..45dd891 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -451,7 +451,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \ lib/system.o lib/sendfile.o lib/recvfile.o lib/time.o \ lib/username.o \ ../libds/common/flag_mapping.o \ - lib/util_pw.o lib/access.o lib/smbrun.o \ + lib/access.o lib/smbrun.o \ lib/bitmap.o lib/dprintf.o $(UTIL_REG_OBJ) \ lib/wins_srv.o \ lib/util_str.o lib/clobber.o lib/util_sid.o lib/util_uuid.o \ diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index 16fa421..2fb488d 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -729,7 +729,7 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx, struct passwd *pwd; NTSTATUS status; - pwd = getpwnam_alloc(talloc_tos(), username); + pwd = Get_Pwnam_alloc(talloc_tos(), username); if (pwd == NULL) { return NT_STATUS_NO_SUCH_USER; } diff --git a/source3/auth/server_info_sam.c b/source3/auth/server_info_sam.c index 4731ad4..c09ae76 100644 --- a/source3/auth/server_info_sam.c +++ b/source3/auth/server_info_sam.c @@ -70,7 +70,7 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info, return NT_STATUS_NO_MEMORY; } - if ( !(pwd = getpwnam_alloc(result, username)) ) { + if ( !(pwd = Get_Pwnam_alloc(result, username)) ) { DEBUG(1, (User %s in passdb, but getpwnam() fails!\n, pdb_get_username(sampass))); TALLOC_FREE(result); diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index 8f66171..5c93839 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -789,14 +789,14 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username, * about the mapping of guest sid to lp_guestaccount() * username and will return the unix_pw info for a guest * user. Use it if it's there, else lookup the *uid details -* using getpwnam_alloc(). See bug #6291 for details. JRA. +* using Get_Pwnam_alloc(). See bug #6291 for details. JRA. */ /* We must always assign the *uid. */ if (sam_acct-unix_pw == NULL) { - struct passwd *pwd = getpwnam_alloc(sam_acct, *found_username ); + struct passwd *pwd = Get_Pwnam_alloc(sam_acct, *found_username ); if (!pwd) { - DEBUG(10, (getpwnam_alloc failed for %s\n, + DEBUG(10, (Get_Pwnam_alloc failed for %s\n, *found_username)); result = NT_STATUS_NO_SUCH_USER; goto done; diff --git a/source3/include/proto.h b/source3/include/proto.h index 4535560..f7f751c
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via feb6034 talloc: make header C++ safe from c8000c9 smbtorture: Fix typo in status message. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit feb60345816f0fd45ea9b381fbd374b21542f518 Author: Simo Sorce i...@samba.org Date: Wed Oct 20 13:09:57 2010 -0400 talloc: make header C++ safe Autobuild-User: Simo Sorce i...@samba.org Autobuild-Date: Wed Oct 20 18:15:09 UTC 2010 on sn-devel-104 --- Summary of changes: lib/talloc/talloc.h |8 1 files changed, 8 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/talloc/talloc.h b/lib/talloc/talloc.h index 8b9ade2..bc5b0fa 100644 --- a/lib/talloc/talloc.h +++ b/lib/talloc/talloc.h @@ -29,6 +29,10 @@ #include stdio.h #include stdarg.h +#ifdef __cplusplus +extern C { +#endif + /** * @defgroup talloc The talloc API * @@ -1701,4 +1705,8 @@ void talloc_set_log_stderr(void); #define TALLOC_MAX_DEPTH 1 #endif +#ifdef __cplusplus +} /* end of extern C */ +#endif + #endif -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 31c74ba talloc: make header C++ safe from dde9059 Make getpwnam_alloc() static to lib/username.c, and ensure all username lookups go through Get_Pwnam_alloc(), which is the correct wrapper function. We were using it *some* of the time anyway, so this just makes us properly consistent. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 31c74ba8c60d2c36f675a40732de57ea3d1d1903 Author: Simo Sorce i...@samba.org Date: Wed Oct 20 13:09:57 2010 -0400 talloc: make header C++ safe Autobuild-User: Simo Sorce i...@samba.org Autobuild-Date: Wed Oct 20 18:15:09 UTC 2010 on sn-devel-104 (cherry picked from commit feb60345816f0fd45ea9b381fbd374b21542f518) --- Summary of changes: lib/talloc/talloc.h |8 1 files changed, 8 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/talloc/talloc.h b/lib/talloc/talloc.h index 0c281cc..189598d 100644 --- a/lib/talloc/talloc.h +++ b/lib/talloc/talloc.h @@ -29,6 +29,10 @@ #include stdio.h #include stdarg.h +#ifdef __cplusplus +extern C { +#endif + /** * @defgroup talloc The talloc API * @@ -1690,4 +1694,8 @@ void talloc_set_log_stderr(void); #define TALLOC_MAX_DEPTH 1 #endif +#ifdef __cplusplus +} /* end of extern C */ +#endif + #endif -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c0b9526 pytalloc: use talloc_unlink() to free py_talloc objects from feb6034 talloc: make header C++ safe http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c0b9526aaf29442f85f62232e22aecfb484b1576 Author: Kamen Mazdrashki kame...@samba.org Date: Fri Oct 8 04:21:07 2010 +0300 pytalloc: use talloc_unlink() to free py_talloc objects Those type of objects are referenced every time we assign them to other py_talloc objects, which leads to runtime warnings that we are trying to free an object with references Wrap talloc_unlink() in SMB_ASSERT() to ensure we catch possible failure Autobuild-User: Kamen Mazdrashki kame...@samba.org Autobuild-Date: Wed Oct 20 21:37:06 UTC 2010 on sn-devel-104 --- Summary of changes: lib/talloc/pytalloc.c |4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/talloc/pytalloc.c b/lib/talloc/pytalloc.c index b0b7394..ae59b69 100644 --- a/lib/talloc/pytalloc.c +++ b/lib/talloc/pytalloc.c @@ -21,6 +21,8 @@ #include replace.h #include talloc.h #include pytalloc.h +#include lib/util/debug.h +#include lib/util/util.h /** * Simple dealloc for talloc-wrapping PyObjects @@ -28,7 +30,7 @@ void py_talloc_dealloc(PyObject* self) { py_talloc_Object *obj = (py_talloc_Object *)self; - talloc_free(obj-talloc_ctx); + SMB_ASSERT(talloc_unlink(NULL, obj-talloc_ctx) != -1); obj-talloc_ctx = NULL; self-ob_type-tp_free(self); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e00c2b3 Add code to implement SeSecurityPrivilege in net rpc rights, and in the open and get/set NT security descriptor code. from c0b9526 pytalloc: use talloc_unlink() to free py_talloc objects http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e00c2b3cdf6faa03b6ffcf87dc677fdbdd381fe3 Author: Jeremy Allison j...@samba.org Date: Wed Oct 20 16:31:18 2010 -0700 Add code to implement SeSecurityPrivilege in net rpc rights, and in the open and get/set NT security descriptor code. Jeremy. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Thu Oct 21 00:15:57 UTC 2010 on sn-devel-104 --- Summary of changes: libcli/security/privileges.c |9 +++-- source3/smbd/nttrans.c | 10 ++ source3/smbd/open.c | 29 - 3 files changed, 21 insertions(+), 27 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/security/privileges.c b/libcli/security/privileges.c index 5d4cf77..57c485d 100644 --- a/libcli/security/privileges.c +++ b/libcli/security/privileges.c @@ -40,7 +40,7 @@ /* The use of strcasecmp here is safe, all the comparison strings are ASCII */ #undef strcasecmp -#define NUM_SHORT_LIST_PRIVS 8 +#define NUM_SHORT_LIST_PRIVS 9 static const struct { enum sec_privilege luid; @@ -58,16 +58,13 @@ static const struct { {SEC_PRIV_PRINT_OPERATOR, SEC_PRIV_PRINT_OPERATOR_BIT, SePrintOperatorPrivilege,Manage printers}, {SEC_PRIV_ADD_USERS, SEC_PRIV_ADD_USERS_BIT, SeAddUsersPrivilege, Add users and groups to the domain}, {SEC_PRIV_DISK_OPERATOR, SEC_PRIV_DISK_OPERATOR_BIT, SeDiskOperatorPrivilege, Manage disk shares}, + {SEC_PRIV_SECURITY,SEC_PRIV_SECURITY_BIT, SeSecurityPrivilege, System security}, + /* The list from here on is not displayed in the code from * source3, and is after index NUM_SHORT_LIST_PRIVS for that * reason */ - {SEC_PRIV_SECURITY, -SEC_PRIV_SECURITY_BIT, -SeSecurityPrivilege, - System security}, - {SEC_PRIV_SYSTEMTIME, SEC_PRIV_SYSTEMTIME_BIT, SeSystemtimePrivilege, diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 3a9f681..caba211 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1837,6 +1837,16 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn, * Get the permissions to return. */ + if ((security_info_wanted SECINFO_SACL) + !(fsp-access_mask SEC_FLAG_SYSTEM_SECURITY)) { + return NT_STATUS_ACCESS_DENIED; + } + + if ((security_info_wanted (SECINFO_DACL|SECINFO_OWNER|SECINFO_GROUP)) + !(fsp-access_mask SEC_STD_READ_CONTROL)) { + return NT_STATUS_ACCESS_DENIED; + } + if (!lp_nt_acl_support(SNUM(conn))) { status = get_null_nt_acl(mem_ctx, psd); } else { diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 01f0cd6..f5de607 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2506,8 +2506,9 @@ static NTSTATUS open_directory(connection_struct *conn, return status; } - /* We need to support SeSecurityPrivilege for this. */ - if (access_mask SEC_FLAG_SYSTEM_SECURITY) { + if ((access_mask SEC_FLAG_SYSTEM_SECURITY) + !security_token_has_privilege(get_current_nttok(conn), + SEC_PRIV_SECURITY)) { DEBUG(10, (open_directory: open on %s failed - SEC_FLAG_SYSTEM_SECURITY denied.\n, smb_fname_str_dbg(smb_dname))); @@ -3029,29 +3030,15 @@ static NTSTATUS create_file_unixpath(connection_struct *conn, goto fail; } -#if 0 - /* We need to support SeSecurityPrivilege for this. */ if ((access_mask SEC_FLAG_SYSTEM_SECURITY) - !user_has_privileges(current_user.nt_user_token, -se_security)) { - status = NT_STATUS_PRIVILEGE_NOT_HELD; - goto fail; - } -#else - /* We need to support SeSecurityPrivilege for this. */ - if (access_mask SEC_FLAG_SYSTEM_SECURITY) { - status = NT_STATUS_PRIVILEGE_NOT_HELD; - goto fail; - } - /* Don't allow a SACL set from an NTtrans create until we -* support SeSecurityPrivilege. */ - if (!VALID_STAT(smb_fname-st) - lp_nt_acl_support(SNUM(conn)) - sd (sd-sacl != NULL)) { + !security_token_has_privilege(get_current_nttok(conn), +
[SCM] CTDB repository - branch 1.2-nodeflags updated - ctdb-1.0.114-380-g2a38728
The branch, 1.2-nodeflags has been updated via 2a3872827e3ffda166191fc6ad09144a11d5041c (commit) via 8d47bb47e10fc9caef1a3ea239575dfef61e0a67 (commit) via 52593fcb06b3dfd319da41f1bd5efdfc3b618ee1 (commit) from 976a94c06d1531ddbdb86edc4dae3e28824ae515 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=1.2-nodeflags - Log - commit 2a3872827e3ffda166191fc6ad09144a11d5041c Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Mon Oct 18 11:57:38 2010 +1100 remove checking for filesystems and filesystem health from the cnfs script. remove the gpfsmount and gpfsumount entry points commit 8d47bb47e10fc9caef1a3ea239575dfef61e0a67 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Oct 14 09:49:23 2010 +1100 If tdb_open() fails when trying to open the vacuuming database, print errno so we get some idea of why this failed. commit 52593fcb06b3dfd319da41f1bd5efdfc3b618ee1 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Oct 14 08:12:41 2010 +1100 try to restart NFS LOCKD if it failed to start --- Summary of changes: config/events.d/60.nfs |7 - config/events.d/62.cnfs | 74 --- config/functions|8 + server/ctdb_vacuum.c|2 +- 4 files changed, 15 insertions(+), 76 deletions(-) Changeset truncated at 500 lines: diff --git a/config/events.d/60.nfs b/config/events.d/60.nfs index cd5219a..ed96ab8 100755 --- a/config/events.d/60.nfs +++ b/config/events.d/60.nfs @@ -79,7 +79,12 @@ case $1 in } || exit $? # check that lockd responds to rpc requests - ctdb_check_rpc lockd 100021 1 + (ctdb_check_rpc lockd 100021 1) + [ $? = 0 ] || { + echo Trying to restart lock manager service + startstop_nfslock restart + exit 1 + } # mount needs special handling since it is sometimes not started # correctly on RHEL5 diff --git a/config/events.d/62.cnfs b/config/events.d/62.cnfs index e0af722..af4ecc3 100755 --- a/config/events.d/62.cnfs +++ b/config/events.d/62.cnfs @@ -8,20 +8,8 @@ loadconfig STATEDIR=$CTDB_VARDIR/state/gpfs -# filesystems needed by nfs -NFS_FSS=`cat /etc/exports | egrep -v ^# | sed -e s/[ \t]*[^ \t]*$// -e s/\//g` - - - check_if_healthy() { mkdir -p $STATEDIR/fs -FS=`(cd $STATEDIR/fs ; ls )` -[ -z $FS ] || { -MISSING=`echo $FS | sed -e s/@/\//g` -logger Filesystems required for NFS are missing. Node is UNHEALTHY. [$MISSING] -$CTDB_BASE/events.d/62.cnfs unhealthy GPFS filesystems required for NFS are not mounted : [$MISSING] -exit 0 -} [ -f $STATEDIR/gpfsnoquorum ] { logger No GPFS quorum. Node is UNHEALTHY @@ -40,64 +28,6 @@ case $1 in ;; -# This event is called from the GPFS callbacks when a filesystem is -# unmounted -gpfsumount) -# is this a filesystem we need for nfs? -echo $NFS_FSS | egrep ^$2 /dev/null || { -# no -exit 0 -} - -logger GPFS unmounted filesystem $2 used by NFS. Mark node as UNHEALTHY - -MFS=`echo $2 | sed -e s/\//@/g` -mkdir -p $STATEDIR/fs -touch $STATEDIR/fs/$MFS -$CTDB_BASE/events.d/62.cnfs unhealthy GPFS unmounted filesystem $2 used by NFS -;; - -# This event is called from the GPFS callbacks when a filesystem is -# mounted -gpfsmount) -# is this a filesystem we need for nfs? -echo $NFS_FSS | egrep ^$2 /dev/null || { -# no -exit 0 -} - -logger GPFS mounted filesystem $2 used by NFS. - -MFS=`echo $2 | sed -e s/\//@/g` -mkdir -p $STATEDIR/fs -rm -f $STATEDIR/fs/$MFS - -check_if_healthy -;; - - - -# This event is called from the gpfs callback when GPFS is being shutdown. -gpfsshutdown) -logger GPFS is shutting down. Marking node as UNHEALTHY and trigger a CTDB failover -$CTDB_BASE/events.d/62.cnfs unhealthy GPFS was shut down! -;; - - -# This event is called from the gpfs callback when GPFS has started. -# It checks that all required NFS filesystems are mounted -# and flags the node healthy if so. -gpfsstartup) - # assume we always have quorum when starting - # we are only interested in the case when we explicitely - # lost quorum in an otherwise happy cluster -mkdir -p $STATEDIR -rm -f $STATEDIR/gpfsnoquorum -logger GPFS is is started. -check_if_healthy -;; - - gpfsquorumreached) mkdir -p $STATEDIR rm -f $STATEDIR/gpfsnoquorum @@ -112,10 +42,6 @@ case $1 in
[SCM] CTDB repository - branch master updated - ctdb-1.0.114-374-g401ad5b
The branch, master has been updated via 401ad5bb3c4d2f34e34c4b61649c77391ac2f791 (commit) via 70e92ccc4e0afb8c166d40d09ccad1cdc145892c (commit) via 4cb12fa01749aabd5ad6c73defba8a0204b54978 (commit) via ad4619f1eb1c7c8881fd6e65cdce3b9ed15ce0dd (commit) via 6f41dd35bda6de0501fa48a75148bb818ffdceed (commit) via 63ad4a7fe7bd7c9597a4f5573e87f66e5234eb48 (commit) via 7a5790de22e8370b2812414aa1adef8201e8b269 (commit) via 4ec99c1eeab529865ac790ef554f3b099a14faf1 (commit) via 034635418c7e5274d6bdf47a10e3b631e2d4 (commit) from 3695462ade497356d1b86c6fd1bc1765f1d11e57 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 401ad5bb3c4d2f34e34c4b61649c77391ac2f791 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Oct 21 11:12:30 2010 +1100 new version 1.10 commit 70e92ccc4e0afb8c166d40d09ccad1cdc145892c Author: Stefan Metzmacher me...@samba.org Date: Mon May 10 09:20:13 2010 +0200 web: fix link to tdb README metze commit 4cb12fa01749aabd5ad6c73defba8a0204b54978 Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 14 16:28:27 2010 +0200 doc: regenerate docs metze commit ad4619f1eb1c7c8881fd6e65cdce3b9ed15ce0dd Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 14 15:14:29 2010 +0200 doc/ctdb.1: fix ctdb restore filename [dbname] cmdline metze commit 6f41dd35bda6de0501fa48a75148bb818ffdceed Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 14 15:05:42 2010 +0200 doc/ctdb.1: document persistent flag for ctdb atttach metze commit 63ad4a7fe7bd7c9597a4f5573e87f66e5234eb48 Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 14 16:21:27 2010 +0200 tools/ctdb: allow ctdb pfetch only on persistent databases metze commit 7a5790de22e8370b2812414aa1adef8201e8b269 Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 14 14:49:42 2010 +0200 tools/ctdb: add 'persistent' flag to ctdb attach metze commit 4ec99c1eeab529865ac790ef554f3b099a14faf1 Author: Stefan Metzmacher me...@samba.org Date: Tue Sep 14 14:45:16 2010 +0200 tools/ctdb: let ctdb catdb pass the persistent flag to ctdb_attach() metze commit 034635418c7e5274d6bdf47a10e3b631e2d4 Author: Stefan Metzmacher me...@samba.org Date: Tue Oct 19 19:21:23 2010 +0200 events.d/11.routing: handle updateip event metze --- Summary of changes: config/events.d/11.routing | 11 +++ doc/ctdb.1 | 41 +++- doc/ctdb.1.html| 158 +--- doc/ctdb.1.xml |4 +- packaging/RPM/ctdb.spec.in |2 + tools/ctdb.c | 35 -- web/index.html |2 +- 7 files changed, 144 insertions(+), 109 deletions(-) Changeset truncated at 500 lines: diff --git a/config/events.d/11.routing b/config/events.d/11.routing index c265c38..9a1fdef 100755 --- a/config/events.d/11.routing +++ b/config/events.d/11.routing @@ -27,6 +27,17 @@ case $1 in done ;; +updateip) + oiface=$2 + niface=$3 + cat $CTDB_BASE/static-routes | egrep ^$niface | while read IFACE DEST GW; do + ip route add $DEST via $GW dev $IFACE /dev/null 2/dev/null + done + cat $CTDB_BASE/static-routes | egrep ^$oiface | while read IFACE DEST GW; do + ip route add $DEST via $GW dev $IFACE /dev/null 2/dev/null + done + ;; + *) ctdb_standard_event_handler $@ ;; diff --git a/doc/ctdb.1 b/doc/ctdb.1 index 70e150c..2fce654 100644 --- a/doc/ctdb.1 +++ b/doc/ctdb.1 @@ -1,13 +1,22 @@ '\ t .\ Title: ctdb .\Author: [FIXME: author] [see http://docbook.sf.net/el/author] -.\ Generator: DocBook XSL Stylesheets v1.75.1 http://docbook.sf.net/ -.\ Date: 08/05/2010 +.\ Generator: DocBook XSL Stylesheets v1.75.2 http://docbook.sf.net/ +.\ Date: 09/14/2010 .\Manual: CTDB - clustered TDB database .\Source: ctdb .\ Language: English .\ -.TH CTDB 1 08/05/2010 ctdb CTDB \- clustered TDB database +.TH CTDB 1 09/14/2010 ctdb CTDB \- clustered TDB database +.\ - +.\ * Define some portability stuff +.\ - +.\ ~ +.\ http://bugs.debian.org/507673 +.\ http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\ ~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' .\ - .\ * set default formatting .\ - @@ -407,12 +416,12 @@
[SCM] CTDB repository - annotated tag ctdb-1.0.110 created - ctdb-1.0.110
The annotated tag, ctdb-1.0.110 has been created at e84f5fd023f45e6685dbe3c8dc6d3f48cca149db (tag) tagging eb22c34bccc8a04fcf63efa2bc48d9788709382e (commit) replaces ctdb-1.0.109 tagged by Ronnie Sahlberg on Fri Dec 18 15:29:53 2009 +1100 - Log - tag for 1.0.111 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBLKwVP2aJ36aon/y8RApQWAJ9Sc+7TPz4Y4t/nShnDtzTYr1uVnwCffhD8 SkmV/eAy7NrI7AakZX2SR50= =83oH -END PGP SIGNATURE- Ronnie Sahlberg (1): Version 1.0.110 Rusty Russell (3): eventscript: fix cleanup path when setting up script list eventscript: remove cb_status, fix uninitialized bug when monitoring aborted eventscript: fix bug when script is aborted Stefan Metzmacher (2): server: fix fd leaks in the new logging code server: add set_close_on_exec() on more fds --- -- CTDB repository
[SCM] CTDB repository - annotated tag ctdb-1.9.1 created - ctdb-1.9.1
The annotated tag, ctdb-1.9.1 has been created at b7704b21616233ace5c956b5868566adbf33df35 (tag) tagging 44009e02a661d4a1e14246f650974fc4ed7a07c9 (commit) replaces ctdb-1.0.114 tagged by Rusty Russell on Mon Jul 5 12:26:33 2010 +0930 - Log - 1.9.1 release. Andrew Tridgell (3): tdb: use fdatasync() instead of fsync() in transactions python: use '#!/usr/bin/env python' to cope with varying install locations tdb: update tdb ABI to use hide_symbols=True Brad Hards (1): Spelling fixes for tdb. Jelmer Vernooij (1): subunit: Support formatting compatible with upstream subunit, for consistency. Martin Schwenke (3): Merge commit 'origin/master' Merge branch 'master' of git://git.samba.org/sahlberg/ctdb Fix a thinko in 2ea0a9f1a93781a0d036feb9fcc0d120b182922f. Michael Adam (4): events:50.samba: wipe the local part of the serverid db before starting winbind/smnd/nmbd tests: eliminate a floating point exception by requiring -n option to ctdb_bench tests:ctdb_bench: make send_start_messages() static - eliminates compile warning functions: when checking for a directory also check whether it can be accessed. Ralph Wuerthner (1): ethtool does not support virtio_net devices. Ronnie Sahlberg (70): Merge r...@10.1.1.27:/shared/ctdb/ctdb-git Reduce the loglevel for two log messages for Registering and Deregistering server ids. Merge r...@10.1.1.27:/shared/ctdb/ctdb-git When we forcefully abort a running eventscript, dont log this as is Merge r...@10.1.1.27:/shared/ctdb/ctdb-git Lower the loglevel for Recovery lock successfully taken Merge r...@10.1.1.27:/shared/ctdb/ctdb-git In the recovery daemon, keep track of which node we have assigned public ip Fix a compiler warning Merge r...@10.1.1.27:/shared/ctdb/ctdb-git add a missing || add an example script that can be called from crontab to cleanup In the example script to remove all ip addresses after a ctdb crash, Add a setting where CTDB will monitor and warn for low memory conditions. If the admin makes a configuration mistake and configures NATGW to use the In the log message when we have found an inconsistent ip address allocation, Make create_merged_ip_list() a static function since The recent change to the recovery daemon to keep track of and Dont check ip assignment across the cluster while ip-verification Add a new eventscript 62.cnfs to integrate better with gpfs/cnfs when performing a recovery, Add the number of performed recoveries to the ctdb statistics output. Enhance the ctdb restoredb command so you can restore a backup into a different database. In control_ipreallocate() we wait at most 5 tries before aborting the command It was possible for -recovery_mode to get out of sync with the new three db priorities in such a way that in 62.cnfs, lines in /etc/exports can have hte exports quoted, Add monitoring of quorum and make the node UNHEALTHY when quarum is lost new version 1.9 Merge commit 'rusty/libctdb2' make sure we build libctdb for make all make install to install libctdb.a move the header files and libctdb.a out into a separate ctdb-devel rpm check if vnn is a valid pointer before dereferencing it add a gplv3 boilerplate to the example application for libctdb Prevent clients from connecting to the natgw address. Dont check linkstatus for loopback. This interface never has When adding an ip at runtime, it might not yet have an iface assigned to it, so ensure that the next takover_ip call will fall through to accept the ip and add it. rename ccan/typesafe_cb.h to ctdb_typesafe_cb.h and Update the tst.c example application for libctdb to Dont link with libctdb rename ctdb_send_message to ctdb_client_send_message to resolve colission with the function of the same name in libctdb rename ctdb_set_message_handler to ctdb_client_set_message_handler rename ctdb_message_fn_t to ctdb_msg_fn_t to avoid a conflict with the type of the same name used in libctdb rename ctdb_remove_message_handler to ctdb_client_remove_message_handler add a function to read the current socketname from the ctdb structure add a sync wrapper for the getpnn control link ctdb with libctdb and connect to the daemon both the old way and by using libctdb Add a variable for start/current time to ctdb statistics Automatically free the request once the callback has returned. Make the call to free the request explicit in the callback Add the offsetof macro to libctdb ctdb_req_control contains 4 padding bytes. Create an explicit pad variable here and set it to 0 when creating a control to keep valgrind
[SCM] CTDB repository - annotated tag ctdb-1.10 created - ctdb-1.10
The annotated tag, ctdb-1.10 has been created at 508ac16b3614b02d949d02ceb2d65495946383b2 (tag) tagging 401ad5bb3c4d2f34e34c4b61649c77391ac2f791 (commit) replaces ctdb-1.9.1 tagged by Ronnie Sahlberg on Thu Oct 21 11:19:44 2010 +1100 - Log - Version 1.10 Andrew Tridgell (1): tdb: added TDB_NO_FSYNC env variable Evan Kinney (1): ctdb: Fixed use of reserved word private in typedefs Günther Deschner (1): lib/tdb: fix c++ build warning in tdb_header_hash(). Harald Klatte (1): AIX bind wants the correct addrsize Jelmer Vernooij (3): pytdb: Make filename argument optional. pytdb: Include Python.h first to prevent warning. pytdb: Add __version__ attribute. Kirill Smelkov (9): pytdb: Add support for tdb_add_flags() tdb_remove_flags() pytdb: Fix repr segfault for internal db pytdb: Update open flags to match those for tdb_open() in tdb.h pytdb: Add support for tdb_enable_seqnum, tdb_get_seqnum and tdb_increment_seqnum_nonblock pytdb: Add support for tdb_transaction_prepare_commit() pytdb: Add support for tdb_freelist_size() pytdb: Add TDB_INCOMPATIBLE_HASH open flag pytdb: Add support for tdb_repack() pytdb: Check errors after PyObject_New() calls Martin Schwenke (54): Test suite: handle change to disconnected node error message. Test suite: handle extra lines in statistics output. Optimise 61.nfstickle to write the tickles more efficiently. Testing: Add Python IP allocation simulation. Test suite: handle change to disconnected node error message. Test suite: handle extra lines in statistics output. Optimise 61.nfstickle to write the tickles more efficiently. Testing: Add Python IP allocation simulation. Merge branch 'master' of git://git.samba.org/sahlberg/ctdb Testing: Add imbalance information to IP allocation simulation. Testing: In IP allocation simulation count total number of events. Testing: IP allocation simulation prints final imbalance in statistics. Testing: IP allocation simulation - save some warnings for verbose mode. Testing: IP allocation simulation - add command line option for random seed. Testing: IP allocation simulation - update copyright message. Testing: IP allocation simulation - Tweak options handling and Cluster.diff(). Testing: IP allocation simulation - fix nondeterminism in do_something_random(). Testing: IP allocation simulation - Update README. Testing: IP allocation simulation - update options processing in examples. Testing: IP allocation simulation - add general node group example. Testing: IP allocation simulation - rename an example to node_group_simple.py. Testing: IP allocation simulation - rename an example to node_group_extra.py. Testing: IP allocation simulation - make usage/failure more obvious. Testing: IP allocation simulation - improve help for options. Testing: IP allocation simulation - print maximum number of unhealthy nodes. Testing: IP allocation simulation - clean up usage message. Testing: IP allocation simulation - add option to change odds of a failure. Test suite - try to make addip test more reliable and add some debugging. Merge remote branch 'martins/master' Test suite - fix addip test. Test suite: remove thaw/freeze tests. Test suite - make the ctdb_fetch test cope with Reqid wrap! messages. initscript: wait until we can ping ctdbd before setting tunables. Test suite: weaken ctdb continue/enable tests for non-deterministic IPs. Test suite: Fix typo in continue test. Test suite: remove unnecessary verbosity from enable/continue tests. Add some command-line options to ctdb_diagnostics. Test suite: make addip test use $CTDB rather than ctdb in debug code. Test suite: improve wait_until_node_has_status() Test suite: use $CTDB rather than ctdb everywhere in ctdb_test_functions.sh. Test suite: strengthen function _cluster_is_healthy(). Test suite: print date/time at test completion. Test suite: Add more timestamping of debugging information. Test suite: loosen the getmonmode test. Move NAT gateway firewall rules to recovered|updatenatgw events. Merge branch 'master' of git://git.samba.org/sahlberg/ctdb Merge branch 'master' of git://git.samba.org/sahlberg/ctdb Test suite: in the test eventscript, run ctdb not $CTDB. NFS tickles: use addtickle/deltickle instead of shared tickle directory. Test suite: NFS tickle test uses gettickles if events.d/61.nfstickle missing. Test suite: Fix typos in NFS tickle test. Test suite: Tweak NFS tickle test. Test suite: Fix NFS tickle test. Test suite: Make NFS tickle test more flexible. Ronnie Sahlberg
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 94dc630 Now we have SeSystemSecurity, remove the source3-only #ifdef. from e00c2b3 Add code to implement SeSecurityPrivilege in net rpc rights, and in the open and get/set NT security descriptor code. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 94dc63056a83168c605f14a8ce47b9b75a96fa2f Author: Jeremy Allison j...@samba.org Date: Wed Oct 20 17:51:13 2010 -0700 Now we have SeSystemSecurity, remove the source3-only #ifdef. Jeremy. Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Thu Oct 21 01:35:00 UTC 2010 on sn-devel-104 --- Summary of changes: libcli/security/access_check.c |2 -- 1 files changed, 0 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c index a00e42b..b0d4f4a 100644 --- a/libcli/security/access_check.c +++ b/libcli/security/access_check.c @@ -179,7 +179,6 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, bits_remaining)); } -#if (_SAMBA_BUILD_ = 4) /* s3 had this with #if 0 previously. To be sure the merge doesn't change any behaviour, we have the above #if check on _SAMBA_BUILD_. */ @@ -190,7 +189,6 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, return NT_STATUS_PRIVILEGE_NOT_HELD; } } -#endif /* a NULL dacl allows access */ if ((sd-type SEC_DESC_DACL_PRESENT) sd-dacl == NULL) { -- Samba Shared Repository