Re: [Samba] [3.6.8] XP fails with error 1326
Thanks but still no go :-/ At this point, I can see the server (Looks like netbios name is required, while I assumed its absence would have Samba use the Unix hostname), but when I use c:\net view \\linux, I get the familiar error 5 Access denied. Samba still seems to not ignore the Windows username and use nobody instead. 1. # grep nobody /etc/passwd nobody:x:99:99:nobody:/:/bin/false 2. # grep nobody /etc/shadow nobody:*:9797:0: 3. # pdbedit -Lv --- Unix username:nobody NT username: Account Flags:[U ] Full Name:nobody Domain: LINUX 4. # pdbedit -x -u nobody user nobody does not exist in the passdb 5. C:\Users\frednet view \\LINUX System error 5 has occurred. Access is denied. 6. [2013/10/10 17:27:45.997569, 2] auth/auth.c:319(check_ntlm_password) check_ntlm_password: Authentication for user [fred] - [fred] FAILED with error NT_STATUS_NO_SUCH_USER 7. # cat smb.conf [global] workgroup = WORKGROUP netbios name = LINUX encrypt passwords = yes log level = 2 guest account = nobody map to guest = Bad User security = user [test] path = /tmp browsable = yes read only = yes guest ok = yes I don't know where else to look. Could it be some setting in Windows 7? -- View this message in context: http://samba.2283325.n4.nabble.com/3-6-8-XP-fails-with-error-1326-tp4654631p4654808.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Removing a domain controller help needed
On Fri, 2013-10-11 at 16:00 +1300, Andrew Bartlett wrote: On Fri, 2013-09-13 at 09:10 +0200, christophe wrote: Hi, First guys, I'd like congratulate you. Samba 4 is really a cool product. I have a little problem though. The context: I have Samba4 AD DC working perfectly on a virtual machine for testing purpose I joined another Samba4 AD DC to the domain I had provisioned and it worked perfectly but my second DC VM was deleted with no mean to get it back. I have now a problem on my first DC as the second DC still shows up in the RSAT console, NTDSUTIL, DNS and also samba-tool drs showrepl. it seems to be impossible to delete it completely. I know if I were on a windows DC I'd simply have gone for forced deletion then metadata cleanup. but I don't have a windows DC. Is there a way I can permanently remove all connection to my disappeared second DC form the AD just using the tools provides with samba 4? Can you use the ADUC tools to do it? Yes, we are aware this isn't ideal, and patches to samba-tool are welcome. Other question: I use ISC-DHCP-SERVER with SAMBA_Internal DNS. Is there a way to have it updating records? From the DNS console, it seems I can't allow for unsecure updates Currently this is controlled from the smb.conf, not DNS console. But unsecure updates are a really bad idea. Other folks have done this with GSS-TSIG and an external script, and it would be really neat to also support shared-key TSIG, but that requires work. Patches are very welcome (the shared 128 bit key can be stored in or generated from the unicodePwd). Andrew Bartlett Hi, I post this to samba list: As Cristophe, I'm trying to find a way to get records updated and I found this howto http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ but I'm not able to get it working properly. Mainly the script would find the old record, delete it and add the new one but as stated in my comment on the blog it fails due to TSIG error/TKEY is unacceptable. The last comment on the blog says: Just an hint for someone else who stumbles across the same problem, if you’re using Samba 4 as an AD DC, then kinit with the keytab created in the script instructions above won’t work as samba4 doesn’t seem to like the encryption type. Use -e arcfour-hmac-md5 with the addent command instead. The first script posted on the blog states # keytab can be generated using # $ ktutil # ktutil: addent -password -p dhcpdu...@example.com -k 1 -e aes256-cts-hmac-sha1-96 # Password for dhcpdu...@example.com: # ktutil: wkt dhcpduser.keytab # ktutil: quit but next changes in Using samba AD DC I used # keytab can be generated using the Samba4 tool: # samba-tool domain exportkeytab /etc/dhcpd/dhcpduser.keytab --principal=dhcpduser and klist -k dhcpduser.keytab -e shows Keytab name: WRFILE:/etc/dhcp/dhcpduser.keytab KVNO Principal -- 1 dhcpdu...@saitel.loc (DES cbc mode with CRC-32) 1 dhcpdu...@saitel.loc (DES cbc mode with RSA-MD5) 1 dhcpdu...@saitel.loc (ArcFour with HMAC/md5) so it seems that the keytab contains the arcfour-hmac-md5 encription key. Can someone put some light on this? Thanks, Daniele. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] dos filetime resolution dos filetimes respected in samba4
Hello, i had to upgrade a server from 3.6 to 4.0.10. Now i have a problem had already i solved again. The problem is that a machines program is old and require dos filetime resolution = yes but i does not work with the new 4.0.10 [produktion] path=/home/filestore/produktion browseable = yes writable = yes #create mask = 0777 #directory mask = 0777 #force create mode = 0777 #force directory mode = 0777 inherit permissions = yes follow symlinks = yes wide links = Yes # Wichtig vvv dos filetime resolution = yes dos filemode = yes dos filetimes = yes When connect to share: [2013/10/11 10:13:06.902493, 2] ../lib/util/modules.c:199(do_smb_load_module) Module 'acl_xattr' loaded [2013/10/11 10:13:06.902522, 5] ../source3/smbd/vfs.c:103(smb_register_vfs) Successfully added vfs backend 'acl_xattr' Successfully loaded vfs module [acl_xattr] with the new modules system [2013/10/11 10:13:06.902548, 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [dfs_samba4] Successfully loaded vfs module [dfs_samba4] with the new modules system [2013/10/11 10:13:06.902591, 2] ../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr) connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl u ser = true' for service produktion [2013/10/11 10:13:06.904155, 1] ../source3/smbd/service.c:847(make_connection_snum) 192.168.1.36 (ipv4:192.168.1.36:1089) connect to service produktion initially as user HOLZ\werk statt (uid=371, gid=100) (pid 18755) [2013/10/11 10:13:06.904503, 4] ../source3/smbd/vfs.c:838(vfs_ChDir) vfs_ChDir to /home/filestore/produktion [2013/10/11 10:13:06.904596, 4] ../source3/smbd/vfs.c:849(vfs_ChDir) vfs_ChDir got /home/filestore/produktion [2013/10/11 10:13:08.067607, 2] ../source3/smbd/dosmode.c:92(unix_mode) any hints? regards Andreas -- Ing. Andreas Grabner +43 676 840 775 101 andr...@vianova.cc Via Nova Mediendesign GMBH Augasse 24 A- 7400 oberwart +4333 52 / 32 860 www.vianova.cc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Announce] Samba 4.1.0 Available for Download
== Insanity: doing the same thing over and over again and expecting different results. Albert Einstein == Release Announcements - This is is the first stable release of Samba 4.1. Samba 4.1 will be the next version of the Samba suite and includes all the technology found in both the Samba4 series and the stable 3.x series. The primary additional features over Samba 3.6 are support for the Active Directory logon protocols used by Windows 2000 and above. Major enhancements in Samba 4.1.0 include: Client tools support SMB2/3 === Samba 4.1.0 contains the first release of our client tools and client library that work over the new protocols SMB2 or SMB3. Note that SMB3 only works either to a Samba server version 4.0.0 or above, or to a Windows Server running Windows 2012 or Windows 8. The default protocol for smbclient and smbcacls is still SMB1 (the NT1 protocol dialect). An SMB2 or SMB3 connection can be selected in one of two ways. The easiest way to test the new protocol connection is to add the -mMAX_PROTOCOL command line switch to either smbclient or smbcacls. For example, to connect using SMB3 with smbclient a user would type: smbclient //server/share -Uuser%password -mSMB3 Another example of connecting using SMB2 using smbcacls would be: smbcacls //server/share -Uuser%password -mSMB2 filename Note that when connecting using SMB2 or SMB3 protocols the UNIX extensions are no longer available inside the smbclient command set. This is due to UNIX extensions not yet being defined for the SMB2 or SMB3 protocols. The second way to select SMB2 or SMB3 connections is to set the client max protocol parameter in the [global] section of your smb.conf. Setting this parameter will cause all client connections from Samba and its client tools to offer the requested max protocol to a server on every connection request. For example, to cause all client tools (including winbindd, rpcclient, and the libsmbclient library) to attempt use SMB3 by default add the line: client max protocol = SMB3 to the [global] section of your smb.conf. This has not been as widely tested as the -mPROTOCOL options, but is intended to work correctly in the final release of 4.1.0. Encrypted transport === Although Samba servers have supported encrypted transport connections using the UNIX extensions for many years, selecting SMB3 transport allows encrypted transport connections to Windows servers that support SMB3, as well as Samba servers. In order to enable this, add the -e option to the smbclient command line. For example, to connect to a Windows 2012 server over SMB3 and select an encrypted transport you would use the following command line: smbclient //Win2012Server/share -Uuser%password -mSMB3 -e Directory database replication (AD DC mode) === Directory replication has been reworked in order to improve the correctness and efficiency. As a net effect of it, replication with other domain controllers with a heavily modified schema is now possible (ie. Windows 2012 DCs or other Windows DC with exchange installed) and replication didn't fail anymore in such environments. Server-Side Copy Support Samba 4.1.0 adds support for server-side copy operations via the SMB2 FSCTL_SRV_COPYCHUNK request. Clients making use of server-side copy support, such as Windows Server 2012, should experience considerable performance improvements for file copy operations, as file data need not traverse the network. This feature is enabled by default on the smbd file server. Btrfs Filesystem Integration The Btrfs VFS module provided with Samba 4.1.0 further improves the performance of server-side copy operations on shares backed by a Btrfs filesystem. It does so by allowing multiple files to share the same on-disk extents, avoiding the unnecessary duplication of source and destination file data during a server-side copy operation. This feature can be explicitly enabled on smbd shares backed by a Btrfs filesystem with the smb.conf parameter: vfs objects = btrfs REMOVED COMPONENTS == The Samba Web Administration Tool (SWAT) has been removed. Details why SWAT has been removed can be found on the samba-technical mailing list: https://lists.samba.org/archive/samba-technical/2013-February/090572.html ## Changes ### smb.conf changes Parameter Name Description Default -- --- --- acl allow execute always New False
[Samba] Samba release series
Hi, with today's release of Samba 4.1.0, Samba 4.0 has been turned into the maintenance mode and Samba 3.6 into the security fixes only mode. Samba 3.5 is officially unsupported now. For more details on the modi and other release planning information, please see https://wiki.samba.org/index.php/Samba_Release_Planning Cheers, Karolin -- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 2008 Standard SP2 cannot access samba share by hostname but ok with IP
On 10/10/13 22:20, Jerome Yanga wrote: Rowland, Indeed, we are a step closer. Thanks, to you. :) Moreover, thank you for more info regarding the socket option. I shall keep it off our config. Regarding the files being copied, it is just a drag and drop from any systems that didn't used to have the hostname issue to any of the samba shares. Through further testing,I find that if i comment out the following settings, the second issue disappears. However, it kinda confuses me that this resolves the issue when by definition it should have improved performance. Moreover, I am concerned about turning this off because many people in our organization uses scripts to perform copies from one system to one or more shares. oplocks = No level2 oplocks = No regards, j On Thu, Oct 10, 2013 at 12:11 PM, Rowland Penny rowlandpe...@googlemail.com mailto:rowlandpe...@googlemail.com wrote: On 10/10/13 20:04, Jerome Yanga wrote: Rowland, Changing the security alone (regardless of removing the socket options or not...i tested both) resolved the first issue (connecting via hostname). However, the second issue is still there. Just a refresher, here are the two issues issues. 01) Windows 2008 Standard servers cannot access the samba shares via the hostname. 02) The popup window Error 0x80070021: The process cannot access the file because another process has locked the portion of the file is encountered whenever a file is copied into the share. regards, j On Thu, Oct 10, 2013 at 8:03 AM, Jerome Yanga jerome.ya...@gmail.com mailto:jerome.ya...@gmail.com wrote: Rowland, I shall try this and will let you know the outcome. regards, j On Thu, Oct 10, 2013 at 7:46 AM, Rowland Penny rowlandpe...@googlemail.com mailto:rowlandpe...@googlemail.com wrote: On 10/10/13 15:31, Jerome Yanga wrote: Rowland, Here are the info that you have requested. I had to change the names a bit. :) The two issues that I am having are as follows: 01) Windows 2008 Standard servers cannot access the samba shares via the hostname. 02) The popup window Error 0x80070021: The process cannot access the file because another process has locked the portion of the file is encountered whenever a file is copied into the share. OS: RHEL 6.4 (32 bit) Samba version 4.0.0-55 [global] workgroup = TEST realm = SAMPLE.COM http://SAMPLE.COM netbios aliases = SAMBA1, SAMBA2 server string = Samba Server Version %v security = DOMAIN map to guest = Bad Uid username map = /etc/samba/user_map syslog = 2 log file = /var/log/samba/samba.log max log size = 5 deadtime = 5 max smbd processes = 300 socket options = SO_RCVBUF=32767 SO_SNDBUF=32767 TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT load printers = No printcap name = /dev/null disable spoolss = Yes show add printer wizard = No os level = 1 local master = No browse list = No wins server = 10.1.1.1 host msdfs = No idmap config * : backend = tdb printing = bsd cups options = raw print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j oplocks = No level2 oplocks = No [nfs_share1] path = /net/server1/nfs_share1 read only = No regards, j On Thu, Oct 10, 2013 at 7:14 AM, Rowland Penny rowlandpe...@googlemail.com mailto:rowlandpe...@googlemail.com wrote: On 10/10/13 15:02, Jerome Yanga wrote: Stephane, NetBIOS is set to Default. Rowland, The DNS works on the Windows 2008 server. I can ping the hostname of my RHEL machine from the windows server. regards, j On Thu, Oct 10, 2013 at 2:40 AM, Rowland Penny rowlandpe...@googlemail.com mailto:rowlandpe...@googlemail.com wrote: On 09/10/13 18:04, Jerome Yanga wrote: Has anyone seen this situation? My Windows 2008 Standard SP2 x86_64 cannot access my samba share using \\hostname but connects properly when connecting to it by \\host_ip_address. regards,
Re: [Samba] Samba release series
On Fri, Oct 11, 2013 at 10:17:31AM +0100, Rowland Penny wrote: On 11/10/13 09:55, Karolin Seeger wrote: Hi, with today's release of Samba 4.1.0, Samba 4.0 has been turned into the maintenance mode and Samba 3.6 into the security fixes only mode. Samba 3.5 is officially unsupported now. For more details on the modi and other release planning information, please see https://wiki.samba.org/index.php/Samba_Release_Planning Cheers, Karolin HI, My, but the release page has gone posh ;-) but shouldn't the 'started' column really be 'released' and I think a few of the boxes require filling in Sure, will do that as soon as possible. Karolin -- Samba http://www.samba.org SerNet http://www.sernet.de sambaXP http://www.sambaxp.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [3.6.8] XP fails with error 1326
Started over by removing the Windows host from the equation, and connecting to Samba from within the server. === # cat smb.conf [global] workgroup = WORKGROUP security = SHARE [Plans] path = /plans read only = Yes guest ok = Yes === # smbclient -L localhost -U% WARNING: The security=share option is deprecated Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.8] Sharename Type Comment - --- Error returning browse list: NT_STATUS_ACCESS_DENIED Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.8] === I get the same error message when adding those items one at a time: === [Plans] browsable = yes [global] guest account = nobody map to guest = Bad User === However, when adding invalid users = nobody to [global], I get the following error message: === nobody tree connect failed: NT_STATUS_WRONG_PASSWORD [2013/10/11 12:13:40.210674, 0] smbd/password.c:731(authorise_login) authorise_login: rejected invalid user nobody === So I figured maybe Samba requires adding the nobody user to its user database instead of just relying on the entry in /etc/passwd: === # smbpasswd -an nobody User nobody password set to none. === ... but no go: === # smbclient -L localhost -U% tree connect failed: NT_STATUS_WRONG_PASSWORD === Could it be due to the way Samba is compiled? -- View this message in context: http://samba.2283325.n4.nabble.com/3-6-8-XP-fails-with-error-1326-tp4654631p4654863.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Unable to add point and print drivers
Hello, We have been using samba 4.0.9 with good success so far and are looking to add the ability for users to print from network printers shared by Samba. The printing part works fine using coupling with lp and cups. In order to automate this fully for the users, we would like to enable point and print drivers. The print$ share is accessible with no issues and is configured as below : [print$] comment = Point and Print Printer Drivers path = /usr/local/samba/var/print read only = no writeable = yes browseable = yes Some time back, a colleague has been able to add 2 drivers and we are able to use these drivers successfully. We now want to add new printers and have been unsuccessful in doing so. The transfer of the driver files happens but for some unknown reason it fails and reverts everything. The error that we have on Windows is : Unable to install Insert printer name, User Mode, x64 driver. Operation could not be completed (error 0x001f) The directory that holds the drivers has been chmod'ed 777 just to make sure this was not a permission issue. And to double check, we are able to manually add files to this share with no problems. Samba logs are not saying anything during this operation and I have run out of things to try to make this work. What are the steps that we can take to try to resolve this issue ? Thank you in advance for your help, Antoine Benkemoun -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [3.6.8] XP fails with error 1326
On 11/10/13 11:39, Winfried wrote: Started over by removing the Windows host from the equation, and connecting to Samba from within the server. === # cat smb.conf [global] workgroup = WORKGROUP security = SHARE [Plans] path = /plans read only = Yes guest ok = Yes === # smbclient -L localhost -U% WARNING: The security=share option is deprecated Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.8] Sharename Type Comment - --- Error returning browse list: NT_STATUS_ACCESS_DENIED Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.8] === I get the same error message when adding those items one at a time: === [Plans] browsable = yes [global] guest account = nobody map to guest = Bad User === However, when adding invalid users = nobody to [global], I get the following error message: === nobody tree connect failed: NT_STATUS_WRONG_PASSWORD [2013/10/11 12:13:40.210674, 0] smbd/password.c:731(authorise_login) authorise_login: rejected invalid user nobody === So I figured maybe Samba requires adding the nobody user to its user database instead of just relying on the entry in /etc/passwd: === # smbpasswd -an nobody User nobody password set to none. === ... but no go: === # smbclient -L localhost -U% tree connect failed: NT_STATUS_WRONG_PASSWORD === Could it be due to the way Samba is compiled? -- View this message in context: http://samba.2283325.n4.nabble.com/3-6-8-XP-fails-with-error-1326-tp4654631p4654863.html Sent from the Samba - General mailing list archive at Nabble.com. OK, as I said, I set up Ubuntu 12.0.3 server in a VM, installed samba 3.6.3 and used this smb.conf: [global] workgroup = WORKGROUP encrypt passwords = yes log level = 2 guest account = nobody security = user map to guest = Bad User [test] path = /tmp browsable = yes read only = yes guest ok = yes There are NO users on the Ubuntu server apart from the root user and NO users have been added to samba. I created a test document in /tmp I then fired up an XP VM, logged in and went to 'My Network places', typed into the navigation bar '\\192.168.0.227\test' 192.168.0.227 being the ipaddress of the samba 3.6.3 server and 'test' being the share After a short pause, up came the share and I could open the test document in notepad. So, unless there was a drastic change between 3.6.3 and 3.6.8, either your latest smb.conf is at fault or it is network fault or similar. Try opening a terminal on the Linux machine and typing 'man smb.conf' and then start reading. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - PDC - RHEL6 - Slow browsing from Mac clients
I think I'm unravelling the mystery I have on this one. I believe the situation to be as follows: * Apple used to deploy the actual open source Samba system with it OSX. * A few years ago, Samba made changes to their licensing meaning Apple could apparently no longer use it in a commercial release (so I've read) * In OSX 10.6 Apple dropped Samba and implemented their own version of SMB client software * These early releases of Apple's SMB have been a bit ropey, hence the need for things like Dave from Thursby which replace the SMB client * At this time from personal recent experience it seems that Apple's SMB implementation in OSX 10.8 is more happy working with Windows Server than it is with Samba4 * Apple will be releasing a version of the SMB client that supports SMB2 in forthcoming Mavericks and is expected to solve a number of current SMB issues I have a 100% reproducible use case for testing purposes which simply involves slow listing times in a directory with about 80 images. In OSX 10.8 the listing time is about 60 seconds and then scrolling that directory listing is a very laggy In OSX 10.9 (pre-release) the listing time is about 3 seconds, scrolling is fine In OSX 10.8 running Dave, the directory listing is near instant and no issues with scrolling So, for my current situation I have two verified client side solutions: 1. Wait for OSX Mavericks to be released and gently roll that out 2. Deploy Dave or similar I am now going to investigate two server side solutions: 1. Run NFS alongside the existing Samba setup 2. Run AFP using Netatalk software I'm slightly wary on Netatalk as we've had a nightmare with various NAS boxes recently, including QNAP and I believe these run Netatalk. I'll report back in case it's useful for someone searching the archives in the future. Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [SPAM] Re: Problem with squid+ntlm+samba
On 10/10/2013 08:39 PM, Andrew Bartlett wrote: On Thu, 2013-10-10 at 11:05 -0300, Silvio Aparecido wrote: On 10/07/2013 04:30 PM, Andrew Bartlett wrote: What does wbinfo -P show? wbinfo -p Ping to winbindd succeeded Are you correctly joined to the domain. net ads testjoin Join is OK Can you authenticate using wbinfo as root, and then as squid? What do the winbind logs show? in this server i just connect as root, using wbinfo -a I receive this message plaintext password authentication succeeded challenge/response password authentication succeeded But, in few minutos this connection is droped and I can't login again in domain, unless I restart samba [2013/10/10 10:37:43, 5] winbindd/winbindd_cm.c:1806(set_dc_type_and_flags_connect) set_dc_type_and_flags_connect: domain CARTHOMSNO [2013/10/10 10:37:43, 5] winbindd/winbindd_cm.c:1815(set_dc_type_and_flags_connect) set_dc_type_and_flags_connect: Could not bind to PI_DSSETUP on domain CARTHOMSNO: (NT_STATUS_ACCESS_DENIED) [2013/10/10 10:37:43, 5] winbindd/winbindd_cm.c:1862(set_dc_type_and_flags_connect) set_dc_type_and_flags_connect: Could not bind to PI_LSARPC on domain CARTHOMSNO: (NT_STATUS_ACCESS_DENIED) [2013/10/10 10:37:43, 10] winbindd/winbindd_dual.c:125(async_request) Sending request to child pid 23705 (domain=CARTHOMSNO) [2013/10/10 10:37:43, 10] winbindd/winbindd_cache.c:2667(cache_retrieve_response) Retrieving response for pid 23705 Which version is this. Can you try the latest (4.0.10, or 4.1 due later today)? Thanks, Andrew Bartlett Unhappily i can't try in a new version, because i use this in a firewall and is it configured with samba34. On the other hand i think this problem is caused by a network trouble between winbind and the AD server. A way exists to increase the time for connections, or the cache to this service don't be drop? This are the log in the moment that the service is drop. log.wb-CARTHOMSNO:[2013/10/11 05:32:19, 3] winbindd/winbindd_dual.c:52(child_read_request) log.wb-CARTHOMSNO- child_read_request: read_data failed: NT_STATUS_END_OF_FILE log.smbd:[2013/10/11 05:32:19, 3] smbd/connection.c:42(yield_connection) log.smbd- deleting connection record returned NT_STATUS_NOT_FOUND log.smbd:[2013/10/11 05:32:19, 3] smbd/server.c:845(exit_server_common) log.smbd- Server exit (termination signal) log.nmbd:[2013/10/11 05:32:19, 0] nmbd/nmbd.c:71(terminate) log.nmbd- Got SIGTERM: going down... [2013/10/11 05:32:19, 0] winbindd/winbindd.c:190(winbindd_sig_term_handler) Got sig[15] terminate (is_parent=1) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [3.6.8] XP fails with error 1326
Doesn't work on my host. # cat /etc/samba/smb.conf [global] workgroup = WORKGROUP encrypt passwords = yes log level = 2 guest account = nobody security = user map to guest = Bad User [test] path = /tmp browsable = yes read only = yes guest ok = yes # pdbedit -L nobody:99:nobody # smbpasswd -x nobody Deleted user nobody. # pdbedit -L # /etc/rc.d/rc.samba restart # smbclient -L localhost -U% Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.8] Sharename Type Comment - --- Error returning browse list: NT_STATUS_ACCESS_DENIED Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.8] Server Comment ---- WorkgroupMaster ---- # tail /var/log/samba/log.smbd [2013/10/11 14:20:50.229649, 2] smbd/reply.c:553(reply_special) netbios connect: name1=LOCALHOST 0x20 name2=SLAX 0x0 [2013/10/11 14:20:50.231106, 2] smbd/reply.c:573(reply_special) netbios connect: local=localhost remote=slax, name type = 0 -- View this message in context: http://samba.2283325.n4.nabble.com/3-6-8-XP-fails-with-error-1326-tp4654631p4654870.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [3.6.8] XP fails with error 1326
On 11/10/13 13:10, Winfried wrote: Doesn't work on my host. On my samba 3.6.3 server # cat /etc/samba/smb.conf [global] workgroup = WORKGROUP encrypt passwords = yes log level = 2 guest account = nobody security = user map to guest = Bad User [test] path = /tmp browsable = yes read only = yes guest ok = yes AS above # pdbedit -L nobody:99:nobody pdbedit -L nobody:65534:nobody Note: I never added user 'nobody' # smbpasswd -x nobody Deleted user nobody. Did not do this # pdbedit -L # /etc/rc.d/rc.samba restart Or the above # smbclient -L localhost -U% Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.8] Sharename Type Comment - --- Error returning browse list: NT_STATUS_ACCESS_DENIED Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.8] Server Comment ---- WorkgroupMaster ---- smbclient -L localhost -U% Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.3] Sharename Type Comment - --- IPC$IPC IPC Service (Samba 3.6.3) testDisk Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.3] Server Comment ---- TESTCLIENT Samba 3.6.3 WorkgroupMaster ---- WORKGROUPTESTCLIENT # tail /var/log/samba/log.smbd [2013/10/11 14:20:50.229649, 2] smbd/reply.c:553(reply_special) netbios connect: name1=LOCALHOST 0x20 name2=SLAX 0x0 [2013/10/11 14:20:50.231106, 2] smbd/reply.c:573(reply_special) netbios connect: local=localhost remote=slax, name type = 0 [2013/10/11 13:15:05.159362, 2] smbd/reply.c:553(reply_special) netbios connect: name1=LOCALHOST 0x20 name2=TESTCLIENT 0x0 [2013/10/11 13:15:05.159504, 2] smbd/reply.c:573(reply_special) netbios connect: local=localhost remote=testclient, name type = 0 It would seem that you do need the user 'nobody' but it also seems that samba adds it automatically, what I do find strange is that on your machine 'nobody' has the uidNumber of 99, whether this makes any difference, I do not know. I can only add that this setup works for me. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [3.6.8] XP fails with error 1326
Changing to log level = 3 shows this: ... Transaction 3 of length 132 (0 toread) [2013/10/11 14:35:26.670629, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3767) conn 0xb7c0cf78 [2013/10/11 14:35:26.672412, 3] smbd/service.c:190(set_current_service) chdir (/tmp) failed, reason: Permission denied [2013/10/11 14:35:26.674207, 3] smbd/error.c:81(error_packet_set) error packet at smbd/process.c(1558) cmd=37 (SMBtrans) NT_STATUS_ACCESS_DENIED ... Since it's a bit long, I pasted the whole message here: www.pastebin.com/a80UcTwz Interestingly, this error shows up even after changing path from /tmp to /plans: == [test] ;path = /tmp path = /plans == So it appears that smbd 1) tries chdir to /tmp even though no share is mapped there, and 2) is denied this by Linux, for some reason. -- View this message in context: http://samba.2283325.n4.nabble.com/3-6-8-XP-fails-with-error-1326-tp4654631p4654879.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Password Policy IPA
Hello, We currently have Samba 3 and IPA running together. There are issues with IPA and Samba understanding the password policy IPA has for a given user. Currently we are attempting to match a policy in Samba using pdbedit -P pdbedit -P min password length -C 8 pdbedit -P bad lockout attempt -C 6 pdbedit -P lockout duration -C 60 pdbedit -P password history -C 10 **not working pdbedit -P reset count minutes -C 1 pdbedit -P maximum password age -C 90 pdbedit -P minimum password age -C 1 Here is our IPA policy: Max lifetime (days): 90 Min lifetime (hours): 1 History size (number of passwords): 10 Character classes: 3 Min length: 8 Max failures: 6 Failure reset interval (seconds): 60 Lockout duration (seconds): 600 There are certain admin users however that shouldn't have their password expire every 90 days. I'm assuming if I set the above pdbedit commands then ALL users who login to Windows will have to change their password after 90 days. That's what I want but certain admin users should not. Is there a way to exclude users from a password policy in Samba? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [3.6.8] XP fails with error 1326
On 11/10/13 13:58, Winfried wrote: Changing to log level = 3 shows this: ... Transaction 3 of length 132 (0 toread) [2013/10/11 14:35:26.670629, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3767) conn 0xb7c0cf78 [2013/10/11 14:35:26.672412, 3] smbd/service.c:190(set_current_service) chdir (/tmp) failed, reason: Permission denied [2013/10/11 14:35:26.674207, 3] smbd/error.c:81(error_packet_set) error packet at smbd/process.c(1558) cmd=37 (SMBtrans) NT_STATUS_ACCESS_DENIED ... Since it's a bit long, I pasted the whole message here: www.pastebin.com/a80UcTwz Interestingly, this error shows up even after changing path from /tmp to /plans: == [test] ;path = /tmp path = /plans == So it appears that smbd 1) tries chdir to /tmp even though no share is mapped there, and 2) is denied this by Linux, for some reason. -- View this message in context: http://samba.2283325.n4.nabble.com/3-6-8-XP-fails-with-error-1326-tp4654631p4654879.html Sent from the Samba - General mailing list archive at Nabble.com. Did you restart samba after altering smb.conf ? Try chmod 777 on /plans and try again Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [3.6.8] XP fails with error 1326
On 11/10/13 13:58, Winfried wrote: Changing to log level = 3 shows this: ... Transaction 3 of length 132 (0 toread) [2013/10/11 14:35:26.670629, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3767) conn 0xb7c0cf78 [2013/10/11 14:35:26.672412, 3] smbd/service.c:190(set_current_service) chdir (/tmp) failed, reason: Permission denied [2013/10/11 14:35:26.674207, 3] smbd/error.c:81(error_packet_set) error packet at smbd/process.c(1558) cmd=37 (SMBtrans) NT_STATUS_ACCESS_DENIED ... Since it's a bit long, I pasted the whole message here: www.pastebin.com/a80UcTwz Interestingly, this error shows up even after changing path from /tmp to /plans: == [test] ;path = /tmp path = /plans == So it appears that smbd 1) tries chdir to /tmp even though no share is mapped there, and 2) is denied this by Linux, for some reason. -- View this message in context: http://samba.2283325.n4.nabble.com/3-6-8-XP-fails-with-error-1326-tp4654631p4654879.html Sent from the Samba - General mailing list archive at Nabble.com. Just had another thought, the samba server wouldn't be running selinux or apparmor would it ? Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 join Windows 2003 Server with BIND9_DLZ
Hi, root@samba4:~# samba-tool domain join jacoramos.net.br DC -Uadministrador --realm=jacoramos.net.br --dns-backend=BIND9_DLZ Finding a writeable DC for domain 'jacoramos.net.br' Found DC win2003.jacoramos.net.br Password for [WORKGROUP\administrador]: workgroup is JACORAMOS realm is jacoramos.net.br checking sAMAccountName Adding CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Adding CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br Adding CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br Adding SPNs to CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Setting account password for SAMBA4$ Enabling account Adding DNS account CN=dns-SAMBA4,CN=Users,DC=jacoramos,DC=net,DC=br with dns/ SPN Join failed - cleaning up checking sAMAccountName Deleted CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Deleted CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br Deleted CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - 052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1169, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1072, in do_join ctx.join_add_objects() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 616, in join_add_objects ctx.samdb.add(msg) root@samba4:~# --- Any idea, to resolves? -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [3.6.8] XP fails with error 1326
After editing smb.conf, I always run /etc/rc.d/rc.samba restart. The host isn't running a firewall, and the error message mentions /tmp instead of /plans, so chmod 777 /plans did nothing: chdir (/tmp) failed, reason: Permission denied I don't know if it means anything, but the host is running Slax off a USB keydrive. No one has reported the same problem. -- View this message in context: http://samba.2283325.n4.nabble.com/3-6-8-XP-fails-with-error-1326-tp4654631p4654891.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 join Windows 2003 Server with BIND9_DLZ
Hi, root@samba4:~# samba-tool domain join jacoramos.net.br DC -Uadministrador --realm=jacoramos.net.br --dns-backend=BIND9_DLZ Finding a writeable DC for domain 'jacoramos.net.br' Found DC win2003.jacoramos.net.br Password for [WORKGROUP\administrador]: workgroup is JACORAMOS realm is jacoramos.net.br checking sAMAccountName Adding CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Adding CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br Adding CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br Adding SPNs to CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Setting account password for SAMBA4$ Enabling account Adding DNS account CN=dns-SAMBA4,CN=Users,DC=jacoramos,DC=net,DC=br with dns/ SPN Join failed - cleaning up checking sAMAccountName Deleted CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Deleted CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br Deleted CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - 052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1169, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1072, in do_join ctx.join_add_objects() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 616, in join_add_objects ctx.samdb.add(msg) root@samba4:~# --- Any idea, to resolves? -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Removing a domain controller help needed
On Fri, 2013-10-11 at 15:53 +0200, Daniele Dario wrote: On Fri, 2013-10-11 at 09:59 +0100, Rowland Penny wrote: On 11/10/13 08:26, Daniele Dario wrote: On Fri, 2013-10-11 at 16:00 +1300, Andrew Bartlett wrote: On Fri, 2013-09-13 at 09:10 +0200, christophe wrote: Hi, First guys, I'd like congratulate you. Samba 4 is really a cool product. I have a little problem though. The context: I have Samba4 AD DC working perfectly on a virtual machine for testing purpose I joined another Samba4 AD DC to the domain I had provisioned and it worked perfectly but my second DC VM was deleted with no mean to get it back. I have now a problem on my first DC as the second DC still shows up in the RSAT console, NTDSUTIL, DNS and also samba-tool drs showrepl. it seems to be impossible to delete it completely. I know if I were on a windows DC I'd simply have gone for forced deletion then metadata cleanup. but I don't have a windows DC. Is there a way I can permanently remove all connection to my disappeared second DC form the AD just using the tools provides with samba 4? Can you use the ADUC tools to do it? Yes, we are aware this isn't ideal, and patches to samba-tool are welcome. Other question: I use ISC-DHCP-SERVER with SAMBA_Internal DNS. Is there a way to have it updating records? From the DNS console, it seems I can't allow for unsecure updates Currently this is controlled from the smb.conf, not DNS console. But unsecure updates are a really bad idea. Other folks have done this with GSS-TSIG and an external script, and it would be really neat to also support shared-key TSIG, but that requires work. Patches are very welcome (the shared 128 bit key can be stored in or generated from the unicodePwd). Andrew Bartlett Hi, I post this to samba list: As Cristophe, I'm trying to find a way to get records updated and I found this howto http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ but I'm not able to get it working properly. Mainly the script would find the old record, delete it and add the new one but as stated in my comment on the blog it fails due to TSIG error/TKEY is unacceptable. The last comment on the blog says: Just an hint for someone else who stumbles across the same problem, if you’re using Samba 4 as an AD DC, then kinit with the keytab created in the script instructions above won’t work as samba4 doesn’t seem to like the encryption type. Use -e arcfour-hmac-md5 with the addent command instead. The first script posted on the blog states # keytab can be generated using # $ ktutil # ktutil: addent -password -p dhcpdu...@example.com -k 1 -e aes256-cts-hmac-sha1-96 # Password for dhcpdu...@example.com: # ktutil: wkt dhcpduser.keytab # ktutil: quit but next changes in Using samba AD DC I used # keytab can be generated using the Samba4 tool: # samba-tool domain exportkeytab /etc/dhcpd/dhcpduser.keytab --principal=dhcpduser and klist -k dhcpduser.keytab -e shows Keytab name: WRFILE:/etc/dhcp/dhcpduser.keytab KVNO Principal -- 1 dhcpdu...@saitel.loc (DES cbc mode with CRC-32) 1 dhcpdu...@saitel.loc (DES cbc mode with RSA-MD5) 1 dhcpdu...@saitel.loc (ArcFour with HMAC/md5) so it seems that the keytab contains the arcfour-hmac-md5 encription key. Can someone put some light on this? Thanks, Daniele. Hi, I have been using something similar for some time now, without any great problems. I have attached my notes and hope that these help. Rowland Hi Rowland, I'm trying with your script and something changed so I guess I'm on the right way to get DDNS working but what I'm seeing now is Oct 11 15:35:26 kdc01 dhcpd: Commit: IP: 192.168.12.204 DHCID: 1:0:22:43:1b:9f:b2 Name: alaska Oct 11 15:35:26 kdc01 dhcpd: execute_statement argv[0] = /etc/dhcp/dhcp-krbnsupdate.sh Oct 11 15:35:26 kdc01 dhcpd: execute_statement argv[1] = add Oct 11 15:35:26 kdc01 dhcpd: execute_statement argv[2] = 192.168.12.204 Oct 11 15:35:26 kdc01 dhcpd: execute_statement argv[3] = 1:0:22:43:1b:9f:b2 Oct 11 15:35:26 kdc01 dhcpd: execute_statement argv[4] = alaska Oct 11 15:35:26 kdc01 dhcpd: execute: /etc/dhcp/dhcp-krbnsupdate.sh exit status 256 Oct 11 15:35:26 kdc01 dhcpd: Unable to add forward map from alaska.saitel.loc to 192.168.12.204: timed out Oct 11 15:35:26 kdc01 dhcpd: DHCPREQUEST for 192.168.12.204 from 00:22:43:1b:9f:b2 (alaska) via eth0 Oct 11 15:35:26 kdc01 dhcpd: DHCPACK on 192.168.12.204 to 00:22:43:1b:9f:b2 (alaska) via eth0 as you can see the script exits with status 256 which is not a value given from the script. Looking deeper I found that when
[Samba] getent group by name fails
Samba 3.6.17 joined to Samba 4.2.0 AD domain, using winbind 'wbinfo -g' and 'getent group' successfully list all groups. 'getent group 10006' returns: domain users:x:10006: 'getent group domain users' fails with return code 2 partial log.winbind after above command: [2013/10/11 10:01:31.288199, 3] winbindd/winbindd_misc.c:384(winbindd_interface_version) [31911]: request interface version [2013/10/11 10:01:31.288288, 3] winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir) [31911]: request location of privileged pipe [2013/10/11 10:01:31.288421, 3] winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send) getgrnam domain users [2013/10/11 10:01:31.288520, 3] winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid) msrpc_name_to_sid: name=DOMAIN\USERS [2013/10/11 10:01:31.288547, 3] winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid) name_to_sid [rpc] DOMAIN\USERS for domain DOMAIN if I specify the domain name, ie: 'getent group ALLENLAN\\domain users' it still fails... [2013/10/11 10:02:18.280728, 3] winbindd/winbindd_misc.c:384(winbindd_interface_version) [31925]: request interface version [2013/10/11 10:02:18.280823, 3] winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir) [31925]: request location of privileged pipe [2013/10/11 10:02:18.280940, 3] winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send) getgrnam ALLENLAN\domain users [2013/10/11 10:02:18.281033, 3] winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid) msrpc_name_to_sid: name=ALLENLAN\DOMAIN\USERS [2013/10/11 10:02:18.281060, 3] winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid) name_to_sid [rpc] ALLENLAN\DOMAIN\USERS for domain ALLENLAN\DOMAIN Note the missing space in DOMAIN\USERS in the logs. I don't know whether this is relevant. 'getent passwd' does not have any such problems - it can query by UID or username smb.conf: [global] workgroup = ALLENLAN realm = allenlan.net password server = 192.168.0.13 preferred master = no server string = zone-samba3 security = ads encrypt passwords = yes log level = 3 log file = /var/log/samba/%m max log size = 50 printcap name = cups printing = cups winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind nested groups = yes winbind separator = \ idmap config * : backend = ad idmap config * : range = 1-10 -- *Lee Allen* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [3.6.8] XP fails with error 1326
On 11/10/13 15:05, Winfried wrote: After editing smb.conf, I always run /etc/rc.d/rc.samba restart. The host isn't running a firewall, and the error message mentions /tmp instead of /plans, so chmod 777 /plans did nothing: chdir (/tmp) failed, reason: Permission denied I don't know if it means anything, but the host is running Slax off a USB keydrive. No one has reported the same problem. -- View this message in context: http://samba.2283325.n4.nabble.com/3-6-8-XP-fails-with-error-1326-tp4654631p4654891.html Sent from the Samba - General mailing list archive at Nabble.com. OK, I setup another VM, but this time with Centos 6.4, added samba and exactly the same smb.conf etc and tried to connect. I couldn't even connect, so turned off iptables and tried again, it now connected but now I got 'Permission denied' Turned off selinux 'echo 0 /selinux/enforce' I could now enter the share and open the test document. Could this be your problem? After this I am lost, I can see no other reason why it does not work, have you thought about Ubuntu server 12.04? Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] using samba 4 as plugin replacement for samba 3
Hi, when I don't want to switch to Active Directory, but don't want to be stuck on version 3.6 either, can I simply give samba 4 a copy of the old smb.conf file? Will it be able to store all windows acl's in extended attributes, or is this improvement only available in combination with letting it run as active directory domain controller? thanks, Klaus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 2008 Standard SP2 cannot access samba share by hostname but ok with IP
JY Rowland, JY I did see those from my searches as well. However, this samba JY configuration worked prior to migrating it to RHEL and into a more current JY samba. JY regards, JY j HI Jerome, '0x80070021' is a windows error and the most likely cause would seem to be trying to copy a users .pst file whilst outlook is still running, try doing a web search on the error. Rowland But that doesn't address Rowland's point at all. Are you sure this file isn't in use, even if it might have worked before? It seems pretty dismissive, IMO, to simply say it worked before. [I've seen Rowland spend an enormous amount of time recently trying to help people, and in several cases it seems the person getting helped isn't putting in nearly as much effort as I'd expect. I'm not saying it's that way in this case - but IMO, you need to address the Is this file open and that's the cause of the error?] But perhaps I'm just feeling cranky this morning. :) --- ...And I have to say, 'Man Rowland, you and Steve have gone way above and beyond in spending time and effort helping.' You guys make community software rock! -Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
Hi guys, When run join in DC root@samba4:~# samba-tool domain join jacoramos.net.br DC -Uadministrador --realm=jacoramos.net.br --dns-backend=BIND9_DLZ Finding a writeable DC for domain 'jacoramos.net.br' Found DC win2003.jacoramos.net.br Password for [WORKGROUP\administrador]: workgroup is JACORAMOS realm is jacoramos.net.br checking sAMAccountName Adding CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Adding CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br Adding CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br Adding SPNs to CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Setting account password for SAMBA4$ Enabling account Adding DNS account CN=dns-SAMBA4,CN=Users,DC=jacoramos,DC=net,DC=br with dns/ SPN Join failed - cleaning up checking sAMAccountName Deleted CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br Deleted CN=NTDS Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br Deleted CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - 052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1169, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1072, in do_join ctx.join_add_objects() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 616, in join_add_objects ctx.samdb.add(msg) root@samba4:~# --- Anyone have any ideas? -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
Wild guess: The errors I see all have to do with an account that doesn't have a password, the password is expired etc. Are you *sure* the account you're using to join with is valid, and works properly in other contexts? Do some google searches on: [SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0] and you'll see what I mean. That doesn't mean that's the problem, but that's what I get out of it - perhaps incorrectly. -Greg JR Hi guys, JR When run join in DC JR root@samba4:~# samba-tool domain join jacoramos.net.br DC -Uadministrador JR --realm=jacoramos.net.br --dns-backend=BIND9_DLZ JR Finding a writeable DC for domain 'jacoramos.net.br' JR Found DC win2003.jacoramos.net.br JR Password for [WORKGROUP\administrador]: JR workgroup is JACORAMOS JR realm is jacoramos.net.br JR checking sAMAccountName JR Adding CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br JR Adding JR CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Adding CN=NTDS JR Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Adding SPNs to CN=SAMBA4,OU=Domain JR Controllers,DC=jacoramos,DC=net,DC=br JR Setting account password for SAMBA4$ JR Enabling account JR Adding DNS account JR CN=dns-SAMBA4,CN=Users,DC=jacoramos,DC=net,DC=br with JR dns/ SPN JR Join failed - cleaning up JR checking sAMAccountName JR Deleted CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br JR Deleted CN=NTDS JR Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Deleted JR CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - JR 052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, JR line 175, in _run JR return self.run(*args, **kwargs) JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line JR 552, in run JR machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 1169, in join_DC JR ctx.do_join() JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 1072, in do_join JR ctx.join_add_objects() JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 616, in join_add_objects JR ctx.samdb.add(msg) JR root@samba4:~# JR --- JR Anyone have any ideas? JR -- JR *O homem não foi criado para ser feliz nem para vencer, mas para viver JR para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes JR * JR * JR $whoami* JR- Perito Forense Computacional JR- Pentester JR- Esp. em Segurança de Redes de Computadores com enfâse a Perícia JRForense Computacional - FACID JR- Bacharel em Ciência da Computação - UESPI JR- Administrador de Redes de Computadores JR- CCNA Modulo II JR- Lattes: *http://lattes.cnpq.br/1591329268136905* JR Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se JR você não for o destinatário ou a pessoa autorizada a receber esta mensagem, JR não deve usar, copiar ou divulgar as informações nela contida ou tomar JR qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 2008 Standard SP2 cannot access samba share by hostname but ok with IP
Greg, I do understand and I have done my homework with regards to the file lock even before I posted here. I apologize for not providing all the info all at once. I find that if I do, a lot is missed so I provide as it becomes pertinent. In performing my test, I created another share identical to what you see above and made sure that no one else is connected to it. I simply dragged and dropped a file from a Windows 7 to the share and I got error 0x80070021 on the following cases. 01) copying a new file into the share 02) overwriting an existing file Creating a new file does not seem to show this issue--as expected. Like you, I also appreciate how much Rowland has helped me. I have been on that end of the line before and I know the hard work and patience it needs. regards, j On Fri, Oct 11, 2013 at 8:09 AM, Gregory Sloop gr...@sloop.net wrote: JY Rowland, JY I did see those from my searches as well. However, this samba JY configuration worked prior to migrating it to RHEL and into a more current JY samba. JY regards, JY j HI Jerome, '0x80070021' is a windows error and the most likely cause would seem to be trying to copy a users .pst file whilst outlook is still running, try doing a web search on the error. Rowland But that doesn't address Rowland's point at all. Are you sure this file isn't in use, even if it might have worked before? It seems pretty dismissive, IMO, to simply say it worked before. [I've seen Rowland spend an enormous amount of time recently trying to help people, and in several cases it seems the person getting helped isn't putting in nearly as much effort as I'd expect. I'm not saying it's that way in this case - but IMO, you need to address the Is this file open and that's the cause of the error?] But perhaps I'm just feeling cranky this morning. :) --- ...And I have to say, 'Man Rowland, you and Steve have gone way above and beyond in spending time and effort helping.' You guys make community software rock! -Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Unable to add point and print drivers
As a follow-up, this was fixed by adding the drivers as the domain Administrator account. Simple fix for an ugly looking problem :) From: samba-boun...@lists.samba.org samba-boun...@lists.samba.org on behalf of Antoine Benkemoun antoine.benkem...@nexthink.com Sent: Friday, October 11, 2013 12:34 PM To: samba@lists.samba.org Subject: [Samba] Unable to add point and print drivers Hello, We have been using samba 4.0.9 with good success so far and are looking to add the ability for users to print from network printers shared by Samba. The printing part works fine using coupling with lp and cups. In order to automate this fully for the users, we would like to enable point and print drivers. The print$ share is accessible with no issues and is configured as below : [print$] comment = Point and Print Printer Drivers path = /usr/local/samba/var/print read only = no writeable = yes browseable = yes Some time back, a colleague has been able to add 2 drivers and we are able to use these drivers successfully. We now want to add new printers and have been unsuccessful in doing so. The transfer of the driver files happens but for some unknown reason it fails and reverts everything. The error that we have on Windows is : Unable to install Insert printer name, User Mode, x64 driver. Operation could not be completed (error 0x001f) The directory that holds the drivers has been chmod'ed 777 just to make sure this was not a permission issue. And to double check, we are able to manually add files to this share with no problems. Samba logs are not saying anything during this operation and I have run out of things to try to make this work. What are the steps that we can take to try to resolve this issue ? Thank you in advance for your help, Antoine Benkemoun -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
Hi Greg My passwords are correct and account i am using to join with is valid, and works properly! Grato Jacó Ramos 2013/10/11 Gregory Sloop gr...@sloop.net Wild guess: The errors I see all have to do with an account that doesn't have a password, the password is expired etc. Are you *sure* the account you're using to join with is valid, and works properly in other contexts? Do some google searches on: [SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0] and you'll see what I mean. That doesn't mean that's the problem, but that's what I get out of it - perhaps incorrectly. -Greg JR Hi guys, JR When run join in DC JR root@samba4:~# samba-tool domain join jacoramos.net.br DC -Uadministrador JR --realm=jacoramos.net.br --dns-backend=BIND9_DLZ JR Finding a writeable DC for domain 'jacoramos.net.br' JR Found DC win2003.jacoramos.net.br JR Password for [WORKGROUP\administrador]: JR workgroup is JACORAMOS JR realm is jacoramos.net.br JR checking sAMAccountName JR Adding CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br JR Adding JR CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Adding CN=NTDS JR Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Adding SPNs to CN=SAMBA4,OU=Domain JR Controllers,DC=jacoramos,DC=net,DC=br JR Setting account password for SAMBA4$ JR Enabling account JR Adding DNS account JR CN=dns-SAMBA4,CN=Users,DC=jacoramos,DC=net,DC=br with JR dns/ SPN JR Join failed - cleaning up JR checking sAMAccountName JR Deleted CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br JR Deleted CN=NTDS JR Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Deleted JR CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - JR 052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, JR line 175, in _run JR return self.run(*args, **kwargs) JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line JR 552, in run JR machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 1169, in join_DC JR ctx.do_join() JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 1072, in do_join JR ctx.join_add_objects() JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 616, in join_add_objects JR ctx.samdb.add(msg) JR root@samba4:~# JR --- JR Anyone have any ideas? JR -- JR *O homem não foi criado para ser feliz nem para vencer, mas para viver JR para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes JR * JR * JR $whoami* JR- Perito Forense Computacional JR- Pentester JR- Esp. em Segurança de Redes de Computadores com enfâse a Perícia JRForense Computacional - FACID JR- Bacharel em Ciência da Computação - UESPI JR- Administrador de Redes de Computadores JR- CCNA Modulo II JR- Lattes: *http://lattes.cnpq.br/1591329268136905* JR Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se JR você não for o destinatário ou a pessoa autorizada a receber esta mensagem, JR não deve usar, copiar ou divulgar as informações nela contida ou tomar JR qualquer ação baseada nessas informações. -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
With SAMBA_INTERNAL works properly! Grato. Jacó Ramos 2013/10/11 Jacó Ramos j4c0r4...@gmail.com Hi Greg My passwords are correct and account i am using to join with is valid, and works properly! Grato Jacó Ramos 2013/10/11 Gregory Sloop gr...@sloop.net Wild guess: The errors I see all have to do with an account that doesn't have a password, the password is expired etc. Are you *sure* the account you're using to join with is valid, and works properly in other contexts? Do some google searches on: [SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0] and you'll see what I mean. That doesn't mean that's the problem, but that's what I get out of it - perhaps incorrectly. -Greg JR Hi guys, JR When run join in DC JR root@samba4:~# samba-tool domain join jacoramos.net.br DC -Uadministrador JR --realm=jacoramos.net.br --dns-backend=BIND9_DLZ JR Finding a writeable DC for domain 'jacoramos.net.br' JR Found DC win2003.jacoramos.net.br JR Password for [WORKGROUP\administrador]: JR workgroup is JACORAMOS JR realm is jacoramos.net.br JR checking sAMAccountName JR Adding CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br JR Adding JR CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Adding CN=NTDS JR Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Adding SPNs to CN=SAMBA4,OU=Domain JR Controllers,DC=jacoramos,DC=net,DC=br JR Setting account password for SAMBA4$ JR Enabling account JR Adding DNS account JR CN=dns-SAMBA4,CN=Users,DC=jacoramos,DC=net,DC=br with JR dns/ SPN JR Join failed - cleaning up JR checking sAMAccountName JR Deleted CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br JR Deleted CN=NTDS JR Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Deleted JR CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - JR 052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, JR line 175, in _run JR return self.run(*args, **kwargs) JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line JR 552, in run JR machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 1169, in join_DC JR ctx.do_join() JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 1072, in do_join JR ctx.join_add_objects() JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 616, in join_add_objects JR ctx.samdb.add(msg) JR root@samba4:~# JR --- JR Anyone have any ideas? JR -- JR *O homem não foi criado para ser feliz nem para vencer, mas para viver JR para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes JR * JR * JR $whoami* JR- Perito Forense Computacional JR- Pentester JR- Esp. em Segurança de Redes de Computadores com enfâse a Perícia JRForense Computacional - FACID JR- Bacharel em Ciência da Computação - UESPI JR- Administrador de Redes de Computadores JR- CCNA Modulo II JR- Lattes: *http://lattes.cnpq.br/1591329268136905* JR Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se JR você não for o destinatário ou a pessoa autorizada a receber esta mensagem, JR não deve usar, copiar ou divulgar as informações nela contida ou tomar JR qualquer ação baseada nessas informações. -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de
Re: [Samba] Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
Jaco, I am also having problems joining an existing Win2k3 domain using samba 4.0.10. Today I tried 4.1.0, same story (I get a drsuapi.DsBindInfoFallBack object has no attribute--see a few messages above in the mailing list). Now in desperation I am trying samba-head. What concerns me is that previous version of samba4 I could bind OK to the domain (but then had problems with replication, so I had to start over). By the way, are you running in Win2003 functional level? Did you install Group Policy Client Side Extensions for Windows Server 2003 (KB943729)? Hi Greg My passwords are correct and account i am using to join with is valid, and works properly! Grato Jacó Ramos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
On 11/10/13 16:36, Jacó Ramos wrote: With SAMBA_INTERNAL works properly! Grato. Jacó Ramos 2013/10/11 Jacó Ramos j4c0r4...@gmail.com Hi Greg My passwords are correct and account i am using to join with is valid, and works properly! Grato Jacó Ramos 2013/10/11 Gregory Sloop gr...@sloop.net Wild guess: The errors I see all have to do with an account that doesn't have a password, the password is expired etc. Are you *sure* the account you're using to join with is valid, and works properly in other contexts? Do some google searches on: [SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0] and you'll see what I mean. That doesn't mean that's the problem, but that's what I get out of it - perhaps incorrectly. -Greg JR Hi guys, JR When run join in DC JR root@samba4:~# samba-tool domain join jacoramos.net.br DC -Uadministrador JR --realm=jacoramos.net.br --dns-backend=BIND9_DLZ JR Finding a writeable DC for domain 'jacoramos.net.br' JR Found DC win2003.jacoramos.net.br JR Password for [WORKGROUP\administrador]: JR workgroup is JACORAMOS JR realm is jacoramos.net.br JR checking sAMAccountName JR Adding CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br JR Adding JR CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Adding CN=NTDS JR Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Adding SPNs to CN=SAMBA4,OU=Domain JR Controllers,DC=jacoramos,DC=net,DC=br JR Setting account password for SAMBA4$ JR Enabling account JR Adding DNS account JR CN=dns-SAMBA4,CN=Users,DC=jacoramos,DC=net,DC=br with JR dns/ SPN JR Join failed - cleaning up JR checking sAMAccountName JR Deleted CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br JR Deleted CN=NTDS JR Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR Deleted JR CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br JR ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - JR 052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, JR line 175, in _run JR return self.run(*args, **kwargs) JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line JR 552, in run JR machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 1169, in join_DC JR ctx.do_join() JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 1072, in do_join JR ctx.join_add_objects() JR File JR /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line JR 616, in join_add_objects JR ctx.samdb.add(msg) JR root@samba4:~# JR --- JR Anyone have any ideas? JR -- JR *O homem não foi criado para ser feliz nem para vencer, mas para viver JR para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes JR * JR * JR $whoami* JR- Perito Forense Computacional JR- Pentester JR- Esp. em Segurança de Redes de Computadores com enfâse a Perícia JRForense Computacional - FACID JR- Bacharel em Ciência da Computação - UESPI JR- Administrador de Redes de Computadores JR- CCNA Modulo II JR- Lattes: *http://lattes.cnpq.br/1591329268136905* JR Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se JR você não for o destinatário ou a pessoa autorizada a receber esta mensagem, JR não deve usar, copiar ou divulgar as informações nela contida ou tomar JR qualquer ação baseada nessas informações. -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. Hi, I had a similar problem when I tried to add a second DC to my small domain, the first DC was using bind 9 and I tried to add the second DC with the internal DNS server and it failed very similarly to the OP. I had to install bind 9 on the second DC before it would join, I also seem to remember somebody else having the same problem. Does this mean that if are joining another DC, it has to be configured like the first DC ? Rowland -- To unsubscribe
Re: [Samba] Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
My Windows 2003 domain an forest functional Level is 2003. And not have Group Policy Client Side Extensions for Windows Server 2003 (KB943729) Grato. Jacó Ramos 2013/10/11 Mauricio Alvarez maurialvarez...@rocketmail.com Jaco, I am also having problems joining an existing Win2k3 domain using samba 4.0.10. Today I tried 4.1.0, same story (I get a drsuapi.DsBindInfoFallBack object has no attribute--see a few messages above in the mailing list). Now in desperation I am trying samba-head. What concerns me is that previous version of samba4 I could bind OK to the domain (but then had problems with replication, so I had to start over). By the way, are you running in Win2003 functional level? Did you install Group Policy Client Side Extensions for Windows Server 2003 (KB943729)? Hi Greg My passwords are correct and account i am using to join with is valid, and works properly! Grato Jacó Ramos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using samba 4 as plugin replacement for samba 3
Klaus, Good luck. It should be easy, but considering the state of documentation (re your Please update documentation message: I totaly agree, btw) it might only sound easy. As an idea, I spent a whole morning trying to get samba 4.0.10 to share a single directory. After pulling my hair, at last I was running smbd in debug console; after seeing Abnormal server exit: smbXsrv_session_logoff_all failed and dumping core in /usr/local/samba/var/cores/smbd I finally decided to sudo apt-get install samba. Guess what? in 2 minutes the file share was working right and the client (an IP camera) immediately connected and stoped complaining. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - PDC - RHEL6 - Slow browsing from Mac clients
On Fri, Oct 11, 2013 at 11:36:41AM +, Paul Older wrote: I think I'm unravelling the mystery I have on this one. I believe the situation to be as follows: * Apple used to deploy the actual open source Samba system with it OSX. * A few years ago, Samba made changes to their licensing meaning Apple could apparently no longer use it in a commercial release (so I've read) No No No ! Apple could apparently no longer use it in a commercial release I *hate* this myth, it's *completely* untrue. Where did you read this ? Samba changed from GPLv2+ to GPLv3+, a license that Apple lawyers helped to create (they were on the committees that did so). GPLv3 has provisions protecting projects from software patents asserted by contributing companies against Samba users and developers. Apple decided they didn't want to share their software patents with Samba or other companies using Samba, so decided to remove *all* GPLv3 software from their products. IBM, Google, HP, and many, many other large companies do not have a problem with GPLv3 code in commercial products, only Apple. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ
I need start bind9 before to domain join with BIND9_DLZ ? Thanks! Jacó Ramos 2013/10/11 Jacó Ramos j4c0r4...@gmail.com My Windows 2003 domain an forest functional Level is 2003. And not have Group Policy Client Side Extensions for Windows Server 2003 (KB943729) Grato. Jacó Ramos 2013/10/11 Mauricio Alvarez maurialvarez...@rocketmail.com Jaco, I am also having problems joining an existing Win2k3 domain using samba 4.0.10. Today I tried 4.1.0, same story (I get a drsuapi.DsBindInfoFallBack object has no attribute--see a few messages above in the mailing list). Now in desperation I am trying samba-head. What concerns me is that previous version of samba4 I could bind OK to the domain (but then had problems with replication, so I had to start over). By the way, are you running in Win2003 functional level? Did you install Group Policy Client Side Extensions for Windows Server 2003 (KB943729)? Hi Greg My passwords are correct and account i am using to join with is valid, and works properly! Grato Jacó Ramos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - PDC - RHEL6 - Slow browsing from Mac clients
On 11/10/2013 17:04, Jeremy Allison j...@samba.org wrote: On Fri, Oct 11, 2013 at 11:36:41AM +, Paul Older wrote: * A few years ago, Samba made changes to their licensing meaning Apple could apparently no longer use it in a commercial release (so I've read) No No No ! Apple could apparently no longer use it in a commercial release I *hate* this myth, it's *completely* untrue. Where did you read this ? Apologies - my source is quite unofficial and now also apparently wrong. For info, I read it here: http://www.tuaw.com/2011/03/24/apple-to-drop-samba-networking-tools-from-li on As Mac OS X adopted more of Samba's tools, the team behind Samba gradually transformed the open source licensing for its software. The latest version of Samba is offered only with General Public License Version 3 (GPLv3 http://www.gnu.org/licenses/gpl.html) licensing, which includes restrictions that essentially prevent Apple from incorporating it into commercially packaged software like Mac OS X. __ Fresh Tech Ltd - www.fresh-tech.it email security by www.fresh-tech.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group by name fails
On Fri, 2013-10-11 at 10:16 -0400, Lee Allen wrote: Samba 3.6.17 joined to Samba 4.2.0 AD domain, using winbind 'wbinfo -g' and 'getent group' successfully list all groups. 'getent group 10006' returns: domain users:x:10006: 'getent group domain users' fails with return code 2 partial log.winbind after above command: [2013/10/11 10:01:31.288199, 3] winbindd/winbindd_misc.c:384(winbindd_interface_version) [31911]: request interface version [2013/10/11 10:01:31.288288, 3] winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir) [31911]: request location of privileged pipe [2013/10/11 10:01:31.288421, 3] winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send) getgrnam domain users [2013/10/11 10:01:31.288520, 3] winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid) msrpc_name_to_sid: name=DOMAIN\USERS [2013/10/11 10:01:31.288547, 3] winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid) name_to_sid [rpc] DOMAIN\USERS for domain DOMAIN if I specify the domain name, ie: 'getent group ALLENLAN\\domain users' it still fails... [2013/10/11 10:02:18.280728, 3] winbindd/winbindd_misc.c:384(winbindd_interface_version) [31925]: request interface version [2013/10/11 10:02:18.280823, 3] winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir) [31925]: request location of privileged pipe [2013/10/11 10:02:18.280940, 3] winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send) getgrnam ALLENLAN\domain users [2013/10/11 10:02:18.281033, 3] winbindd/winbindd_msrpc.c:252(msrpc_name_to_sid) msrpc_name_to_sid: name=ALLENLAN\DOMAIN\USERS [2013/10/11 10:02:18.281060, 3] winbindd/winbindd_msrpc.c:266(msrpc_name_to_sid) name_to_sid [rpc] ALLENLAN\DOMAIN\USERS for domain ALLENLAN\DOMAIN Note the missing space in DOMAIN\USERS in the logs. I don't know whether this is relevant. 'getent passwd' does not have any such problems - it can query by UID or username smb.conf: [global] workgroup = ALLENLAN realm = allenlan.net password server = 192.168.0.13 preferred master = no server string = zone-samba3 security = ads encrypt passwords = yes log level = 3 log file = /var/log/samba/%m max log size = 50 printcap name = cups printing = cups winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind nested groups = yes winbind separator = \ idmap config * : backend = ad idmap config * : range = 1-10 Quite a bit missing here. Try: idmap config * : backend = tdb idmap config * : range = 9800-9900 idmap config ALLENLAN : default = yes idmap config ALLENLAN : schema mode = rfc2307 idmap config ALLENLAN : backend = ad idmap config ALLENLAN : range = 1-100 HTH Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - PDC - RHEL6 - Slow browsing from Mac clients
On Fri, Oct 11, 2013 at 04:15:35PM +, Paul Older wrote: On 11/10/2013 17:04, Jeremy Allison j...@samba.org wrote: On Fri, Oct 11, 2013 at 11:36:41AM +, Paul Older wrote: * A few years ago, Samba made changes to their licensing meaning Apple could apparently no longer use it in a commercial release (so I've read) No No No ! Apple could apparently no longer use it in a commercial release I *hate* this myth, it's *completely* untrue. Where did you read this ? Apologies - my source is quite unofficial and now also apparently wrong. For info, I read it here: http://www.tuaw.com/2011/03/24/apple-to-drop-samba-networking-tools-from-li on As Mac OS X adopted more of Samba's tools, the team behind Samba gradually transformed the open source licensing for its software. The latest version of Samba is offered only with General Public License Version 3 (GPLv3 http://www.gnu.org/licenses/gpl.html) licensing, which includes restrictions that essentially prevent Apple from incorporating it into commercially packaged software like Mac OS X. essentially prevent == Stops Apple from suing Samba or Samba users over their patents. Is how you have to read that. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4.0.10 - 4.1.0 - master can no longer join existing Win2003 domain?
Hello, I can NO LONGER join the existing win 2003 domain (functional level win 2003, I also have installed Group Policy Client Side Extensions for Windows Server 2003). I am running on Ubuntu Server 13.04. I have tried Samba 4.0.10, 4.1.0 and also, in desperation, samba-master. I managed to join the domain with samba 4.0.8 (not sure if it was .8 or .9, it was in mid-September), downloaded via git, compiled and followed the wiki. All was running OK for some time, until I found out it wan no longer replicating. Then I noticed WERR_VERSION_MISMATCH errors when running drs showrepl. Since I was no longer able to demote the Samba4 DC, I decided to manualy delete from the Win2003, delete the samba4 directories and start over. Now when I try join the domain it fails with ERROR(type 'exceptions.AttributeError'): uncaught exception - 'drsuapi.DsBindInfoFallBack' object has no attribute 'supported_extensions' I tried google but I have no idea what this error means. All versions of Samba4 I tried give same error. I am sure I am doing exactly all the steps I did when I managed to join the domain the first time, and also on the Wiki. I am probably missing something. Can anybody please please please help or at least point me in the right direction? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] centos 6.4 SELinux and connecting to homes
I setup of centos 6.4 box. The smb.conf file under SELinux notes said to run this command to share home directories. setsebool -P samba_enable_home_dirs on On the windows machine when I make a connection to \\server.name\homesfile:///\\server.name\homes I get the usual login prompt, but I cannot login. I provide my samba username and password but it fails to log me in. My ipaddress is in the hosts allow = line. Is there something else needed to use samba in SELinux? I can connect fine to my fedora and redhat boxes, which are not SELinux. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Rights Issues - one user getting: Primary group is 0 and contains 0 supplementary groups on standalone server
Greetings, We are having some rights issues on Samba 3.6.18 running on Slackware64 14.0 (the official Slackware Package). One of our users is having access issues and I believe I have traced the problem to the following entry in the log.smbd: Primary group is 0 and contains 0 supplementary groups Issuing the groups command for this user returns the 8 Linux groups in which the user has membership. In researching this, I found another reference to this log entry for which the solution had to do with Windows groups and their relationship to local groups. Since we are using Samba stand-alone, we do not create any Windows groups and use local Linux groups for privileges. (I'm assuming Samba can still be used this way.) My question is: How does Samba calculate these group memberships? I'll look through the source code and see what I can see, but I am no programming wizard, so I doubt I'll find what I need there. Thanks! Stu... P.S. My apologies if this gets posted to the list twice: I accidentally tried sending it *before* I subscribed again. Oops! -- Stuart Reedy Working hard for a great university! s...@coe.uky.edu 859 257-7966 http://www.coe.uky.edu/~stu/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group by name fails
Steve thank you for pointing that out. I made those changes and it does not effect the results. 'getent group UID' works 'getent group groupname' does not work, for the same group On Fri, Oct 11, 2013 at 12:25 PM, steve st...@steve-ss.com wrote: Quite a bit missing here. Try: idmap config * : backend = tdb idmap config * : range = 9800-9900 idmap config ALLENLAN : default = yes idmap config ALLENLAN : schema mode = rfc2307 idmap config ALLENLAN : backend = ad idmap config ALLENLAN : range = 1-100 HTH Steve -- *Lee Allen* email: l...@leecallen.com bus: (404) 698-1801 home: (716) 773-2326 cell: (716) 880-0854 fax: (716) 408-8844 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.10 - 4.1.0 - master can no longer join existing Win2003 domain?
Hi Maurico... # rm /usr/local/samba/private/sam.ldb and repeat samba-tool domain join ... Thanks Jacó Ramos 2013/10/11 Mauricio Alvarez maurialvarez...@rocketmail.com Hello, I can NO LONGER join the existing win 2003 domain (functional level win 2003, I also have installed Group Policy Client Side Extensions for Windows Server 2003). I am running on Ubuntu Server 13.04. I have tried Samba 4.0.10, 4.1.0 and also, in desperation, samba-master. I managed to join the domain with samba 4.0.8 (not sure if it was .8 or .9, it was in mid-September), downloaded via git, compiled and followed the wiki. All was running OK for some time, until I found out it wan no longer replicating. Then I noticed WERR_VERSION_MISMATCH errors when running drs showrepl. Since I was no longer able to demote the Samba4 DC, I decided to manualy delete from the Win2003, delete the samba4 directories and start over. Now when I try join the domain it fails with ERROR(type 'exceptions.AttributeError'): uncaught exception - 'drsuapi.DsBindInfoFallBack' object has no attribute 'supported_extensions' I tried google but I have no idea what this error means. All versions of Samba4 I tried give same error. I am sure I am doing exactly all the steps I did when I managed to join the domain the first time, and also on the Wiki. I am probably missing something. Can anybody please please please help or at least point me in the right direction? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 4 DC slow users bulk load
it is much clearer, thanks again for your help On Oct 11, 2013 5:23 AM, Andrew Bartlett abart...@samba.org wrote: On Mon, 2013-10-07 at 23:46 +0300, Nikos Mitas wrote: sorry, but can you give me more details about 'full build tree' ? What I was suggesting is that the perf.data file isn't something I can use directly. I need you to run 'perf report -g' on it, and do some of the investigation, because it relies on system-specific symbols. I hope this is clearer. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] My Clients Windows not update DNS in samba4 DC
Hi, I done joining the Samba 4.0.9 Domain Controller to the existing 2003 domain Transfer all roles to samba4 Down in Windows 2003 server Add client windows to domain! But client windows not update DNS in samba4. Any ideas ? Grato. Jacó Ramos -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] My Clients Windows not update DNS in samba4 DC
I need update register SOA in DNS ? Thanks! Jacó Ramos Em 11 de outubro de 2013 15:20, Jacó Ramos j4c0r4...@gmail.com escreveu: Hi, I done joining the Samba 4.0.9 Domain Controller to the existing 2003 domain Transfer all roles to samba4 Down in Windows 2003 server Add client windows to domain! But client windows not update DNS in samba4. Any ideas ? Grato. Jacó Ramos -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- *O homem não foi criado para ser feliz nem para vencer, mas para viver para Deus. Quando vive para Deus é feliz e vence. Isaltino Gomes * * $whoami* - Perito Forense Computacional - Pentester - Esp. em Segurança de Redes de Computadores com enfâse a Perícia Forense Computacional - FACID - Bacharel em Ciência da Computação - UESPI - Administrador de Redes de Computadores - CCNA Modulo II - Lattes: *http://lattes.cnpq.br/1591329268136905* Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deve usar, copiar ou divulgar as informações nela contida ou tomar qualquer ação baseada nessas informações. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group by name fails
On 11/10/13 19:06, Lee Allen wrote: Steve thank you for pointing that out. I made those changes and it does not effect the results. 'getent group UID' works 'getent group groupname' does not work, for the same group On Fri, Oct 11, 2013 at 12:25 PM, steve st...@steve-ss.com wrote: Quite a bit missing here. Try: idmap config * : backend = tdb idmap config * : range = 9800-9900 idmap config ALLENLAN : default = yes idmap config ALLENLAN : schema mode = rfc2307 idmap config ALLENLAN : backend = ad idmap config ALLENLAN : range = 1-100 HTH Steve Hi, have you tried 'getent group Domain\ Users' ? Mind you if all else fails, ditch winbind and use sssd getent group root:x:0: . Domain Admins:*:27: Domain Guests:*:65534: Domain Users:*:100: linuxusers:*:1: getent group 100 users:x:100: getent group users users:x:100: getent group Domain\ Users Domain Users:*:100: getent group Domain Users Domain Users:*:100: getent group domain users The last one is the only one that failed Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.10 - 4.1.0 - master can no longer join existing Win2003 domain?
Hi Jacó Hi Maurico... # rm /usr/local/samba/private/sam.ldb Did an rm -rf /usr/local/samba instead, nothing was working and couldn't demote. Then recompiled. and repeat samba-tool domain join ... Nothing is working. As I said, I tried recompiling three times with three different versions. I am following same steps I made the first time (when it actually joined the domain). Compile, check /etc/krb5.conf, kinit, check klist, then attempt joining the domain. There's an error message drsuapi.DsBindInfoFallBack. Anybody, what does it mean? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] getent group by name fails
Those don't work for me: getent group domain users getent group Domain Users getent group Domain\ Users all fail, returning 2 I will look into sssd On Fri, Oct 11, 2013 at 2:36 PM, Rowland Penny rowlandpe...@googlemail.comwrote: On 11/10/13 19:06, Lee Allen wrote: Steve thank you for pointing that out. I made those changes and it does not effect the results. 'getent group UID' works 'getent group groupname' does not work, for the same group On Fri, Oct 11, 2013 at 12:25 PM, steve st...@steve-ss.com wrote: Quite a bit missing here. Try: idmap config * : backend = tdb idmap config * : range = 9800-9900 idmap config ALLENLAN : default = yes idmap config ALLENLAN : schema mode = rfc2307 idmap config ALLENLAN : backend = ad idmap config ALLENLAN : range = 1-100 HTH Steve Hi, have you tried 'getent group Domain\ Users' ? Mind you if all else fails, ditch winbind and use sssd getent group root:x:0: . Domain Admins:*:27: Domain Guests:*:65534: Domain Users:*:100: linuxusers:*:1: getent group 100 users:x:100: getent group users users:x:100: getent group Domain\ Users Domain Users:*:100: getent group Domain Users Domain Users:*:100: getent group domain users The last one is the only one that failed Rowland -- *Lee Allen* email: l...@leecallen.com bus: (404) 698-1801 home: (716) 773-2326 cell: (716) 880-0854 fax: (716) 408-8844 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba release series
On Fri, 2013-10-11 at 11:27 +0200, Karolin Seeger wrote: On Fri, Oct 11, 2013 at 10:17:31AM +0100, Rowland Penny wrote: On 11/10/13 09:55, Karolin Seeger wrote: Hi, with today's release of Samba 4.1.0, Samba 4.0 has been turned into the maintenance mode and Samba 3.6 into the security fixes only mode. Samba 3.5 is officially unsupported now. For more details on the modi and other release planning information, please see https://wiki.samba.org/index.php/Samba_Release_Planning Cheers, Karolin HI, My, but the release page has gone posh ;-) but shouldn't the 'started' column really be 'released' and I think a few of the boxes require filling in Sure, will do that as soon as possible. While we are talking about the release pages, I wonder with the new colour table on that page, should we remove the Branch policy page, and just fold the text into this page? That way, we don't have two pages to keep updated. (I'm happy to do it, just wanted to ask first). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.1.0 Available for Download
On 2013-10-11 9:49 AM, samba-requ...@lists.samba.org samba-requ...@lists.samba.org wrote: REMOVED COMPONENTS == The Samba Web Administration Tool (SWAT) has been removed. Details why SWAT has been removed can be found on the samba-technical mailing list: https://lists.samba.org/archive/samba-technical/2013-February/090572.html Just curious what was decided about this comment (he has a very excellent point): I have yet to make the jump to Samba4, so I have not seen the version of SWAT designed for it. For me, the primary benefit of SWAT in Samba3 was the ability to use the help link for any parameter to see what that parameter did, what the default was, and what its proper syntax was. For reference, I ran man smb.conf. Viewing full screen, I pressed the Page Down key 34 times and was still in the 1st third of the alphabetical listing of parameters. It's no small wonder that I never used man smb.conf to configure Samba. SWAT was my friend. So, if Samba4 has anywhere near the number of parameters as Samba3, I would be greatly disappointed to see SWAT go away entirely. An html version of the samba-doc package that contained all parameters with links to their definitions/descriptions would be a welcome and suitable replacement. Thanks, Dale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba_upgradedns output
On Wed, 2013-10-09 at 13:22 -0700, Scott Goodwin wrote: When I run: # samba_upgradedns --dns-backend=BIND9_DLZ I get the following: lpcfg_load: refreshing parameters from /etc/samba/smb.conf params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Reading domain information lpcfg_load: refreshing parameters from /etc/samba/smb.conf params.c:pm_process() - Processing configuration file /etc/samba/smb.conf DNS accounts already exist No zone file /var/lib/samba/private/dns/MYDOMAIN.COM.zone DNS records will be automatically created DNS partitions already exist Adding dns-earl account See /var/lib/samba/private/named.conf for an example configuration include file for BIND and /var/lib/samba/private/named.txt for further documentation required for secure DNS updates Finished upgrading DNS What does the line No zone file /var/lib/samba/private/dns/MYDOMAIN.COM.zone mean? Or rather, I know what it means, but what is the file itself supposed to do? In all the Samba4 documentation, I don't see any indication on where this file is supposed to be created. I even see references here: https://wiki.samba.org/index.php/Dns-backend_bind#Interaction_with_AppArmor_or_SELinux (the SELinux settings) where this file is mentioned, but no other indication anywhere on what its purpose is, or what should be in it. I mean, obviously, it's a zone file, but for what? Aren't the zones kept in the tdb files now? Is this a relic from the BIND9_FLATFILE backend, and the documentation hasn't been updated? Patches to the script to clarify this most welcome. A script that was originally only for upgrades from FLATFILE to DLZ was extended, and it should now check for the partition first, before looking for a flat-file. Certainly it shouldn't suggest it is re-generating DNS when it won't do that. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Multiple A records on my parent domain name are confusing hosts
On Tue, 2013-10-08 at 10:23 -0700, Scott Goodwin wrote: I'm using Samba 4.0.9, Bind 9.9.4 w/ dlz My domain is example.com My Samba4 server is myserver.example.com myserver has two nics: 10.10.10.5 and 192.168.10.2 My externally hosted web site is www.example.com, and is hosted at 123.123.123.123 I have an A and CNAME in DNS like so: @ A 123.123.123.123 www CNAME example.com. The above allows internal web browsers to access the external site via www.example.com or example.com. This works great. The problem is that every ten minutes when samb's dns update happens, it keeps putting the following two entries in, which points internal hosts to the dns server, instead of the externally hosted web site: @ A 10.10.10.5 @ A 192.168.10.2 Why do these keep showing up? I'm sure there is a place that the info is coming from, but I don't know where, and I desperately need to prevent this from happening. I mean, don't get me wrong, I realize what the records mean, but what I'm trying to do is prevent them from repopulating and preventing my internal hosts from browsing the web site. I didn't have this problem when I could edit the bind files directly, but now that I'm using bind_dlz for samba, I'm a little lost. The issue is that Samba controls that name, and tries to set it to match the network interfaces of the DC, because AD clients may (few actually do, in this specific case) use this name to find a DC. See dns_update_list. I suggest breaking the CNAME and not using example.com to find your website internally. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Multiple A records on my parent domain name are confusing hosts
AB On Tue, 2013-10-08 at 10:23 -0700, Scott Goodwin wrote: I'm using Samba 4.0.9, Bind 9.9.4 w/ dlz My domain is example.com My Samba4 server is myserver.example.com myserver has two nics: 10.10.10.5 and 192.168.10.2 My externally hosted web site is www.example.com, and is hosted at 123.123.123.123 I have an A and CNAME in DNS like so: @ A 123.123.123.123 www CNAME example.com. The above allows internal web browsers to access the external site via www.example.com or example.com. This works great. The problem is that every ten minutes when samb's dns update happens, it keeps putting the following two entries in, which points internal hosts to the dns server, instead of the externally hosted web site: @ A 10.10.10.5 @ A 192.168.10.2 Why do these keep showing up? I'm sure there is a place that the info is coming from, but I don't know where, and I desperately need to prevent this from happening. I mean, don't get me wrong, I realize what the records mean, but what I'm trying to do is prevent them from repopulating and preventing my internal hosts from browsing the web site. I didn't have this problem when I could edit the bind files directly, but now that I'm using bind_dlz for samba, I'm a little lost. AB The issue is that Samba controls that name, and tries to set it to match AB the network interfaces of the DC, because AD clients may (few actually AB do, in this specific case) use this name to find a DC. See AB dns_update_list. AB I suggest breaking the CNAME and not using example.com to find your AB website internally. Wouldn't it make a lot of sense, provided one had the infrastructure [extra servers/hardware] to handle DNS like this: (And at a smaller site, you could do this in a VM like virtualbox on the same hardware as the S4/AD server - memory is cheap, and at a small site, I/O load is going to be trivial.) --- Setup a DNS+DHCP server, external to/outside of the AD. Say, mydomain.local DHCP and DDNS would apply against mydomain.local Put the S4/Windows AD in a 3rd level domain - say samba.mydomain.local. Point all queries for the 3rd level DNS [samba.mydomain.local] to the AD/ DNS controller. [i.e. A forward zone for samba.mydomain.local - S4AD server] This resolves issues with DHCP/DDNS - since you're not trying to make the AD controller handle it. Next by using something like .local as your 1st level domain, you don't have conflicts with real-world external domains. [And even if you did use something like .com - you could tweak the DNS server to handle it without messing with the AD domain - provided you didn't use anything in that 3rd level domain (samba.mydomain.local) out in the open/public internet.] I know it's extra work, but it just seems to make things a lot cleaner and keeps DNS from becoming such a tangle in AD, IMO Thoughts? -Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 4.1.0 Available for Download
Any infos about update from 4.0.9? Regular way: - download - ./configure - make - make install or some other way? I use 4.0.9 on production server with only 120 clients machines but i don't want to start over configuration. Szymon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 4.1.0 Available for Download
Hello Szymon, Am 11.10.2013 21:53, schrieb Szymon Życiński: Any infos about update from 4.0.9? Regular way: - download - ./configure - make - make install Yes. If there are other steps required, it is mentioned in the release notes. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Announce] Samba 4.1.0 Available for Download
== Insanity: doing the same thing over and over again and expecting different results. Albert Einstein == Release Announcements - This is is the first stable release of Samba 4.1. Samba 4.1 will be the next version of the Samba suite and includes all the technology found in both the Samba4 series and the stable 3.x series. The primary additional features over Samba 3.6 are support for the Active Directory logon protocols used by Windows 2000 and above. Major enhancements in Samba 4.1.0 include: Client tools support SMB2/3 === Samba 4.1.0 contains the first release of our client tools and client library that work over the new protocols SMB2 or SMB3. Note that SMB3 only works either to a Samba server version 4.0.0 or above, or to a Windows Server running Windows 2012 or Windows 8. The default protocol for smbclient and smbcacls is still SMB1 (the NT1 protocol dialect). An SMB2 or SMB3 connection can be selected in one of two ways. The easiest way to test the new protocol connection is to add the -mMAX_PROTOCOL command line switch to either smbclient or smbcacls. For example, to connect using SMB3 with smbclient a user would type: smbclient //server/share -Uuser%password -mSMB3 Another example of connecting using SMB2 using smbcacls would be: smbcacls //server/share -Uuser%password -mSMB2 filename Note that when connecting using SMB2 or SMB3 protocols the UNIX extensions are no longer available inside the smbclient command set. This is due to UNIX extensions not yet being defined for the SMB2 or SMB3 protocols. The second way to select SMB2 or SMB3 connections is to set the client max protocol parameter in the [global] section of your smb.conf. Setting this parameter will cause all client connections from Samba and its client tools to offer the requested max protocol to a server on every connection request. For example, to cause all client tools (including winbindd, rpcclient, and the libsmbclient library) to attempt use SMB3 by default add the line: client max protocol = SMB3 to the [global] section of your smb.conf. This has not been as widely tested as the -mPROTOCOL options, but is intended to work correctly in the final release of 4.1.0. Encrypted transport === Although Samba servers have supported encrypted transport connections using the UNIX extensions for many years, selecting SMB3 transport allows encrypted transport connections to Windows servers that support SMB3, as well as Samba servers. In order to enable this, add the -e option to the smbclient command line. For example, to connect to a Windows 2012 server over SMB3 and select an encrypted transport you would use the following command line: smbclient //Win2012Server/share -Uuser%password -mSMB3 -e Directory database replication (AD DC mode) === Directory replication has been reworked in order to improve the correctness and efficiency. As a net effect of it, replication with other domain controllers with a heavily modified schema is now possible (ie. Windows 2012 DCs or other Windows DC with exchange installed) and replication didn't fail anymore in such environments. Server-Side Copy Support Samba 4.1.0 adds support for server-side copy operations via the SMB2 FSCTL_SRV_COPYCHUNK request. Clients making use of server-side copy support, such as Windows Server 2012, should experience considerable performance improvements for file copy operations, as file data need not traverse the network. This feature is enabled by default on the smbd file server. Btrfs Filesystem Integration The Btrfs VFS module provided with Samba 4.1.0 further improves the performance of server-side copy operations on shares backed by a Btrfs filesystem. It does so by allowing multiple files to share the same on-disk extents, avoiding the unnecessary duplication of source and destination file data during a server-side copy operation. This feature can be explicitly enabled on smbd shares backed by a Btrfs filesystem with the smb.conf parameter: vfs objects = btrfs REMOVED COMPONENTS == The Samba Web Administration Tool (SWAT) has been removed. Details why SWAT has been removed can be found on the samba-technical mailing list: https://lists.samba.org/archive/samba-technical/2013-February/090572.html ## Changes ### smb.conf changes Parameter Name Description Default -- --- --- acl allow execute always New False
[SCM] Samba Shared Repository - branch v4-1-stable updated
The branch, v4-1-stable has been updated via a6fb418 VERSION: Bump version number up to 4.1.0... via 13b7959 WHATSNEW: Add release notes for Samba 4.1.0. via 82d6a43 doc: Update documentation of pam_winbind krb5 support. via 5a55cb6 s3-winbind: Add support for the kernel krb5 keyring buffer. via 58038f6 s3-winbind: Don't set a default directory for DIR. via 996415f Revert Support UPN_DNS_INFO in the PAC via 76c4a51 Merge tag 'samba-4.1.0rc4' into v4-1-test via 7160446 VERSION: Bump version up to 4.1.0rc5... from fcf3fd6 VERSION: Disable git snapshots for the 4.1.0rc4 release. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable - Log - --- Summary of changes: VERSION |2 +- WHATSNEW.txt | 34 +++-- docs-xml/manpages/pam_winbind.conf.5.xml | 26 +++ librpc/idl/krb5pac.idl | 16 ++ source3/winbindd/winbindd_pam.c |4 +- 5 files changed, 49 insertions(+), 33 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 74fa8d6..9576855 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # - 3.0.0rc1 # -SAMBA_VERSION_RC_RELEASE=4 +SAMBA_VERSION_RC_RELEASE= # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index c01cb70..857a7ce 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,10 +1,10 @@ -Release Announcements -= + = + Release Notes for Samba 4.1.0 + October 11, 2013 + = -This is the fourth release candidate of Samba 4.1. This is *not* -intended for production environments and is designed for testing -purposes only. Please report any defects via the Samba bug reporting -system at https://bugzilla.samba.org/. + +This is is the first stable release of Samba 4.1. Samba 4.1 will be the next version of the Samba suite and includes all the technology found in both the Samba4 series and the stable 3.x @@ -12,12 +12,7 @@ series. The primary additional features over Samba 3.6 are support for the Active Directory logon protocols used by Windows 2000 and above. -If you are upgrading, or looking to develop, test or deploy Samba 4.1 -releases candidates, you should backup all configuration and data. - - -NEW FEATURES - +Major enhancements in Samba 4.1.0 include: Client tools support SMB2/3 === @@ -126,6 +121,10 @@ REMOVED COMPONENTS == The Samba Web Administration Tool (SWAT) has been removed. +Details why SWAT has been removed can be found on the samba-technical mailing +list: + +https://lists.samba.org/archive/samba-technical/2013-February/090572.html ## @@ -166,6 +165,17 @@ o David Disseldorp dd...@samba.org SMB2 FSCTL_SRV_COPYCHUNK request. +CHANGES SINCE 4.1.0rc4 +== + +o Stefan Metzmacher me...@samba.org +* BUG 10178: Fix PAC parsing failure. + + +o Andreas Schneider a...@samba.org +* BUG 10132: pam_winbindd: Support the KEYRING ccache type. + + CHANGES SINCE 4.1.0rc3 == diff --git a/docs-xml/manpages/pam_winbind.conf.5.xml b/docs-xml/manpages/pam_winbind.conf.5.xml index be7f684..725e809 100644 --- a/docs-xml/manpages/pam_winbind.conf.5.xml +++ b/docs-xml/manpages/pam_winbind.conf.5.xml @@ -106,16 +106,24 @@ termkrb5_ccache_type = [type]/term listitempara - When pam_winbind is configured to try kerberos authentication by - enabling the parameterkrb5_auth/parameter option, it can - store the retrieved Ticket Granting Ticket (TGT) in a credential - cache. The type of credential cache can be controlled with this - option. The supported values are: parameterFILE/parameter - and parameterDIR/parameter (when the DIR type is supported - by the system's Kerberos library). In case of FILE a credential + When pam_winbind is configured to try kerberos authentication + by enabling the parameterkrb5_auth/parameter option, it can + store the retrieved Ticket Granting Ticket (TGT) in a + credential cache. The type of credential cache can be + controlled with this option. The supported
[SCM] Samba Shared Repository - annotated tag samba-4.1.0 created
The annotated tag, samba-4.1.0 has been created at 7a897961767ce346b69771d512ecb0759a6c1053 (tag) tagging a6fb418be7adccdd583a3b489b58023cfdd392ef (commit) replaces samba-4.1.0rc4 tagged by Karolin Seeger on Fri Oct 11 09:48:16 2013 +0200 - Log - tag samba-4.1.0 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQBSV61HbzORW2Vot+oRAvBGAKCqus1EDTuqs5DXNxKFrYzdJ/R0IACePyOK uFYDCMS04AT2CIOE2aIp/6c= =ae58 -END PGP SIGNATURE- Andreas Schneider (3): s3-winbind: Don't set a default directory for DIR. s3-winbind: Add support for the kernel krb5 keyring buffer. doc: Update documentation of pam_winbind krb5 support. Karolin Seeger (3): VERSION: Bump version up to 4.1.0rc5... WHATSNEW: Add release notes for Samba 4.1.0. VERSION: Bump version number up to 4.1.0... Stefan Metzmacher (2): Merge tag 'samba-4.1.0rc4' into v4-1-test Revert Support UPN_DNS_INFO in the PAC --- -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 1de9bba Announce Samba 4.1.0. from 349f391 Update latest stable release. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 1de9bba7d8a18c9009b129974603392d7b7c641e Author: Karolin Seeger ksee...@samba.org Date: Thu Oct 10 10:36:18 2013 +0200 Announce Samba 4.1.0. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: devel/index.html| 11 +- generated_news/latest_10_bodies.html| 26 +- generated_news/latest_10_headlines.html |4 +- generated_news/latest_2_bodies.html | 22 +- history/header_history.html |1 + history/samba-4.1.0.html| 380 +++ latest_stable_release.html |6 +- 7 files changed, 419 insertions(+), 31 deletions(-) create mode 100755 history/samba-4.1.0.html Changeset truncated at 500 lines: diff --git a/devel/index.html b/devel/index.html index e115481..4ebdf6a 100755 --- a/devel/index.html +++ b/devel/index.html @@ -19,12 +19,17 @@ original Subversion and CVS trees; this would include 3.0.x and 2.2.x versions of Samba, which are no longer in active development. /p -pWith the release of Samba 4.0.0, the 3.6 series has been turned into +pWith the release of Samba 4.1.0, the 4.0 series has been turned into maintenance mode, which means severe bug fixes and security fixes only./p -pThere will be security fixes only for the 3.5 series./p +pThere will be security fixes only for the 3.6 series./p -pThe 3.4 series will be discontinued./p +pThe 3.5 series will be discontinued./p + +pFor more details on the release series, current schedules and release modi, +please see +a href=https://wiki.samba.org/index.php/Samba_Release_Planning;Samba Wiki +Release Planning/a. br / h3Samba Branches/h3 diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index d58a94d..e9145b7 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,16 @@ + h5a name=4.1.011 October 2013/a/h5 + p class=headlineSamba 4.1.0 Available for Download/p + pThis is the first stable release of the Samba 4.1 series./p + +pThe uncompressed tarballs and patch files have been signed +using GnuPG (ID 6568B7EA). The source code can be +a href=http://samba.org/samba/ftp/stable/samba-4.1.0.tar.gz;downloaded +now/a. A a href=http://samba.org/samba/ftp/patches/patch-4.0.10-4.1.0.diffs.gz; +patch against Samba 4.0.10/a is also available. See +a href=http://samba.org/samba/history/samba-4.1.0.html; the release notes + for more info/a./p + + h5a name=4.0.1008 October 2013/a/h5 p class=headlineSamba 4.0.10 Available for Download/p pThis is the latest stable release of the Samba 4.0 series./p @@ -136,16 +149,3 @@ using GnuPG (ID 6568B7EA). The source code can be a href=https://download.samba.org/pub/samba/rc/samba-4.1.0rc1.tar.gz;downloaded now/a. See a href=https://download.samba.org/pub/samba/rc/WHATSNEW-4.1.0rc1.txt;the release notes for more info/a./p - - - h5a name=4.0.702 July 2013/a/h5 - p class=headlineSamba 4.0.7 Available for Download/p - pThis is the latest stable release of the Samba 4.0 series./p - -pThe uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -a href=http://samba.org/samba/ftp/stable/samba-4.0.7.tar.gz;downloaded -now/a. A a href=http://samba.org/samba/ftp/patches/patch-4.0.6-4.0.7.diffs.gz; -patch against Samba 4.0.6/a is also available. See -a href=http://samba.org/samba/history/samba-4.0.7.html; the release notes - for more info/a./p diff --git a/generated_news/latest_10_headlines.html b/generated_news/latest_10_headlines.html index 74858e9..8b64db9 100644 --- a/generated_news/latest_10_headlines.html +++ b/generated_news/latest_10_headlines.html @@ -1,4 +1,6 @@ ul + li 11 October 2013 a href=#4.1.0Samba 4.1.0 Available for Download/a/li + li 08 October 2013 a href=#4.0.10Samba 4.0.10 Available for Download/a/li li 27 September 2013 a href=#4.1.0rc4Samba 4.1.0rc4 Available for @@ -21,6 +23,4 @@ li 11 July 2013 a href=4.1.0rc1Samba 4.1.0rc1 Available for Download/a/li - - li 02 July 2013 a href=#4.0.7Samba 4.0.7 Available for Download/a/li /ul diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index ee3f004..638df61 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -1,3 +1,15 @@ + h5a name=4.1.011 October 2013/a/h5 + p class=headlineSamba 4.1.0 Available for Download/p + pThis is the first stable release of the Samba 4.1 series./p + +pThe uncompressed tarballs and patch files have been
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via af3138e samba-tool domain join subdomain: Rework sambadns.py to allow setup of DomainDNSZone only via d5077ba join.py: Reconnect to the DC based on the DC name in dnsHostName to allow connection to IPC$ via 5a9265d join.py: Remove special full_ncs handling, we only need to updateRefs on an NC we replicate via ca7c3fb join.py: Use ctx.forestdns_zone variable via a8c6dd5 join.py: Correct ctx.forestdns_zone and so remove the need for duplicate repl.replicate() call via 48b979c provision: Remove --username and --password options from samba-tool domain provision from a2d45cf provision/sambadns: CN=MicrosoftDNS,CN=System, is relative to DOMAINDN http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit af3138e9b6813ef88698c3e6eeb280c6e988c4cc Author: Andrew Bartlett abart...@samba.org Date: Mon Sep 9 11:54:23 2013 +1200 samba-tool domain join subdomain: Rework sambadns.py to allow setup of DomainDNSZone only This skips handling the ForestDNSZone when we are setting up a subdomain. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Fri Oct 11 10:27:49 CEST 2013 on sn-devel-104 commit d5077baee26c593eb55cedf90ae440f50aa32e14 Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 25 17:09:30 2013 -0700 join.py: Reconnect to the DC based on the DC name in dnsHostName to allow connection to IPC$ The treeConnectX of the GUID name fails against Windows 2003. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 5a9265de88bd5a1e9582ce57b5c5076826e01a85 Author: Andrew Bartlett abart...@samba.org Date: Fri Oct 11 09:47:29 2013 +1300 join.py: Remove special full_ncs handling, we only need to updateRefs on an NC we replicate Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit ca7c3fb279ba8367e00053fe344a72af063bdbcd Author: Andrew Bartlett abart...@samba.org Date: Fri Oct 11 09:37:41 2013 +1300 join.py: Use ctx.forestdns_zone variable Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit a8c6dd54381412201051fdc78f13e60ec9c47de6 Author: Andrew Bartlett abart...@samba.org Date: Fri Oct 11 09:36:53 2013 +1300 join.py: Correct ctx.forestdns_zone and so remove the need for duplicate repl.replicate() call Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit 48b979c4fec39c8d3b9684b4a759715c0f93e9cc Author: Andrew Bartlett abart...@samba.org Date: Thu Sep 26 10:19:18 2013 -0700 provision: Remove --username and --password options from samba-tool domain provision This avoids confusion, because the LDAP backend does not use these, and they do not set the password for the administrator account either! This may break support for the 'existing' backend LDAP backend, but that is nothing more than a stub for future development anyway, and new work in this area should use EXTERNAL in any case. Signed-off-by: Andrew Bartlett abart...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: python/samba/join.py | 25 +++--- python/samba/netcmd/domain.py | 18 ++--- python/samba/provision/__init__.py| 26 +++--- python/samba/provision/backend.py | 52 +++- python/samba/provision/common.py |5 + python/samba/provision/sambadns.py| 90 + python/samba/upgrade.py |5 +- python/samba/upgradehelpers.py|7 +- source4/scripting/bin/samba_upgradedns|5 +- source4/scripting/bin/samba_upgradeprovision |2 +- source4/setup/provision_dnszones_add.ldif | 51 ++-- source4/setup/provision_dnszones_modify.ldif | 31 ++- source4/setup/provision_dnszones_partitions.ldif |9 +-- source4/setup/tests/blackbox_provision-backend.sh |2 +- 14 files changed, 135 insertions(+), 193 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/join.py b/python/samba/join.py index 2379d5f..9cac8f5 100644 --- a/python/samba/join.py +++ b/python/samba/join.py @@ -24,6 +24,7 @@ from samba import gensec, Ldb, drs_utils import ldb, samba, sys, uuid from samba.ndr import ndr_pack from samba.dcerpc import
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 275f658 s3-winbind: Send online/offline message of the domain to the parent. via fc59416 s3-winbind: Register handlers for domain online/offline messages. via 447ec17 s3-winbind: Add functions for domain online/offline handling. via 1a88463 idl: Add a new message for winbind domain states. from af3138e samba-tool domain join subdomain: Rework sambadns.py to allow setup of DomainDNSZone only http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 275f6586c4d4547978c6ff2f04670b0d8f89fd4b Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 10:03:32 2013 +0200 s3-winbind: Send online/offline message of the domain to the parent. https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org Autobuild-User(master): Volker Lendecke v...@samba.org Autobuild-Date(master): Fri Oct 11 13:37:56 CEST 2013 on sn-devel-104 commit fc5941622010843d823b5c245eccc68d1d3bce19 Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 10:02:27 2013 +0200 s3-winbind: Register handlers for domain online/offline messages. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org commit 447ec17a6bec814a2ac5cadb74dbef5789f07c52 Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 10:01:40 2013 +0200 s3-winbind: Add functions for domain online/offline handling. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org commit 1a884636542ba0e54c6d209662a5d1613d727a85 Author: Andreas Schneider a...@cryptomilk.org Date: Thu Oct 10 09:15:57 2013 +0200 idl: Add a new message for winbind domain states. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10194 Signed-off-by: Andreas Schneider a...@cryptomilk.org Reviewed-by: Volker Lendecke v...@samba.org --- Summary of changes: source3/librpc/idl/messaging.idl |2 + source3/winbindd/winbindd.c |6 +++ source3/winbindd/winbindd_cm.c| 62 + source3/winbindd/winbindd_dual.c |5 +++ source3/winbindd/winbindd_proto.h | 10 ++ 5 files changed, 85 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/librpc/idl/messaging.idl b/source3/librpc/idl/messaging.idl index ddcf0e3..9d16570 100644 --- a/source3/librpc/idl/messaging.idl +++ b/source3/librpc/idl/messaging.idl @@ -100,6 +100,8 @@ interface messaging MSG_WINBIND_VALIDATE_CACHE = 0x0408, MSG_WINBIND_DUMP_DOMAIN_LIST= 0x0409, MSG_WINBIND_IP_DROPPED = 0x040A, + MSG_WINBIND_DOMAIN_ONLINE = 0x040B, + MSG_WINBIND_DOMAIN_OFFLINE = 0x040C, /* event messages */ MSG_DUMP_EVENT_LIST = 0x0500, diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index 953e208..50573ac 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -1168,6 +1168,12 @@ static void winbindd_register_handlers(struct messaging_context *msg_ctx, messaging_register(msg_ctx, NULL, MSG_WINBIND_ONLINESTATUS, winbind_msg_onlinestatus); + /* Handle domain online/offline messages for domains */ + messaging_register(winbind_messaging_context(), NULL, + MSG_WINBIND_DOMAIN_OFFLINE, winbind_msg_domain_offline); + messaging_register(winbind_messaging_context(), NULL, + MSG_WINBIND_DOMAIN_ONLINE, winbind_msg_domain_online); + messaging_register(msg_ctx, NULL, MSG_DUMP_EVENT_LIST, winbind_msg_dump_event_list); diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 3906d3d..0f3e418 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -340,6 +340,46 @@ static void calc_new_online_timeout_check(struct winbindd_domain *domain) } } +void winbind_msg_domain_offline(struct messaging_context *msg_ctx, + void *private_data, + uint32_t msg_type, + struct server_id server_id, + DATA_BLOB *data) +{ + const char *domain_name = (const char *)data-data; + struct winbindd_domain *domain; + + domain = find_domain_from_name_noinit(domain_name); + if (domain == NULL) { + return; + } + + domain-online =
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via dba7804 ntdb: Make sure variables passed by value are initialized. via 13b4dab pidl: fix an error message typo from 275f658 s3-winbind: Send online/offline message of the domain to the parent. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit dba78049eaad7c1d3b28a029e152d7d182582c57 Author: Andreas Schneider a...@samba.org Date: Thu Oct 10 18:23:42 2013 +0200 ntdb: Make sure variables passed by value are initialized. This fixes a GCC warning. Signed-off-by: Andreas Schneider a...@samba.org Reviewed-by: Alexander Bokovoy a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Fri Oct 11 18:05:19 CEST 2013 on sn-devel-104 commit 13b4dab31c3813d3e08578726e8fc1e9e51e6080 Author: Volker Lendecke v...@samba.org Date: Fri Oct 11 11:59:25 2013 +0200 pidl: fix an error message typo Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Andreas Schneider a...@samba.org --- Summary of changes: lib/ntdb/check.c |5 +++-- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm |2 +- 2 files changed, 4 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ntdb/check.c b/lib/ntdb/check.c index 2790c68..5b6e905 100644 --- a/lib/ntdb/check.c +++ b/lib/ntdb/check.c @@ -659,10 +659,11 @@ _PUBLIC_ enum NTDB_ERROR ntdb_check_(struct ntdb_context *ntdb, enum NTDB_ERROR (*check)(NTDB_DATA, NTDB_DATA, void *), void *data) { - ntdb_off_t *fr = NULL, *used = NULL, ft, recovery; + ntdb_off_t *fr = NULL, *used = NULL; + ntdb_off_t ft = 0, recovery = 0; size_t num_free = 0, num_used = 0, num_found = 0, num_ftables = 0, num_capabilities = 0; - uint64_t features; + uint64_t features = 0; enum NTDB_ERROR ecode; if (ntdb-flags NTDB_CANT_CHECK) { diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm index 54b6f13..3deab2e 100644 --- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm +++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm @@ -261,7 +261,7 @@ sub check_fully_dereferenced($$) $nump = $_-{POINTER_INDEX}+1; } } - warning($element-{ORIGINAL}, Got pointer for `$e-{NAME}', expected fully derefenced variable) if ($nump length($ptr)); + warning($element-{ORIGINAL}, Got pointer for `$e-{NAME}', expected fully dereferenced variable) if ($nump length($ptr)); return ($origvar); } } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7a6d240 smbd: Fix the extended *.oplock.doc1 tests via 672c228 torture: Extend the smb2.oplock.doc1 test via 6fbbf94 torture: Extend the raw.oplock.doc1 test from dba7804 ntdb: Make sure variables passed by value are initialized. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7a6d240b7fa5ac365af3b615f154017ac83d0942 Author: Volker Lendecke v...@samba.org Date: Wed Sep 25 18:41:07 2013 -0700 smbd: Fix the extended *.oplock.doc1 tests We need to check for DELETE_PENDING before the first oplock break Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Sat Oct 12 01:56:18 CEST 2013 on sn-devel-104 commit 672c22831032b862a11259ddb1e0cc8ef9ba0d26 Author: Volker Lendecke v...@samba.org Date: Wed Sep 25 23:04:50 2013 -0700 torture: Extend the smb2.oplock.doc1 test If delete_on_close is set, there is no oplock break. Check that. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit 6fbbf94def82132b3c4fd9dcb24d8dae41fca950 Author: Volker Lendecke v...@samba.org Date: Wed Sep 25 19:00:57 2013 -0700 torture: Extend the raw.oplock.doc1 test If delete_on_close is set, there is no oplock break. Check that. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org --- Summary of changes: selftest/knownfail|2 + source3/smbd/open.c | 59 +++-- source4/torture/raw/oplock.c | 28 ++- source4/torture/smb2/oplock.c | 34 +++ 4 files changed, 84 insertions(+), 39 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/knownfail b/selftest/knownfail index 8b89f00..1653cea 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -122,6 +122,7 @@ ^samba4.smb2.rename.share_delete_no_delete_access\(.*\)$ ^samba4.smb2.rename.no_share_delete_no_delete_access\(.*\)$ ^samba4.smb2.rename.msword +^samba4.smb2.oplock.doc ^samba4.smb2.compound.related3 ^samba4.smb2.compound.compound-break ^samba4.winbind.struct.*.show_sequence # Not yet working in winbind @@ -138,6 +139,7 @@ ^samba4.smb2.lock.*.multiple-unlock # bug 6959 ^samba4.raw.sfileinfo.*.end-of-file\(.*\)$ # bug 6962 ^samba4.raw.oplock.*.batch22 # bug 6963 +^samba4.raw.oplock.*.doc1 ^samba4.raw.lock.*.zerobyteread # bug 6974 ^samba4.smb2.lock.*.zerobyteread # bug 6974 ^samba4.raw.streams.*.delete diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 5024c90..6255180 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1093,6 +1093,26 @@ bool is_stat_open(uint32 access_mask) ((access_mask ~stat_open_bits) == 0)); } +static bool has_delete_on_close(struct share_mode_lock *lck, + uint32_t name_hash) +{ + struct share_mode_data *d = lck-data; + uint32_t i; + + if (d-num_share_modes == 0) { + return false; + } + if (!is_delete_on_close_set(lck, name_hash)) { + return false; + } + for (i=0; id-num_share_modes; i++) { + if (!share_mode_stale_pid(d, i)) { + return true; + } + } + return false; +} + / Deal with share modes Invarient: Share mode must be locked on entry and exit. @@ -1113,25 +1133,6 @@ static NTSTATUS open_mode_check(connection_struct *conn, return NT_STATUS_OK; } - /* A delete on close prohibits everything */ - - if (is_delete_on_close_set(lck, name_hash)) { - /* -* Check the delete on close token -* is valid. It could have been left -* after a server crash. -*/ - for(i = 0; i lck-data-num_share_modes; i++) { - if (!share_mode_stale_pid(lck-data, i)) { - - *file_existed = true; - - return NT_STATUS_DELETE_PENDING; - } - } - return NT_STATUS_OK; - } - if (is_stat_open(access_mask)) { /* Stat open that doesn't trigger oplock breaks or share mode * checks... ! JRA. */ @@ -2416,6 +2417,12 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, got_level2_oplock, got_a_none_oplock); + if (has_delete_on_close(lck, fsp-name_hash)) { + TALLOC_FREE(lck); +