Re: [Samba] [Fwd: File Locking and Permissions Issue]
On Wed, May 14, 2008 at 03:30:54PM -0700, Jack Lauman wrote: I'm trying to get Lacerte 2007 Tax Accounting software working on a Samba v3.0.28a based server. When one user is logged in it works fine. When two or more users are accessing the database files it slows to a crawl. But it still does work? I compared the open files with one computer in Lacerte vs. two computers in Lacerte and noticed one thing peculiar: when one computer is using Lacerte, all files are opened with exclusive+batch oplocks including Data1i07.dbf, however when 2 computers are running Lacerte, a few files open without oplocks, notably data1i07.dbf. I have also That's expected. Oplocks with r/w are only possible for exclusive access. I've had a customer experiencing exactly the same issue that you have. Different application, but it was used against Samba in production and it was terribly slow. They tested it against Windows -- it was fast. It turned out that against Samba they had several concurrent users and the test against Windows only had one user. Just the simple operation of copying the file away from the Windows server while the test on Windows was running made the app show exactly the same behaviour against Windows as it formerly had against Samba: It was almost unusably slow because its oplock had been broken. I'm not saying that Samba is bug-free here, but what you are describing really smells like a horrendously badly written Windows application that has never been really tested with multi-user access. Volker pgpSCtUvKyylD.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Fwd: File Locking and Permissions Issue]
Jack Lauman wrote: snip I compared the open files with one computer in Lacerte vs. two computers in Lacerte and noticed one thing peculiar: when one computer is using Lacerte, all files are opened with exclusive+batch oplocks including Data1i07.dbf, however when 2 computers are running Lacerte, a few files open without oplocks, notably data1i07.dbf. I'm assuming that both users need to write to these files? Maybe I'm missing something but this seems to be entirely expected behaviour. Oplocks allow a client to cache data rather than having to constantly sync to the server, obviously if there is more than one client doing this things break. You could use fake oplocks to grant oplocks to all clients, but unless the application is designed for it (which I doubt it is) you will just wind up corrupting your data. If the application is regularly opening and closing files (and therefore possibly being granted oplocks and then having them broken) you might find that performance improves by disabling oplocks altogether (well, performance for multiple users, performance for a single user would suffer). snip I've attached both files to this message. Any help in resolving this matter would be greatly appreciated. I think the list strips non-text attachments, so no excel file. Not that I think it's terribly important since it sounds like your system is working exactly as it should. Thanks, Jack Lauman *Michael Heydon - IT Administratorr * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] creating a master share
sharif islam wrote: On Tue, May 13, 2008 at 6:52 PM, Michael Heydon [EMAIL PROTECTED] wrote: [] snip Or you can use the above force group option to access the files as a group that does have access. Well, the problem is, each folder (such as /www/share1, /www/share2) already has a group associated with it. If I change the linux permission in the /www/ level, that would create problems for the rest of the groups. --s I guess that brings you back to You can use ACLs. *Michael Heydon - IT Administratorr * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba ldap
Hi, I'm new here and I have a doubt... I'm work with windows 2003 server and now i would change to llnux. My doubt regards the share of my server: to authenticate my users what is better: samba tdb or ldap? For us is not necessary an active directory, domain, ecc... I need only a file server and I have arounud 400 users...Anyone have experience? Any suggestions? Thanks in advance! telma -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba ldap
always ldap. Esteban Torres Rodríguez ÁREA DE SOPORTE TÉCNICO - Administración de Servidores Subdirección de Sistemas Informáticos Empresa Pública Desarrollo Agrario y Pesquero, email: [EMAIL PROTECTED] Rosilene Pagani [EMAIL PROTECTED] 15/5/2008 09:23 Hi, I'm new here and I have a doubt... I'm work with windows 2003 server and now i would change to llnux. My doubt regards the share of my server: to authenticate my users what is better: samba tdb or ldap? For us is not necessary an active directory, domain, ecc... I need only a file server and I have arounud 400 users...Anyone have experience? Any suggestions? Thanks in advance! telma -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Re[2]: [samba 3.0.28a, 1) PANIC: tdb_reopen_all failed
Hello Gilles, In your mail from May 12, 2008 (05:47:58) can be read: G On Sun, 11 May 2008 22:09:07 +0200, Marcin Kucharczyk G [EMAIL PROTECTED] wrote: When system (FreeBSD) is closed unexpectedly tdb files are corrupted. After boot samba tries to start, but because of corrupted tdb files it is impossible :( G Thanks. I thought about this, but the server didn't reboot. Restarting G Samba did the trick, but I'm concerned about this error occuring G again. I wish I could downgrade to the n-1 version of the Ports G collection. In provious e-mial you wrote. [2008/05/10 10:29:59, 0] lib/util_tdb.c:tdb_log(664) tdb(/var/db/samba/locking.tdb): tdb_reopen: open failed (No such file or directory) I've looked at the samba start script: /usr/local/etc/rc.d/samba and the file locking.tdb is one of the files deleted before samba starts. Some more files that genetates the error are also deleted, so information No such file or directory is propper. Normally samba creates the files when starts, but sometimes on FreeBSD generates PANIC. I can't repeat the problem manually. Server's power unplug is not an option. TDB files are deleted before samba starts and created when the one starts ... should be created when doesn't exist. So why the error is tdb(/var/db/samba/locking.tdb): tdb_reopen: open failed (No such file or directory)? Why PANIC (pid 43086): tdb_reopen_all failed.? I don't know how completly to solve the problem :( -- Best Regards, Marcin Kucharczyk mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Fwd: File Locking and Permissions Issue]
Michael Heydon wrote: Jack Lauman wrote: snip I compared the open files with one computer in Lacerte vs. two computers in Lacerte and noticed one thing peculiar: when one computer is using Lacerte, all files are opened with exclusive+batch oplocks including Data1i07.dbf, however when 2 computers are running Lacerte, a few files open without oplocks, notably data1i07.dbf. I'm assuming that both users need to write to these files? Maybe I'm missing something but this seems to be entirely expected behaviour. Oplocks allow a client to cache data rather than having to constantly sync to the server, obviously if there is more than one client doing this things break. You could use fake oplocks to grant oplocks to all clients, but unless the application is designed for it (which I doubt it is) you will just wind up corrupting your data. If the application is regularly opening and closing files (and therefore possibly being granted oplocks and then having them broken) you might find that performance improves by disabling oplocks altogether (well, performance for multiple users, performance for a single user would suffer). snip I've attached both files to this message. Any help in resolving this matter would be greatly appreciated. I think the list strips non-text attachments, so no excel file. Not that I think it's terribly important since it sounds like your system is working exactly as it should. Thanks, Jack Lauman *Michael Heydon - IT Administratorr * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Just a thought, but if you're using an enterprise distro, you might be able to cheat the system by granting fake oplocks and using a distributed file system, but there still could be coherency and race conditions under some circumstances. It would probably depend on your usage patterns for the application as to whether you could push the envelope and get away with it. If your access is mostly write once and read thereafter, it might be alright. YMMV. I've always had issues with Office 2000 and multiple users. You can almost feel the whiplash of Access or Excel slowing down the moment a second connection is established. Though, I must admit, I've never had corruption due to concurrent access, so it at least works for the speed trade-off. Unless the app slows down to a crawl, it's probably better safe than sorry. Especially if you're potentially rolling a corrupted file in to your backups. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] monitoring file access levels?
On 5/14/2008, Michael Heydon ([EMAIL PROTECTED]) wrote: Would it be possible to disable USB storage devices I sure would like to find a *reliable* way to disable ONLY USB STORAGE devices, but allow things like keyboards and mice... Anyone? -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba ldap
On 5/15/2008 3:40 AM, Esteban Torres Rodriguez wrote: I'm new here and I have a doubt... I'm work with windows 2003 server and now i would change to llnux. My doubt regards the share of my server: to authenticate my users what is better: samba tdb or ldap? For us is not necessary an active directory, domain, ecc... I need only a file server and I have arounud 400 users...Anyone have experience? Any suggestions? always ldap. Not necessarily... tdb is *very* fast and reliable, much simpler to set up and maintain, and if you don't *need* all the bells and whistles of ldap (high availability, SSO, etc), tdb is the better choice - at least in my opinion... -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
OT - disable USB Mass Storage devices - WAS: Re: Re-2: [Samba] monitoring file access levels?
On 5/15/2008 8:54 AM, [EMAIL PROTECTED] wrote: you disable the USB mass storage service in the windows registry. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR] Type=dword:0001 Start=dword:0003--- Alter me to 1 I think ErrorControl=dword:0001 ImagePath=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\ 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,55,00,53,00,42,00,53,00,54,00,4f,\ 00,52,00,2e,00,53,00,59,00,53,00,00,00 DisplayName=USB Mass Storage Driver I had read about some hacks about a year ago, but they supposedly weren't 100% reliable... Your comment (thanks!) prompted me to do some more searching again, and in case anyone is interested, I found this excellent thread on the topic: http://www.petri.co.il/forums/showthread.php?t=3299 Discusses ways to do this using Polices, and a couple of contributed vb scripts... -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba with ldap of AD
I configured Samba with AD through winbind with *. tdb, but I want to configure samba directly against ldap DP or need to mount a openldap. Is it possible? I want to remove *. tdb. Directly RedHat support: Correcting the permissions on such files and directories can be a very difficult task, requiring significant manual effort, or advanced scripting skills and good backups of the previous idmap. It is for this reason that the tdb default idmap backend is not recommended to be used, especially on any Samba server in which domain users will create files or directories on the filesystem based upon their winbind-enumerated UID and GID numbers. RECOMMENDATION For best results and the least amount of effort required to correct a corrupt idmap TDB file situation, it is highly recommended that the ldap idmap backend be configured for winbind instead. http://kbase.redhat.com/faq/FAQ_71_11158.shtm Esteban Torres Rodríguez ÁREA DE SOPORTE TÉCNICO - Administración de Servidores Subdirección de Sistemas Informáticos Empresa Pública Desarrollo Agrario y Pesquero, email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re-2: [Samba] monitoring file access levels?
you disable the USB mass storage service in the windows registry. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR] Type=dword:0001 Start=dword:0003--- Alter me to 1 I think ErrorControl=dword:0001 ImagePath=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,\ 52,00,49,00,56,00,45,00,52,00,53,00,5c,00,55,00,53,00,42,00,53,00,54,00,4f,\ 00,52,00,2e,00,53,00,59,00,53,00,00,00 DisplayName=USB Mass Storage Driver Original Message Subject: Re: [Samba] monitoring file access levels? (15-May-2008 12:40) From:[EMAIL PROTECTED] To: [EMAIL PROTECTED] On 5/14/2008, Michael Heydon ([EMAIL PROTECTED]) wrote: Would it be possible to disable USB storage devices I sure would like to find a *reliable* way to disable ONLY USB STORAGE devices, but allow things like keyboards and mice... Anyone? -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba To: [EMAIL PROTECTED] Cc: samba@lists.samba.org To: [EMAIL PROTECTED] Cc: samba@lists.samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba ldap
Charles Marcus escreveu: On 5/15/2008 3:40 AM, Esteban Torres Rodriguez wrote: I'm new here and I have a doubt... I'm work with windows 2003 server and now i would change to llnux. My doubt regards the share of my server: to authenticate my users what is better: samba tdb or ldap? For us is not necessary an active directory, domain, ecc... I need only a file server and I have arounud 400 users...Anyone have experience? Any suggestions? always ldap. Not necessarily... tdb is *very* fast and reliable, much simpler to set up and maintain, and if you don't *need* all the bells and whistles of ldap (high availability, SSO, etc), tdb is the better choice - at least in my opinion... Depends of what is needed, in my opinion if an user must have the same password in samba AND any other service, use LDAP. Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Server 2003 Domain Controller Search w/ Workgroup Setup
Hi, I hope someone might understand the problem I am seeing. I will simplify the setup that I have which reproduces the problem: 1) Computer 1 is running Server 2003 with 2 NICS. One is a WAN link with IP address 192.168.1.12. It has a private link with IP 10.0.0.12. 2) Computer 2 is running Centos OS 5.1 with 2 NICS. WAN is at 192.168.1.11, private is at 10.0.0.11. 3) The WAN links are connected via a switch/router while the private links are connected via a null ethernet cable. 4) CentOS 5.1 is running a very basic guest access Samba share. Here is smb.conf: [global] workgroup = WORKGROUP netbios name = repl1 interfaces = eth1 10.0.0.11 guest account = hacluster security = share local master = no preferred master = no wins support = no wins proxy = no dns proxy = no [Content] path = /mnt/content writeable = yes guest ok = yes Here is the problem: I am seeing a roughly 3-5 second daily on initial connection to the Samba share. If I repeat quickly there is no delay. I have used Wireshark to look at a capture on the private link. It appears that the Server 2003 machine is doing a NBNS query for a domain controller for WORKGROUP. It seems to wait several seconds before timeing out and then just connecting directly. The normal NBNS query where 2003 looks for Repl1 (CentOS) works fine. The response immediately comes back as 10.0.0.11. I have tried many permutations and I can't seem to figure how to stop 2003 from trying to find a domain controller in this very simple configuration. Any help would be appreciated here. I'm not sure if this is a 2003 configuration problem or a Samba configuration problem. Thanks, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Password Policy for Samba Ldap PDC
Hello All, I´ve a customer with a problem. They need to apply some policy's in your Samba LDAP (SMBLDAPTOOLS) passwords, like this: - Passwords Expiration - Minimum lenght - History - Quality of Password - Block after 3 incorrect logon attempts Is it possible to do it with the Default Samba schema ? Is there another way to implement ? Thanks for any Help. Best Regards. -- Alexandre Andrade São Paulo - SP [EMAIL PROTECTED] (55 11) 8555-9279 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Password Policy for Samba Ldap PDC
I´ve a customer with a problem. They need to apply some policy's in your Samba LDAP (SMBLDAPTOOLS) passwords, like this: - Passwords Expiration Yes - Minimum lenght Yes - History Yes - Quality of Password No (at least without hackery) - Block after 3 incorrect logon attempts Yes (although I've seen some odd stuff) Is it possible to do it with the Default Samba schema ? Is there another way to implement ? Yes. man pdbedit -- Consonance: an Open Source .NET OpenGroupware client. Contact:[EMAIL PROTECTED] http://freshmeat.net/projects/consonance/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Fwd: File Locking and Permissions Issue]
For some reason the excel file was stripped in my last post. (See below). We would appreciate any help we can get on this. Intuit tried this on their test server and we don't know whats causing the files to open without oplocks when a second user tries to access the database. Thanks, Jack Jack Lauman wrote: Original Message Subject: File Locking and Permissions Issue Date: Wed, 14 May 2008 15:10:28 -0700 From: Jack Lauman [EMAIL PROTECTED] Organization: nwcascades.com To: mailto:samba@lists.samba.org I'm trying to get Lacerte 2007 Tax Accounting software working on a Samba v3.0.28a based server. When one user is logged in it works fine. When two or more users are accessing the database files it slows to a crawl. Lacerte's tech support personnel set up an identical scenereo in their lab. Here's what the found: quote I compared the open files with one computer in Lacerte vs. two computers in Lacerte and noticed one thing peculiar: when one computer is using Lacerte, all files are opened with exclusive+batch oplocks including Data1i07.dbf, however when 2 computers are running Lacerte, a few files open without oplocks, notably data1i07.dbf. I have also attached a copy of my smbstatus output (put into an Excel spreadsheet, computer 1 highlighted in yellow, computer 2 in blue.) This seems to be the same way it was working on your server. One more thing to note - I was logged in as the same user on both workstations - if you can try that configuration and it works, that might clue us in to some kind of permissions issue. /quote I've attached both files to this message. Any help in resolving this matter would be greatly appreciated. Thanks, Jack Lauman Locked files: Pid Uid DenyModeAccess R/W Oplock SharePath Name Time 15314 500 DENY_WRITE 0x20089 RDONLY EXCLUSIVE+BATCH /home/arends/intuit Lacerte/07tax/Setup07/Setup.XML Tue May 13 23:10:24 2008 15001 500 DENY_NONE 0x11 RDONLY NONE /home/arends/intuit . Tue May 13 23:07:44 2008 15314 500 DENY_NONE 0x2019f RDWR EXCLUSIVE+BATCH /home/arends/intuit Lacerte/07tax/IDATA/DATA1I07.DBF Tue May 13 23:10:25 2008 15314 500 DENY_NONE 0x2019f RDWR EXCLUSIVE+BATCH /home/arends/intuit Lacerte/07tax/IDATA/urn/User002.LW7 Tue May 13 23:10:24 2008 15314 500 DENY_WRITE 0x20089 RDONLY EXCLUSIVE+BATCH /home/arends/intuit Lacerte/06tax/OPTION06/OPINDEX.W6 Tue May 13 23:10:24 2008 15314 500 DENY_NONE 0x20089 RDONLY EXCLUSIVE+BATCH /home/arends/intuit Lacerte/07tax/IDATA/DDRIDI07.DAT Tue May 13 23:10:24 2008 15314 500 DENY_NONE 0x2019f RDWR EXCLUSIVE+BATCH /home/arends/intuit Lacerte/07tax/IDATA/DATA1I07.MDX Tue May 13 23:10:17 2008 15314 500 DENY_NONE 0x20089 RDONLY EXCLUSIVE+BATCH /home/arends/intuit Lacerte/07tax/IDATA/urn/User001.LW7 Tue May 13 23:10:24 2008 Locked files: Pid Uid DenyModeAccess R/W Oplock SharePath Name Time 15001 500 DENY_NONE 0x11 RDONLY NONE /home/arends/intuit . Tue May 13 23:07:44 2008 15314 500 DENY_NONE 0x2019f RDWR NONE /home/arends/intuit Lacerte/07tax/IDATA/DATA1I07.DBF Tue May 13 23:10:25 2008 15001 500 DENY_NONE 0x2019f RDWR NONE /home/arends/intuit Lacerte/07tax/IDATA/DATA1I07.DBF Tue May 13 23:11:20 2008 15314 500 DENY_NONE 0x2019f RDWR NONE /home/arends/intuit Lacerte/07tax/IDATA/urn/User002.LW7 Tue May 13 23:10:24 2008 15001 500 DENY_NONE 0x20089 RDONLY EXCLUSIVE+BATCH /home/arends/intuit Lacerte/07tax/IDATA/DDRIDI07.DAT Tue May 13 23:11:16 2008 15001 500 DENY_NONE 0x2019f RDWR EXCLUSIVE+BATCH /home/arends/intuit Lacerte/07tax/IDATA/urn/User003.LW7 Tue May 13 23:11:16 2008 15001 500 DENY_NONE 0x20089 RDONLY EXCLUSIVE+BATCH /home/arends/intuit Lacerte/07tax/IDATA/urn/User001.LW7 Tue May 13 23:11:16 2008 [global] server string = Linux Samba Server V %v workgroup = WORKGROUP interfaces = eth0 127.0.0.1 bind interfaces only = yes security = user log file = /var/log/samba/log.%m time server = yes socket options = TCP_NODELAY IPTOS_LOWDELAY os level = 65 preferred master = yes domain master = yes local master = yes guest account = smbuser printcap name = cups printing = cups wins support = yes use client driver = yes encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no [homes] browsable = no writable = yes [intuit] comment = Lacerte Server path = /home/arends/intuit read only = no guest ok = yes [public] comment = Public file access path = /home/public read only = no create mask = 2775 directory mask = 0775 guest ok = yes
Re: [Samba] [Fwd: File Locking and Permissions Issue]
On Thu, May 15, 2008 at 10:45:51AM -0700, Jack Lauman wrote: For some reason the excel file was stripped in my last post. (See below). We would appreciate any help we can get on this. Intuit tried this on their test server and we don't know whats causing the files to open without oplocks when a second user tries to access the database. Did you read our replies to your initial post at all? If Intuit tells you that they do not know why a second opener does not get an oplock you should really escalate that support issue much, much higher inside their organization. You have have very obviously been put off by some first-level support person that has no clue about the products. Volker pgp0tR0kr5Kt8.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Password Policy for Samba Ldap PDC
Please keep all traffic on the list. Where Can I get pbedit (Download) ? pdbedit is part of the Samba packages. I read some docs about pbedit, Is it possible to integrate pbedit with SMBLDAPTOOLS ? I know nothing about smbldaptools; I don't use them at any of my sites. -- Consonance: an Open Source .NET OpenGroupware client. Contact:[EMAIL PROTECTED] http://freshmeat.net/projects/consonance/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] User invalid SID with home directory - Bueller?
The first part of any SID is the domain portion. It should be pretty constant throughout your domain as I understand things. When dealing with users and groups, the bit after the last dash is the RID or relative ID and it must be unique within the domain. Really really unique! If samba created your user group sids the groups will be odd-numbered and users will be even-numbered. So, for example, the domain SID for my domain looks somewhat like this: SID for domain DARKAGES is: S-1-5-21-267844371-1268535915-2638854549 And the SID for my PDC and BDCs are exactly the same, although other servers (that are not either PDCs or BDCs) have their own unique SIDs. My personal SID looks like this: S-1-5-21-267844371-1268535915-2638854549-1802 Notice my RID of 1802 on the end there? I have a uidNumber of 401 on the POSIX side. The beginning bit seems to define my domain membership, though. If I change the domain SID on my PDC with net setlocalsid I can no longer log in using my own account, apparently because I do not have the right SID. There are ways to get around that involving winbind and/or domain trust accounts - but I can't explain those things because I don't understand them either. My knowledge of CIFS and samba is pretty shallow. We may be off in the weeds here, though - you should check out samba's automagical [homes] share and see if you can make it do what you want without having to do the %U thing. --Charlie On Wed, May 14, 2008 at 6:23 PM, Wes Modes [EMAIL PROTECTED] wrote: It does not. But then the SID of each user doesn't match those of each other either. I've seen that asked before, but are you sure the machine's SID and every user SID should be the same? W. Charlie wrote: If you do a net getlocalsid at your shell prompt on the samba server that hosts the share, does the preamble of the SID returned match that of the SID you see in your error messages? I'm betting not... --Charlie On Tue, May 13, 2008 at 2:39 PM, Wes Modes [EMAIL PROTECTED] wrote: So even though I see this popping up in tons of posts, no one has encountered it and successfully solved the problem or can illuminate the issue? Here's what I did not knowing what else to do: 1. Deleted the account. (smbldap-userdel) 2. Recreated the account (smbldap-useradd) 3. Searched for any files owned by the old user, and chown'd them to the new user It is not an elegant solution, but it is the only one I have now. So far I haven't gotten any accounts that have had the problem reoccur. But I'm waiting to see. Wes Wes Modes wrote: I'm having the problem in which users can access their group shares, but not their home shares. These two shares are defined thusly in smb.conf: [seref] comment = Science Engineering Reference Section path = /data/group/seref valid users = @seref, @seref-read, @admin read list = @seref-read write list = @seref, @admin force group = seref create mask = 0664 directory mask = 0770 [home] comment = %u's Personal Share Directory path = /data/home/%U valid users = %U, @admin write list = %U, @admin create mask = 0600 directory mask = 0700 browseable = No It seems that the %U variable, causes Samba to do a lookup_global_sam_name which fails. [EMAIL PROTECTED] smbclient -Ujoeblow '\\edgar.library.ucsc.edu\home' tree connect failed: NT_STATUS_ACCESS_DENIED Here's the relevant section of the log: passdb/pdb_ldap.c:init_sam_from_ldap(545) init_sam_from_ldap: Entry found for user: joeblow passdb/pdb_ldap.c:init_group_from_ldap(2158) init_group_from_ldap: Entry found for group: 30023 passdb/passdb.c:lookup_global_sam_name(596) User joeblow with invalid SID S-1-5-21-2642364908-3785178431-1037763545-61756 in passdb passdb/pdb_ldap.c:init_group_from_ldap(2158) init_group_from_ldap: Entry found for group: 1001 smbd/service.c:make_connection_snum(616) user 'joeblow' (from session setup) not permitted to access this share (home) Please note that I am not using the ADS security model, nor do I care to at the moment. Here's the significant part of my smb.conf: ### Basic information for server workgroup = MCHSTAFF netbios name = EDGAR server string = Library Samba Server hosts allow = 169.233. hosts allow = 128.114. enable privileges = yes security = user encrypt passwords = yes preferred master = yes domain master = yes domain logons = yes local master = yes username map = /etc/samba/smbusers logon path = wins support = yes dns proxy = no So why I am I getting the failure User joeblow with invalid SID? Wes
Re: [Samba] User invalid SID with home directory - Bueller?
The [homes] share is configured similarly to the [home] share, though one would mount it different: \\fileserver.ucsc.edu\home for the [home] share \\fileserver.ucsc.edu\wmodes for the [homes] share and for users who have the problem, they have the SID problem in mounting both shares. On my server, even for those accounts that work fine, there is little similarity in the SID for the domain and the user's SambaSID, and the SambaPrimaryGroupSID. I am beginning to suspect, I reset the machine SID after I created many of my accounts. And so the old SID somewhere somehow encoded within the user's old SambaSID turns up as invalid. If anybody knows how to specify that I can trust these accounts so I don't have the SID problem, that'd be swell. W. Charlie wrote: The first part of any SID is the domain portion. It should be pretty constant throughout your domain as I understand things. When dealing with users and groups, the bit after the last dash is the RID or relative ID and it must be unique within the domain. Really really unique! If samba created your user group sids the groups will be odd-numbered and users will be even-numbered. So, for example, the domain SID for my domain looks somewhat like this: SID for domain DARKAGES is: S-1-5-21-267844371-1268535915-2638854549 And the SID for my PDC and BDCs are exactly the same, although other servers (that are not either PDCs or BDCs) have their own unique SIDs. My personal SID looks like this: S-1-5-21-267844371-1268535915-2638854549-1802 Notice my RID of 1802 on the end there? I have a uidNumber of 401 on the POSIX side. The beginning bit seems to define my domain membership, though. If I change the domain SID on my PDC with net setlocalsid I can no longer log in using my own account, apparently because I do not have the right SID. There are ways to get around that involving winbind and/or domain trust accounts - but I can't explain those things because I don't understand them either. My knowledge of CIFS and samba is pretty shallow. We may be off in the weeds here, though - you should check out samba's automagical [homes] share and see if you can make it do what you want without having to do the %U thing. --Charlie On Wed, May 14, 2008 at 6:23 PM, Wes Modes [EMAIL PROTECTED] wrote: It does not. But then the SID of each user doesn't match those of each other either. I've seen that asked before, but are you sure the machine's SID and every user SID should be the same? W. Charlie wrote: If you do a net getlocalsid at your shell prompt on the samba server that hosts the share, does the preamble of the SID returned match that of the SID you see in your error messages? I'm betting not... --Charlie On Tue, May 13, 2008 at 2:39 PM, Wes Modes [EMAIL PROTECTED] wrote: So even though I see this popping up in tons of posts, no one has encountered it and successfully solved the problem or can illuminate the issue? Here's what I did not knowing what else to do: 1. Deleted the account. (smbldap-userdel) 2. Recreated the account (smbldap-useradd) 3. Searched for any files owned by the old user, and chown'd them to the new user It is not an elegant solution, but it is the only one I have now. So far I haven't gotten any accounts that have had the problem reoccur. But I'm waiting to see. Wes Wes Modes wrote: I'm having the problem in which users can access their group shares, but not their home shares. These two shares are defined thusly in smb.conf: [seref] comment = Science Engineering Reference Section path = /data/group/seref valid users = @seref, @seref-read, @admin read list = @seref-read write list = @seref, @admin force group = seref create mask = 0664 directory mask = 0770 [home] comment = %u's Personal Share Directory path = /data/home/%U valid users = %U, @admin write list = %U, @admin create mask = 0600 directory mask = 0700 browseable = No It seems that the %U variable, causes Samba to do a lookup_global_sam_name which fails. [EMAIL PROTECTED] smbclient -Ujoeblow '\\edgar.library.ucsc.edu\home' tree connect failed: NT_STATUS_ACCESS_DENIED Here's the relevant section of the log: passdb/pdb_ldap.c:init_sam_from_ldap(545) init_sam_from_ldap: Entry found for user: joeblow passdb/pdb_ldap.c:init_group_from_ldap(2158) init_group_from_ldap: Entry found for group: 30023 passdb/passdb.c:lookup_global_sam_name(596) User joeblow with invalid SID S-1-5-21-2642364908-3785178431-1037763545-61756 in passdb passdb/pdb_ldap.c:init_group_from_ldap(2158) init_group_from_ldap: Entry found for group: 1001 smbd/service.c:make_connection_snum(616) user 'joeblow' (from session setup) not permitted to access this share (home) Please note that I am not using the ADS security
[Samba] Re: PDC replacement
Hello again, Just an update to see if this might help anyone help me, I did upgrade the Debian machine to the newest Samba that it could handle, 3.0.24, but alas I still get the error: Fetching DOMAIN database Failed to fetch domain database: NT code 0x1c010002 Any ideas? Thanks, Bob Bregant McKinley Foundation at the University of Illinois Bob Bregant II wrote: Hi all, I am at a small organization that has been using Samba for authentication for a while now, and I have inherited our Samba setup from our previous administrator. The server is in disrepair software-wise and would really benefit from a good reinstall. The problem is that our Samba implementation is mission-critical, so we need to get it replicated to another machine which can handle the load while the main server is being rebuilt. Enough of the background, here's the question: I have my temp server setup as a BDC (or at least I think that I do) and it is joined to the domain. I am trying to vampire the users off of it, but I always receive the error: Fetching DOMAIN database Failed to fetch domain database: NT code 0x1c010002 Does anyone have any ideas what that is about/how to fix it? Thank you, Bob Bregant McKinley Foundation at the University of Illinois PS~ Here are some of the lines from my temp server's smb.conf: workgroup = MCKINLEY netbios name = ESTHER-TEMP security = user encrypt passwords = true passdb backend = tdbsam domain logons = yes domain master = no preferred master = no PPS~ The old server is a Debian Etch machine on the 2.4.33 kernel with Samba 3.0.14a-Debian. The temporary server is running Ubuntu on the 2.6.22-14 kernel with Samba 3.0.26a. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Per share IP restrictions
Is it possible to restrict access to specific shares by IP? The Hosts Allow directive is a global one, but is there something similar to be more restrictive for admin type shares? Philip -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Per share IP restrictions
On Thu, May 15, 2008 at 11:51:12PM +0200, Philip Kloppers wrote: Is it possible to restrict access to specific shares by IP? The Hosts Allow directive is a global one, but is there something similar to be more restrictive for admin type shares? Shares can have ACLs, which restricts by user, but not by IP address. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Per share IP restrictions
Thanks. I was hoping for some sort of .htaccess to be able to allow or deny unauthenticated users (XP Home clients - cannot join the domain) based on their IP. Would be a nice addition... Philip On 2008-05-15 Jeremy Allison wrote: Shares can have ACLs, which restricts by user, but not by IP address. On Thu, May 15, 2008 at 11:51:12PM +0200, Philip Kloppers wrote: Is it possible to restrict access to specific shares by IP? The Hosts Allow directive is a global one, but is there something similar to be more restrictive for admin type shares? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to join Samba
hope I'm in the right place, I trying to join a samba server to Active Directory. Samba server FreeBSD 6.2 the Active Directory machine is running Windows 2008 Server When I execute net ads join -U Administrator I get the following error /libexec/ld-elf.so.1: /usr/lib/libkrb5.so.8: Undefined symbol init_error_table does any body know how to fix this error? If I execute net rpc join -U Administrator I get a Join domain lab here is the smb.conf located in FreeBSD /usr/local/etc/ [global] Netbios Name = ROCK idmap uid = 1-2 winbind enum users = yes winbind gid = 1-2 workgroup = LAB os level = 20 winbind enum groups = yes socket address = 192.168.124.23 password server = * preferred master = no winbind separator = + max log size = 50 log file = /var/log/samba3/log.%m encrypt passwords = yes dns proxy = no realm = lab.net security = ADS wins server = 192.168.124.23 wins proxy = no [homes] comment = Home Directories valid users = %S read only = NO browseable = yes writable = yes create mask = 0777 admin users = Administrator [test] comment = TestingADintegration browseable = yes writeable = yes path = /home/usr inherit acls = yes inherit permissions = yes directory mask = 700 valid users = @lab.net+SSCSusers admin users = @lab.net+Administrator Please help? Thanks, in advance! - Augustin _ Windows Live SkyDrive lets you share files with faraway friends. http://www.windowslive.com/skydrive/overview.html?ocid=TXT_TAGLM_WL_Refresh_skydrive_052008-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NetBIOS name resolution from Linux
Hi all, I set up a Samba server (version 3.0.24) names Lamp on a Debian Etch distribution. It provides a guest (guest ok = yes, guest only = yes, security = SHARE) access to a share directory, which works fine. Indeed, I can access \\lamp\share from a Windows machine (named Ginger) without issuing a password. I can also ping the Linux machine from the Windows one using ping Lamp, and get the Windows machine IP from its NetBIOS name: # nmblookup Ginger querying Ginger on 192.168.1.255 192.168.1.22 Ginger00 But I cannot ping (or, more generally, resolve the name of) the Windows machine from the Linux one: # ping Ginger ping: unknown host Ginger I hence followed the guidelines from those links: http://ubuntuforums.org/archive/index.php/t-182824.html http://www.linuxquestions.org/questions/linux-networking-3/linuxsamba-pdc-cant-resolve-windows-names-622797/ Which means I installed winbind and modified /etc/nsswitch.conf by adding wins to the hosts entry. As I understand it, winbind provides a bridge between nmbd and gethostbyname() by using the Name Service Switch. Please note that I am not interested in the active directory part of winbind, nor in joining a domain, etc. Anyway, after I performed those modifications, ping Ginger actually worked. But then, \\lamp\share could not be accessed anymore (the error message was The specified group does not exist). Now, as soon as I remove the winbind package, I can access \\lamp\share again, but ping Ginger does not work anymore. I've been suggested on #samba to drop winbind and simply add wins support = yes to smb.conf; but then ping Ginger does not work any better. So, can I keep my simple share configuration, *and* integrate NetBIOS name resolution to my Linux system using Name Service Switch? FWIW, I posted my smb.conf here: http://pastebin.ca/1019614 http://pastebin.ca/1019614 and nsswitch.conf here: http://pastebin.ca/1019612 http://pastebin.ca/1019612. Any hint would be greatly approciated. Wht should I look for? Regards. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] monitoring file access levels?
Charles Marcus wrote: I sure would like to find a *reliable* way to disable ONLY USB STORAGE devices, but allow things like keyboards and mice... What have you tried that is unreliable? There are alot of write ups on various ways of disabling the usbstor driver, I haven't tried them myself but I have heard of people using them successfully. Also I believe Vista has some new stuff related to disabling usb storage, although I think it relies on AD GPOs. *Michael Heydon - IT Administratorr * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-0pre3-81-g3ce3384
The branch, v3-2-stable has been updated via 3ce33843d767aad1f01fab20ba4c2bb781f8c21a (commit) via 7eebe088f99d401a0f5e42e1ce593bb2ea74f245 (commit) via c32448b49036a50fc0f6d2b0a2de641144fc049f (commit) via 5beb4e67b24c31ba8294861d71023dff78d96042 (commit) via c8c63401423cf15ba6b56ffa80e60d4da6979a2c (commit) from 784c80a6a3862e092050fb467c37b39d843a1353 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable - Log - commit 3ce33843d767aad1f01fab20ba4c2bb781f8c21a Author: Jeremy Allison [EMAIL PROTECTED] Date: Wed May 14 14:09:02 2008 -0700 Ensure we don't keep searching for sharename if it's not the start of the list. Jeremy. (cherry picked from commit 4d30a6bff9ce8e826f0109e99021d6683ec4299f) commit 7eebe088f99d401a0f5e42e1ce593bb2ea74f245 Author: Jeremy Allison [EMAIL PROTECTED] Date: Tue May 13 15:25:14 2008 -0700 Fix debug message. Jeremy. (cherry picked from commit 0a68f230cd92b97efed2b3bad19a3bf9a750d401) commit c32448b49036a50fc0f6d2b0a2de641144fc049f Author: Jeremy Allison [EMAIL PROTECTED] Date: Tue May 13 15:02:53 2008 -0700 Second part of patch for bug #5460. Cope with pathnames that don't look like \xxx\yyy, cope with arbitrary length. Jeremy. (cherry picked from commit c3328a252430007cd716a406d85fd2a0bbbff607) commit 5beb4e67b24c31ba8294861d71023dff78d96042 Author: Jeremy Allison [EMAIL PROTECTED] Date: Tue May 13 14:03:21 2008 -0700 Fix bug #5460. The problem is RHEL5.0 shipped a CIFS client that sets the DFS bit on pathnames but doesn't send DFS paths. This causes lookups to fail as the smbd/msdfs.c code now just eats the first two parts of the pathname and uses the rest as the local path. The previous hostname check used to protect us from that as we knew that when the hostname was invalid it was a local path (and a broken client). I didn't want to put that check back in, but came up with another idea - even though the hostname can be a different one, the sharename must be valid on this machine. So we can check for a valid sharename instead. Jeremy. (cherry picked from commit 5c6ed7774220dea30c2c8a564648406b4f3eacbf) commit c8c63401423cf15ba6b56ffa80e60d4da6979a2c Author: Jeremy Allison [EMAIL PROTECTED] Date: Wed May 14 14:11:26 2008 -0700 Fix bug #5464. Pointed out by Herb @ Connectathon. In fork_domain_child() we call : CatchChild(); *before* we fork the domain child. This call establishes a signal handler that eats SIGCLD signals and doesn't call sys_select_signal() as the main daemon SIGCLD handler should do. This causes the parent to ignore dead children and time out, instead of calling winbind_child_died() on receipt of the signal. The correct fix is to move the CatchChild call into the child code after the fork. Jeremy. (cherry picked from commit 6da910cc1c6baccbb143f0b2d347e31e9f84c35b) --- Summary of changes: source/smbd/conn.c | 25 +++- source/smbd/msdfs.c | 46 +- source/winbindd/winbindd_dual.c |6 ++-- 3 files changed, 66 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/conn.c b/source/smbd/conn.c index 5aedadc..97861ed 100644 --- a/source/smbd/conn.c +++ b/source/smbd/conn.c @@ -63,10 +63,10 @@ bool conn_snum_used(int snum) return(False); } - / -find a conn given a cnum + Find a conn given a cnum. / + connection_struct *conn_find(unsigned cnum) { int count=0; @@ -84,6 +84,27 @@ connection_struct *conn_find(unsigned cnum) return NULL; } +/ + Find a conn given a service name. +/ + +connection_struct *conn_find_byname(const char *service) +{ + connection_struct *conn; + + for (conn=Connections;conn;conn=conn-next) { + if (strequal(lp_servicename(SNUM(conn)),service)) { + if (conn != Connections) { + /* Promote if not first. */ + DLIST_PROMOTE(Connections, conn); + } + return conn; + } + } + + return NULL; +} + / find first available connection slot, starting from a random position. diff --git a/source/smbd/msdfs.c b/source/smbd/msdfs.c index 4f9e739..eaa66ef 100644 ---
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-2442-ge90a4ce
The branch, v3-3-test has been updated via e90a4ce3c24ab2a33e34da5a9052a3b3ec4db962 (commit) from 95339c0c1ecc49049f1fc176f72a1dcac639e06d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit e90a4ce3c24ab2a33e34da5a9052a3b3ec4db962 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu May 15 09:42:37 2008 +0200 Fix build warning. Guenther --- Summary of changes: source/nsswitch/libwbclient/wbc_pam.c |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/nsswitch/libwbclient/wbc_pam.c b/source/nsswitch/libwbclient/wbc_pam.c index a3fb212..0c1a32d 100644 --- a/source/nsswitch/libwbclient/wbc_pam.c +++ b/source/nsswitch/libwbclient/wbc_pam.c @@ -490,7 +490,6 @@ wbcErr wbcLogoffUser(const char *username, struct winbindd_request request; struct winbindd_response response; wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; - struct passwd *pw = NULL; /* validate input */ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-0pre3-82-g2d3f489
The branch, v3-2-stable has been updated via 2d3f4897076663505aec23eb3ffaa1ae54cd39a5 (commit) from 3ce33843d767aad1f01fab20ba4c2bb781f8c21a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable - Log - commit 2d3f4897076663505aec23eb3ffaa1ae54cd39a5 Author: Günther Deschner [EMAIL PROTECTED] Date: Wed May 14 23:50:25 2008 +0200 Fix Bug #5465 (joining with createcomputer=ou1/ou2/ou3). Guenther (cherry picked from commit f3251ba03a69c2fd0335861177159a32b2bc9477) (cherry picked from commit 6d445c134d4d78f8261c998a5a83feaafb01bbca) --- Summary of changes: source/libads/ldap.c| 10 +- source/libnet/libnet_join.c |3 +-- 2 files changed, 6 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libads/ldap.c b/source/libads/ldap.c index 9321302..181da9e 100644 --- a/source/libads/ldap.c +++ b/source/libads/ldap.c @@ -3595,18 +3595,18 @@ const char *ads_get_extended_right_name_by_guid(ADS_STRUCT *ads, ADS_STATUS ads_check_ou_dn(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, - const char *account_ou) + const char **account_ou) { struct ldb_dn *name_dn = NULL; const char *name = NULL; char *ou_string = NULL; - name_dn = ldb_dn_explode(mem_ctx, account_ou); + name_dn = ldb_dn_explode(mem_ctx, *account_ou); if (name_dn) { return ADS_SUCCESS; } - ou_string = ads_ou_string(ads, account_ou); + ou_string = ads_ou_string(ads, *account_ou); if (!ou_string) { return ADS_ERROR_LDAP(LDAP_INVALID_DN_SYNTAX); } @@ -3623,8 +3623,8 @@ ADS_STATUS ads_check_ou_dn(TALLOC_CTX *mem_ctx, return ADS_ERROR_LDAP(LDAP_INVALID_DN_SYNTAX); } - account_ou = talloc_strdup(mem_ctx, name); - if (!account_ou) { + *account_ou = talloc_strdup(mem_ctx, name); + if (!*account_ou) { return ADS_ERROR_LDAP(LDAP_NO_MEMORY); } diff --git a/source/libnet/libnet_join.c b/source/libnet/libnet_join.c index 9834a37..3f48284 100644 --- a/source/libnet/libnet_join.c +++ b/source/libnet/libnet_join.c @@ -207,7 +207,7 @@ static ADS_STATUS libnet_join_precreate_machine_acct(TALLOC_CTX *mem_ctx, const char *attrs[] = { dn, NULL }; bool moved = false; - status = ads_check_ou_dn(mem_ctx, r-in.ads, r-in.account_ou); + status = ads_check_ou_dn(mem_ctx, r-in.ads, r-in.account_ou); if (!ADS_ERR_OK(status)) { return status; } @@ -1486,7 +1486,6 @@ static int libnet_destroy_UnjoinCtx(struct libnet_UnjoinCtx *r) unsetenv(KRB5_ENV_CCNAME); } - return 0; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-0pre3-84-g73c05bb
The branch, v3-2-stable has been updated via 73c05bb8b820c42c5fa820d1cdf6591feb19a244 (commit) via 2e0c41c90ba8e0d9cc857b2f07adb7ddf3cb5f31 (commit) from 2d3f4897076663505aec23eb3ffaa1ae54cd39a5 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable - Log - commit 73c05bb8b820c42c5fa820d1cdf6591feb19a244 Author: Karolin Seeger [EMAIL PROTECTED] Date: Thu May 15 10:38:33 2008 +0200 WHATSNEW: Remove trailing whitespace. Karolin (cherry picked from commit e02673dc0f59b1d6b0ff83ba23fcaa1373ca7a6f) commit 2e0c41c90ba8e0d9cc857b2f07adb7ddf3cb5f31 Author: Karolin Seeger [EMAIL PROTECTED] Date: Thu May 15 10:36:26 2008 +0200 WHATSNEW: Update changes since 3.2.0pre3. Karolin (cherry picked from commit bbad2b9758cff53679188ff5e4fc47db3cc51d65) --- Summary of changes: WHATSNEW.txt |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 102c994..2ad51d2 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -221,6 +221,8 @@ o Jeremy Allison [EMAIL PROTECTED] * BUG 5095: Fix Manage Documents privilege. * BUG 5434: Ensure the loaded password doesn't contain the '\n' at the end. * BUG 5456: Fix missing echo if we ^C at the prompt. +* BUG 5460: Fix DFS referrals. +* BUG 5464: Fix timeout in winbindd. * Fix returning a directory value for a QPATHINFO on a msdfs link with a non-dfs path. @@ -230,6 +232,7 @@ o Alexander Bokovoy [EMAIL PROTECTED] o Günther Deschner [EMAIL PROTECTED] +* BUG 5465: Fix joining with createcomputer=ou1/ou2/ou3. * Fix wins null pointer crash in nss_wins module. * Fix lm session key length in _netr_LogonSamLogon. * Add -f switch for DsGetDCName() example and be more verbose on output. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2329-ge02673d
The branch, v3-2-test has been updated via e02673dc0f59b1d6b0ff83ba23fcaa1373ca7a6f (commit) via bbad2b9758cff53679188ff5e4fc47db3cc51d65 (commit) from 6d445c134d4d78f8261c998a5a83feaafb01bbca (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit e02673dc0f59b1d6b0ff83ba23fcaa1373ca7a6f Author: Karolin Seeger [EMAIL PROTECTED] Date: Thu May 15 10:38:33 2008 +0200 WHATSNEW: Remove trailing whitespace. Karolin commit bbad2b9758cff53679188ff5e4fc47db3cc51d65 Author: Karolin Seeger [EMAIL PROTECTED] Date: Thu May 15 10:36:26 2008 +0200 WHATSNEW: Update changes since 3.2.0pre3. Karolin --- Summary of changes: WHATSNEW.txt |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 102c994..2ad51d2 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -221,6 +221,8 @@ o Jeremy Allison [EMAIL PROTECTED] * BUG 5095: Fix Manage Documents privilege. * BUG 5434: Ensure the loaded password doesn't contain the '\n' at the end. * BUG 5456: Fix missing echo if we ^C at the prompt. +* BUG 5460: Fix DFS referrals. +* BUG 5464: Fix timeout in winbindd. * Fix returning a directory value for a QPATHINFO on a msdfs link with a non-dfs path. @@ -230,6 +232,7 @@ o Alexander Bokovoy [EMAIL PROTECTED] o Günther Deschner [EMAIL PROTECTED] +* BUG 5465: Fix joining with createcomputer=ou1/ou2/ou3. * Fix wins null pointer crash in nss_wins module. * Fix lm session key length in _netr_LogonSamLogon. * Add -f switch for DsGetDCName() example and be more verbose on output. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-0pre3-85-g7191071
The branch, v3-2-stable has been updated via 7191071943868d668fae93403e7f86c719afae89 (commit) from 73c05bb8b820c42c5fa820d1cdf6591feb19a244 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable - Log - commit 7191071943868d668fae93403e7f86c719afae89 Author: Günther Deschner [EMAIL PROTECTED] Date: Mon May 5 16:58:24 2008 +0200 Fix client authentication with -P switch in client tools (Bug 5435). Guenther (cherry picked from commit d077ef64cd1d9bbaeb936566c2c70da508de829f) --- Summary of changes: source/client/client.c |5 source/include/popt_common.h |1 + source/lib/popt_common.c | 30 + source/lib/util.c| 49 +- source/libsmb/cliconnect.c | 22 +- source/rpcclient/rpcclient.c | 15 - source/utils/smbcacls.c | 14 +++- source/utils/smbcquotas.c| 15 - source/utils/smbtree.c |6 + 9 files changed, 122 insertions(+), 35 deletions(-) Changeset truncated at 500 lines: diff --git a/source/client/client.c b/source/client/client.c index 276ffb9..e08fa89 100644 --- a/source/client/client.c +++ b/source/client/client.c @@ -4875,6 +4875,11 @@ static int do_message_op(void) argv[0], get_dyn_CONFIGFILE()); } + if (get_cmdline_auth_info_use_machine_account() + !set_cmdline_auth_info_machine_account_creds()) { + exit(-1); + } + load_interfaces(); if (service_opt service) { diff --git a/source/include/popt_common.h b/source/include/popt_common.h index 9e5503f..c889d2e 100644 --- a/source/include/popt_common.h +++ b/source/include/popt_common.h @@ -50,6 +50,7 @@ struct user_auth_info { bool use_kerberos; int signing_state; bool smb_encrypt; + bool use_machine_account; }; #endif /* _POPT_COMMON_H */ diff --git a/source/lib/popt_common.c b/source/lib/popt_common.c index 8f0f7c6..25e41ab 100644 --- a/source/lib/popt_common.c +++ b/source/lib/popt_common.c @@ -514,35 +514,7 @@ static void popt_common_credentials_callback(poptContext con, } break; case 'P': - { - char *opt_password = NULL; - char *pwd = NULL; - - /* it is very useful to be able to make ads queries as the - machine account for testing purposes and for domain leave */ - - if (!secrets_init()) { - d_printf(ERROR: Unable to open secrets database\n); - exit(1); - } - - opt_password = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL); - - if (!opt_password) { - d_printf(ERROR: Unable to fetch machine password\n); - exit(1); - } - if (asprintf(pwd, %s$, global_myname()) 0) { - exit(ENOMEM); - } - set_cmdline_auth_info_username(pwd); - set_cmdline_auth_info_password(opt_password); - SAFE_FREE(pwd); - SAFE_FREE(opt_password); - - /* machine accounts only work with kerberos */ - set_cmdline_auth_info_use_krb5_ticket(); - } + set_cmdline_auth_info_use_machine_account(); break; case 'N': set_cmdline_auth_info_password(); diff --git a/source/lib/util.c b/source/lib/util.c index 953981e..5f95bcc 100644 --- a/source/lib/util.c +++ b/source/lib/util.c @@ -291,7 +291,8 @@ static struct user_auth_info cmdline_auth_info = { false, /* got_pass */ false, /* use_kerberos */ Undefined, /* signing state */ - false /* smb_encrypt */ + false, /* smb_encrypt */ + false /* use machine account */ }; const char *get_cmdline_auth_info_username(void) @@ -370,6 +371,11 @@ void set_cmdline_auth_info_smb_encrypt(void) cmdline_auth_info.smb_encrypt = true; } +void set_cmdline_auth_info_use_machine_account(void) +{ + cmdline_auth_info.use_machine_account = true; +} + bool get_cmdline_auth_info_got_pass(void) { return cmdline_auth_info.got_pass; @@ -380,6 +386,11 @@ bool get_cmdline_auth_info_smb_encrypt(void) return cmdline_auth_info.smb_encrypt; } +bool get_cmdline_auth_info_use_machine_account(void) +{ + return cmdline_auth_info.use_machine_account; +} + bool get_cmdline_auth_info_copy(struct user_auth_info *info) { *info = cmdline_auth_info;
[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-28a-1167-g4e66123
The branch, v3-0-test has been updated via 4e6612320f1c6d44e98571485f49d647a776edb2 (commit) from 9727d87e7c8748fecf7df5664320507711a7d081 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test - Log - commit 4e6612320f1c6d44e98571485f49d647a776edb2 Author: Karolin Seeger [EMAIL PROTECTED] Date: Thu May 15 15:54:20 2008 +0200 man pages: Downgrade the man pages according to the code. Karolin --- Summary of changes: docs-xml/manpages-3/smbmnt.8.xml | 118 +++ docs-xml/manpages-3/smbmount.8.xml | 344 docs-xml/manpages-3/smbumount.8.xml| 78 + docs-xml/smbdotconf/base/configbackend.xml | 26 -- .../smbdotconf/browse/administrative_share.xml | 16 - .../smbdotconf/ldap/clientldapsaslwrapping.xml | 44 --- docs-xml/smbdotconf/logging/debugclass.xml | 18 - docs-xml/smbdotconf/logging/ldapdebuglevel.xml | 28 -- docs-xml/smbdotconf/logging/ldapdebugthreshold.xml | 16 - docs-xml/smbdotconf/misc/registryshares.xml| 24 -- .../smbdotconf/protocol/minreceivefilesize.xml | 22 -- docs-xml/smbdotconf/security/clientlanmanauth.xml |2 +- .../smbdotconf/security/clientplaintextauth.xml|2 +- docs-xml/smbdotconf/security/lanmanauth.xml|2 +- .../smbdotconf/winbind/winbindexpandgroups.xml | 24 -- docs-xml/smbdotconf/winbind/winbindrpconly.xml | 16 - 16 files changed, 543 insertions(+), 237 deletions(-) create mode 100644 docs-xml/manpages-3/smbmnt.8.xml create mode 100644 docs-xml/manpages-3/smbmount.8.xml create mode 100644 docs-xml/manpages-3/smbumount.8.xml delete mode 100644 docs-xml/smbdotconf/base/configbackend.xml delete mode 100644 docs-xml/smbdotconf/browse/administrative_share.xml delete mode 100644 docs-xml/smbdotconf/ldap/clientldapsaslwrapping.xml delete mode 100644 docs-xml/smbdotconf/logging/debugclass.xml delete mode 100644 docs-xml/smbdotconf/logging/ldapdebuglevel.xml delete mode 100644 docs-xml/smbdotconf/logging/ldapdebugthreshold.xml delete mode 100644 docs-xml/smbdotconf/misc/registryshares.xml delete mode 100644 docs-xml/smbdotconf/protocol/minreceivefilesize.xml delete mode 100644 docs-xml/smbdotconf/winbind/winbindexpandgroups.xml delete mode 100644 docs-xml/smbdotconf/winbind/winbindrpconly.xml Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/smbmnt.8.xml b/docs-xml/manpages-3/smbmnt.8.xml new file mode 100644 index 000..9425ce7 --- /dev/null +++ b/docs-xml/manpages-3/smbmnt.8.xml @@ -0,0 +1,118 @@ +?xml version=1.0 encoding=iso-8859-1? +!DOCTYPE refentry PUBLIC -//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN http://www.samba.org/samba/DTD/samba-doc; +refentry id=smbmnt.8 + +refmeta + refentrytitlesmbmnt/refentrytitle + manvolnum8/manvolnum +/refmeta + + +refnamediv + refnamesmbmnt/refname + refpurposehelper utility for mounting SMB filesystems/refpurpose +/refnamediv + +refsynopsisdiv + cmdsynopsis + commandsmbmnt/command + arg choice=reqmount-point/arg + arg choice=opt-s lt;sharegt;/arg + arg choice=opt-r/arg + arg choice=opt-u lt;uidgt;/arg + arg choice=opt-g lt;gidgt;/arg + arg choice=opt-f lt;maskgt;/arg + arg choice=opt-d lt;maskgt;/arg + arg choice=opt-o lt;optionsgt;/arg + arg choice=opt-h/arg + /cmdsynopsis +/refsynopsisdiv + +refsect1 + titleDESCRIPTION/title + + paracommandsmbmnt/command is a helper application used + by the smbmount program to do the actual mounting of SMB shares. + commandsmbmnt/command can be installed setuid root if you want + normal users to be able to mount their SMB shares./para + + paraA setuid smbmnt will only allow mounts on directories owned + by the user, and that the user has write permission on./para + + paraThe commandsmbmnt/command program is normally invoked + by citerefentryrefentrytitlesmbmount/refentrytitle + manvolnum8/manvolnum/citerefentry. It should not be invoked directly by users. /para + + parasmbmount searches the normal PATH for smbmnt. You must ensure + that the smbmnt version in your path matches the smbmount used./para + +/refsect1 + +refsect1 + titleOPTIONS/title + + variablelist + varlistentry + term-r/term + listitemparamount the filesystem read-only + /para/listitem + /varlistentry + + varlistentry + term-u uid/term + listitemparaspecify the uid that the files will + be owned by /para/listitem + /varlistentry + +
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-2446-g954d099
The branch, v3-3-test has been updated via 954d0998c2c00140addb6ba3845e80ed91e4effc (commit) via e305368538eaa72e3008a5517db3708936924297 (commit) via 255e509474cae92802e90613ccaddb6627ee77cd (commit) via 0388b2f0cc4d14b005c5b42f2c17ddcbc8bef12a (commit) from e90a4ce3c24ab2a33e34da5a9052a3b3ec4db962 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 954d0998c2c00140addb6ba3845e80ed91e4effc Author: Günther Deschner [EMAIL PROTECTED] Date: Thu May 15 17:00:31 2008 +0200 net: Fix net lookup dsgetdcname, no need to pull site ourselves. Guenther commit e305368538eaa72e3008a5517db3708936924297 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu May 15 16:59:46 2008 +0200 dsgetdcname: add site support. Guenther commit 255e509474cae92802e90613ccaddb6627ee77cd Author: Günther Deschner [EMAIL PROTECTED] Date: Thu May 15 16:41:18 2008 +0200 dsgetdcname: check for invalid sitename/flag combinations. Guenther commit 0388b2f0cc4d14b005c5b42f2c17ddcbc8bef12a Author: Günther Deschner [EMAIL PROTECTED] Date: Thu May 15 16:38:32 2008 +0200 libads/cldap: store client sitename also keyed by dns domain name. Guenther --- Summary of changes: source/libads/ldap.c|1 + source/libsmb/dsgetdcname.c | 27 +-- source/utils/net_lookup.c | 14 ++ 3 files changed, 24 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libads/ldap.c b/source/libads/ldap.c index 99fd645..063645f 100644 --- a/source/libads/ldap.c +++ b/source/libads/ldap.c @@ -249,6 +249,7 @@ bool ads_try_connect(ADS_STRUCT *ads, const char *server ) /* Store our site name. */ sitename_store( cldap_reply.domain, cldap_reply.client_site); + sitename_store( cldap_reply.dns_domain, cldap_reply.client_site); ret = true; out: diff --git a/source/libsmb/dsgetdcname.c b/source/libsmb/dsgetdcname.c index 1538502..16148a3 100644 --- a/source/libsmb/dsgetdcname.c +++ b/source/libsmb/dsgetdcname.c @@ -582,7 +582,8 @@ static NTSTATUS dsgetdcname_cached(TALLOC_CTX *mem_ctx, / / -static bool check_allowed_required_flags(uint32_t flags) +static bool check_allowed_required_flags(uint32_t flags, +const char *site_name) { uint32_t return_type = flags (DS_RETURN_FLAT_NAME|DS_RETURN_DNS_NAME); uint32_t offered_type = flags (DS_IS_FLAT_NAME|DS_IS_DNS_NAME); @@ -593,6 +594,10 @@ static bool check_allowed_required_flags(uint32_t flags) debug_dsdcinfo_flags(10, flags); + if ((flags DS_TRY_NEXTCLOSEST_SITE) site_name) { + return false; + } + if (return_type == (DS_RETURN_FLAT_NAME|DS_RETURN_DNS_NAME)) { return false; } @@ -1385,6 +1390,7 @@ NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx, { NTSTATUS status = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; struct netr_DsRGetDCNameInfo *myinfo = NULL; + char *query_site = NULL; DEBUG(10,(dsgetdcname: domain_name: %s, domain_guid: %s, site_name: %s, flags: 0x%08x\n, @@ -1394,34 +1400,43 @@ NTSTATUS dsgetdcname(TALLOC_CTX *mem_ctx, *info = NULL; - if (!check_allowed_required_flags(flags)) { + if (!check_allowed_required_flags(flags, site_name)) { DEBUG(0,(invalid flags specified\n)); return NT_STATUS_INVALID_PARAMETER; } + if (!site_name) { + query_site = sitename_fetch(domain_name); + } else { + query_site = SMB_STRDUP(site_name); + } + if (flags DS_FORCE_REDISCOVERY) { goto rediscover; } status = dsgetdcname_cached(mem_ctx, msg_ctx, domain_name, domain_guid, - flags, site_name, myinfo); + flags, query_site, myinfo); if (NT_STATUS_IS_OK(status)) { *info = myinfo; - return status; + goto done; } if (flags DS_BACKGROUND_ONLY) { - return status; + goto done; } rediscover: status = dsgetdcname_rediscover(mem_ctx, msg_ctx, domain_name, - domain_guid, flags, site_name, + domain_guid, flags, query_site, myinfo); if (NT_STATUS_IS_OK(status)) { *info = myinfo; } + done: + SAFE_FREE(query_site); + return status; } diff --git a/source/utils/net_lookup.c
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-2452-g5b5b293
The branch, v3-3-test has been updated via 5b5b29302b53c31256dfa2fdefead458cb14c560 (commit) via 9ee5ddb96360987675963d629f98051bf34e3031 (commit) via 5dedde7a5b01d47947a8ff49a57e729fe5bfc817 (commit) via b7e8a3f1caf54145d750209f2e14b5b54c61769b (commit) via 889e19303e141e226898f837a637a2d591c75ad9 (commit) via 340a706422cbca45cc63fa94d36c88f6751f4f31 (commit) from 954d0998c2c00140addb6ba3845e80ed91e4effc (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 5b5b29302b53c31256dfa2fdefead458cb14c560 Author: Michael Adam [EMAIL PROTECTED] Date: Thu May 15 16:49:25 2008 +0200 net rpc registry: add a getvalueraw subcommand. Michael commit 9ee5ddb96360987675963d629f98051bf34e3031 Author: Michael Adam [EMAIL PROTECTED] Date: Thu May 15 16:07:06 2008 +0200 net rpc registry: abstract add boolean raw to rpc_registry_getvalue_internal() and wrap it into new rpc_registry_getvalue_full() for the getvalue subcommand. Michael commit 5dedde7a5b01d47947a8ff49a57e729fe5bfc817 Author: Michael Adam [EMAIL PROTECTED] Date: Thu May 15 14:38:01 2008 +0200 net rpc registry: fix usage message of getvalue. Michael commit b7e8a3f1caf54145d750209f2e14b5b54c61769b Author: Michael Adam [EMAIL PROTECTED] Date: Thu May 15 14:35:45 2008 +0200 net registry: add a getvalueraw command to print the value in raw format. Michael commit 889e19303e141e226898f837a637a2d591c75ad9 Author: Michael Adam [EMAIL PROTECTED] Date: Thu May 15 14:34:21 2008 +0200 net registry: refactor core of net_registry_getvalue() out into net_registry_getvalue_internal(), which takes a bool parameter raw controlling the output format. Michael commit 340a706422cbca45cc63fa94d36c88f6751f4f31 Author: Michael Adam [EMAIL PROTECTED] Date: Thu May 15 12:55:54 2008 +0200 net_registry: add raw output of value to print_registry_value(). Michael --- Summary of changes: source/utils/net_registry.c | 23 +++-- source/utils/net_registry_util.c | 45 + source/utils/net_registry_util.h |2 +- source/utils/net_rpc_registry.c | 50 +++-- 4 files changed, 102 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/source/utils/net_registry.c b/source/utils/net_registry.c index 89eadb5..6b3f6ff 100644 --- a/source/utils/net_registry.c +++ b/source/utils/net_registry.c @@ -263,8 +263,8 @@ done: return ret; } -static int net_registry_getvalue(struct net_context *c, int argc, -const char **argv) +static int net_registry_getvalue_internal(struct net_context *c, int argc, + const char **argv, bool raw) { WERROR werr; int ret = -1; @@ -291,7 +291,7 @@ static int net_registry_getvalue(struct net_context *c, int argc, goto done; } - print_registry_value(value); + print_registry_value(value, raw); ret = 0; @@ -300,6 +300,18 @@ done: return ret; } +static int net_registry_getvalue(struct net_context *c, int argc, +const char **argv) +{ + return net_registry_getvalue_internal(c, argc, argv, false); +} + +static int net_registry_getvalueraw(struct net_context *c, int argc, + const char **argv) +{ + return net_registry_getvalue_internal(c, argc, argv, true); +} + static int net_registry_setvalue(struct net_context *c, int argc, const char **argv) { @@ -463,6 +475,11 @@ int net_registry(struct net_context *c, int argc, const char **argv) Print a registry value, }, { + getvalueraw, + net_registry_getvalueraw, + Print a registry value (raw format), + }, + { setvalue, net_registry_setvalue, Set a new registry value diff --git a/source/utils/net_registry_util.c b/source/utils/net_registry_util.c index ca80e60..2783778 100644 --- a/source/utils/net_registry_util.c +++ b/source/utils/net_registry_util.c @@ -32,32 +32,55 @@ void print_registry_key(const char *keyname, NTTIME *modtime) d_printf(\n); } -void print_registry_value(const struct registry_value *valvalue) +void print_registry_value(const struct registry_value *valvalue, bool raw) { - d_printf(Type = %s\n, -reg_type_lookup(valvalue-type)); + if (!raw) { + d_printf(Type = %s\n, +reg_type_lookup(valvalue-type)); +
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-2453-gdb933ae
The branch, v3-3-test has been updated via db933ae1a9877b3485506fc8f0ecae2f2bd8a41f (commit) from 5b5b29302b53c31256dfa2fdefead458cb14c560 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit db933ae1a9877b3485506fc8f0ecae2f2bd8a41f Author: Michael Adam [EMAIL PROTECTED] Date: Thu May 15 18:06:23 2008 +0200 net rpc registry: fix getvalueraw to really print raw... Michael --- Summary of changes: source/utils/net_rpc_registry.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/utils/net_rpc_registry.c b/source/utils/net_rpc_registry.c index a23caf5..bc46fbb 100644 --- a/source/utils/net_rpc_registry.c +++ b/source/utils/net_rpc_registry.c @@ -569,7 +569,7 @@ static NTSTATUS rpc_registry_getvalue_internal(struct net_context *c, goto done; } - print_registry_value(value, false); + print_registry_value(value, raw); done: rpccli_winreg_CloseKey(pipe_hnd, tmp_ctx, key_hnd, NULL); -- Samba Shared Repository
[SCM] CTDB repository - branch master updated - 68029894f80804c9f31fc90ed0c1b58f75812c3d
The branch, master has been updated via 68029894f80804c9f31fc90ed0c1b58f75812c3d (commit) from 2c292039a0139dcf5bb2bd964eb6f8902d094c50 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 68029894f80804c9f31fc90ed0c1b58f75812c3d Author: Ronnie Sahlberg [EMAIL PROTECTED] Date: Fri May 16 08:20:40 2008 +1000 dont disable/enable monitoring for each eventscript, instead just disable the monitoring during the startrecovery event and enable it again once recovery has completed --- Summary of changes: server/ctdb_monitor.c |2 +- server/ctdb_recover.c |4 server/ctdb_takeover.c | 11 --- 3 files changed, 1 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/server/ctdb_monitor.c b/server/ctdb_monitor.c index 05e6643..6526397 100644 --- a/server/ctdb_monitor.c +++ b/server/ctdb_monitor.c @@ -161,7 +161,7 @@ void ctdb_disable_monitoring(struct ctdb_context *ctdb) void ctdb_enable_monitoring(struct ctdb_context *ctdb) { ctdb-monitor-monitoring_mode = CTDB_MONITORING_ACTIVE; - ctdb-monitor-next_interval = 1; + ctdb-monitor-next_interval = 2; DEBUG(DEBUG_INFO,(Monitoring has been enabled\n)); } diff --git a/server/ctdb_recover.c b/server/ctdb_recover.c index 3da3b56..8ca3a8f 100644 --- a/server/ctdb_recover.c +++ b/server/ctdb_recover.c @@ -815,8 +815,6 @@ static void ctdb_start_recovery_callback(struct ctdb_context *ctdb, int status, { struct recovery_callback_state *state = talloc_get_type(p, struct recovery_callback_state); - ctdb_enable_monitoring(ctdb); - if (status != 0) { DEBUG(DEBUG_ERR,(__location__ startrecovery event script failed (status %d)\n, status)); } @@ -851,8 +849,6 @@ int32_t ctdb_control_start_recovery(struct ctdb_context *ctdb, state, startrecovery); if (ret != 0) { - ctdb_enable_monitoring(ctdb); - DEBUG(DEBUG_ERR,(__location__ Failed to start recovery\n)); talloc_free(state); return -1; diff --git a/server/ctdb_takeover.c b/server/ctdb_takeover.c index e3f0a83..517970b 100644 --- a/server/ctdb_takeover.c +++ b/server/ctdb_takeover.c @@ -126,8 +126,6 @@ static void takeover_ip_callback(struct ctdb_context *ctdb, int status, char *ip = inet_ntoa(state-sin-sin_addr); struct ctdb_tcp_array *tcparray; - ctdb_enable_monitoring(ctdb); - if (status != 0) { DEBUG(DEBUG_ERR,(__location__ Failed to takeover IP %s on interface %s\n, ip, state-vnn-iface)); @@ -233,8 +231,6 @@ int32_t ctdb_control_takeover_ip(struct ctdb_context *ctdb, inet_ntoa(pip-sin.sin_addr), vnn-public_netmask_bits, vnn-iface)); - ctdb_disable_monitoring(ctdb); - ret = ctdb_event_script_callback(ctdb, timeval_current_ofs(ctdb-tunable.script_timeout, 0), state, takeover_ip_callback, state, @@ -244,7 +240,6 @@ int32_t ctdb_control_takeover_ip(struct ctdb_context *ctdb, vnn-public_netmask_bits); if (ret != 0) { - ctdb_enable_monitoring(ctdb); DEBUG(DEBUG_ERR,(__location__ Failed to takeover IP %s on interface %s\n, inet_ntoa(pip-sin.sin_addr), vnn-iface)); talloc_free(state); @@ -296,8 +291,6 @@ static void release_ip_callback(struct ctdb_context *ctdb, int status, char *ip = inet_ntoa(state-sin-sin_addr); TDB_DATA data; - ctdb_enable_monitoring(ctdb); - /* send a message to all clients of this node telling them that the cluster has been reconfigured and they should release any sockets on this IP */ @@ -361,8 +354,6 @@ int32_t ctdb_control_release_ip(struct ctdb_context *ctdb, state-vnn = vnn; - ctdb_disable_monitoring(ctdb); - ret = ctdb_event_script_callback(ctdb, timeval_current_ofs(ctdb-tunable.script_timeout, 0), state, release_ip_callback, state, @@ -371,8 +362,6 @@ int32_t ctdb_control_release_ip(struct ctdb_context *ctdb, inet_ntoa(pip-sin.sin_addr), vnn-public_netmask_bits); if (ret != 0) { - ctdb_enable_monitoring(ctdb); - DEBUG(DEBUG_ERR,(__location__ Failed to release IP %s on interface %s\n, inet_ntoa(pip-sin.sin_addr), vnn-iface)); talloc_free(state); -- CTDB repository
[SCM] CTDB repository - branch master updated - 9aa09aee618fa71787c5d0e7c885e83f4d82236c
The branch, master has been updated via 9aa09aee618fa71787c5d0e7c885e83f4d82236c (commit) from 68029894f80804c9f31fc90ed0c1b58f75812c3d (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 9aa09aee618fa71787c5d0e7c885e83f4d82236c Author: Ronnie Sahlberg [EMAIL PROTECTED] Date: Fri May 16 09:21:44 2008 +1000 add machinereadable output support to ctdb getmonmode --- Summary of changes: tools/ctdb.c |8 ++-- 1 files changed, 6 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/tools/ctdb.c b/tools/ctdb.c index 06ebf13..a9839d9 100644 --- a/tools/ctdb.c +++ b/tools/ctdb.c @@ -1189,8 +1189,12 @@ static int control_getmonmode(struct ctdb_context *ctdb, int argc, const char ** DEBUG(DEBUG_ERR, (Unable to get monmode from node %u\n, options.pnn)); return ret; } - printf(Monitoring mode:%s (%d)\n,monmode==CTDB_MONITORING_ACTIVE?ACTIVE:DISABLED,monmode); - + if (!options.machinereadable){ + printf(Monitoring mode:%s (%d)\n,monmode==CTDB_MONITORING_ACTIVE?ACTIVE:DISABLED,monmode); + } else { + printf(:mode:\n); + printf(:%d:\n,monmode); + } return 0; } -- CTDB repository
Build status as of Fri May 16 00:00:02 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-05-15 00:00:33.0 + +++ /home/build/master/cache/broken_results.txt 2008-05-16 00:00:28.0 + @@ -1,4 +1,4 @@ -Build status as of Thu May 15 00:00:02 2008 +Build status as of Fri May 16 00:00:02 2008 Build counts: Tree Total Broken Panic @@ -6,7 +6,7 @@ ccache 31 8 0 ctdb 0 0 0 distcc 1 0 0 -ldb 31 12 0 +ldb 31 13 0 libreplace 30 12 0 lorikeet-heimdal 27 23 0 pidl 17 13 0 @@ -14,9 +14,9 @@ rsync31 13 0 samba-docs 0 0 0 samba-gtk4 4 0 -samba_3_2_test 31 20 0 +samba_3_2_test 31 21 0 samba_4_0_test 29 23 2 -smb-build29 5 0 +smb-build29 6 0 talloc 31 6 0 tdb 31 13 0
[SCM] CTDB repository - branch master updated - f0b98a32be2043a465d4d0ab42e6c2407d9d60f2
The branch, master has been updated via f0b98a32be2043a465d4d0ab42e6c2407d9d60f2 (commit) from 9aa09aee618fa71787c5d0e7c885e83f4d82236c (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit f0b98a32be2043a465d4d0ab42e6c2407d9d60f2 Author: Ronnie Sahlberg [EMAIL PROTECTED] Date: Fri May 16 09:51:42 2008 +1000 new version .38 --- Summary of changes: packaging/RPM/ctdb.spec | 15 ++- 1 files changed, 14 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/packaging/RPM/ctdb.spec b/packaging/RPM/ctdb.spec index a62b91a..41fcc59 100644 --- a/packaging/RPM/ctdb.spec +++ b/packaging/RPM/ctdb.spec @@ -5,7 +5,7 @@ Vendor: Samba Team Packager: Samba Team [EMAIL PROTECTED] Name: ctdb Version: 1.0 -Release: 37 +Release: 38 Epoch: 0 License: GNU GPL version 3 Group: System Environment/Daemons @@ -120,6 +120,19 @@ fi %{_includedir}/ctdb_private.h %changelog +* Fri May 16 2008 : Version 1.0.38 + - Add machine readable output support to ctdb getmonmode + - Lots of tweaks and enhancements if the event scripts are slow + - Merge from tridge: an attempt to break the chicken-and-egg deadlock that + net conf introduces if used from an eventscript. + - Enhance tickles so we can tickle an ipv6 connection. + - Start adding ipv6 support : create a new container to replace sockaddr_in. + - Add a checksum routine for ipv6/tcp + - When starting up ctdb, let the init script do a tdbdump on all + persistent databases and verify that they are good (i.e. not corrupted). + - Try to use safe transactions when writing to a persistent database + that was opened with the TDB_NOSYNC flag. If we can get the transaction + thats great, if we cant we have to write anyway since we cant block here. * Mon May 12 2008 : Version 1.0.37 - When we shutdown ctdb we close the transport down before we run the shutdown eventscripts. If ctdb decides to send a packet to a remote node -- CTDB repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-2461-gf888310
The branch, v3-3-test has been updated via f8883107499ca48db9b0e63718d1d8e384535833 (commit) via 7de8666c722be5dce8520f34a0823eb8767ab5d5 (commit) via 9e7466466d216f99582b03431d5c39875c574470 (commit) via 161e7c32caf5d4fee23e1f9c5e8ea871ad2aa57e (commit) via 5148e99d0951245632650784d18306db74ed87bd (commit) via bccf4da9895afc560ac59ac7ee923b4c5d940d09 (commit) via 95681f066dc070d6552455aabbb27e5487450c5c (commit) via fec017125ce7b4a3ec87c0fc2ba77c570cf57074 (commit) from db933ae1a9877b3485506fc8f0ecae2f2bd8a41f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit f8883107499ca48db9b0e63718d1d8e384535833 Author: Michael Adam [EMAIL PROTECTED] Date: Fri May 16 01:39:12 2008 +0200 packaging: re-introduce Release numbering .ctdb.number This got accidentially (?) replaced by .ctdb.test.date. Michael (cherry picked from commit be62d594bc2b680dfefb4a5050d033b77c08154b) commit 7de8666c722be5dce8520f34a0823eb8767ab5d5 Author: Michael Adam [EMAIL PROTECTED] Date: Fri May 16 01:26:47 2008 +0200 packaging: enable calling RHEL-CTDB/makerpms.sh from other directories Michael (cherry picked from commit 05168aaa8dba85ecc1b74afacdd4d5ddc5825cfa) commit 9e7466466d216f99582b03431d5c39875c574470 Author: Michael Adam [EMAIL PROTECTED] Date: Fri May 16 01:02:56 2008 +0200 packaging: fix RHEL-CTDB build by removing duplicate winbind-32bit paragraphs Michael (cherry picked from commit 29d5a68d95f656d5ca61edc4a10ec8b028597bb5) commit 161e7c32caf5d4fee23e1f9c5e8ea871ad2aa57e Author: Michael Adam [EMAIL PROTECTED] Date: Fri May 16 00:52:46 2008 +0200 packaging: use git-archive in RHEL-CTDB/makerpms.sh (instead of using tar and make distclean and ...) Michael (cherry picked from commit 3ad0f2212720eb5fb33794c033a60f5ea4428c2c) commit 5148e99d0951245632650784d18306db74ed87bd Author: Michael Adam [EMAIL PROTECTED] Date: Fri May 16 00:37:12 2008 +0200 packaging: use docs tarball instead of docs dir in makerpms / samba.spec Michael (cherry picked from commit f28a24d5eac2dcf99e1d00c2daf913dd9912eb4a) commit bccf4da9895afc560ac59ac7ee923b4c5d940d09 Author: Michael Adam [EMAIL PROTECTED] Date: Fri May 16 00:19:59 2008 +0200 packaging: add a comment explaining EXTRA_OPTIONS to the makerpms script Michael (cherry picked from commit 0defc2c60f2ca469d7538c60b7638150c67feb33) commit 95681f066dc070d6552455aabbb27e5487450c5c Author: Michael Adam [EMAIL PROTECTED] Date: Fri May 16 00:15:31 2008 +0200 packaging: fix a comment typo in makerpms script. Michael (cherry picked from commit 6044373d69ae8cb0353e7a03e923462a093da5f0) commit fec017125ce7b4a3ec87c0fc2ba77c570cf57074 Author: Andrew Tridgell [EMAIL PROTECTED] Date: Fri May 9 21:35:08 2008 +1000 merge build changes from Mathias (cherry picked from commit 2c08939f3db19eaaf31cb117e3d541d17a36da5e) --- Summary of changes: packaging/RHEL-CTDB/makerpms.sh | 73 -- packaging/RHEL-CTDB/samba.spec | 12 ++- 2 files changed, 42 insertions(+), 43 deletions(-) Changeset truncated at 500 lines: diff --git a/packaging/RHEL-CTDB/makerpms.sh b/packaging/RHEL-CTDB/makerpms.sh index 6715194..a9d49bc 100755 --- a/packaging/RHEL-CTDB/makerpms.sh +++ b/packaging/RHEL-CTDB/makerpms.sh @@ -11,19 +11,20 @@ # /usr/src/redhat directory # -# set DOCS_DIR to the path to a release tarball docs dir in order to get docs +# set DOCS_TARBALL to the path to a docs release tarball in .tar.bz2 format + +# extra options passed to rpmbuild EXTRA_OPTIONS=$1 SPECDIR=`rpm --eval %_specdir` SRCDIR=`rpm --eval %_sourcedir` -# At this point the SPECDIR and SRCDIR vaiables must have a value! +# At this point the SPECDIR and SRCDIR variables must have a value! -USERID=`id -u` -GRPID=`id -g` VERSION='3.2.0' REVISION='ctdb' SPECFILE=samba.spec +DOCS=docs.tar.bz2 RPMVER=`rpm --version | awk '{print $3}'` RPM=rpmbuild @@ -40,63 +41,51 @@ case $RPMVER in ;; esac -pushd . -cd ../../source -if [ -f Makefile ]; then - make distclean -fi -popd +DIRNAME=$(dirname $0) -pushd . -cd ../../ -SRCTREE=`basename $PWD` -if [ $DOCS_DIR ] [ -d $DOCS_DIR ]; then -mv docs docs-orig -ln -s $DOCS_DIR docs -fi -cd ../ -chown -R ${USERID}.${GRPID} $SRCTREE -if [ ! -d samba-${VERSION} ]; then - ln -s $SRCTREE samba-${VERSION} || exit 1 -fi +pushd ${DIRNAME}/../.. echo -n Creating samba-${VERSION}.tar.bz2 ... -tar --exclude=.svn --exclude=.bzr --exclude=.bzrignore --exclude=docs-orig -chf - samba-${VERSION}/. | bzip2 ${SRCDIR}/samba-${VERSION}.tar.bz2 +git archive --prefix=samba-${VERSION}/ HEAD | bzip2 ${SRCDIR}/samba-${VERSION}.tar.bz2 +RC=$?
[SCM] CTDB repository - branch master updated - d32b16a4e5ecc31563c6f2767e7d483f3d980284
The branch, master has been updated via d32b16a4e5ecc31563c6f2767e7d483f3d980284 (commit) from f0b98a32be2043a465d4d0ab42e6c2407d9d60f2 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit d32b16a4e5ecc31563c6f2767e7d483f3d980284 Author: Ronnie Sahlberg [EMAIL PROTECTED] Date: Fri May 16 15:14:17 2008 +1000 When ctdb has just been installed on a node, there wont be any persistent databases stored yet. Fix a cosmetic and annoying warning message when running service ctdb start and supress printing out that warning your ls command to find the persistent databases didnt find any ... --- Summary of changes: config/ctdb.init |3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/config/ctdb.init b/config/ctdb.init index 95845d1..88ecc77 100755 --- a/config/ctdb.init +++ b/config/ctdb.init @@ -91,7 +91,8 @@ start() { [ -z $CTDB_DBDIR ] || { PERSISTENT_DB_DIR=$CTDB_DBDIR/persistent } - for PDBASE in `ls $PERSISTENT_DB_DIR/*.tdb.[0-9]`; do + mkdir -p $PERSISTENT_DB_DIR 2/dev/null + for PDBASE in `ls $PERSISTENT_DB_DIR/*.tdb.[0-9] 2/dev/null`; do /usr/bin/tdbdump $PDBASE /dev/null 2/dev/null || { echo Persistent database $PDBASE is corrupted! CTDB will not start. return 1 -- CTDB repository