Re: [Samba] Migrate to NTLM V2
The hashes stored are not NTLMv1 or v2, that's the protocol that uses the hashes. The stored hashes are MD4. So you don't need to convert any hashes in LDAP to go to NTLMv2 protocol security. Jeremy. Thank you Jeremy ... that makes things much easier :) regards martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cross subnet browsing + OpenVPN
Sorry about the delay, family emergency to deal with. browse sync shares the info across them. I tried putting the specific IP addresses of the local master browsers into the browse sync but it still doesn't seem to spread everything across all the subnets. From what I understand, the remote announce tells the WINS server to broadcast across the remote subnets and remote On 06/07/10 13:50, t...@tms3.com wrote: SNIP Hi All, I'm having a problem with cross subnet browsing and name resolution across an openvpn tunnel. i've found quite a few people who've had the same on mail lists but none of their fixes have worked. The spec of the setups at both ends of the tunnel are as follows: remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 This looks odd to me. remote announce = wins server ip/DOMNAME remote browse sync = wins server ip NEEDED in both smb.conf wins server = wins server ip Can't remember default for this setting so enhanced browsing = Yes in both smb.conf DHCP should point clients to headoffice for WINS. WINS proxy is not useful. OS - CentOS 5.5 Samba Version 3.5.4 OpenVPN Version 2.0.9-1 Each server is configured in gateway mode with two NICS, one to the lan and the other to a modem/router. The first machine, HEADOFFICE, has an internal IP address of 192.168.0.1 and an external of 192.168.10.4. The second machine, REMOTE1, has an internal address of 192.168.1.254 and an external of 192.168.20.4. On openVPN, I have configured client to client and routes and iroutes to allow machines on each network to ping machines at the other end as well as the server IP's. So far so good and I can ping any machine on either subnet from anywhere and get a reply. The servers are configured as Samba servers with the HEADOFFICE machine working as a PDC, DMC and WINS server and the REMOTE1 machine configured as a BDC and WINS proxy. In order to maintain logon facilities in the event of broadband failure, I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates and password changes propogate successfully from one site to the other. If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it works perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet fails on name resolution while entering \\192.168.1.254\ brings up Windows Explorer and a list of shares. I've included the remote browse entries in smb.conf on the PDC and have WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP back to the WINS server. Port scanning the internal IP of each machine from the oher end of the tunnel returns a full set of open ports for the services I'm using but no IP. If anyone can spot what I'm doing wrong I'd be grateful. Thanks. smb.conf - HEADOFFICE ### Included 2nd subnet for second remote site in browse sync [ global] workgroup = NEWDOM netbios name = HEADOFFICE security = user enable privileges = yes interfaces = 192.168.0.1 127.0.0.1 # hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0 194.168.2.0/255.255.255.0 127.0.0.1 remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 wins support = yes name resolve order = wins hosts bcast username map = /etc/samba/smbusers server string = Samba Server %v encrypt passwords = Yes ldap ssl = no unix password sync = yes ldap passwd sync = no passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = Changing *\nNew password* %n\n *Retype new password* %n\n # public = yes # browseable = yes # lm announce = yes # browse list = yes # auto services = yes log level = 3 syslog = 0 log file = /var/log/samba/log.%U max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 local master = Yes domain logons = Yes domain master = Yes os level = 65 preferred master = Yes wins support = yes passdb backend = ldapsam:ldap://127.0.0.1 ldap admin dn = cn=Manager,dc=newdom,dc=ldm ldap suffix = dc=newdom,dc=ldm ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u add group script = /usr/sbin/smbldap-groupadd -p %g #delete group script
Re: [Samba] Cross subnet browsing + OpenVPN
Am 09.07.2010 11:37, schrieb Julian Pilfold-Bagwell: Sorry about the delay, family emergency to deal with. browse sync shares the info across them. I tried putting the specific IP addresses of the local master browsers into the browse sync but it still doesn't seem to spread everything across all the subnets. you should use tap interfaces with openvpn From what I understand, the remote announce tells the WINS server to broadcast across the remote subnets and remote On 06/07/10 13:50, t...@tms3.com wrote: SNIP Hi All, I'm having a problem with cross subnet browsing and name resolution across an openvpn tunnel. i've found quite a few people who've had the same on mail lists but none of their fixes have worked. The spec of the setups at both ends of the tunnel are as follows: remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 This looks odd to me. remote announce = wins server ip/DOMNAME remote browse sync = wins server ip NEEDED in both smb.conf wins server = wins server ip Can't remember default for this setting so enhanced browsing = Yes in both smb.conf DHCP should point clients to headoffice for WINS. WINS proxy is not useful. OS - CentOS 5.5 Samba Version 3.5.4 OpenVPN Version 2.0.9-1 Each server is configured in gateway mode with two NICS, one to the lan and the other to a modem/router. The first machine, HEADOFFICE, has an internal IP address of 192.168.0.1 and an external of 192.168.10.4. The second machine, REMOTE1, has an internal address of 192.168.1.254 and an external of 192.168.20.4. On openVPN, I have configured client to client and routes and iroutes to allow machines on each network to ping machines at the other end as well as the server IP's. So far so good and I can ping any machine on either subnet from anywhere and get a reply. The servers are configured as Samba servers with the HEADOFFICE machine working as a PDC, DMC and WINS server and the REMOTE1 machine configured as a BDC and WINS proxy. In order to maintain logon facilities in the event of broadband failure, I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates and password changes propogate successfully from one site to the other. If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it works perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet fails on name resolution while entering \\192.168.1.254\ brings up Windows Explorer and a list of shares. I've included the remote browse entries in smb.conf on the PDC and have WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP back to the WINS server. Port scanning the internal IP of each machine from the oher end of the tunnel returns a full set of open ports for the services I'm using but no IP. If anyone can spot what I'm doing wrong I'd be grateful. Thanks. smb.conf - HEADOFFICE ### Included 2nd subnet for second remote site in browse sync [ global] workgroup = NEWDOM netbios name = HEADOFFICE security = user enable privileges = yes interfaces = 192.168.0.1 127.0.0.1 # hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0 194.168.2.0/255.255.255.0 127.0.0.1 remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 wins support = yes name resolve order = wins hosts bcast username map = /etc/samba/smbusers server string = Samba Server %v encrypt passwords = Yes ldap ssl = no unix password sync = yes ldap passwd sync = no passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = Changing *\nNew password* %n\n *Retype new password* %n\n # public = yes # browseable = yes # lm announce = yes # browse list = yes # auto services = yes log level = 3 syslog = 0 log file = /var/log/samba/log.%U max log size = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 local master = Yes domain logons = Yes domain master = Yes os level = 65 preferred master = Yes wins support = yes passdb backend = ldapsam:ldap://127.0.0.1 ldap admin dn = cn=Manager,dc=newdom,dc=ldm ldap suffix = dc=newdom,dc=ldm ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes delete
Re: [Samba] Migrate to NTLM V2
Can you post the list if this works? A while back I tried changing smb.conf settings to require NTLM v2. I then tried logging in (via remote desktop) to a Win 2003 machine and was unable too. This wasn't critical so changed smb.conf back to allowing NTLM v1. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Martin Hochreiter Sent: Friday, July 09, 2010 2:54 AM To: samba@lists.samba.org Subject: Re: [Samba] Migrate to NTLM V2 The hashes stored are not NTLMv1 or v2, that's the protocol that uses the hashes. The stored hashes are MD4. So you don't need to convert any hashes in LDAP to go to NTLMv2 protocol security. Jeremy. Thank you Jeremy ... that makes things much easier :) regards martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] two PDCs
Hello, I have a PDC with master ldap backend and a BDC with slave ldap backend (both are SaMBa 3.2 on Debian Lenny). I want to install an additional SaMBa server on an another site (on Debian Squeeze). The two sites is connected with VPN (on not so reliable ADSL lines). I read an interesting network scenario in the Samba Guide chapter 6: theoretically it is possible to install one PDC on both site, with the same domain, server name, and SID. I like this idea, but: is there anyone who tried that, have experience with it? Thank you, in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Regarding S4 and libnss_winbind.so
The wiki suggests to build it out of source3/ which is what samba5x is based on. So you can install it from there. On Thu, Jul 8, 2010 at 11:33 PM, t...@tms3.com wrote: Apparently this didn't/doesn't build on FreeBSD by default...or is it doesn't build at all. If it is buildable, what should I do to build it, as without it...see wiki: http://wiki.samba.org/index.php/Samba4/Winbind -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] One account can access samba, another can't.
On Thu, 2010-07-08 at 21:07 -0500, Stan Hoeppner wrote: Michael Sullivan put forth on 7/8/2010 2:41 PM: [homes] path=/samba/michael valid users=michael writable=yes path=/samba/amy valid users=amy writeable=yes I'd suggest you set the UNIX HOME variable to match these non standard home paths. For instance, the default UNIX home dir is set as, in my case: [08:57:34][s...@greer]~$ set .. HOME=/home/stan .. In your case, set the HOME variable for each UNIX user account according to the correct but non standard path you are using: HOME=/samba/michael HOME=/samba/amy Read your distro documentation on how to set the user HOME variable. After you've done so, you should be able to use something like this in smb.conf: [homes] comment = Home Directories browseable = no read only = no create mask = 0775 directory mask = 0775 valid users = %S with success. There are probably other ways to skin this cat, but this is the setup I've been using and it works perfectly, albeit on Debian Lenny with Samba 3.2.5 (workgroup--not a domain controller). Once you've done this you can browse Windows Network Neighborhood and map the user home share to a drive letter. -- Stan I wish to keep the Unix home directories (/home/*) separate from the Samba homes. -Michael Sullivan- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] One account can access samba, another can't.SOLVED
On Thu, 2010-07-08 at 19:25 -0700, t...@tms3.com wrote: SNIP mich...@carter ~ $ smbclient //carter/homes/michael Yep. You need to use the home path stuff. Alternatively you could, just to make it very easy #Share for michael [MICHEAL] path = /samba/michael (etc.) #Share for amy [AMY] path = /samba/amy (etc.) Then the mount from cifs, or windoze is Thank you. I think this one is solved. For now, until I manage to screw it up again. Thank you again for your help... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cross subnet browsing + OpenVPN
--- Original message --- Subject: Re: [Samba] Cross subnet browsing + OpenVPN From: Robert Schetterer rob...@schetterer.org To: samba@lists.samba.org Date: Friday, 09/07/2010 3:05 AM Am 09.07.2010 11:37, schrieb Julian Pilfold-Bagwell: Sorry about the delay, family emergency to deal with. browse sync shares the info across them. I tried putting the specific IP addresses of the local master browsers into the browse sync but it still doesn't seem to spread everything across all the subnets. you should use tap interfaces with openvpn This is a matter of network design, and has nothing to do whatsoever with the issue at hand. Further: Server configuration file dev tun ifconfig 10.8.0.1 10.8.0.2 secret static.keyClient configuration file remote myremote.mydomain dev tun ifconfig 10.8.0.2 10.8.0.1 secret static.key From: http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html Which makes for a nice network to network setup for two locations connected via a wan link. Why not shift the discussion to weather we should use IPSEC and racoon instead of OpenVPN, or perhaps we should scrap all that and argue that he should be using Cisco vpn gateways altogether? GUH! From what I understand, the remote announce tells the WINS server to broadcast across the remote subnets and remote On 06/07/10 13:50, t...@tms3.com wrote: SNIP Hi All, I'm having a problem with cross subnet browsing and name resolution across an openvpn tunnel. i've found quite a few people who've had the same on mail lists but none of their fixes have worked. The spec of the setups at both ends of the tunnel are as follows: remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 This looks odd to me. remote announce = wins server ip/DOMNAME remote browse sync = wins server ip NEEDED in both smb.conf wins server = wins server ip Can't remember default for this setting so enhanced browsing = Yes in both smb.conf DHCP should point clients to headoffice for WINS. WINS proxy is not useful. OS - CentOS 5.5 Samba Version 3.5.4 OpenVPN Version 2.0.9-1 Each server is configured in gateway mode with two NICS, one to the lan and the other to a modem/router. The first machine, HEADOFFICE, has an internal IP address of 192.168.0.1 and an external of 192.168.10.4. The second machine, REMOTE1, has an internal address of 192.168.1.254 and an external of 192.168.20.4. On openVPN, I have configured client to client and routes and iroutes to allow machines on each network to ping machines at the other end as well as the server IP's. So far so good and I can ping any machine on either subnet from anywhere and get a reply. The servers are configured as Samba servers with the HEADOFFICE machine working as a PDC, DMC and WINS server and the REMOTE1 machine configured as a BDC and WINS proxy. In order to maintain logon facilities in the event of broadband failure, I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates and password changes propogate successfully from one site to the other. If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it works perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet fails on name resolution while entering \\192.168.1.254\ brings up Windows Explorer and a list of shares. I've included the remote browse entries in smb.conf on the PDC and have WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP back to the WINS server. Port scanning the internal IP of each machine from the oher end of the tunnel returns a full set of open ports for the services I'm using but no IP. If anyone can spot what I'm doing wrong I'd be grateful. Thanks. smb.conf - HEADOFFICE ### Included 2nd subnet for second remote site in browse sync [ global] workgroup = NEWDOM netbios name = HEADOFFICE security = user enable privileges = yes interfaces = 192.168.0.1 127.0.0.1 # hosts allow = 192.168.0.0/255.255.255.0 192.168.1.0/255.255.255.0 194.168.2.0/255.255.255.0 127.0.0.1 remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 wins support = yes name resolve order = wins hosts bcast username map = /etc/samba/smbusers server string = Samba Server %v encrypt passwords = Yes ldap ssl = no unix password sync = yes ldap passwd sync = no passwd program = /usr/sbin/smbldap-passwd -u %u passwd chat = Changing *\nNew password* %n\n *Retype
Re: [Samba] Regarding S4 and libnss_winbind.so
The wiki suggests to build it out of source3/ which is what samba5x is based on. So you can install it from there. Yeah, reread that after posting, but the build for source3 fails round about the kerberos build: 81rc2# pwd /usr/ports/distfiles/samba-master/source3 81rc2# gmake Using CFLAGS = -g -DDEBUG_PASSWORD -DDEVELOPER -g -Wall -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Wdeclaration-after-statement -Werror-implicit-function-declaration -I. -I/usr/ports/distfiles/samba-master/source3 -I/usr/ports/distfiles/samba-master/source3/../lib/iniparser/src -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/tevent -I./libaddns -I./librpc -I./.. -I../lib/tdb/include -DHAVE_CONFIG_H -I/usr/local/include -DLDAP_DEPRECATED -I/usr/ports/distfiles/samba-master/source3/lib -I.. -I../source4 -D_SAMBA_BUILD_=3 -D_SAMBA_BUILD_=3 PICFLAG= -fPIC -DPIC LIBS = -liconv LDFLAGS= -pie -Wl,-z,relro -Wl,--as-needed -L./bin -L/usr/local/lib DYNEXP = -Wl,--export-dynamic LDSHFLAGS = -fPIC -DPIC -shared -Wl,-z,relro -Wl,--as-needed -L./bin -L/usr/local/lib -lc -Wl,-z,defs SHLIBEXT = so SONAMEFLAG = -Wl,-soname, Compiling libsmb/clikrb5.c libsmb/clikrb5.c:1653:2: error: #error UNKNOWN_KRB5_ENCTYPE_TO_STRING_FUNCTION libsmb/clikrb5.c: In function 'smb_krb5_enctype_to_string': libsmb/clikrb5.c:1655: warning: control reaches end of non-void function libsmb/clikrb5.c: In function 'smb_krb5_principal_get_realm': libsmb/clikrb5.c:2262: warning: return discards qualifiers from pointer target type The following command failed: gcc -g -DDEBUG_PASSWORD -DDEVELOPER -g -Wall -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Wdeclaration-after-statement -Werror-implicit-function-declaration -I. -I/usr/ports/distfiles/samba-master/source3 -I/usr/ports/distfiles/samba-master/source3/../lib/iniparser/src -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/tevent -I./libaddns -I./librpc -I./.. -I../lib/tdb/include -DHAVE_CONFIG_H -I/usr/local/include -DLDAP_DEPRECATED -I/usr/ports/distfiles/samba-master/source3/lib -I.. -I../source4 -D_SAMBA_BUILD_=3 -D_SAMBA_BUILD_=3 -fPIC -DPIC -c libsmb/clikrb5.c -o libsmb/clikrb5.o gmake: *** [libsmb/clikrb5.o] Error 1 Further, I cannot find this library file on a Samba3.4.8 machine FreeBSD8.0 system where winbindd and nss are working splendidly: zaphod# find / -name libnss_winbind.so -print zaphod# So, just curious what I should be looking for. Cheers, TMS III On Thu, Jul 8, 2010 at 11:33 PM, t...@tms3.com wrote: Apparently this didn't/doesn't build on FreeBSD by default...or is it doesn't build at all. If it is buildable, what should I do to build it, as without it...see wiki: http://wiki.samba.org/index.php/Samba4/Winbind -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] two PDCs
On Friday 09/07/2010 at 4:36 am, Tamás Pisch wrote: Hello, I have a PDC with master ldap backend and a BDC with slave ldap backend (both are SaMBa 3.2 on Debian Lenny). I want to install an additional SaMBa server on an another site (on Debian Squeeze). The two sites is connected with VPN (on not so reliable ADSL lines). I read an interesting network scenario in the Samba Guide chapter 6: theoretically it is possible to install one PDC on both site, with the same domain, server name, and SID. I like this idea, but: is there anyone who tried that, have experience with it? No, but your best option is to simply use LDAP replication and install an LDAP server on the remote location server. This way, auth traffic on the remote is always local (saving bandwidth) and is available regardless of the link being up or down. Do the same with DNS, and you'll be quite happy with the results as will your users. Thank you, in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] two PDCs
I think the multi-master replication sort-of defeats the purpose of the PDC in the remote office - multi-master replication means the information must be sent to both servers anyway. If I recall correctly, I think Chapter 6 refers to running BDC's in each remote office, and only one PDC... I played with this once, and I got it working by setting up a PDC and BDC in the main office, a BDC (not PDC) in the remote office, and using LDAP's new multi-master replication to keep everything in sync. Throw in your DNS database, and It works, it's cool, but I think it was so not worth the effort (unless you have nothing better to do with your 20% time). I spent a whole lot of time making sure the configs were perfect for the mult-master replication. The thing that threw the monkey-wrench is DNS and DHCP...I ended up putting all the DHCP information into the LDAP as well, with defined IP addresses for every MAC, because DHCPd updates the DNS when a new user requests an IP address. Since I put a DHCP server on both sides of the VPN, I needed multi-master replication for the DNS information so the computers could find each other. In the end, I dumped the MAC addresses from my hardware catalog into the LDAP, and preassigned all the IP's to reduce the number of writes to the LDAP server. I found it is much easier to set up two separate domains and have them trust each other, using different branches of the same LDAP tree. Then, let one server write to one branch, the other server write to the other branch, and do multi-master replication between them. That way, there is no worrying about simultaneous updates or any of that jazz. Not as cool...or as elegant, but it made my life easier by isolating problems. I did the same for the DNS information, setting up separate zones for each physical office. Since the information was in the same tree, it was much easier to configure mail servers and other services needing directory information, and since I did not delegate the branches, the mail server (only in the main office) did not need to read off my remote directories over VPN. Of course, my users only visited each others' offices occasionally. If you have tons of movement between the offices, a one-domain solution may be forced upon you... On Fri, Jul 9, 2010 at 8:58 AM, t...@tms3.com wrote: On Friday 09/07/2010 at 4:36 am, Tamás Pisch wrote: Hello, I have a PDC with master ldap backend and a BDC with slave ldap backend (both are SaMBa 3.2 on Debian Lenny). I want to install an additional SaMBa server on an another site (on Debian Squeeze). The two sites is connected with VPN (on not so reliable ADSL lines). I read an interesting network scenario in the Samba Guide chapter 6: theoretically it is possible to install one PDC on both site, with the same domain, server name, and SID. I like this idea, but: is there anyone who tried that, have experience with it? No, but your best option is to simply use LDAP replication and install an LDAP server on the remote location server. This way, auth traffic on the remote is always local (saving bandwidth) and is available regardless of the link being up or down. Do the same with DNS, and you'll be quite happy with the results as will your users. Thank you, in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Scott Grizzard sc...@scottgrizzard.com http://www.ScottGrizzard.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Migrate to NTLM V2
Am 09.07.2010 12:35 schrieb Gaiseric Vandal: Can you post the list if this works? A while back I tried changing smb.conf settings to require NTLM v2. I then tried logging in (via remote desktop) to a Win 2003 machine and was unable too. This wasn't critical so changed smb.conf back to allowing NTLM v1. If I don't forget to post after testing, I will :) We do have to test squid samba auth as well as freeradius and samba auth first with the new ntlmV2. That will take some time ... regards Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cross subnet browsing + OpenVPN
Am 09.07.2010 14:42, schrieb t...@tms3.com: --- Original message --- *Subject:* Re: [Samba] Cross subnet browsing + OpenVPN *From:* Robert Schetterer rob...@schetterer.org *To:* samba@lists.samba.org *Date:* Friday, 09/07/2010 3:05 AM Am 09.07.2010 11:37, schrieb Julian Pilfold-Bagwell: Sorry about the delay, family emergency to deal with. browse sync shares the info across them. I tried putting the specific IP addresses of the local master browsers into the browse sync but it still doesn't seem to spread everything across all the subnets. you should use tap interfaces with openvpn This is a matter of network design, and has nothing to do whatsoever with the issue at hand. Further: i used samba with subnet browsing years ago it dont worked with tun interfaces, it must have been tab interfaces additional right samba setup times may changed, samba and openvpn changed but simply try it does not cost anything my setup was bdc--internalnet--firewall--(tunnel)--firewall--internalnet--pdc i had samba on the firewalls to bind to tab tunnel interfaces as wins proxy the pdc was the wins server, bdc as wins proxy and directed browsing to pdc, all clients did got well configured parameters per dhcp additional there was a working dns which matched dynamicly wins anyway times may change , and there are better solutions now but this one worked stable an robust read samba faqs wins and subnet browsing etc good luck Server configuration file *dev tun ifconfig 10.8.0.1 10.8.0.2 secret static.key* Client configuration file *remote myremote.mydomain dev tun ifconfig 10.8.0.2 10.8.0.1 secret static.key* From: http://openvpn.net/index.php/open-source/documentation/miscellaneous/78-static-key-mini-howto.html Which makes for a nice network to network setup for two locations connected via a wan link. Why not shift the discussion to weather we should use IPSEC and racoon instead of OpenVPN, or perhaps we should scrap all that and argue that he should be using Cisco vpn gateways altogether? GUH! ** From what I understand, the remote announce tells the WINS server to broadcast across the remote subnets and remote On 06/07/10 13:50, t...@tms3.com wrote: SNIP Hi All, I'm having a problem with cross subnet browsing and name resolution across an openvpn tunnel. i've found quite a few people who've had the same on mail lists but none of their fixes have worked. The spec of the setups at both ends of the tunnel are as follows: remote announce = 192.168.2.255/NEWDOM 192.168.1.255/NEWDOM remote browse sync = 192.168.1.255 192.168.2.255 This looks odd to me. remote announce = wins server ip/DOMNAME remote browse sync = wins server ip NEEDED in both smb.conf wins server = wins server ip Can't remember default for this setting so enhanced browsing = Yes in both smb.conf DHCP should point clients to headoffice for WINS. WINS proxy is not useful. OS - CentOS 5.5 Samba Version 3.5.4 OpenVPN Version 2.0.9-1 Each server is configured in gateway mode with two NICS, one to the lan and the other to a modem/router. The first machine, HEADOFFICE, has an internal IP address of 192.168.0.1 and an external of 192.168.10.4. The second machine, REMOTE1, has an internal address of 192.168.1.254 and an external of 192.168.20.4. On openVPN, I have configured client to client and routes and iroutes to allow machines on each network to ping machines at the other end as well as the server IP's. So far so good and I can ping any machine on either subnet from anywhere and get a reply. The servers are configured as Samba servers with the HEADOFFICE machine working as a PDC, DMC and WINS server and the REMOTE1 machine configured as a BDC and WINS proxy. In order to maintain logon facilities in the event of broadband failure, I have replicated the LDAP server from HEADOFFICE to REMOTE1 and updates and password changes propogate successfully from one site to the other. If I try to access HEADOFFICE from REMOTE1 and REMOTE1's subnet it works perfectly but trying to access REMOTE1 from HEADOFFICE and its subnet fails on name resolution while entering \\192.168.1.254\ brings up Windows Explorer and a list of shares. I've included the remote browse entries in smb.conf on the PDC and have WINS Proxying set up on the BDC but I can't get it to push REMOTE1's IP back to the WINS server. Port scanning the internal IP of each machine from the oher end of the tunnel returns a full set of open ports for the services I'm using but no IP. If anyone can spot what I'm doing wrong I'd be grateful. Thanks. smb.conf - HEADOFFICE ### Included 2nd subnet for second remote site in browse sync [ global] workgroup = NEWDOM netbios name = HEADOFFICE security = user
Re: [Samba] two PDCs
SNIP I think the multi-master replication sort-of defeats the purpose of the PDC in the remote office - multi-master replication means the information must be sent to both servers anyway. If I recall correctly, I think Chapter 6 refers to running BDC's in each remote office, and only one PDC... I played with this once, and I got it working by setting up a PDC and BDC in the main office, a BDC (not PDC) in the remote office, and using LDAP's new multi-master replication to keep everything in sync. Throw in your DNS database, and It works, it's cool, but I think it was so not worth the effort (unless you have nothing better to do with your 20% time). I spent a whole lot of time making sure the configs were perfect for the mult-master replication. I found it quite simple. But I had a rather extensive use of NTLM auth stuff going on as well. The thing that threw the monkey-wrench is DNS and DHCP...I ended up putting all the DHCP information into the LDAP as well, with defined IP addresses for every MAC, because DHCPd updates the DNS when a new user requests an IP address. Since I put a DHCP server on both sides of the VPN, I needed multi-master replication for the DNS information so the computers could find each other. In the end, I dumped the MAC addresses from my hardware catalog into the LDAP, and preassigned all the IP's to reduce the number of writes to the LDAP server. Well, I'll just say there are many ways to skin a cat, and leave it at that. I found it is much easier to set up two separate domains and have them trust each other, using different branches of the same LDAP tree. Then, let one server write to one branch, the other server write to the other branch, and do multi-master replication between them. That way, there is no worrying about simultaneous updates or any of that jazz. Not as cool...or as elegant, but it made my life easier by isolating problems. I did the same for the DNS information, setting up separate zones for each physical office. Since the information was in the same tree, it was much easier to configure mail servers and other services needing directory information, and since I did not delegate the branches, the mail server (only in the main office) did not need to read off my remote directories over VPN. Of course, my users only visited each others' offices occasionally. If you have tons of movement between the offices, a one-domain solution may be forced upon you... On Fri, Jul 9, 2010 at 8:58 AM, t...@tms3.com wrote: On Friday 09/07/2010 at 4:36 am, Tamás Pisch wrote: Hello, I have a PDC with master ldap backend and a BDC with slave ldap backend (both are SaMBa 3.2 on Debian Lenny). I want to install an additional SaMBa server on an another site (on Debian Squeeze). The two sites is connected with VPN (on not so reliable ADSL lines). I read an interesting network scenario in the Samba Guide chapter 6: theoretically it is possible to install one PDC on both site, with the same domain, server name, and SID. I like this idea, but: is there anyone who tried that, have experience with it? No, but your best option is to simply use LDAP replication and install an LDAP server on the remote location server. This way, auth traffic on the remote is always local (saving bandwidth) and is available regardless of the link being up or down. Do the same with DNS, and you'll be quite happy with the results as will your users. Thank you, in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Scott Grizzard sc...@scottgrizzard.com http://www.ScottGrizzard.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem After Upgrade - NT_STATUS_FILE_IS_A_DIRECTORY
Debug level 10 logs are needed at this point to see what the smbd is seeing when looking at the CIFS mounted files. Here is level 10 log of log.smbd that is generated when I experience the problem first described. [2010/07/09 12:48:25, 10] smbd/open.c:3365(create_file_default) create_file: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), create_file_flags = 0x1, fname = RSA/Tables [2010/07/09 12:48:25, 5] smbd/filename.c:148(unix_convert) unix_convert called on file RSA/Tables [2010/07/09 12:48:25, 10] smbd/statcache.c:274(stat_cache_lookup) stat_cache_lookup: lookup succeeded for name [RSA/Tables] - [RSA/Tables] [2010/07/09 12:48:25, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [RSA/Tables] [/media/server/RSA] [2010/07/09 12:48:25, 10] smbd/vfs.c:937(check_reduced_name) reduce_name realpath [RSA/Tables] - [/media/server/RSA/Tables] [2010/07/09 12:48:25, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: RSA/Tables reduced to /media/server/RSA/Tables [2010/07/09 12:48:25, 10] smbd/open.c:2896(create_file_unixpath) create_file_unixpath: access_mask = 0x20089 file_attributes = 0x80, share_access = 0x7, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 ea_list = 0x(nil), sd = 0x(nil), fname = RSA/Tables [2010/07/09 12:48:25, 5] smbd/files.c:103(file_new) allocated file structure 16108, fnum = 20204 (2 used) [2010/07/09 12:48:25, 2] smbd/dosmode.c:97(unix_mode) unix_mode(RSA/Tables) inheriting from RSA/Tables [2010/07/09 12:48:25, 2] smbd/dosmode.c:106(unix_mode) unix_mode(RSA/Tables) inherit mode 40770 [2010/07/09 12:48:25, 3] smbd/dosmode.c:149(unix_mode) unix_mode(RSA/Tables) returning 0760 [2010/07/09 12:48:25, 10] smbd/open.c:1475(open_file_ntcreate) open_file_ntcreate: fname=RSA/Tables, dos_attrs=0x80 access_mask=0x20089 share_access=0x7 create_disposition = 0x1 create_options=0x40 unix mode=0760 oplock_request=3 [2010/07/09 12:48:25, 3] smbd/vfs.c:865(check_reduced_name) reduce_name [RSA/Tables] [/media/server/RSA] [2010/07/09 12:48:25, 10] smbd/vfs.c:937(check_reduced_name) reduce_name realpath [RSA/Tables] - [/media/server/RSA/Tables] [2010/07/09 12:48:25, 3] smbd/vfs.c:974(check_reduced_name) reduce_name: RSA/Tables reduced to /media/server/RSA/Tables [2010/07/09 12:48:25, 8] smbd/dosmode.c:494(dos_mode) dos_mode: RSA/Tables [2010/07/09 12:48:25, 8] smbd/dosmode.c:189(dos_mode_from_sbuf) dos_mode_from_sbuf returning d [2010/07/09 12:48:25, 8] smbd/dosmode.c:547(dos_mode) dos_mode returning d [2010/07/09 12:48:25, 10] smbd/open.c:1653(open_file_ntcreate) open_file_ntcreate: fname=RSA/Tables, after mapping access_mask=0x20089 [2010/07/09 12:48:25, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key 15003909 [2010/07/09 12:48:25, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x7f8390299d50 [2010/07/09 12:48:25, 10] smbd/open.c:980(delay_for_oplocks) delay_for_oplocks: oplock type 0x3 on file [2010/07/09 12:48:25, 10] smbd/open.c:980(delay_for_oplocks) delay_for_oplocks: oplock type 0x3 on file [2010/07/09 12:48:25, 4] smbd/open.c:1913(open_file_ntcreate) calling open_file with flags=0x0 flags2=0x0 mode=0760, access_mask = 0x20089, open_access_mask = 0x20089 [2010/07/09 12:48:25, 10] smbd/open.c:160(fd_open) fd_open: name RSA/Tables, flags = 00 mode = 0760, fd = 31. [2010/07/09 12:48:25, 10] locking/posix.c:495(get_windows_lock_ref_count) get_windows_lock_count for file = 0 [2010/07/09 12:48:25, 10] locking/posix.c:521(delete_windows_lock_ref_count) delete_windows_lock_ref_count for file [2010/07/09 12:48:25, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key 15003909 [2010/07/09 12:48:25, 5] smbd/files.c:474(file_free) freed files structure 20204 (1 used) [2010/07/09 12:48:25, 10] smbd/open.c:3218(create_file_unixpath) create_file_unixpath: NT_STATUS_FILE_IS_A_DIRECTORY [2010/07/09 12:48:25, 10] smbd/open.c:3497(create_file_default) create_file: NT_STATUS_FILE_IS_A_DIRECTORY [2010/07/09 12:48:25, 3] smbd/error.c:60(error_packet_set) error packet at smbd/nttrans.c(563) cmd=162 (SMBntcreateX) NT_STATUS_FILE_IS_A_DIRECTORY [2010/07/09 12:48:25, 5] lib/util.c:632(show_msg) [2010/07/09 12:48:25, 5] lib/util.c:642(show_msg) size=35 smb_com=0xa2 smb_rcls=186 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=4 smb_pid=5696 smb_uid=100 smb_mid=62275 smt_wct=0 smb_bcc=0 [2010/07/09 12:48:25, 10] lib/util_sock.c:789(read_smb_length_return_keepalive) got smb length of 176 [2010/07/09 12:48:25, 6] smbd/process.c:1456(process_smb) got message type 0x0 of len 0xb0 [2010/07/09 12:48:25, 3] smbd/process.c:1459(process_smb) Transaction 1680202 of length 180 (0 toread) [2010/07/09 12:48:25, 5] lib/util.c:632(show_msg) [2010/07/09 12:48:25, 5]
[Samba] Another WINS Question/Issue
As previously posted, I've migrated my WINS server over to Samba. I've run into one issue, and have one question, about WINS functionality: - The default expiration time for WINS entries is 6 days. For my client systems, this isn't a problem, as most of them reboot, renew DHCP leases, etc., often enough that they are forced to send WINS updates every day or so. However, I found this morning, 6 days after implementing my Samba WINS server, that my NT4 Domain Controllers do not send updates every 6 days, or at least not in a way that forces Samba to keep the WINS entries in the database. So, is there something I should tweak, either on the Samba side or the NT4 side, that will allow this to work properly? I don't plan on having NT4 around all that much longer, as I'm going to migrate domain control to Samba, but for the time being, I'd like to avoid a repeat. - The Samba man page for smb.conf has always advised not to operate more than one Samba WINS server on your network (wins support = yes). However, I found the remote browse sync option, which looks to be capable of doing some basic browse list synchronization across subnets, and was wondering if this would allow me to safely operate more than one WINS server on my network. Obviously the WINS servers would be on different subnets, and I also understand perfectly that this does not provide full WINS database replication the way that NT4/2000/2003/2008 can provide. However, in situations where I may have a firewall or WAN link between the two sites, is it safe and/or useful to use this option and point the WINS servers at each other? Thanks, in advance, for any insight! -Nick This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] two PDCs
How did you get it working like that so quickly? Did you get it working with two primary domain controllers? (As opposed to one PDC and two BDC's?) How did you manage to resolve the DNS update issue? On Fri, Jul 9, 2010 at 12:58 PM, t...@tms3.com wrote: SNIP I think the multi-master replication sort-of defeats the purpose of the PDC in the remote office - multi-master replication means the information must be sent to both servers anyway. If I recall correctly, I think Chapter 6 refers to running BDC's in each remote office, and only one PDC... I played with this once, and I got it working by setting up a PDC and BDC in the main office, a BDC (not PDC) in the remote office, and using LDAP's new multi-master replication to keep everything in sync. Throw in your DNS database, and It works, it's cool, but I think it was so not worth the effort (unless you have nothing better to do with your 20% time). I spent a whole lot of time making sure the configs were perfect for the mult-master replication. I found it quite simple. But I had a rather extensive use of NTLM auth stuff going on as well. The thing that threw the monkey-wrench is DNS and DHCP...I ended up putting all the DHCP information into the LDAP as well, with defined IP addresses for every MAC, because DHCPd updates the DNS when a new user requests an IP address. Since I put a DHCP server on both sides of the VPN, I needed multi-master replication for the DNS information so the computers could find each other. In the end, I dumped the MAC addresses from my hardware catalog into the LDAP, and preassigned all the IP's to reduce the number of writes to the LDAP server. Well, I'll just say there are many ways to skin a cat, and leave it at that. I found it is much easier to set up two separate domains and have them trust each other, using different branches of the same LDAP tree. Then, let one server write to one branch, the other server write to the other branch, and do multi-master replication between them. That way, there is no worrying about simultaneous updates or any of that jazz. Not as cool...or as elegant, but it made my life easier by isolating problems. I did the same for the DNS information, setting up separate zones for each physical office. Since the information was in the same tree, it was much easier to configure mail servers and other services needing directory information, and since I did not delegate the branches, the mail server (only in the main office) did not need to read off my remote directories over VPN. Of course, my users only visited each others' offices occasionally. If you have tons of movement between the offices, a one-domain solution may be forced upon you... On Fri, Jul 9, 2010 at 8:58 AM, t...@tms3.com wrote: On Friday 09/07/2010 at 4:36 am, Tamás Pisch wrote: Hello, I have a PDC with master ldap backend and a BDC with slave ldap backend (both are SaMBa 3.2 on Debian Lenny). I want to install an additional SaMBa server on an another site (on Debian Squeeze). The two sites is connected with VPN (on not so reliable ADSL lines). I read an interesting network scenario in the Samba Guide chapter 6: theoretically it is possible to install one PDC on both site, with the same domain, server name, and SID. I like this idea, but: is there anyone who tried that, have experience with it? No, but your best option is to simply use LDAP replication and install an LDAP server on the remote location server. This way, auth traffic on the remote is always local (saving bandwidth) and is available regardless of the link being up or down. Do the same with DNS, and you'll be quite happy with the results as will your users. Thank you, in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Scott Grizzard sc...@scottgrizzard.com http://www.ScottGrizzard.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Scott Grizzard sc...@scottgrizzard.com http://www.ScottGrizzard.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] two PDCs
How did you get it working like that so quickly? This site has an EXCELLENT primer on it: http://www.zytrax.com/books/ldap/ch7/ As well, openldap's site http://www.openldap.org/ If you only have 2 ldap servers, you can use the simpler master slave setup as well. It's just that if you start needing more ldap servers, you'd need to reconfigure again. Did you get it working with two primary domain controllers? No. This is not recommended, and I don't play in production environments...much. Never tried it in the lab either. (As opposed to one PDC and two BDC's?) How did you manage to resolve the DNS update issue? Honestly, I have no idea what DNS problems the other responder had. The only DNS issues I had was making the W2k3 domain play nice with bind9 and vis-a-versa. Further, if you want locked IP's for workstations via mac, there are many ways of doing this. dhcpd.conf for instance. But to each his own. Updates are sent to the master DNS, if it's unavailable no update, so if you're forcing new IPs from dhcp every reboot, or every xxx seconds then, during wan outages you might have issues, I suppose. Depends on how badly you need name service resolution of client workstations. On Fri, Jul 9, 2010 at 12:58 PM, t...@tms3.com wrote: SNIP I think the multi-master replication sort-of defeats the purpose of the PDC in the remote office - multi-master replication means the information must be sent to both servers anyway. If I recall correctly, I think Chapter 6 refers to running BDC's in each remote office, and only one PDC... I played with this once, and I got it working by setting up a PDC and BDC in the main office, a BDC (not PDC) in the remote office, and using LDAP's new multi-master replication to keep everything in sync. Throw in your DNS database, and It works, it's cool, but I think it was so not worth the effort (unless you have nothing better to do with your 20% time). I spent a whole lot of time making sure the configs were perfect for the mult-master replication. I found it quite simple. But I had a rather extensive use of NTLM auth stuff going on as well. The thing that threw the monkey-wrench is DNS and DHCP...I ended up putting all the DHCP information into the LDAP as well, with defined IP addresses for every MAC, because DHCPd updates the DNS when a new user requests an IP address. Since I put a DHCP server on both sides of the VPN, I needed multi-master replication for the DNS information so the computers could find each other. In the end, I dumped the MAC addresses from my hardware catalog into the LDAP, and preassigned all the IP's to reduce the number of writes to the LDAP server. Well, I'll just say there are many ways to skin a cat, and leave it at that. I found it is much easier to set up two separate domains and have them trust each other, using different branches of the same LDAP tree. Then, let one server write to one branch, the other server write to the other branch, and do multi-master replication between them. That way, there is no worrying about simultaneous updates or any of that jazz. Not as cool...or as elegant, but it made my life easier by isolating problems. I did the same for the DNS information, setting up separate zones for each physical office. Since the information was in the same tree, it was much easier to configure mail servers and other services needing directory information, and since I did not delegate the branches, the mail server (only in the main office) did not need to read off my remote directories over VPN. Of course, my users only visited each others' offices occasionally. If you have tons of movement between the offices, a one-domain solution may be forced upon you... On Fri, Jul 9, 2010 at 8:58 AM, t...@tms3.com wrote: On Friday 09/07/2010 at 4:36 am, Tamás Pisch wrote: Hello, I have a PDC with master ldap backend and a BDC with slave ldap backend (both are SaMBa 3.2 on Debian Lenny). I want to install an additional SaMBa server on an another site (on Debian Squeeze). The two sites is connected with VPN (on not so reliable ADSL lines). I read an interesting network scenario in the Samba Guide chapter 6: theoretically it is possible to install one PDC on both site, with the same domain, server name, and SID. I like this idea, but: is there anyone who tried that, have experience with it? No, but your best option is to simply use LDAP replication and install an LDAP server on the remote location server. This way, auth traffic on the remote is always local (saving bandwidth) and is available regardless of the link being up or down. Do the same with DNS, and you'll be quite happy with the results as will your users. Thank you, in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the
Re: [Samba] smbcquotas tells me that quotas are not enabled
I think you're right in that quotas aren't enabled on the NAS itself and there doesn't appear to be any way of doing so. If I'm to do this, I may have to invent some way of enforcing quotas for the remote machine at the client. But before I get elbow deep in Perl code, I want to try putting a quota on one of the Samba shares. Is that possible? - Original Message Luke Hamilton put forth on 7/8/2010 7:31 PM: I have a setup of Ubuntu 8.04 running Samba 3.0.28a. Connected to our network I have a buffalo linkstation acting as Network Attached Storage (NAS), which I have successfully mounted on the local file system. Using smbcquotas I believe I can set up a quota for each user on the NAS. To get started, I run the command: smbcquotas //192.168.1.4/share -S FSQFLAGS:QUOTA_ENABLED -A /etc/.credentials Is 192.168.1.4 the Buffalo NAS? If so... But I get the error: Quotas are not enabled on this share. Failed to open \$Extend\$Quota:$Q:$INDEX_ALLOCATION NT_STATUS_ACCESS_DENIED. Does the Buffalo support NTFS5 and is quota capability enabled on the Buffalo SMB server? I'm trying to figure out why my command fails. Shouldn't that enable quotas in the first place? Not if the Buffalo NAS isn't already configured to support quotas. As I understand it, this command sends a packet to a remote SMB server telling it how to (re)configure quotas on a given share. If quota capability isn't already enabled on the remote SMB server this command will fail. I think that is what is happening here. I'm no expert on this, just making a somewhat educated guess. See: man smbcquotas -- Stan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] group permissions not setting correctly.
On Samba 3.5.4, I have a share that should be writable by all in the Domain Users group. When I write to the share, the permission mode is correct but the data doesn't have the correct group and instead lists the username as the group. I tried using force group but the share stopped being accessible after a restart so I removed it. It doesn't seem like this is standard behavior so I'm not sure what could be causing it. Relevant smb.conf info: [global] workgroup = domain netbios name = fs server string = domauin FS passdb backend = ldapsam:ldap://127.0.0.1 printcap name = cups printing = cups security = user log level = 3 name resolve order = wins bcast hosts ldap ssl = off ldap admin dn = cn=root,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=Users ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap delete dn = Yes add user script = /usr/sbin/smbldap-useradd -m %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u delete user script = /usr/sbin/smbldap-userdel %u delete group script = /usr/sbin/smbldap-groupdel %g logon path = \\%L\profiles\%U logon drive = H: logon home = \\%L\%U #logon script = %U.bat logon script = logon.bat domain master = Yes domain logons = Yes os level = 35 preferred master = Yes idmap uid = 15000-2 idmap gid = 15000-2 passwd program = /usr/bin/passwd '%u' unix password sync = yes passwd chat = *New UNIX password* %n\n *Retype new UNIX password* %n\n *updated successfully* enable privileges = yes username map = /etc/samba/smbusers wins support = yes [public] path = /data/public create mask = 0775 create mode = 0775 directory mask = 0775 guest ok = no browseable = Yes writable = yes write list = @Domain Users -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] group permissions not setting correctly.
On Samba 3.5.4, I have a share that should be writable by all in the Domain Users group. When I write to the share, the permission mode is correct but the data doesn't have the correct group and instead lists the username as the group. Do you have: pam_ldap/nss_ldap .conf setup correctly (They may be the same file depending on Linux OS. Ubuntu server uses same file.)? nsswitch.conf set up correctly? I tried using force group but the share stopped being accessible after a restart so I removed it. It doesn't seem like this is standard behavior so I'm not sure what could be causing it. Relevant smb.conf info: [global] workgroup = domain netbios name = fs server string = domauin FS passdb backend = ldapsam:ldap://127.0.0.1 printcap name = cups printing = cups security = user log level = 3 name resolve order = wins bcast hosts ldap ssl = off ldap admin dn = cn=root,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap user suffix = ou=Users ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap delete dn = Yes add user script = /usr/sbin/smbldap-useradd -m %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u delete user script = /usr/sbin/smbldap-userdel %u delete group script = /usr/sbin/smbldap-groupdel %g logon path = \\%L\profiles\%U logon drive = H: logon home = \\%L\%U #logon script = %U.bat logon script = logon.bat domain master = Yes domain logons = Yes os level = 35 preferred master = Yes idmap uid = 15000-2 idmap gid = 15000-2 passwd program = /usr/bin/passwd '%u' unix password sync = yes passwd chat = *New UNIX password* %n\n *Retype new UNIX password* %n\n *updated successfully* enable privileges = yes username map = /etc/samba/smbusers wins support = yes [public] path = /data/public create mask = 0775 create mode = 0775 directory mask = 0775 guest ok = no browseable = Yes writable = yes write list = @Domain Users -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Another WINS Question/Issue
On Fri, Jul 09, 2010 at 11:27:12AM -0600, Nick Couchman wrote: As previously posted, I've migrated my WINS server over to Samba. I've run into one issue, and have one question, about WINS functionality: - The default expiration time for WINS entries is 6 days. For my client systems, this isn't a problem, as most of them reboot, renew DHCP leases, etc., often enough that they are forced to send WINS updates every day or so. However, I found this morning, 6 days after implementing my Samba WINS server, that my NT4 Domain Controllers do not send updates every 6 days, or at least not in a way that forces Samba to keep the WINS entries in the database. So, is there something I should tweak, either on the Samba side or the NT4 side, that will allow this to work properly? I don't plan on having NT4 around all that much longer, as I'm going to migrate domain control to Samba, but for the time being, I'd like to avoid a repeat. Try setting the required names to be sticky (i.e. infinite ttl) in the wins.dat file that nmbd reads on startup. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Another WINS Question/Issue
Try setting the required names to be sticky (i.e. infinite ttl) in the wins.dat file that nmbd reads on startup. Jeremy. Apologies in advance for the ignorance...what's the best way to go about doing that?? Thanks, Nick This e-mail may contain confidential and privileged material for the sole use of the intended recipient. If this email is not intended for you, or you are not responsible for the delivery of this message to the intended recipient, please note that this message may contain SEAKR Engineering (SEAKR) Privileged/Proprietary Information. In such a case, you are strictly prohibited from downloading, photocopying, distributing or otherwise using this message, its contents or attachments in any way. If you have received this message in error, please notify us immediately by replying to this e-mail and delete the message from your mailbox. Information contained in this message that does not relate to the business of SEAKR is neither endorsed by nor attributable to SEAKR. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Another WINS Question/Issue
On Fri, Jul 09, 2010 at 03:40:34PM -0600, Nick Couchman wrote: Try setting the required names to be sticky (i.e. infinite ttl) in the wins.dat file that nmbd reads on startup. Jeremy. Apologies in advance for the ignorance...what's the best way to go about doing that?? Check out the format of the wins.dat file, modify the relevent entries ttl. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba-vscan-clamav Centos 5.5
Hello All, Has anyone been able to get vscan-clamav to work on the latest update to Samba for Centos 5.5? I have of course downloaded the corresponding Samba source and recompiled vscan-clamav but still get the following error. ( I have done this on two different servers with exact same results/errors.) Apr 2 13:46:26 spinel smbd_vscan-clamav[20319]: INFO: file .// was not modified - not scanned Apr 2 13:46:27 spinel smbd_vscan-clamav[20319]: INFO: Scanning file : './/Samba-HOWTO-Collection.pdf' Apr 2 13:46:27 spinel smbd_vscan-clamav[20319]: ERROR: file .//Samba-HOWTO-Collection.pdf not found, not readable or an error occured Apr 2 13:46:27 spinel smbd_vscan-clamav[20319]: ERROR: daemon failed with a minor error - access to file Samba-HOWTO-Collection.pdf denied Apr 2 13:46:27 spinel clamd[20298]: lstat() failed on: .//Samba-HOWTO-Collection.pdf Note the .// as if either clamav or vscan can not recurse,find the full file path? This is with 0.36c-R5 samba-vscan source. Thanks, Barry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Build status as of Fri Jul 9 06:00:01 2010
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2010-07-08 00:00:02.0 -0600 +++ /home/build/master/cache/broken_results.txt 2010-07-09 00:00:06.0 -0600 @@ -1,4 +1,4 @@ -Build status as of Thu Jul 8 06:00:02 2010 +Build status as of Fri Jul 9 06:00:01 2010 Build counts: Tree Total Broken Panic @@ -12,9 +12,9 @@ rsync30 12 0 samba-docs 0 0 0 samba-web0 0 0 -samba_3_current 28 28 1 -samba_3_master 28 28 5 -samba_3_next 28 28 2 +samba_3_current 28 28 4 +samba_3_master 28 28 4 +samba_3_next 28 28 6 samba_4_0_test 30 30 0 samba_4_0_waf 30 29 3 talloc 30 7 0
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1c0cb36... s3: Optimize the write cache for sequential writes from 6a0d366... s4: fix warning: unused variable âiâ http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1c0cb365a895ce670fc32db3380cee7f129ce95b Author: Volker Lendecke v...@samba.org Date: Wed Jul 7 21:50:23 2010 +0200 s3: Optimize the write cache for sequential writes In case of the one-byte allocating writes we don't work work optimally because we start the write cache at the current offset. This patch tries to avoid this case. --- Summary of changes: source3/smbd/fileio.c | 20 1 files changed, 20 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/fileio.c b/source3/smbd/fileio.c index 92b7d3e..92757f7 100644 --- a/source3/smbd/fileio.c +++ b/source3/smbd/fileio.c @@ -796,6 +796,26 @@ n = %u, wcp-offset=%.0f, wcp-data_size=%u\n, DO_PROFILE_INC(writecache_init_writes); } #endif + + if ((wcp-data_size == 0) +(pos wcp-file_size) +(pos + n = wcp-file_size + wcp-alloc_size)) { + /* +* This is a write completely beyond the +* current EOF, but within reach of the write +* cache. We expect fill-up writes pretty +* soon, so it does not make sense to start +* the write cache at the current +* offset. These fill-up writes would trigger +* separate pwrites or even unnecessary cache +* flushes because they overlap if this is a +* one-byte allocating write. +*/ + wcp-offset = wcp-file_size; + wcp-data_size = pos - wcp-file_size; + memset(wcp-data, 0, wcp-data_size); + } + memcpy(wcp-data+wcp-data_size, data, n); if (wcp-data_size == 0) { wcp-offset = pos; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 514c596... ldb:common/ldb_dn.c - ldb_dn_get_parent - no need to manipulate the real DN from 1c0cb36... s3: Optimize the write cache for sequential writes http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 514c59656152742c0c73ce65e0778f000cdd1437 Author: Matthias Dieter Wallnöfer m...@samba.org Date: Thu Jul 8 22:04:23 2010 +0200 ldb:common/ldb_dn.c - ldb_dn_get_parent - no need to manipulate the real DN Since the parent DN is a duplication of the passed DN parameter. --- Summary of changes: source4/lib/ldb/common/ldb_dn.c |6 -- 1 files changed, 0 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/lib/ldb/common/ldb_dn.c b/source4/lib/ldb/common/ldb_dn.c index f81f1a4..847aa02 100644 --- a/source4/lib/ldb/common/ldb_dn.c +++ b/source4/lib/ldb/common/ldb_dn.c @@ -1698,12 +1698,6 @@ struct ldb_dn *ldb_dn_get_parent(void *mem_ctx, struct ldb_dn *dn) return NULL; } - /* Wipe the ext_linearized DN, -* the GUID and SID are almost certainly no longer valid */ - LDB_FREE(dn-ext_linearized); - LDB_FREE(dn-ext_components); - dn-ext_comp_num = 0; - return new_dn; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9e92899... s4:selftest: run RPC-SAMR-LARGE-DC against the vampire_dc to test the rid alloc code via de632de... selftest/Samba4: set dreplsrv:periodic_startup_interval = 0 via 538bb9b... s4:dsdb/repl: expose drsuapi_DsExtendedError to the caller (e.g. the ridalloc client) via 49deed5... s4:drepl_out_helpers: don't return NT_STATUS_OK, if an extended operation doesn't return success via 658a0f9... s4:drepl_ridalloc: only ask the rid master for a new rid pool if we need to. via afba620... s4:dsdb:ridalloc: use ridalloc_ridset_values infrastructure in ridalloc_allocate_rid_pool_fsmo() via cd8d8df... s4:dsdb:ridalloc: use ridalloc_ridset_values infrastructure in ridalloc_allocate_rid() via 3b8c927... s4:dsdb:ridalloc: use ridalloc_ridset_values infrastructure in ridalloc_create_rid_set_ntds() via 12d26d5... s4:dsdb:ridalloc: add ridalloc_ridset_values infrastructure via bbed1fd... s4:dsdb:ridalloc: use dsdb_module_constrainted_update_uint64() to update rIDAvailablePool via ad17333... s4:dsdb:ridalloc.c: fix C++ warning via 217177a... s4:dsdb: add dsdb_module_constrainted_update_uint32/64() wrapper functions via 65ca5a3... s4:dsdb: add dsdb_msg_constrainted_update_uint32/64() wrapper functions via 1d6f321... s4:dsdb: add dsdb_module_constrainted_update_int32/64() functions via 388e955... s4:dsdb: add dsdb_msg_constrainted_update_int32/64() functions from 514c596... ldb:common/ldb_dn.c - ldb_dn_get_parent - no need to manipulate the real DN http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9e928995f0289fcf56bfa60a7541a829e2d67a38 Author: Stefan Metzmacher me...@samba.org Date: Fri Jul 9 09:24:30 2010 +0200 s4:selftest: run RPC-SAMR-LARGE-DC against the vampire_dc to test the rid alloc code metze commit de632de6ef10cba5fd2591f1d01ab447dae595c8 Author: Stefan Metzmacher me...@samba.org Date: Fri Jul 9 09:23:04 2010 +0200 selftest/Samba4: set dreplsrv:periodic_startup_interval = 0 metze commit 538bb9b3ec2d3250bb97fe6f6f01e6917399fd01 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 8 16:20:11 2010 +0200 s4:dsdb/repl: expose drsuapi_DsExtendedError to the caller (e.g. the ridalloc client) metze commit 49deed5a77af0a774cf186c2332416fbf6bba05b Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 8 16:18:21 2010 +0200 s4:drepl_out_helpers: don't return NT_STATUS_OK, if an extended operation doesn't return success metze commit 658a0f9ef84aa16c270d715283f38b9bb9e683c1 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 8 15:38:16 2010 +0200 s4:drepl_ridalloc: only ask the rid master for a new rid pool if we need to. if we are at least half-exhausted then ask for a new pool. This fixes a bug where we're sending unintialized alloc_pool variable as exop-fsmo_info to the rid master and get back DRSUAPI_EXOP_ERR_PARAM_ERROR. metze commit afba6204a31908396f4bebb7b5885e48670bda73 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 8 15:14:59 2010 +0200 s4:dsdb:ridalloc: use ridalloc_ridset_values infrastructure in ridalloc_allocate_rid_pool_fsmo() metze commit cd8d8dfe1445879d91d922abef83dbea8f1eed26 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 8 21:38:28 2010 +0200 s4:dsdb:ridalloc: use ridalloc_ridset_values infrastructure in ridalloc_allocate_rid() metze commit 3b8c9276dcfa349013450c18d09bfd1b78e6224e Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 8 15:10:07 2010 +0200 s4:dsdb:ridalloc: use ridalloc_ridset_values infrastructure in ridalloc_create_rid_set_ntds() metze commit 12d26d59bddaa7d3469b4e9ecab4146a9ea67180 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 8 12:32:33 2010 +0200 s4:dsdb:ridalloc: add ridalloc_ridset_values infrastructure metze commit bbed1fdfcdcc0d270bb861bf06b509a1655a13a2 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 8 12:34:15 2010 +0200 s4:dsdb:ridalloc: use dsdb_module_constrainted_update_uint64() to update rIDAvailablePool metze commit ad173331148a9fdd793cc5fa4776bdfd53bb4727 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 8 12:06:39 2010 +0200 s4:dsdb:ridalloc.c: fix C++ warning metze commit 217177a4df55439cec1d2563ab1af8fbdfe4a991 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 8 12:02:42 2010 +0200 s4:dsdb: add dsdb_module_constrainted_update_uint32/64() wrapper functions metze commit 65ca5a3542cb1ccb07da0831c61c043f4632ffa8 Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 8 12:01:44 2010 +0200 s4:dsdb: add dsdb_msg_constrainted_update_uint32/64() wrapper functions metze commit
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5b5ee73... s3-build: Add a gdbtestenv environment for Samba3. from 9e92899... s4:selftest: run RPC-SAMR-LARGE-DC against the vampire_dc to test the rid alloc code http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5b5ee73ece4d74747234115de08be19b4a9ae62a Author: Andreas Schneider a...@cynapses.org Date: Fri Jul 9 15:42:34 2010 +0200 s3-build: Add a gdbtestenv environment for Samba3. This will open 3 xterms; smbd with gdb, winbind with gdb and a window to run client commands. Example: make gdbtestenv SMBD_OPTIONS=-d2 --- Summary of changes: source3/Makefile.in |6 ++ 1 files changed, 6 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index bb9f440..e44e121 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -3276,6 +3276,12 @@ SELFTEST_TESTENV = dc testenv: $(MAKE) selftest SELFTEST_TESTENV=$(SELFTEST_TESTENV) TESTS=--testenv +gdbtestenv: + $(MAKE) selftest SELFTEST_TESTENV=$(SELFTEST_TESTENV) \ + SMBD_VALGRIND=xterm -n server -e $(selftestdir)/gdb_run $(S3_LD_LIBPATH_OVERRIDE) \ + WINBINDD_VALGRIND=xterm -n server -e $(selftestdir)/gdb_run $(S3_LD_LIBPATH_OVERRIDE) \ + TESTS=--testenv + # Check for Winbind struct 32/64bit padding test_wbpad: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1caa8b0... s4:drepl_notify: hide some bugs from the make test output via 02a627e... s4:drsuapi: don't return all linked attributes at the same time from 5b5ee73... s3-build: Add a gdbtestenv environment for Samba3. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1caa8b06f781758943e31c367e70014de1d04380 Author: Stefan Metzmacher me...@samba.org Date: Fri Jul 9 16:27:34 2010 +0200 s4:drepl_notify: hide some bugs from the make test output It's useless to get messages like this every few seconds: dreplsrv_notify: Failed to send DsReplicaSync to edbf4745-2966-49a7-8653-99200f1c9430._msdcs.samba2003.example.com for CN=Configuration,DC=samba2003,DC=example,DC=com - NT_STATUS_OBJECT_NAME_NOT_FOUND : WERR_BADFILE We have a non bug regarding non-linked DN attributes and changes of the target DN. metze commit 02a627e71995dc1b0d75165b0772da332b67ba7e Author: Stefan Metzmacher me...@samba.org Date: Fri Jul 9 12:52:11 2010 +0200 s4:drsuapi: don't return all linked attributes at the same time Windows gives them in chunks, but I don't know the correct rule to calculate the chunk size. For now I'll use 1500 as the max size. Windows isn't happy when it gets ~ 10 linked attributes in one response. It corrupts its directory index and later moves some objects to the LostAndFound folder. metze --- Summary of changes: source4/dsdb/repl/drepl_notify.c | 13 ++- source4/rpc_server/drsuapi/getncchanges.c | 59 + 2 files changed, 63 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/repl/drepl_notify.c b/source4/dsdb/repl/drepl_notify.c index 8a39745..6b81901 100644 --- a/source4/dsdb/repl/drepl_notify.c +++ b/source4/dsdb/repl/drepl_notify.c @@ -197,7 +197,18 @@ static void dreplsrv_notify_op_callback(struct tevent_req *subreq) unsigned int msg_debug_level = 0; werr = ntstatus_to_werror(status); if (W_ERROR_EQUAL(werr, WERR_BADFILE)) { - msg_debug_level = 1; + /* +* TODO: +* +* we should better fix the bug regarding +* non-linked attribute handling, instead +* of just hiding the failures. +* +* we should also remove the dc from our repsTo +* if it failed to often, instead of retrying +* every few seconds +*/ + msg_debug_level = 2; } DEBUG(msg_debug_level, diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c index a9bb1c0..5d4a44b 100644 --- a/source4/rpc_server/drsuapi/getncchanges.c +++ b/source4/rpc_server/drsuapi/getncchanges.c @@ -665,6 +665,8 @@ struct drsuapi_getncchanges_state { struct ldb_dn *last_dn; struct drsuapi_DsReplicaLinkedAttribute *la_list; uint32_t la_count; + bool la_sorted; + uint32_t la_idx; struct drsuapi_DsReplicaCursorCtrEx *uptodateness_vector; }; @@ -701,6 +703,10 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ struct drsuapi_DsGetNCChangesRequest8 *req8; uint32_t options; uint32_t max_objects; + uint32_t max_links; + uint32_t link_count = 0; + uint32_t link_total = 0; + uint32_t link_given = 0; struct ldb_dn *search_dn = NULL; bool am_rodc; enum security_user_level security_level; @@ -939,6 +945,10 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ if (req8-max_object_count max_objects) { max_objects = req8-max_object_count; } + /* +* TODO: work out how the maximum should be calculated +*/ + max_links = lp_parm_int(dce_call-conn-dce_ctx-lp_ctx, NULL, drs, max link sync, 1500); for(i=getnc_state-num_sent; igetnc_state-site_res-count @@ -1026,14 +1036,46 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_ } } + /* +* TODO: +* This is just a guess, how to calculate the +* number of linked attributes to send, we need to +* find out how to do this right. +*/ + if (r-out.ctr-ctr6.object_count = max_links) { + max_links = 0; + } else { + max_links -= r-out.ctr-ctr6.object_count; + } + + link_total = getnc_state-la_count; + if
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c0aa55d... s3: Cleanup of the initial SMB2 counters patch. from 1caa8b0... s4:drepl_notify: hide some bugs from the make test output http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c0aa55d55033e0dfb0ee0933b137dba38de2fd16 Author: Ira Cooper sa...@ira.wakeful.net Date: Thu Jul 8 16:30:12 2010 -0400 s3: Cleanup of the initial SMB2 counters patch. This reorganizes smbd_smb2_request_dispatch to have a central exit point, and use the normal profiling macros. Signed-off-by: Jeremy Allison j...@samba.org --- Summary of changes: source3/include/smbprofile.h | 10 -- source3/smbd/smb2_server.c | 280 - 2 files changed, 191 insertions(+), 99 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/smbprofile.h b/source3/include/smbprofile.h index b406c7d..e9015ff 100644 --- a/source3/include/smbprofile.h +++ b/source3/include/smbprofile.h @@ -965,15 +965,6 @@ static inline uint64_t profile_timestamp(void) ADD_PROFILE_COUNT(x##_time, \ profile_timestamp() - __profstamp_##x); \ } - -#define PROFILE_AND_RETURN(x,t,c) { \ - t __return_value; \ - START_PROFILE(x); \ - __return_value = (c); \ - END_PROFILE(x); \ - return __return_value; \ -} - #else /* WITH_PROFILE */ #define DO_PROFILE_INC(x) @@ -983,7 +974,6 @@ static inline uint64_t profile_timestamp(void) #define START_PROFILE(x) #define START_PROFILE_BYTES(x,n) #define END_PROFILE(x) -#define PROFILE_AND_RETURN(x,t,c) return (c); #endif /* WITH_PROFILE */ #endif diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c index 85310c4..e604728 100644 --- a/source3/smbd/smb2_server.c +++ b/source3/smbd/smb2_server.c @@ -961,6 +961,7 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) NTSTATUS status; NTSTATUS session_status; uint32_t allowed_flags; + NTSTATUS return_value; inhdr = (const uint8_t *)req-in.vector[i].iov_base; @@ -1018,106 +1019,159 @@ NTSTATUS smbd_smb2_request_dispatch(struct smbd_smb2_request *req) switch (opcode) { case SMB2_OP_NEGPROT: - PROFILE_AND_RETURN(smb2_negprot, - NTSTATUS, - smbd_smb2_request_process_negprot(req)); + { + START_PROFILE(smb2_negprot); + return_value = smbd_smb2_request_process_negprot(req); + END_PROFILE(smb2_negprot); + } + break; case SMB2_OP_SESSSETUP: - PROFILE_AND_RETURN(smb2_sesssetup, - NTSTATUS, - smbd_smb2_request_process_sesssetup(req)); + { + START_PROFILE(smb2_sesssetup); + return_value = smbd_smb2_request_process_sesssetup(req); + END_PROFILE(smb2_sesssetup); + } + break; case SMB2_OP_LOGOFF: if (!NT_STATUS_IS_OK(session_status)) { - return smbd_smb2_request_error(req, session_status); + return_value = smbd_smb2_request_error(req, session_status); + break; + } + + { + START_PROFILE(smb2_logoff); + return_value = smbd_smb2_request_process_logoff(req); + END_PROFILE(smb2_logoff); } - PROFILE_AND_RETURN(smb2_logoff, - NTSTATUS, - smbd_smb2_request_process_logoff(req)); + break; case SMB2_OP_TCON: if (!NT_STATUS_IS_OK(session_status)) { - return smbd_smb2_request_error(req, session_status); + return_value = smbd_smb2_request_error(req, session_status); + break; } status = smbd_smb2_request_check_session(req); if (!NT_STATUS_IS_OK(status)) { - return smbd_smb2_request_error(req, status); + return_value = smbd_smb2_request_error(req, status); + break; + } + + { + START_PROFILE(smb2_tcon); + return_value = smbd_smb2_request_process_tcon(req); + END_PROFILE(smb2_tcon); } - PROFILE_AND_RETURN(smb2_tcon, - NTSTATUS, - smbd_smb2_request_process_tcon(req)); + break;