Re: [Samba] Samba4/DNS question
Sorry for the double mail. I wasn't sure if it went through the first time. I answered my own question and discovered that samba4 does not use named db files at all but it's own database. Before I was editing named db files to add entries which was actually the wrong way to go about. The correct way was either through Windows DNS Manager or through samba4's samba-tool. There is absolutely no need to create db files at all as named just updates the database though the samba so library. Anybody know of a gui way to update the dns that is not windows based? qiet72 On Wed, Jul 4, 2012 at 2:17 PM, Quinn Plattel qie...@gmail.com wrote: Hi, I noticed something interesting when playing around with dns entries on ISC BIND9/Samba4 environment via Linux and Windows environments. When I create a dns entry in the db file of isc bind9, the entry is resolvable in both environments. If I create a dns entry via the Windows DNS Manager, then that entry is also resolvable under both environments, but why does the entry not show up in the db file? qiet72 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Local user when security=ADS
Hello all. Since it seems I can't make webserver access a samba share with its machine credentials (all I could get is a NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT message in server logs after extracting pass from secrets.tdb) and I can't add users to AD (and, even if I could, their passwords would automatically expire in 6 months), is it possible to have a locally-defined user when the server is joined to AD? This way I could use the locally-defined user credentials from the client to mount the share... Or is there a better way? Tks, Diego. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4: mounting cifs on Linux client no longer preserves acl's
Version 4.0.0beta4-GIT-8f44389 Hi everyone Up until recently, mounting a share on a Linux client preserved the permissions of the files in the share, but now it doesn't. e.g. on the server drwxrws---+ 2 root staff 4096 Jul 6 12:04 7a # file: year7 # owner: root # group: staff # flags: -s- user::rwx user:root:rwx group::rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:group::rwx default:mask::rwx default:other::--- Now we mount the share on a Linux client: mount -t cifs //hh1/reports /mnt -ore,sec=krb5,uid=,gid=staff Now it has changed to: drwxr-xr-x 1 root staff 0 jun 30 19:39 year7 # file: year7 # owner: root # group: staff user::rwx group::r-x other::r-x The acl has been lost. This has been OK until recently. e.g. it worked with beta2. I can work around it by mounting the shares with nfs but then we lose the oplocks. Any ideas anyone? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: mounting cifs on Linux client no longer preserves acl's
On 06/07/12 12:21, steve wrote: mount -t cifs //hh1/reports /mnt -ore,sec=krb5,uid=,gid=staff Retried with: mount -t cifs //hh1/reports /mnt -orw,sec=krb5,uid=,gid=staff Same. So it's not the typo. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Different contexts possible?
Hi, I'm using libsmbclient for a fuse fs. This fuse fs has more than one mountpoint, and can offer more than one browsetrees in different mountpoints. It's also possible that a different context is used, so one as guest, and the other using kerberos, and maybe a third using credentials (file). How can I program this? Do I have to use one context or can I create different context (SMBCCTX) in my program, one for every browse tree. Thanks in advance, Stef Bon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: mounting cifs on Linux client no longer preserves acl's
On 06/07/12 12:21, steve wrote: Version 4.0.0beta4-GIT-8f44389 Hi everyone Up until recently, mounting a share on a Linux client preserved the permissions of the files in the share, but now it doesn't. Here is the same on: Version 4.0.0beta2 mount -t cifs //hh1/reports /mnt -orw,sec=krb5,uid=,gid=staff drwxrws---+ 4 root staff 0 Jun 30 19:39 year7 # file: year7 # owner: root # group: staff # flags: -s- user::rwx user:root:rwx group::rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:group::rwx default:mask::rwx default:other::--- It works fine with the beta2. Would it be possible to 'revert fix' this for the new betas? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Suggestions? Multiple servers/storages one domain
Hi, currently we do have one samba3x-3.5.10-0.109.el5_8 RH EL 5.8 PDC authenticating by our central LDAP server. This PDS also hosts the central fileserver storage for all our +- 600 users, some group shares and roaming profiles. The clients are OS X, Win XP and Win 7. We hope to have all XP 'killed' by end of the year. Furthermore we do have a second stand alone samba server for some projects needing more space and with local smb users. As we think about splitting up the central PDC storage and setting up an other filestorage too, I was researching for the 'best' setup. I wanted to separate the two main user groups to use one server each, so the stuff members do get some more performance. But on the other hand I like to use our current setup as much as possible. So I hoped that there is some tutorial (there are so many ... :) luckily! ) which describes a setup like we are looking for. - We will still have one central LDAP and one domain to login. - If users belong to stuff, they have access to the profile and user files shared by the server 1 - If users belong to students, they have access to the profile and user files shared by the server 2 - Furthermore we do have a third/++ BIG FILES server whose shares can be accessed by users in an user group but authenticate as well by the PDC. May be someone can point me to some tutorials or can give other advises and suggestions? I cant buy new e.g. 10G server/storage hardware, but can use some 'old' some-core-lots-of-RAM-1G systems Thanks a lot and best regards . Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 82 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Jürgen Walter MdL Staatssekretär im Ministerium für Wissenschaft, Forschung und Kunst Baden-Württemberg Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Suggestions? Multiple servers/storages one domain
File storage and user authentication are (sort of) separate issues.I would generally avoid true standalone servers, and still use the domain authentication model as much as possible. The additional servers can be member servers or backup domain controllers. I had trouble keeping user id mappings consistent on member servers (in my environment it is necessary that the id mapping is consistent between all domain controllers and key member servers.) I found it was easier just to make sure that my key storage servers were also domain controllers. This is only two machines . Each domain controller is also an LDAP server. The LDAP servers are configured for replication. Each domain controller therefore uses its own LDAP server for the samba back end. (Nt. I started with samba 3.0.x - newer releases may have simplified idmapping for member servers.) When you configure a samba user, you can specify the absolute path to their profile directory and home directory. #pdbedit -Lv thisuser ... Home Directory: \\server1\users\thisuser HomeDir Drive:X: Logon Script: logon.bat Profile Path: #pdbedit -Lv thatuser ... Home Directory: \\server2\users\thatuser HomeDir Drive:X: Logon Script: logon.bat Profile Path: I then use the login script to map the users home directory drive letter to the appropriate home share. E.g net use x: /delete /y net use x: %homeshare% I believe windows batch files should also have the option to do something similar to if member of group then if you want to have different drive mappings for different groups. I don't use profiles in my network. You need to make sure that each DC has the same logon script files. I also have a drive letter mapped to a top level Projects directory on one server. But then I use dfs links to redirect users to sub directories located on the 2nd servers. server1# cd /export/Projects server1# ls -ld * drwxrwx---+ 37 root group1 42 May 18 09:00 Project1 lrwxrwxrwx 1 root root 19 Feb 11 2011 Project2 - msdfs:server2\Projects\Project2 On 07/06/12 07:55, Götz Reinicke wrote: Hi, currently we do have one samba3x-3.5.10-0.109.el5_8 RH EL 5.8 PDC authenticating by our central LDAP server. This PDS also hosts the central fileserver storage for all our +- 600 users, some group shares and roaming profiles. The clients are OS X, Win XP and Win 7. We hope to have all XP 'killed' by end of the year. Furthermore we do have a second stand alone samba server for some projects needing more space and with local smb users. As we think about splitting up the central PDC storage and setting up an other filestorage too, I was researching for the 'best' setup. I wanted to separate the two main user groups to use one server each, so the stuff members do get some more performance. But on the other hand I like to use our current setup as much as possible. So I hoped that there is some tutorial (there are so many ... :) luckily! ) which describes a setup like we are looking for. - We will still have one central LDAP and one domain to login. - If users belong to stuff, they have access to the profile and user files shared by the server 1 - If users belong to students, they have access to the profile and user files shared by the server 2 - Furthermore we do have a third/++ BIG FILES server whose shares can be accessed by users in an user group but authenticate as well by the PDC. May be someone can point me to some tutorials or can give other advises and suggestions? I cant buy new e.g. 10G server/storage hardware, but can use some 'old' some-core-lots-of-RAM-1G systems Thanks a lot and best regards . Götz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: mounting cifs on Linux client no longer preserves acl's [solved]
On 06/07/12 13:14, steve wrote: On 06/07/12 12:21, steve wrote: Version 4.0.0beta4-GIT-8f44389 This is due to having wide links = Yes unix extensions = Yes in smb.conf Will start another thread. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permission for copied file/dir
On 12-07-04 04:30 PM, J Gao wrote: Hello, everyone, My server is Samba 3.5 on Centos 6.2. It is a stand alone file server and now I have trouble to set the correct permission. My goal is to set 0770 on all the share, including files and directories. here is my smb.conf: [global] workgroup = GEO server string = Kappa - File Server interfaces = lo bond0 192.168.123.29/24 hosts allow = 127. 192.168.123. 192.168.25. 10.66.77. log file = /var/log/samba/log.%m max log size = 1000 security = user passdb backend = tdbsam guest account = nobody map to guest = Bad User remote announce = 192.168.25.255 10.66.77.25 wins support = yes create mask = 0770 ;force security mode = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes [homes] comment = Home Directories browseable = no writable = yes valid users = %S --- Now the client using cifs.mount (Ubuntu 12.04) to mount their home dir and use it to store files. When I test the permission, I observed: 1. If client create a file (or a directory), the the permission is correct to set to 0770; 2. But if copy a file for other location to this Samba share, the permission get transferred. For example, if the local file permission is 0744, it will keep this permission when it copied to the Samba share. Same for the directories. I tried the force security mode = 0770 and security mask = 0770 but without success. Could someone help me please? Thanks a lot. J Gao bump -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4/DNS question
On Fri, 2012-07-06 at 09:31 +0200, Quinn Plattel wrote: Sorry for the double mail. I wasn't sure if it went through the first time. I answered my own question and discovered that samba4 does not use named db files at all but it's own database. Before I was editing named db files to add entries which was actually the wrong way to go about. The correct way was either through Windows DNS Manager or through samba4's samba-tool. There is absolutely no need to create db files at all as named just updates the database though the samba so library. Anybody know of a gui way to update the dns that is not windows based? You can use nsupdate -g (after doing a kinit) or you can use samba-tool dns. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8f44389 s4-classicupgrade: Demote any other 'BDC' accounts back to a member server during upgrade via 2908bbe s4-selftest: Test samba-tool domain dcpromo via 1c86ab9 s4-samba-tool: Provide a samba-tool domain dcpromo that upgrades a member to a DC via c436f98 s4-dsdb: Give a much better error message when parentGUID generation fails via 8b32d9a s4-dsdb: Use parent_object_guid to find the correct parent for new objects from 7abe51f talloc: remove unused variables http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8f443895f20aa6d03fd5ae02cbbc6c3064bf42f4 Author: Andrew Bartlett abart...@samba.org Date: Fri Jul 6 15:40:02 2012 +1000 s4-classicupgrade: Demote any other 'BDC' accounts back to a member server during upgrade This makes it clear that they cannot be a DC until they are upgraded with samba-tool domain dcpromo. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Jul 6 09:59:13 CEST 2012 on sn-devel-104 commit 2908bbe06a3905007864c6caeaa77fb46cc442ef Author: Andrew Bartlett abart...@samba.org Date: Fri Jul 6 15:39:09 2012 +1000 s4-selftest: Test samba-tool domain dcpromo This needs a new environment to test it properly. This requires a raise in the number of socket wrapper interfaces. Andrew Bartlett commit 1c86ab9c5056c457a40dc4c8e3b39c9b940c077b Author: Andrew Bartlett abart...@samba.org Date: Fri Jul 6 15:38:06 2012 +1000 s4-samba-tool: Provide a samba-tool domain dcpromo that upgrades a member to a DC This command is like dcpromo in that it upgrades the existing workstation account to be a domain controller. The SID (and therefore any file ownerships) is preserved. Andrew Bartlett commit c436f986ca67c71fe5d0855a14dfea65942a47fb Author: Andrew Bartlett abart...@samba.org Date: Fri Jul 6 15:36:12 2012 +1000 s4-dsdb: Give a much better error message when parentGUID generation fails commit 8b32d9ad2de96679108fd7bffe804da10a652b2f Author: Andrew Bartlett abart...@samba.org Date: Fri Jul 6 15:35:42 2012 +1000 s4-dsdb: Use parent_object_guid to find the correct parent for new objects This allows the parent to be renmaed while a new object is added on another replica. This rename may also be a delete, in which case we must move it to lostandfound. Andrew Bartlett --- Summary of changes: lib/socket_wrapper/socket_wrapper.c |2 +- selftest/target/Samba.pm|1 + selftest/target/Samba4.pm | 131 ++- source4/dsdb/repl/replicated_objects.c | 11 ++ source4/dsdb/samdb/ldb_modules/operational.c|6 +- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 118 - source4/dsdb/samdb/samdb.h |1 + source4/scripting/python/samba/join.py | 64 +-- source4/scripting/python/samba/netcmd/domain.py | 67 source4/scripting/python/samba/upgrade.py | 14 ++- source4/selftest/tests.py |3 +- 11 files changed, 399 insertions(+), 19 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/socket_wrapper/socket_wrapper.c b/lib/socket_wrapper/socket_wrapper.c index 2c24ab7..44d21fb 100644 --- a/lib/socket_wrapper/socket_wrapper.c +++ b/lib/socket_wrapper/socket_wrapper.c @@ -154,7 +154,7 @@ /* This limit is to avoid broadcast sendto() needing to stat too many * files. It may be raised (with a performance cost) to up to 254 * without changing the format above */ -#define MAX_WRAPPED_INTERFACES 32 +#define MAX_WRAPPED_INTERFACES 40 #ifdef HAVE_IPV6 /* diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm index 72f26a5..ec6fc48 100644 --- a/selftest/target/Samba.pm +++ b/selftest/target/Samba.pm @@ -161,6 +161,7 @@ sub get_interface($) $interfaces{plugindc} = 30; $interfaces{localsubdc} = 31; $interfaces{chgdcpass} = 32; +$interfaces{promotedvdc} = 33; # update lib/socket_wrapper/socket_wrapper.c # #define MAX_WRAPPED_INTERFACES 32 diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index f472bb5..b1998a6 100644 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -966,6 +966,78 @@ sub provision_rpc_proxy($$$) return $ret; } +sub provision_promoted_vampire_dc($$$) +{ + my ($self, $prefix, $dcvars) = @_; + print PROVISIONING VAMPIRE DC...; + + # We do this so that we don't run the provision. That's the job of 'net vampire'. + my $ctx = $self-provision_raw_prepare($prefix, domain controller, +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a49eb60 s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for tcp via 1744e99 s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for np via 997c780 s4-lsarpc: Restrict LookupSids3 to crypto connections only. via 1a12bbd s4-lsarpc: Restrict LookupNames4 to crypto connections only. via 13a7f98 s4-lsarpc: Don't call lsa_OpenPolicy2 in lsa_LookupSids3. via 9fa979c s4-lsaprc: Don't call lsa_OpenPolicy2 in lsa_LookupNames4. via 8e32715 selftest: Update knownfail list for samba4.rpc.lsalookup. via de54047 s4-selftest: Don't run lsarpc requiring a named pipe over tcpip. via 48b30bf s4-selftest: Don't plan lsa.secrets tests over tcpip. via 0b93587 s4-libnet: Skip calling lsarpc functions over a wrong pipe. via 027b913 s4-torture: Call lsarpc tests over the correct pipe. via a070ce3 s4-torture: Don't consider NONE_MAPPED an error in LookupSids3. via 2a46c7f s4-torture: Don't consider NONE_MAPPED an error in LookupNames4. via eeba5ad s4-torture: Add a lsarpc test_GetUserName_fail function. via 5dc5cda s4-torture: Add a lsarpc test_OpenPolicy2_fail function. via 39a13d1 s4-torture: Add a lsarpc test_OpenPolicy_fail function. via 4ece074 s4-torture: Add a lsarpc test_LookupNames4_fail function. via ed7be19 s4-torture: Add a lsarpc test_LookupSids3_fail function. via d37643c s3-lsarpc: Enforce a secure connection for LookupSids3 and LookupNames4. via d1e829b s3-lsarpc: Restrict lsa_LookupNames4 to ncacn_ip_tcp connections. via 426cf36 s3-lsarpc: Restrict lsa_LookupSids3 to ncacn_ip_tcp connections. via bbf70e7 s3-lsarpc: Restrict the transport for ncacn_np functions. via a866dcc s3-rpc: Return the correct ntstatus depending on the transport. via fae6091 s3-rpc_server: Make it possible to use more rpc exceptions. via 81ff67c s3-selftest: Run lsa tests over np and tcpip. via 47e5a8c s4-torture: Test LookupSids3/LookupNames4 over np and tcpip. via 1c46bff s4-torture: Make sure lsa_OpenPolicy2 fails over TCP/IP. via 8bc4d7a s4-torture: Make sure lsa_OpenPolicy fails over TCP/IP. via 22da710 s4-torture: Make sure ncacn_np tests are only called over the a pipe. via 00171a5 s4-torture: Test LookupSids3 and LookupNames4 only over tcpip. via 682277b s4-torture: Use test_LookupSids3 function. via 1000884 s4-torture: Fix build warnings in lsa test. from 8f44389 s4-classicupgrade: Demote any other 'BDC' accounts back to a member server during upgrade http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a49eb60e041a55122ce04ed6f576c2ba09c11fe3 Author: Andreas Schneider a...@samba.org Date: Fri Jun 29 17:59:36 2012 +0200 s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for tcp Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Fri Jul 6 11:50:40 CEST 2012 on sn-devel-104 commit 1744e99d0a339824a4e73038dccd673920f0c7bb Author: Andreas Schneider a...@samba.org Date: Fri Jun 29 17:59:17 2012 +0200 s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for np commit 997c780d24d8f59890ffe92c26107ff4f544a038 Author: Andreas Schneider a...@samba.org Date: Fri Jun 29 16:42:16 2012 +0200 s4-lsarpc: Restrict LookupSids3 to crypto connections only. commit 1a12bbd5d8a328ae91b8513a47e76c4e32607df4 Author: Andreas Schneider a...@samba.org Date: Fri Jun 29 16:41:29 2012 +0200 s4-lsarpc: Restrict LookupNames4 to crypto connections only. commit 13a7f98f9f9a6dd26d0a2ab73ca8d0b40fc441e2 Author: Andreas Schneider a...@samba.org Date: Wed Jun 27 13:45:55 2012 +0200 s4-lsarpc: Don't call lsa_OpenPolicy2 in lsa_LookupSids3. commit 9fa979c9340b004984a615e19415958b3a2d685b Author: Andreas Schneider a...@samba.org Date: Wed Jun 27 13:01:57 2012 +0200 s4-lsaprc: Don't call lsa_OpenPolicy2 in lsa_LookupNames4. commit 8e32715d5ddd9d62987e84012b928197ee3c35ad Author: Andreas Schneider a...@samba.org Date: Thu Jul 5 12:41:44 2012 +0200 selftest: Update knownfail list for samba4.rpc.lsalookup. commit de54047c05e3969f6bbd4ec9269be2879acb5f9b Author: Andreas Schneider a...@samba.org Date: Fri Jul 6 08:04:45 2012 +0200 s4-selftest: Don't run lsarpc requiring a named pipe over tcpip. commit 48b30bfce61e657d55cfc4e0d091e6d21de02b7a Author: Andreas Schneider a...@samba.org Date: Fri Jun 29 17:59:50 2012 +0200 s4-selftest: Don't plan lsa.secrets tests over tcpip. These will only work over a named pipe or ncalrpc. commit 0b93587b7e3d43b32835bf0b76fe4eebef1d4036 Author: Andreas Schneider a...@samba.org Date: Fri Jul 6 00:01:41 2012 +0200 s4-libnet: Skip calling lsarpc functions over a wrong pipe. commit 027b913a25a174790740684269c87d9c26cba2bc Author: Andreas Schneider a...@samba.org Date: Fri
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4654dca s4-selftest: do a dbcheck on our two vampire DCs via f9d9092 s4-dbcheck: Check for an object without a parent via 7782e33 s4-dsdb: Remove unused variables in py_dsdb_get_partitions_dn via 023508e pydsdb: Add bindings for dsdb_wellknown_dn() via 979215a pyldb: Add bindings for ldb_dn_remove_base_components via e4077a8 s4-pydsdb: Add bindings for dsdb_find_nc_root() via 507e6fd s4-pydsdb: Improve PyErr_LDB_{DN,}_OR_RAISE to use py_check_dcerpc_type via 8d99b39 pyldb: Fix dn concat operation to be the other way around via 7285ed5 auth: Common function for retrieving PAC_LOGIN_INFO from PAC from a49eb60 s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for tcp http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4654dcaae77264b50600bfcd592f0d1658af5c32 Author: Andrew Bartlett abart...@samba.org Date: Fri Jul 6 20:55:43 2012 +1000 s4-selftest: do a dbcheck on our two vampire DCs However, due to using --domain-critical-only we have to knownfail the vampire DC here, as we do not fill in the backlinks on non-critical objects correctly. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Jul 6 16:54:10 CEST 2012 on sn-devel-104 commit f9d90922f577dfedfca967e2b7112e0714ea414d Author: Andrew Bartlett abart...@samba.org Date: Fri Jul 6 19:59:09 2012 +1000 s4-dbcheck: Check for an object without a parent Such objects are then moved to the appropriate LostAndFound container, just as they would be if replicated. Andrew Bartlett commit 7782e334b9ce6c0517136ae25be4e4f0629e0059 Author: Andrew Bartlett abart...@samba.org Date: Fri Jul 6 19:58:51 2012 +1000 s4-dsdb: Remove unused variables in py_dsdb_get_partitions_dn commit 023508ed17155309013ec684fa49d2d76d030dd0 Author: Andrew Bartlett abart...@samba.org Date: Fri Jul 6 19:57:58 2012 +1000 pydsdb: Add bindings for dsdb_wellknown_dn() commit 979215ad59e3a1dcb2dddeb1749d8f2eb1a920c3 Author: Andrew Bartlett abart...@samba.org Date: Fri Jul 6 19:57:10 2012 +1000 pyldb: Add bindings for ldb_dn_remove_base_components commit e4077a8ca57c044bdd177dba1cbb81c3b802fe4c Author: Andrew Bartlett abart...@samba.org Date: Fri Jul 6 18:12:58 2012 +1000 s4-pydsdb: Add bindings for dsdb_find_nc_root() commit 507e6fdce520999c5b29b3c98de945c4ff96c9a9 Author: Andrew Bartlett abart...@samba.org Date: Fri Jul 6 20:48:34 2012 +1000 s4-pydsdb: Improve PyErr_LDB_{DN,}_OR_RAISE to use py_check_dcerpc_type This checks the type rather than just dereferencing the pointer. Andrew Bartlett commit 8d99b398d923d924088d4682a97bae38ccda0b0d Author: Andrew Bartlett abart...@samba.org Date: Fri Jul 6 20:41:10 2012 +1000 pyldb: Fix dn concat operation to be the other way around This now concatonates Dn(ldb, cn=config) + Dn(ldb, dc=samba,dc=org) as cn=config,dc=samba,dc=org Andrew Bartlett commit 7285ed586f129d45843f98c359003d9ac88cf5cb Author: Christof Schmitt christof.schm...@us.ibm.com Date: Thu Jul 5 13:17:00 2012 -0700 auth: Common function for retrieving PAC_LOGIN_INFO from PAC Several functions use the same logic as kerberos_pac_logon_info. Move kerberos_pac_logon_info to common code and reuse it to remove the code duplication. Signed-off-by: Andrew Bartlett abart...@samba.org --- Summary of changes: auth/kerberos/kerberos_pac.c| 37 ++ auth/kerberos/pac_utils.h | 10 lib/ldb/pyldb.c | 17 ++- lib/ldb/tests/python/api.py |7 ++- selftest/knownfail |1 + source3/auth/auth_generic.c | 28 +-- source3/libads/authdata.c | 29 +-- source3/utils/ntlm_auth.c | 28 +-- source4/auth/kerberos/kerberos.h|8 --- source4/auth/kerberos/kerberos_pac.c| 37 -- source4/dsdb/pydsdb.c | 72 +-- source4/scripting/python/samba/dbchecker.py | 44 source4/scripting/python/samba/samdb.py |6 ++ source4/selftest/tests.py |2 +- 14 files changed, 195 insertions(+), 131 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_pac.c index eacf39d..80f31d8 100644 --- a/auth/kerberos/kerberos_pac.c +++ b/auth/kerberos/kerberos_pac.c @@ -402,4 +402,41 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx, +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d27a9c4 s3: Fix Coverity ID 709470 Uninitialized scalar variable from 4654dca s4-selftest: do a dbcheck on our two vampire DCs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d27a9c4e432c714765c9b0bb67409f06c7fd7709 Author: Volker Lendecke v...@samba.org Date: Thu Jul 5 20:30:51 2012 +0200 s3: Fix Coverity ID 709470 Uninitialized scalar variable Signed-off-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Fri Jul 6 18:46:06 CEST 2012 on sn-devel-104 --- Summary of changes: source3/lib/pidfile.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/pidfile.c b/source3/lib/pidfile.c index f0c075c..987ab06 100644 --- a/source3/lib/pidfile.c +++ b/source3/lib/pidfile.c @@ -34,7 +34,7 @@ pid_t pidfile_pid(const char *program_name) { int fd; char pidstr[20]; - pid_t pid; + pid_t pid = 0; unsigned int ret; char *name; const char *short_configfile; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 1bbaba8 WHATSNEW: Start release notes for Samba 3.5.17. via 8f4111a VERSION: Bump version up to 3.5.17. from b1a6698 WHATSNEW: Prepare release notes for Samba 3.5.16. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 1bbaba8dffa238692a7efc838d8549e7ee40993c Author: Karolin Seeger ksee...@samba.org Date: Fri Jul 6 20:48:58 2012 +0200 WHATSNEW: Start release notes for Samba 3.5.17. Karolin commit 8f4111a664b63f68af2b62e7b5d3738907d0bc87 Author: Karolin Seeger ksee...@samba.org Date: Fri Jul 6 20:46:01 2012 +0200 VERSION: Bump version up to 3.5.17. Karolin --- Summary of changes: WHATSNEW.txt| 47 +-- source3/VERSION |2 +- 2 files changed, 46 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 1e2ff06..a7333f8 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,47 @@ == + Release Notes for Samba 3.5.17 + August 13, 2012 + == + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.17 include: + +o + + +Changes since 3.5.16: +- + +o Jeremy Allison j...@samba.org +* BUG + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 3.5.16 July 2, 2012 == @@ -103,8 +146,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + == Release Notes for Samba 3.5.15 diff --git a/source3/VERSION b/source3/VERSION index 53fad4d..e19f08e 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=5 -SAMBA_VERSION_RELEASE=16 +SAMBA_VERSION_RELEASE=17 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-stable updated
The branch, v3-5-stable has been updated via 374e761 WHATSNEW: Start release notes for Samba 3.5.17. via 78fbf76 VERSION: Bump version up to 3.5.17. from 5e47111 WHATSNEW: Prepare release notes for Samba 3.5.16. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-stable - Log - commit 374e7617b627a6d54cb2fef4184be02de2e3623a Author: Karolin Seeger ksee...@samba.org Date: Fri Jul 6 20:48:58 2012 +0200 WHATSNEW: Start release notes for Samba 3.5.17. Karolin (cherry picked from commit 1bbaba8dffa238692a7efc838d8549e7ee40993c) commit 78fbf761245cb367cac18d7b84b1c60c7b28c668 Author: Karolin Seeger ksee...@samba.org Date: Fri Jul 6 20:46:01 2012 +0200 VERSION: Bump version up to 3.5.17. Karolin (cherry picked from commit 8f4111a664b63f68af2b62e7b5d3738907d0bc87) --- Summary of changes: WHATSNEW.txt| 47 +-- source3/VERSION |2 +- 2 files changed, 46 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 1e2ff06..a7333f8 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,47 @@ == + Release Notes for Samba 3.5.17 + August 13, 2012 + == + + +This is the latest stable release of Samba 3.5. + +Major enhancements in Samba 3.5.17 include: + +o + + +Changes since 3.5.16: +- + +o Jeremy Allison j...@samba.org +* BUG + + +## +Reporting bugs Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 3.5 product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + + == Release Notes for Samba 3.5.16 July 2, 2012 == @@ -103,8 +146,8 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- + == Release Notes for Samba 3.5.15 diff --git a/source3/VERSION b/source3/VERSION index a6f4f5a..4e4448b 100644 --- a/source3/VERSION +++ b/source3/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=3 SAMBA_VERSION_MINOR=5 -SAMBA_VERSION_RELEASE=16 +SAMBA_VERSION_RELEASE=17 # Bug fix releases use a letter for the patch revision # -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 7a56042 s3: readd h_errno struct member but rename it from 1bbaba8 WHATSNEW: Start release notes for Samba 3.5.17. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 7a56042642409556c492cadd49772bb70fbd974d Author: Björn Jacke b...@sernet.de Date: Thu Jun 10 23:15:19 2010 +0200 s3: readd h_errno struct member but rename it as pointed out by metze this is a structure of fixed size, which should not be changed. (cherry picked from commit a8c051b2f91852b5228d6a903d6a7fd50d22de28) Second part of a fix for bug #9011 (Build on HP-UX broken). --- Summary of changes: nsswitch/winbind_nss_hpux.h |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/winbind_nss_hpux.h b/nsswitch/winbind_nss_hpux.h index 393c0a3..dba70a7 100644 --- a/nsswitch/winbind_nss_hpux.h +++ b/nsswitch/winbind_nss_hpux.h @@ -133,9 +133,9 @@ typedef struct nss_XbyY_args { /* * h_errno is defined as function call macro for multithreaded applications * in HP-UX. *this* h_errno is not used in the HP-UX codepath of our nss - * modules, so let's simply comment it out here: - * int h_errno; + * modules, so let's simply rename it: */ + int h_errno_unused; nss_status_t status; } nss_XbyY_args_t; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4cafbb4 s4-torture: add ntprinting ndr operations testsuite. via 8835eab ntprinting: mark the final 4 byte null pointer for printer data in ndr_pull_ntprinting_printer as read. via 0d3249b ndr: fix push/pull DATA_BLOB with NDR_NOALIGN via 66514f8 ntprinting: make decode_ntprinting helpers public in idl. from d27a9c4 s3: Fix Coverity ID 709470 Uninitialized scalar variable http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4cafbb4e7443779ab1c58581709114db9a7bf918 Author: Günther Deschner g...@samba.org Date: Fri Jul 6 19:02:00 2012 +0200 s4-torture: add ntprinting ndr operations testsuite. Guenther Autobuild-User(master): Günther Deschner g...@samba.org Autobuild-Date(master): Fri Jul 6 20:55:26 CEST 2012 on sn-devel-104 commit 8835eab013ea1c8919dd6aafda090733f6224535 Author: Günther Deschner g...@samba.org Date: Fri Jul 6 18:22:36 2012 +0200 ntprinting: mark the final 4 byte null pointer for printer data in ndr_pull_ntprinting_printer as read. Guenther commit 0d3249b927465fdca1765cbd7e17c947364b5ef0 Author: David Disseldorp dd...@samba.org Date: Fri Jul 6 14:00:27 2012 +0200 ndr: fix push/pull DATA_BLOB with NDR_NOALIGN This change addresses bug 9026. There are 3 use cases for DATA_BLOB marshalling/unmarshalling: 1) ndr_push_DATA_BLOB and ndr_pull_DATA_BLOB when called with LIBNDR_FLAG_ALIGN* alignment flags set, are used to push/pull padding bytes _only_. The length is determined by the alignment required and the current ndr offset. e.g. dcerpc.idl: typedef struct { ... [flag(NDR_ALIGN8)]DATA_BLOB _pad; } dcerpc_request; 2) When called with the LIBNDR_FLAG_REMAINING flag, all remaining bytes in the ndr buffer are pushed/pulled. e.g. dcerpc.idl: typedef struct { ... [flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier; } dcerpc_request; 3) When called without alignment flags, push/pull a uint32 length _and_ a corresponding byte array to/from the ndr buffer. e.g. drsblobs.idl typedef [public] struct { ... DATA_BLOB data; } DsCompressedChunk; The fix for bug 8373 changed the definition of alignment flags, such that when called with LIBNDR_FLAG_NOALIGN ndr_push/pull_DATA_BLOB behaves as (1: padding bytes) rather than (3: uint32 length + byte array). This breaks marshalling/unmarshalling for the following structures. eventlog.idl: typedef [flag(NDR_NOALIGN|NDR_PAHEX),public] struct { ... DATA_BLOB sid; ... } eventlog_Record_tdb; ntprinting.idl: typedef [flag(NDR_NOALIGN),public] struct { ... DATA_BLOB *nt_dev_private; } ntprinting_devicemode; typedef [flag(NDR_NOALIGN),public] struct { ... DATA_BLOB data; } ntprinting_printer_data; Signed-off-by: Günther Deschner g...@samba.org commit 66514f8bbe5f9e2dcd8be90450ef339305a3161c Author: Günther Deschner g...@samba.org Date: Fri Jul 6 18:04:33 2012 +0200 ntprinting: make decode_ntprinting helpers public in idl. Guenther --- Summary of changes: librpc/idl/ntprinting.idl|6 +- librpc/ndr/ndr_basic.c | 34 ++- librpc/ndr/ndr_ntprinting.c |1 + source4/torture/ndr/ndr.c|1 + source4/torture/ndr/ntprinting.c | 440 ++ source4/torture/wscript_build|2 +- 6 files changed, 468 insertions(+), 16 deletions(-) create mode 100644 source4/torture/ndr/ntprinting.c Changeset truncated at 500 lines: diff --git a/librpc/idl/ntprinting.idl b/librpc/idl/ntprinting.idl index 9098291..7013566 100644 --- a/librpc/idl/ntprinting.idl +++ b/librpc/idl/ntprinting.idl @@ -26,7 +26,7 @@ interface ntprinting uint32 bottom; } ntprinting_form; - void decode_ntprinting_form( + [public] void decode_ntprinting_form( [in] ntprinting_form form ); @@ -46,7 +46,7 @@ interface ntprinting [flag(STR_UTF8|STR_NOTERM|NDR_REMAINING)] string_array dependent_files; } ntprinting_driver; - void decode_ntprinting_driver( + [public] void decode_ntprinting_driver( [in] ntprinting_driver driver ); @@ -146,7 +146,7 @@ interface ntprinting ntprinting_printer_data printer_data[count]; } ntprinting_printer; - void decode_ntprinting_printer( + [public] void decode_ntprinting_printer( [in]
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via f8ed881 s3: fix build without ads support from 7a56042 s3: readd h_errno struct member but rename it http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit f8ed8815adc6acc42bab2f1b69085dcda8bb9894 Author: Björn Jacke b...@sernet.de Date: Mon Jul 2 00:46:06 2012 +0200 s3: fix build without ads support when we have no ads support we don't have the ads_get_sid_token symbol used in this unused code :-) this is the backport of 43c56dc4255a7a6cbd176e6ae66a7652c6d72d2c Fix bug #8996 - build without ads support (e.g. plain solaris 8) broken. --- Summary of changes: libgpo/gpo_util.c |7 --- 1 files changed, 4 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/libgpo/gpo_util.c b/libgpo/gpo_util.c index 7a23b5c..4e0c8ab 100644 --- a/libgpo/gpo_util.c +++ b/libgpo/gpo_util.c @@ -840,6 +840,7 @@ ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads, const char *dn, NT_USER_TOKEN **token) { +#ifdef HAVE_ADS NT_USER_TOKEN *ad_token = NULL; ADS_STATUS status; #if _SAMBA_BUILD_ == 4 @@ -848,9 +849,6 @@ ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads, NTSTATUS ntstatus; #endif -#ifndef HAVE_ADS - return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED); -#endif status = ads_get_sid_token(ads, mem_ctx, dn, ad_token); if (!ADS_ERR_OK(status)) { return status; @@ -866,4 +864,7 @@ ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads, } #endif return ADS_SUCCESS; +#else + return ADS_ERROR_NT(NT_STATUS_NOT_SUPPORTED); +#endif } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 3abaa9d s3:vfs_gpfs: be less verbose in get/set_xattr functions from bea2d3d s3-vfs_gpfs: Fix bug #9003, posix acl on gpfs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 3abaa9dd8a2af9497dfc6afd6f93a638956c1c3a Author: Stefan Metzmacher me...@samba.org Date: Thu Dec 22 14:20:32 2011 +0100 s3:vfs_gpfs: be less verbose in get/set_xattr functions metze Signed-off-by: Christian Ambach a...@samba.org (cherry picked from commit 2e95d8048b9e9c7025ddada7ede15494e6016ba9) Fix bug #9022 - vfs_gpfs is very verbose in get/set_xattr functions. --- Summary of changes: source3/modules/vfs_gpfs.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 0c86ea8..7bc2832 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -950,7 +950,7 @@ static int gpfs_set_xattr(struct vfs_handle_struct *handle, const char *path, /* Only handle DOS Attributes */ if (strcmp(name,SAMBA_XATTR_DOS_ATTRIB) != 0){ - DEBUG(1, (gpfs_set_xattr:name is %s\n,name)); + DEBUG(5, (gpfs_set_xattr:name is %s\n,name)); return SMB_VFS_NEXT_SETXATTR(handle,path,name,value,size,flags); } @@ -1026,7 +1026,7 @@ static ssize_t gpfs_get_xattr(struct vfs_handle_struct *handle, const char *pat /* Only handle DOS Attributes */ if (strcmp(name,SAMBA_XATTR_DOS_ATTRIB) != 0){ -DEBUG(1, (gpfs_get_xattr:name is %s\n,name)); + DEBUG(5, (gpfs_get_xattr:name is %s\n,name)); return SMB_VFS_NEXT_GETXATTR(handle,path,name,value,size); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via 4c8fdb5 s3:vfs_gpfs: be less verbose in get/set_xattr functions from f8ed881 s3: fix build without ads support http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit 4c8fdb5ce7ad0d966b3de23a1052191645b6635b Author: Stefan Metzmacher me...@samba.org Date: Thu Dec 22 14:20:32 2011 +0100 s3:vfs_gpfs: be less verbose in get/set_xattr functions metze Signed-off-by: Christian Ambach a...@samba.org (cherry picked from commit 2e95d8048b9e9c7025ddada7ede15494e6016ba9) Fix bug #9022 - vfs_gpfs is very verbose in get/set_xattr functions. (cherry picked from commit 3abaa9dd8a2af9497dfc6afd6f93a638956c1c3a) --- Summary of changes: source3/modules/vfs_gpfs.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index ecfa60a..c80b9e5 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -935,7 +935,7 @@ static int gpfs_set_xattr(struct vfs_handle_struct *handle, const char *path, /* Only handle DOS Attributes */ if (strcmp(name,SAMBA_XATTR_DOS_ATTRIB) != 0){ - DEBUG(1, (gpfs_set_xattr:name is %s\n,name)); + DEBUG(5, (gpfs_set_xattr:name is %s\n,name)); return SMB_VFS_NEXT_SETXATTR(handle,path,name,value,size,flags); } @@ -989,7 +989,7 @@ static ssize_t gpfs_get_xattr(struct vfs_handle_struct *handle, const char *pat /* Only handle DOS Attributes */ if (strcmp(name,SAMBA_XATTR_DOS_ATTRIB) != 0){ -DEBUG(1, (gpfs_get_xattr:name is %s\n,name)); + DEBUG(5, (gpfs_get_xattr:name is %s\n,name)); return SMB_VFS_NEXT_GETXATTR(handle,path,name,value,size); } -- Samba Shared Repository