[Samba] Samba4: how to build on Virtualbox
Hi everyone VB with openSUSE 12.1 guest and host, guest with 512Mb RAM. Samba4 takes over 6 hours to build on the guest. The host does it in around 30 minutes even when the guest is fired up. I tried to rsync a build from the host to the guest but that takes forever too. Any tips? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] DFS strange behavior
Hello list, Im facing a strange (?) behavior in MS office applications while working on a DFS share that only appeared after we migrated from Samba 3.0.14 to samba 3.5.10. Scenario: Server-loc1 and server-loc2 have two shares : data and data$ data points to a dfs root share in which exists a directory for multiple geographic locations which are a msdfs link, loc1 points to \\server-loc1\data$ and loc2 points to \\server-loc2\data$ data$ is a local directory Both shares get mapped: R: - \\server-loc1\data P: - \\server-loc1\\data$ If a user browses R:\ he will see two directories loc1 and loc2, and that way he can access either location. So, if he clicks on r:\loc1\ he will be taken to r:\loc1 which is in fact \\server-loc\data$ This works just fine in almost every application except those in office 2007. If the user browses R inside any MS Office application, if he clicks in r:\loc1 the location switchs to P: This causes issues mainly in linked documents, as the link reference becomes P: instead of R:\loc1, preventing users at loc2 from accessing the links, since at loc2 P:\ is equivalent to R:\loc2, not R:\loc1 Is this the expected behavior? Sorry if this is too confusing. If anyone can help, but needs clarification Ill be glad to try to explain it in another way. TIA, Bruno Guerreiro Confidencialidade: Esta mensagem (e eventuais ficheiros anexos) é destinada exclusivamente às pessoas nela indicadas e tem natureza confidencial. Se receber esta mensagem por engano, por favor contacte o remetente e elimine a mensagem e ficheiros, sem tomar conhecimento do respectivo conteúdo e sem reproduzi-la ou divulgá-la. Confidentiality Warning: This e-mail message (and any attached files) is confidential and is intended solely for the use of the individual or entity to whom it is addressed. lf you are not the intended recipient of this message please notify the sender and delete and destroy all copies immediately. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] rsync folder permissions
Em 22-07-2012 05:13, steve escreveu: I'm trying to rsync our filserver to a USB backup. When I first start, all the folders are created with root:root ownership whereas the actual owners are root:Domain Users or root: one.of.our.groups Eventually, the groups show correctly, but not always. My question is, when rsync creates the new directories, does it respect user and group all the way along or must we wait for the end of the rsync to find out? Issue the command 'man rsync' and take a look what the -a switch does. It acts as if many other switches were issued. Take a look at each, specially -p. Good luck. -- *Marcio Merlone* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] error in join a RODC (samba4)
Hi Andrew, Em Dom, 2012-07-22 às 22:06 +1000, Andrew Bartlett escreveu: On Fri, 2012-07-20 at 12:04 -0300, Luiz Gustavo wrote: Hi list, I'm trying to add a RODC in an AD environment using the command: Is this joining a Samba4 domain, or a Microsoft AD domain? Yes, all with Samba4 domain (environment with 3 DC's) /usr/local/samba4# bin/samba-tool domain join ad.x.com.br RODC -UAdministrator --realm=ad.x.com.br -W X But I'm getting this error: ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - Failed to find GUID for DC=DomainDnsZones,DC=ad,DC=x,DC=com,DC=br File /usr/local/samba4/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 160, in _run return self.run(*args, **kwargs) File /usr/local/samba4/lib/python2.7/site-packages/samba/netcmd/domain.py, line 262, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba4/lib/python2.7/site-packages/samba/join.py, line 1019, in join_RODC ctx.do_join() File /usr/local/samba4/lib/python2.7/site-packages/samba/join.py, line 956, in do_join ctx.join_add_objects() File /usr/local/samba4/lib/python2.7/site-packages/samba/join.py, line 513, in join_add_objects ctx.join_add_ntdsdsa() File /usr/local/samba4/lib/python2.7/site-packages/samba/join.py, line 438, in join_add_ntdsdsa ctx.samdb.add(rec, [rodc_join:1:1]) I am using a DC with the provision by using the parameter --dns-backend=BIND9_FLATFILE Using provision with samba_dlz, samba-tool can join the RODC without problems, but I can not use the dynamic dns update. If this is starting with a Samba4 domain with the flat file DNS, we probably need to work out if we have DNS partitions before we attempt to replicate them. Can you file a bug so I don't forget? Sure, I also need to understand why the dns samba_dlz does not work in an environment with freebsd Thanks, Andrew Bartlett Thanks -- Luiz Gustavo Costa (Powered by BSD) *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ mundoUnix - Consultoria em Software Livre http://www.mundounix.com.br ICQ: 2890831 / MSN: cont...@mundounix.com.br Tel: 55 (21) 4063-7110 / 8194-1905 / (11) 4063-0407 Blog: http://www.luizgustavo.pro.br -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] rsync folder permissions
On 23/07/12 13:41, Marcio Merlone wrote: Em 22-07-2012 05:13, steve escreveu: I'm trying to rsync our filserver to a USB backup. When I first start, all the folders are created with root:root ownership whereas the actual owners are root:Domain Users or root: one.of.our.groups Eventually, the groups show correctly, but not always. My question is, when rsync creates the new directories, does it respect user and group all the way along or must we wait for the end of the rsync to find out? Issue the command 'man rsync' and take a look what the -a switch does. It acts as if many other switches were issued. Take a look at each, specially -p. Good luck. -- *Marcio Merlone* Hi Hi Marcio, hi everyone Yes. I was missing the -a switch: rsync -auzv source destination works fine but I found that the owner and group are not synced until the last moment. Impatience perhaps. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Suspicious activity on domain
On Mon, 2012-07-16 at 14:02 -0400, Ludovic Rouse-Lamarre wrote: Hello, Last week I have detected with Zabbix that a member of my Samba domain had been downloading at a rate of around 8 Mbps for two days and a half. When asking the person to whom belonged the machine, he didn't know he was downloading anything but he said he had observed his machine had slowed down since then. I took a tcpdump of the traffic before terminating his session on Windows XP. I checked and there wasn't any large amount of data on his hard drive as the total drive capacity was 80GiB and there was 30GiB free. One of the oddities for me was that the bandwidth was being consumed through port tcp 139 of the Samba machine. Normally data is downloaded on port tcp 445. Another oddity is that when I put together some of the names in the trace from tcpdump, I can reconstitute names of files on the server. Unless I'm mistaken this type of information shouldn't be circulating on port 139? The services available on port 139 and 445 are essentially identical. Neither should be exposed to the internet. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 AD What's the difference between a Domain and a Forest
A forest contains one or tree, with each tree containing one or more domains. In an AD, you need at least one forest. You would have additional branches if you needed a different top level DNS space. Domains are trusted and trusting. When you install active directory on a server it will ask if you are joining a domain, setting up a new domain in existing tree, or setting up a new tree (and domain) in an existing forest, or creating a whole new forest. On 07/21/12 15:39, steve wrote: Is a Forest more than one domain joined? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Strange behaviour of clients after changing Full Name via pdbedit
Hallo, after having changed the Full Name of a user via pdbedit the user profile of this user is not loaded properly any more by the XP clients. So we renamed again back to the original Full Name and the profile could be loaded. However, something went wrong All settings like network drives were gone. Then we restored the whole profile folder from backup (The user was logged out). Again, however, we got troubles. Situation didn´t change. The profile was loaded but the settings still were gone. We had to restore the drives manually. In Addition now the client has only an English keybord layout and there is no possibility to get the original German one back. There is nothing to see in the systray nor can the classical view of the control panel be switched on to change keybord layout for this specific user. The local Admin can change everything and has the right keyboard layout. We had to change the Full Name of this user, because Windows 7 doesn´t support Umlauts in Full Name and we want to move this user from XP now to Windows 7 in near future. Our samba version is 3.5.6 on a debian squeeze system. Thanks in advance Harry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4: how to build on Virtualbox
VB with openSUSE 12.1 guest and host, guest with 512Mb RAM. Samba4 takes over 6 hours to build on the guest. The host does it in around 30 minutes even when the guest is fired up. I tried to rsync a build from the host to the guest but that takes forever too. Any tips? I usually give a guest 3+ GB of ram if it will be building anything. Can you increase that? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved]
Hi, I have now managed to succeed in doing passwordless ssh logins via kerberos/samba4 without the GSSAPIStrictAcceptorCheck trick or hacking the krb5.keytab file. My samba4 setup is actually a bit special compared to a normal samba4 setup in that I am running samba4 on top of a corosync/pacemaker high availability cluster. It does complicate things a bit in that samba4 is running on a machine with more than one hostname and ip address. I wanted samba4 to run on a virtual ip/hostname using corosync. Whenever a node become the primary node in a cluster, it automatically allocates a virtual ip by doing an ip alias. So for example, eth0 would have a normal ip fx 10.0.0.1, but when this machine became the active node, it would also have a eth0:0 with ip fx, 10.0.0.10 and samba4/bind9/whatever services would bind only to that virtual ip address. Unfortunately, some services such as sshd queries the hostname of the name and that usually does not match the virtual hostname - hence we get Wrong principal in request. The solution was to make the active node temporarily have the same hostname as the virtual hostname. So anyways, here are the required items for passwordless ssh to work with kerberos: - on the machine where sshd runs, make sure the command hostname -f returns the correct fully qualified domain name that you want to connect to via ssh - on the machine where sshd runs, make sure you have a valid krb5.keytab file in /etc/ - (sshd looks for it) - on the machine where sshd runs, make sure you have host/fully qualified domain name exported to the /etc/krb5.keytab samba-tool domain exportkeytab /etc/krb5.keytab --principal=host/cofil01.mydomain.net Note: You don't need to have an existing krb5.keytab for samba-tool domain exportkeytab to work. So a minimal sshd working keytab would have this using klist -ke /etc/krb5.keytab: Keytab name: FILE:krb5.keytab KVNO Principal -- 1 host/cofil01.mydomain.net @ MYDOMAIN.NET (des-cbc-crc) 1 host/cofil01.mydomain.net @ MYDOMAIN.NET (des-cbc-md5) 1 host/cofil01.mydomain.net @ MYDOMAIN.NET (arcfour-hmac) Remember to do a kinit user before doing a ssh -l user server if you are not using a Single Sign On solution. Hope this helps other people with there kerberos hacking! :-) br, Quinn On Thu, Jul 19, 2012 at 9:34 PM, Ritter, Marcel - RRZE marcel.rit...@rrze.fau.de wrote: Hi Quinn, Maybe I can help with this: That's it. Now I just have to see if I can get a host/ server.mydomain.net principal into the samba domain somehow. I just tried to get rid of the GSSAPIStrictAcceptorCheck no option myself on the Samba 4 DC - while still using GSSAPI based ssh login. Doing this involves a very, very dirty hack: 1. Copy samba 4 secrets.keytab to /etc/krb5.keytab (this one contains upper case HOST/ principals). 2. Principal names are stored as strings in the keytab, so let's use sed to turn upper into lower case (yes I know, this is very, very dirty - but it's just a prove of what I suspected): sed -i s+HOST+host+g /etc/krb5.keytab 3. Remove the GSSAPIStrictAcceptorCheck no option from sshd_config and restart sshd. 4. Try to log in using ssh - works for me (and I hope for everyone else). Somehow MS AD and therefore Samba 4 seem to treat principals case insensitive, while standard kerberos implementations are case sensitive. BTW: klist reports a host/... principal (lower case), after trying a GSSAPI ssh login - so this is the principal sent by ssh to the server, that looks for a match in krb5.keytab - and fails because by default we only have HOST/... principal there. I guess the easiest way would be to store principals in lower case only during a provision run of samba4. This may however cause other problems - I guess some samba core developer needs to have a look at this. But the only principal I ever encountered, that needed to be upper case was the HTTP/ one ... Hope this helps, Marcel -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Quinn Plattel Gesendet: Donnerstag, 19. Juli 2012 16:23 An: samba Betreff: Re: [Samba] How do I get an ssh client to authenticate with samba4's kerberos GSSAPI? [Solved] Hi, Using the following tutorials: https://help.ubuntu.com/community/SingleSignOn https://help.ubuntu.com/community/Kerberos I have now managed to get passwordless ssh logins via kerberos working (without using the /etc/ssh/sshd_config parameter GSSAPIStrictAcceptorCheck no) on a normal kerberos server setup. I learned from this that ssh requires host/server.mydomain.net @ MYDOMAIN.NET in the principal database and also exported to a keytab located on the server which sshd is running in the location /etc/krb5.keytab. On the client, /etc/ssh/ssh_config requires at least
Re: [Samba] Strange behaviour of clients after changing Full Name via pdbedit
Are network drives handled by a login script? If the network script tries to use the username variable to map drives, changing name could break somthing. Are these roaming profiles or local? For local profiles, the local profile name should match the user name. Did that change? Can you check the perms on the local profile directory? On 07/23/12 08:23, Dr. Harry Knitter wrote: Hallo, after having changed the Full Name of a user via pdbedit the user profile of this user is not loaded properly any more by the XP clients. So we renamed again back to the original Full Name and the profile could be loaded. However, something went wrong All settings like network drives were gone. Then we restored the whole profile folder from backup (The user was logged out). Again, however, we got troubles. Situation didn´t change. The profile was loaded but the settings still were gone. We had to restore the drives manually. In Addition now the client has only an English keybord layout and there is no possibility to get the original German one back. There is nothing to see in the systray nor can the classical view of the control panel be switched on to change keybord layout for this specific user. The local Admin can change everything and has the right keyboard layout. We had to change the Full Name of this user, because Windows 7 doesn´t support Umlauts in Full Name and we want to move this user from XP now to Windows 7 in near future. Our samba version is 3.5.6 on a debian squeeze system. Thanks in advance Harry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 4 on Production
We're involved in a project that the requirements could be satisfied with both samba3 and 4. Anyway I am testing what can be done with Samba4 and after following the tutorial published in the official wiki, I was able to create my test domain, and join WinXP and Win7 machines to it without a problem. I still need to test the GPO functionality, and some other stuff, but before continuing with that testing, I would like to as you, what do you thing about using samba4 in a network with about 700 computers (mixed between WinXP, Vista, 7 and 2000) and about the same amount of users. Will it be stable enough? can I 'trust' samba for such network? Thanks a lot in advance! -- Horacio Agustin Lo Brutto horac...@issecurity.com.ar Rondeau 2575 | Distrito Tecnológico | C.A.B.A – Argentina Móvil: 54 9 11 6105 3898 | Tel. 54 11 4942 6877 www.issecurity.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 on Production
Horacio I had a Samba4 (4.0.0beta2-GIT) installation in production, with 40 something workstations with WinXP, Vista y 7 and a couple servers with windows 2008 and 2003 server. To this time it had worked pretty fine, i only have some issues related with ACL, some of them more related with mixed permissions on Linux filesystem. We use GPO to control some windows features at workstation level and the WSUS policies it works as expected. On your enviroment i think that should consider some kind redundancy, maybe a slave DC. German Molano El 23/07/12 10:13, Horacio Lo Brutto escribió: We're involved in a project that the requirements could be satisfied with both samba3 and 4. Anyway I am testing what can be done with Samba4 and after following the tutorial published in the official wiki, I was able to create my test domain, and join WinXP and Win7 machines to it without a problem. I still need to test the GPO functionality, and some other stuff, but before continuing with that testing, I would like to as you, what do you thing about using samba4 in a network with about 700 computers (mixed between WinXP, Vista, 7 and 2000) and about the same amount of users. Will it be stable enough? can I 'trust' samba for such network? Thanks a lot in advance! -- Horacio Agustin Lo Brutto horac...@issecurity.com.ar Rondeau 2575 | Distrito Tecnológico | C.A.B.A – Argentina Móvil: 54 9 11 6105 3898 | Tel. 54 11 4942 6877 www.issecurity.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Group permissions issues with winbind on
Simple group permissions don't seem to work when winbind is running and smb.conf has nt acl support = yes If you have a directory that is writeable by a group you are a member of - but you are not the file owner - you cannot delete any files underneath the directory (even if you do own them). However you can edit and save the files - just not delete them. This also applies when using an extended ACL for the group, viz: mkdir test setfacl -m o::0,d:o::0,g::rwx,d:g::rwx test chown user2:mygroup test running getfacl test shows - file: test owner: user2 group: mygroup user::rwx group::rwx other::--- default:user::rwx default:group::rwx default:other::--- However this results in Windows 7 returning the error You do not have permission to access this even though I am also a member of mygroup. Stopping winbind or changing smb.conf to nt acl support = off makes it work correctly. Access under Linux works as expected. Can anyone shed light on this or point me to a fix? Cheers This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender and delete the original. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Suspicious activity on domain
Just a guess. The user's virus scanner decided to scan your server. On 7/16/12, Ludovic Rouse-Lamarre ludovic.rouse-lama...@xyzcivitas.com wrote: Hello, Last week I have detected with Zabbix that a member of my Samba domain had been downloading at a rate of around 8 Mbps for two days and a half. When asking the person to whom belonged the machine, he didn't know he was downloading anything but he said he had observed his machine had slowed down since then. I took a tcpdump of the traffic before terminating his session on Windows XP. I checked and there wasn't any large amount of data on his hard drive as the total drive capacity was 80GiB and there was 30GiB free. One of the oddities for me was that the bandwidth was being consumed through port tcp 139 of the Samba machine. Normally data is downloaded on port tcp 445. Another oddity is that when I put together some of the names in the trace from tcpdump, I can reconstitute names of files on the server. Unless I'm mistaken this type of information shouldn't be circulating on port 139? Here is the version of Samba: Samba version 3.4.9 Here is a sample of the trace from tcpdump: 17:46:35.838212 IP pdc-canix.xyzcivitas.com.netbios-ssn GBY-PC-125.xyzcivitas.com.1026: Flags [P.], ack 123157, win 65535, length 1239 NBT Session Packet: Unknown packet type 0x38Data: (41 bytes) [000] D5 F1 4E 73 4E 02 00 00 FB 04 00 00 2E 00 00 00 \0xd5\0xf1NsN\0x02\0x00\0x00 \0xfb\0x04\0x00\0x00.\0x00\0x00\0x00 [010] 00 00 00 00 01 00 00 00 00 00 64 40 43 32 32 30 \0x00\0x00\0x00\0x00\0x01\0x00\0x00\0x00 \0x00\0x00d@C220 [020] 30 38 2D 30 37 2D 32 33 5F 08-07-23 _ 17:46:35.842050 IP GBY-PC-125.xyzcivitas.com.1026 pdc-canix.xyzcivitas.com.netbios-ssn: Flags [.], ack 7980391, win 65535, length 0 17:46:35.842313 IP GBY-PC-125.xyzcivitas.com.1026 pdc-canix.xyzcivitas.com.netbios-ssn: Flags [P.], ack 7981630, win 64296, length 63 NBT Session Packet: Session Message 17:46:35.842446 IP pdc-canix.xyzcivitas.com.netbios-ssn GBY-PC-125.xyzcivitas.com.1026: Flags [.], ack 123220, win 65535, length 1460 NBT Session Packet: Session Message 17:46:35.842460 IP pdc-canix.xyzcivitas.com.netbios-ssn GBY-PC-125.xyzcivitas.com.1026: Flags [.], ack 123220, win 65535, length 1460 NBT Session Packet: Unknown packet type 0x70Data: (41 bytes) [000] 63 50 4B 01 02 14 0B 14 00 00 00 08 00 80 96 F7 cPK\0x01\0x02\0x14\0x0b\0x14 \0x00\0x00\0x00\0x08\0x00\0x80\0x96\0xf7 [010] 38 63 04 52 FB 4E 02 00 00 FB 04 00 00 2E 00 00 8c\0x04R\0xfbN\0x02\0x00 \0x00\0xfb\0x04\0x00\0x00.\0x00\0x00 [020] 00 00 00 00 00 01 00 00 00 \0x00\0x00\0x00\0x00\0x00\0x01\0x00\0x00 \0x00 17:46:35.842472 IP pdc-canix.xyzcivitas.com.netbios-ssn GBY-PC-125.xyzcivitas.com.1026: Flags [P.], ack 123220, win 65535, length 1239 NBT Session Packet: Session Message 17:46:35.846333 IP GBY-PC-125.xyzcivitas.com.1026 pdc-canix.xyzcivitas.com.netbios-ssn: Flags [.], ack 7984550, win 65535, length 0 17:46:35.846580 IP GBY-PC-125.xyzcivitas.com.1026 pdc-canix.xyzcivitas.com.netbios-ssn: Flags [P.], ack 7985789, win 64296, length 63 NBT Session Packet: Session Message 17:46:35.846692 IP pdc-canix.xyzcivitas.com.netbios-ssn GBY-PC-125.xyzcivitas.com.1026: Flags [.], ack 123283, win 65535, length 1460 NBT Session Packet: Session Message 17:46:35.846701 IP pdc-canix.xyzcivitas.com.netbios-ssn GBY-PC-125.xyzcivitas.com.1026: Flags [.], ack 123283, win 65535, length 1460 NBT Session Packet: Unknown packet type 0x12Data: (41 bytes) [000] 01 00 0B 14 01 00 32 00 00 00 00 00 00 00 00 00 \0x01\0x00\0x0b\0x14\0x01\0x002\0x00 \0x00\0x00\0x00\0x00\0x00\0x00\0x00\0x00 [010] 00 00 00 00 40 A6 59 32 32 30 30 38 2D 30 37 2D \0x00\0x00\0x00\0x00@\0xa6Y2 2008-07- [020] 32 33 5F 4C 31 2F 53 68 65 23_L1/Sh e 17:46:35.846707 IP pdc-canix.xyzcivitas.com.netbios-ssn GBY-PC-125.xyzcivitas.com.1026: Flags [P.], ack 123283, win 65535, length 1239 NBT Session Packet: Unknown packet type 0x66Data: (41 bytes) [000] 6F 72 64 2F 41 4C 5F 33 39 5F 34 31 33 5F 38 37 ord/AL_3 9_413_87 [010] 38 5F 30 30 31 5F 41 66 69 63 68 43 70 63 2E 68 8_001_Af ichCpc.h [020] 74 6D 50 4B 01 02 14 0B 14 tmPK\0x01\0x02\0x14\0x0b \0x14 17:46:35.850610 IP GBY-PC-125.xyzcivitas.com.1026 pdc-canix.xyzcivitas.com.netbios-ssn: Flags [.], ack 7988709, win 65535, length 0 17:46:35.850826 IP GBY-PC-125.xyzcivitas.com.1026 pdc-canix.xyzcivitas.com.netbios-ssn: Flags [P.], ack 7989948, win 64296, length 63 NBT Session Packet: Session Message 17:46:35.850954 IP pdc-canix.xyzcivitas.com.netbios-ssn GBY-PC-125.xyzcivitas.com.1026: Flags [.], ack 123346, win 65535, length 1460 NBT Session Packet: Session Message 17:46:35.850968 IP pdc-canix.xyzcivitas.com.netbios-ssn GBY-PC-125.xyzcivitas.com.1026: Flags [.], ack 123346, win 65535, length 1460 NBT Session Packet: Unknown packet type 0x30Data: (41 bytes) [000] 30 38 2D 30 37 2D 32 33 5F 4C 31 2F 53 68 65
Re: [Samba] Samba 4 on Production
El 23/07/12 10:46, Horacio Lo Brutto escribió: Yes, in fact that was one of the things I haven't mentioned. We're going with either to physical servers (nice ones) or with Blades + VMWare ESXi. We will build a redundant pair of servers. I am a little concerned about the amount of users / machines, and therefore GPOs that would need to be configured / applied in order to support such network. The only consideration of GPO scalability is that GPOs are shared objects on a folder, so you have to secure the availability to the workstations. I am interested in more details regarding the ACL issues you have. What kind of issues you see? The default Linux mount options could not support store windows file ACL attributes. There are recomended file systems for that task like XFS. Regarding the linux permissions / file system. are you working with Samba as the file server as well ? (the files resides on a linux box?, that's what I mean) Syncing the groups that you create inside Active Directory with the ACL stored would be easy or sometimes a tricky task. You could search the forum about this. Thanks a lot! On Mon, Jul 23, 2012 at 12:35 PM, German Molano gmol...@ignios.net mailto:gmol...@ignios.net wrote: Horacio I had a Samba4 (4.0.0beta2-GIT) installation in production, with 40 something workstations with WinXP, Vista y 7 and a couple servers with windows 2008 and 2003 server. To this time it had worked pretty fine, i only have some issues related with ACL, some of them more related with mixed permissions on Linux filesystem. We use GPO to control some windows features at workstation level and the WSUS policies it works as expected. On your enviroment i think that should consider some kind redundancy, maybe a slave DC. German Molano El 23/07/12 10:13, Horacio Lo Brutto escribió: We're involved in a project that the requirements could be satisfied with both samba3 and 4. Anyway I am testing what can be done with Samba4 and after following the tutorial published in the official wiki, I was able to create my test domain, and join WinXP and Win7 machines to it without a problem. I still need to test the GPO functionality, and some other stuff, but before continuing with that testing, I would like to as you, what do you thing about using samba4 in a network with about 700 computers (mixed between WinXP, Vista, 7 and 2000) and about the same amount of users. Will it be stable enough? can I 'trust' samba for such network? Thanks a lot in advance! -- Horacio Agustin Lo Brutto horac...@issecurity.com.ar mailto:horac...@issecurity.com.ar Rondeau 2575 | Distrito Tecnológico | C.A.B.A – Argentina Móvil: 54 9 11 6105 3898 | Tel. 54 11 4942 6877 www.issecurity.com.ar http://www.issecurity.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- *Descripción: Descripción: Descripción: IS_mail_sign* *Horacio Agustin Lo Brutto *_horac...@issecurity.com.ar mailto:guiller...@issecurity.com.ar_ Rondeau 2575 | Distrito Tecnológico | C.A.B.A – Argentina Móvil: 54 9 11 6105 3898 | Tel. 54 11 4942 6877 www.issecurity.com.ar http://www.issecurity.com.ar/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Failing to get uids from AD
It looks like uidNumber is the attribute that gets set (I've queried it with ldapsearch). This is what AD Users Computers sets when I use their GUI to configure a user. thanks, -Nick On Jul 17, 2012, at 6:00 PM, Rob Townley wrote: Precisely what ldap attribute are you setting user id numbers in AD? You may want to check. There are numerous attribute names that include uid and gid, but you need the correct one. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] mount.cifs ms dfs and failover
Hello, I can't find any reference on if linux understands multiple targets when it mounts a MS dfs share, specifically if it can failover. I can mount a MS dfs share fine, however if the server picked is shutdow the mount hangs. I tried it on a recent ubuntu to discount the enterprise lag. am I missing something or is it not working -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Failing to get uids from AD
Thanks Steve. I don't have an 'objectClass: posixAccount' set, though I'm unclear whether that's needed. My nsswitch.conf is set as: passwd: files winbind I'm not trying to use the generic LDAP mechanism.. I'm trying to get Winbind to talk to AD. I suspect it will look for different attributes than the ldap modules would look for. cheers, -Nick On Jul 18, 2012, at 1:15 AM, steve wrote: On 18/07/12 03:00, Rob Townley wrote: Precisely what ldap attribute are you setting user id numbers in AD? You may want to check. There are numerous attribute names that include uid and gid, but you need the correct one. Hi In AD we have: objectClass: posixAccount and uidNumber: xyz with /etc/nsswitch.conf conatining: passwd: compat ldap nss-ldapd (for example) pulls the uidNumber fine using: getent passwd Is that what we are talking about? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba: read-only remote LDAP + additional local users
Hi all, my server has access to a read-only remote LDAP-server where information about 99% of user accounts is residing. On my server I want to configure Samba to use LDAP-sever for authentication. Now and then there will be some extra users that do not have an account on LDAP. How should I manage their authentication data and make Samba aware of it? From the Samba documentation: Early releases of Samba-3 implemented new capability to work concurrently with multiple account backends. This capability was removed beginning with release of Samba 3.0.23. Commencing with Samba 3.0.23 it is possible to work with only one specified passwd backend. So it seems Samba can support one authentication back-end only and if I make it use remote LDAP I cannot add any extra users with their accounts stored locally. Is there any workaround/solution for my scenario? Thanks for any help, Arokux -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba: read-only remote LDAP + additional local users
Why do not have all users work within samba? What is the reason? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Arokux B. Gesendet: Montag, 23. Juli 2012 22:16 An: samba@lists.samba.org Betreff: [Samba] Samba: read-only remote LDAP + additional local users Hi all, my server has access to a read-only remote LDAP-server where information about 99% of user accounts is residing. On my server I want to configure Samba to use LDAP-sever for authentication. Now and then there will be some extra users that do not have an account on LDAP. How should I manage their authentication data and make Samba aware of it? From the Samba documentation: Early releases of Samba-3 implemented new capability to work concurrently with multiple account backends. This capability was removed beginning with release of Samba 3.0.23. Commencing with Samba 3.0.23 it is possible to work with only one specified passwd backend. So it seems Samba can support one authentication back-end only and if I make it use remote LDAP I cannot add any extra users with their accounts stored locally. Is there any workaround/solution for my scenario? Thanks for any help, Arokux -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0b903e1 s3:smbd: if a fsp has fsp-deferred_close, clients shouldn't be able to use it from e2cea8f s4-classicupgrade: Add unix attributes during upgrade http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0b903e1cf53439898ad1f088c6278f1ef1115328 Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 23 12:07:42 2012 +0200 s3:smbd: if a fsp has fsp-deferred_close, clients shouldn't be able to use it metze Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Mon Jul 23 16:22:03 CEST 2012 on sn-devel-104 --- Summary of changes: source3/smbd/files.c | 20 ++-- 1 files changed, 18 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/files.c b/source3/smbd/files.c index 390718f..0550b31 100644 --- a/source3/smbd/files.c +++ b/source3/smbd/files.c @@ -544,6 +544,9 @@ files_struct *file_fsp(struct smb_request *req, uint16 fid) } if (req-chain_fsp != NULL) { + if (req-chain_fsp-deferred_close) { + return NULL; + } return req-chain_fsp; } @@ -560,9 +563,15 @@ files_struct *file_fsp(struct smb_request *req, uint16 fid) } fsp = op-compat; - if (fsp != NULL) { - req-chain_fsp = fsp; + if (fsp == NULL) { + return NULL; } + + if (fsp-deferred_close) { + return NULL; + } + + req-chain_fsp = fsp; return fsp; } @@ -576,6 +585,9 @@ struct files_struct *file_fsp_smb2(struct smbd_smb2_request *smb2req, struct files_struct *fsp; if (smb2req-compat_chain_fsp != NULL) { + if (smb2req-compat_chain_fsp-deferred_close) { + return NULL; + } return smb2req-compat_chain_fsp; } @@ -613,6 +625,10 @@ struct files_struct *file_fsp_smb2(struct smbd_smb2_request *smb2req, return NULL; } + if (fsp-deferred_close) { + return NULL; + } + smb2req-compat_chain_fsp = fsp; return fsp; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3fe601a s3-winbind: Fix idmap initialization debug message. from 0b903e1 s3:smbd: if a fsp has fsp-deferred_close, clients shouldn't be able to use it http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3fe601afcffacc84981bd54ef2293f92688f5b0e Author: Guenther Deschner g...@samba.org Date: Mon Jul 23 14:34:11 2012 +0200 s3-winbind: Fix idmap initialization debug message. Signed-off-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Mon Jul 23 18:19:00 CEST 2012 on sn-devel-104 --- Summary of changes: source3/winbindd/idmap.c|2 +- source3/winbindd/nss_info.c |2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c index b236210..f6e48d3 100644 --- a/source3/winbindd/idmap.c +++ b/source3/winbindd/idmap.c @@ -129,7 +129,7 @@ NTSTATUS smb_register_idmap(int version, const char *name, for (entry = backends; entry != NULL; entry = entry-next) { if (strequal(entry-name, name)) { - DEBUG(0,(Idmap module %s already registered!\n, + DEBUG(5,(Idmap module %s already registered!\n, name)); return NT_STATUS_OBJECT_NAME_COLLISION; } diff --git a/source3/winbindd/nss_info.c b/source3/winbindd/nss_info.c index a3f95c6..d7306ed 100644 --- a/source3/winbindd/nss_info.c +++ b/source3/winbindd/nss_info.c @@ -66,7 +66,7 @@ static struct nss_function_entry *nss_get_backend(const char *name ) } if ( nss_get_backend(name) ) { - DEBUG(0,(smb_register_idmap_nss: idmap module %s + DEBUG(5,(smb_register_idmap_nss: idmap module %s already registered!\n, name)); return NT_STATUS_OBJECT_NAME_COLLISION; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4b64ec5 libcli/smb: set should_encrypt = true if we got SMB2_SESSION_FLAG_ENCRYPT_DATA via 6b93210 libcli/smb: encrypt SMB2 traffic if nedded/desired. via 6e651df libcli/smb: increment nbt_len, when we have the fully created the SMB2 PDU via f08adbb libcli/smb: maintain smb2.should_sign on smbXcli_req_state via 92811c6 libcli/smb: make use of SMB2_HDR_BODY as header size via be8e33e libcli/smb: parse the SMB2_TRANSFORM header and decrypt the SMB2 pdu via c2b0a48 libcli/smb: create 4 iovecs per request in smb2cli_inbuf_parse_compound() via 5863107 libcli/smb: prepare [en|de]cryption_key for SMB3 via d333edb libcli/smb: copy the application_key in smb2cli_session_create_channel() via 077eb57 libcli/smb: check the buffer length in smbXcli_negprot_dispatch_incoming() via 1c144b0 libcli/smb: only pass the smb2 buffer to smb2cli_inbuf_parse_compound() via fd736f7 libcli/smb: add smb2_signing_[en|e]crypt_pdu() via 7e09824 libcli/smb: construct the signing_key before forming the message via 5adf63f lib/crypto: add aes_ccm_128 via 4628e28 libcli/smb: add SMB2_SESSION_FLAG_ENCRYPT_DATA via d728567 libcli/smb: add SMB2_TRANSFORM macros via a41a1d1 s3:test_smb2: copy the session_channel from the primary channel. via 88f326a s3:smb2_tcon: reject access to shares mark as smb encrypt = required from 3fe601a s3-winbind: Fix idmap initialization debug message. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4b64ec546f0cb982866b1f66aa8f8844f25c91c9 Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 23 11:38:31 2012 +0200 libcli/smb: set should_encrypt = true if we got SMB2_SESSION_FLAG_ENCRYPT_DATA metze Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Mon Jul 23 20:14:07 CEST 2012 on sn-devel-104 commit 6b9321071c97f740689a36ecf48d9d66f4a19e8e Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 23 10:14:53 2012 +0200 libcli/smb: encrypt SMB2 traffic if nedded/desired. metze commit 6e651dfdc0af9805827ad2ea7fc29675ab6fe74b Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 23 10:07:19 2012 +0200 libcli/smb: increment nbt_len, when we have the fully created the SMB2 PDU metze commit f08adbb4d63f2cb50de29aff44e7539e76bb87cc Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 23 10:00:50 2012 +0200 libcli/smb: maintain smb2.should_sign on smbXcli_req_state metze commit 92811c6f5f3d3807ab70a8acfd25795c7c0556b1 Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 23 09:44:06 2012 +0200 libcli/smb: make use of SMB2_HDR_BODY as header size metze commit be8e33ec5416ebc57114dd2c1472ed0faffd05bb Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 23 09:16:05 2012 +0200 libcli/smb: parse the SMB2_TRANSFORM header and decrypt the SMB2 pdu metze commit c2b0a485136925ba8c9661d2b97b69dfeed5d5de Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 23 08:11:59 2012 +0200 libcli/smb: create 4 iovecs per request in smb2cli_inbuf_parse_compound() The first one might hold the SMB2_TRANSFORM Header later. metze commit 5863107cd3a37585272ee2186a0103f94932b063 Author: Stefan Metzmacher me...@samba.org Date: Fri Jul 20 09:30:05 2012 +0200 libcli/smb: prepare [en|de]cryption_key for SMB3 metze commit d333edbe14a35bc1b0c2a0518c2e412f56ffda70 Author: Stefan Metzmacher me...@samba.org Date: Fri Jul 20 09:22:17 2012 +0200 libcli/smb: copy the application_key in smb2cli_session_create_channel() metze commit 077eb578be1bc9865fc5b32816f8230737e76100 Author: Stefan Metzmacher me...@samba.org Date: Fri Jul 20 09:20:43 2012 +0200 libcli/smb: check the buffer length in smbXcli_negprot_dispatch_incoming() metze commit 1c144b07f658723a9ae28c61b2e66c33630b573a Author: Stefan Metzmacher me...@samba.org Date: Fri Jul 20 09:19:24 2012 +0200 libcli/smb: only pass the smb2 buffer to smb2cli_inbuf_parse_compound() We should hide the transport as much as possible. metze commit fd736f7f18294aa1589aacd495b2a48bbaf8715c Author: Stefan Metzmacher me...@samba.org Date: Fri Jul 20 09:16:08 2012 +0200 libcli/smb: add smb2_signing_[en|e]crypt_pdu() metze commit 7e0982421b1e8b6a73ef67cdb085ffc60cd3b59b Author: Stefan Metzmacher me...@samba.org Date: Thu Jul 19 11:16:16 2012 +0200 libcli/smb: construct the signing_key before forming the message metze commit 5adf63fe301e812f5776448f9560af9d6d842554 Author: Stefan Metzmacher me...@samba.org Date: Fri Jul 20 07:37:48 2012 +0200 lib/crypto: add aes_ccm_128 metze commit 4628e2878f844ea95fb678a07dcb017edd46cc1f Author:
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a256d61 s3-winbind: Fix bug #9052 resolving our own Domain Local groups. via 111c215 Fix problem found by Andrew Bartlett - correctly check encrypted flag. from 4b64ec5 libcli/smb: set should_encrypt = true if we got SMB2_SESSION_FLAG_ENCRYPT_DATA http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a256d61c505ab10710c7d7152bab4f018cfdcd74 Author: Andreas Schneider a...@samba.org Date: Fri Jul 20 17:12:09 2012 -0700 s3-winbind: Fix bug #9052 resolving our own Domain Local groups. We don't resolve our own Domain Local groups since bug #7843 has been fixed. So we need to add the add resource groups to the sid list too. Before bug #7843 the Domain Local groups were added with a lookupuseraliases call, but this isn't done anymore for our domain so we need to resolve resource groups here. When to use Resource Groups: http://technet.microsoft.com/en-us/library/cc753670%28v=WS.10%29.aspx Signed-off-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Mon Jul 23 22:12:30 CEST 2012 on sn-devel-104 commit 111c2159de6e417e7912dc8b26f6d3a2ce20de20 Author: Jeremy Allison j...@samba.org Date: Mon Jul 23 10:20:26 2012 -0700 Fix problem found by Andrew Bartlett - correctly check encrypted flag. --- Summary of changes: source3/include/proto.h |3 +-- source3/lib/util_sid.c |9 + source3/smbd/reply.c |8 ++-- source3/winbindd/winbindd_pam.c |2 +- source3/winbindd/winbindd_util.c | 12 +--- 5 files changed, 18 insertions(+), 16 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 585067e..3a2bf1b 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -549,8 +549,7 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, const struct netr_SamInfo3 *info3, struct dom_sid **user_sids, uint32_t *num_user_sids, - bool include_user_group_rid, - bool skip_ressource_groups); + bool include_user_group_rid); /* The following definitions come from lib/util_sock.c */ diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c index f080d3d..f051b7a 100644 --- a/source3/lib/util_sid.c +++ b/source3/lib/util_sid.c @@ -130,8 +130,7 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, const struct netr_SamInfo3 *info3, struct dom_sid **user_sids, uint32_t *num_user_sids, - bool include_user_group_rid, - bool skip_ressource_groups) + bool include_user_group_rid) { NTSTATUS status; struct dom_sid sid; @@ -191,12 +190,6 @@ NTSTATUS sid_array_from_info3(TALLOC_CTX *mem_ctx, */ for (i = 0; i info3-sidcount; i++) { - - if (skip_ressource_groups - (info3-sids[i].attributes SE_GROUP_RESOURCE)) { - continue; - } - status = add_sid_to_array(mem_ctx, info3-sids[i].sid, sid_array, num_sids); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 2022af7..97abc85 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -4944,8 +4944,12 @@ static void do_smb1_close(struct tevent_req *req) } else { reply_nterror(smbreq, status); } - if (!srv_send_smb(smbreq-sconn, smbreq-outbuf, true, - smbreq-seqnum+1, encrypt, NULL)) { + if (!srv_send_smb(smbreq-sconn, + smbreq-outbuf, + true, + smbreq-seqnum+1, + IS_CONN_ENCRYPTED(smbreq-conn)||smbreq-encrypted, + NULL)) { exit_server_cleanly(handle_aio_read_complete: srv_send_smb failed.); } diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 96956d0..a64cc56 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -308,7 +308,7 @@ static NTSTATUS check_info3_in_group(struct netr_SamInfo3 *info3, status = sid_array_from_info3(talloc_tos(), info3, token-sids, token-num_sids, - true, false); +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 43b070d libcli/smb: pass down smbXcli_session to smb1cli_req_create/send() and smb1cli_trans* via af90c71 s4:libcli/raw: setup a smbXcli_session for each smbcli_session via cdec0c4 s3:libsmb: use cli_state_{g,s}et_uid instead of smb1.uid directly via 6bff589 libcli/smb: introduce smb1.session for uid use from a256d61 s3-winbind: Fix bug #9052 resolving our own Domain Local groups. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 43b070d8dd20d7a2a1a0ec1eb5ebc679cd699bf3 Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 23 20:15:21 2012 +0200 libcli/smb: pass down smbXcli_session to smb1cli_req_create/send() and smb1cli_trans* metze Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Jul 24 00:08:58 CEST 2012 on sn-devel-104 commit af90c71ed8e66586aa23f7d0e18efc557c9a0c08 Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 23 19:47:05 2012 +0200 s4:libcli/raw: setup a smbXcli_session for each smbcli_session metze commit cdec0c46464c8b524fc64ff46f1af809af026086 Author: Luk Claes l...@debian.org Date: Sat Jun 2 12:45:40 2012 +0200 s3:libsmb: use cli_state_{g,s}et_uid instead of smb1.uid directly Signed-off-by: Luk Claes l...@debian.org Signed-off-by: Stefan Metzmacher me...@samba.org commit 6bff589e33afde6e0f7db9f99f14be5cb171f587 Author: Luk Claes l...@debian.org Date: Sat Jun 2 12:49:22 2012 +0200 libcli/smb: introduce smb1.session for uid use Signed-off-by: Luk Claes l...@debian.org Signed-off-by: Stefan Metzmacher me...@samba.org --- Summary of changes: libcli/smb/smb1cli_trans.c| 21 + libcli/smb/smbXcli_base.c | 34 +++--- libcli/smb/smbXcli_base.h | 13 + source3/include/client.h |2 +- source3/libsmb/async_smb.c|4 ++-- source3/libsmb/clientgen.c| 11 +++ source3/libsmb/clitrans.c |6 -- source4/libcli/raw/clisession.c | 14 +- source4/libcli/raw/clitransport.c | 13 - source4/libcli/raw/libcliraw.h|1 + source4/libcli/raw/rawrequest.c |2 ++ source4/libcli/raw/rawtrans.c | 20 ++-- 12 files changed, 101 insertions(+), 40 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/smb/smb1cli_trans.c b/libcli/smb/smb1cli_trans.c index fadac8e..ca0fdc1 100644 --- a/libcli/smb/smb1cli_trans.c +++ b/libcli/smb/smb1cli_trans.c @@ -40,7 +40,7 @@ struct smb1cli_trans_state { uint16_t mid; uint32_t pid; uint16_t tid; - uint16_t uid; + struct smbXcli_session *session; const char *pipe_name; uint8_t *pipe_name_conv; size_t pipe_name_conv_len; @@ -415,7 +415,8 @@ struct tevent_req *smb1cli_trans_send( uint8_t additional_flags, uint8_t clear_flags, uint16_t additional_flags2, uint16_t clear_flags2, uint32_t timeout_msec, - uint32_t pid, uint16_t tid, uint16_t uid, + uint32_t pid, uint16_t tid, + struct smbXcli_session *session, const char *pipe_name, uint16_t fid, uint16_t function, int flags, uint16_t *setup, uint8_t num_setup, uint8_t max_setup, uint8_t *param, uint32_t num_param, uint32_t max_param, @@ -470,7 +471,7 @@ struct tevent_req *smb1cli_trans_send( state-rsetup = NULL; state-pid = pid; state-tid = tid; - state-uid = uid; + state-session = session; ZERO_STRUCT(state-rparam); ZERO_STRUCT(state-rdata); @@ -513,7 +514,8 @@ struct tevent_req *smb1cli_trans_send( state-additional_flags2, state-clear_flags2, state-timeout_msec, - state-pid, state-tid, state-uid, + state-pid, state-tid, + state-session, wct, state-vwv, iov_count, state-iov); if (tevent_req_nomem(subreq, req)) { @@ -644,7 +646,8 @@ static void smb1cli_trans_done(struct tevent_req *subreq) state-additional_flags2, state-clear_flags2, state-timeout_msec, -state-pid, state-tid, state-uid, +state-pid, state-tid, +state-session, wct, state-vwv,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 69e98ff Remove unused variable. via 644d48d Fix compiler warning message. via b76d574 Fix incorrect use of server as a talloc context. via 61cec27 Fix unused variable. via e5a3218 Fix compiler warning. via 4c1762c Fix debug print warning message. via 00050a1 build: Add -Werror=address to the developer build from 43b070d libcli/smb: pass down smbXcli_session to smb1cli_req_create/send() and smb1cli_trans* http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 69e98ff86c4e90d2259b7a4ea93e45e2ec426bc3 Author: Jeremy Allison j...@samba.org Date: Mon Jul 23 13:35:49 2012 -0700 Remove unused variable. Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Tue Jul 24 02:01:00 CEST 2012 on sn-devel-104 commit 644d48d53946885cb3a6ec52fbc22ead6273f234 Author: Jeremy Allison j...@samba.org Date: Mon Jul 23 13:34:28 2012 -0700 Fix compiler warning message. commit b76d574b980461cbbf9130ef7945f262faa5d734 Author: Jeremy Allison j...@samba.org Date: Mon Jul 23 13:32:34 2012 -0700 Fix incorrect use of server as a talloc context. commit 61cec270c269c3a9025bf5303247ec6a1b416284 Author: Jeremy Allison j...@samba.org Date: Mon Jul 23 13:30:46 2012 -0700 Fix unused variable. commit e5a3218b0ee3a1ac55a1f44fa1c939b2d51002e2 Author: Jeremy Allison j...@samba.org Date: Mon Jul 23 13:30:25 2012 -0700 Fix compiler warning. commit 4c1762c3a87021002da35609f455e34516de2324 Author: Jeremy Allison j...@samba.org Date: Mon Jul 23 13:21:25 2012 -0700 Fix debug print warning message. commit 00050a12b07f5e148c57711a22bdf47ab6983931 Author: Andrew Bartlett abart...@samba.org Date: Mon Jul 23 19:25:11 2012 +1000 build: Add -Werror=address to the developer build Signed-off-by: Jeremy Allison j...@samba.org --- Summary of changes: buildtools/wafsamba/samba_autoconf.py |2 +- source3/printing/print_iprint.c |2 +- source3/rpc_server/rpc_server.c |1 - source3/rpcclient/cmd_fss.c |4 ++-- source3/smbd/close.c |1 - source3/smbd/reply.c |2 +- source4/ldap_server/ldap_backend.c|4 +++- 7 files changed, 8 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py index be5e926..3e4b06a 100644 --- a/buildtools/wafsamba/samba_autoconf.py +++ b/buildtools/wafsamba/samba_autoconf.py @@ -622,7 +622,7 @@ def SAMBA_CONFIG_H(conf, path=None): if Options.options.developer: # we add these here to ensure that -Wstrict-prototypes is not set during configure -conf.ADD_CFLAGS('-Wall -g -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-align -Wwrite-strings -Werror-implicit-function-declaration -Wformat=2 -Wno-format-y2k -Wmissing-prototypes -fno-common', +conf.ADD_CFLAGS('-Wall -g -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-align -Wwrite-strings -Werror-implicit-function-declaration -Wformat=2 -Wno-format-y2k -Wmissing-prototypes -fno-common -Werror=address', testflags=True) conf.ADD_CFLAGS('-Wcast-qual', testflags=True) conf.env.DEVELOPER_MODE = True diff --git a/source3/printing/print_iprint.c b/source3/printing/print_iprint.c index 7cb1999..ad61a0a 100644 --- a/source3/printing/print_iprint.c +++ b/source3/printing/print_iprint.c @@ -95,7 +95,7 @@ static const char *iprint_server(void) { const char *server = lp_iprint_server(talloc_tos()); - if ((lp_iprint_server(server) != NULL) (strlen(server) 0)) { + if ((server != NULL) (strlen(server) 0)) { DEBUG(10, (iprint server explicitly set to %s\n, server)); return server; diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c index 5e51f52..1a5fa57 100644 --- a/source3/rpc_server/rpc_server.c +++ b/source3/rpc_server/rpc_server.c @@ -64,7 +64,6 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx, int *perrno) { struct pipes_struct *p; - NTSTATUS status; int ret; ret = make_base_pipes_struct(mem_ctx, msg_ctx, pipe_name, diff --git a/source3/rpcclient/cmd_fss.c b/source3/rpcclient/cmd_fss.c index a9e4394..af194e2 100644 --- a/source3/rpcclient/cmd_fss.c +++ b/source3/rpcclient/cmd_fss.c @@ -314,7 +314,7 @@ static NTSTATUS cmd_fss_create_expose(struct rpc_pipe_client *cli, } printf(%s: prepare completed in %llu secs\n, GUID_string(tmp_ctx, r_scset_start.out.pShadowCopySetId), - (uint64_t)(time_mono(NULL) - start_time)); + (long long unsigned