[Samba] samba 3 - getting rid of some logfile errors
Hi, i have a lot of entries in my logs which i can't solve, but everything works as expected. my setup: samba pdc - bacula samba bdc - mule Ubuntu 10.04-LTS Server samba 3.4.7 log file entries: Aug 1 08:25:40 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:41 bacula smbd[23854]: [2012/08/01 08:25:41, 0] smbd/service.c:988(make_connection_snum) Aug 1 08:25:41 bacula smbd[23854]: canonicalize_connect_path failed for service alex, path /\\mule\alex Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:743(write_data) Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:25:44 bacula smbd[24003]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:25:44 bacula smbd[24003]: write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer Aug 1 08:25:44 bacula smbd[24003]: [2012/08/01 08:25:44, 0] smbd/process.c:62(srv_send_smb) Aug 1 08:25:44 bacula smbd[24003]: Error writing 4 bytes to client. -1. (Transport endpoint is not connected) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:539(read_fd_with_timeout) Aug 1 08:26:07 bacula smbd[24002]: [2012/08/01 08:26:07, 0] lib/util_sock.c:1498(get_peer_addr_internal) Aug 1 08:26:07 bacula smbd[24002]: getpeername failed. Error was Transport endpoint is not connected Aug 1 08:26:07 bacula smbd[24002]: read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer. any hints how to resolve this? thanks juergen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 'x' bit always set?
Il 30/07/2012 09:40, NdK ha scritto: Seems I can't find the root cause of $subj. When I store a file on my home, it gets chmodded ugo+x ... Any hints? And getting mad at this, too... Another strange thing is that, with this last command, it stopped resolving 100013 to PERSONALE\domain_users ... any possible reason? Even worse, today: # wbinfo -G 100013 S-1-5-21-2162351890-1506888927-3107636301-513 # wbinfo -s S-1-5-21-2162351890-1506888927-3107636301-513 PERSONALE\Domain_Users 2 # id diego.zuccato uid=108036(diego.zuccato) gid=100013 gruppi=100013,164120(tecniciastro),... Note that tecniciastro is in the same domain as the unresolved 100013. And 100013 remains unresolved only for 'id'. But nsswitch should be OK or tecniciastro would be unresolved too... ARGH! Please, help! Tks, Diego. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4: win7 adding a new user to OU does not inherit GPO
Hi I have an OU with a GPO. If I drag a new user to the OU, they do not inheit the GPO. What do I have to do to have them inherit? I've tried refresh in ADUC and group policy management and rebooting but nothing. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Access and group issues on domain member server (PDC is Samba as well)
Hi List, I created a domain member server in my samba domain. I start to realize that there are some issues when colleagues could not access some folders in the their shares. After searching for a solution I found that on that member server I have no samba groups available. First of all my setup: Domain controller: CentOS 6.2 x86_64, latest updates installed Samba 3.5.10 (from CentOS repo: samba-3.5.10-116.el6_2.x86_64) LDAP backend (OpenLDAP from CentOS repo: openldap-2.4.23-20.el6.x86_64) Domain member: exact same OS and versions as on domain controller also with LDAP backend I followed the instructions from http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html ( Procedure 7.1. Configuration of NSS_LDAP-Based Identity Resolution) for adding the member server. (BTW: If anyone on this list has access to this guide: Paragraph 8: the wbinfo --set-auth-user= has been replaced with net setauthuser) Both servers access the same LDAP directory for the linux accounts and for Samba incl. IDMAPs Everything in this guide worked as described. getent passwd and getent groups works successfully on both servers (shows all entries from LDAP) net rpc group list shows all groups correctly on the PDC net groupmap list shows all group mappings correctly on the PDC On the member server though: net rpc group list only gives me Administrators and Users net groupmap list only gives me: Administrators (S-1-5-32-544) - 16777216 Users (S-1-5-32-545) - 16777217 I also tried to run winbind on the domain member, domain member+PDC and whithout winbind at all (We only have this one domain, do I even need winbind then? As I understood it would only be needed if I have multiple domains running. Is this correct?) But these commands always show me the same output on the member server. Should this commands even produce more output on domain members? Or is it just for PDCs? smb.confs from both servers are added at the end. Thanks in advance! best regards, philipp PS: some additional info to our folder sharing system: All users only connect to their home-share. Inside this share we add symbolic links to the allowed group shares of the user. This group share folders are owned by root, group is one of the (allowed) Usergroups. Directory mask is 770, group-sticky bit is set. smb.conf from PDC: [root@srvad1 samba]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = ATV server string = SRVAD1 interfaces = 192.168.249.0/24, 127.0.0.1/8 passdb backend = ldapsam:ldap://192.168.249.7/ log file = /var/log/samba/%m.log max log size = 50 smb ports = 139 time server = Yes unix extensions = No socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = CUPS add user script = /usr/sbin/smbldap-useradd -m add group script = /usr/sbin/smbldap-groupadd -p %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon script = login.bat logon path = logon drive = U: logon home = \\SRVFILE1\%U domain logons = Yes os level = 65 preferred master = Auto domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=Manager,dc=at-visions,dc=com ldap delete dn = Yes ldap group suffix = ou=Groups,o=default ldap machine suffix = ou=Computers,ou=Samba,ou=System ldap passwd sync = yes ldap suffix = dc=at-visions,dc=com ldap ssl = no ldap user suffix = ou=Users,o=default idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 cups options = raw case sensitive = No veto files = /.*/ hide files = /.*/ locking = No wide links = Yes dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd [netlogon] path = /home/samba/netlogon share modes = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers write list = @adm, root guest ok = Yes smb.conf from domain member: [root@srvfile1 samba]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section [homes] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] unix charset = LOCALE workgroup = ATV server string = SRVFILE1 interfaces = 192.168.249.0/24, 127.0.0.1/8 security = DOMAIN log level = 4 ads:10 auth:10
[Samba] Samba/Windows you do not have permission to access this
I'm constantly running into the above error message when accessing files on a samba share under Win7. Files are fully accessible under Linux ie the group permissions are being honoured but Windows just locks me out if I'm not the owner. file: testfile owner: anotheruser group: mygroup user::rwx group::rwx other::--- default:user::rwx default:group::rwx default:other::--- Has anyone else experienced this? And if so can anyone suggest a fix? Thanks Craig This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender and delete the original. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access and group issues on domain member server (PDC is Samba as well)
Hi there, try : id youruser.ldap on the memberserver, ex.: [root@tuepdc ~]# id tester uid=1010(tester) gid=513(Domain Users) Gruppen=513(Domain Users),2154(orbis),34709(Dienstplan),61092(HS3),47140(DIFAEM),17162(agfa),29 998(OpenHearts),26630(Personal),27525(pflege),19307(agaterm),46212(TerminalS erver User) Should id not work there is something wrong. Maybe your ldapclient is not working properly. Good luck Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Philipp Felix Hoefler Gesendet: Mittwoch, 1. August 2012 11:52 An: samba@lists.samba.org Betreff: [Samba] Access and group issues on domain member server (PDC is Samba as well) Hi List, I created a domain member server in my samba domain. I start to realize that there are some issues when colleagues could not access some folders in the their shares. After searching for a solution I found that on that member server I have no samba groups available. First of all my setup: Domain controller: CentOS 6.2 x86_64, latest updates installed Samba 3.5.10 (from CentOS repo: samba-3.5.10-116.el6_2.x86_64) LDAP backend (OpenLDAP from CentOS repo: openldap-2.4.23-20.el6.x86_64) Domain member: exact same OS and versions as on domain controller also with LDAP backend I followed the instructions from http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html ( Procedure 7.1. Configuration of NSS_LDAP-Based Identity Resolution) for adding the member server. (BTW: If anyone on this list has access to this guide: Paragraph 8: the wbinfo --set-auth-user= has been replaced with net setauthuser) Both servers access the same LDAP directory for the linux accounts and for Samba incl. IDMAPs Everything in this guide worked as described. getent passwd and getent groups works successfully on both servers (shows all entries from LDAP) net rpc group list shows all groups correctly on the PDC net groupmap list shows all group mappings correctly on the PDC On the member server though: net rpc group list only gives me Administrators and Users net groupmap list only gives me: Administrators (S-1-5-32-544) - 16777216 Users (S-1-5-32-545) - 16777217 I also tried to run winbind on the domain member, domain member+PDC and whithout winbind at all (We only have this one domain, do I even need winbind then? As I understood it would only be needed if I have multiple domains running. Is this correct?) But these commands always show me the same output on the member server. Should this commands even produce more output on domain members? Or is it just for PDCs? smb.confs from both servers are added at the end. Thanks in advance! best regards, philipp PS: some additional info to our folder sharing system: All users only connect to their home-share. Inside this share we add symbolic links to the allowed group shares of the user. This group share folders are owned by root, group is one of the (allowed) Usergroups. Directory mask is 770, group-sticky bit is set. smb.conf from PDC: [root@srvad1 samba]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = ATV server string = SRVAD1 interfaces = 192.168.249.0/24, 127.0.0.1/8 passdb backend = ldapsam:ldap://192.168.249.7/ log file = /var/log/samba/%m.log max log size = 50 smb ports = 139 time server = Yes unix extensions = No socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = CUPS add user script = /usr/sbin/smbldap-useradd -m add group script = /usr/sbin/smbldap-groupadd -p %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon script = login.bat logon path = logon drive = U: logon home = \\SRVFILE1\%U domain logons = Yes os level = 65 preferred master = Auto domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=Manager,dc=at-visions,dc=com ldap delete dn = Yes ldap group suffix = ou=Groups,o=default ldap machine suffix = ou=Computers,ou=Samba,ou=System ldap passwd sync = yes ldap suffix = dc=at-visions,dc=com ldap ssl = no ldap user suffix = ou=Users,o=default idmap uid =
Re: [Samba] Samba/Windows you do not have permission to access this
Did you configure the share as writeable=yes? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Craig Cameron Gesendet: Mittwoch, 1. August 2012 13:07 An: samba@lists.samba.org Betreff: [Samba] Samba/Windows you do not have permission to access this I'm constantly running into the above error message when accessing files on a samba share under Win7. Files are fully accessible under Linux ie the group permissions are being honoured but Windows just locks me out if I'm not the owner. file: testfile owner: anotheruser group: mygroup user::rwx group::rwx other::--- default:user::rwx default:group::rwx default:other::--- Has anyone else experienced this? And if so can anyone suggest a fix? Thanks Craig This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender and delete the original. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access and group issues on domain member server (PDC is Samba as well)
Hi Daniel, thank you for you response. [root@srvfile1 home]# id phoefler uid=1663(phoefler) gid=1105(VISIONS) groups=1105(VISIONS),512(Domain Admins),513(Domain Users),1103(IT),1069(Marketing),1079(TimeSheetReports) This is working correctly. Also all other linux - LDAP stuff is working without any problems. Only Samba seems to be unhappy :( best regards, philipp On 8/1/12 1:22 PM, Daniel Müller wrote: try : id youruser.ldap on the memberserver, ex.: [root@tuepdc ~]# id tester uid=1010(tester) gid=513(Domain Users) Gruppen=513(Domain Users),2154(orbis),34709(Dienstplan),61092(HS3),47140(DIFAEM),17162(agfa),29 998(OpenHearts),26630(Personal),27525(pflege),19307(agaterm),46212(TerminalS erver User) Should id not work there is something wrong. Maybe your ldapclient is not working properly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access and group issues on domain member server (PDC is Samba as well)
Did you miss this in your members smb.conf: passdb backend = ldapsam:ldap://192.168.249.7/ So your ldapclient is working but Samba does not now where to auth? Your config on memberserver: Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] unix charset = LOCALE workgroup = ATV server string = SRVFILE1 interfaces = 192.168.249.0/24, 127.0.0.1/8 security = DOMAIN log level = 4 ads:10 auth:10 sam:10 syslog = 0 log file = /var/log/samba/%m.log max log size = 50 smb ports = 139 name resolve order = wins bcast hosts unix extensions = No socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 65 wins server = 192.168.249.1 ldap admin dn = cn=Manager,dc=at-visions,dc=com ldap group suffix = ou=Groups,o=default ldap idmap suffix = ou=Idmap,ou=Samba,ou=System ldap machine suffix = ou=Computers,ou=Samba,ou=System ldap suffix = dc=at-visions,dc=com ldap ssl = no ldap user suffix = ou=Users,o=default case sensitive = No veto files = /.*/ hide files = /.*/ locking = No wide links = Yes dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd A hint, to make your samba a full featured wins-server( even in replication with w2008) there is samba4wins: http://ftp.sernet.de/pub/samba4WINS/ --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Philipp Felix Hoefler [mailto:p...@at-visions.com] Gesendet: Mittwoch, 1. August 2012 13:30 An: muel...@tropenklinik.de Cc: samba@lists.samba.org Betreff: Re: AW: [Samba] Access and group issues on domain member server (PDC is Samba as well) Hi Daniel, thank you for you response. [root@srvfile1 home]# id phoefler uid=1663(phoefler) gid=1105(VISIONS) groups=1105(VISIONS),512(Domain Admins),513(Domain Users),1103(IT),1069(Marketing),1079(TimeSheetReports) This is working correctly. Also all other linux - LDAP stuff is working without any problems. Only Samba seems to be unhappy :( best regards, philipp On 8/1/12 1:22 PM, Daniel Müller wrote: try : id youruser.ldap on the memberserver, ex.: [root@tuepdc ~]# id tester uid=1010(tester) gid=513(Domain Users) Gruppen=513(Domain Users),2154(orbis),34709(Dienstplan),61092(HS3),47140(DIFAEM),17162(ag fa),29 998(OpenHearts),26630(Personal),27525(pflege),19307(agaterm),46212(Ter minalS erver User) Should id not work there is something wrong. Maybe your ldapclient is not working properly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 'x' bit always set?
On 08/01/2012 03:59 AM, NdK wrote: Il 30/07/2012 09:40, NdK ha scritto: Seems I can't find the root cause of $subj. When I store a file on my home, it gets chmodded ugo+x ... Any hints? See the documentation for map archive.[0] Essentially, the DOS/Windows archive bit is mapped to the POSIX user execute bit. This makes it possible for DOS/Windows backup software to be able to use the archive bit. It might behoove Samba to implement DOS/Windows file attributes in user extended attributes, or in a database file, as opposed to (ab)using the owner execute bit for this purpose. However, it has been this way for a long time, and I would expect that inertia will overcome the desire for change here. I could be (and hopefully am) wrong. Personally, I would not mind seeing Samba use extended attributes for storing file attributes that do not logically map onto POSIX. --- Mike [0] http://is.gd/dQSeGw [www.samba.org] -- Michael B. Trausch President, Naunet Corporation Web: https://www.naunetcorp.com/ Phone: +1-(470)-201-5738 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 'x' bit always set?
On 01/08/12 14:54, Michael B. Trausch wrote: On 08/01/2012 03:59 AM, NdK wrote: Il 30/07/2012 09:40, NdK ha scritto: Seems I can't find the root cause of $subj. When I store a file on my home, it gets chmodded ugo+x ... Any hints? See the documentation for map archive.[0] Essentially, the DOS/Windows archive bit is mapped to the POSIX user execute bit. This makes it possible for DOS/Windows backup software to be able to use the archive bit. It might behoove Samba to implement DOS/Windows file attributes in user extended attributes, or in a database file, as opposed to (ab)using the owner execute bit for this purpose. However, it has been this way for a long time, and I would expect that inertia will overcome the desire for change here. I could be (and hopefully am) wrong. You are wrong, mount your file system with extended attributes enabled and then add the following to your smb.conf # store DOS attributes in extended attributes ea support = yes store dos attributes = yes map readonly = no map archive = no map system = no JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 'x' bit always set?
On 08/01/2012 10:07 AM, Jonathan Buzzard wrote:
On 01/08/12 14:54, Michael B. Trausch wrote:
It might behoove Samba to implement DOS/Windows file attributes in user
extended attributes, or in a database file, as opposed to (ab)using the
owner execute bit for this purpose. However, it has been this way for a
long time, and I would expect that inertia will overcome the desire for
change here. I could be (and hopefully am) wrong.
You are wrong, mount your file system with extended attributes enabled
and then add the following to your smb.conf
# store DOS attributes in extended attributes
ea support = yes
store dos attributes = yes
map readonly = no
map archive = no
map system = no
Rarely am I happy to be wrong. :-)
I assume that (somewhat counter-intuitively) setting map
{readonly,archive,system} = no means not to use the classic mapping,
and store doss attributes = yes replaces all of those in a form which
can be used in EAs?
Thanks!
--- Mike
--
Michael B. Trausch
President, Naunet Corporation
Web: https://www.naunetcorp.com/
Phone: +1-(470)-201-5738
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 'x' bit always set?
Hallo, Jonathan, Du meintest am 01.08.12: Seems I can't find the root cause of $subj. When I store a file on my home, it gets chmodded ugo+x ... [...] mount your file system with extended attributes enabled and then add the following to your smb.conf # store DOS attributes in extended attributes ea support = yes store dos attributes = yes map readonly = no map archive = no map system = no Just for curiosity (3 years ago Guenter Kukkuk answered to a similar question in this mailing list): what about an additional map hidden = no Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access and group issues on domain member server (PDC is Samba as well)
I think there are two components- 1st I think the domain member does need to run winbind to retrieve windows users and groups from the DC. 2nd, the domain member needs to have idmap configured correctly to make sure that the windows users are properly mapped to the local unix users, so that the unix/windows mappings are the same as on the DC.. (the fact that the local unix users are actually ldap accounts is not known to the samba sevrer.) In theory the idmap_nss backend should help keep idmap entries consistent across Samba servers with a common LDAP backend. The idmap_nss man page shows some examples.If you use idmap_nss on both DC and server it should be consistent. The other option is to use ldap for the idmap backend. See man idmap_ldap.Your PDC should create idmap entries. I found I had to then edit the entries to correct the uid or gid values to match the ldap user values. I then tried configuring the member servers to use the same ldap idmap backend, but read-only.It didn't really work and this was before the idmap_nss option was available.In the end I found it easier to convert some of my member servers to BDC's. On 08/01/12 05:51, Philipp Felix Hoefler wrote: Hi List, I created a domain member server in my samba domain. I start to realize that there are some issues when colleagues could not access some folders in the their shares. After searching for a solution I found that on that member server I have no samba groups available. First of all my setup: Domain controller: CentOS 6.2 x86_64, latest updates installed Samba 3.5.10 (from CentOS repo: samba-3.5.10-116.el6_2.x86_64) LDAP backend (OpenLDAP from CentOS repo: openldap-2.4.23-20.el6.x86_64) Domain member: exact same OS and versions as on domain controller also with LDAP backend I followed the instructions from http://www.samba.org/samba/docs/man/Samba-Guide/unixclients.html ( Procedure 7.1. Configuration of NSS_LDAP-Based Identity Resolution) for adding the member server. (BTW: If anyone on this list has access to this guide: Paragraph 8: the wbinfo --set-auth-user= has been replaced with net setauthuser) Both servers access the same LDAP directory for the linux accounts and for Samba incl. IDMAPs Everything in this guide worked as described. getent passwd and getent groups works successfully on both servers (shows all entries from LDAP) net rpc group list shows all groups correctly on the PDC net groupmap list shows all group mappings correctly on the PDC On the member server though: net rpc group list only gives me Administrators and Users net groupmap list only gives me: Administrators (S-1-5-32-544) - 16777216 Users (S-1-5-32-545) - 16777217 I also tried to run winbind on the domain member, domain member+PDC and whithout winbind at all (We only have this one domain, do I even need winbind then? As I understood it would only be needed if I have multiple domains running. Is this correct?) But these commands always show me the same output on the member server. Should this commands even produce more output on domain members? Or is it just for PDCs? smb.confs from both servers are added at the end. Thanks in advance! best regards, philipp PS: some additional info to our folder sharing system: All users only connect to their home-share. Inside this share we add symbolic links to the allowed group shares of the user. This group share folders are owned by root, group is one of the (allowed) Usergroups. Directory mask is 770, group-sticky bit is set. smb.conf from PDC: [root@srvad1 samba]# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section [netlogon] WARNING: The share modes option is deprecated Processing section [printers] Processing section [print$] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = ATV server string = SRVAD1 interfaces = 192.168.249.0/24, 127.0.0.1/8 passdb backend = ldapsam:ldap://192.168.249.7/ log file = /var/log/samba/%m.log max log size = 50 smb ports = 139 time server = Yes unix extensions = No socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = CUPS add user script = /usr/sbin/smbldap-useradd -m add group script = /usr/sbin/smbldap-groupadd -p %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u logon script = login.bat logon path = logon drive = U: logon home = \\SRVFILE1\%U domain logons = Yes os level = 65 preferred master = Auto domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=Manager,dc=at-visions,dc=com ldap delete dn
Re: [Samba] Access and group issues on domain member server (PDC is Samba as well)
Hi Daniel! Oh my god, how embarrassing ;-) This was it! Resolved all problems. Vielen Dank! Liebe Grüsse nach Tübingen, philipp On 8/1/12 1:42 PM, Daniel Müller wrote: Did you miss this in your members smb.conf: passdb backend = ldapsam:ldap://192.168.249.7/ So your ldapclient is working but Samba does not now where to auth? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 'x' bit always set?
Il 01/08/2012 16:07, Jonathan Buzzard ha scritto: You are wrong, mount your file system with extended attributes enabled I already do that :) and then add the following to your smb.conf # store DOS attributes in extended attributes ea support = yes Ops... missed this... store dos attributes = yes That one is already there map readonly = no map archive = no map system = no And I removed these during the tests... Tomorrow I'll try. But I can't understand why it changes the x bit even when copying from/to a Linux machine... Doesn't that break a lot of Linux clients? Tks a lot! Now I should only discover what's breaking gid-to-name resolution and I'll be set to offer 5TB+ of space to our students :) BYtE, Diego. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Subject: samba 3.6.6: unstable network behaviour on win7 clients + segfault in smbstatus
Dear list, I'm experiencing some severe problems on three independent standalone samba file servers: 1. Strange behaviour on Windows 7 Clients - sometimes users can't delete files or folders - Samba would delete the files (they're gone off the filesystem) but still show them in the explorer with a zero filesize, throwing a 'permission denied' message if one would try to delete them a second time - a workaround for this seems to be to MOVE the files to the desktop instead and then delete them locally?! - when some heavy program (i.e. AutoCAD) attempts to save a document it starts a series of file operations (create temp, rename, rename, delete) it often wouldn't succeed the first but the second or third time you press the 'Save' button (error 'can't save .dwg file. save as .tmp!') 2. 'smbstatus' on the server quits with a segmentation fault when trying to list the locked files. it wouldn't do that if there are no or just a few files open. But as soon as there is enough traffic it does so very reliable: $tail /var/log/messages ... Aug 1 08:52:36 data kernel: [47608.306972] smbstatus[5331]: segfault at 7f808615a2c0 ip 7f807f2244cf sp 7fff5c4697b8 error 4 in *libc-2.13.so*[7f807f10d000+17d000] - it sounds like a network problem (like some kind of timeout maybe) but its reproducable on three different servers in three different offices on three different hardware setups, some pure gigabit networks, some mixed (but all same software). the biggest office has the most problems though. - it seems that smbstatus' segfault and the weird network behaviour depend on each other - I haven't seen any of the errors alone - I tested the memory and the CPU without error and any other application on the servers behaves normally - the system run succesfully for over six months, before the error started to appear - deleting the SAMBA cache didn't seem to change anything - it doesn't depend on a recent switch of kernel versions - same behaviour on 3.1.0-1 to 3.2.0-3 I tried to raise the loglevel (= 5) to watch one of those fileoperations fail, but its a lot of output that seems mostly normal to me. there're some 'file not found' messages though: [2012/07/31 18:33:25.609210, 5] smbd/open.c:1690(open_file_ntcreate) open_file_ntcreate: FILE_OPEN requested for file Temp/27_test.dwk and file doesn't exist. I'm not sure if its related but if I see the address of smbstatus' segfault and then read the strace output of one of those smbd processes it fails to query, I see a lot of failed readv system calls that point to a very nearby address: readv(10, 0x7fb6d80ca960, 1)= -1 EAGAIN (Resource temporarily unavailable) This error (if it is one) appears very often in the strace output, sometimes every 15 to 20 lines (which adds to a lot!) I couldn't really find out if its the same block though as I don't know how to determine which process occupies a given memory address (searching through the/proc/ID/maps output seemed rather cumbersome - I'm sure there is a better way..) I really doubt its a bug in 'libc', but maybe there is a wrong pointer reference in whereever this system call is triggered? At least to me those mistakes slip easy of the pen and the error code seems reasonable. The samba server depends on an awful lot of libraries and I'm definitely not skilled enough to debug it by myself. Its quite hard to track down and I didn't want to open up a bugreport without asking for help first. Especially as I think IF it was a bug the internet should be full of posts about it already.. Many thanks in advance. If you need more information please let me know. Paul -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages samba depends on: ii adduser3.113+nmu3 ii debconf [debconf-2.0] 1.5.44 ii dpkg 1.16.4.3 ii libacl12.2.51-8 ii libattr1 1:2.4.46-8 ii libc6 2.13-33 ii libcap21:2.22-1 ii libcomerr2 1.42.4-3 ii libcups2 1.5.3-1 ii libgssapi-krb5-2 1.10.1+dfsg-1 ii libk5crypto3 1.10.1+dfsg-1 ii libkrb5-3 1.10.1+dfsg-1 ii libldap-2.4-2 2.4.31-1 ii libpam-modules 1.1.3-7.1 ii libpam-runtime 1.1.3-7.1 ii libpam0g 1.1.3-7.1 ii libpopt0 1.16-7 ii libtalloc2 2.0.7+git20120207-1 ii libtdb11.2.10-2 ii libwbclient0 2:3.6.6-2 ii lsb-base 4.1+Debian7 ii procps 1:3.3.3-2 ii samba-common 2:3.6.6-2 ii update-inetd 4.43 ii zlib1g 1:1.2.7.dfsg-13 Versions of packages samba recommends: ii logrotate 3.8.1-4 ii tdb-tools 1.2.10-2
Re: [Samba] Samba/Windows you do not have permission to access this
Yes it's down as writeable = yes in smb.conf If I change the file's ownership to myself it works - or if I then restart winbind and samba it then becomes accessible too. There's only an issue if the file owner is different from the person accessing it. Regards Craig -Original Message- From: Daniel Müller [mailto:muel...@tropenklinik.de] Sent: 01 August 2012 12:24 To: Craig Cameron; samba@lists.samba.org Subject: AW: [Samba] Samba/Windows you do not have permission to access this Did you configure the share as writeable=yes? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Craig Cameron Gesendet: Mittwoch, 1. August 2012 13:07 An: samba@lists.samba.org Betreff: [Samba] Samba/Windows you do not have permission to access this I'm constantly running into the above error message when accessing files on a samba share under Win7. Files are fully accessible under Linux ie the group permissions are being honoured but Windows just locks me out if I'm not the owner. file: testfile owner: anotheruser group: mygroup user::rwx group::rwx other::--- default:user::rwx default:group::rwx default:other::--- Has anyone else experienced this? And if so can anyone suggest a fix? Thanks Craig This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender and delete the original. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify the sender and delete the original. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Packet Size 'Tuning'
Hi all, I'm hoping someone has gone through the pain I'm going through in trying to 'tune' the packet size Samba uses such that we don't get packet overflow errors. I'm getting these error when I perform: # tcpdump -i ppp0 -n -n 12:08:48.376944 IP (tos 0x0, ttl 63, id 170, offset 0, flags [DF], proto TCP (6), length 1405) 10.30.7.2.445 205.150.122.19.55639: Flags [.], cksum 0x4e9f (correct), seq 2733191:2734544, ack 13597, win 147, options [nop,nop,TS val 414105512 ecr 23936171], length 1353SMB-over-TCP packet:(raw data or continuation?) 12:08:48.376962 IP (tos 0x0, ttl 63, id 171, offset 0, flags [DF], proto TCP (6), length 1405) 10.30.7.2.445 205.150.122.19.55639: Flags [.], cksum 0x2be8 (correct), seq 2734544:2735897, ack 13597, win 147, options [nop,nop,TS val 414105512 ecr 23936171], length 1353SMB-over-TCP packet:(raw data or continuation?) 12:08:48.376981 IP (tos 0x0, ttl 63, id 172, offset 0, flags [DF], proto TCP (6), length 1405) 10.30.7.2.445 205.150.122.19.55639: Flags [.], cksum 0xba2f (correct), seq 2735897:2737250, ack 13597, win 147, options [nop,nop,TS val 414105512 ecr 23936171], length 1353SMB-over-TCP packet:(raw data or continuation?) 12:08:48.376999 IP (tos 0x0, ttl 63, id 173, offset 0, flags [DF], proto TCP (6), length 1405) 10.30.7.2.445 205.150.122.19.55639: Flags [.], cksum 0x0485 (correct), seq 2737250:2738603, ack 13597, win 147, options [nop,nop,TS val 414105512 ecr 23936171], length 1353SMB-over-TCP packet:(raw data or continuation?) my smb.conf is pretty plain: [global] workgroup = IPM server string = Condo Fileserver netbios name = Condo interfaces = lo eth0 10.30.6.0/24 10.30.7.0/24 10.30.251.0/24 205.150.122.0/24 hosts allow = 127. 10.30.6. 10.30.7. 205.150.122. 10.30.251. socket options = SO_RCVBUF=13504 SO_SNDBUF=13504 nt acl support = yes inherit acls = yes map acl inherit = yes aio read size = 13472 aio write size = 13472 # log files split per-machine: log file = /var/log/samba/%m.log # maximum size of 50KB per log file, then rotate: max log size = 50 security = user passdb backend = tdbsam domain master = yes local master = yes os level = 66 preferred master = yes wins support = yes dns proxy = yes load printers = yes cups options = raw [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [Quickbooks] comment = Everyone's QuickBooks path = /Shares/public/Quickbooks public = yes writable = yes printable = no read only = No guest ok = Yes force create mode = 0755 force directory mode = 0777 [shared] comment = Shared Stuff path = /Shares/public public = yes writable = yes printable = no read only = No force create mode = 0777 force directory mode = 0777 guest ok = Yes ##end smb.conf ### If I am correct, I'm transmitting a packet length of 1405 (kb?) but it's receiving a packet of 1353 (kb?) My question is two-fold: - How do you read a tcpdump of Samba activity? - How to you tune the packet size that Samba uses? Cheers, Andrew Mark | Development Analyst | www.aimsystems.ca local: 519-837-1072 | fax: 519-837-4063 | int'l 800-465-2961 12-350 Speedvale Ave. W. | Guelph, ON | N1H 7M7 | Canada -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba: read-only remote LDAP + additional local users
Do you bind directly against the LDAP server as a samba passdb, or do you join the domain? I bind directly against LDAP. It would be more normal to join the domain, and then you can have local unix users and local Samba users in your local passdb, while connecting to the main company domain as a domain member. Ok, thanks for the hint, I will try this. Another quick question: Could you please provide an option to be able to specify different attribute name instead of uid? User names in the LDAP I'm connecting to are saved in cn... pam_ldap2 allowed me to change the name of this attribute with map passwd uid cn. Thanks Arokux -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba: read-only remote LDAP + additional local users
Another quick question: Could you please provide an option to be able to specify different attribute name instead of uid? User names in the LDAP I'm connecting to are saved in cn... pam_ldap2 allowed me to change the name of this attribute with map passwd uid cn. If you agree to add this, I'll submit a patch. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] windows-clients only recognize softlimit
Hi all, I'm running a samba-server (version 3.6.6 from the backports) on a Debian Squeeze System (kernel-version 2.6.32-5-686). The Debian-Server is configured as a member of an Active-Directory (Server 2003). A samba-share is configured to be the home-drive for the domain-users, I've set up some quotas for this partition. The problem is that the Windows-Clients only recognize the quota-softlimit and consider the drive as full when the softlimit is reached. This behavior is the same with Windows-XP as with Windows-7 clients. Here's what I already tried: Login at a Windows-Client and reach the softlimit of the share, when limit is reached Windows denies to write because partition seems to be full. SSH-Login as domain-user at the samba-server, exceed the softlimit until hardlimit takes effect - okay. As root at linux-system mount a home-share with the appropriate user-credentials a cifs/sbm-share, exceed the softlimit until hardlimit takes effect - okay. Enforce the smb-protocol 2 with min protocol = smb2, max protocol = smb2 - Has no effect to the quota-behavior. Set the parameter strict allocate = yes (I read about this parameter according to a similar problem) - no effect too. So linux seems to handle the quotas right, but windows doesn't. Here's the complete smb.conf: [global] workgroup = INTERN realm = INTERN.MPIER.DE netbios name = SAMBA-TEST security = ADS idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind use default domain = yes interfaces = 192.168.1.24 bind interfaces only = yes store dos attributes = yes map archive = no map read only = no max protocol = SMB2 min protocol = NT1 strict allocate = yes [software] comment = Testfreigabe path = /srv/software read only = no admin users = +domänen-admins [home] comment = Home-Laufwerke path = /home/%U read only = no create mask = 0600 directory mask = 0700 root preexec = /etc/samba/scripts/mkhomedir.sh %U And here's the config for the user-quota: Datenträgerquotas für user neumann (uid 1): Dateisystem Blöcke weich hart Inodes weichhart /dev/mapper/vg_sda3-lv_home407524841943045242880 10910 00 /dev/mapper/vg_sda3-lv_srv 16276 0 0 2 00 I appreciate all your help and suggestions. Kind regards, Jonathan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[ANNOUNCE] Samba 4.0 beta5
We are proud to a announce another beta release of Samba 4.0, beta5 (the required ldb 1.1.9 release will follow shortly). What's new in Samba 4.0 beta5 = Samba 4.0 will be the next version of the Samba suite and incorporates all the technology found in both the Samba4 alpha series and the stable 3.x series. The primary additional features over Samba 3.6 are support for the Active Directory logon protocols used by Windows 2000 and above. WARNINGS Samba 4.0 beta5 is not a final Samba release, however we are now making good progress towards a Samba 4.0 release, of which this is a preview. Be aware the this release contains the best of all of Samba's technology parts, both a file server (that you can reasonably expect to upgrade existing Samba 3.x releases to) and the AD domain controller work previously known as 'samba4'. Samba 4.0 is subjected to an awesome battery of tests on an automated basis, we have found Samba 4.0 to be very stable in it's behavior. However, we still recommend against upgrading production servers from Samba 3.x release to Samba 4.0 beta at this stage. In particular note that the new default configuration 's3fs' may have different stability characteristics compared with our previous default file server. We are making this release so that we can find and fix any of these issues that arise in the real world. New AD DC installations can provision or join with --use-ntvfs to obtain the previous default file server. See below how to continue using ntvfs in an existing installation. If you are upgrading, or looking to develop, test or deploy Samba 4.0 beta releases, you should backup all configuration and data. UPGRADING = Users upgrading from Samba 3.x domain controllers and wanting to use Samba 4.0 as an AD DC should use the 'samba-tool domain classicupgrade' command. See the wiki for more details: https://wiki.samba.org/index.php/Samba4/samba3upgrade/HOWTO Users upgrading from Samba 4.0 alpha and beta releases since alpha15 should run 'samba-tool dbcheck --cross-ncs --fix'. Users upgrading from earlier alpha releases should contact the team for advice. NEW FEATURES Samba 4.0 beta supports the server-side of the Active Directory logon environment used by Windows 2000 and later, so we can do full domain join and domain logon operations with these clients. Our Domain Controller (DC) implementation includes our own built-in LDAP server and Kerberos Key Distribution Center (KDC) as well as the Samba3-like logon services provided over CIFS. We correctly generate the infamous Kerberos PAC, and include it with the Kerberos tickets we issue. Samba 4.0 beta ships with two distinct file servers. We now use the file server from the Samba 3.x series 'smbd' for all file serving by default. For pure file server work, the binaries users would expect from that series (nmbd, winbindd, smbpasswd) continue to be available. Samba 4.0 also ships with the 'NTVFS' file server. This file server is what was used in all previous alpha releases of Samba 4.0, and is tuned to match the requirements of an AD domain controller. We continue to support this, not only to provide continuity to installations that have deployed it as part of an AD DC, but also as a running example of the NT-FSA architecture we expect to move smbd to in the longer term. As mentioned above, this change to the default file server may cause instability, as we learn about the real-world interactions between these two key components. As DNS is an integral part of Active Directory, we also provide a DNS solution, using the BIND DLZ mechanism in versions 9.8 and 9.9. During the provision, a configuration file will be generated for bind to make it use this plugin. We also have a project to provide a minimal internal DNS server from within the Samba process, for easier 'out of the box' configuration. Note however that this is not yet complete (pending addition of secure DNS update support). To provide accurate timestamps to Windows clients, we integrate with the NTP project to provide secured NTP replies. Finally, a new scripting interface has been added to Samba 4, allowing Python programs to interface to Samba's internals, and many tools and internal workings of the DC code is now implemented in python. CHANGES SINCE beta4 = For a list of changes since beta4, please see the git log. $ git clone git://git.samba.org/samba.git $ cd samba.git $ git log samba-4.0.0beta4..samba-4.0.0beta5 Some major user-visible changes include: - The issue with beta4 being unable to build with a released version of ldb has been resolved. - The two parameter tables for our two smb.conf parsing engines have been merged. This removes the ugly (but harmless) unknown parameter xxx warnings, particularly from the smbd child process. - Major issues have been fixed in conflict and missing/deleted parent handling in or DRS replication engine.
[SCM] Samba Shared Repository - annotated tag samba-4.0.0beta5 created
The annotated tag, samba-4.0.0beta5 has been created at e20618e6ff98277475ad914d96f163885c09bfc4 (tag) tagging 50d6483ab8acd9a2af7558b6831c170a5bce3721 (commit) replaces samba-4.0.0beta4 tagged by Andrew Bartlett on Wed Aug 1 19:40:41 2012 +1000 - Log - samba4: tag release samba-4.0.0beta5 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIVAwUAUBj5mWjGT3QfUnJfAQLQzQ/8DIJtrxfcIISnoc8iTyYtVbtUHUJUPR0n a8tjSn575Ea654CjAKPxM6eUOMDSCe1q0dBq7O/yrlKeTp5C5hujs9kIw/LA/1tg SMezdHQNCBeZJVb/WGdLFq722X20JMQoOL4iMVZrhgtf/1j3upqECL4jXCvTXgjZ SJB9FL/emA59MzSZmFXCNdCPfPKNnKMQfw6dm7j375H3lL3HwxkbK6HejEYI6FhN wv32fjB/V6ycSLMAlF8BzPx8sIBIKe3DKaPacGQ8VR6oZJud0zux1JUnIXS3nELi sdcWhGr+ES9dxxsgt52jvRbb67QB1EXrhUVuG+lTL147b+DXurZqr0CCS3/gsD6H AFzKPkoESaJA54ClZedtTAKtBr03b3ltI9yokrJqv2VAOwneSKdc/c0Yh6BL081e MQV0kj7oEc6GXgAFiNvVLAceNVu387Vx9jTx+5C06H2IhCvi1an0yCl/qzLYVKsJ rGGd/01NPcNKh8kPiDcCPaCDmCqw2iQ+JGM7akHIUFdy/FXXUcCX1NGXV35ofPOf 74f0xCxjZHWzvISkpaDBrrqXECzH1HIhCLlanXp9u4eAYQwRpfw72GekSCCpfzRV eAdrXVBe5E4F8of9pbUAm05nYFBkMiTWdfzbYUAacQyXjsBUcs69pjg2/lPB8VvT KqjBoYWJuAw= =FmB6 -END PGP SIGNATURE- Alexander Werth (1): s3:Really ignore unknown special ids in NFSv4 ACLs. Andreas Schneider (8): s4-torture: Add DCERPC_SCHANNEL_AES tests. s4-torture: Improve samlogon test. s4-librpc: Add capabilities check for AES encrypted connections. s4-auth: Make sure we use the correct credential state. s3-rpc_client: Add capabilities check for AES encrypted connections. s3-rpc_client: Fix updating netlogon credentials. Enable AES in winbind. s3-winbind: Fix bug #9052 resolving our own Domain Local groups. Andrew Bartlett (92): VERSION: Move on to beta5! s4-dsdb: Ensure we never write read-only objects onto a read-write replica s4-dsdb: Allow dbcheck to correct an incorrect instanceType dsdb: Allocate new OID to allow updates of a read-only replica s4-dbcheck: Check for and correct incorrect instanceType values s4-librpc: Ensure we do not call call the decrpc timeout handler during gensec_update() s4-lib/tls: Try socket_send() multiple times to send partial packets s4-torture: Also print GID values in whoami test s4-torture: Allow unix.whoami to test against a member server s4-torture: Move check of map-to-guest above SID list check Revert s3:auth make sure the primary group sid is usable selftest: Run unix.whomai against the machine acccount as well auth/credentials: Remove extra newline s3-rpc_server: Remove make_server_info_info3() call from make_server_pipes_struct() s3-auth Use correct RID for domain guests primary group lib/param: bring lp_time_server() into common lib/param: Add my copyright s4-param: Remove unused idmap trusted only s3-param: Make lp_name_resolve_order() return a list lib/param: bring lp_smb_ports() into common by making it a list everywhere s3-param: Remove special case for lp_ctdbd_socket(), set CTDB_PATH as default build: Add -Werror=address to the developer build param: Make the 'unicode' parameter common param: Make internal handler for 'server role' common s3-param: Merge a number of s4 parameters from lib/param to make this table common s3-param: fix indent on cups encrypt s3-param: Merge parameter varaibles with lib/param lib/param: Remove ntptr providor and hard-code in s4 spoolss server lib/param: Remove 'case insensitive filesystem' lib/param: Rename param_enums.c to param_table.c lib/param: Move all enum declarations to lib/param lib/param: Make lp_usershare_max_shares() a common parameter lib/param: Merge handling of security/domain master/domain logons/server role lib/param: Add handler overrides lib/param: Re-arrange TLS parameters into their own section lib/param: Rearrange AD DC options to make a merge with the source3 table easier lib/param: Merge DNS parameters with source3 param lib/param: Merge Winbind parameters from source3 into lib/param lib/param: Merge VFS and MSDFS parameters from source3 into lib/param waf: Update to newer upstream snapshot. lib/param: Merge Miscellaneous Options section from source3/param lib/param: Merge EventLog Options section from source3/param lib/param: Merge Ldap Options section from source3/param lib/param: Merge Locking Options section from source3/param lib/param: Merge WINS Options section from source3/param lib/param: Merge Browse Options section from source3/param lib/param: Merge Logon Options section from source3/param lib/param: Merge Domain Options section from source3/param lib/param: Merge Filename Handling section from source3/param s3-build: Make recursive waf build a developer
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b93e6ef s3:smbd: add a optional_support helper variable to reply_tcon_and_X() via 3fb6549 s3:smbd: make use of TCONX_FLAG_DISCONNECT_TID define via 3682eb8 s3:libsmb: add a optional_support helper variable via 137d65b s3:libsmb: add a tcon_flags helper variable via d3aaa1e libcli/smb: move some TCON related defines to smb_constants.h via 8e1c6d4 s3:rpc_client: rename pipe_auth_data-user_session_key to transport_session_key via 0ec50e8 s3:libsmb: remove unused cli_state-user_session_key via 0068a9f s3:utils/net_rpc*: make use of cli_get_session_key() via 616206a s3:libnet_join: make use of cli_get_session_key() in libnet_join_joindomain_rpc() via 8b42f52 s3:rpc_client: make use of smbXcli_session_application_key() via 00cde56 s4:libcli/raw: remove unused smbcli_session-user_session_key via 7977d90 s4:librpc/dcerpc_smb2: sync smb2_session_key() with smb_session_key() via 286e249 s4:librpc/dcerpc_smb: make use of smbXcli_session_application_key() via 2f4f214 libcli/smb: remove unused smb2cli_session_application_key() via 803fb40 s4:librpc/dcerpc_smb2: make use of smbXcli_session_application_key() via 5f25567 libcli/smb: add smbXcli_session_application_key() via ac1452c s4:libcli/smb_composite: make use of smb1cli_session_set_session_key() via 1a9a910 s4:libcli/smb_composite: always use set_user_session_key() helper via c9eac1a s3:libsmb: make use of smb1cli_session_set_session_key() via 7af537e libcli/smb: allow resetting of the smb1 application_key via 68c1eec libcli/smb: let smb1cli_session_set_id() reset the application_key via c3cb672 libcli/smb: add smb1cli_session_set_session_key() via 9b9ef92 s3:ctdbd_conn: use unitX_t types consistently throughout the module from d4bce35 Add two flags to allow for handling of Extended Signatures (Session Key Protection) on a TCON_AND_X request and response. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b93e6ef5e70bd90a06ae80b209a10456ca461a62 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 1 12:01:07 2012 +0200 s3:smbd: add a optional_support helper variable to reply_tcon_and_X() metze Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Aug 1 18:25:26 CEST 2012 on sn-devel-104 commit 3fb6549db0b12565413a89ef0662e7e8af3b389a Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 1 11:48:30 2012 +0200 s3:smbd: make use of TCONX_FLAG_DISCONNECT_TID define metze commit 3682eb80ab071ced87bb64def776a2a8722cb2b1 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 1 11:46:22 2012 +0200 s3:libsmb: add a optional_support helper variable metze commit 137d65b39790fec10f908e25633b80d22e54e0b6 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 1 11:45:36 2012 +0200 s3:libsmb: add a tcon_flags helper variable metze commit d3aaa1ebc822d3384f1821302585921d44028649 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 1 11:33:27 2012 +0200 libcli/smb: move some TCON related defines to smb_constants.h metze commit 8e1c6d42327faae5df6e384cf9573bf4dc925038 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 1 11:00:02 2012 +0200 s3:rpc_client: rename pipe_auth_data-user_session_key to transport_session_key metze commit 0ec50e8a2feddb1389f7143c35f7f2c3444cf6b9 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 1 10:50:30 2012 +0200 s3:libsmb: remove unused cli_state-user_session_key metze commit 0068a9fd930331e6f2ee49aa79489c333ae4e722 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 1 10:48:53 2012 +0200 s3:utils/net_rpc*: make use of cli_get_session_key() metze commit 616206a806761bb19bd7b6025d6068a867510bf5 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 1 10:30:06 2012 +0200 s3:libnet_join: make use of cli_get_session_key() in libnet_join_joindomain_rpc() metze commit 8b42f526f47bc8075b5a6f81b2293787ccb066bc Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 1 10:18:22 2012 +0200 s3:rpc_client: make use of smbXcli_session_application_key() metze commit 00cde56bfdf09cf71d2435f02280b44c2bb35183 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 1 09:41:53 2012 +0200 s4:libcli/raw: remove unused smbcli_session-user_session_key metze commit 7977d90f1e88d0c23b4a14ffd15bf8c077c9d701 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 1 09:10:09 2012 +0200 s4:librpc/dcerpc_smb2: sync smb2_session_key() with smb_session_key() metze commit 286e249737a40a575a9f13d8af4ef5e4e273c873 Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 1 09:09:34 2012
[SCM] Samba Shared Repository - annotated tag ldb-1.1.9 created
The annotated tag, ldb-1.1.9 has been created at 51af311500e58096f406c89dd4b9b366295506e4 (tag) tagging b93e6ef5e70bd90a06ae80b209a10456ca461a62 (commit) replaces samba-4.0.0beta5 tagged by Andrew Tridgell on Thu Aug 2 11:08:43 2012 +1000 - Log - ldb: tag release ldb-1.1.9 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUAUBnTG0eTkWETCEAlAQLdOgf/WZ/IUt+TZcdrj7uIq66OwKQ3hHaWGb71 c8WzsGGeemNS2BOpO3pvBTlf/wf09LLPvamnl9yIYQ6feQKixcPS7B/M2qW1nj/8 oaT3PAJH+4gZ9S93oLLYoHBm+ru/mlWqZnjZKVzYYhBPiiE6nFek1gxvgnneLstX +72dGAVzbqe4T/kczDMXNILTPUw+eyDXXMMK6tbjzwLUc9i/D+EcPdljsjwAl/0T T1zGJptjcwdKh8VCM6xOF50IGoRp2WbDk7O7y24xS3ZC7KT4CuPPcDv0BfbXc/k5 Zmb6eAt8RhUmrenIdXAg8gaQ0IFyvvZY1AFYp1FiTZifDGV+ZoDbZg== =yz6v -END PGP SIGNATURE- Andrew Bartlett (1): VERSION: Move on to beta6! Michael Adam (1): s3:ctdbd_conn: use unitX_t types consistently throughout the module Richard Sharpe (2): Make it possible to build under Solaris make as well as FreeBSD and Linux. Also add comments on changes that might be needed Add two flags to allow for handling of Extended Signatures (Session Key Protection) on a TCON_AND_X request and response. Stefan Metzmacher (22): libcli/smb: add smb1cli_session_set_session_key() libcli/smb: let smb1cli_session_set_id() reset the application_key libcli/smb: allow resetting of the smb1 application_key s3:libsmb: make use of smb1cli_session_set_session_key() s4:libcli/smb_composite: always use set_user_session_key() helper s4:libcli/smb_composite: make use of smb1cli_session_set_session_key() libcli/smb: add smbXcli_session_application_key() s4:librpc/dcerpc_smb2: make use of smbXcli_session_application_key() libcli/smb: remove unused smb2cli_session_application_key() s4:librpc/dcerpc_smb: make use of smbXcli_session_application_key() s4:librpc/dcerpc_smb2: sync smb2_session_key() with smb_session_key() s4:libcli/raw: remove unused smbcli_session-user_session_key s3:rpc_client: make use of smbXcli_session_application_key() s3:libnet_join: make use of cli_get_session_key() in libnet_join_joindomain_rpc() s3:utils/net_rpc*: make use of cli_get_session_key() s3:libsmb: remove unused cli_state-user_session_key s3:rpc_client: rename pipe_auth_data-user_session_key to transport_session_key libcli/smb: move some TCON related defines to smb_constants.h s3:libsmb: add a tcon_flags helper variable s3:libsmb: add a optional_support helper variable s3:smbd: make use of TCONX_FLAG_DISCONNECT_TID define s3:smbd: add a optional_support helper variable to reply_tcon_and_X() --- -- Samba Shared Repository
