Re: [Samba] High load while printing a Word document

[Alexander Busam]

Alexander Busam schrieb:

Hello!

Sometimes I have problems printing a particular Word document on a 
Windows XP machine. The printing takes very long and the server 
load/CPU are very high.


For testing I set the log level = 3 printdrivers:10 and got an 
STATUS_BUFFER_OVERFLOW error (see logfile-extract below)


On the client side I use MS Office 2003 SP3 and Windows XP SP3. With 
Windows 7 all works fine.

The postscript-driver of Lexmark X464 is configured as point-and-click.
Samba 3.6.7 is configured as PDC on OpenSuSE 10.3.

I've attached the log.smbd and smb.conf as zip-file.
The word document is too big (272 kb). If it is needed for testing I 
can send directly. Probably the eps-part of the picture in the header 
of the word-document is the problem.


Is it possible to config/fix samba to avoid this problem ?

Thanks a lot.

Alex

extract of log.smbd:

[2012/08/27 11:07:16.205463,  3] rpc_server/srv_pipe.c:1626(api_rpcTNP)
 api_rpcTNP: rpc command: SPOOLSS_ADDJOB
[2012/08/27 11:07:16.205706,  3] smbd/error.c:81(error_packet_set)
 error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW
[2012/08/27 11:07:16.208747,  3] smbd/process.c:1662(process_smb)
 Transaction 149 of length 63 (0 toread)
[2012/08/27 11:07:16.208959,  3] smbd/process.c:1467(switch_message)
 switch message SMBreadX (pid 30185) conn 0x80936638

... no idea ?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba3 and Office 2010

[Андрей Гребенников]

Hi there people! I'd like someone to help me with samba shares and 
Office 2010. Whe a user opens a file from a share, msword or excel tells 
him that the file was got from internet and if you like to edit it you 
should push the button allow. How could I solve the issue from samba 
side?


--
Andrey Grebennikov
Saratov, Russia

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] join domain from different subnet (VPN)

[real-men-dont-click]

Hello everybody,

we have a problem joining a domain from a remote location.

The remote location is connected via VPN. Everything is working as exspected 
but joining the samba domain from the remote location does not work.

- Server Samba Version is 3.5.10
- Windows Client is XP SP3
- Joining the domain locally works without problems
- ping does work in both directions
- WINS is running on the local PDC and resolves across VPN (I tested with a 
Linux client using nbmlookup)
- the WINS server is configured on the client
- NetBIOS over TCP/IP is enabled on the client
- Windows on the client firewall is OFF
- even adding entries to the client's lmhosts file didn't solve the problem


Any suggestions?


thx

Carsten
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba - Can you please check the below questions and advise us accordingly?

[David Disseldorp]

[removing from development mailing-list]

Hi Maria,

On Wed, 29 Aug 2012 11:34:04 +0300
Maria Karamanli mkarama...@cognity.gr wrote:

 i navigated to
 http://ftp.samba.org/pub/samba/Binary_Packages/AIX/ (AIX is our server
 operating system) but there is not any installation file. How can i
 download this installation file?

https://ftp.samba.org/pub/samba/Binary_Packages/AIX/README lists
pware.hvcc.edu as a Samba AIX package provider.

http://pware.hvcc.edu/ftpdownloads.html

Cheers, David
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] join domain from different subnet (VPN)

[Gaiseric Vandal]

Did you try a packet capture on the samba server? 

Try adding a entry for the XP machine in the server's /etc/hosts file. 

I am guessing there is some sort of weird name resolution issue going on
with the server.I don't think there is any reason the server should
need to resolve the name of the client machine but I have had weird
issues with VPN connections before. 

This is a site-to-site VPN?  

On 08/30/12 05:34, real-men-dont-cl...@gmx.net wrote:
 Hello everybody,

 we have a problem joining a domain from a remote location.

 The remote location is connected via VPN. Everything is working as exspected 
 but joining the samba domain from the remote location does not work.

 - Server Samba Version is 3.5.10
 - Windows Client is XP SP3
 - Joining the domain locally works without problems
 - ping does work in both directions
 - WINS is running on the local PDC and resolves across VPN (I tested with a 
 Linux client using nbmlookup)
 - the WINS server is configured on the client
 - NetBIOS over TCP/IP is enabled on the client
 - Windows on the client firewall is OFF
 - even adding entries to the client's lmhosts file didn't solve the problem


 Any suggestions?


 thx

 Carsten


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] join domain from different subnet (VPN)

[real-men-dont-click]

Hi,

I already tried that, no success.

The VPN connects two subnets via OpenVPN with dedicated routers on each side.


thx

Carsten



-Original message-
To: samba@lists.samba.org; 
From:   Gaiseric Vandal gaiseric.van...@gmail.com
Sent:   Thu 30-08-2012 14:58
Subject:Re: [Samba] join domain from different subnet (VPN)
 Did you try a packet capture on the samba server? 
 
 Try adding a entry for the XP machine in the server's /etc/hosts file. 
 
 I am guessing there is some sort of weird name resolution issue going on
 with the server.I don't think there is any reason the server should
 need to resolve the name of the client machine but I have had weird
 issues with VPN connections before. 
 
 This is a site-to-site VPN?  
 
 On 08/30/12 05:34, real-men-dont-cl...@gmx.net wrote:
  Hello everybody,
 
  we have a problem joining a domain from a remote location.
 
  The remote location is connected via VPN. Everything is working as 
  exspected 
 but joining the samba domain from the remote location does not work.
 
  - Server Samba Version is 3.5.10
  - Windows Client is XP SP3
  - Joining the domain locally works without problems
  - ping does work in both directions
  - WINS is running on the local PDC and resolves across VPN (I tested with a 
 Linux client using nbmlookup)
  - the WINS server is configured on the client
  - NetBIOS over TCP/IP is enabled on the client
  - Windows on the client firewall is OFF
  - even adding entries to the client's lmhosts file didn't solve the problem
 
 
  Any suggestions?
 
 
  thx
 
  Carsten
 
 
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] replication error?

[Steve Thompson]

On Wed, 29 Aug 2012, Steve Thompson wrote:


On Wed, 29 Aug 2012, Steve Thompson wrote:
More information. If I have two DC's, dc1 and dc2, and I point ldap_uri and 
krb5_server in sssd.conf directly at dc1, it always works. If I point either 
of those parameters at dc2, it always fails.


Well, this was a red herring. Wait long enough (overnight) and it turns 
out that dc1 stops working as well (dc2 never works). This stuff is 
unusable.


Steve
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] join domain from different subnet (VPN)

[Angel Bosch]

we had lot of problems with Wins and remote sites. 

be sure Wins traffic is passing. 

abosch 


- Original Message -
From: real-men-dont-cl...@gmx.net 
To: samba@lists.samba.org, gaiseric vandal gaiseric.van...@gmail.com 
Sent: Thursday, August 30, 2012 3:21:06 PM 
Subject: Re: [Samba] join domain from different subnet (VPN) 

Hi, 

I already tried that, no success. 

The VPN connects two subnets via OpenVPN with dedicated routers on each side. 


thx 

Carsten 



-Original message- 
To: samba@lists.samba.org; 
From: Gaiseric Vandal gaiseric.van...@gmail.com 
Sent: Thu 30-08-2012 14:58 
Subject: Re: [Samba] join domain from different subnet (VPN) 
 Did you try a packet capture on the samba server? 
 
 Try adding a entry for the XP machine in the server's /etc/hosts file. 
 
 I am guessing there is some sort of weird name resolution issue going on 
 with the server. I don't think there is any reason the server should 
 need to resolve the name of the client machine but I have had weird 
 issues with VPN connections before. 
 
 This is a site-to-site VPN? 
 
 On 08/30/12 05:34, real-men-dont-cl...@gmx.net wrote: 
  Hello everybody, 
  
  we have a problem joining a domain from a remote location. 
  
  The remote location is connected via VPN. Everything is working as 
  exspected 
 but joining the samba domain from the remote location does not work. 
  
  - Server Samba Version is 3.5.10 
  - Windows Client is XP SP3 
  - Joining the domain locally works without problems 
  - ping does work in both directions 
  - WINS is running on the local PDC and resolves across VPN (I tested with a 
 Linux client using nbmlookup) 
  - the WINS server is configured on the client 
  - NetBIOS over TCP/IP is enabled on the client 
  - Windows on the client firewall is OFF 
  - even adding entries to the client's lmhosts file didn't solve the problem 
  
  
  Any suggestions? 
  
  
  thx 
  
  Carsten 
 
 
 -- 
 To unsubscribe from this list go to the following URL and read the 
 instructions: https://lists.samba.org/mailman/options/samba 
 
-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba4 kpasswd: refuses to change

[Thomas Mueller]

hi 

after kpasswd paniced samba4 (debian wheezy packages, beta2) i've 
compiled the latest from git (Version 4.0.0beta8-GIT-5131359). It does 
not panic anymore but tells me the following:

# kpasswd
Password for user@TEST.DOMAIN: 
Enter new password: 
Enter it again: 
Password change rejected: Password must be at least 7 characters long, 
and cannot match any of your 24 previous passwords


The new password hasn't been used before on this account. Complexety 
criteria are met too (otherwise it correctly fails and tells that they 
are not met).

Is kpasswd supposed to work with samba4?

- Thomas

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Centos 6.3 smbldap-tools installation issue

[Alberto Moreno]

On Mon, Aug 27, 2012 at 8:31 AM, Alex Domoradov alex@gmail.com wrote:
 Hi.

 I got a fresh installation of centos 6.3 x64, I want to setup a PDC
 with samba+ldap and see what I need to upgrade my centos 5.x servers.
 I follow my manual, but I got issues went I want to install
 smbldap-tools, check:

 Processing Dependency: perl(Unicode::MapUTF8) for package:
 smbldap-tools-0.9.5-2.el6.rf.noarch
 -- Finished Dependency Resolution
 Error: Package: smbldap-tools-0.9.5-2.el6.rf.noarch (rpmforge)
Requires: perl(Unicode::MapUTF8)
  You could try using --skip-broken to work around the problem
  You could try running: rpm -Va --nofiles --nodigest

  I'm using rpmforge repo.

 Does someone here knows how to fix this issue?
 0.9.5 it's too old. Try to use from EPEL

 # yum info smbldap-tools
 Available Packages
 Name: smbldap-tools
 Arch: noarch
 Version : 0.9.6
 Release : 3.el6
 Size: 309 k
 Repo: epel
 Summary : User and group administration tools for Samba/OpenLDAP
 URL : http://gna.org/projects/smbldap-tools/
 License : GPLv2+
 Description : In conjunction with OpenLDAP and Samba-LDAP servers,
 this collection is useful
 : to add, modify and delete users and groups, and to
 change Unix and Samba
 : passwords. In those contexts they replace the system
 tools to manage users,
 : groups and passwords.

 And you can also directly install from off site

 # yum install perl-Crypt-SmbHash perl-Digest-SHA perl-LDAP
 # rpm -ivh 
 http://download.gna.org/smbldap-tools/packages/el6/smbldap-tools-0.9.8-1.el6.noarch.rpm


Thanks Alex, looks that one was installed good, thanks again!!!

-- 
LIving the dream...
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 kpasswd: refuses to change

[Thomas Mueller]

Am Thu, 30 Aug 2012 13:45:50 + schrieb Thomas Mueller:


 # kpasswd Password for user@TEST.DOMAIN:
 Enter new password:
 Enter it again:
 Password change rejected: Password must be at least 7 characters long,
 and cannot match any of your 24 previous passwords

OK, it's not a kpasswd problem. Changing the password from windows (ctrl -
alt -del - change password) brings up the same message.

- Thomas

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Can't join Samba as DC to existing Win2k3 Domain

[Liam]

I downloaded and built Samba 4, and I'm at the step where I'm trying to add it 
to the domain and I'm getting a replication error when it's trying to do it's 
initial replication.

bin/samba-tool domain join domain.coop DC -Uusername --realm=domain.coop


Finding a writeable DC for domain 'domain.coop'
Found DC DC.domain.coop
Password for [DOMAIN\username]:
workgroup is DOMAIN
realm is domain.coop
checking sAMAccountName
Adding CN=SambaServer,OU=Domain Controllers,DC=domain,DC=coop
Adding 
CN=SambaServer,CN=Servers,CN=SV,CN=Sites,CN=Configuration,DC=domain,DC=coop
Adding CN=NTDS 
Settings,CN=SambaServer,CN=Servers,CN=SV,CN=Sites,CN=Configuration,DC=domain,DC=
coop
Adding SPNs to CN=SambaServer,OU=Domain Controllers,DC=domain,DC=coop
Setting account password for SambaServer$
Enabling account
Calling bare provision
No IPv6 address will be assigned
Provision OK for domain DN DC=domain,DC=coop
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=coop] objects[402] 
linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=coop] objects[804] 
linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=coop] objects[1206] 
linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=coop] objects[1376] 
linked_values[0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=domain,DC=coop] objects[402] linked_values[0]
Partition[CN=Configuration,DC=domain,DC=coop] objects[804] linked_values[0]
Partition[CN=Configuration,DC=domain,DC=coop] objects[1206] linked_values[0]
Partition[CN=Configuration,DC=domain,DC=coop] objects[1608] linked_values[55]
Partition[CN=Configuration,DC=domain,DC=coop] objects[1650] linked_values[10]
Replicating critical objects from the base DN of the domain
Partition[DC=domain,DC=coop] objects[96] linked_values[20]
Partition[DC=domain,DC=coop] objects[434] linked_values[64]
Partition[DC=domain,DC=coop] objects[698] linked_values[37]
Partition[DC=domain,DC=coop] objects[945] linked_values[20]
Partition[DC=domain,DC=coop] objects[1130] linked_values[45]
Refusing to replicate DC=TAPI3Directory\0ADEL:421d2b48-4a80-45e1-a921-
b1700eb4daca,DC=domain,DC=coop from a read-only repilca into a read-write 
replica!
Failed to convert object DC=TAPI3Directory\0ADEL:421d2b48-4a80-45e1-a921-
b1700eb4daca,DC=domain,DC=coop: WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA
Failed to convert objects: WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA
Join failed - cleaning up
checking sAMAccountName
Deleted CN=SambaServer,OU=Domain Controllers,DC=domain,DC=coop
Deleted CN=NTDS 
Settings,CN=SambaServer,CN=Servers,CN=SV,CN=Sites,CN=Configuration,DC=domain,DC=
coop
Deleted 
CN=SambaServer,CN=Servers,CN=SV,CN=Sites,CN=Configuration,DC=domain,DC=coop
ERROR(type 'exceptions.TypeError'): uncaught exception - Failed to process 
chunk: NT code 0xc0002111
  File bin/python/samba/netcmd/__init__.py, line 160, in _run
return self.run(*args, **kwargs)
  File bin/python/samba/netcmd/domain.py, line 256, in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File bin/python/samba/join.py, line 1079, in join_DC
ctx.do_join()
  File bin/python/samba/join.py, line 984, in do_join
ctx.join_replicate()
  File bin/python/samba/join.py, line 736, in join_replicate
replica_flags=ctx.domain_replica_flags)
  File bin/python/samba/drs_utils.py, line 252, in replicate
schema=schema, req_level=req_level, req=req)


When I first got this I ran tapicfg on a windows DC and saw a TAPI3Directory 
partition. I deleted it and it didn't seem to help. I've also run ldp.exe, and 
tried to find it that way. As well as running repadmin /removelingeringobjects 
thinking it might just not have been fully deleted.

Is this just having to wait for the tombstone lifetime of the deleted object to 
pass, or is there something I can do to fix this and get the replication 
working 
for the Samba 4 server I'm trying to setup.

Thanks!
Liam
liam(dot)k(at)weaverstreetmarket(dot)coop

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 kpasswd: refuses to change

[Thomas Mueller]

Am Thu, 30 Aug 2012 14:07:00 + schrieb Thomas Mueller:

 Am Thu, 30 Aug 2012 13:45:50 + schrieb Thomas Mueller:
 
 
 # kpasswd Password for user@TEST.DOMAIN:
 Enter new password:
 Enter it again:
 Password change rejected: Password must be at least 7 characters long,
 and cannot match any of your 24 previous passwords
 
 OK, it's not a kpasswd problem. Changing the password from windows (ctrl
 -
 alt -del - change password) brings up the same message.
 
 - Thomas

and finally found the root cause:

the default password policy is set to a minimal password age of 1 day

- Thomas

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] join domain from different subnet (VPN)

[real-men-dont-click]

Hi abosch,

I checked with nblookup.exe from the cleint side. WINS resolution works without 
any problems. The DC as well as the client and the domain are resolved via WINS.

;-(


thx


Carsten




-Original message-
To: real-men-dont-cl...@gmx.net; 
CC: samba@lists.samba.org; gaiseric vandal gaiseric.van...@gmail.com; 
From:   Angel Bosch abo...@cilma.net
Sent:   Thu 30-08-2012 15:27
Subject:Re: [Samba] join domain from different subnet (VPN)
 we had lot of problems with Wins and remote sites.
 
 be sure Wins traffic is passing.
 
 abosch
 
 
 
 From: real-men-dont-cl...@gmx.net
 To: samba@lists.samba.org, gaiseric vandal gaiseric.van...@gmail.com
 Sent: Thursday, August 30, 2012 3:21:06 PM
 Subject: Re: [Samba] join domain from different subnet (VPN)
 
 Hi,
 
 I already tried that, no success.
 
 The VPN connects two subnets via OpenVPN with dedicated routers on each side.
 
 
 thx
 
 Carsten
 
 
 
 -Original message-
 To:samba@lists.samba.org; 
 From:Gaiseric Vandal gaiseric.van...@gmail.com
 Sent:Thu 30-08-2012 14:58
 Subject:Re: [Samba] join domain from different subnet (VPN)
  Did you try a packet capture on the samba server? 
  
  Try adding a entry for the XP machine in the server's /etc/hosts file. 
  
  I am guessing there is some sort of weird name resolution issue going on
  with the server.    I don't think there is any reason the server should
  need to resolve the name of the client machine but I have had weird
  issues with VPN connections before. 
  
  This is a site-to-site VPN?  
  
  On 08/30/12 05:34, real-men-dont-cl...@gmx.net wrote:
   Hello everybody,
  
   we have a problem joining a domain from a remote location.
  
   The remote location is connected via VPN. Everything is working as 
 exspected 
  but joining the samba domain from the remote location does not work.
  
   - Server Samba Version is 3.5.10
   - Windows Client is XP SP3
   - Joining the domain locally works without problems
   - ping does work in both directions
   - WINS is running on the local PDC and resolves across VPN (I tested with 
   a 
  Linux client using nbmlookup)
   - the WINS server is configured on the client
   - NetBIOS over TCP/IP is enabled on the client
   - Windows on the client firewall is OFF
   - even adding entries to the client's lmhosts file didn't solve the 
   problem
  
  
   Any suggestions?
  
  
   thx
  
   Carsten
  
  
  -- 
  To unsubscribe from this list go to the following URL and read the
  instructions:  https://lists.samba.org/mailman/options/samba
 
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] join domain from different subnet (VPN)

[real-men-dont-click]

Hi,

I already tried that, no success.

The VPN connects two subnets via OpenVPN with dedicated routers on each side.


thx

Carsten



-Original message-
To: samba@lists.samba.org; 
From:   Gaiseric Vandal gaiseric.van...@gmail.com
Sent:   Thu 30-08-2012 14:58
Subject:Re: [Samba] join domain from different subnet (VPN)
 Did you try a packet capture on the samba server? 
 
 Try adding a entry for the XP machine in the server's /etc/hosts file. 
 
 I am guessing there is some sort of weird name resolution issue going on
 with the server.I don't think there is any reason the server should
 need to resolve the name of the client machine but I have had weird
 issues with VPN connections before. 
 
 This is a site-to-site VPN?  
 
 On 08/30/12 05:34, real-men-dont-cl...@gmx.net wrote:
  Hello everybody,
 
  we have a problem joining a domain from a remote location.
 
  The remote location is connected via VPN. Everything is working as 
  exspected 
 but joining the samba domain from the remote location does not work.
 
  - Server Samba Version is 3.5.10
  - Windows Client is XP SP3
  - Joining the domain locally works without problems
  - ping does work in both directions
  - WINS is running on the local PDC and resolves across VPN (I tested with a 
 Linux client using nbmlookup)
  - the WINS server is configured on the client
  - NetBIOS over TCP/IP is enabled on the client
  - Windows on the client firewall is OFF
  - even adding entries to the client's lmhosts file didn't solve the problem
 
 
  Any suggestions?
 
 
  thx
 
  Carsten
 
 
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] join domain from different subnet (VPN)

[Gaiseric Vandal]

Do the routers block any ports or netbios traffic?

Did you restrict the samba ports in smb.conf  -  samba I think  listens
by default on 137, 138, 139  + 445 .   445 is for SMB-over-ip, which
isn't actually used by samba 3.x/   XP machines will try to connect to
445 then redirect to 137-139 for classic smb-over-NBT.
Restricting the ports may cause more issues then it solves. 

I can't think of anything else that would cause issues with a routed
environment. 





On 08/30/12 11:09, real-men-dont-cl...@gmx.net wrote:
 Hi,

 I already tried that, no success.

 The VPN connects two subnets via OpenVPN with dedicated routers on each side.


 thx

 Carsten



 -Original message-
 To:   samba@lists.samba.org; 
 From: Gaiseric Vandal gaiseric.van...@gmail.com
 Sent: Thu 30-08-2012 14:58
 Subject:  Re: [Samba] join domain from different subnet (VPN)
 Did you try a packet capture on the samba server? 

 Try adding a entry for the XP machine in the server's /etc/hosts file. 

 I am guessing there is some sort of weird name resolution issue going on
 with the server.I don't think there is any reason the server should
 need to resolve the name of the client machine but I have had weird
 issues with VPN connections before. 

 This is a site-to-site VPN?  

 On 08/30/12 05:34, real-men-dont-cl...@gmx.net wrote:
 Hello everybody,

 we have a problem joining a domain from a remote location.

 The remote location is connected via VPN. Everything is working as 
 exspected 
 but joining the samba domain from the remote location does not work.
 - Server Samba Version is 3.5.10
 - Windows Client is XP SP3
 - Joining the domain locally works without problems
 - ping does work in both directions
 - WINS is running on the local PDC and resolves across VPN (I tested with a 
 Linux client using nbmlookup)
 - the WINS server is configured on the client
 - NetBIOS over TCP/IP is enabled on the client
 - Windows on the client firewall is OFF
 - even adding entries to the client's lmhosts file didn't solve the problem


 Any suggestions?


 thx

 Carsten

 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba PDC: Admin tools?

[Gaiseric Vandal]

I use apache directory studio for LDAP management.  It is not samba
specific but  it is easy enough to use existing user, group or machine
objects as templates for new ones.  It runs on Windows and Linux (and
maybe on Mac.)



On 08/25/12 16:39, John Drescher wrote:
 On Sat, Aug 25, 2012 at 4:34 PM, Alberto Moreno ports...@gmail.com wrote:
  Guys.

  I have use smbldap-tools to handle my accounts for my PDC with 
 samba+openldap.

  Now, I ask here because a lot of people have PDC running on their
 networks, what tools do u use to manage your openldap db for samba:
 users, machines, groups?

  Working with Centos 6.x.

  Any input will be appreciated, thanks!!!

 I use ldap account manager to manage my users / machines / group accounts.

 John


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba PDC: Admin tools?

[steve]

On 30/08/12 18:57, Gaiseric Vandal wrote:

I use apache directory studio for LDAP management.  It is not samba
specific but  it is easy enough to use existing user, group or machine
objects as templates for new ones.  It runs on Windows and Linux (and
maybe on Mac.)



On 08/25/12 16:39, John Drescher wrote:

On Sat, Aug 25, 2012 at 4:34 PM, Alberto Moreno ports...@gmail.com wrote:

  Guys.

  I have use smbldap-tools to handle my accounts for my PDC with samba+openldap.

  Now, I ask here because a lot of people have PDC running on their
networks, what tools do u use to manage your openldap db for samba:
users, machines, groups?

  Working with Centos 6.x.

  Any input will be appreciated, thanks!!!


I use ldap account manager to manage my users / machines / group accounts.

John




Hi
openSUSE's yast has a really nice and little known frontend to LDAP 
which handles samba objects too. You can point and click your way 
through adding/deleting samba specific users and groups. It also has an 
LDAP browser similar to phpldapadmin. I'm not sure if Yast will fire up 
on Centos but may be worth a look.

Cheers,
Steve

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] join domain from different subnet (VPN)

[Bob Miller]

A post went by on this list not too long about using openvpn.

https://lists.samba.org/archive/samba/2012-July/168209.html

In that post, a quote from

http://openvpn.net/index.php/open-source/faq/75-general/293-what-is-the-principle-behind-openvpn-tunnels.html

indicates that running openvpn as a bridge will pass layer 2 traffic.
Perhaps that will help in your situation...

On Thu, 2012-08-30 at 15:21 +0200, real-men-dont-cl...@gmx.net wrote:
 Hi,
 
 I already tried that, no success.
 
 The VPN connects two subnets via OpenVPN with dedicated routers on each side.
 
 
 thx
 
 Carsten
 
 
 
 -Original message-
 To:   samba@lists.samba.org; 
 From: Gaiseric Vandal gaiseric.van...@gmail.com
 Sent: Thu 30-08-2012 14:58
 Subject:  Re: [Samba] join domain from different subnet (VPN)
  Did you try a packet capture on the samba server? 
  
  Try adding a entry for the XP machine in the server's /etc/hosts file. 
  
  I am guessing there is some sort of weird name resolution issue going on
  with the server.I don't think there is any reason the server should
  need to resolve the name of the client machine but I have had weird
  issues with VPN connections before. 
  
  This is a site-to-site VPN?  
  
  On 08/30/12 05:34, real-men-dont-cl...@gmx.net wrote:
   Hello everybody,
  
   we have a problem joining a domain from a remote location.
  
   The remote location is connected via VPN. Everything is working as 
   exspected 
  but joining the samba domain from the remote location does not work.
  
   - Server Samba Version is 3.5.10
   - Windows Client is XP SP3
   - Joining the domain locally works without problems
   - ping does work in both directions
   - WINS is running on the local PDC and resolves across VPN (I tested with 
   a 
  Linux client using nbmlookup)
   - the WINS server is configured on the client
   - NetBIOS over TCP/IP is enabled on the client
   - Windows on the client firewall is OFF
   - even adding entries to the client's lmhosts file didn't solve the 
   problem
  
  
   Any suggestions?
  
  
   thx
  
   Carsten
  
  
  -- 
  To unsubscribe from this list go to the following URL and read the
  instructions:  https://lists.samba.org/mailman/options/samba
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] syntax of samba-tool to deal with SRV DNS record

[Hleb Valoshka]

On 8/30/12, Alain Foucher a.fouc...@cht.nc wrote:
 i try to use something like :
 samba-tool  dns  add   smb4   domain.local_http._tcp.domain.local   SRV
 tx4.domain.local  80   1   5
 but i get this message
 Usage: samba-tool dns add server zone name
 A||PTR|CNAME|NS|MX|SRV|TXT data

You've forgot quotes around data:

samba-tool  dns  add   smb4   domain.local_http._tcp.domain.local
 SRV tx4.domain.local  80   1   5
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba complie problem

[Nitin Thakur]

hi  all

Samba build problem when compiling with --with-ads

I have complid, kerberos and openldap in /opt/local/samba and I am using gcc 
with gnu binutils. Its a solaris 10 sparc.

Configure gives me following error: -

checking for LDAP support... yes
checking ldap.h usability... yes
checking ldap.h presence... yes
checking for ldap.h... yes
checking lber.h usability... yes
checking lber.h presence... yes
checking for lber.h... yes
checking for ber_tag_t... yes
checking for ber_scanf in -llber... yes
checking for ber_sockbuf_add_io... yes
checking for LDAP_OPT_SOCKBUF... yes
checking for LBER_OPT_LOG_PRINT_FN... yes
checking for ldap_init in -lldap... no
checking for ldap_set_rebind_proc... no
checking whether ldap_set_rebind_proc takes 3 arguments... 3
checking for ldap_initialize... no
configure: error: libldap is needed for LDAP support

Config.log output: -

configure:25335: gcc -o conftest -I/opt/local/samba/include 
-I/opt/local/samba/include -D_REENTRANT -D_LARGEFILE_SOURCE 
-D_FILE_OFFSET_BITS=64 -I/usr/include -L/opt/local/samba/lib 
-R/opt/local/samba/lib -lthread -L./bin -L/usr/lib conftest.c -lldap -llber   
-lresolv -lrt-lnsl -lsocket  -lmd5 -lrt  -liconv 5
/usr/local/lib/gcc/sparc-sun-solaris2.10/3.4.6/../../../../sparc-sun-solaris2.10/bin/ld:
 /opt/local/samba/lib/libldap.so: dladdr: invalid version 12 (max 0)
/opt/local/samba/lib/libldap.so: could not read symbols: Bad value

I installed openldap in /opt/local/samba.

# find /opt/local/samba -name libldap\*
/opt/local/samba/lib/libldap_r.a
/opt/local/samba/lib/libldap.so
/opt/local/samba/lib/libldap.la
/opt/local/samba/lib/libldap-2.4.so.2
/opt/local/samba/lib/libldap.a
/opt/local/samba/lib/libldap_r.so
/opt/local/samba/lib/libldap_r-2.4.so.2
/opt/local/samba/lib/libldap-2.4.so.2.8.4
/opt/local/samba/lib/libldap_r-2.4.so.2.8.4
/opt/local/samba/lib/libldap_r.la

Thanks

Nitin
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba3 and Office 2010

[Jeremy Allison]

On Thu, Aug 30, 2012 at 11:46:55AM +0400, Андрей Гребенников wrote:
 Hi there people! I'd like someone to help me with samba shares and
 Office 2010. Whe a user opens a file from a share, msword or excel
 tells him that the file was got from internet and if you like to
 edit it you should push the button allow. How could I solve the
 issue from samba side?

It's almost certainly the alternate data stream with Internet Zone
being required. Try using the streams_xattr module on the share.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Permissions incorrectly ordered on Windows after disabling inheritance

[Walkes, Dan]

On Wed, Aug 29, 2012 at 21:45:24, Jeremy Allison wrote:
 On Fri, Aug 24, 2012 at 11:08:53AM -0600, Walkes, Dan wrote:
  Hi everyone,
 
  I've noticed a problem with Debian wheezy + samba 3.6.6 configured 
  with acl_xattr in my configuration.  The following test sequence 
  causes Windows Explorer to report incorrectly ordered permission
entries:
  1)  Map a share as with admin user credentials  to a drive letter
  on a Windows client
  2)  Create a folder at the root of the share rootfolder
  3)  Create a subfolder subfolder1 under rootfolder
  4)  Un-check Include inheritable permissions from this object's
  parent in the windows security settings dialog for Windows Explorer

  on the root folder
  5)  Create a subfolder subfolder2 under subfolder1
  6)  Right-click with Windows Explorer and attempt to edit the
  permissions of subfolder2.  Windows Explorer pops up a message 
  stating The permissions on subfolder2 are incorrectly ordered, 
  which may cause some entries to be ineffective.
 
 FYI, the complete and correct fix for this ifor 3.6.next s now
attached to bug :
 
 https://bugzilla.samba.org/show_bug.cgi?id=9124
 
 as a patch. Please test (it fixes the problem here). Thanks for 
 reporting this, the same code will go into master as soon as I've 
 finished wrestling with autobuild :-).
 

Thanks Jeremy.  I've tested today.  I can confirm it fixes the incorrect
ordering issue and sequence 1-6 works for me.  I can also confirm that
after removing inheritance on a root folder from windows the I flag is
set for all permissions on subfolders as expected.  I did notice however
that in my case if I never modify permissions or change permissions from
Windows Explorer the I flag is still not set on inherited permissions,
at least with my configuration. 

For instance if my share folder permissions are: 

smbcacls --user=K9\\tandberg //localhost/20120830_4 rootfolder/..
REVISION:1
CONTROL:0x8004
OWNER:BIZNAS-B2\nobody
GROUP:Unix Group\root
ACL:BIZNAS-B2\nobody:ALLOWED/0x0/FULL
ACL:K9\domain users:ALLOWED/0x0/FULL
ACL:Unix Group\%naslocal%:ALLOWED/0x0/FULL
ACL:Unix Group\root:ALLOWED/0x0/FULL
ACL:BIZNAS-B2\admin:ALLOWED/0x0/FULL
ACL:Everyone:ALLOWED/0x0/
ACL:Creator Owner:ALLOWED/OI|CI|IO/RWXDPO
ACL:Creator Group:ALLOWED/OI|CI|IO/RWXDPO
ACL:Everyone:ALLOWED/OI|CI|IO/RWXDPO

Each of my subfolders have permissions which look like this:

smbcacls --user=K9\\tandberg //localhost/20120830_4 rootfolder
REVISION:1
CONTROL:0x8004
OWNER:BIZNAS-B2\admin
GROUP:BIZNAS-B2\None
ACL:BIZNAS-B2\admin:ALLOWED/0x0/RWXDPO
ACL:Creator Owner:ALLOWED/OI|CI|IO/RWXDPO
ACL:BIZNAS-B2\None:ALLOWED/0x0/RWXDPO
ACL:Creator Group:ALLOWED/OI|CI|IO/RWXDPO
ACL:Everyone:ALLOWED/OI|CI/RWXDPO

I would have expected the I flag to be set on Creator Owner, Creator
Group and Everyone in this case since these permissions were inherited
from the share folder.  This is what I see with a Windows 7 file share.

However, after I modify permissions on any folder in any way from
windows explorer (even if I don't modify Creator Owner, Creator Group or
Everyone), all inherited permissions on subfolders have the I flag set.
This applies both to subfolders which existed before the change and for
new subfolders created after I made the change from Windows Explorer.  I
don't see this behavior if I change from smbcacls, only if I change from
Windows Explorer.  If I use Windows Explorer to modify the permissions
on the root folder in any way, all inherited permissions have the I flag
set on all subfolders as I would expect.

I'm not sure that missing the I flag is actually important as long as
the permissions are inheriting and now that windows is no longer
complaining about ordering.  I just thought I would bring it up here in
case it was related and in case you thought it was important.  I can
gather more data if you are interested... let me know

Thanks again!
Dan

 Cheers,
 
   Jeremy.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Permissions incorrectly ordered on Windows after disabling inheritance

[Jeremy Allison]

On Thu, Aug 30, 2012 at 05:09:10PM -0600, Walkes, Dan wrote:
 On Wed, Aug 29, 2012 at 21:45:24, Jeremy Allison wrote:
  On Fri, Aug 24, 2012 at 11:08:53AM -0600, Walkes, Dan wrote:
   Hi everyone,
  
   I've noticed a problem with Debian wheezy + samba 3.6.6 configured 
   with acl_xattr in my configuration.  The following test sequence 
   causes Windows Explorer to report incorrectly ordered permission
 entries:
   1)Map a share as with admin user credentials  to a drive letter
   on a Windows client
   2)Create a folder at the root of the share rootfolder
   3)Create a subfolder subfolder1 under rootfolder
   4)Un-check Include inheritable permissions from this object's
   parent in the windows security settings dialog for Windows Explorer
 
   on the root folder
   5)Create a subfolder subfolder2 under subfolder1
   6)Right-click with Windows Explorer and attempt to edit the
   permissions of subfolder2.  Windows Explorer pops up a message 
   stating The permissions on subfolder2 are incorrectly ordered, 
   which may cause some entries to be ineffective.
  
  FYI, the complete and correct fix for this ifor 3.6.next s now
 attached to bug :
  
  https://bugzilla.samba.org/show_bug.cgi?id=9124
  
  as a patch. Please test (it fixes the problem here). Thanks for 
  reporting this, the same code will go into master as soon as I've 
  finished wrestling with autobuild :-).
  
 
 Thanks Jeremy.  I've tested today.  I can confirm it fixes the incorrect
 ordering issue and sequence 1-6 works for me.  I can also confirm that
 after removing inheritance on a root folder from windows the I flag is
 set for all permissions on subfolders as expected.  I did notice however
 that in my case if I never modify permissions or change permissions from
 Windows Explorer the I flag is still not set on inherited permissions,
 at least with my configuration. 

Actually this is what you'd expect with a security descriptor
type of : CONTROL:0x8004

(SEC_DESC_SELF_RELATIVE  = 0x8000|
 SEC_DESC_DACL_PRESENT   = 0x0004).

On Windows you'll probably have :

CONTROL:0x8404

(SEC_DESC_SELF_RELATIVE  = 0x8000|
 SEC_DESC_DACL_AUTO_INHERITED= 0x0400|
 SEC_DESC_DACL_PRESENT   = 0x0004).

which explains the difference. If you set a security
descriptor on rootfolder/ from the Windows client and
end up with CONTROL:0x8404, then whenever you create
subfolders/files below that you'll see the INHERITED
bit (that's what the patch solves).

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 kpasswd: refuses to change

[Andrew Bartlett]

On Thu, 2012-08-30 at 14:59 +, Thomas Mueller wrote:
 Am Thu, 30 Aug 2012 14:07:00 + schrieb Thomas Mueller:
 
  Am Thu, 30 Aug 2012 13:45:50 + schrieb Thomas Mueller:
  
  
  # kpasswd Password for user@TEST.DOMAIN:
  Enter new password:
  Enter it again:
  Password change rejected: Password must be at least 7 characters long,
  and cannot match any of your 24 previous passwords
  
  OK, it's not a kpasswd problem. Changing the password from windows (ctrl
  -
  alt -del - change password) brings up the same message.
  
  - Thomas
 
 and finally found the root cause:
 
 the default password policy is set to a minimal password age of 1 day

Samba generates that message, so if you want to patch
source4/kdc/kpasswd.c to give a better message, you would be most
welcome.

The restrictions are implemented in
source4/dsdb/samdb/ldb_modules/password_hash.c.  We could either try and
send back a better string from there, or at least use the string sent
back already (without the windows error code on the front). 

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] replication error?

[Andrew Bartlett]

On Thu, 2012-08-30 at 09:33 -0400, Steve Thompson wrote:
 On Wed, 29 Aug 2012, Steve Thompson wrote:
 
  On Wed, 29 Aug 2012, Steve Thompson wrote:
  More information. If I have two DC's, dc1 and dc2, and I point ldap_uri and 
  krb5_server in sssd.conf directly at dc1, it always works. If I point 
  either 
  of those parameters at dc2, it always fails.
 
 Well, this was a red herring. Wait long enough (overnight) and it turns 
 out that dc1 stops working as well (dc2 never works). This stuff is 
 unusable.

Does this configuration of SSSD work any differently against a windows
domain?  (Trial versions of windows server can be downloaded). 

These issues appear to be client-side (using the wrong ticket, or
attempting to do krb5 against a name mapping to more than one server),
but with so little detail it is hard to say with clarity. 

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Permissions incorrectly ordered on Windows after disabling inheritance

[Walkes, Dan]

On Thu, Aug 30, 2012 at 17:52:08, Jeremy Allison wrote:
 On Thu, Aug 30, 2012 at 05:09:10PM -0600, Walkes, Dan wrote:
  On Wed, Aug 29, 2012 at 21:45:24, Jeremy Allison wrote:
   On Fri, Aug 24, 2012 at 11:08:53AM -0600, Walkes, Dan wrote:
Hi everyone,
   
I've noticed a problem with Debian wheezy + samba 3.6.6 
configured with acl_xattr in my configuration.  The following 
test sequence causes Windows Explorer to report incorrectly 
ordered permission
  entries:
1)  Map a share as with admin user credentials  to a drive
letter
on a Windows client
2)  Create a folder at the root of the share rootfolder
3)  Create a subfolder subfolder1 under rootfolder
4)  Un-check Include inheritable permissions from this
object's
parent in the windows security settings dialog for Windows 
Explorer
 
on the root folder
5)  Create a subfolder subfolder2 under subfolder1
6)  Right-click with Windows Explorer and attempt to edit
the
permissions of subfolder2.  Windows Explorer pops up a message

stating The permissions on subfolder2 are incorrectly ordered, 
which may cause some entries to be ineffective.
  
   FYI, the complete and correct fix for this ifor 3.6.next s now
  attached to bug :
  
   https://bugzilla.samba.org/show_bug.cgi?id=9124
  
   as a patch. Please test (it fixes the problem here). Thanks for 
   reporting this, the same code will go into master as soon as I've 
   finished wrestling with autobuild :-).
  
 
  Thanks Jeremy.  I've tested today.  I can confirm it fixes the 
  incorrect ordering issue and sequence 1-6 works for me.  I can also 
  confirm that after removing inheritance on a root folder from 
  windows the I flag is set for all permissions on subfolders as 
  expected.  I did notice however that in my case if I never modify 
  permissions or change permissions from Windows Explorer the I flag 
  is still not set on inherited permissions, at least with my
configuration.
 
 Actually this is what you'd expect with a security descriptor type of
:
 CONTROL:0x8004
 
 (SEC_DESC_SELF_RELATIVE  = 0x8000|
  SEC_DESC_DACL_PRESENT   = 0x0004).
 
 On Windows you'll probably have :
 
 CONTROL:0x8404
 
 (SEC_DESC_SELF_RELATIVE  = 0x8000|
  SEC_DESC_DACL_AUTO_INHERITED= 0x0400|
  SEC_DESC_DACL_PRESENT   = 0x0004).
 
 which explains the difference. If you set a security descriptor on 
 rootfolder/ from the Windows client and end up with CONTROL:0x8404, 
 then whenever you create subfolders/files below that you'll see the
INHERITED
 bit (that's what the patch solves).
 
 Jeremy.

Yes this explains it.  Thanks for your help.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[SCM] Samba Shared Repository - branch v3-6-test updated

[Karolin Seeger]

The branch, v3-6-test has been updated
   via  4050cc8 s3-printing: fix bug 9123 lprng job tracking errors
  from  0f14965 s3-smbd: Initialize the print backend after we setup winreg.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -
commit 4050cc8be25299514f7ebe609419f74aff8da423
Author: David Disseldorp dd...@samba.org
Date:   Tue Aug 28 18:58:24 2012 +0200

s3-printing: fix bug 9123 lprng job tracking errors

The lprng printing back-end is truncating the print job filename in the
lpq output, which means that Samba is not able to determine the back-end
job ID for a newly submitted print job.
Remove the unneeded spoolss job ID from the print job file name to
ensure the job filename is not truncated. Also log these warnings at a
higher log level.

---

Summary of changes:
 source3/printing/print_generic.c |2 +-
 source3/printing/printing.c  |3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/printing/print_generic.c b/source3/printing/print_generic.c
index aac3892..7a7cd3b 100644
--- a/source3/printing/print_generic.c
+++ b/source3/printing/print_generic.c
@@ -288,7 +288,7 @@ static int generic_job_submit(int snum, struct printjob 
*pjob,
ret = 0;
}
if (pjob-sysjob == -1) {
-   DEBUG(0, (failed to get sysjob for job %u (%s), tracking as 
+   DEBUG(2, (failed to get sysjob for job %u (%s), tracking as 
  Unix job\n, pjob-jobid, jobname));
}
 
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index aa5b41d..ba73918 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -2843,8 +2843,7 @@ static WERROR print_job_spool_file(int snum, uint32_t 
jobid,
}
 
slprintf(pjob-filename, sizeof(pjob-filename)-1,
-%s/%s%.8u.XX, lp_pathname(snum),
-PRINT_SPOOL_PREFIX, (unsigned int)jobid);
+%s/%sXX, lp_pathname(snum), PRINT_SPOOL_PREFIX);
pjob-fd = mkstemp(pjob-filename);
 
if (pjob-fd == -1) {


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-6-test updated

[Karolin Seeger]

The branch, v3-6-test has been updated
   via  2d1bf06 Bug #9058] Files not deleted, smbstatus shows Segmentation 
fault.
  from  4050cc8 s3-printing: fix bug 9123 lprng job tracking errors

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -
commit 2d1bf06f440c9607ee7b60e65ab33f70b9657770
Author: Jeremy Allison j...@samba.org
Date:   Wed Aug 22 11:05:19 2012 -0700

Bug #9058] Files not deleted, smbstatus shows Segmentation fault.

Fix smbstatus code dump when a file entry has delete tokens.

---

Summary of changes:
 source3/locking/locking.c |   42 --
 1 files changed, 16 insertions(+), 26 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index 11d1a85..4379847 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -1735,42 +1735,32 @@ struct forall_state {
 static int traverse_fn(struct db_record *rec, void *_state)
 {
struct forall_state *state = (struct forall_state *)_state;
-   struct locking_data *data;
-   struct share_mode_entry *shares;
-   const char *sharepath;
-   const char *fname;
-   const char *del_tokens;
-   uint32_t total_del_token_size = 0;
int i;
+   struct share_mode_lock *lck;
 
/* Ensure this is a locking_key record. */
if (rec-key.dsize != sizeof(struct file_id))
return 0;
 
-   data = (struct locking_data *)rec-value.dptr;
-   shares = (struct share_mode_entry *)(rec-value.dptr + sizeof(*data));
-   del_tokens = (const char *)rec-value.dptr + sizeof(*data) +
-   data-u.s.num_share_mode_entries*sizeof(*shares);
-
-   for (i = 0; i  data-u.s.num_delete_token_entries; i++) {
-   uint32_t del_token_size;
-   memcpy(del_token_size, del_tokens, sizeof(uint32_t));
-   total_del_token_size += del_token_size;
-   del_tokens += del_token_size;
+   lck = TALLOC_ZERO_P(talloc_tos(), struct share_mode_lock);
+   if (lck == NULL) {
+   return 0;
}
 
-   sharepath = (const char *)rec-value.dptr + sizeof(*data) +
-   data-u.s.num_share_mode_entries*sizeof(*shares) +
-   total_del_token_size;
-   fname = (const char *)rec-value.dptr + sizeof(*data) +
-   data-u.s.num_share_mode_entries*sizeof(*shares) +
-   total_del_token_size +
-   strlen(sharepath) + 1;
+   if (!parse_share_modes(rec-value, lck)) {
+   TALLOC_FREE(lck);
+   DEBUG(1, (parse_share_modes failed\n));
+   return 0;
+   }
 
-   for (i=0;idata-u.s.num_share_mode_entries;i++) {
-   state-fn(shares[i], sharepath, fname,
- state-private_data);
+   for (i=0; ilck-num_share_modes; i++) {
+   struct share_mode_entry *se = lck-share_modes[i];
+   state-fn(se,
+   lck-servicepath,
+   lck-base_name,
+   state-private_data);
}
+   TALLOC_FREE(lck);
return 0;
 }
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-6-test updated

[Karolin Seeger]

The branch, v3-6-test has been updated
   via  4f4a972 s3-smbd: Fix flooding the logs with records we don't find 
in pcap.
  from  2d1bf06 Bug #9058] Files not deleted, smbstatus shows Segmentation 
fault.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -
commit 4f4a972e277859a63b60a9bbaff094e00338aba9
Author: Andreas Schneider a...@samba.org
Date:   Tue Aug 28 14:17:22 2012 +0200

s3-smbd: Fix flooding the logs with records we don't find in pcap.

Signed-off-by: Andreas Schneider a...@samba.org

Fix bug #9112 - smbd.log is flooded by 'printer_list_get_printer: Failed to
fetch record!'.

---

Summary of changes:
 source3/smbd/server_reload.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/server_reload.c b/source3/smbd/server_reload.c
index fd6dc1a..b88d994 100644
--- a/source3/smbd/server_reload.c
+++ b/source3/smbd/server_reload.c
@@ -80,7 +80,7 @@ void reload_printers(struct tevent_context *ev,
pname = lp_printername(snum);
 
/* check printer, but avoid removing non-autoloaded printers */
-   if (!pcap_printername_ok(pname)  lp_autoloaded(snum)) {
+   if (lp_autoloaded(snum)  !pcap_printername_ok(pname)) {
DEBUG(3, (removing stale printer %s\n, pname));
 
if (is_printer_published(session_info, session_info,


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Christian Ambach]

The branch, master has been updated
   via  02aacb1 s3:libsmb correctly set isFsctl for snapshot list
  from  4612092 selftest: Remove spoolss tests from knownfail.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 02aacb17d18f1bb47575b473a9468ff05403e67c
Author: Christian Ambach a...@samba.org
Date:   Thu Aug 30 16:43:33 2012 +0200

s3:libsmb correctly set isFsctl for snapshot list

FSCTL_GET_SHADOW_COPY_DATA is a FSCTL, so set the isFsctl marker
otherwise smbclient allinfo will not report snapshots any more with the 
changes
made for Bug #8311

Autobuild-User(master): Christian Ambach a...@samba.org
Autobuild-Date(master): Thu Aug 30 18:57:24 CEST 2012 on sn-devel-104

---

Summary of changes:
 source3/libsmb/clifile.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c
index 1ee7fff..ca9b867 100644
--- a/source3/libsmb/clifile.c
+++ b/source3/libsmb/clifile.c
@@ -5490,7 +5490,7 @@ struct tevent_req *cli_shadow_copy_data_send(TALLOC_CTX 
*mem_ctx,
 
SIVAL(state-setup + 0, 0, FSCTL_GET_SHADOW_COPY_DATA);
SSVAL(state-setup + 2, 0, fnum);
-   SCVAL(state-setup + 3, 0, 0); /* isFsctl */
+   SCVAL(state-setup + 3, 0, 1); /* isFsctl */
SCVAL(state-setup + 3, 1, 0); /* compfilter, isFlags (WSSP) */
 
subreq = cli_trans_send(


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Jeremy Allison]

The branch, master has been updated
   via  4ff4466 The NTVFS server doesn't pass the SMB1 INHERITFLAGS test.
   via  7c4ae72 Now ACL inheritance flags are working, add 
test_inheritance_flags() back into raw.acls to ensure we don't regress.
   via  da670e4 With the inheritance ACL changes we now pass 
samba3.smb2.acls.INHERITFLAGS.
   via  cf29863 Fix bug #9124 - Samba fails to set inherited bit on 
inherited ACE's.
   via  3d34406 Windows does canonicalization of inheritance bits. Do the 
same.
   via  795920c Change the other two places where we set a security 
descriptor given by the client to got through set_sd(), the canonicalize sd 
function.
   via  70ebf1d Re-add set_sd(), called from set_sd_blob(). Allows us to 
centralize all ACL canonicalization.
   via  8c84ece Rename set_sd() to set_sd_blob() - this describes what it 
does.
  from  02aacb1 s3:libsmb correctly set isFsctl for snapshot list

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 4ff446636a40ca27105033fc52db5313cb7fc85a
Author: Jeremy Allison j...@samba.org
Date:   Thu Aug 30 08:45:43 2012 -0700

The NTVFS server doesn't pass the SMB1 INHERITFLAGS test.

Autobuild-User(master): Jeremy Allison j...@samba.org
Autobuild-Date(master): Thu Aug 30 21:38:02 CEST 2012 on sn-devel-104

commit 7c4ae7285152777410c31a429ea590501b1c1fe8
Author: Jeremy Allison j...@samba.org
Date:   Wed Aug 29 15:18:19 2012 -0700

Now ACL inheritance flags are working, add test_inheritance_flags() back 
into raw.acls to ensure we don't regress.

commit da670e4830ab487c1f56efbea90b1cf33247938c
Author: Jeremy Allison j...@samba.org
Date:   Wed Aug 29 14:22:33 2012 -0700

With the inheritance ACL changes we now pass samba3.smb2.acls.INHERITFLAGS.

commit cf29863c69b36224564c27ef1610010b943857c0
Author: Jeremy Allison j...@samba.org
Date:   Wed Aug 29 13:44:57 2012 -0700

Fix bug #9124 - Samba fails to set inherited bit on inherited ACE's.

Change se_create_child_secdesc() to handle inheritance correctly.

commit 3d34406c7bd70576b1705e98b4b3901ac75537c9
Author: Jeremy Allison j...@samba.org
Date:   Wed Aug 29 13:40:29 2012 -0700

Windows does canonicalization of inheritance bits. Do the same.

We need to filter out the
SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ
bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED
as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set
when an ACE is inherited. Otherwise we zero these bits out.
See:


http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/11f77b68-731e-407d-b1b3-064750716531

for details.

commit 795920cf4a25ab4ea061d5620b19ba27884921dd
Author: Jeremy Allison j...@samba.org
Date:   Wed Aug 29 13:37:51 2012 -0700

Change the other two places where we set a security descriptor given by the 
client to got through set_sd(),
the canonicalize sd function.

commit 70ebf1da67e30b585543ffe55a6d7c9da6023138
Author: Jeremy Allison j...@samba.org
Date:   Wed Aug 29 13:29:34 2012 -0700

Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL 
canonicalization.

commit 8c84ecef89dfbfd2cd76b92272fbd32fb13d00b8
Author: Jeremy Allison j...@samba.org
Date:   Wed Aug 29 13:23:06 2012 -0700

Rename set_sd() to set_sd_blob() - this describes what it does.

---

Summary of changes:
 libcli/security/secdesc.c |   10 +++-
 selftest/knownfail|2 +-
 source3/rpc_server/srvsvc/srv_srvsvc_nt.c |   21 +
 source3/smbd/nttrans.c|   73 +++-
 source3/smbd/open.c   |6 +--
 source3/smbd/proto.h  |4 +-
 source3/smbd/smb2_setinfo.c   |2 +-
 source4/torture/raw/acls.c|   15 --
 8 files changed, 84 insertions(+), 49 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c
index 84128e4..a3db1b6 100644
--- a/libcli/security/secdesc.c
+++ b/libcli/security/secdesc.c
@@ -571,6 +571,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
struct security_acl *new_dacl = NULL, *the_acl = NULL;
struct security_ace *new_ace_list = NULL;
unsigned int new_ace_list_ndx = 0, i;
+   bool set_inherited_flags = (parent_ctr-type  
SEC_DESC_DACL_AUTO_INHERITED);
 
TALLOC_CTX *frame;
 
@@ -637,7 +638,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
 
/* First add the regular ACE entry. */
init_sec_ace(new_ace, ptrustee, ace-type,
-   ace-access_mask, 0);
+   ace-access_mask,
+   set_inherited_flags ? 
SEC_ACE_FLAG_INHERITED_ACE 

[SCM] Samba Shared Repository - branch master updated

[Andrew Bartlett]

The branch, master has been updated
   via  a3b67e5 VERSION: Move on to beta9
   via  524876a VERSION: Mark as the beta8 release
   via  757df37 WHATSNEW: prepare for 4.0 beta8
  from  4ff4466 The NTVFS server doesn't pass the SMB1 INHERITFLAGS test.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit a3b67e5299e9d975b7216e398311420a9524f926
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Aug 31 08:34:03 2012 +1000

VERSION: Move on to beta9

We home beta8 will be the last beta, but to avoid confusion and allow
more releases if required I won't mark it as rc1 until the actual
release candidate.

Andrew Bartlett

Autobuild-User(master): Andrew Bartlett abart...@samba.org
Autobuild-Date(master): Fri Aug 31 02:07:23 CEST 2012 on sn-devel-104

commit 524876aa511b3a034c324df9025f693a24842bca
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Aug 31 08:32:15 2012 +1000

VERSION: Mark as the beta8 release

commit 757df37e7099fe29e6af728fccbd15ebd82e6ffd
Author: Andrew Bartlett abart...@samba.org
Date:   Fri Aug 31 08:31:45 2012 +1000

WHATSNEW: prepare for 4.0 beta8

---

Summary of changes:
 VERSION  |2 +-
 WHATSNEW.txt |   65 ++---
 2 files changed, 31 insertions(+), 36 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 14c0561..fa77135 100644
--- a/VERSION
+++ b/VERSION
@@ -67,7 +67,7 @@ SAMBA_VERSION_ALPHA_RELEASE=
 # e.g. SAMBA_VERSION_BETA_RELEASE=1#
 #  -  4.0.0beta1#
 
-SAMBA_VERSION_BETA_RELEASE=8
+SAMBA_VERSION_BETA_RELEASE=9
 
 
 # For 'pre' releases the version will be   #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index d9f2333..4b1f0fe 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,4 @@
-What's new in Samba 4.0 beta7
+What's new in Samba 4.0 beta8
 =
 
 Samba 4.0 will be the next version of the Samba suite and incorporates
@@ -11,7 +11,7 @@ and above.
 WARNINGS
 
 
-Samba 4.0 beta7 is not a final Samba release, however we are now making
+Samba 4.0 beta8 is not a final Samba release, however we are now making
 good progress towards a Samba 4.0 release.  However, this is expected to be the
 last beta release before we start on our release candidate series.
 
@@ -77,7 +77,7 @@ the longer term.
 For pure file server work, the binaries users would expect from that
 series (nmbd, winbindd, smbpasswd) continue to be available.  When
 running an AD DC, you only need to run 'samba' (not
-nmbd/smbd/winbind), as the required services are co-ordinated by this
+nmbd/smbd/winbind), as the required services are co-coordinated by this
 master binary.
 
 As DNS is an integral part of Active Directory, we also provide a DNS
@@ -98,56 +98,51 @@ Python programs to interface to Samba's internals, and many 
tools and
 internal workings of the DC code is now implemented in python.
 
 
-CHANGES SINCE beta6
+CHANGES SINCE beta7
 =
 
-For a list of changes since beta6, please see the git log.
+For a list of changes since beta7, please see the git log.
 
 $ git clone git://git.samba.org/samba.git
 $ cd samba.git
-$ git log samba-4.0.0beta6..samba-4.0.0beta7
+$ git log samba-4.0.0beta7..samba-4.0.0beta8
 
 Some major user-visible changes include:
 
-- ACLs are now set during provision at the POSIX layer for the sysvol
-  share.  This allows group policies to be modified by Domain
-  Administrators (Policy Administrators) that are not the actual
-  Administrator user.
+- A fix for a segfault/abort on startup of the 'samba' binary in the
+  credentials_secrets code. 
 
-- A number of verified fixes for expanding memory use across the AD
-  domain controller, including in the Bind9 DLZ module.
+- A fix for samba-tool classicupgrade of pdb_ldap-based domains
 
-- A fix for bug #9097 (the winbind in the AD DC would lock up under
-  parallel requests).
+- A fix for samba-tool domain exportkeyab only exporting DES keys
 
-- wbinfo --ping-dc now returns helpful information on what failed and
-  against which DC it failed
+- Printing is now enabled on the AD DC
 
-- SMB3 encryption support
+- Fix bug #9124 - Samba fails to set inherited bit on inherited ACE's.
 
-- New 'samba-tool ntacl' commands:
-  - samba-tool ntacl sysvolreset
-  - samba-tool ntacl sysvolcheck
+- We now avoid printing secret attributes (such as unicodePwd and
+  suppliementalCredentials) in ldb trace logs
 
-Less visible, but important changes under the hood include:
+- s3-printing: fix bug 9123 lprng job tracking errors
 
-- Continued work to support SMB2 and SMB3
-
-- Continued work to use async IO to 

[SCM] Samba Shared Repository - annotated tag samba-4.0.0beta8 created

[Andrew Bartlett]

The annotated tag, samba-4.0.0beta8 has been created
at  a7b9327dd48793eca878588e43ee8f06f7fa8dbe (tag)
   tagging  524876aa511b3a034c324df9025f693a24842bca (commit)
  replaces  ldb-1.1.11
 tagged by  Andrew Bartlett
on  Fri Aug 31 11:43:39 2012 +1000

- Log -
samba4: tag release samba-4.0.0beta8
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)

iQIVAwUAUEAWy2jGT3QfUnJfAQKgsA/+JX2BzrA2QULHwKS0IpVteL8YsmILnN20
oSSPp3tMgBwuOBzK1/17KOns2LH0CZul/n0FhZQxv8I8BVP+ZWu5ysNHZcnBu1uW
pbj9T6fz4D0Mv4n+7Y+JcuXmpqorm7INi+zdxes3cZMBefnkhNnGLki/u3F7mTSa
usZDXvmKwQA0siOtmMs2GeQFUKKgHHUH/6sVGHTNZxaMGtIA8YMSVoLccLSMElH1
jnWL3wmIvbrHrBHakn594EKbb2NR37bNBc7zfTtwcNoozCpZ+/h75+TCQYOmF7M2
nORa5e5ueMg9SSqFgpwQfEBq/6cCUB2Ep2GykfpXj7WEBzDghv4FYIpCrRXxkcAb
R7C3wXbiYi620IAu8AWbdsAjrlxz1VD3fhBvZfFzzO5ApuY30EOFC7OZlwnmwlUz
ARJz2ZE5V2NGogclfRGkcBt+414caaohGESlYuAW5d3KN4UmLfJ7VYaLV0z09AV0
eo6L6jqJN/dpjnvV+giGsMtDRDRkF8BY1ZOFd2i+evqZD4b9Nxg04tyhsAaO1x8Y
0APGqybsYKSAJtFnb+iORepkMrGbLBu6ib7JoboP/nAUSTZHXn6YlHv99SMzIGdJ
4qJJhWiLJZ5aHMfDqFfxdG6WUtXxfMX6m1Xo85jo+PGYZChhqHScr43YcKngUt+1
uZ2KVxcbdMM=
=52Ul
-END PGP SIGNATURE-

Andreas Schneider (6):
  s3-smbd: Fix flooding the logs with records we don't find in pcap.
  libkrb5: Fix build with MIT Kerberos.
  selftest: Define the log directory for s3fs.
  file_server: Fix spoolss support with s3fs.
  selftest: Add missing printing options for plugin_s4_dc.
  selftest: Remove spoolss tests from knownfail.

Andrew Bartlett (14):
  s3-classicupgrade: Fix import from ldap
  auth/credentials: Avoid double-free in the failure case
  selftest: Add a test for smbclient --machine-pass without secrets.tdb
  auth/credentials: Improve memory handling in 
cli_credentials_set_machine_account
  auth/credentials: Better integrate fetch of secrets.tdb and secrets.ldb 
records
  auth/credentials: Remove unused, and un-declared 
cli_credentials_set_krbtgt()
  lib/ldb: Avoid printing secret attributes in ldb trace logs
  s4-dsdb: Avoid printing secret attributes in ldb trace logs
  s4-libnet: Fix passing samba_all_enctypes as a fn rather than the encrypt 
array it returns
  lib/krb4_wrap: Add const to kt_copy_one_principal
  s4-torture: Add start of a test to confirm winbindd PAC parsing
  auth/credentials: Support match-by-key in 
cli_credentials_get_server_gss_creds()
  WHATSNEW: prepare for 4.0 beta8
  VERSION: Mark as the beta8 release

Björn Jacke (1):
  vfs_media_harmony: fix some compile warnings with llvm

Christian Ambach (1):
  s3:libsmb correctly set isFsctl for snapshot list

Christof Schmitt (1):
  s3:vfs_gpfs: Use directory not file to get fileset id

David Disseldorp (1):
  s3-printing: fix bug 9123 lprng job tracking errors

Jeremy Allison (8):
  Rename set_sd() to set_sd_blob() - this describes what it does.
  Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all 
ACL canonicalization.
  Change the other two places where we set a security descriptor given by 
the client to got through set_sd(),
  Windows does canonicalization of inheritance bits. Do the same.
  Fix bug #9124 - Samba fails to set inherited bit on inherited ACE's.
  With the inheritance ACL changes we now pass 
samba3.smb2.acls.INHERITFLAGS.
  Now ACL inheritance flags are working, add test_inheritance_flags() back 
into raw.acls to ensure we don't regress.
  The NTVFS server doesn't pass the SMB1 INHERITFLAGS test.

---


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-0-test updated

[Andrew Bartlett]

The branch, v4-0-test has been updated
   via  524876a VERSION: Mark as the beta8 release
   via  757df37 WHATSNEW: prepare for 4.0 beta8
   via  4ff4466 The NTVFS server doesn't pass the SMB1 INHERITFLAGS test.
   via  7c4ae72 Now ACL inheritance flags are working, add 
test_inheritance_flags() back into raw.acls to ensure we don't regress.
   via  da670e4 With the inheritance ACL changes we now pass 
samba3.smb2.acls.INHERITFLAGS.
   via  cf29863 Fix bug #9124 - Samba fails to set inherited bit on 
inherited ACE's.
   via  3d34406 Windows does canonicalization of inheritance bits. Do the 
same.
   via  795920c Change the other two places where we set a security 
descriptor given by the client to got through set_sd(), the canonicalize sd 
function.
   via  70ebf1d Re-add set_sd(), called from set_sd_blob(). Allows us to 
centralize all ACL canonicalization.
   via  8c84ece Rename set_sd() to set_sd_blob() - this describes what it 
does.
   via  02aacb1 s3:libsmb correctly set isFsctl for snapshot list
   via  4612092 selftest: Remove spoolss tests from knownfail.
   via  20cfa38 selftest: Add missing printing options for plugin_s4_dc.
   via  fb917eb file_server: Fix spoolss support with s3fs.
   via  bf36462 selftest: Define the log directory for s3fs.
   via  5131359 auth/credentials: Support match-by-key in 
cli_credentials_get_server_gss_creds()
   via  a58bf44 s4-torture: Add start of a test to confirm winbindd PAC 
parsing
   via  fe36bb4 lib/krb4_wrap: Add const to kt_copy_one_principal
   via  6678907 s3:vfs_gpfs: Use directory not file to get fileset id
   via  f31d0d0 vfs_media_harmony: fix some compile warnings with llvm
   via  fb15e5a s3-printing: fix bug 9123 lprng job tracking errors
   via  24356f3 libkrb5: Fix build with MIT Kerberos.
   via  e39cce4 s4-libnet: Fix passing samba_all_enctypes as a fn rather 
than the encrypt array it returns
   via  5d96498 s4-dsdb: Avoid printing secret attributes in ldb trace logs
   via  395b8e4 lib/ldb: Avoid printing secret attributes in ldb trace logs
   via  17337cf auth/credentials: Remove unused, and un-declared 
cli_credentials_set_krbtgt()
   via  beafdd6 auth/credentials: Better integrate fetch of secrets.tdb and 
secrets.ldb records
   via  a0e4bdc auth/credentials: Improve memory handling in 
cli_credentials_set_machine_account
   via  3a303ae5 selftest: Add a test for smbclient --machine-pass without 
secrets.tdb
   via  bcc29f9 auth/credentials: Avoid double-free in the failure case
   via  ba862f4 s3-smbd: Fix flooding the logs with records we don't find 
in pcap.
   via  9e441c4 s3-classicupgrade: Fix import from ldap
   via  dd21bb0 lib/ldb: Bump ldb version to 1.1.11
   via  dc8d29c s3-vfs: Indicate the symlink destination when failing 
check_reduced_name
   via  f2ccff7 s3-vfs: Try to be consistent about localtime vs GMT 
handling in vfs_shadow_copy2
   via  de20958 s3-vfs_shadow_copy2: Also accept a sscanf result
   via  11a5646 VERSION: Move on to beta8
  from  c41894c VERSION: Mark as the beta7 release

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test


- Log -
---

Summary of changes:
 VERSION|2 +-
 WHATSNEW.txt   |   65 
 auth/credentials/credentials_krb5.c|   11 +-
 auth/credentials/credentials_secrets.c |  168 ++--
 file_server/file_server.c  |2 +-
 lib/krb5_wrap/enctype_convert.c|   12 +-
 lib/krb5_wrap/keytab_util.c|2 +-
 lib/krb5_wrap/krb5_samba.h |2 +-
 lib/ldb-samba/ldif_handlers.c  |8 +
 lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.11.sigs}   |0
 lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.12.sigs}   |1 +
 ...ldb-util-1.1.10.sigs = pyldb-util-1.1.11.sigs} |0
 ...ldb-util-1.1.10.sigs = pyldb-util-1.1.12.sigs} |0
 lib/ldb/common/ldb.c   |   31 +++-
 lib/ldb/common/ldb_ldif.c  |   47 +-
 lib/ldb/common/ldb_modules.c   |   15 ++-
 lib/ldb/include/ldb_module.h   |4 +
 lib/ldb/include/ldb_private.h  |5 +
 lib/ldb/wscript|2 +-
 libcli/security/secdesc.c  |   10 +-
 selftest/knownfail |   68 +
 selftest/target/Samba4.pm  |   36 
 source3/libsmb/clifile.c   |2 +-
 source3/modules/gpfs.c |   16 ++-
 source3/modules/vfs_gpfs.c |   24 +++-
 

[SCM] Samba Shared Repository - branch v4-0-stable updated

[Andrew Bartlett]

The branch, v4-0-stable has been updated
   via  524876a VERSION: Mark as the beta8 release
   via  757df37 WHATSNEW: prepare for 4.0 beta8
   via  4ff4466 The NTVFS server doesn't pass the SMB1 INHERITFLAGS test.
   via  7c4ae72 Now ACL inheritance flags are working, add 
test_inheritance_flags() back into raw.acls to ensure we don't regress.
   via  da670e4 With the inheritance ACL changes we now pass 
samba3.smb2.acls.INHERITFLAGS.
   via  cf29863 Fix bug #9124 - Samba fails to set inherited bit on 
inherited ACE's.
   via  3d34406 Windows does canonicalization of inheritance bits. Do the 
same.
   via  795920c Change the other two places where we set a security 
descriptor given by the client to got through set_sd(), the canonicalize sd 
function.
   via  70ebf1d Re-add set_sd(), called from set_sd_blob(). Allows us to 
centralize all ACL canonicalization.
   via  8c84ece Rename set_sd() to set_sd_blob() - this describes what it 
does.
   via  02aacb1 s3:libsmb correctly set isFsctl for snapshot list
   via  4612092 selftest: Remove spoolss tests from knownfail.
   via  20cfa38 selftest: Add missing printing options for plugin_s4_dc.
   via  fb917eb file_server: Fix spoolss support with s3fs.
   via  bf36462 selftest: Define the log directory for s3fs.
   via  5131359 auth/credentials: Support match-by-key in 
cli_credentials_get_server_gss_creds()
   via  a58bf44 s4-torture: Add start of a test to confirm winbindd PAC 
parsing
   via  fe36bb4 lib/krb4_wrap: Add const to kt_copy_one_principal
   via  6678907 s3:vfs_gpfs: Use directory not file to get fileset id
   via  f31d0d0 vfs_media_harmony: fix some compile warnings with llvm
   via  fb15e5a s3-printing: fix bug 9123 lprng job tracking errors
   via  24356f3 libkrb5: Fix build with MIT Kerberos.
   via  e39cce4 s4-libnet: Fix passing samba_all_enctypes as a fn rather 
than the encrypt array it returns
   via  5d96498 s4-dsdb: Avoid printing secret attributes in ldb trace logs
   via  395b8e4 lib/ldb: Avoid printing secret attributes in ldb trace logs
   via  17337cf auth/credentials: Remove unused, and un-declared 
cli_credentials_set_krbtgt()
   via  beafdd6 auth/credentials: Better integrate fetch of secrets.tdb and 
secrets.ldb records
   via  a0e4bdc auth/credentials: Improve memory handling in 
cli_credentials_set_machine_account
   via  3a303ae5 selftest: Add a test for smbclient --machine-pass without 
secrets.tdb
   via  bcc29f9 auth/credentials: Avoid double-free in the failure case
   via  ba862f4 s3-smbd: Fix flooding the logs with records we don't find 
in pcap.
   via  9e441c4 s3-classicupgrade: Fix import from ldap
   via  dd21bb0 lib/ldb: Bump ldb version to 1.1.11
   via  dc8d29c s3-vfs: Indicate the symlink destination when failing 
check_reduced_name
   via  f2ccff7 s3-vfs: Try to be consistent about localtime vs GMT 
handling in vfs_shadow_copy2
   via  de20958 s3-vfs_shadow_copy2: Also accept a sscanf result
   via  11a5646 VERSION: Move on to beta8
  from  c41894c VERSION: Mark as the beta7 release

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-stable


- Log -
---

Summary of changes:
 VERSION|2 +-
 WHATSNEW.txt   |   65 
 auth/credentials/credentials_krb5.c|   11 +-
 auth/credentials/credentials_secrets.c |  168 ++--
 file_server/file_server.c  |2 +-
 lib/krb5_wrap/enctype_convert.c|   12 +-
 lib/krb5_wrap/keytab_util.c|2 +-
 lib/krb5_wrap/krb5_samba.h |2 +-
 lib/ldb-samba/ldif_handlers.c  |8 +
 lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.11.sigs}   |0
 lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.12.sigs}   |1 +
 ...ldb-util-1.1.10.sigs = pyldb-util-1.1.11.sigs} |0
 ...ldb-util-1.1.10.sigs = pyldb-util-1.1.12.sigs} |0
 lib/ldb/common/ldb.c   |   31 +++-
 lib/ldb/common/ldb_ldif.c  |   47 +-
 lib/ldb/common/ldb_modules.c   |   15 ++-
 lib/ldb/include/ldb_module.h   |4 +
 lib/ldb/include/ldb_private.h  |5 +
 lib/ldb/wscript|2 +-
 libcli/security/secdesc.c  |   10 +-
 selftest/knownfail |   68 +
 selftest/target/Samba4.pm  |   36 
 source3/libsmb/clifile.c   |2 +-
 source3/modules/gpfs.c |   16 ++-
 source3/modules/vfs_gpfs.c |   24 +++-