Re: [Samba] High load while printing a Word document
Alexander Busam schrieb: Hello! Sometimes I have problems printing a particular Word document on a Windows XP machine. The printing takes very long and the server load/CPU are very high. For testing I set the log level = 3 printdrivers:10 and got an STATUS_BUFFER_OVERFLOW error (see logfile-extract below) On the client side I use MS Office 2003 SP3 and Windows XP SP3. With Windows 7 all works fine. The postscript-driver of Lexmark X464 is configured as point-and-click. Samba 3.6.7 is configured as PDC on OpenSuSE 10.3. I've attached the log.smbd and smb.conf as zip-file. The word document is too big (272 kb). If it is needed for testing I can send directly. Probably the eps-part of the picture in the header of the word-document is the problem. Is it possible to config/fix samba to avoid this problem ? Thanks a lot. Alex extract of log.smbd: [2012/08/27 11:07:16.205463, 3] rpc_server/srv_pipe.c:1626(api_rpcTNP) api_rpcTNP: rpc command: SPOOLSS_ADDJOB [2012/08/27 11:07:16.205706, 3] smbd/error.c:81(error_packet_set) error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2012/08/27 11:07:16.208747, 3] smbd/process.c:1662(process_smb) Transaction 149 of length 63 (0 toread) [2012/08/27 11:07:16.208959, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 30185) conn 0x80936638 ... no idea ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba3 and Office 2010
Hi there people! I'd like someone to help me with samba shares and Office 2010. Whe a user opens a file from a share, msword or excel tells him that the file was got from internet and if you like to edit it you should push the button allow. How could I solve the issue from samba side? -- Andrey Grebennikov Saratov, Russia -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] join domain from different subnet (VPN)
Hello everybody, we have a problem joining a domain from a remote location. The remote location is connected via VPN. Everything is working as exspected but joining the samba domain from the remote location does not work. - Server Samba Version is 3.5.10 - Windows Client is XP SP3 - Joining the domain locally works without problems - ping does work in both directions - WINS is running on the local PDC and resolves across VPN (I tested with a Linux client using nbmlookup) - the WINS server is configured on the client - NetBIOS over TCP/IP is enabled on the client - Windows on the client firewall is OFF - even adding entries to the client's lmhosts file didn't solve the problem Any suggestions? thx Carsten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba - Can you please check the below questions and advise us accordingly?
[removing from development mailing-list] Hi Maria, On Wed, 29 Aug 2012 11:34:04 +0300 Maria Karamanli mkarama...@cognity.gr wrote: i navigated to http://ftp.samba.org/pub/samba/Binary_Packages/AIX/ (AIX is our server operating system) but there is not any installation file. How can i download this installation file? https://ftp.samba.org/pub/samba/Binary_Packages/AIX/README lists pware.hvcc.edu as a Samba AIX package provider. http://pware.hvcc.edu/ftpdownloads.html Cheers, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] join domain from different subnet (VPN)
Did you try a packet capture on the samba server? Try adding a entry for the XP machine in the server's /etc/hosts file. I am guessing there is some sort of weird name resolution issue going on with the server.I don't think there is any reason the server should need to resolve the name of the client machine but I have had weird issues with VPN connections before. This is a site-to-site VPN? On 08/30/12 05:34, real-men-dont-cl...@gmx.net wrote: Hello everybody, we have a problem joining a domain from a remote location. The remote location is connected via VPN. Everything is working as exspected but joining the samba domain from the remote location does not work. - Server Samba Version is 3.5.10 - Windows Client is XP SP3 - Joining the domain locally works without problems - ping does work in both directions - WINS is running on the local PDC and resolves across VPN (I tested with a Linux client using nbmlookup) - the WINS server is configured on the client - NetBIOS over TCP/IP is enabled on the client - Windows on the client firewall is OFF - even adding entries to the client's lmhosts file didn't solve the problem Any suggestions? thx Carsten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] join domain from different subnet (VPN)
Hi, I already tried that, no success. The VPN connects two subnets via OpenVPN with dedicated routers on each side. thx Carsten -Original message- To: samba@lists.samba.org; From: Gaiseric Vandal gaiseric.van...@gmail.com Sent: Thu 30-08-2012 14:58 Subject:Re: [Samba] join domain from different subnet (VPN) Did you try a packet capture on the samba server? Try adding a entry for the XP machine in the server's /etc/hosts file. I am guessing there is some sort of weird name resolution issue going on with the server.I don't think there is any reason the server should need to resolve the name of the client machine but I have had weird issues with VPN connections before. This is a site-to-site VPN? On 08/30/12 05:34, real-men-dont-cl...@gmx.net wrote: Hello everybody, we have a problem joining a domain from a remote location. The remote location is connected via VPN. Everything is working as exspected but joining the samba domain from the remote location does not work. - Server Samba Version is 3.5.10 - Windows Client is XP SP3 - Joining the domain locally works without problems - ping does work in both directions - WINS is running on the local PDC and resolves across VPN (I tested with a Linux client using nbmlookup) - the WINS server is configured on the client - NetBIOS over TCP/IP is enabled on the client - Windows on the client firewall is OFF - even adding entries to the client's lmhosts file didn't solve the problem Any suggestions? thx Carsten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] replication error?
On Wed, 29 Aug 2012, Steve Thompson wrote: On Wed, 29 Aug 2012, Steve Thompson wrote: More information. If I have two DC's, dc1 and dc2, and I point ldap_uri and krb5_server in sssd.conf directly at dc1, it always works. If I point either of those parameters at dc2, it always fails. Well, this was a red herring. Wait long enough (overnight) and it turns out that dc1 stops working as well (dc2 never works). This stuff is unusable. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] join domain from different subnet (VPN)
we had lot of problems with Wins and remote sites. be sure Wins traffic is passing. abosch - Original Message - From: real-men-dont-cl...@gmx.net To: samba@lists.samba.org, gaiseric vandal gaiseric.van...@gmail.com Sent: Thursday, August 30, 2012 3:21:06 PM Subject: Re: [Samba] join domain from different subnet (VPN) Hi, I already tried that, no success. The VPN connects two subnets via OpenVPN with dedicated routers on each side. thx Carsten -Original message- To: samba@lists.samba.org; From: Gaiseric Vandal gaiseric.van...@gmail.com Sent: Thu 30-08-2012 14:58 Subject: Re: [Samba] join domain from different subnet (VPN) Did you try a packet capture on the samba server? Try adding a entry for the XP machine in the server's /etc/hosts file. I am guessing there is some sort of weird name resolution issue going on with the server. I don't think there is any reason the server should need to resolve the name of the client machine but I have had weird issues with VPN connections before. This is a site-to-site VPN? On 08/30/12 05:34, real-men-dont-cl...@gmx.net wrote: Hello everybody, we have a problem joining a domain from a remote location. The remote location is connected via VPN. Everything is working as exspected but joining the samba domain from the remote location does not work. - Server Samba Version is 3.5.10 - Windows Client is XP SP3 - Joining the domain locally works without problems - ping does work in both directions - WINS is running on the local PDC and resolves across VPN (I tested with a Linux client using nbmlookup) - the WINS server is configured on the client - NetBIOS over TCP/IP is enabled on the client - Windows on the client firewall is OFF - even adding entries to the client's lmhosts file didn't solve the problem Any suggestions? thx Carsten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 kpasswd: refuses to change
hi after kpasswd paniced samba4 (debian wheezy packages, beta2) i've compiled the latest from git (Version 4.0.0beta8-GIT-5131359). It does not panic anymore but tells me the following: # kpasswd Password for user@TEST.DOMAIN: Enter new password: Enter it again: Password change rejected: Password must be at least 7 characters long, and cannot match any of your 24 previous passwords The new password hasn't been used before on this account. Complexety criteria are met too (otherwise it correctly fails and tells that they are not met). Is kpasswd supposed to work with samba4? - Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Centos 6.3 smbldap-tools installation issue
On Mon, Aug 27, 2012 at 8:31 AM, Alex Domoradov alex@gmail.com wrote: Hi. I got a fresh installation of centos 6.3 x64, I want to setup a PDC with samba+ldap and see what I need to upgrade my centos 5.x servers. I follow my manual, but I got issues went I want to install smbldap-tools, check: Processing Dependency: perl(Unicode::MapUTF8) for package: smbldap-tools-0.9.5-2.el6.rf.noarch -- Finished Dependency Resolution Error: Package: smbldap-tools-0.9.5-2.el6.rf.noarch (rpmforge) Requires: perl(Unicode::MapUTF8) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest I'm using rpmforge repo. Does someone here knows how to fix this issue? 0.9.5 it's too old. Try to use from EPEL # yum info smbldap-tools Available Packages Name: smbldap-tools Arch: noarch Version : 0.9.6 Release : 3.el6 Size: 309 k Repo: epel Summary : User and group administration tools for Samba/OpenLDAP URL : http://gna.org/projects/smbldap-tools/ License : GPLv2+ Description : In conjunction with OpenLDAP and Samba-LDAP servers, this collection is useful : to add, modify and delete users and groups, and to change Unix and Samba : passwords. In those contexts they replace the system tools to manage users, : groups and passwords. And you can also directly install from off site # yum install perl-Crypt-SmbHash perl-Digest-SHA perl-LDAP # rpm -ivh http://download.gna.org/smbldap-tools/packages/el6/smbldap-tools-0.9.8-1.el6.noarch.rpm Thanks Alex, looks that one was installed good, thanks again!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 kpasswd: refuses to change
Am Thu, 30 Aug 2012 13:45:50 + schrieb Thomas Mueller: # kpasswd Password for user@TEST.DOMAIN: Enter new password: Enter it again: Password change rejected: Password must be at least 7 characters long, and cannot match any of your 24 previous passwords OK, it's not a kpasswd problem. Changing the password from windows (ctrl - alt -del - change password) brings up the same message. - Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can't join Samba as DC to existing Win2k3 Domain
I downloaded and built Samba 4, and I'm at the step where I'm trying to add it to the domain and I'm getting a replication error when it's trying to do it's initial replication. bin/samba-tool domain join domain.coop DC -Uusername --realm=domain.coop Finding a writeable DC for domain 'domain.coop' Found DC DC.domain.coop Password for [DOMAIN\username]: workgroup is DOMAIN realm is domain.coop checking sAMAccountName Adding CN=SambaServer,OU=Domain Controllers,DC=domain,DC=coop Adding CN=SambaServer,CN=Servers,CN=SV,CN=Sites,CN=Configuration,DC=domain,DC=coop Adding CN=NTDS Settings,CN=SambaServer,CN=Servers,CN=SV,CN=Sites,CN=Configuration,DC=domain,DC= coop Adding SPNs to CN=SambaServer,OU=Domain Controllers,DC=domain,DC=coop Setting account password for SambaServer$ Enabling account Calling bare provision No IPv6 address will be assigned Provision OK for domain DN DC=domain,DC=coop Starting replication Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=coop] objects[402] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=coop] objects[804] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=coop] objects[1206] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=coop] objects[1376] linked_values[0] Analyze and apply schema objects Partition[CN=Configuration,DC=domain,DC=coop] objects[402] linked_values[0] Partition[CN=Configuration,DC=domain,DC=coop] objects[804] linked_values[0] Partition[CN=Configuration,DC=domain,DC=coop] objects[1206] linked_values[0] Partition[CN=Configuration,DC=domain,DC=coop] objects[1608] linked_values[55] Partition[CN=Configuration,DC=domain,DC=coop] objects[1650] linked_values[10] Replicating critical objects from the base DN of the domain Partition[DC=domain,DC=coop] objects[96] linked_values[20] Partition[DC=domain,DC=coop] objects[434] linked_values[64] Partition[DC=domain,DC=coop] objects[698] linked_values[37] Partition[DC=domain,DC=coop] objects[945] linked_values[20] Partition[DC=domain,DC=coop] objects[1130] linked_values[45] Refusing to replicate DC=TAPI3Directory\0ADEL:421d2b48-4a80-45e1-a921- b1700eb4daca,DC=domain,DC=coop from a read-only repilca into a read-write replica! Failed to convert object DC=TAPI3Directory\0ADEL:421d2b48-4a80-45e1-a921- b1700eb4daca,DC=domain,DC=coop: WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA Failed to convert objects: WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA Join failed - cleaning up checking sAMAccountName Deleted CN=SambaServer,OU=Domain Controllers,DC=domain,DC=coop Deleted CN=NTDS Settings,CN=SambaServer,CN=Servers,CN=SV,CN=Sites,CN=Configuration,DC=domain,DC= coop Deleted CN=SambaServer,CN=Servers,CN=SV,CN=Sites,CN=Configuration,DC=domain,DC=coop ERROR(type 'exceptions.TypeError'): uncaught exception - Failed to process chunk: NT code 0xc0002111 File bin/python/samba/netcmd/__init__.py, line 160, in _run return self.run(*args, **kwargs) File bin/python/samba/netcmd/domain.py, line 256, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File bin/python/samba/join.py, line 1079, in join_DC ctx.do_join() File bin/python/samba/join.py, line 984, in do_join ctx.join_replicate() File bin/python/samba/join.py, line 736, in join_replicate replica_flags=ctx.domain_replica_flags) File bin/python/samba/drs_utils.py, line 252, in replicate schema=schema, req_level=req_level, req=req) When I first got this I ran tapicfg on a windows DC and saw a TAPI3Directory partition. I deleted it and it didn't seem to help. I've also run ldp.exe, and tried to find it that way. As well as running repadmin /removelingeringobjects thinking it might just not have been fully deleted. Is this just having to wait for the tombstone lifetime of the deleted object to pass, or is there something I can do to fix this and get the replication working for the Samba 4 server I'm trying to setup. Thanks! Liam liam(dot)k(at)weaverstreetmarket(dot)coop -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 kpasswd: refuses to change
Am Thu, 30 Aug 2012 14:07:00 + schrieb Thomas Mueller: Am Thu, 30 Aug 2012 13:45:50 + schrieb Thomas Mueller: # kpasswd Password for user@TEST.DOMAIN: Enter new password: Enter it again: Password change rejected: Password must be at least 7 characters long, and cannot match any of your 24 previous passwords OK, it's not a kpasswd problem. Changing the password from windows (ctrl - alt -del - change password) brings up the same message. - Thomas and finally found the root cause: the default password policy is set to a minimal password age of 1 day - Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] join domain from different subnet (VPN)
Hi abosch, I checked with nblookup.exe from the cleint side. WINS resolution works without any problems. The DC as well as the client and the domain are resolved via WINS. ;-( thx Carsten -Original message- To: real-men-dont-cl...@gmx.net; CC: samba@lists.samba.org; gaiseric vandal gaiseric.van...@gmail.com; From: Angel Bosch abo...@cilma.net Sent: Thu 30-08-2012 15:27 Subject:Re: [Samba] join domain from different subnet (VPN) we had lot of problems with Wins and remote sites. be sure Wins traffic is passing. abosch From: real-men-dont-cl...@gmx.net To: samba@lists.samba.org, gaiseric vandal gaiseric.van...@gmail.com Sent: Thursday, August 30, 2012 3:21:06 PM Subject: Re: [Samba] join domain from different subnet (VPN) Hi, I already tried that, no success. The VPN connects two subnets via OpenVPN with dedicated routers on each side. thx Carsten -Original message- To:samba@lists.samba.org; From:Gaiseric Vandal gaiseric.van...@gmail.com Sent:Thu 30-08-2012 14:58 Subject:Re: [Samba] join domain from different subnet (VPN) Did you try a packet capture on the samba server? Try adding a entry for the XP machine in the server's /etc/hosts file. I am guessing there is some sort of weird name resolution issue going on with the server. I don't think there is any reason the server should need to resolve the name of the client machine but I have had weird issues with VPN connections before. This is a site-to-site VPN? On 08/30/12 05:34, real-men-dont-cl...@gmx.net wrote: Hello everybody, we have a problem joining a domain from a remote location. The remote location is connected via VPN. Everything is working as exspected but joining the samba domain from the remote location does not work. - Server Samba Version is 3.5.10 - Windows Client is XP SP3 - Joining the domain locally works without problems - ping does work in both directions - WINS is running on the local PDC and resolves across VPN (I tested with a Linux client using nbmlookup) - the WINS server is configured on the client - NetBIOS over TCP/IP is enabled on the client - Windows on the client firewall is OFF - even adding entries to the client's lmhosts file didn't solve the problem Any suggestions? thx Carsten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] join domain from different subnet (VPN)
Hi, I already tried that, no success. The VPN connects two subnets via OpenVPN with dedicated routers on each side. thx Carsten -Original message- To: samba@lists.samba.org; From: Gaiseric Vandal gaiseric.van...@gmail.com Sent: Thu 30-08-2012 14:58 Subject:Re: [Samba] join domain from different subnet (VPN) Did you try a packet capture on the samba server? Try adding a entry for the XP machine in the server's /etc/hosts file. I am guessing there is some sort of weird name resolution issue going on with the server.I don't think there is any reason the server should need to resolve the name of the client machine but I have had weird issues with VPN connections before. This is a site-to-site VPN? On 08/30/12 05:34, real-men-dont-cl...@gmx.net wrote: Hello everybody, we have a problem joining a domain from a remote location. The remote location is connected via VPN. Everything is working as exspected but joining the samba domain from the remote location does not work. - Server Samba Version is 3.5.10 - Windows Client is XP SP3 - Joining the domain locally works without problems - ping does work in both directions - WINS is running on the local PDC and resolves across VPN (I tested with a Linux client using nbmlookup) - the WINS server is configured on the client - NetBIOS over TCP/IP is enabled on the client - Windows on the client firewall is OFF - even adding entries to the client's lmhosts file didn't solve the problem Any suggestions? thx Carsten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] join domain from different subnet (VPN)
Do the routers block any ports or netbios traffic? Did you restrict the samba ports in smb.conf - samba I think listens by default on 137, 138, 139 + 445 . 445 is for SMB-over-ip, which isn't actually used by samba 3.x/ XP machines will try to connect to 445 then redirect to 137-139 for classic smb-over-NBT. Restricting the ports may cause more issues then it solves. I can't think of anything else that would cause issues with a routed environment. On 08/30/12 11:09, real-men-dont-cl...@gmx.net wrote: Hi, I already tried that, no success. The VPN connects two subnets via OpenVPN with dedicated routers on each side. thx Carsten -Original message- To: samba@lists.samba.org; From: Gaiseric Vandal gaiseric.van...@gmail.com Sent: Thu 30-08-2012 14:58 Subject: Re: [Samba] join domain from different subnet (VPN) Did you try a packet capture on the samba server? Try adding a entry for the XP machine in the server's /etc/hosts file. I am guessing there is some sort of weird name resolution issue going on with the server.I don't think there is any reason the server should need to resolve the name of the client machine but I have had weird issues with VPN connections before. This is a site-to-site VPN? On 08/30/12 05:34, real-men-dont-cl...@gmx.net wrote: Hello everybody, we have a problem joining a domain from a remote location. The remote location is connected via VPN. Everything is working as exspected but joining the samba domain from the remote location does not work. - Server Samba Version is 3.5.10 - Windows Client is XP SP3 - Joining the domain locally works without problems - ping does work in both directions - WINS is running on the local PDC and resolves across VPN (I tested with a Linux client using nbmlookup) - the WINS server is configured on the client - NetBIOS over TCP/IP is enabled on the client - Windows on the client firewall is OFF - even adding entries to the client's lmhosts file didn't solve the problem Any suggestions? thx Carsten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC: Admin tools?
I use apache directory studio for LDAP management. It is not samba specific but it is easy enough to use existing user, group or machine objects as templates for new ones. It runs on Windows and Linux (and maybe on Mac.) On 08/25/12 16:39, John Drescher wrote: On Sat, Aug 25, 2012 at 4:34 PM, Alberto Moreno ports...@gmail.com wrote: Guys. I have use smbldap-tools to handle my accounts for my PDC with samba+openldap. Now, I ask here because a lot of people have PDC running on their networks, what tools do u use to manage your openldap db for samba: users, machines, groups? Working with Centos 6.x. Any input will be appreciated, thanks!!! I use ldap account manager to manage my users / machines / group accounts. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC: Admin tools?
On 30/08/12 18:57, Gaiseric Vandal wrote: I use apache directory studio for LDAP management. It is not samba specific but it is easy enough to use existing user, group or machine objects as templates for new ones. It runs on Windows and Linux (and maybe on Mac.) On 08/25/12 16:39, John Drescher wrote: On Sat, Aug 25, 2012 at 4:34 PM, Alberto Moreno ports...@gmail.com wrote: Guys. I have use smbldap-tools to handle my accounts for my PDC with samba+openldap. Now, I ask here because a lot of people have PDC running on their networks, what tools do u use to manage your openldap db for samba: users, machines, groups? Working with Centos 6.x. Any input will be appreciated, thanks!!! I use ldap account manager to manage my users / machines / group accounts. John Hi openSUSE's yast has a really nice and little known frontend to LDAP which handles samba objects too. You can point and click your way through adding/deleting samba specific users and groups. It also has an LDAP browser similar to phpldapadmin. I'm not sure if Yast will fire up on Centos but may be worth a look. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] join domain from different subnet (VPN)
A post went by on this list not too long about using openvpn. https://lists.samba.org/archive/samba/2012-July/168209.html In that post, a quote from http://openvpn.net/index.php/open-source/faq/75-general/293-what-is-the-principle-behind-openvpn-tunnels.html indicates that running openvpn as a bridge will pass layer 2 traffic. Perhaps that will help in your situation... On Thu, 2012-08-30 at 15:21 +0200, real-men-dont-cl...@gmx.net wrote: Hi, I already tried that, no success. The VPN connects two subnets via OpenVPN with dedicated routers on each side. thx Carsten -Original message- To: samba@lists.samba.org; From: Gaiseric Vandal gaiseric.van...@gmail.com Sent: Thu 30-08-2012 14:58 Subject: Re: [Samba] join domain from different subnet (VPN) Did you try a packet capture on the samba server? Try adding a entry for the XP machine in the server's /etc/hosts file. I am guessing there is some sort of weird name resolution issue going on with the server.I don't think there is any reason the server should need to resolve the name of the client machine but I have had weird issues with VPN connections before. This is a site-to-site VPN? On 08/30/12 05:34, real-men-dont-cl...@gmx.net wrote: Hello everybody, we have a problem joining a domain from a remote location. The remote location is connected via VPN. Everything is working as exspected but joining the samba domain from the remote location does not work. - Server Samba Version is 3.5.10 - Windows Client is XP SP3 - Joining the domain locally works without problems - ping does work in both directions - WINS is running on the local PDC and resolves across VPN (I tested with a Linux client using nbmlookup) - the WINS server is configured on the client - NetBIOS over TCP/IP is enabled on the client - Windows on the client firewall is OFF - even adding entries to the client's lmhosts file didn't solve the problem Any suggestions? thx Carsten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] syntax of samba-tool to deal with SRV DNS record
On 8/30/12, Alain Foucher a.fouc...@cht.nc wrote: i try to use something like : samba-tool dns add smb4 domain.local_http._tcp.domain.local SRV tx4.domain.local 80 1 5 but i get this message Usage: samba-tool dns add server zone name A||PTR|CNAME|NS|MX|SRV|TXT data You've forgot quotes around data: samba-tool dns add smb4 domain.local_http._tcp.domain.local SRV tx4.domain.local 80 1 5 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba complie problem
hi all Samba build problem when compiling with --with-ads I have complid, kerberos and openldap in /opt/local/samba and I am using gcc with gnu binutils. Its a solaris 10 sparc. Configure gives me following error: - checking for LDAP support... yes checking ldap.h usability... yes checking ldap.h presence... yes checking for ldap.h... yes checking lber.h usability... yes checking lber.h presence... yes checking for lber.h... yes checking for ber_tag_t... yes checking for ber_scanf in -llber... yes checking for ber_sockbuf_add_io... yes checking for LDAP_OPT_SOCKBUF... yes checking for LBER_OPT_LOG_PRINT_FN... yes checking for ldap_init in -lldap... no checking for ldap_set_rebind_proc... no checking whether ldap_set_rebind_proc takes 3 arguments... 3 checking for ldap_initialize... no configure: error: libldap is needed for LDAP support Config.log output: - configure:25335: gcc -o conftest -I/opt/local/samba/include -I/opt/local/samba/include -D_REENTRANT -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/include -L/opt/local/samba/lib -R/opt/local/samba/lib -lthread -L./bin -L/usr/lib conftest.c -lldap -llber -lresolv -lrt-lnsl -lsocket -lmd5 -lrt -liconv 5 /usr/local/lib/gcc/sparc-sun-solaris2.10/3.4.6/../../../../sparc-sun-solaris2.10/bin/ld: /opt/local/samba/lib/libldap.so: dladdr: invalid version 12 (max 0) /opt/local/samba/lib/libldap.so: could not read symbols: Bad value I installed openldap in /opt/local/samba. # find /opt/local/samba -name libldap\* /opt/local/samba/lib/libldap_r.a /opt/local/samba/lib/libldap.so /opt/local/samba/lib/libldap.la /opt/local/samba/lib/libldap-2.4.so.2 /opt/local/samba/lib/libldap.a /opt/local/samba/lib/libldap_r.so /opt/local/samba/lib/libldap_r-2.4.so.2 /opt/local/samba/lib/libldap-2.4.so.2.8.4 /opt/local/samba/lib/libldap_r-2.4.so.2.8.4 /opt/local/samba/lib/libldap_r.la Thanks Nitin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba3 and Office 2010
On Thu, Aug 30, 2012 at 11:46:55AM +0400, Андрей Гребенников wrote: Hi there people! I'd like someone to help me with samba shares and Office 2010. Whe a user opens a file from a share, msword or excel tells him that the file was got from internet and if you like to edit it you should push the button allow. How could I solve the issue from samba side? It's almost certainly the alternate data stream with Internet Zone being required. Try using the streams_xattr module on the share. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permissions incorrectly ordered on Windows after disabling inheritance
On Wed, Aug 29, 2012 at 21:45:24, Jeremy Allison wrote: On Fri, Aug 24, 2012 at 11:08:53AM -0600, Walkes, Dan wrote: Hi everyone, I've noticed a problem with Debian wheezy + samba 3.6.6 configured with acl_xattr in my configuration. The following test sequence causes Windows Explorer to report incorrectly ordered permission entries: 1) Map a share as with admin user credentials to a drive letter on a Windows client 2) Create a folder at the root of the share rootfolder 3) Create a subfolder subfolder1 under rootfolder 4) Un-check Include inheritable permissions from this object's parent in the windows security settings dialog for Windows Explorer on the root folder 5) Create a subfolder subfolder2 under subfolder1 6) Right-click with Windows Explorer and attempt to edit the permissions of subfolder2. Windows Explorer pops up a message stating The permissions on subfolder2 are incorrectly ordered, which may cause some entries to be ineffective. FYI, the complete and correct fix for this ifor 3.6.next s now attached to bug : https://bugzilla.samba.org/show_bug.cgi?id=9124 as a patch. Please test (it fixes the problem here). Thanks for reporting this, the same code will go into master as soon as I've finished wrestling with autobuild :-). Thanks Jeremy. I've tested today. I can confirm it fixes the incorrect ordering issue and sequence 1-6 works for me. I can also confirm that after removing inheritance on a root folder from windows the I flag is set for all permissions on subfolders as expected. I did notice however that in my case if I never modify permissions or change permissions from Windows Explorer the I flag is still not set on inherited permissions, at least with my configuration. For instance if my share folder permissions are: smbcacls --user=K9\\tandberg //localhost/20120830_4 rootfolder/.. REVISION:1 CONTROL:0x8004 OWNER:BIZNAS-B2\nobody GROUP:Unix Group\root ACL:BIZNAS-B2\nobody:ALLOWED/0x0/FULL ACL:K9\domain users:ALLOWED/0x0/FULL ACL:Unix Group\%naslocal%:ALLOWED/0x0/FULL ACL:Unix Group\root:ALLOWED/0x0/FULL ACL:BIZNAS-B2\admin:ALLOWED/0x0/FULL ACL:Everyone:ALLOWED/0x0/ ACL:Creator Owner:ALLOWED/OI|CI|IO/RWXDPO ACL:Creator Group:ALLOWED/OI|CI|IO/RWXDPO ACL:Everyone:ALLOWED/OI|CI|IO/RWXDPO Each of my subfolders have permissions which look like this: smbcacls --user=K9\\tandberg //localhost/20120830_4 rootfolder REVISION:1 CONTROL:0x8004 OWNER:BIZNAS-B2\admin GROUP:BIZNAS-B2\None ACL:BIZNAS-B2\admin:ALLOWED/0x0/RWXDPO ACL:Creator Owner:ALLOWED/OI|CI|IO/RWXDPO ACL:BIZNAS-B2\None:ALLOWED/0x0/RWXDPO ACL:Creator Group:ALLOWED/OI|CI|IO/RWXDPO ACL:Everyone:ALLOWED/OI|CI/RWXDPO I would have expected the I flag to be set on Creator Owner, Creator Group and Everyone in this case since these permissions were inherited from the share folder. This is what I see with a Windows 7 file share. However, after I modify permissions on any folder in any way from windows explorer (even if I don't modify Creator Owner, Creator Group or Everyone), all inherited permissions on subfolders have the I flag set. This applies both to subfolders which existed before the change and for new subfolders created after I made the change from Windows Explorer. I don't see this behavior if I change from smbcacls, only if I change from Windows Explorer. If I use Windows Explorer to modify the permissions on the root folder in any way, all inherited permissions have the I flag set on all subfolders as I would expect. I'm not sure that missing the I flag is actually important as long as the permissions are inheriting and now that windows is no longer complaining about ordering. I just thought I would bring it up here in case it was related and in case you thought it was important. I can gather more data if you are interested... let me know Thanks again! Dan Cheers, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permissions incorrectly ordered on Windows after disabling inheritance
On Thu, Aug 30, 2012 at 05:09:10PM -0600, Walkes, Dan wrote: On Wed, Aug 29, 2012 at 21:45:24, Jeremy Allison wrote: On Fri, Aug 24, 2012 at 11:08:53AM -0600, Walkes, Dan wrote: Hi everyone, I've noticed a problem with Debian wheezy + samba 3.6.6 configured with acl_xattr in my configuration. The following test sequence causes Windows Explorer to report incorrectly ordered permission entries: 1)Map a share as with admin user credentials to a drive letter on a Windows client 2)Create a folder at the root of the share rootfolder 3)Create a subfolder subfolder1 under rootfolder 4)Un-check Include inheritable permissions from this object's parent in the windows security settings dialog for Windows Explorer on the root folder 5)Create a subfolder subfolder2 under subfolder1 6)Right-click with Windows Explorer and attempt to edit the permissions of subfolder2. Windows Explorer pops up a message stating The permissions on subfolder2 are incorrectly ordered, which may cause some entries to be ineffective. FYI, the complete and correct fix for this ifor 3.6.next s now attached to bug : https://bugzilla.samba.org/show_bug.cgi?id=9124 as a patch. Please test (it fixes the problem here). Thanks for reporting this, the same code will go into master as soon as I've finished wrestling with autobuild :-). Thanks Jeremy. I've tested today. I can confirm it fixes the incorrect ordering issue and sequence 1-6 works for me. I can also confirm that after removing inheritance on a root folder from windows the I flag is set for all permissions on subfolders as expected. I did notice however that in my case if I never modify permissions or change permissions from Windows Explorer the I flag is still not set on inherited permissions, at least with my configuration. Actually this is what you'd expect with a security descriptor type of : CONTROL:0x8004 (SEC_DESC_SELF_RELATIVE = 0x8000| SEC_DESC_DACL_PRESENT = 0x0004). On Windows you'll probably have : CONTROL:0x8404 (SEC_DESC_SELF_RELATIVE = 0x8000| SEC_DESC_DACL_AUTO_INHERITED= 0x0400| SEC_DESC_DACL_PRESENT = 0x0004). which explains the difference. If you set a security descriptor on rootfolder/ from the Windows client and end up with CONTROL:0x8404, then whenever you create subfolders/files below that you'll see the INHERITED bit (that's what the patch solves). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 kpasswd: refuses to change
On Thu, 2012-08-30 at 14:59 +, Thomas Mueller wrote: Am Thu, 30 Aug 2012 14:07:00 + schrieb Thomas Mueller: Am Thu, 30 Aug 2012 13:45:50 + schrieb Thomas Mueller: # kpasswd Password for user@TEST.DOMAIN: Enter new password: Enter it again: Password change rejected: Password must be at least 7 characters long, and cannot match any of your 24 previous passwords OK, it's not a kpasswd problem. Changing the password from windows (ctrl - alt -del - change password) brings up the same message. - Thomas and finally found the root cause: the default password policy is set to a minimal password age of 1 day Samba generates that message, so if you want to patch source4/kdc/kpasswd.c to give a better message, you would be most welcome. The restrictions are implemented in source4/dsdb/samdb/ldb_modules/password_hash.c. We could either try and send back a better string from there, or at least use the string sent back already (without the windows error code on the front). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] replication error?
On Thu, 2012-08-30 at 09:33 -0400, Steve Thompson wrote: On Wed, 29 Aug 2012, Steve Thompson wrote: On Wed, 29 Aug 2012, Steve Thompson wrote: More information. If I have two DC's, dc1 and dc2, and I point ldap_uri and krb5_server in sssd.conf directly at dc1, it always works. If I point either of those parameters at dc2, it always fails. Well, this was a red herring. Wait long enough (overnight) and it turns out that dc1 stops working as well (dc2 never works). This stuff is unusable. Does this configuration of SSSD work any differently against a windows domain? (Trial versions of windows server can be downloaded). These issues appear to be client-side (using the wrong ticket, or attempting to do krb5 against a name mapping to more than one server), but with so little detail it is hard to say with clarity. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Permissions incorrectly ordered on Windows after disabling inheritance
On Thu, Aug 30, 2012 at 17:52:08, Jeremy Allison wrote: On Thu, Aug 30, 2012 at 05:09:10PM -0600, Walkes, Dan wrote: On Wed, Aug 29, 2012 at 21:45:24, Jeremy Allison wrote: On Fri, Aug 24, 2012 at 11:08:53AM -0600, Walkes, Dan wrote: Hi everyone, I've noticed a problem with Debian wheezy + samba 3.6.6 configured with acl_xattr in my configuration. The following test sequence causes Windows Explorer to report incorrectly ordered permission entries: 1) Map a share as with admin user credentials to a drive letter on a Windows client 2) Create a folder at the root of the share rootfolder 3) Create a subfolder subfolder1 under rootfolder 4) Un-check Include inheritable permissions from this object's parent in the windows security settings dialog for Windows Explorer on the root folder 5) Create a subfolder subfolder2 under subfolder1 6) Right-click with Windows Explorer and attempt to edit the permissions of subfolder2. Windows Explorer pops up a message stating The permissions on subfolder2 are incorrectly ordered, which may cause some entries to be ineffective. FYI, the complete and correct fix for this ifor 3.6.next s now attached to bug : https://bugzilla.samba.org/show_bug.cgi?id=9124 as a patch. Please test (it fixes the problem here). Thanks for reporting this, the same code will go into master as soon as I've finished wrestling with autobuild :-). Thanks Jeremy. I've tested today. I can confirm it fixes the incorrect ordering issue and sequence 1-6 works for me. I can also confirm that after removing inheritance on a root folder from windows the I flag is set for all permissions on subfolders as expected. I did notice however that in my case if I never modify permissions or change permissions from Windows Explorer the I flag is still not set on inherited permissions, at least with my configuration. Actually this is what you'd expect with a security descriptor type of : CONTROL:0x8004 (SEC_DESC_SELF_RELATIVE = 0x8000| SEC_DESC_DACL_PRESENT = 0x0004). On Windows you'll probably have : CONTROL:0x8404 (SEC_DESC_SELF_RELATIVE = 0x8000| SEC_DESC_DACL_AUTO_INHERITED= 0x0400| SEC_DESC_DACL_PRESENT = 0x0004). which explains the difference. If you set a security descriptor on rootfolder/ from the Windows client and end up with CONTROL:0x8404, then whenever you create subfolders/files below that you'll see the INHERITED bit (that's what the patch solves). Jeremy. Yes this explains it. Thanks for your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 4050cc8 s3-printing: fix bug 9123 lprng job tracking errors from 0f14965 s3-smbd: Initialize the print backend after we setup winreg. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 4050cc8be25299514f7ebe609419f74aff8da423 Author: David Disseldorp dd...@samba.org Date: Tue Aug 28 18:58:24 2012 +0200 s3-printing: fix bug 9123 lprng job tracking errors The lprng printing back-end is truncating the print job filename in the lpq output, which means that Samba is not able to determine the back-end job ID for a newly submitted print job. Remove the unneeded spoolss job ID from the print job file name to ensure the job filename is not truncated. Also log these warnings at a higher log level. --- Summary of changes: source3/printing/print_generic.c |2 +- source3/printing/printing.c |3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/printing/print_generic.c b/source3/printing/print_generic.c index aac3892..7a7cd3b 100644 --- a/source3/printing/print_generic.c +++ b/source3/printing/print_generic.c @@ -288,7 +288,7 @@ static int generic_job_submit(int snum, struct printjob *pjob, ret = 0; } if (pjob-sysjob == -1) { - DEBUG(0, (failed to get sysjob for job %u (%s), tracking as + DEBUG(2, (failed to get sysjob for job %u (%s), tracking as Unix job\n, pjob-jobid, jobname)); } diff --git a/source3/printing/printing.c b/source3/printing/printing.c index aa5b41d..ba73918 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -2843,8 +2843,7 @@ static WERROR print_job_spool_file(int snum, uint32_t jobid, } slprintf(pjob-filename, sizeof(pjob-filename)-1, -%s/%s%.8u.XX, lp_pathname(snum), -PRINT_SPOOL_PREFIX, (unsigned int)jobid); +%s/%sXX, lp_pathname(snum), PRINT_SPOOL_PREFIX); pjob-fd = mkstemp(pjob-filename); if (pjob-fd == -1) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 2d1bf06 Bug #9058] Files not deleted, smbstatus shows Segmentation fault. from 4050cc8 s3-printing: fix bug 9123 lprng job tracking errors http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 2d1bf06f440c9607ee7b60e65ab33f70b9657770 Author: Jeremy Allison j...@samba.org Date: Wed Aug 22 11:05:19 2012 -0700 Bug #9058] Files not deleted, smbstatus shows Segmentation fault. Fix smbstatus code dump when a file entry has delete tokens. --- Summary of changes: source3/locking/locking.c | 42 -- 1 files changed, 16 insertions(+), 26 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/locking/locking.c b/source3/locking/locking.c index 11d1a85..4379847 100644 --- a/source3/locking/locking.c +++ b/source3/locking/locking.c @@ -1735,42 +1735,32 @@ struct forall_state { static int traverse_fn(struct db_record *rec, void *_state) { struct forall_state *state = (struct forall_state *)_state; - struct locking_data *data; - struct share_mode_entry *shares; - const char *sharepath; - const char *fname; - const char *del_tokens; - uint32_t total_del_token_size = 0; int i; + struct share_mode_lock *lck; /* Ensure this is a locking_key record. */ if (rec-key.dsize != sizeof(struct file_id)) return 0; - data = (struct locking_data *)rec-value.dptr; - shares = (struct share_mode_entry *)(rec-value.dptr + sizeof(*data)); - del_tokens = (const char *)rec-value.dptr + sizeof(*data) + - data-u.s.num_share_mode_entries*sizeof(*shares); - - for (i = 0; i data-u.s.num_delete_token_entries; i++) { - uint32_t del_token_size; - memcpy(del_token_size, del_tokens, sizeof(uint32_t)); - total_del_token_size += del_token_size; - del_tokens += del_token_size; + lck = TALLOC_ZERO_P(talloc_tos(), struct share_mode_lock); + if (lck == NULL) { + return 0; } - sharepath = (const char *)rec-value.dptr + sizeof(*data) + - data-u.s.num_share_mode_entries*sizeof(*shares) + - total_del_token_size; - fname = (const char *)rec-value.dptr + sizeof(*data) + - data-u.s.num_share_mode_entries*sizeof(*shares) + - total_del_token_size + - strlen(sharepath) + 1; + if (!parse_share_modes(rec-value, lck)) { + TALLOC_FREE(lck); + DEBUG(1, (parse_share_modes failed\n)); + return 0; + } - for (i=0;idata-u.s.num_share_mode_entries;i++) { - state-fn(shares[i], sharepath, fname, - state-private_data); + for (i=0; ilck-num_share_modes; i++) { + struct share_mode_entry *se = lck-share_modes[i]; + state-fn(se, + lck-servicepath, + lck-base_name, + state-private_data); } + TALLOC_FREE(lck); return 0; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 4f4a972 s3-smbd: Fix flooding the logs with records we don't find in pcap. from 2d1bf06 Bug #9058] Files not deleted, smbstatus shows Segmentation fault. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 4f4a972e277859a63b60a9bbaff094e00338aba9 Author: Andreas Schneider a...@samba.org Date: Tue Aug 28 14:17:22 2012 +0200 s3-smbd: Fix flooding the logs with records we don't find in pcap. Signed-off-by: Andreas Schneider a...@samba.org Fix bug #9112 - smbd.log is flooded by 'printer_list_get_printer: Failed to fetch record!'. --- Summary of changes: source3/smbd/server_reload.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/server_reload.c b/source3/smbd/server_reload.c index fd6dc1a..b88d994 100644 --- a/source3/smbd/server_reload.c +++ b/source3/smbd/server_reload.c @@ -80,7 +80,7 @@ void reload_printers(struct tevent_context *ev, pname = lp_printername(snum); /* check printer, but avoid removing non-autoloaded printers */ - if (!pcap_printername_ok(pname) lp_autoloaded(snum)) { + if (lp_autoloaded(snum) !pcap_printername_ok(pname)) { DEBUG(3, (removing stale printer %s\n, pname)); if (is_printer_published(session_info, session_info, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 02aacb1 s3:libsmb correctly set isFsctl for snapshot list from 4612092 selftest: Remove spoolss tests from knownfail. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 02aacb17d18f1bb47575b473a9468ff05403e67c Author: Christian Ambach a...@samba.org Date: Thu Aug 30 16:43:33 2012 +0200 s3:libsmb correctly set isFsctl for snapshot list FSCTL_GET_SHADOW_COPY_DATA is a FSCTL, so set the isFsctl marker otherwise smbclient allinfo will not report snapshots any more with the changes made for Bug #8311 Autobuild-User(master): Christian Ambach a...@samba.org Autobuild-Date(master): Thu Aug 30 18:57:24 CEST 2012 on sn-devel-104 --- Summary of changes: source3/libsmb/clifile.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c index 1ee7fff..ca9b867 100644 --- a/source3/libsmb/clifile.c +++ b/source3/libsmb/clifile.c @@ -5490,7 +5490,7 @@ struct tevent_req *cli_shadow_copy_data_send(TALLOC_CTX *mem_ctx, SIVAL(state-setup + 0, 0, FSCTL_GET_SHADOW_COPY_DATA); SSVAL(state-setup + 2, 0, fnum); - SCVAL(state-setup + 3, 0, 0); /* isFsctl */ + SCVAL(state-setup + 3, 0, 1); /* isFsctl */ SCVAL(state-setup + 3, 1, 0); /* compfilter, isFlags (WSSP) */ subreq = cli_trans_send( -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4ff4466 The NTVFS server doesn't pass the SMB1 INHERITFLAGS test. via 7c4ae72 Now ACL inheritance flags are working, add test_inheritance_flags() back into raw.acls to ensure we don't regress. via da670e4 With the inheritance ACL changes we now pass samba3.smb2.acls.INHERITFLAGS. via cf29863 Fix bug #9124 - Samba fails to set inherited bit on inherited ACE's. via 3d34406 Windows does canonicalization of inheritance bits. Do the same. via 795920c Change the other two places where we set a security descriptor given by the client to got through set_sd(), the canonicalize sd function. via 70ebf1d Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL canonicalization. via 8c84ece Rename set_sd() to set_sd_blob() - this describes what it does. from 02aacb1 s3:libsmb correctly set isFsctl for snapshot list http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4ff446636a40ca27105033fc52db5313cb7fc85a Author: Jeremy Allison j...@samba.org Date: Thu Aug 30 08:45:43 2012 -0700 The NTVFS server doesn't pass the SMB1 INHERITFLAGS test. Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Thu Aug 30 21:38:02 CEST 2012 on sn-devel-104 commit 7c4ae7285152777410c31a429ea590501b1c1fe8 Author: Jeremy Allison j...@samba.org Date: Wed Aug 29 15:18:19 2012 -0700 Now ACL inheritance flags are working, add test_inheritance_flags() back into raw.acls to ensure we don't regress. commit da670e4830ab487c1f56efbea90b1cf33247938c Author: Jeremy Allison j...@samba.org Date: Wed Aug 29 14:22:33 2012 -0700 With the inheritance ACL changes we now pass samba3.smb2.acls.INHERITFLAGS. commit cf29863c69b36224564c27ef1610010b943857c0 Author: Jeremy Allison j...@samba.org Date: Wed Aug 29 13:44:57 2012 -0700 Fix bug #9124 - Samba fails to set inherited bit on inherited ACE's. Change se_create_child_secdesc() to handle inheritance correctly. commit 3d34406c7bd70576b1705e98b4b3901ac75537c9 Author: Jeremy Allison j...@samba.org Date: Wed Aug 29 13:40:29 2012 -0700 Windows does canonicalization of inheritance bits. Do the same. We need to filter out the SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set when an ACE is inherited. Otherwise we zero these bits out. See: http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/11f77b68-731e-407d-b1b3-064750716531 for details. commit 795920cf4a25ab4ea061d5620b19ba27884921dd Author: Jeremy Allison j...@samba.org Date: Wed Aug 29 13:37:51 2012 -0700 Change the other two places where we set a security descriptor given by the client to got through set_sd(), the canonicalize sd function. commit 70ebf1da67e30b585543ffe55a6d7c9da6023138 Author: Jeremy Allison j...@samba.org Date: Wed Aug 29 13:29:34 2012 -0700 Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL canonicalization. commit 8c84ecef89dfbfd2cd76b92272fbd32fb13d00b8 Author: Jeremy Allison j...@samba.org Date: Wed Aug 29 13:23:06 2012 -0700 Rename set_sd() to set_sd_blob() - this describes what it does. --- Summary of changes: libcli/security/secdesc.c | 10 +++- selftest/knownfail|2 +- source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 21 + source3/smbd/nttrans.c| 73 +++- source3/smbd/open.c |6 +-- source3/smbd/proto.h |4 +- source3/smbd/smb2_setinfo.c |2 +- source4/torture/raw/acls.c| 15 -- 8 files changed, 84 insertions(+), 49 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/security/secdesc.c b/libcli/security/secdesc.c index 84128e4..a3db1b6 100644 --- a/libcli/security/secdesc.c +++ b/libcli/security/secdesc.c @@ -571,6 +571,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, struct security_acl *new_dacl = NULL, *the_acl = NULL; struct security_ace *new_ace_list = NULL; unsigned int new_ace_list_ndx = 0, i; + bool set_inherited_flags = (parent_ctr-type SEC_DESC_DACL_AUTO_INHERITED); TALLOC_CTX *frame; @@ -637,7 +638,8 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, /* First add the regular ACE entry. */ init_sec_ace(new_ace, ptrustee, ace-type, - ace-access_mask, 0); + ace-access_mask, + set_inherited_flags ? SEC_ACE_FLAG_INHERITED_ACE
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a3b67e5 VERSION: Move on to beta9 via 524876a VERSION: Mark as the beta8 release via 757df37 WHATSNEW: prepare for 4.0 beta8 from 4ff4466 The NTVFS server doesn't pass the SMB1 INHERITFLAGS test. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a3b67e5299e9d975b7216e398311420a9524f926 Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 31 08:34:03 2012 +1000 VERSION: Move on to beta9 We home beta8 will be the last beta, but to avoid confusion and allow more releases if required I won't mark it as rc1 until the actual release candidate. Andrew Bartlett Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Aug 31 02:07:23 CEST 2012 on sn-devel-104 commit 524876aa511b3a034c324df9025f693a24842bca Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 31 08:32:15 2012 +1000 VERSION: Mark as the beta8 release commit 757df37e7099fe29e6af728fccbd15ebd82e6ffd Author: Andrew Bartlett abart...@samba.org Date: Fri Aug 31 08:31:45 2012 +1000 WHATSNEW: prepare for 4.0 beta8 --- Summary of changes: VERSION |2 +- WHATSNEW.txt | 65 ++--- 2 files changed, 31 insertions(+), 36 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 14c0561..fa77135 100644 --- a/VERSION +++ b/VERSION @@ -67,7 +67,7 @@ SAMBA_VERSION_ALPHA_RELEASE= # e.g. SAMBA_VERSION_BETA_RELEASE=1# # - 4.0.0beta1# -SAMBA_VERSION_BETA_RELEASE=8 +SAMBA_VERSION_BETA_RELEASE=9 # For 'pre' releases the version will be # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index d9f2333..4b1f0fe 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,4 +1,4 @@ -What's new in Samba 4.0 beta7 +What's new in Samba 4.0 beta8 = Samba 4.0 will be the next version of the Samba suite and incorporates @@ -11,7 +11,7 @@ and above. WARNINGS -Samba 4.0 beta7 is not a final Samba release, however we are now making +Samba 4.0 beta8 is not a final Samba release, however we are now making good progress towards a Samba 4.0 release. However, this is expected to be the last beta release before we start on our release candidate series. @@ -77,7 +77,7 @@ the longer term. For pure file server work, the binaries users would expect from that series (nmbd, winbindd, smbpasswd) continue to be available. When running an AD DC, you only need to run 'samba' (not -nmbd/smbd/winbind), as the required services are co-ordinated by this +nmbd/smbd/winbind), as the required services are co-coordinated by this master binary. As DNS is an integral part of Active Directory, we also provide a DNS @@ -98,56 +98,51 @@ Python programs to interface to Samba's internals, and many tools and internal workings of the DC code is now implemented in python. -CHANGES SINCE beta6 +CHANGES SINCE beta7 = -For a list of changes since beta6, please see the git log. +For a list of changes since beta7, please see the git log. $ git clone git://git.samba.org/samba.git $ cd samba.git -$ git log samba-4.0.0beta6..samba-4.0.0beta7 +$ git log samba-4.0.0beta7..samba-4.0.0beta8 Some major user-visible changes include: -- ACLs are now set during provision at the POSIX layer for the sysvol - share. This allows group policies to be modified by Domain - Administrators (Policy Administrators) that are not the actual - Administrator user. +- A fix for a segfault/abort on startup of the 'samba' binary in the + credentials_secrets code. -- A number of verified fixes for expanding memory use across the AD - domain controller, including in the Bind9 DLZ module. +- A fix for samba-tool classicupgrade of pdb_ldap-based domains -- A fix for bug #9097 (the winbind in the AD DC would lock up under - parallel requests). +- A fix for samba-tool domain exportkeyab only exporting DES keys -- wbinfo --ping-dc now returns helpful information on what failed and - against which DC it failed +- Printing is now enabled on the AD DC -- SMB3 encryption support +- Fix bug #9124 - Samba fails to set inherited bit on inherited ACE's. -- New 'samba-tool ntacl' commands: - - samba-tool ntacl sysvolreset - - samba-tool ntacl sysvolcheck +- We now avoid printing secret attributes (such as unicodePwd and + suppliementalCredentials) in ldb trace logs -Less visible, but important changes under the hood include: +- s3-printing: fix bug 9123 lprng job tracking errors -- Continued work to support SMB2 and SMB3 - -- Continued work to use async IO to
[SCM] Samba Shared Repository - annotated tag samba-4.0.0beta8 created
The annotated tag, samba-4.0.0beta8 has been created at a7b9327dd48793eca878588e43ee8f06f7fa8dbe (tag) tagging 524876aa511b3a034c324df9025f693a24842bca (commit) replaces ldb-1.1.11 tagged by Andrew Bartlett on Fri Aug 31 11:43:39 2012 +1000 - Log - samba4: tag release samba-4.0.0beta8 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIVAwUAUEAWy2jGT3QfUnJfAQKgsA/+JX2BzrA2QULHwKS0IpVteL8YsmILnN20 oSSPp3tMgBwuOBzK1/17KOns2LH0CZul/n0FhZQxv8I8BVP+ZWu5ysNHZcnBu1uW pbj9T6fz4D0Mv4n+7Y+JcuXmpqorm7INi+zdxes3cZMBefnkhNnGLki/u3F7mTSa usZDXvmKwQA0siOtmMs2GeQFUKKgHHUH/6sVGHTNZxaMGtIA8YMSVoLccLSMElH1 jnWL3wmIvbrHrBHakn594EKbb2NR37bNBc7zfTtwcNoozCpZ+/h75+TCQYOmF7M2 nORa5e5ueMg9SSqFgpwQfEBq/6cCUB2Ep2GykfpXj7WEBzDghv4FYIpCrRXxkcAb R7C3wXbiYi620IAu8AWbdsAjrlxz1VD3fhBvZfFzzO5ApuY30EOFC7OZlwnmwlUz ARJz2ZE5V2NGogclfRGkcBt+414caaohGESlYuAW5d3KN4UmLfJ7VYaLV0z09AV0 eo6L6jqJN/dpjnvV+giGsMtDRDRkF8BY1ZOFd2i+evqZD4b9Nxg04tyhsAaO1x8Y 0APGqybsYKSAJtFnb+iORepkMrGbLBu6ib7JoboP/nAUSTZHXn6YlHv99SMzIGdJ 4qJJhWiLJZ5aHMfDqFfxdG6WUtXxfMX6m1Xo85jo+PGYZChhqHScr43YcKngUt+1 uZ2KVxcbdMM= =52Ul -END PGP SIGNATURE- Andreas Schneider (6): s3-smbd: Fix flooding the logs with records we don't find in pcap. libkrb5: Fix build with MIT Kerberos. selftest: Define the log directory for s3fs. file_server: Fix spoolss support with s3fs. selftest: Add missing printing options for plugin_s4_dc. selftest: Remove spoolss tests from knownfail. Andrew Bartlett (14): s3-classicupgrade: Fix import from ldap auth/credentials: Avoid double-free in the failure case selftest: Add a test for smbclient --machine-pass without secrets.tdb auth/credentials: Improve memory handling in cli_credentials_set_machine_account auth/credentials: Better integrate fetch of secrets.tdb and secrets.ldb records auth/credentials: Remove unused, and un-declared cli_credentials_set_krbtgt() lib/ldb: Avoid printing secret attributes in ldb trace logs s4-dsdb: Avoid printing secret attributes in ldb trace logs s4-libnet: Fix passing samba_all_enctypes as a fn rather than the encrypt array it returns lib/krb4_wrap: Add const to kt_copy_one_principal s4-torture: Add start of a test to confirm winbindd PAC parsing auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds() WHATSNEW: prepare for 4.0 beta8 VERSION: Mark as the beta8 release Björn Jacke (1): vfs_media_harmony: fix some compile warnings with llvm Christian Ambach (1): s3:libsmb correctly set isFsctl for snapshot list Christof Schmitt (1): s3:vfs_gpfs: Use directory not file to get fileset id David Disseldorp (1): s3-printing: fix bug 9123 lprng job tracking errors Jeremy Allison (8): Rename set_sd() to set_sd_blob() - this describes what it does. Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL canonicalization. Change the other two places where we set a security descriptor given by the client to got through set_sd(), Windows does canonicalization of inheritance bits. Do the same. Fix bug #9124 - Samba fails to set inherited bit on inherited ACE's. With the inheritance ACL changes we now pass samba3.smb2.acls.INHERITFLAGS. Now ACL inheritance flags are working, add test_inheritance_flags() back into raw.acls to ensure we don't regress. The NTVFS server doesn't pass the SMB1 INHERITFLAGS test. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 524876a VERSION: Mark as the beta8 release via 757df37 WHATSNEW: prepare for 4.0 beta8 via 4ff4466 The NTVFS server doesn't pass the SMB1 INHERITFLAGS test. via 7c4ae72 Now ACL inheritance flags are working, add test_inheritance_flags() back into raw.acls to ensure we don't regress. via da670e4 With the inheritance ACL changes we now pass samba3.smb2.acls.INHERITFLAGS. via cf29863 Fix bug #9124 - Samba fails to set inherited bit on inherited ACE's. via 3d34406 Windows does canonicalization of inheritance bits. Do the same. via 795920c Change the other two places where we set a security descriptor given by the client to got through set_sd(), the canonicalize sd function. via 70ebf1d Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL canonicalization. via 8c84ece Rename set_sd() to set_sd_blob() - this describes what it does. via 02aacb1 s3:libsmb correctly set isFsctl for snapshot list via 4612092 selftest: Remove spoolss tests from knownfail. via 20cfa38 selftest: Add missing printing options for plugin_s4_dc. via fb917eb file_server: Fix spoolss support with s3fs. via bf36462 selftest: Define the log directory for s3fs. via 5131359 auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds() via a58bf44 s4-torture: Add start of a test to confirm winbindd PAC parsing via fe36bb4 lib/krb4_wrap: Add const to kt_copy_one_principal via 6678907 s3:vfs_gpfs: Use directory not file to get fileset id via f31d0d0 vfs_media_harmony: fix some compile warnings with llvm via fb15e5a s3-printing: fix bug 9123 lprng job tracking errors via 24356f3 libkrb5: Fix build with MIT Kerberos. via e39cce4 s4-libnet: Fix passing samba_all_enctypes as a fn rather than the encrypt array it returns via 5d96498 s4-dsdb: Avoid printing secret attributes in ldb trace logs via 395b8e4 lib/ldb: Avoid printing secret attributes in ldb trace logs via 17337cf auth/credentials: Remove unused, and un-declared cli_credentials_set_krbtgt() via beafdd6 auth/credentials: Better integrate fetch of secrets.tdb and secrets.ldb records via a0e4bdc auth/credentials: Improve memory handling in cli_credentials_set_machine_account via 3a303ae5 selftest: Add a test for smbclient --machine-pass without secrets.tdb via bcc29f9 auth/credentials: Avoid double-free in the failure case via ba862f4 s3-smbd: Fix flooding the logs with records we don't find in pcap. via 9e441c4 s3-classicupgrade: Fix import from ldap via dd21bb0 lib/ldb: Bump ldb version to 1.1.11 via dc8d29c s3-vfs: Indicate the symlink destination when failing check_reduced_name via f2ccff7 s3-vfs: Try to be consistent about localtime vs GMT handling in vfs_shadow_copy2 via de20958 s3-vfs_shadow_copy2: Also accept a sscanf result via 11a5646 VERSION: Move on to beta8 from c41894c VERSION: Mark as the beta7 release http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - --- Summary of changes: VERSION|2 +- WHATSNEW.txt | 65 auth/credentials/credentials_krb5.c| 11 +- auth/credentials/credentials_secrets.c | 168 ++-- file_server/file_server.c |2 +- lib/krb5_wrap/enctype_convert.c| 12 +- lib/krb5_wrap/keytab_util.c|2 +- lib/krb5_wrap/krb5_samba.h |2 +- lib/ldb-samba/ldif_handlers.c |8 + lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.11.sigs} |0 lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.12.sigs} |1 + ...ldb-util-1.1.10.sigs = pyldb-util-1.1.11.sigs} |0 ...ldb-util-1.1.10.sigs = pyldb-util-1.1.12.sigs} |0 lib/ldb/common/ldb.c | 31 +++- lib/ldb/common/ldb_ldif.c | 47 +- lib/ldb/common/ldb_modules.c | 15 ++- lib/ldb/include/ldb_module.h |4 + lib/ldb/include/ldb_private.h |5 + lib/ldb/wscript|2 +- libcli/security/secdesc.c | 10 +- selftest/knownfail | 68 + selftest/target/Samba4.pm | 36 source3/libsmb/clifile.c |2 +- source3/modules/gpfs.c | 16 ++- source3/modules/vfs_gpfs.c | 24 +++-
[SCM] Samba Shared Repository - branch v4-0-stable updated
The branch, v4-0-stable has been updated via 524876a VERSION: Mark as the beta8 release via 757df37 WHATSNEW: prepare for 4.0 beta8 via 4ff4466 The NTVFS server doesn't pass the SMB1 INHERITFLAGS test. via 7c4ae72 Now ACL inheritance flags are working, add test_inheritance_flags() back into raw.acls to ensure we don't regress. via da670e4 With the inheritance ACL changes we now pass samba3.smb2.acls.INHERITFLAGS. via cf29863 Fix bug #9124 - Samba fails to set inherited bit on inherited ACE's. via 3d34406 Windows does canonicalization of inheritance bits. Do the same. via 795920c Change the other two places where we set a security descriptor given by the client to got through set_sd(), the canonicalize sd function. via 70ebf1d Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL canonicalization. via 8c84ece Rename set_sd() to set_sd_blob() - this describes what it does. via 02aacb1 s3:libsmb correctly set isFsctl for snapshot list via 4612092 selftest: Remove spoolss tests from knownfail. via 20cfa38 selftest: Add missing printing options for plugin_s4_dc. via fb917eb file_server: Fix spoolss support with s3fs. via bf36462 selftest: Define the log directory for s3fs. via 5131359 auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds() via a58bf44 s4-torture: Add start of a test to confirm winbindd PAC parsing via fe36bb4 lib/krb4_wrap: Add const to kt_copy_one_principal via 6678907 s3:vfs_gpfs: Use directory not file to get fileset id via f31d0d0 vfs_media_harmony: fix some compile warnings with llvm via fb15e5a s3-printing: fix bug 9123 lprng job tracking errors via 24356f3 libkrb5: Fix build with MIT Kerberos. via e39cce4 s4-libnet: Fix passing samba_all_enctypes as a fn rather than the encrypt array it returns via 5d96498 s4-dsdb: Avoid printing secret attributes in ldb trace logs via 395b8e4 lib/ldb: Avoid printing secret attributes in ldb trace logs via 17337cf auth/credentials: Remove unused, and un-declared cli_credentials_set_krbtgt() via beafdd6 auth/credentials: Better integrate fetch of secrets.tdb and secrets.ldb records via a0e4bdc auth/credentials: Improve memory handling in cli_credentials_set_machine_account via 3a303ae5 selftest: Add a test for smbclient --machine-pass without secrets.tdb via bcc29f9 auth/credentials: Avoid double-free in the failure case via ba862f4 s3-smbd: Fix flooding the logs with records we don't find in pcap. via 9e441c4 s3-classicupgrade: Fix import from ldap via dd21bb0 lib/ldb: Bump ldb version to 1.1.11 via dc8d29c s3-vfs: Indicate the symlink destination when failing check_reduced_name via f2ccff7 s3-vfs: Try to be consistent about localtime vs GMT handling in vfs_shadow_copy2 via de20958 s3-vfs_shadow_copy2: Also accept a sscanf result via 11a5646 VERSION: Move on to beta8 from c41894c VERSION: Mark as the beta7 release http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-stable - Log - --- Summary of changes: VERSION|2 +- WHATSNEW.txt | 65 auth/credentials/credentials_krb5.c| 11 +- auth/credentials/credentials_secrets.c | 168 ++-- file_server/file_server.c |2 +- lib/krb5_wrap/enctype_convert.c| 12 +- lib/krb5_wrap/keytab_util.c|2 +- lib/krb5_wrap/krb5_samba.h |2 +- lib/ldb-samba/ldif_handlers.c |8 + lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.11.sigs} |0 lib/ldb/ABI/{ldb-1.1.10.sigs = ldb-1.1.12.sigs} |1 + ...ldb-util-1.1.10.sigs = pyldb-util-1.1.11.sigs} |0 ...ldb-util-1.1.10.sigs = pyldb-util-1.1.12.sigs} |0 lib/ldb/common/ldb.c | 31 +++- lib/ldb/common/ldb_ldif.c | 47 +- lib/ldb/common/ldb_modules.c | 15 ++- lib/ldb/include/ldb_module.h |4 + lib/ldb/include/ldb_private.h |5 + lib/ldb/wscript|2 +- libcli/security/secdesc.c | 10 +- selftest/knownfail | 68 + selftest/target/Samba4.pm | 36 source3/libsmb/clifile.c |2 +- source3/modules/gpfs.c | 16 ++- source3/modules/vfs_gpfs.c | 24 +++-