[Samba] config a share named Global, not global
Hello, in my network I have on every (Windows) Client a share named Global (with a capital first letter G, not g) I tried to do this with samba, but it doesn't work. How can I config such a share name Global? Think it is a problem, because of the global config at the top of the smb.conf file, but the share should be Global not global Does anybody knows how to solve such a problem? T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 logging
On Thu, 2012-11-15 at 23:31 -0600, Kristofer wrote: --Apple-Mail=_1D7237A3-73B1-4E61-9DEC-71E2FE1742EB Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Does Samba 4 provide any logging as far as who authenticated from where, = similar to how Windows AD servers log it to the security event log? Not at this point, sorry. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba domain member losing membership
On Fri, 2012-11-16 at 15:49 +1030, Andrew Galdes wrote: Hello all, I've recently posted here for help with a Samba domain member system which seems to lose it's domain membership. I want to discuss it a little more. I have more information. I'm after comments and suggestions for troubleshooting. Also, i say loses membership but i don't really know if it has lost it. Just doesn't work anymore until i re-join the Samba system to the domain. I have noticed this behaviour with two sites (installations) now. Both are CentOS systems with Samba versions as follows: samba-*-3.5.10-125.el6.x86_64 samba-*-3.5.10-115.el6_2.x86_64 I successfully join these systems to Active Directory domains (2008 r2 DC's) using the following command. The system can then do as i need and wbinfo works: net join -U Administrator%MyPass After some time the Samba servers will stop functioning as expected and users will get 'access denied' errors. wbinfo stops working. Some error messages: LOG FILE: /var/log/samba/log.wb-MYDOM [2012/11/12 13:20:43.338947, 0] libsmb/cliconnect.c:1052(cli_session_setup_spnego) Kinit failed: Preauthentication failed [2012/11/12 13:20:43.459457, 2] winbindd/winbindd_pam.c:2121(winbindd_dual_pam_auth_crap) NTLM CRAP authentication for user [MYDOM]\[myuser] returned NT_STATUS_ACCESS_DENIED (PAM: 4) Notice Kinit in the above error. I have not configured Kerberos at this point. I have not identified consistent time intervals for these 'drop-outs'. I have not updated (YUM) these systems between the joining and dropping from the domains. What might cause this? What causes this is that when we change our domain membership password, and the connection to the DC we change against times out. There is a patch in later releases for this (gives a longer timeout). The issue is, this takes longer than we allow, so we think it failed, but it actually succeed, and so we loose our membership. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Additional Zones with Samba4 DNS
Hi, yes I use internal DNS not bind. how do you want me to check the DNS? I am able to resolve host normally, when a new client join the domain the DNS is updated properly as well. yes the the machine running the DNS tool is properly logged in the domain with domain Administrator username. When I try to connect, it just says it cannot connect to DNS server. but when I try to monitor/test that DNS server with dns tool, I see that reverse dns is working, but simple dns test fails. Best Regards, Innocent. De : Michael Hildenbrand michael.hildenbr...@visualimg.de À : samba@lists.samba.org Envoyé le : Vendredi 16 novembre 2012 10h21 Objet : Re: [Samba] Additional Zones with Samba4 DNS Hi, config file smb.conf is quite unimportant for DNS. Do you use internal Samba DNS, not bind, and did you check your DNS ? Is your user who uses the DNS tool from MS in the domain and in the domain logged on? Without a logged on Domain User with Admin Rights your are not able to connect to the DNS Server. What error message do you get? Von: Innocent Yevide [mailto:inye...@yahoo.fr] Gesendet: Donnerstag, 15. November 2012 23:39 An: Michael Hildenbrand Betreff: Re: [Samba] Additional Zones with Samba4 DNS Hi Michael, I also have samba4 rc5 installed but cannot connect to the internal dns with MS DNS tool. could u please share your config file with me? perhaps I am missing something. Regards, Inno. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] config a share named Global, not global
On Fri, 2012-11-16 at 00:52 +0100, Thomas Jung wrote: Hello, in my network I have on every (Windows) Client a share named Global (with a capital first letter G, not g) I tried to do this with samba, but it doesn't work. How can I config such a share name Global? Think it is a problem, because of the global config at the top of the smb.conf file, but the share should be Global not global Does anybody knows how to solve such a problem? Find and change: #define GLOBAL_NAME global #define GLOBAL_NAME2 global to whatever you need to change it to. The header file it is in for 4.0 rc is lib/param/loadparm.h, but it's probably in source3/include/local.h in 3.x releases. However, doing so makes it very difficult for whoever has the job of supporting the result, so make sure you *document* it very clearly for whoever comes after you, or has to provide emergency support. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] grant windows group share permission
Hello i like to give a windows group (W2K3-AD) permissions to use a share read/write on a Samba domain member server. Therefore if have added the Samba server to the domain without problem and created a share like this: [bild] comment = Some Comment path = /data/bild admin users = root force user = smbuser force group = sambashare valid users = DOMAIN\w-user1 @DOMAIN\w-group1 guest ok = no read only = no writeable = yes browseable = yes The windows domain user w-user1 work as it should, but no member of the windows group w-group1 can access the share. If have also tried mapping the windows group to the Unix group sambashare with username map but always get access denied eg. asked for a windows user. Can please someone give a hint how to grant access for a windows group without adding/removing the members to a Unix group? Many Thanks Andi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] grant windows group share permission
It's easiest to tell samba to allow everyone access to the share, and use ACL's on the Linux filesystem to restrict access. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of lst_ho...@kwsoft.de Sent: Friday, November 16, 2012 8:55 AM To: samba@lists.samba.org Subject: [Samba] grant windows group share permission Hello i like to give a windows group (W2K3-AD) permissions to use a share read/write on a Samba domain member server. Therefore if have added the Samba server to the domain without problem and created a share like this: [bild] comment = Some Comment path = /data/bild admin users = root force user = smbuser force group = sambashare valid users = DOMAIN\w-user1 @DOMAIN\w-group1 guest ok = no read only = no writeable = yes browseable = yes The windows domain user w-user1 work as it should, but no member of the windows group w-group1 can access the share. If have also tried mapping the windows group to the Unix group sambashare with username map but always get access denied eg. asked for a windows user. Can please someone give a hint how to grant access for a windows group without adding/removing the members to a Unix group? Many Thanks Andi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] grant windows group share permission
Zitat von Baird, Josh jba...@follett.com: It's easiest to tell samba to allow everyone access to the share, and use ACL's on the Linux filesystem to restrict access. My intention was to not mess around on the Unix side as much as possible therefore the idea to limit share access by windows group and force/user group on the unix side. Is this even possible? With limiting by filesystem how do i map the windows group to the unix group without doubling users? Should i go for username map or with winbind mappings? Thanks Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] help
Is this samba 3.x Samba 3.x domains and domain controllers function like Windows NT4 domains. They are not like Windows 200x Active Directory servers and domains. The domain name has to be a simple netbios compatible name. A single name not fqdn. I do not believe that . are a valid character. I think the domain name can not exceed 15 or 15 characters. On 11/15/12 14:38, Hanganu Sergiu wrote: hello i m not speaking very well english i m trying to configure samba .i m using debian as O.S. my problem is : i want to configure a local domain as PDC this is a part of a little example /|workgroup = MIDEARTH|/ /|domain logons = Yes|/ /|domain master = Yes|/ /|security = User |/ /|workgroup = MIDEARTH.MILANO|/ /|domain logons = Yes|/ /|domain master = Yes|/ /|security = User|/ my domain will be MIDEARTH This is working, but if i will change in MIDEARH.MILANO ...is not working when i m trying to connect a xp pro client with the domain name MIDEARTH is working but if i change in MIDEARTH.MILANO like fqnd is not working and i don t understand why.. i m trying to find on google same example but i can t find anything like this.. PLEASE HELP ME THANK YOU -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba4 ad problems
Hello, i have a samba4 ad domain with 5 domain controllers. Since 2-3 weeks, i have problems with kerberos, log.samba: [2012/11/16 16:21:11, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:21:12, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:21:12, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:21:14, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:21:24, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:21:24, 0] ../source4/dsdb/repl/drepl_out_helpers.c:829(dreplsrv_update_refs_done) UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 for 0854286a-4fd6-42a8-bc79-4487b61c7733._msdcs.test.local CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:21:44, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 3 objects (0 linked attributes) for DC=test,DC=local [2012/11/16 16:21:53, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for DC=test,DC=local [2012/11/16 16:21:53, 0] ../source4/dsdb/repl/drepl_out_helpers.c:829(dreplsrv_update_refs_done) UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 for 0854286a-4fd6-42a8-bc79-4487b61c7733._msdcs.test.local DC=test,DC=local [2012/11/16 16:23:49, 2] ../source4/libcli/dgram/dgramsocket.c:92(dgm_socket_recv) No mailslot handler for 'ÃMAILSLOTÃLANMAN' [2012/11/16 16:25:06, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Configuration,DC=test,DC=local [2012/11/16 16:25:19, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Configuration,DC=test,DC=local [2012/11/16 16:25:19, 0] ../source4/dsdb/repl/drepl_out_helpers.c:829(dreplsrv_update_refs_done) UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 for 0854286a-4fd6-42a8-bc79-4487b61c7733._msdcs.test.local CN=Configuration,DC=test,DC=local [2012/11/16 16:26:01, 0] ../source4/librpc/rpc/dcerpc_util.c:660(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for e3514235-4b06-11d1-ab04-00c04fc2dcd2@ncacn_ip_tcp:da93641c-ad62-4a93-bf2d-5eae845237ab._msdcs.test.local[1024,seal,krb5] NT_STATUS_INVALID_PARAMETER [2012/11/16 16:26:01, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:26:11, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:26:12, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:26:13, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:26:13, 0] ../source4/dsdb/repl/drepl_out_helpers.c:829(dreplsrv_update_refs_done) UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 for 0854286a-4fd6-42a8-bc79-4487b61c7733._msdcs.test.local CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:26:14, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:26:49, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=test,DC=local [2012/11/16 16:26:50, 2] ../source4/dsdb/repl/replicated_objects.c:779(dsdb_replicated_objects_commit) Replicated 0 objects (0 linked attributes) for DC=test,DC=local [2012/11/16 16:26:51, 1] ../source4/auth/gensec/gensec_gssapi.c:645(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Decrypt integrity check failed [2012/11/16 16:26:56, 1]
[Samba] reg import via logon script
hi everybody I'm being trouble by a strange system behavior, it's Win 7 machine script it as simple as one line reg import Y:\IT\domainLogons\exportRaw.reg Y: is a net share that is mapped beforehand it does not get imported but below works just fine reg restore HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Y:\IT\domainLogons\exportRaw.hiv both reg hiv are logic-wise structurally identical ??? any thoughts? regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4 logging
Does Samba 4 provide any logging as far as who authenticated from where, = similar to how Windows AD servers log it to the security event log? Not at this point, sorry. Are you aware of any plans to add this type of logging in the future? Thanks, Kris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 - Wins error running samba-tool classicupgrade
Hello: First, sorry for my English. I'm testing samba4 rc5. I have compiled and installed samba4 and now I'm trying to simulate an upgrade from my samba3 site to my samba4 test installation. I have setup a isolated network and I have replicated server and clients, copied my samba3 ldap contents and tdb files. But, when I run samba-tool classicupgrade following to the docs, samba-tool complaints about wins error. Below is the error. When the error appeared, I manually deleted the name entries in the wins.dat file, but the error continues with other machine names. Can I delete the wins.dat (entirely or its content) without consecuences? I have re-run the samba-tool classicupgrade after every error. Need I to wipe the internal samba4 database before re-run samba-tool classicupgrade? If, yes, how? Importing WINS database ERROR (ldb): uncaught exception - Entry name=REP-01-FUN01, type=0x20 already exists File /usr/local/samba/python2.7/site-packages/samba/netcmd/__init__.py, line 175 in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py, line 848, in upgrade_from_samba3 import_wins(Ldb(result.paths.winsdb), samba3_winsdb) File /usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py, line 364, in import_wins address: ips}) Regards Federico -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] grant windows group share permission
On 16/11/12 13:55, lst_ho...@kwsoft.de wrote: Hello i like to give a windows group (W2K3-AD) permissions to use a share read/write on a Samba domain member server. Therefore if have added the Samba server to the domain without problem and created a share like this: [bild] comment = Some Comment path = /data/bild admin users = root force user = smbuser force group = sambashare valid users = DOMAIN\w-user1 @DOMAIN\w-group1 guest ok = no read only = no writeable = yes browseable = yes The windows domain user w-user1 work as it should, but no member of the windows group w-group1 can access the share. If have also tried mapping the windows group to the Unix group sambashare with username map but always get access denied eg. asked for a windows user. Can please someone give a hint how to grant access for a windows group without adding/removing the members to a Unix group? Many Thanks Andi Hi, just a few pointers: You can remove the 'admin users' line, here you are giving 'root' root privileges You only need one of the 'read only' 'writeable' lines, they both mean the same, I suggest using 'read only' Finally, try removing the @ sign, I do not think you need it with winbind (I take it you are using winbind) Rowland -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] reg import via logon script
hi everybody I'm being trouble by a strange system behavior, it's Win 7 machine script it as simple as one line reg import Y:\IT\domainLogons\exportRaw.reg Y: is a net share that is mapped beforehand it does not get imported but below works just fine reg restore HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Y:\IT\domainLogons\exportRaw.hiv both reg hiv are logic-wise structurally identical ??? any thoughts? regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] reg import via logon script
I'm being troubled :) a trouble hopefully I ain't ;) On 16/11/12 16:38, lejeczek wrote: hi everybody I'm being trouble by a strange system behavior, it's Win 7 machine script it as simple as one line reg import Y:\IT\domainLogons\exportRaw.reg Y: is a net share that is mapped beforehand it does not get imported but below works just fine reg restore HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Y:\IT\domainLogons\exportRaw.hiv both reg hiv are logic-wise structurally identical ??? any thoughts? regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - Wins error running samba-tool classicupgrade
On 16/11/12 13:00, Federico Alberto Sayd wrote: Hello: First, sorry for my English. I'm testing samba4 rc5. I have compiled and installed samba4 and now I'm trying to simulate an upgrade from my samba3 site to my samba4 test installation. I have setup a isolated network and I have replicated server and clients, copied my samba3 ldap contents and tdb files. But, when I run samba-tool classicupgrade following to the docs, samba-tool complaints about wins error. Below is the error. When the error appeared, I manually deleted the name entries in the wins.dat file, but the error continues with other machine names. Can I delete the wins.dat (entirely or its content) without consecuences? I have re-run the samba-tool classicupgrade after every error. Need I to wipe the internal samba4 database before re-run samba-tool classicupgrade? If, yes, how? Importing WINS database ERROR (ldb): uncaught exception - Entry name=REP-01-FUN01, type=0x20 already exists File /usr/local/samba/python2.7/site-packages/samba/netcmd/__init__.py, line 175 in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py, line 848, in upgrade_from_samba3 import_wins(Ldb(result.paths.winsdb), samba3_winsdb) File /usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py, line 364, in import_wins address: ips}) Regards Federico I have read the samba 3 docs, and this page[1] says that there is not need to preserve winds.dat because this file is regenerated when Samba is restarted. I deleted the file and the migration finished ok. it is ok to delete this file? But If the file is not neccesary, why do samba-tool classicupgrade check this file and complaint when it finds inconsistences? [1] http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/tdb.html Regards Federico -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is it possible to change the root/Administrator user to another username?
On 11/15/2012 10:08 PM, Günter Kukkukk wrote: Am Freitag, 16. November 2012, 03:00:11 schrieb Andrew Bartlett: On Thu, 2012-11-15 at 08:44 -0500, Paul Griffith wrote: Hi Andrew, The 'username map' option isn't exactly what I am looking for. That doesn't solve my issue. We have a home grown backend with a custom Samba plugin. The original writer has moved on and I am faced with solving a issue that might be solved if I could replace Samba query for the root user with something else. At least that what it looks like from where I am sitting. You are going to need to give many more details of what you are actually trying to do, rather than how you think you might fix it. Then we can probably give you some sensible advise. root isn't hard-coded anywhere in Samba, but uid 0 is special in unix and in Samba. Andrew Bartlett Paul, just a further note on what Andrew is saying here with uid 0 is special in unix and in Samba. You can create a new *nix user e.g. named smbroot with useradd . -u 0 smbroot to assign him the uid 0. This cmd useradd is sometimes named adduser and might take different arguments. Sample (done as root): useradd -d /nodir -s /bin/false -u 0 smbroot This created user doesn't even have a *nix homedir and a login shell - but has otherwise the same rights as root. But choose the options you like - at least uid 0 must be set. Then you can add this new user to the samba user database. smbpasswd -a smbroot Cheers, Günter Surely more detailed info is needed from your side. Thank you for the suggestions, re smbroot. I will try to give you a clearer picture. I understand that you looking into a black box and trying to help. Thank you for that! We have a home grown passdb module, it talks to our home grown user database. The original developer of the plugin and the user database has moved on but we have managed to keep things working without any major issues, until now. Recently we have been having more issues with the plugin and the user database. What has been happening is that some of the connections to the user database are hanging around for days at a time. This seems to create a condition where the other incoming connections are getting blocked. When I did a strace on one of the hanging processes/connections it was giving the following error message: udb_cmd: result: [error] [record root:user does not exist] udb_to_sam: record [root:user] does not exist That is when I thought that adding the root user might help the situation. If the root user existed, the error would go away and then maybe the connection could be completed normally and closed. I understand this is our own custom code we added to Samba and I certainly don't expect anyone to fix our code. I hope that gives you a better picture. Many Thanks, Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - Wins error running samba-tool classicupgrade
On Fri, 2012-11-16 at 15:47 -0300, Federico Alberto Sayd wrote: On 16/11/12 13:00, Federico Alberto Sayd wrote: Hello: First, sorry for my English. I'm testing samba4 rc5. I have compiled and installed samba4 and now I'm trying to simulate an upgrade from my samba3 site to my samba4 test installation. I have setup a isolated network and I have replicated server and clients, copied my samba3 ldap contents and tdb files. But, when I run samba-tool classicupgrade following to the docs, samba-tool complaints about wins error. Below is the error. When the error appeared, I manually deleted the name entries in the wins.dat file, but the error continues with other machine names. Can I delete the wins.dat (entirely or its content) without consecuences? I have re-run the samba-tool classicupgrade after every error. Need I to wipe the internal samba4 database before re-run samba-tool classicupgrade? If, yes, how? Importing WINS database ERROR (ldb): uncaught exception - Entry name=REP-01-FUN01, type=0x20 already exists File /usr/local/samba/python2.7/site-packages/samba/netcmd/__init__.py, line 175 in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py, line 848, in upgrade_from_samba3 import_wins(Ldb(result.paths.winsdb), samba3_winsdb) File /usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py, line 364, in import_wins address: ips}) Regards Federico I have read the samba 3 docs, and this page[1] says that there is not need to preserve winds.dat because this file is regenerated when Samba is restarted. I deleted the file and the migration finished ok. it is ok to delete this file? It is and it isn't. The client will eventually re-register itself with WINS, but it won't be immediate. The correct fix would be to work out what nmbd does with a duplicate entry (does it just take the first or last entry?) and then do the same in the upgrade code. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] detected unhandled Python exception in '/usr/local/samba/sbin/samba_dnsupdate'
Hello, I've just seen the below exception in my log file. does any one knows why ? Nov 17 00:37:55 MyHost abrt: detected unhandled Python exception in '/usr/local/samba/sbin/samba_dnsupdate' Nov 17 00:37:55 MyHost abrtd: New client connected Nov 17 00:37:55 MyHost abrt-server[6427]: Saved Python crash dump of pid 6424 to /var/spool/abrt/pyhook-2012-11-17-00:37:55-6424 Nov 17 00:37:55 MyHost abrtd: Directory 'pyhook-2012-11-17-00:37:55-6424' creation detected Nov 17 00:37:55 MyHost abrtd: Executable'/usr/local/samba/sbin/samba_dnsupdate' doesn't belong to any package Nov 17 00:37:55 MyHost abrtd: 'post-create' on '/var/spool/abrt/pyhook-2012-11-17-00:37:55-6424' exited with 1 Nov 17 00:37:55 MyHost abrtd: Corrupted or bad directory /var/spool/abrt/pyhook-2012-11-17-00:37:55-6424, deleting Nov 17 00:47:55 MyHost abrt: detected unhandled Python exception in '/usr/local/samba/sbin/samba_dnsupdate' Nov 17 00:47:55 MyHost abrtd: New client connected Nov 17 00:47:55 MyHost abrtd: Directory 'pyhook-2012-11-17-00:47:55-6513' creation detected Nov 17 00:47:55 MyHost abrt-server[6516]: Saved Python crash dump of pid 6513 to /var/spool/abrt/pyhook-2012-11-17-00:47:55-6513 Nov 17 00:47:55 MyHost abrtd: Executable '/usr/local/samba/sbin/samba_dnsupdate' doesn't belong to any package Nov 17 00:47:55 MyHost abrtd: 'post-create' on '/var/spool/abrt/pyhook-2012-11-17-00:47:55-6513' exited with 1 Nov 17 00:47:55 MyHost abrtd: Corrupted or bad directory /var/spool/abrt/pyhook-2012-11-17-00:47:55-6513, deleting -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Is it possible to change the root/Administrator user to another username?
On Fri, 2012-11-16 at 14:12 -0500, Paul Griffith wrote: Thank you for the suggestions, re smbroot. I will try to give you a clearer picture. I understand that you looking into a black box and trying to help. Thank you for that! We have a home grown passdb module, it talks to our home grown user database. The original developer of the plugin and the user database has moved on but we have managed to keep things working without any major issues, until now. Recently we have been having more issues with the plugin and the user database. What has been happening is that some of the connections to the user database are hanging around for days at a time. This seems to create a condition where the other incoming connections are getting blocked. When I did a strace on one of the hanging processes/connections it was giving the following error message: udb_cmd: result: [error] [record root:user does not exist] udb_to_sam: record [root:user] does not exist That is when I thought that adding the root user might help the situation. If the root user existed, the error would go away and then maybe the connection could be completed normally and closed. So, did adding root there help? I understand this is our own custom code we added to Samba and I certainly don't expect anyone to fix our code. I hope that gives you a better picture. Thanks, it certainly does. In the future, given your special situation you really do need to include this much detail in your original post. Anyway, there have been a number of increased requirements on passdb modules over the years, but you don't say if you have seen your problems only on updating Samba, or if they have just grown due to other unknown factors. What version of Samba are you using? As speculation, upgrading to Samba 4.0 might help, as (partly in reaction to this kind of thing) we have tried to reduce how often we ask for a system and root token. It might just happen to reduce the demands on your backend to a level where it doesn't break down. I hope this helps, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Additional Zones with Samba4 DNS
Hi Michael, could you please send me your server dns info as below, so that I can compare if there is anything missing on my side... [root@MyHost ~]# samba-tool dns serverinfo MyHost Password for [administrator@OFFICE.LOCAL]: dwVersion : 0xece0205 fBootMethod : DNS_BOOT_METHOD_DIRECTORY fAdminConfigured : FALSE fAllowUpdate : TRUE fDsAvailable : TRUE pszServerName : MyHost.office.local pszDsContainer : CN=MicrosoftDNS,DC=DomainDnsZones,DC=office,DC=local aipServerAddrs : ['192.168.100.100 (53)'] aipListenAddrs : ['192.168.100.100 (53)'] aipForwarders : [] dwLogLevel : 0 dwDebugLevel : 0 dwForwardTimeout : 3 dwRpcPrototol : 0x5 dwNameCheckFlag : DNS_ALLOW_MULTIBYTE_NAMES cAddressAnswerLimit : 0 dwRecursionRetry : 3 dwRecursionTimeout : 8 dwMaxCacheTtl : 86400 dwDsPollingInterval : 180 dwScavengingInterval : 0 dwDefaultRefreshInterval : 168 dwDefaultNoRefreshInterval : 168 fAutoReverseZones : FALSE fAutoCacheUpdate : FALSE fRecurseAfterForwarding : FALSE fForwardDelegations : TRUE fNoRecursion : FALSE fSecureResponses : FALSE fRoundRobin : TRUE fLocalNetPriority : FALSE fBindSecondaries : FALSE fWriteAuthorityNs : FALSE fStrictFileParsing : FALSE fLooseWildcarding : FALSE fDefaultAgingState : FALSE dwRpcStructureVersion : 0x2 aipLogFilter : [] pwszLogFilePath : None pszDomainName : office.local pszForestName : office.local pszDomainDirectoryPartition : DC=DomainDnsZones,DC=office,DC=local pszForestDirectoryPartition : DC=ForestDnsZones,DC=office,DC=local dwLocalNetPriorityNetMask : 0xff dwLastScavengeTime : 0 dwEventLogLevel : 4 dwLogFileMaxSize : 0 dwDsForestVersion : 0 dwDsDomainVersion : 0 dwDsDsaVersion : 4 fReadOnlyDC : FALSE De : Innocent Yevide inye...@yahoo.fr À : Michael Hildenbrand michael.hildenbr...@visualimg.de Cc : samba@lists.samba.org samba@lists.samba.org Envoyé le : Vendredi 16 novembre 2012 14h32 Objet : Re: [Samba] Additional Zones with Samba4 DNS Hi, yes I use internal DNS not bind. how do you want me to check the DNS? I am able to resolve host normally, when a new client join the domain the DNS is updated properly as well. yes the the machine running the DNS tool is properly logged in the domain with domain Administrator username. When I try to connect, it just says it cannot connect to DNS server. but when I try to monitor/test that DNS server with dns tool, I see that reverse dns is working, but simple dns test fails. Best Regards, Innocent. De : Michael Hildenbrand michael.hildenbr...@visualimg.de À : samba@lists.samba.org Envoyé le : Vendredi 16 novembre 2012 10h21 Objet : Re: [Samba] Additional Zones with Samba4 DNS Hi, config file smb.conf is quite unimportant for DNS. Do you use internal Samba DNS, not bind, and did you check your DNS ? Is your user who uses the DNS tool from MS in the domain and in the domain logged on? Without a logged on Domain User with Admin Rights your are not able to connect to the DNS Server. What error message do you get? Von: Innocent Yevide [mailto:inye...@yahoo.fr] Gesendet: Donnerstag, 15. November 2012 23:39 An: Michael Hildenbrand Betreff: Re: [Samba] Additional Zones with Samba4 DNS Hi Michael, I also have samba4 rc5 installed but cannot connect to the internal dns with MS DNS tool. could u please share your config file with me? perhaps I am missing something. Regards, Inno. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] fast parallel crawling of file systems
Hi, I use a disk space inventory tool called TreeSizePro to scan file filesystems on windows and linux boxes. On Linux systems I export these shares via samba to scan them. TreeSizePro is multi-threaded (32 crawlers) and I run it on windows 7. I am scanning file systems that are local to the linux servers and also nfs mounts that are re-exported via samba. If I scan a windows 2008 server I can scan many millon files in about 1 hour, If I do the same thing with samba it takes more than 1 day. It takes longer to scan to re-exported nfs share than the local share but not a whole lot so I must assume the bottleneck lies within samba. (I can also crawl the nfs mount really fast) How can I make samba fly? How can I improve this metadata performance? I don't care about stability, I just want to maximize performance. We don't have a slow or a badly configured network. I compiled samba 3.6.9 on a plain ubuntu 12.04 box and searched the web for some performance improvement suggestions, not sure if the config below makes any sense. ./configure --with-aio-support --enable-pthreadpool --prefix=/opt/samba --with-ads /root # cat /opt/samba/lib/smb.conf [global] workgroup = FH netbios name = copycat min protocol = SMB2 max protocol = SMB2 #log level = 1 # performance enhancements strict locking = no max xmit = 65535 deadtime = 15 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536 [tmp] path = /tmp read only = no [shared] path = /shared read only = yes follow symlinks = no wide links = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 in FreeBSD 9 i386 for Domain controller not working. Samba version 4.1.0 pre1-GIT cf15406
Hi, Samab gurus! I tried to make Samba4 work on FreeBSD 9.1 i386 but failed to join an XP computer to the domain. What I did is: 1, git clone git://git.samba.org/samba.git samba-master 2, cd /usr/local/samba-master 3, ./configure --enable-debug --enable-selftest make make install 4, /usr/local/samba/sbin/samba-tool domain provision --realm=xyz.pccom.ca--domain=dcxyz --adminpass='123456' --server-role=dc 5, cp /usr/local/samba/private/krb.conf /etc 6, echo 'kerberos5_server_enable=YES' /etc/rc.conf 7, echo 'kadmind5_server_enable=YES' /etc/rc.conf 8, echo 'domain xyz.pccom.ca' /etc/resolv.conf the dns server keep the same as before. 9, /usr/local/samba/bin/samba -i -M single I found Failed to bind to 192.168.1.248 UDP_NT_ADDRESS_ALREADY_ASSOCIATED I do git pull every day. In the samba-master directory, I did a make test, many failures and errors. If any one can help me, I can send the st/summary files to him. Your help will be appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba domain member losing membership
Thanks. I've updated to the latest version and so far so good. But time will tell in this case. Thanks alot for your help. -Andrew Galdes On Fri, Nov 16, 2012 at 8:45 PM, Andrew Bartlett abart...@samba.org wrote: On Fri, 2012-11-16 at 15:49 +1030, Andrew Galdes wrote: Hello all, I've recently posted here for help with a Samba domain member system which seems to lose it's domain membership. I want to discuss it a little more. I have more information. I'm after comments and suggestions for troubleshooting. Also, i say loses membership but i don't really know if it has lost it. Just doesn't work anymore until i re-join the Samba system to the domain. I have noticed this behaviour with two sites (installations) now. Both are CentOS systems with Samba versions as follows: samba-*-3.5.10-125.el6.x86_64 samba-*-3.5.10-115.el6_2.x86_64 I successfully join these systems to Active Directory domains (2008 r2 DC's) using the following command. The system can then do as i need and wbinfo works: net join -U Administrator%MyPass After some time the Samba servers will stop functioning as expected and users will get 'access denied' errors. wbinfo stops working. Some error messages: LOG FILE: /var/log/samba/log.wb-MYDOM [2012/11/12 13:20:43.338947, 0] libsmb/cliconnect.c:1052(cli_session_setup_spnego) Kinit failed: Preauthentication failed [2012/11/12 13:20:43.459457, 2] winbindd/winbindd_pam.c:2121(winbindd_dual_pam_auth_crap) NTLM CRAP authentication for user [MYDOM]\[myuser] returned NT_STATUS_ACCESS_DENIED (PAM: 4) Notice Kinit in the above error. I have not configured Kerberos at this point. I have not identified consistent time intervals for these 'drop-outs'. I have not updated (YUM) these systems between the joining and dropping from the domains. What might cause this? What causes this is that when we change our domain membership password, and the connection to the DC we change against times out. There is a patch in later releases for this (gives a longer timeout). The issue is, this takes longer than we allow, so we think it failed, but it actually succeed, and so we loose our membership. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- -Andrew Galdes Managing Director RHCSA, LPI, CCENT AGIX Linux Ph: 08 7324 4429 Mb: 0422 927 598 Site: http://www.agix.com.au Twitter: http://twitter.com/agixlinux LinkedIn: http://au.linkedin.com/in/andrewgaldes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via abb142b lib/addns: don't depend on the order in resp-answers[] via 0a83695 lib/addns: remove pointless check for resp-num_additionals != 1 from 364a70c lib/replace: replace all *printf function if we replace snprintf (bug #9390) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit abb142b4db54ecf17e3b05c374e9d51c6ddc4e04 Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 9 08:59:36 2012 +0100 lib/addns: don't depend on the order in resp-answers[] Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit eecc1d294256210ee8c2f6ab79d21b835258a6d4) The last 2 patches address bug #9402 - lib/addns doesn't work samba4 with a bind9 server. commit 0a836951838a1aa70b1f6ade4ad09d4e6cee3c24 Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 9 08:55:40 2012 +0100 lib/addns: remove pointless check for resp-num_additionals != 1 We never use resp-additionals, so there's no reason to check. This fixes dns updates against BIND9 (used in a Samba4 domain). Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit b59c5db5f74f56c0536635a41ae51c389109ceb5) --- Summary of changes: lib/addns/dnsgss.c | 16 1 files changed, 12 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/addns/dnsgss.c b/lib/addns/dnsgss.c index c903741..a8b2ea1 100644 --- a/lib/addns/dnsgss.c +++ b/lib/addns/dnsgss.c @@ -164,6 +164,8 @@ static DNS_ERROR dns_negotiate_gss_ctx_int( TALLOC_CTX *mem_ctx, struct dns_request *resp; struct dns_buffer *buf; struct dns_tkey_record *tkey; + struct dns_rrec *tkey_answer = NULL; + uint16_t i; err = dns_receive(mem_ctx, conn, buf); if (!ERR_DNS_IS_OK(err)) goto error; @@ -174,10 +176,16 @@ static DNS_ERROR dns_negotiate_gss_ctx_int( TALLOC_CTX *mem_ctx, /* * TODO: Compare id and keyname */ - - if ((resp-num_additionals != 1) || - (resp-num_answers == 0) || - (resp-answers[0]-type != QTYPE_TKEY)) { + + for (i=0; i resp-num_answers; i++) { + if (resp-answers[i]-type != QTYPE_TKEY) { + continue; + } + + tkey_answer = resp-answers[i]; + } + + if (tkey_answer == NULL) { err = ERROR_DNS_INVALID_MESSAGE; goto error; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via cf4773f source3/libaddns: don't depend on the order in resp-answers[] via 4bb99f4 source3/libaddns: remove pointless check for resp-num_additionals != 1 from 05f151c lib/replace: replace all *printf function if we replace snprintf (bug #9390) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit cf4773f929b2ac01bfe22e8113ccd3843c92bf56 Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 9 08:59:36 2012 +0100 source3/libaddns: don't depend on the order in resp-answers[] Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit eecc1d294256210ee8c2f6ab79d21b835258a6d4) The last 2 patches address bug #9402 - lib/addns doesn't work samba4 with a bind9 server. commit 4bb99f454cea8a0c37422f1e64cabe96543ca6e8 Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 9 08:55:40 2012 +0100 source3/libaddns: remove pointless check for resp-num_additionals != 1 We never use resp-additionals, so there's no reason to check. This fixes dns updates against BIND9 (used in a Samba4 domain). Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit b59c5db5f74f56c0536635a41ae51c389109ceb5) --- Summary of changes: source3/libaddns/dnsgss.c | 16 1 files changed, 12 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libaddns/dnsgss.c b/source3/libaddns/dnsgss.c index c903741..a8b2ea1 100644 --- a/source3/libaddns/dnsgss.c +++ b/source3/libaddns/dnsgss.c @@ -164,6 +164,8 @@ static DNS_ERROR dns_negotiate_gss_ctx_int( TALLOC_CTX *mem_ctx, struct dns_request *resp; struct dns_buffer *buf; struct dns_tkey_record *tkey; + struct dns_rrec *tkey_answer = NULL; + uint16_t i; err = dns_receive(mem_ctx, conn, buf); if (!ERR_DNS_IS_OK(err)) goto error; @@ -174,10 +176,16 @@ static DNS_ERROR dns_negotiate_gss_ctx_int( TALLOC_CTX *mem_ctx, /* * TODO: Compare id and keyname */ - - if ((resp-num_additionals != 1) || - (resp-num_answers == 0) || - (resp-answers[0]-type != QTYPE_TKEY)) { + + for (i=0; i resp-num_answers; i++) { + if (resp-answers[i]-type != QTYPE_TKEY) { + continue; + } + + tkey_answer = resp-answers[i]; + } + + if (tkey_answer == NULL) { err = ERROR_DNS_INVALID_MESSAGE; goto error; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 02ca126 s4:samba-tool: Fix samba-tool fsmo --role=schema via f3ab644 lib/addns: remove compiler warnings via 1236393 lib/addns: don't depend on the order in resp-answers[] via dd9a98c lib/addns: remove pointless check for resp-num_additionals != 1 from 3f5b4ed lib/replace: replace all *printf function if we replace snprintf (bug #9390) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 02ca1263cfd793b7512d7bd9eccce786794e63f6 Author: Arvid Requate requ...@univention.de Date: Wed Nov 14 15:51:19 2012 +0100 s4:samba-tool: Fix samba-tool fsmo --role=schema Fix traceback: samba-tool fsmo --role=schema --force ERROR(type 'exceptions.TypeError'): uncaught exception - argument 2 must be string, not ldb.Dn File /usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py, line 168, in _run return self.run(*args, **kwargs) File /usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py, line 160, in run self.seize_role(role, samdb, force) File /usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py, line 119, in seize_role m.dn = ldb.Dn(samdb, self.schema_dn) Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Nov 16 00:40:24 CET 2012 on sn-devel-104 (cherry picked from commit ace0909b88739338e948b9c1e98307f324bb7503) Fix bug #9392 - Traceback in samba-tool fsmo --role=schema. Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri Nov 16 10:54:29 CET 2012 on sn-devel-104 commit f3ab644246e85b32b06ae50e7a83f09264a4a7ae Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 9 09:08:51 2012 +0100 lib/addns: remove compiler warnings Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit 1ecc76b2480c884a66e598ff6b1f9000bb0931c0) The last 3 patches address bug #9402 - lib/addns doesn't work samba4 with a bind9 server. commit 1236393fbeca02acdfecdcc223e0fd421599157f Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 9 08:59:36 2012 +0100 lib/addns: don't depend on the order in resp-answers[] Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit eecc1d294256210ee8c2f6ab79d21b835258a6d4) commit dd9a98c1e651b314912e93fa68ef2010813b5034 Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 9 08:55:40 2012 +0100 lib/addns: remove pointless check for resp-num_additionals != 1 We never use resp-additionals, so there's no reason to check. This fixes dns updates against BIND9 (used in a Samba4 domain). Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org (cherry picked from commit b59c5db5f74f56c0536635a41ae51c389109ceb5) --- Summary of changes: lib/addns/dnsgss.c| 20 ++-- source4/scripting/python/samba/netcmd/fsmo.py |2 +- 2 files changed, 15 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/addns/dnsgss.c b/lib/addns/dnsgss.c index 64a7d85..f7ed1d1 100644 --- a/lib/addns/dnsgss.c +++ b/lib/addns/dnsgss.c @@ -92,7 +92,7 @@ static DNS_ERROR dns_negotiate_gss_ctx_int( TALLOC_CTX *mem_ctx, DNS_ERROR err; gss_OID_desc krb5_oid_desc = - { 9, (const char *)\x2a\x86\x48\x86\xf7\x12\x01\x02\x02 }; + { 9, discard_const(\x2a\x86\x48\x86\xf7\x12\x01\x02\x02) }; *ctx = GSS_C_NO_CONTEXT; input_ptr = NULL; @@ -164,6 +164,8 @@ static DNS_ERROR dns_negotiate_gss_ctx_int( TALLOC_CTX *mem_ctx, struct dns_request *resp; struct dns_buffer *buf; struct dns_tkey_record *tkey; + struct dns_rrec *tkey_answer = NULL; + uint16_t i; err = dns_receive(mem_ctx, conn, buf); if (!ERR_DNS_IS_OK(err)) goto error; @@ -174,10 +176,16 @@ static DNS_ERROR dns_negotiate_gss_ctx_int( TALLOC_CTX *mem_ctx, /* * TODO: Compare id and keyname */ - - if ((resp-num_additionals != 1) || - (resp-num_answers == 0) || - (resp-answers[0]-type != QTYPE_TKEY)) { + + for (i=0; i resp-num_answers; i++) { + if (resp-answers[i]-type != QTYPE_TKEY) { +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 10b6cce samba-tool dns: Don't use localhost to connect to local host via d5de797 utils: Remove unused samba-dig tool via 945bc84 dsdb: Make secrets_tdb_sync cope with -H secrets.ldb from d7cab97 s3:param: make init_locals() static. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 10b6cceb1f0f09c7a8f5fc8882fdc3852d11951f Author: Kai Blin k...@samba.org Date: Wed Nov 14 11:32:06 2012 +0100 samba-tool dns: Don't use localhost to connect to local host Calling samba-tool dns cmd localhost provokes a stacktrace. This just makes 'samba-tool dns cmd localhost' work and doesn't fix the underlying issue, but I don't see it causing any harm (unless you don't have an ipv4 localhost, I guess). Signed-off-by: Kai Blin k...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Fri Nov 16 13:18:14 CET 2012 on sn-devel-104 commit d5de797af2aeb3697022e33ea51c516621b25e2f Author: Kai Blin k...@samba.org Date: Fri Nov 16 09:59:53 2012 +0100 utils: Remove unused samba-dig tool Signed-off-by: Kai Blin k...@samba.org Reviewed-by: Michael Adam ob...@samba.org commit 945bc84818039b79f4d9b7982e24c1e0e7dd8a45 Author: Andrew Bartlett abart...@samba.org Date: Wed Sep 12 15:34:29 2012 +0200 dsdb: Make secrets_tdb_sync cope with -H secrets.ldb The issue was, without a / in the path, we did not cope. Andrew Bartlett Reviewed-by: Michael Adam ob...@samba.org --- Summary of changes: source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c |5 +- source4/scripting/python/samba/netcmd/dns.py |2 + utils/samba-dig.c | 160 - utils/wscript_build |7 - wscript_build |1 - 5 files changed, 5 insertions(+), 170 deletions(-) delete mode 100644 utils/samba-dig.c delete mode 100644 utils/wscript_build Changeset truncated at 500 lines: diff --git a/source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c b/source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c index c742d86..e90fc77 100644 --- a/source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c +++ b/source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c @@ -498,11 +498,12 @@ static int secrets_tdb_sync_init(struct ldb_module *module) p = strrchr(private_dir, '/'); if (p) { *p = '\0'; + secrets_init_path(private_dir); } else { - return ldb_operr(ldb); + secrets_init_path(.); } - secrets_init_path(private_dir); + TALLOC_FREE(private_dir); data-secrets_tdb = secrets_db_ctx(); diff --git a/source4/scripting/python/samba/netcmd/dns.py b/source4/scripting/python/samba/netcmd/dns.py index 8bd3249..c00d17a 100644 --- a/source4/scripting/python/samba/netcmd/dns.py +++ b/source4/scripting/python/samba/netcmd/dns.py @@ -31,6 +31,8 @@ from samba.dcerpc import dnsp, dnsserver def dns_connect(server, lp, creds): +if server.lower() == 'localhost': +server = '127.0.0.1' binding_str = ncacn_ip_tcp:%s[sign] % server dns_conn = dnsserver.dnsserver(binding_str, lp, creds) return dns_conn diff --git a/utils/samba-dig.c b/utils/samba-dig.c deleted file mode 100644 index ec0677a..000 --- a/utils/samba-dig.c +++ /dev/null @@ -1,160 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - DNS query too for Samba with socketwrapper support - - Copyright (C) 2012 Kai Blin k...@samba.org - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see http://www.gnu.org/licenses/. -*/ - -#include includes.h -#include talloc.h -#include tevent.h -#include lib/util/samba_util.h -#include librpc/ndr/libndr.h -#include librpc/gen_ndr/ndr_dns.h -#include libcli/dns/libdns.h - -static void usage(void) -{ - printf(Usage: samba-dig dns-server-ip data record-type\n\n); -} - -static struct dns_name_packet *make_name_packet(TALLOC_CTX *mem_ctx, - uint16_t operation) -{ - struct dns_name_packet *packet = talloc_zero(mem_ctx, -
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2012-11-16-2247/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2012-11-16-2247/samba3.stderr http://git.samba.org/autobuild.flakey/2012-11-16-2247/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2012-11-16-2247/samba.stderr http://git.samba.org/autobuild.flakey/2012-11-16-2247/samba.stdout The top commit at the time of the failure was: commit 10b6cceb1f0f09c7a8f5fc8882fdc3852d11951f Author: Kai Blin k...@samba.org Date: Wed Nov 14 11:32:06 2012 +0100 samba-tool dns: Don't use localhost to connect to local host Calling samba-tool dns cmd localhost provokes a stacktrace. This just makes 'samba-tool dns cmd localhost' work and doesn't fix the underlying issue, but I don't see it causing any harm (unless you don't have an ipv4 localhost, I guess). Signed-off-by: Kai Blin k...@samba.org Reviewed-by: Michael Adam ob...@samba.org Autobuild-User(master): Michael Adam ob...@samba.org Autobuild-Date(master): Fri Nov 16 13:18:14 CET 2012 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e6a100e s3:modules:nfs4_acls remove unused mem_ctx parameter to smbacl4_fill_ace4 via c9d7074 s3:modules:nfs4_acls fix memory hierarchy in smb_create_smb4acl via 775d0a7 s3:vfs_gpfs fix a memory leak in gpfsacl_get_posix_acl via 1a71f07 s3:vfs_gpfs fix memory corruption in gpfs2smb_acl via 3dab1ef s3:vfs_gpfs fix memory leak in gpfs_get_nfs4_acl via 3925a71 s3:vfs_gpfs fix memory leaks in gpfs_getacl_alloc from 10b6cce samba-tool dns: Don't use localhost to connect to local host http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e6a100e86b7adf1c06a7c06b24fa50717ddcdb67 Author: Christian Ambach a...@samba.org Date: Mon Nov 5 18:49:54 2012 +0100 s3:modules:nfs4_acls remove unused mem_ctx parameter to smbacl4_fill_ace4 Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Sat Nov 17 01:11:07 CET 2012 on sn-devel-104 commit c9d70740e39722a2f98ccd932b053723a4f3de62 Author: Christian Ambach a...@samba.org Date: Mon Nov 5 18:47:01 2012 +0100 s3:modules:nfs4_acls fix memory hierarchy in smb_create_smb4acl the ACEs should be talloc children of the ACL itself and not be placed on talloc_tos() Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 775d0a78c496af8ddbde9eb0f8c2f6d5dc5bcc81 Author: Christian Ambach a...@samba.org Date: Fri Nov 2 08:41:40 2012 +0100 s3:vfs_gpfs fix a memory leak in gpfsacl_get_posix_acl Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 1a71f07cee0bfe50ea6821a195a950d2206aab55 Author: Christian Ambach a...@samba.org Date: Fri Nov 2 08:41:10 2012 +0100 s3:vfs_gpfs fix memory corruption in gpfs2smb_acl sys_acl_init returns a SMB_ACL_T with zero entries in the acl array reallocate the array to proper size before filling it, otherwise we overwrite memory This one is a result of a improper fixing in 7a6182962966e5edb42728c8 Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 3dab1ef8a57670a36a81e706895bbe225892f3ff Author: Christian Ambach a...@samba.org Date: Fri Nov 2 08:39:45 2012 +0100 s3:vfs_gpfs fix memory leak in gpfs_get_nfs4_acl Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit 3925a7114caaac56e79849ebf3aa13784918282b Author: Christian Ambach a...@samba.org Date: Fri Nov 2 08:39:17 2012 +0100 s3:vfs_gpfs fix memory leaks in gpfs_getacl_alloc Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org --- Summary of changes: source3/modules/nfs4_acls.c |7 ++- source3/modules/vfs_gpfs.c | 12 ++-- 2 files changed, 12 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 48b045f..67db6b0 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -161,11 +161,10 @@ SMB4ACL_T *smb_create_smb4acl(void) SMB4ACE_T *smb_add_ace4(SMB4ACL_T *theacl, SMB_ACE4PROP_T *prop) { SMB_ACL4_INT_T *aclint = get_validated_aclint(theacl); - TALLOC_CTX *mem_ctx = talloc_tos(); SMB_ACE4_INT_T *ace; ace = (SMB_ACE4_INT_T *)TALLOC_ZERO_SIZE( - mem_ctx, sizeof(SMB_ACE4_INT_T)); + theacl, sizeof(SMB_ACE4_INT_T)); if (ace==NULL) { DEBUG(0, (TALLOC_SIZE failed\n)); @@ -581,7 +580,6 @@ static SMB_ACE4PROP_T *smbacl4_find_equal_special( static bool smbacl4_fill_ace4( - TALLOC_CTX *mem_ctx, const struct smb_filename *filename, smbacl4_vfs_params *params, uid_t ownerUID, @@ -702,7 +700,6 @@ static SMB4ACL_T *smbacl4_win2nfs4( { SMB4ACL_T *theacl; uint32 i; - TALLOC_CTX *mem_ctx = talloc_tos(); const char *filename = fsp-fsp_name-base_name; DEBUG(10, (smbacl4_win2nfs4 invoked\n)); @@ -715,7 +712,7 @@ static SMB4ACL_T *smbacl4_win2nfs4( SMB_ACE4PROP_T ace_v4; booladdNewACE = True; - if (!smbacl4_fill_ace4(mem_ctx, fsp-fsp_name, pparams, + if (!smbacl4_fill_ace4(fsp-fsp_name, pparams, ownerUID, ownerGID, dacl-aces + i, ace_v4)) { DEBUG(3, (Could not fill ace for file %s, SID %s\n, diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index