Re: [Samba] Samba PDC group list empty

[L . P . H . van Belle]

Hai, 

The debian 3.5.6 is buggy, use de 3.6.6 version from backports, fixed my 
problems also. 

Louis


 

-Oorspronkelijk bericht-
Van: andrej.si...@gmail.com 
[mailto:samba-boun...@lists.samba.org] Namens Andrej Šimko
Verzonden: vrijdag 23 november 2012 9:11
Aan: samba@lists.samba.org
Onderwerp: [Samba] Samba PDC group list empty

Dear samba users,

I have very strange problem. I have Samba PDC up and running, but only
thing is missing. I cannot see any Domain Groups at all.
Here is my config:

Debian Squeeze:
ii  samba   2:3.5.6~dfsg-3squeeze8
SMB/CIFS file, print, and login server for Unix
ii  samba-common2:3.5.6~dfsg-3squeeze8 
  common
files used by both the Samba server and client
ii  samba-common-bin2:3.5.6~dfsg-3squeeze8 
  common
files used by both the Samba server and client
ii  samba-doc   2:3.5.6~dfsg-3squeeze8 
  Samba
documentation

/etc/samba/smb.conf
[global]
dos charset = CP852
unix charset = UTF8
display charset = UTF8
workgroup = EXAMPLE
server string = %h server
map to guest = Bad User
passdb backend = ldapsam:ldap://127.0.0.1/
pam password change = Yes
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
syslog = 0
time server = Yes
log file = /var/log/samba/samba.log
log level = 3
max log size = 1000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/sbin/smbldap-useradd -m %u -d /home/%u %u
delete user script = /usr/sbin/smbldap-userdel %u -r %u
add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
add machine script = /usr/sbin/smbldap-useradd -w %u
logon script = logon.bat
domain logons = Yes
os level = 10
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=admin,dc=example,dc=sk
ldap delete dn = Yes
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap suffix = dc=example,dc=sk
ldap ssl = no
ldap user suffix = ou=Users
panic action = /usr/share/samba/panic-action %d
map acl inherit = Yes
case sensitive = No
hide unreadable = Yes
map hidden = Yes
map system = Yes

[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0644
directory mask = 0700
browseable = No
path = /data/samba/homes

[netlogon]
comment = Network Logon Service
path = /data/samba/netlogon
read only = No
guest ok = Yes
locking = No
share modes = No

[profiles]
comment = Users profiles
path = /data/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
hide files = /desktop.ini/
browseable = No

/etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages 
installed, try:
# `info libc Name Service Switch' for information about this file.

passwd: compat ldap
group:  compat ldap
shadow: compat ldap

hosts:  files dns
networks:   files

protocols:  db files
services:   db files
ethers: db files
rpc:db files

netgroup:   nis

/etc/ldap/ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.
host 127.0.0.1
base dc=example,dc=sk
binddn cn=admin,dc=example,dc=sk
bindpw secret
bind_policy soft
pam_password exop
timelimit 15

nss_base_passwd ou=Users,dc=example,dc=sk
nss_base_shadow ou=Users,dc=example,dc=sk
nss_base_group  ou=Groups,dc=example,dc=sk

net getdomainsid
SID for local machine HOST is: S-1-5-21-2242576961-186067218-2214866780
SID for domain EXAMPLE is: S-1-5-21-2390795950-2727105968-4008069955

net groupmap list
Domain Admins (S-1-5-21-2390795950-2727105968-4008069955-512) - Domain
Admins
Domain Users (S-1-5-21-2390795950-2727105968-4008069955-513) 
- Domain Users
Domain Guests (S-1-5-21-2390795950-2727105968-4008069955-514) - Domain
Guests
Domain Computers 
(S-1-5-21-2390795950-2727105968-4008069955-515) - Domain
Computers
Administrators (S-1-5-32-544) - Administrators
Account Operators (S-1-5-32-548) - Account Operators
Print Operators (S-1-5-32-550) - Print Operators
Backup Operators (S-1-5-32-551) - Backup Operators
Replicators (S-1-5-32-552) - Replicators


The strange thing is, if I try on Win XP to search groups, i 
see in logs:
smbldap_search_paged: base = [dc=example,dc=sk], filter =
[((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S
-1-5-21-2390795950-2727105968-4008069955*))],scope
= [2], pagesize = [1024]
  smbldap_search_paged: base = [dc=example,dc=sk], filter =

Re: [Samba] cannot modify files on client

[Dietrich Hentschel]

hi again,

thank you for answer.


On 25.11.2012 20:01, Gary Dale wrote:

When you are using samba to connect, the user, group and file permission
get passed through it. Rather than trying to force a particular user,
try mapping the Windows (samba) user to the local (server) user tommy.



I added in [global]  username map, but it do not work.


[global]
workgroup=WORKGROUP
security=share
username map = /etc/samba/users.map

[bilder]
path=/var/lib/export
#force user=tommy
#force group=users
valid users=tommy
write list=tommy

with tommy = dih in file /etc/samba/users.map (dih is user on linux 
client).


What can I do to map uid and gid to client?

With regards
Dietrich


On 25/11/12 10:10 AM, Dietrich Hentschel wrote:

Hi,

I want connect a linux client to linux server to modify files.

On my server:

password file: tommy:x:1002:100:Tommy:/home/tommy:/bin/sh

smb.conf:
[global]
workgroup=WORKGROUP
security=share

[bilder]
path=/var/lib/export
force user=tommy
force group=users
valid users=tommy
write list=tommy

On client:

mount.cifs //DESKTOP/bilder /home/dih/tommy/ -o user=tommy

I see the files on root:
-rwxr-xr-x 1 1002 users 628 Nov 11 19:15 configure.sh
-rw-r--r-- 1 1002 users 0 Nov 25 11:33 d
-rw-r--r-- 1 1002 users 0 Nov 25 12:49 dd
-rwxr--r-- 1 1002 users 753647 Nov 22 19:48 p6140385.jpg
-rwxr-xr-x 1 1002 users 720 Nov 19 14:29 photo-ma

I can touch x without trouble and have uid 1002:
-rw-r--r-- 1 1002 users 0 Nov 25 16:02 x


I have no user on uid 1002. I want modify the files not on root but
have wrong permissions.

Can someone help me.

With regards

Dietrich




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] cannot modify files on client

[Volker Lendecke]

On Mon, Nov 26, 2012 at 12:06:50PM +0100, Dietrich Hentschel wrote:
 hi again,
 
 thank you for answer.
 
 
 On 25.11.2012 20:01, Gary Dale wrote:
 When you are using samba to connect, the user, group and file permission
 get passed through it. Rather than trying to force a particular user,
 try mapping the Windows (samba) user to the local (server) user tommy.
 
 
 I added in [global]  username map, but it do not work.
 
 
 [global]
 workgroup=WORKGROUP
 security=share

If possible, avoid security=share. This is deprecated for a
while now.

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kont...@sernet.de
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba4 on CentOS 6.3 - IPTABLES how-to???

[Andreas Krupp]

Hello,

I do appologize if this is something that was already discussed somewhere 
else... but for now I was not able to find the appropriate How-To.
Would anybody know what the IPTABLES entries are to have working Samba4 Domain 
Controller?
I tried the following:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 88 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 749 -j ACCEPT
-A INPUT -p udp -m state --state NEW -m udp --dport 88 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 389 -j ACCEPT
-A INPUT -d SERVERIP/32 -p udp -m udp --sport 1024:65535 --dport 53 -m state 
--state NEW,ESTABLISHED -j ACCEPT
-A INPUT -d SERVERIP/32 -p udp -m udp --sport 53 --dport 53 -m state --state 
NEW,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --dport 137 -j ACCEPT
-A INPUT -p udp -m udp --dport 138 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT

With the above I was not able to connect via remote Administration tools to the 
Active Directory Service.
Does anybody have a comprehensive list of ports/protocols one has to open in 
IPTABLES to get DNS, Samba, Fileshares, Active Directory, etc. working?

Cheers  thank you very much for your help!
Best,
Andreas

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 on CentOS 6.3 - IPTABLES how-to???

[Sven Tegethoff]

On 26.11.2012 14:39, Andreas Krupp wrote:

 With the above I was not able to connect via remote Administration 
tools to the Active Directory Service. Does anybody have a 
comprehensive list of ports/protocols one has to open in IPTABLES to 
get DNS, Samba, Fileshares, Active Directory, etc. working? Cheers  
thank you very much for your help! Best, Andreas 


Here is the official list:

http://support.microsoft.com/kb/832017

Executive summary: It's hopeless. With so many RPC-based services that 
use dynamically assigned port numbers, you can't effectively put a 
packet filter between domain controller and the client.



--

Mit freundlichen Grüßen

Sven Tegethoff
EDV-Team

_
UDO BÄR GmbH  Co. KG   
Fürstenstraße 18
47051 Duisburg
Tel.: +49 (0) 203 28117-142
Fax: +49 (0) 203 28117-151
E-Mail: tegeth...@udobaer.de

Ust.-Idnr.: DE119562189, HRA 6056, Sitz der Gesellschaft: Duisburg,
Gerichtsstand: Duisburg Geschäftsführer: Bodo Badnowitz, Jürgen Dietz

Ein Unternehmen der BTI Gruppe: www.bti-group.com

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. 
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten 
haben, informieren Sie bitte sofort den Absender und vernichten Sie diese 
E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail 
ist nicht gestattet.  This e-mail may contain confidential and/or privileged 
information. If you are not the intended recipient (or have received this 
e-mail in error) please notify the sender immediately and destroy this e-mail.  
Any unauthorized copying, disclosure or distribution of the material in this 
e-mail is strictly forbidden.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Local Administrator access

[Knut Olav Bøhmer]

Hi,

I have a windows 7 machine withouth local administrator account.
I need to create such an account. I can log in to the machine with a user
on my samba domain.

What do I need to do in order to get administrator access, or access to
create an local administrator account?

I have tried to do this:

[root@float samba]# net rpc group addmem Administrators 'DOMAIN\username'
Enter root's password:
Could not add SKOLELINUX\knobo to Administrators: NT_STATUS_NO_SUCH_ALIAS

I have tried to give some rights this way:

net rpc rights grant 'DOMAIN\username' SeMachineAccountPrivilege
SeAddUsersPrivilege SeDiskOperatorPrivilege SeSecurityPrivilege
SeUndockPrivilege SeImpersonatePrivilege SeCreateGlobalPrivilege
SePrintOperatorPrivilege SeCreateGlobalPrivilege
SeEnableDelegationPrivilege  SeUndockPrivilege  SeTakeOwnershipPrivilege

And it does what I tell it:
[root@float samba]# net rpc rights list knobo
Enter root's password:
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege
SeSecurityPrivilege
SeSystemProfilePrivilege
SeUndockPrivilege
SeImpersonatePrivilege
SeCreateGlobalPrivilege
SeEnableDelegationPrivilege


But I'm still promptet for username and password, when I try to access the
user accounts in windows 7.

Any suggestions?


Regards
-- 
Knut Olav Bøhmer
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Local Administrator access

[Gaiseric Vandal]

With Windows7, the 1st account you create  during the initial setup is 
typically a member of the local admin group.  The actual Administrator 
account is normally disabled.  Did this 1st account get deleted?


When you joined the domain, the Domain Admin's groups should have been 
added to the local Admin group.


This can get messed up if your group mappings are not set up correctly.

Also, I think when running the net command you may want to use -U 
Administrator to use the credentials of your domain Administrator 
account  (assuming one has been defined.)  In my setup the unix root 
does not have a samba account.





On 11/26/12 10:03, Knut Olav Bøhmer wrote:

Hi,

I have a windows 7 machine withouth local administrator account.
I need to create such an account. I can log in to the machine with a user
on my samba domain.

What do I need to do in order to get administrator access, or access to
create an local administrator account?

I have tried to do this:

[root@float samba]# net rpc group addmem Administrators 'DOMAIN\username'
Enter root's password:
Could not add SKOLELINUX\knobo to Administrators: NT_STATUS_NO_SUCH_ALIAS

I have tried to give some rights this way:

net rpc rights grant 'DOMAIN\username' SeMachineAccountPrivilege
SeAddUsersPrivilege SeDiskOperatorPrivilege SeSecurityPrivilege
SeUndockPrivilege SeImpersonatePrivilege SeCreateGlobalPrivilege
SePrintOperatorPrivilege SeCreateGlobalPrivilege
SeEnableDelegationPrivilege  SeUndockPrivilege  SeTakeOwnershipPrivilege

And it does what I tell it:
[root@float samba]# net rpc rights list knobo
Enter root's password:
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege
SeSecurityPrivilege
SeSystemProfilePrivilege
SeUndockPrivilege
SeImpersonatePrivilege
SeCreateGlobalPrivilege
SeEnableDelegationPrivilege


But I'm still promptet for username and password, when I try to access the
user accounts in windows 7.

Any suggestions?


Regards


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] S4 Bind vs Internal DNS

[Thomas Simmons]

Hello,

What are the benefits of using BIND instead of Samba's internal DNS server?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Timeout option for smblcient

[Alternativend]

Hi there,
I have huge problems with backing up a quite large Windows share with Amanda and
smbclient. Could you please tell me how to increase any timeout value smbclient
is using? I have about 93000 files in that share and Windows needs some time to
report it to the smblcient it seems. 

So Im not quite familiar with building things from source, but maybe there is a
way for me to increase it anyway?

Greetings

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Local Administrator access

[Gaiseric Vandal]

Have you tried logging into the PC using the samba domain administrator 
account?


Assuming the PC was properly joined to the domain then you should be 
able to configure the local accounts and groups.


You can create domain group that is then a member of the PC's local 
administrator group.  This will allow you do defined samba users who are 
PC administrators but NOT domain administrators.


Whomever joins a PC to a domain needs to be both a local administrator 
on that computer and (in most cases) have domain administrator 
credentials.  (If the machine account was created in advance then the 
domain administrator credentials should not be needed.)


Are you sure the PC was joined to the domain?



On 11/26/12 10:51, Knut Olav Bøhmer wrote:
2012/11/26 Gaiseric Vandal gaiseric.van...@gmail.com 
mailto:gaiseric.van...@gmail.com


With Windows7, the 1st account you create  during the initial
setup is typically a member of the local admin group.  The actual
Administrator account is normally disabled.  Did this 1st
account get deleted?


I did not install the computer. How can I find out if there is such a 
user? But, I don't have the password anyway.


When you joined the domain, the Domain Admin's groups should have
been added to the local Admin group.


Ok, so the trick is to get my user a member of the Domain Admins group.

This can get messed up if your group mappings are not set up
correctly.

Also, I think when running the net command you may want to use
-U Administrator to use the credentials of your domain
Administrator account  (assuming one has been defined.)  In my
setup the unix root does not have a samba account.





On 11/26/12 10:03, Knut Olav Bøhmer wrote:

Hi,

I have a windows 7 machine withouth local administrator account.
I need to create such an account. I can log in to the machine
with a user
on my samba domain.

What do I need to do in order to get administrator access, or
access to
create an local administrator account?

I have tried to do this:

[root@float samba]# net rpc group addmem Administrators
'DOMAIN\username'
Enter root's password:
Could not add SKOLELINUX\knobo to Administrators:
NT_STATUS_NO_SUCH_ALIAS

I have tried to give some rights this way:

net rpc rights grant 'DOMAIN\username' SeMachineAccountPrivilege
SeAddUsersPrivilege SeDiskOperatorPrivilege SeSecurityPrivilege
SeUndockPrivilege SeImpersonatePrivilege SeCreateGlobalPrivilege
SePrintOperatorPrivilege SeCreateGlobalPrivilege
SeEnableDelegationPrivilege  SeUndockPrivilege
 SeTakeOwnershipPrivilege

And it does what I tell it:
[root@float samba]# net rpc rights list knobo
Enter root's password:
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege
SeSecurityPrivilege
SeSystemProfilePrivilege
SeUndockPrivilege
SeImpersonatePrivilege
SeCreateGlobalPrivilege
SeEnableDelegationPrivilege


But I'm still promptet for username and password, when I try
to access the
user accounts in windows 7.

Any suggestions?


Regards


-- 
To unsubscribe from this list go to the following URL and read the

instructions: https://lists.samba.org/mailman/options/samba




--
Knut Olav Bøhmer
41 000 108



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Trouble with file shares on Samba 4

[Michael B. Trausch]

Hello all,

I have a Samba 4 system setup with 4.0.0-rc5 working as an Active 
Directory controller for a set of seven Win7 computers, and most things 
are working.  However, file shares are not.


In all cases, if I add users to Domain Admins, they can access the 
shares.  In all cases, if users are not in Domain Admins, they cannot 
access the shares.


I've added users to groups that (according to Windows) are allowed to 
read and write the shares.  However, the users themselves get zero 
permissions unless they're in Domain Admins.


I've even tried adding users *directly* to the ACLs for the shares, 
thinking that surely if they appear in the list directly, they will be 
able to access the shares.  This is not, however, the case.


Any assistance or advice on what to look for would be awesome.

Thanks,
Mike
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] S4 Bind vs Internal DNS

[Hleb Valoshka]

On 11/26/12, Thomas Simmons twsn...@gmail.com wrote:
 What are the benefits of using BIND instead of Samba's internal DNS server?

You can use additional resource types like SPF or SSHFP.
You can use different views for different clients.
It's much easier to update zone using good old shared key than using
wrapper (isc dhcpd knows nothing about kerberos).
Bind is known to *x admins and it's rather stable, samba's internal
dns is new and possibly buggy :)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 on CentOS 6.3 - IPTABLES how-to???

[Stephen Jones]

Hi,

Here is an extract from my post on installing Samba4 on CentOS6.  I have
iptables working - I used netstat and Wireshark to monitor the packets.
-
The ports needed are:
53, TCP  UDP (DNS)
88, TCP  UDP (Kerberos authentication)
135, TCP (MS RPC)
137, UDP (NetBIOS name service)
138, UDP (NetBIOS datagram service)
139, TCP (NetBIOS session service)
389, TCP  UDP (LDAP)
445, TCP (MS-DS AD)
464, TCP  UDP (Kerberos change/set password)
1024, TCP (this is a strange one but AD is using it)

Add these to iptables:
# iptables -A INPUT -p tcp --dport 53 -j ACCEPT
# iptables -A INPUT -p udp --dport 53 -j ACCEPT
# iptables -A INPUT -p udp --dport 137:138 -j ACCEPT
# iptables -A INPUT -p tcp --dport 139 -j ACCEPT
# iptables -A INPUT -p tcp --dport 445 -j ACCEPT
# iptables -A INPUT -p tcp --dport 135 -j ACCEPT
# iptables -A INPUT -p tcp --dport 88 -j ACCEPT
# iptables -A INPUT -p udp --dport 88 -j ACCEPT
# iptables -A INPUT -p tcp --dport 464 -j ACCEPT
# iptables -A INPUT -p tcp --dport 389 -j ACCEPT
# iptables -A INPUT -p udp --dport 389 -j ACCEPT
# iptables -A INPUT -p tcp --dport 1024 -j ACCEPT
-
Looking at your rules, they are close to this.  I believe it's the
missing RPC (135) that's blocking RSAT.

Cheers,

Stephen Jones
Lloyd Systems Engineering



On Tue, Nov 27, 2012, at 12:39 AM, Andreas Krupp wrote:
 Hello,
 
 I do appologize if this is something that was already discussed somewhere
 else... but for now I was not able to find the appropriate How-To.
 Would anybody know what the IPTABLES entries are to have working Samba4
 Domain Controller?
 I tried the following:
 
 -A INPUT -p tcp -m state --state NEW -m tcp --dport 88 -j ACCEPT
 -A INPUT -p tcp -m state --state NEW -m tcp --dport 749 -j ACCEPT
 -A INPUT -p udp -m state --state NEW -m udp --dport 88 -j ACCEPT
 -A INPUT -p tcp -m state --state NEW -m tcp --dport 389 -j ACCEPT
 -A INPUT -d SERVERIP/32 -p udp -m udp --sport 1024:65535 --dport 53 -m
 state --state NEW,ESTABLISHED -j ACCEPT
 -A INPUT -d SERVERIP/32 -p udp -m udp --sport 53 --dport 53 -m state
 --state NEW,ESTABLISHED -j ACCEPT
 -A INPUT -p udp -m udp --dport 137 -j ACCEPT
 -A INPUT -p udp -m udp --dport 138 -j ACCEPT
 -A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
 -A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
 
 With the above I was not able to connect via remote Administration tools
 to the Active Directory Service.
 Does anybody have a comprehensive list of ports/protocols one has to
 open in IPTABLES to get DNS, Samba, Fileshares, Active Directory, etc.
 working?
 
 Cheers  thank you very much for your help!
 Best,
 Andreas
 
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] VFS ACL with SMB2

[Jeremy Allison]

On Wed, Nov 21, 2012 at 09:53:53AM +0100, Adrian Berlin wrote:
 Hi!
 
 Thanks for reply.
 
 Debug file with level 10 attached.

I didn't say post to the list (it got stripped anyway :-).
I said log a bug and attach the log there.

Hope this helps,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Press around releasing Samba4.

[Jeremy Allison]

Hi all,

It's getting close to Samba4 release time, and we need to have
a good press release to generate excitement around all our new
features !

So I was wondering if people who have been working with the
Samba4 code and have nice things to say about it for themselves
or their companies would be willing to send me some quotes I
can use for the press release ?

Remember, if this is on behalf of your company or organization
you'll probably need to get permission for your PR department
(unless you are the President or CEO :-) before we can use the
quote in the press release.

Please send the quotes directly to me j...@samba.org (unless
you're happy to send to the lists).

Thanks in advance, and I hope Samba4 works well for everyone,
as we've had a lot of fun developing it !

Cheers,

Jeremy Allison,
Samba Team.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Trouble with file shares on Samba 4

[Michael B. Trausch]

On 11/26/2012 11:07 AM, Michael B. Trausch wrote:
 Any assistance or advice on what to look for would be awesome.

One additional note that I've been able to put together.

Windows reports that the permissions that I've set on the server match
my expectations of what Windows thinks the permissions should be.  That
is, I added ACLs to allow user X to access the share with Full
Control, and Windows see this.  Windows attempts to access the share,
but then says that access is denied.  Windows won't even show space
utilization on the share, though Windows *can* see the ACLs and, again,
they match what we think they should be.

I am _not_ an expert on Samba 4.  I do know that this functionality
worked in a beta release, though I don't recall which one.  I'm actually
in the process of setting up a test network to replicate the problem, as
I cannot officially submit a bug report based on the network I'm
discussing at present.  I fully expect to be able to have enough
information within 24 hours to create a bug report.  I also plan on
testing with git master to see if anything changed since rc5 that might
fix the problem, but it essentially seems that while the permissions are
correct, they're not being correctly interpreted or honored.

--- MIke

-- 
Michael B. Trausch
President, Naunet Corporation

Web:   https://www.naunetcorp.com
Telephone: +1-678-287-0693



signature.asc
Description: OpenPGP digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] S4 Bind vs Internal DNS

[Matthieu Patou]

On 11/26/2012 09:09 AM, Hleb Valoshka wrote:

On 11/26/12, Thomas Simmons twsn...@gmail.com wrote:

What are the benefits of using BIND instead of Samba's internal DNS server?

You can use additional resource types like SPF or SSHFP.
You can use different views for different clients.
It's much easier to update zone using good old shared key than using
wrapper (isc dhcpd knows nothing about kerberos).
Bind is known to *x admins and it's rather stable, samba's internal
dns is new and possibly buggy :)
Well you have to take in account that the bind that you need for AD is 
9.8 and that you need the dlz plugin, I'm not sure that for zone managed 
by dlz you can do shared key update (from isc dhcp) you have to know 
that the code for dlz is also quite new and so potentially buggy as well.


Things that you can do with bind:

* zone transfer (having slaves of your dlz managed zone, TBC)
I would say that I think that bind is more robust than samba's DNS 
server but that has to be proved.


Matthieu

--
Matthieu Patou
Samba Team
http://samba.org

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[SCM] Samba Shared Repository - branch master updated

[Michael Adam]

The branch, master has been updated
   via  8336061 s4:torture/rpc/handles: try to make all assoc_group tests 
less flakey
  from  e4218e4 configure(waf):  Fail configure --with-ads if ads support 
is not available

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 8336061096c259f5c3c93f869ff51bf4daab3fdc
Author: Stefan Metzmacher me...@samba.org
Date:   Sat Nov 24 11:28:57 2012 +0100

s4:torture/rpc/handles: try to make all assoc_group tests less flakey

Just incrementing the assoc_group_id makes it too likely to hit
a number that is already in use.

Signed-off-by: Stefan Metzmacher me...@samba.org
Reviewed-by: Michael Adam ob...@samba.org

Autobuild-User(master): Michael Adam ob...@samba.org
Autobuild-Date(master): Mon Nov 26 13:53:22 CET 2012 on sn-devel-104

---

Summary of changes:
 source4/torture/rpc/handles.c |5 +
 1 files changed, 5 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/torture/rpc/handles.c b/source4/torture/rpc/handles.c
index 3fdce56..5c08a5f 100644
--- a/source4/torture/rpc/handles.c
+++ b/source4/torture/rpc/handles.c
@@ -471,6 +471,11 @@ static bool test_handles_mixed_shared(struct 
torture_context *torture)
torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
  opening lsa pipe4);
 
+   /*
+* We use ~assoc_group_id instead of p1-assoc_group_id, because
+* this way we are less likely to use an id which is already in use.
+*/
+   assoc_group_id = ~assoc_group_id;
torture_comment(torture, connect samr pipe5 with 
assoc_group_id[0x%08X]- should fail\n, ++assoc_group_id);
status = torture_rpc_connection_transport(torture, p5, ndr_table_samr,
  transport,


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-0-test updated

[Karolin Seeger]

The branch, v4-0-test has been updated
   via  92c3c86 WHATSNEW: Update changes since rc5.
   via  ac0623c s3-rpc_client: lookup nametype 0x20 in 
rpc_pipe_open_tcp_port(). (bug #9426)
   via  4760b8f waf: Disable ntdb by default.
   via  76106a3 s4:samba-tool/testparm: report a CommandError if loading of 
the config file fails
   via  48ec9ca build: Do not install testing binaries
   via  256eedd packaging: Remove long-gone --disable-merged-build from 
RHEL-CTDB packaging
   via  428c170 build: Remove --enable-smbtorture, require bin/smbtorture 
(from waf) for make test
   via  0519b9b build: Be consistent with the name of smbtorture binaries
   via  68e6eda torture: remove source3 locktest and masktest
   via  2a2480f build: Use ntlm_auth from source3 as the only ntlm_auth 
installed on the system
   via  3e042a9 lib/replace: Do not use STRERROR_R_PROTO_COMPATIBLE as only 
roken.h sets this
  from  2b130b4 WHATSNEW: Update changes since rc5.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test


- Log -
commit 92c3c8690c150119d8f3ff2e26979b9d9038f939
Author: Karolin Seeger ksee...@samba.org
Date:   Mon Nov 26 12:50:06 2012 +0100

WHATSNEW: Update changes since rc5.

Karolin

Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org
Autobuild-Date(v4-0-test): Mon Nov 26 14:30:07 CET 2012 on sn-devel-104

commit ac0623cab847a4df9c5cd35442e9be8924d9e261
Author: Günther Deschner g...@samba.org
Date:   Fri Nov 23 13:19:53 2012 +0100

s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(). (bug #9426)

The server name type (0x20) is much more likely to be available in the name 
cache, as
this type gets stored by winbind itself - the primary user of the 
ncacn_ip_tcp
code currently.

Guenther

Signed-off-by: Günther Deschner g...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org

Autobuild-User(master): Stefan Metzmacher me...@samba.org
Autobuild-Date(master): Fri Nov 23 16:30:57 CET 2012 on sn-devel-104
(cherry picked from commit 2032f2746d70bbebd1af26a7a046eb1cc61ac175)

commit 4760b8f7b256922d81bd84250dae70d7da740450
Author: Karolin Seeger ksee...@samba.org
Date:   Fri Nov 23 12:33:37 2012 +0100

waf: Disable ntdb by default.

Disable ntdb by default for 4.0 as it is not used yet.

Karolin

Signed-off-by: Karolin Seeger ksee...@samba.org

Fix bug #9425 - Do not build ntdb by default.

commit 76106a30452c964066e3c522a9f1fefbc2dd14f7
Author: Stefan Metzmacher me...@samba.org
Date:   Fri Nov 9 09:01:29 2012 +0100

s4:samba-tool/testparm: report a CommandError if loading of the config file 
fails

Signed-off-by: Stefan Metzmacher me...@samba.org

Reviewed-by: Andrew Bartlett abart...@samba.org
(cherry picked from commit 11f5d54cbb10fd5c5f0e1718427609709c3476f4)

Fix bug #9373 - Output of 'samba-tool' does not look very nice.

commit 48ec9ca6f2e9b06955976b35f8a0028f094589c9
Author: Andrew Bartlett abart...@samba.org
Date:   Wed Nov 21 20:20:46 2012 +1100

build: Do not install testing binaries

These binaries are for developer or selftest use, and are not
supported for installation onto the system.  The autoconf build does
not install these binaries, and so neither should the waf build.

Andrew Bartlett

Reviewed-by: Andreas Schneider a...@samba.org

Autobuild-User(master): Andreas Schneider a...@cryptomilk.org
Autobuild-Date(master): Thu Nov 22 12:00:36 CET 2012 on sn-devel-104
(cherry-pick from f22e15d9d5a3d4744982265363c357ef277ba31e)

The last 7 patches address bug #9421 - Build fixes for samba4.

commit 256eeddbd00bcfd68deda4a3ea75f435489ffd01
Author: Andrew Bartlett abart...@samba.org
Date:   Wed Nov 21 19:52:50 2012 +1100

packaging: Remove long-gone --disable-merged-build from RHEL-CTDB packaging

Reviewed-by: Andreas Schneider a...@samba.org
(cherry-picked from 895cc9a9157d51f768d35f888795e8af7efed781)

commit 428c17039214f6f4f2fe6ed7a5515f1662f63fe8
Author: Andrew Bartlett abart...@samba.org
Date:   Wed Nov 21 17:52:35 2012 +1100

build: Remove --enable-smbtorture, require bin/smbtorture (from waf) for 
make test

This simply moves this to being a side-effect of --enable-selftest.

The flag was renamed from --enable-smbtorture4 in a recent patch.

Make test now relies on smbtorture4, and so this code to make the dependency
optional for the tests is not required any more.

Andrew Bartlett

Reviewed-by: Andreas Schneider a...@samba.org
(cherry-picked from 7626b5d9045c2b490b38dee7dd45ba7763740f83)

commit 0519b9b4fa5b4a6c08113552848d6888ac64d202
Author: Andrew Bartlett abart...@samba.org
Date:   Wed Nov 21 16:32:38 2012 +1100

build: Be consistent with the name of smbtorture binaries

[SCM] Samba Shared Repository - branch master updated

[Stefan Metzmacher]

The branch, master has been updated
   via  b11ba24 s3-rpc_client: try to use socket_addr if available in 
rpc_pipe_open_tcp() (bug #9426)
  from  8336061 s4:torture/rpc/handles: try to make all assoc_group tests 
less flakey

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit b11ba248837ae9bf1df1c5ae1ca1768d57e582bb
Author: Günther Deschner g...@samba.org
Date:   Fri Nov 23 18:15:30 2012 +0100

s3-rpc_client: try to use socket_addr if available in rpc_pipe_open_tcp() 
(bug #9426)

Guenther

Signed-off-by: Günther Deschner g...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org

Autobuild-User(master): Stefan Metzmacher me...@samba.org
Autobuild-Date(master): Mon Nov 26 17:36:20 CET 2012 on sn-devel-104

---

Summary of changes:
 source3/rpc_client/cli_pipe.c  |   23 ---
 source3/rpc_client/cli_pipe.h  |1 +
 source3/torture/rpc_open_tcp.c |3 ++-
 3 files changed, 19 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c
index f8c7b24..61e6cce 100644
--- a/source3/rpc_client/cli_pipe.c
+++ b/source3/rpc_client/cli_pipe.c
@@ -2420,6 +2420,7 @@ NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, 
const char *domain,
  * Create an rpc pipe client struct, connecting to a tcp port.
  */
 static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX *mem_ctx, const char *host,
+  const struct sockaddr_storage *ss_addr,
   uint16_t port,
   const struct ndr_syntax_id 
*abstract_syntax,
   struct rpc_pipe_client **presult)
@@ -2448,9 +2449,13 @@ static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX 
*mem_ctx, const char *host,
result-max_xmit_frag = RPC_MAX_PDU_FRAG_LEN;
result-max_recv_frag = RPC_MAX_PDU_FRAG_LEN;
 
-   if (!resolve_name(host, addr, NBT_NAME_SERVER, false)) {
-   status = NT_STATUS_NOT_FOUND;
-   goto fail;
+   if (ss_addr == NULL) {
+   if (!resolve_name(host, addr, NBT_NAME_SERVER, false)) {
+   status = NT_STATUS_NOT_FOUND;
+   goto fail;
+   }
+   } else {
+   addr = *ss_addr;
}
 
status = open_socket_out(addr, port, 60*1000, fd);
@@ -2487,6 +2492,7 @@ static NTSTATUS rpc_pipe_open_tcp_port(TALLOC_CTX 
*mem_ctx, const char *host,
  * target host.
  */
 static NTSTATUS rpc_pipe_get_tcp_port(const char *host,
+ const struct sockaddr_storage *addr,
  const struct ndr_syntax_id 
*abstract_syntax,
  uint16_t *pport)
 {
@@ -2517,7 +2523,7 @@ static NTSTATUS rpc_pipe_get_tcp_port(const char *host,
}
 
/* open the connection to the endpoint mapper */
-   status = rpc_pipe_open_tcp_port(tmp_ctx, host, 135,
+   status = rpc_pipe_open_tcp_port(tmp_ctx, host, addr, 135,
ndr_table_epmapper.syntax_id,
epm_pipe);
 
@@ -2631,18 +2637,19 @@ done:
  * host.
  */
 NTSTATUS rpc_pipe_open_tcp(TALLOC_CTX *mem_ctx, const char *host,
+  const struct sockaddr_storage *addr,
   const struct ndr_syntax_id *abstract_syntax,
   struct rpc_pipe_client **presult)
 {
NTSTATUS status;
uint16_t port = 0;
 
-   status = rpc_pipe_get_tcp_port(host, abstract_syntax, port);
+   status = rpc_pipe_get_tcp_port(host, addr, abstract_syntax, port);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
 
-   return rpc_pipe_open_tcp_port(mem_ctx, host, port,
+   return rpc_pipe_open_tcp_port(mem_ctx, host, addr, port,
abstract_syntax, presult);
 }
 
@@ -2816,7 +2823,9 @@ static NTSTATUS cli_rpc_pipe_open(struct cli_state *cli,
 {
switch (transport) {
case NCACN_IP_TCP:
-   return rpc_pipe_open_tcp(NULL, 
smbXcli_conn_remote_name(cli-conn),
+   return rpc_pipe_open_tcp(NULL,
+smbXcli_conn_remote_name(cli-conn),
+
smbXcli_conn_remote_sockaddr(cli-conn),
 interface, presult);
case NCACN_NP:
return rpc_pipe_open_np(cli, interface, presult);
diff --git a/source3/rpc_client/cli_pipe.h b/source3/rpc_client/cli_pipe.h
index 3984cf0..343bd0a 100644
--- a/source3/rpc_client/cli_pipe.h
+++ b/source3/rpc_client/cli_pipe.h
@@ -66,6 +66,7 @@ NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx,
 
 NTSTATUS 

[SCM] Samba Shared Repository - branch master updated

[Michael Adam]

The branch, master has been updated
   via  994eec4 s3: Fix Coverity ID 741407 -- resource leak
  from  b11ba24 s3-rpc_client: try to use socket_addr if available in 
rpc_pipe_open_tcp() (bug #9426)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 994eec4d5861c0027b4f863baf095d95ce22c695
Author: Volker Lendecke v...@samba.org
Date:   Sun Nov 25 10:19:23 2012 +0100

s3: Fix Coverity ID 741407 -- resource leak

Reviewed-by: Michael Adam ob...@samba.org

Autobuild-User(master): Michael Adam ob...@samba.org
Autobuild-Date(master): Mon Nov 26 19:20:05 CET 2012 on sn-devel-104

---

Summary of changes:
 source3/lib/util_sock.c |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c
index 7fcb9c4..2063a58 100644
--- a/source3/lib/util_sock.c
+++ b/source3/lib/util_sock.c
@@ -853,6 +853,7 @@ int open_udp_socket(const char *host, int port)
salen = sizeof(struct sockaddr_in);
} else {
DEBUG(1, (unknown socket family %d, ss.ss_family));
+   close(res);
return -1;
}
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Jeremy Allison]

The branch, master has been updated
   via  ed68f75 s3: Do not free a string where we should not
   via  db68915 s3: Do not free a string where we should not
  from  994eec4 s3: Fix Coverity ID 741407 -- resource leak

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit ed68f75b676a6b1d08f9668d29ff6d09f558fbe6
Author: Volker Lendecke v...@samba.org
Date:   Sun Nov 25 14:19:32 2012 +

s3: Do not free a string where we should not

Reviewed by: Jeremy Allison j...@samba.org

Autobuild-User(master): Jeremy Allison j...@samba.org
Autobuild-Date(master): Mon Nov 26 22:03:05 CET 2012 on sn-devel-104

commit db68915a4eaaedede9dac77c6c748718ce156139
Author: Volker Lendecke v...@samba.org
Date:   Sun Nov 25 14:19:32 2012 +

s3: Do not free a string where we should not

Reviewed by: Jeremy Allison j...@samba.org

---

Summary of changes:
 source3/winbindd/winbindd_cache.c |4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/winbindd_cache.c 
b/source3/winbindd/winbindd_cache.c
index 517a302..e3406a5 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -1114,7 +1114,7 @@ NTSTATUS resolve_username_to_alias( TALLOC_CTX *mem_ctx,
if ( (upper_name = SMB_STRDUP(name)) == NULL )
return NT_STATUS_NO_MEMORY;
if (!strupper_m(upper_name)) {
-   SAFE_FREE(name);
+   SAFE_FREE(upper_name);
return NT_STATUS_INVALID_PARAMETER;
}
 
@@ -1192,7 +1192,7 @@ NTSTATUS resolve_alias_to_username( TALLOC_CTX *mem_ctx,
if ( (upper_name = SMB_STRDUP(alias)) == NULL )
return NT_STATUS_NO_MEMORY;
if (!strupper_m(upper_name)) {
-   SAFE_FREE(alias);
+   SAFE_FREE(upper_name);
return NT_STATUS_INVALID_PARAMETER;
}
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Jeremy Allison]

The branch, master has been updated
   via  5f2edd1 s3: Fix bug 9428 -- inotify detection broken
  from  ed68f75 s3: Do not free a string where we should not

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 5f2edd13efd447df0500952a0946188432453eb7
Author: Volker Lendecke v...@samba.org
Date:   Sat Nov 24 11:39:02 2012 +0100

s3: Fix bug 9428 -- inotify detection broken

Reviewed by: Jeremy Allison j...@samba.org

Autobuild-User(master): Jeremy Allison j...@samba.org
Autobuild-Date(master): Tue Nov 27 01:20:24 CET 2012 on sn-devel-104

---

Summary of changes:
 source3/configure.in |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/configure.in b/source3/configure.in
index b74b4c2..bd3bffe 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -2509,7 +2509,7 @@ fi
 
 AC_CHECK_HEADER(sys/inotify.h)
 
-if test xac_cv_header_sys_inotify_h = xyes; then
+if test x$ac_cv_header_sys_inotify_h = xyes; then
 AC_DEFINE(HAVE_INOTIFY,1,[For inotify support])
 fi
 


-- 
Samba Shared Repository

[SCM] CTDB repository - branch 1.2.40 updated - ctdb-1.2.54-7-g8b2d844

[Amitay Isaacs]

The branch, 1.2.40 has been updated
   via  8b2d84482bacd3b31db013496ce82c2e7b730e86 (commit)
   via  e78e37205308e1507a2cf86a655a95893a7cd413 (commit)
   via  cfb85046e6ed87bf01c3abe8cc908a6d2be741e1 (commit)
   via  5c44156d1aea799f1d6655dd0237e01c49027b82 (commit)
   via  bde1c733fc8c4009202bf185452914f17631c1e7 (commit)
   via  6479566a0a104b903f499979db594541ffc00a1f (commit)
   via  5205d545e8d8c72d73b9d5fd148df6de30392fc8 (commit)
  from  b7467294465b6225982c90315df20a8699ccf812 (commit)

http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.2.40


- Log -
commit 8b2d84482bacd3b31db013496ce82c2e7b730e86
Author: Amitay Isaacs ami...@gmail.com
Date:   Tue Nov 27 15:50:54 2012 +1100

New version 1.2.55

Signed-off-by: Amitay Isaacs ami...@gmail.com

commit e78e37205308e1507a2cf86a655a95893a7cd413
Author: Amitay Isaacs ami...@gmail.com
Date:   Thu Nov 22 14:37:45 2012 +1100

Revert when creating/adding a public ip, set the initial interface to be 
the first interface specified

This reverts commit 4308935ba48ac7a29e7523315acf580019715f0f.

When IP is added to a node on a new interface for the first time,
vnn-iface gets set to the first interface defined for that IP.  This
actually causes problem in ctdb_vnn_assign_iface().  Since vnn-iface
is set it takes an early exit without updating vnn-pnn.  This results
in IP being hosted on the node, but CTDB still thinks it's unassigned.

Signed-off-by: Amitay Isaacs ami...@gmail.com

commit cfb85046e6ed87bf01c3abe8cc908a6d2be741e1
Author: Martin Schwenke mar...@meltin.net
Date:   Fri Nov 16 20:21:15 2012 +1100

Eventscripts: 10.interface should list configured interfaces

The current code lists available interfaces.  If IPs are configured in
some other way than the public addresses file (e.g. ctdb addip) and their
interfaces default to being marked down then, since down interfaces are
not available, these interfaces can never be marked up.

The configured interfaces should be listed instead.

Signed-off-by: Martin Schwenke mar...@meltin.net

Cherry-pick-from: d8f010355b715e49709836e057a5d0f110919897

Conflicts:
config/events.d/10.interface

commit 5c44156d1aea799f1d6655dd0237e01c49027b82
Author: Martin Schwenke mar...@meltin.net
Date:   Fri Nov 16 19:43:14 2012 +1100

ctdbd: Make the link status of new interfaces more flexible

Neither up nor down is a good default value for the link status of a
new interface.  Up means that IPs can be assigned to interfaces before
the true state is known and they can move away quickly if the interface
is actually down.  Down means that IPs can't be assigned to an interface
for a variable amount of time - until a monitor cycle occurs - and this
can result in imbalanced IPs.

This is a neat compromise.  Before the startup event completes, IPs
can't be assigned to interfaces because all interfaces begin in a down
state.  As soon as the startup event completes, IPs can be allocated
to any interface that has been marked up by the eventscript.  Later,
during normal operation, newly added IPs can be assigned to new
interfaces immediately.  The IPs will still move away if an interface
is noticed to be down in the next monitor cycle, but that is the
exception rather than the rule.

Signed-off-by: Martin Schwenke mar...@meltin.net

Cherry-pick-from: 9275a69a414482f1053ae14528d5972575b9214e

commit bde1c733fc8c4009202bf185452914f17631c1e7
Author: Amitay Isaacs ami...@gmail.com
Date:   Tue Nov 6 17:06:54 2012 +1100

tools/ctdb: Do not use function return value as pnn

This fixes the wrong code where same variable 'ret' is used to track the pnn
and the return value of a function call.

Signed-off-by: Amitay Isaacs ami...@gmail.com

Cherry-pick-from: 718233c445cd6627ab3962b6565c2655f1f8efd0

commit 6479566a0a104b903f499979db594541ffc00a1f
Author: Amitay Isaacs ami...@gmail.com
Date:   Tue Oct 23 16:23:12 2012 +1100

recoverd: Track the nodes that fail takeover run and set culprit count

If any of the nodes fail takeover run (either due to timeout or failure
to complete within takeover_timeout interval) from main loop, recovery
master will give up trying takeover run with following message:

  Unable to setup public takeover addresses. Try again later

And as a side-effect the monitoring is disabled on all the nodes. Before
ctdb_takeover_run() is called from main loop, monitoring get disabled via
startrecovery event. Since ctdb_takeover_run() fails, it never runs
recovered event and monitoring does not get re-enabled.

In main_loop, ctdb_takeover_run() is called with a takeover_fail_callback.
This callback will get called if any of the nodes fail in handling
  

[SCM] CTDB repository - annotated tag ctdb-1.2.55 created - ctdb-1.2.55

[Amitay Isaacs]

The annotated tag, ctdb-1.2.55 has been created
at  76b3981cd47807b493ff3f10cc681846b57ea32e (tag)
   tagging  8b2d84482bacd3b31db013496ce82c2e7b730e86 (commit)
  replaces  ctdb-1.2.54
 tagged by  Amitay Isaacs
on  Tue Nov 27 15:51:18 2012 +1100

- Log -
new version 1.2.55

Amitay Isaacs (5):
  daemon: Do not ignore timed out monitor events
  recoverd: Track the nodes that fail takeover run and set culprit count
  tools/ctdb: Do not use function return value as pnn
  Revert when creating/adding a public ip, set the initial interface to be 
the first interface specified
  New version 1.2.55

Martin Schwenke (2):
  ctdbd: Make the link status of new interfaces more flexible
  Eventscripts: 10.interface should list configured interfaces

---


-- 
CTDB repository

[SCM] CTDB repository - branch master updated - ctdb-2.0-13-g9a02f61

[Amitay Isaacs]

The branch, master has been updated
   via  9a02f61547ddf74629aca21639d8fb61c1df7cbb (commit)
  from  d05faf294e58e22ae3fbc76162258f1ae8178129 (commit)

http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master


- Log -
commit 9a02f61547ddf74629aca21639d8fb61c1df7cbb
Author: Volker Lendecke v...@samba.org
Date:   Thu Nov 22 15:27:51 2012 +0100

vacuum: Avoid some tallocs in ctdb recovery

In a heavily loaded and volatile database a lot of SCHEDULE_FOR_DELETION
requests can come in between fast vacuuming runs. This can lead to
significant ctdb cpu load due to the cost of doing talloc_free. This
reduces the number of objects a bit by coalescing the two objects
of delete_record_data into one. It will also avoid having to allocate
another talloc header for a SCHEDULE_FOR_DELETION key. Not the full fix
for this problem, but it might contribute a bit.

---

Summary of changes:
 server/ctdb_vacuum.c |   14 --
 1 files changed, 8 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/server/ctdb_vacuum.c b/server/ctdb_vacuum.c
index 7f6a8f5..4a000b0 100644
--- a/server/ctdb_vacuum.c
+++ b/server/ctdb_vacuum.c
@@ -91,6 +91,7 @@ struct delete_record_data {
struct ctdb_db_context *ctdb_db;
struct ctdb_ltdb_header hdr;
TDB_DATA key;
+   uint8_t keydata[1];
 };
 
 struct delete_records_list {
@@ -108,21 +109,22 @@ static int insert_delete_record_data_into_tree(struct 
ctdb_context *ctdb,
 {
struct delete_record_data *dd;
uint32_t hash;
+   size_t len;
 
-   dd = talloc_zero(tree, struct delete_record_data);
+   len = offsetof(struct delete_record_data, keydata) + key.dsize;
+
+   dd = (struct delete_record_data *)talloc_size(tree, len);
if (dd == NULL) {
DEBUG(DEBUG_ERR,(__location__  Out of memory\n));
return -1;
}
+   talloc_set_name_const(dd, struct delete_record_data);
 
dd-ctdb  = ctdb;
dd-ctdb_db   = ctdb_db;
dd-key.dsize = key.dsize;
-   dd-key.dptr  = talloc_memdup(dd, key.dptr, key.dsize);
-   if (dd-key.dptr == NULL) {
-   DEBUG(DEBUG_ERR,(__location__  Out of memory\n));
-   return -1;
-   }
+   dd-key.dptr  = dd-keydata;
+   memcpy(dd-keydata, key.dptr, key.dsize);
 
dd-hdr = *hdr;
 


-- 
CTDB repository

[SCM] CTDB repository - branch master updated - ctdb-2.0-14-g905cd12

[Amitay Isaacs]

The branch, master has been updated
   via  905cd1293aa97dc7839a59b4f68eca02981f0891 (commit)
  from  9a02f61547ddf74629aca21639d8fb61c1df7cbb (commit)

http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master


- Log -
commit 905cd1293aa97dc7839a59b4f68eca02981f0891
Author: Martin Schwenke mar...@meltin.net
Date:   Fri Nov 23 12:51:47 2012 +1100

Git should ignore generated include/version.h file

Signed-off-by: Martin Schwenke mar...@meltin.net

---

Summary of changes:
 .gitignore |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/.gitignore b/.gitignore
index 77ffc3b..6a71e4d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,3 +28,4 @@ tests/takeover/ctdb_takeover.pyc
 tests/eventscripts/var
 tests/eventscripts/etc/iproute2
 tests/eventscripts/etc-ctdb/policy_routing
+include/version.h


-- 
CTDB repository