[Samba] samba and RODC
Hi
I am trying to setup samba (rhel6/centos 6.2) and I am having some issues.
So what I have is
Server A (centos 6.2)
It exists in my DMZ so very limited access to thing. Juts mainly DNS and some
ports for RODC
Sever B (W2k8r2)
RODC, exists in my insecure vlan, stepping stone into the DMZ (dmz-inside)
My Windows box work fine talking to the RODC
When I try wbinfo -u it fails. I have opened up the kerbos and the ldap ports
for a - b. I drop the old still netbios, but I do allow port 445 tcp
The wbinfo -u waits a long time then fails
Note xyz.com is not the real domain :)
My smb.conf
[global]
#--authconfig--start-line--
# Generated by authconfig on 2012/11/28 10:16:49
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future
workgroup = XYZ
password server = int3.xyz.com
realm = XYZ.COM
security = ads
idmap uid = 5000-1
idmap gid = 5000-1
template homedir = /home/%D/%U
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
#--authconfig--end-line--
winbind enum users = 1
winbind enum groups = 1
winbind nested groups = Yes
preferred master = no
encrypt passwords = yes
log level = 3
server string = Samba Server Version %v
# logs split per machine
log file = /var/log/samba/log.%m
# max 50KB per log file, then rotate
max log size = 50
passdb backend = tdbsam
# the login script name depends on the machine name
# the login script name depends on the unix user used
# disables profiles support by specifing an empty path
load printers = yes
cups options = raw
#obtain list of printers automatically on SystemV
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
my /etc/krb.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = XYZ.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = yes
[realms]
XYZ.COM = {
admin_server = int3.xyz.com
default_domain = xyz.com
kdc = int3.xyz.com
}
[domain_realm]
.kerberos.server = XYZ.COM
.zyx.com = XYZ.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
I have done tcpdumps and it seems like when it gets stuck on is on Kerberos
(UDP) .. I see quit a few UDP A to B and no replies from B
Thanks
Alex
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Branches
On 11/29/2012 11:23 AM, fe...@epepm.cupet.cu wrote: Hello list: which git branch contains the latest changes of samba4 as AD DC? Regards, Felix. the master branch Thanks Matthieu. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba file server using ldap backend without AD or PDC?
Hi all, I've been using samba for a few years now on a couple of file servers with a tdbsam backend for our user accounts. We use openldap for the vast majority of our identity management, so I would love to be able to tie into this. We recently started using sambaNTPassword in openldap for radius authentication, so this is populated for most of our users now. From reading through some of the documentation though, I'm a bit confused as to how this would be implemented. We don't currently have Active Directory and don't have any samba PDC/BDCs set up. Would it be necessary for us to have a PDC/BDC in order to use openldap as our backend? Thanks, Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba file server using ldap backend without AD or PDC?
Can you clarify one thing - why are you using the sambaNTPassword in openldap if openldap is not currently used samba authentication? I would have thought that you would use the standard password field. I use Samba 3.x DC's with an ldap back end. I also use the ldap backend for unix authentication as well as authentication to various other systems that support LDAP authentication. If you are using one or more BDC's you really do have to use an LDAP back end. But there is no reason why member server's can use an LDAP backend. If the underlying unix account for each samba account is in /etc/passwd and not LDAP, you should consolidate it all into LDAP. Do the sambaNTPassword (and other samba attributes) in LDAP match those in the tdb backend?You may find you want to blast away the existing sambaNTPassword entries in LDAP before you migrate the TDB data to LDAP. On 11/30/12 08:28, Brian Gold wrote: Hi all, I've been using samba for a few years now on a couple of file servers with a tdbsam backend for our user accounts. We use openldap for the vast majority of our identity management, so I would love to be able to tie into this. We recently started using sambaNTPassword in openldap for radius authentication, so this is populated for most of our users now. From reading through some of the documentation though, I'm a bit confused as to how this would be implemented. We don't currently have Active Directory and don't have any samba PDC/BDCs set up. Would it be necessary for us to have a PDC/BDC in order to use openldap as our backend? Thanks, Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba file server using ldap backend without AD or PDC?
On 2012-11-30 9:22 am, Gaiseric Vandal wrote: Can you clarify one thing - why are you using the sambaNTPassword in openldap if openldap is not currently used samba authentication? I would have thought that you would use the standard password field. We are using the standard userPassword field for most things, but for radius authentication via PEAP/MSCHAPv2, we needed to use sambaNTPassword instead. I use Samba 3.x DC's with an ldap back end. I also use the ldap backend for unix authentication as well as authentication to various other systems that support LDAP authentication. If you are using one or more BDC's you really do have to use an LDAP back end. But there is no reason why member server's can use an LDAP backend. If the underlying unix account for each samba account is in /etc/passwd and not LDAP, you should consolidate it all into LDAP. We currently don't want to deploy a PDC or BDC if we don't need to. All we want to do is have a file server that can authenticate using the username/password stored in openldap. Do the sambaNTPassword (and other samba attributes) in LDAP match those in the tdb backend?You may find you want to blast away the existing sambaNTPassword entries in LDAP before you migrate the TDB data to LDAP. No, our current Samba file server has a totally separate set of passwords. When we transition over to this new Samba file server, we will be having all our users use their openldap password instead. We do not want to sync their existing tdb passwords over to LDAP. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Roaming Profiles not working
Hai, should be simple. Try this. [profiles] path = /export/home/comput/profiles comment = Profiles read only = no browseable = No create mask = 0600 directory mask = 0700 guest ok = Yes force user = %U valid users = %U AND set 777 on the /export/home/comput/profiles Greetz, Louis -Oorspronkelijk bericht- Van: tlparo...@gmail.com [mailto:samba-boun...@lists.samba.org] Namens Thiago Parolin Verzonden: donderdag 29 november 2012 14:52 Aan: samba@lists.samba.org Onderwerp: [Samba] Roaming Profiles not working Hi all, I need help to set roaming profiles in my network environment. I follow the samba wiki steps from here: https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles#Imp lementing_Roaming_Profiles_with_Samba The user's creation is made by Gosa software, and the settings are the same in smb.conf. If i comment all the options related with profiles in smb.conf, the home folder is mapped and the profile is locally created. My samba version is 3.6.6, using ldap backend...and the clients machines are XP and 7 My testparm command, results in: [global] workgroup = VMLDAP server string = LDAP-SERVER map to guest = Bad User passdb backend = ldapsam:ldap://127.0.0.1; syslog = 0 log file = /var/log/samba/log.%m debug pid = Yes debug uid = Yes deadtime = 10 ... ..some ldap specs .. logon path = \\%L\profiles\%U\%a logon drive = X: domain logons = Yes os level = 64 domain master = Yes utmp = Yes idmap config * : backend = tdb admin users = root [netlogon] path = /var/lib/samba/netlogon browseable = No [profiles] comment = Network Profiles Share path = /export/home/comput/profiles read only = No create mask = 0600 directory mask = 0700 profile acls = Yes browseable = No csc policy = disable [homes] comment = Home Directories valid users = %S read only = No create mask = 0700 directory mask = 0700 browseable = No -- *Thiago Luiz Parolin* -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba file server using ldap backend without AD or PDC?
On 11/30/12 09:42, Brian Gold wrote: On 2012-11-30 9:22 am, Gaiseric Vandal wrote: Can you clarify one thing - why are you using the sambaNTPassword in openldap if openldap is not currently used samba authentication? I would have thought that you would use the standard password field. We are using the standard userPassword field for most things, but for radius authentication via PEAP/MSCHAPv2, we needed to use sambaNTPassword instead. That makes sense I use Samba 3.x DC's with an ldap back end. I also use the ldap backend for unix authentication as well as authentication to various other systems that support LDAP authentication. If you are using one or more BDC's you really do have to use an LDAP back end. But there is no reason why member server's can use an LDAP backend. If the underlying unix account for each samba account is in /etc/passwd and not LDAP, you should consolidate it all into LDAP. We currently don't want to deploy a PDC or BDC if we don't need to. All we want to do is have a file server that can authenticate using the username/password stored in openldap. Should be no problem. Do the sambaNTPassword (and other samba attributes) in LDAP match those in the tdb backend?You may find you want to blast away the existing sambaNTPassword entries in LDAP before you migrate the TDB data to LDAP. No, our current Samba file server has a totally separate set of passwords. When we transition over to this new Samba file server, we will be having all our users use their openldap password instead. We do not want to sync their existing tdb passwords over to LDAP. No, you wouldn't sync passwords to TDB. Does your LDAP entry for each user currently have a SambaSID value? Also, when you type pdbedit -Lv someuser you should see the unix account for the user. The unix account is either explicitly created (e.g. in /etc/passwd or ldap or nis) or dynamically created by winbind. # pdbedit -Lv someuser Unix username:someuser NT username: someuser Account Flags:[U ] User SID: S-1-5-21-x Primary Group SID:S-1-5-21-xxx Full Name:Some User Home Directory: \\someserver\users\someuser HomeDir Drive:X: Logon Script: logon.bat Profile Path: Domain: SOMEDOMAIN Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 0 Kickoff time: 0 Password last set:Fri, 30 Sep 2011 09:40:43 EDT Password can change: Fri, 30 Sep 2011 09:40:43 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF # Assuming you are not using winbind to allocate uid's and gid's for samba users, your LDAP user entry will eventually look something like dn: uid=someuser,ou=someou,ou=people,o=yourdomain.com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: Some User gidNumber: xx homeDirectory: /home/someuser sambaSID: S-1-5-21- sn: UserLastName uid: someuser uidNumber: 123 displayName: Some User gecos: Some User givenName: Some User loginShell: /bin/tcsh sambaAcctFlags: [UX ] sambaHomeDrive: X: sambaHomePath: \\someserver\users\someuser sambaLogonScript: logon.bat sambaNTPassword: sambaPasswordHistory: 00 00 sambaPwdLastSet: 1291843237 st: xx street: x telephoneNumber: x userPassword:: Although the login script and network home directory probably not relevant in a non-DC setup. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba PDC group list empty
Am Donnerstag, 29. November 2012 schrieben Sie:
I still dont understand why ldap search filter generated by samba ( i
have this from samba log ) cannot find anything in database:
smbldap_search_paged: base = [dc=gymsnv,dc=sk], filter =
[((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=S-1-5-
21-2390795950-2727105968-4008069955*))],scope = [2], pagesize =
[1024] [2012/11/29 18:15:14.227560, 3]
lib/smbldap.c:1591(smbldap_search_paged) smbldap_search_paged:
search was successful
[2012/11/29 18:15:14.227647, 3]
rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context:
destroying talloc pool of size 0
If I remove sambaSID and try to find it in ldap, I will get all my
groups. Filter =
((objectclass=sambaGroupMapping)(sambaGroupType=2)(sambaSID=*))
Is this normal behavior or my ldap configuration can be incorrect?
That's not normal.
What indexes have you set?
# ldapsearch -LLLY external -H ldapi:/// -b cn=config (objectclass=*)
olcDBIndex
This are my indexes:
dn: olcDatabase={1}hdb,cn=config
olcDbIndex: objectClass eq
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: loginShell eq
olcDbIndex: uid eq,pres,sub
olcDbIndex: memberUid eq,pres,sub
olcDbIndex: uniqueMember eq,pres
olcDbIndex: sambaSID eq
olcDbIndex: sambaPrimaryGroupSID eq
olcDbIndex: sambaGroupType eq
olcDbIndex: sambaSIDList eq
olcDbIndex: sambaDomainName eq
olcDbIndex: displayName eq,sub
olcDbIndex: givenName eq,sub
olcDbIndex: mail eq,sub
olcDbIndex: dhcpHWAddress eq
olcDbIndex: dhcpClassData eq
olcDbIndex: cn eq,pres,sub
olcDbIndex: sn eq,pres,sub
olcDbIndex: ou eq
olcDbIndex: dc eq
olcDbIndex: default sub
And this shows the files:
# cd /var/lib/ldap/
# ls -l *bdb
-rw--- 1 openldap openldap 32768 18. Nov 15:49 cn.bdb
-rw--- 1 openldap openldap 8192 1. Jan 2012 dc.bdb
-rw--- 1 openldap openldap 8192 18. Nov 15:49 dhcpHWAddress.bdb
-rw--- 1 openldap openldap 24576 23. Aug 10:08 displayName.bdb
-rw--- 1 openldap openldap 24576 18. Nov 15:49 dn2id.bdb
-rw--- 1 openldap openldap 8192 23. Aug 10:08 gidNumber.bdb
-rw--- 1 openldap openldap 8192 1. Jun 21:57 givenName.bdb
-rw--- 1 openldap openldap 98304 27. Nov 22:54 id2entry.bdb
-rw--- 1 openldap openldap 8192 23. Aug 10:08 loginShell.bdb
-rw--- 1 openldap openldap 8192 1. Jun 21:57 mail.bdb
-rw--- 1 openldap openldap 8192 1. Jun 2012 memberUid.bdb
-rw--- 1 openldap openldap 16384 27. Nov 22:54 objectClass.bdb
-rw--- 1 openldap openldap 8192 1. Jun 19:57 ou.bdb
-rw--- 1 openldap openldap 8192 23. Aug 08:54 sambaDomainName.bdb
-rw--- 1 openldap openldap 8192 10. Mai 2012 sambaGroupType.bdb
-rw--- 1 openldap openldap 8192 23. Aug 08:54 sambaPrimaryGroupSID.bdb
-rw--- 1 openldap openldap 8192 23. Aug 10:08 sambaSID.bdb
-rw--- 1 openldap openldap 8192 27. Nov 22:54 sambaSIDList.bdb
-rw--- 1 openldap openldap 8192 1. Jun 21:57 sn.bdb
-rw--- 1 openldap openldap 8192 23. Aug 10:08 uid.bdb
-rw--- 1 openldap openldap 8192 23. Aug 10:08 uidNumber.bdb
-rw--- 1 openldap openldap 8192 1. Jan 2012 uniqueMember.bdb
root@capella:/var/lib/ldap#
--
Gruss
Harry Jede
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba file server using ldap backend without AD or PDC?
On 2012-11-30 11:15 am, Gaiseric Vandal wrote: No, you wouldn't sync passwords to TDB. Does your LDAP entry for each user currently have a SambaSID value? Also, when you type pdbedit -Lv someuser you should see the unix account for the user. The unix account is either explicitly created (e.g. in /etc/passwd or ldap or nis) or dynamically created by winbind. No, currently our users do not have SambaSID values in ldap. # pdbedit -Lv someuser Unix username:someuser NT username: someuser Account Flags:[U ] User SID: S-1-5-21-x Primary Group SID:S-1-5-21-xxx Full Name:Some User Home Directory: \\someserver\users\someuser HomeDir Drive:X: Logon Script: logon.bat Profile Path: Domain: SOMEDOMAIN Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 0 Kickoff time: 0 Password last set:Fri, 30 Sep 2011 09:40:43 EDT Password can change: Fri, 30 Sep 2011 09:40:43 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF # Assuming you are not using winbind to allocate uid's and gid's for samba users, your LDAP user entry will eventually look something like dn: uid=someuser,ou=someou,ou=people,o=yourdomain.com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: Some User gidNumber: xx homeDirectory: /home/someuser sambaSID: S-1-5-21- sn: UserLastName uid: someuser uidNumber: 123 displayName: Some User gecos: Some User givenName: Some User loginShell: /bin/tcsh sambaAcctFlags: [UX ] sambaHomeDrive: X: sambaHomePath: \\someserver\users\someuser sambaLogonScript: logon.bat sambaNTPassword: sambaPasswordHistory: 00 00 sambaPwdLastSet: 1291843237 st: xx street: x telephoneNumber: x userPassword:: Although the login script and network home directory probably not relevant in a non-DC setup. We are not using winbind at all currently. Here is a sample user's ldap data: dn: uid=tstaff,ou=people,dc=simons-rock,dc=edu uid: tstaff sn: Staff uinSR: tstaff-false givenName: Test genderSR: m loginShell: /bin/false cn: Test Staff gecos: Test Staff mailSR: test...@simons-rock.edu homeDirectory: /home/testaff objectClass: person objectClass: top objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: personSR objectClass: extensibleObject objectClass: posixAccount objectClass: shadowAccount shadowLastChange: 11551 shadowWarning: 7 gidNumber: 100 shadowMax: 9 uidNumber: 7391 mail: test...@simons-rock.edu groupSR: staff groupSR: hidden employeeNumber: 991991991 sambaNTPassword: REDACTED sambaPwdLastSet: 1354296936 userPassword:: REDACTED -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User is invalid on this system
Ah good ideas. /etc/nsswitch.conf looks correct: passwd: files winbind group: files winbind shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files Winbind is running too: # ps -C winbindd -f UIDPID PPID C STIME TTY TIME CMD root 32102 1 0 08:18 ?00:00:00 /usr/sbin/winbindd root 32108 32102 0 08:18 ?00:00:00 /usr/sbin/winbindd root 32109 32102 0 08:18 ?00:00:00 /usr/sbin/winbindd root 32110 32102 0 08:18 ?00:00:00 /usr/sbin/winbindd I can't get anything for Active Directory users via getent 'though: # getent -s winbind passwd CBJ_NT+Kevin_Elliott # getent -s winbind passwd Kevin_Elliott # wbinfo -i Kevin_Elliott kevin_elliott:*:24949:10513::/home/CBJ_NT/kevin_elliott:/bin/false log.winbindd seems normal too: [2012/11/30 08:41:50.128842, 6] winbindd/winbindd.c:793(new_connection) accepted socket 28 [2012/11/30 08:41:50.128990, 10] winbindd/winbindd.c:643(process_request) process_request: request fn INTERFACE_VERSION [2012/11/30 08:41:50.129052, 3] winbindd/winbindd_misc.c:384(winbindd_interface_version) [ 425]: request interface version [2012/11/30 08:41:50.129127, 10] winbindd/winbindd.c:739(winbind_client_response_written) winbind_client_response_written[425:INTERFACE_VERSION]: delivered response to client [2012/11/30 08:41:50.129215, 10] winbindd/winbindd.c:643(process_request) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2012/11/30 08:41:50.129266, 3] winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir) [ 425]: request location of privileged pipe [2012/11/30 08:41:50.129346, 10] winbindd/winbindd.c:739(winbind_client_response_written) winbind_client_response_written[425:WINBINDD_PRIV_PIPE_DIR]: delivered response to client [2012/11/30 08:41:50.129434, 6] winbindd/winbindd.c:841(winbind_client_request_read) closing socket 28, client exited [2012/11/30 08:41:50.129506, 6] winbindd/winbindd.c:793(new_connection) accepted socket 28 [2012/11/30 08:41:50.129582, 10] winbindd/winbindd.c:616(process_request) process_request: Handling async request 425:PING [2012/11/30 08:41:50.129641, 10] winbindd/winbindd.c:678(wb_request_done) wb_request_done[425:PING]: NT_STATUS_OK [2012/11/30 08:41:50.129709, 10] winbindd/winbindd.c:739(winbind_client_response_written) winbind_client_response_written[425:PING]: delivered response to client [2012/11/30 08:41:50.145530, 10] winbindd/winbindd.c:616(process_request) process_request: Handling async request 425:PING [2012/11/30 08:41:50.145630, 10] winbindd/winbindd.c:678(wb_request_done) wb_request_done[425:PING]: NT_STATUS_OK [2012/11/30 08:41:50.145709, 10] winbindd/winbindd.c:739(winbind_client_response_written)
Re: [Samba] User is invalid on this system
Kevin, 3.6.x has had several issues with idmap rid. I was hit with this one: https://bugzilla.samba.org/show_bug.cgi?id=8676 . Searching for idmap rid issues with 3.6.x will reveal others as well. Someone indicated that rejoining the domain would fix this issue. As it so happened, I had to rebuild one of the servers. After joining the rebuilt system to the domain, it has worked flawlessly ever since. So, it appears the problem with rid and some of the other idmap backends is somehow related to upgrading, as newly joined systems work as expected. Dale On 11/29/2012 6:51 PM, Kevin Elliott wrote: Hello all. We are running Samba 3.6.6 on a Debian 6.0.6 server. We made the upgrade from 3.6.5 to 3.6.5 about a week ago and ever since we have lost the ability to map Samba shares from our Windows XP SP3 and Windows 7 clients: Here's an example from my workstation (logging verbosity set at 10): [2012/11/29 15:23:58.120087, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 2517) conn 0x0 [2012/11/29 15:23:58.120212, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/11/29 15:23:58.120258, 2] smbd/sesssetup.c:1279(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/11/29 15:23:58.120353, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/11/29 15:23:58.120409, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/11/29 15:23:58.120498, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1680 [2012/11/29 15:23:58.124198, 3] libads/authdata.c:332(decode_pac_data) Found account name from PAC: kevin_elliott [Kevin Elliott] [2012/11/29 15:23:58.124309, 3] auth/user_krb5.c:50(get_user_from_kerberos_info) Kerberos ticket principal name is [kevin_elliott@CBJ.LOCAL] [2012/11/29 15:23:58.124710, 1] auth/user_krb5.c:162(get_user_from_kerberos_info) Username CBJ_NT+kevin_elliott is invalid on this system [2012/11/29 15:23:58.124780, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(359) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2012/11/29 15:24:12.583839, 1] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 199.58.52.25 read error = NT_STATUS_CONNECTION_RESET. [2012/11/29 15:24:12.584072, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) However, I can successfully return login information with winbind: # wbinfo -i kevin_elliott kevin_elliott:*:24949:10513::/home/CBJ_NT/kevin_elliott:/bin/false 'getent passwd' will only return the local users from /etc/passwd. And the relevant section of smb.conf: [global] workgroup = CBJ_NT realm = CBJ.LOCAL netbios aliases = CITY-LIZA-L90, CITY-LIZA server string = External FTP Server interfaces = 192.0.2.87/32, lo bind interfaces only = Yes security = ADS obey pam restrictions = Yes password server = 192.0.2.25, 192.0.2.50 passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . client NTLMv2 auth = Yes log level = 3 log file = /var/log/samba/log.%m max log size = 2500 printcap name = cups os level = 5 local master = No domain master = No wins server = 192.0.2.25 ldap ssl = no panic action = /usr/share/samba/panic-action %d winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config LIBRARY:range = 65535-7 idmap config LIBRARY:base_rid = 0 idmap config LIBRARY:backend = rid idmap config * : range = 1-65533 idmap config * : base_rid = 0 idmap config * : backend = rid admin users = @CBJ_NT+admin veto files = /.*/ [ftp] comment = FTP directory path = /var/ftp/pub/ valid users = @CBJ_NT+domain users read only = No create mask = 0775 directory mask = 0775 hide unreadable = Yes Any ideas? Anyone else see this? --- Kevin Elliott Network Specialist City and Borough of Juneau, MIS (907) 586 - 0905 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User is invalid on this system
Dale, I was afraid of that. We we're forced to upgrade from 3.5.x because of a reoccurring Winbind issue but I'm a bit disappointed to see that 3.6.x introduces a idmap/rid issues. I guess we just traded one for another. Do you think un-joining and then re-joining the existing system could fix this? Thanks. --- Kevin Elliott Network Specialist City and Borough of Juneau, MIS (907) 586 - 0905 -Original Message- From: Dale Schroeder [mailto:d...@briannassaladdressing.com] Sent: Friday, November 30, 2012 9:38 AM To: Kevin Elliott Cc: 'samba@lists.samba.org' Subject: Re: [Samba] User is invalid on this system Kevin, 3.6.x has had several issues with idmap rid. I was hit with this one: https://bugzilla.samba.org/show_bug.cgi?id=8676 . Searching for idmap rid issues with 3.6.x will reveal others as well. Someone indicated that rejoining the domain would fix this issue. As it so happened, I had to rebuild one of the servers. After joining the rebuilt system to the domain, it has worked flawlessly ever since. So, it appears the problem with rid and some of the other idmap backends is somehow related to upgrading, as newly joined systems work as expected. Dale On 11/29/2012 6:51 PM, Kevin Elliott wrote: Hello all. We are running Samba 3.6.6 on a Debian 6.0.6 server. We made the upgrade from 3.6.5 to 3.6.5 about a week ago and ever since we have lost the ability to map Samba shares from our Windows XP SP3 and Windows 7 clients: Here's an example from my workstation (logging verbosity set at 10): [2012/11/29 15:23:58.120087, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 2517) conn 0x0 [2012/11/29 15:23:58.120212, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/11/29 15:23:58.120258, 2] smbd/sesssetup.c:1279(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/11/29 15:23:58.120353, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/11/29 15:23:58.120409, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/11/29 15:23:58.120498, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1680 [2012/11/29 15:23:58.124198, 3] libads/authdata.c:332(decode_pac_data) Found account name from PAC: kevin_elliott [Kevin Elliott] [2012/11/29 15:23:58.124309, 3] auth/user_krb5.c:50(get_user_from_kerberos_info) Kerberos ticket principal name is [kevin_elliott@CBJ.LOCAL] [2012/11/29 15:23:58.124710, 1] auth/user_krb5.c:162(get_user_from_kerberos_info) Username CBJ_NT+kevin_elliott is invalid on this system [2012/11/29 15:23:58.124780, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(359) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2012/11/29 15:24:12.583839, 1] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 199.58.52.25 read error = NT_STATUS_CONNECTION_RESET. [2012/11/29 15:24:12.584072, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) However, I can successfully return login information with winbind: # wbinfo -i kevin_elliott kevin_elliott:*:24949:10513::/home/CBJ_NT/kevin_elliott:/bin/false 'getent passwd' will only return the local users from /etc/passwd. And the relevant section of smb.conf: [global] workgroup = CBJ_NT realm = CBJ.LOCAL netbios aliases = CITY-LIZA-L90, CITY-LIZA server string = External FTP Server interfaces = 192.0.2.87/32, lo bind interfaces only = Yes security = ADS obey pam restrictions = Yes password server = 192.0.2.25, 192.0.2.50 passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . client NTLMv2 auth = Yes log level = 3 log file = /var/log/samba/log.%m max log size = 2500 printcap name = cups os level = 5 local master = No domain master = No wins server = 192.0.2.25 ldap ssl = no panic action = /usr/share/samba/panic-action %d winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config LIBRARY:range = 65535-7 idmap config LIBRARY:base_rid = 0 idmap config LIBRARY:backend = rid idmap config * : range = 1-65533 idmap config * : base_rid = 0 idmap config * : backend = rid admin users = @CBJ_NT+admin veto files = /.*/ [ftp] comment = FTP directory path = /var/ftp/pub/ valid users = @CBJ_NT+domain users read only = No
Re: [Samba] User is invalid on this system
With what I've read and what I've seen with the rebuilds, there's a good chance the rejoin could fix your problem. That being said, there are no guarantees with winbind. It's the part of the Samba suite that has given me the most problems over the years, breaking existing configs almost every time its internal workings are changed. I wish you good luck! Dale On 11/30/2012 12:57 PM, Kevin Elliott wrote: Dale, I was afraid of that. We we're forced to upgrade from 3.5.x because of a reoccurring Winbind issue but I'm a bit disappointed to see that 3.6.x introduces a idmap/rid issues. I guess we just traded one for another. Do you think un-joining and then re-joining the existing system could fix this? Thanks. --- Kevin Elliott Network Specialist City and Borough of Juneau, MIS (907) 586 - 0905 -Original Message- From: Dale Schroeder [mailto:d...@briannassaladdressing.com] Sent: Friday, November 30, 2012 9:38 AM To: Kevin Elliott Cc: 'samba@lists.samba.org' Subject: Re: [Samba] User is invalid on this system Kevin, 3.6.x has had several issues with idmap rid. I was hit with this one: https://bugzilla.samba.org/show_bug.cgi?id=8676 . Searching for idmap rid issues with 3.6.x will reveal others as well. Someone indicated that rejoining the domain would fix this issue. As it so happened, I had to rebuild one of the servers. After joining the rebuilt system to the domain, it has worked flawlessly ever since. So, it appears the problem with rid and some of the other idmap backends is somehow related to upgrading, as newly joined systems work as expected. Dale On 11/29/2012 6:51 PM, Kevin Elliott wrote: Hello all. We are running Samba 3.6.6 on a Debian 6.0.6 server. We made the upgrade from 3.6.5 to 3.6.5 about a week ago and ever since we have lost the ability to map Samba shares from our Windows XP SP3 and Windows 7 clients: Here's an example from my workstation (logging verbosity set at 10): [2012/11/29 15:23:58.120087, 3] smbd/process.c:1467(switch_message) switch message SMBsesssetupX (pid 2517) conn 0x0 [2012/11/29 15:23:58.120212, 3] smbd/sesssetup.c:1333(reply_sesssetup_and_X) wct=12 flg2=0xc807 [2012/11/29 15:23:58.120258, 2] smbd/sesssetup.c:1279(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2012/11/29 15:23:58.120353, 3] smbd/sesssetup.c:1065(reply_sesssetup_and_X_spnego) Doing spnego session setup [2012/11/29 15:23:58.120409, 3] smbd/sesssetup.c:1107(reply_sesssetup_and_X_spnego) NativeOS=[] NativeLanMan=[] PrimaryDomain=[] [2012/11/29 15:23:58.120498, 3] smbd/sesssetup.c:660(reply_spnego_negotiate) reply_spnego_negotiate: Got secblob of size 1680 [2012/11/29 15:23:58.124198, 3] libads/authdata.c:332(decode_pac_data) Found account name from PAC: kevin_elliott [Kevin Elliott] [2012/11/29 15:23:58.124309, 3] auth/user_krb5.c:50(get_user_from_kerberos_info) Kerberos ticket principal name is [kevin_elliott@CBJ.LOCAL] [2012/11/29 15:23:58.124710, 1] auth/user_krb5.c:162(get_user_from_kerberos_info) Username CBJ_NT+kevin_elliott is invalid on this system [2012/11/29 15:23:58.124780, 3] smbd/error.c:81(error_packet_set) error packet at smbd/sesssetup.c(359) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2012/11/29 15:24:12.583839, 1] smbd/process.c:457(receive_smb_talloc) receive_smb_raw_talloc failed for client 199.58.52.25 read error = NT_STATUS_CONNECTION_RESET. [2012/11/29 15:24:12.584072, 3] smbd/server_exit.c:181(exit_server_common) Server exit (failed to receive smb request) However, I can successfully return login information with winbind: # wbinfo -i kevin_elliott kevin_elliott:*:24949:10513::/home/CBJ_NT/kevin_elliott:/bin/false 'getent passwd' will only return the local users from /etc/passwd. And the relevant section of smb.conf: [global] workgroup = CBJ_NT realm = CBJ.LOCAL netbios aliases = CITY-LIZA-L90, CITY-LIZA server string = External FTP Server interfaces = 192.0.2.87/32, lo bind interfaces only = Yes security = ADS obey pam restrictions = Yes password server = 192.0.2.25, 192.0.2.50 passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . client NTLMv2 auth = Yes log level = 3 log file = /var/log/samba/log.%m max log size = 2500 printcap name = cups os level = 5 local master = No domain master = No wins server = 192.0.2.25 ldap ssl = no panic action = /usr/share/samba/panic-action %d winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes idmap config LIBRARY:range = 65535-7 idmap config LIBRARY:base_rid =
Re: [Samba] Samba file server using ldap backend without AD or PDC?
So when you run pdbedit -Lv for a user, is the Unix user name is an account in ldap? If that is the case, then you probably just want to have a script that runs that runs thru a list of user names and they runs ldapmodify to add the appropriate samba attributes.In theory you can use pdbedit to export the data, then change the backend, then import it back. I found that didn't quite work. I had originally used nis backend for unix accounts and TBD backend for samba. I moved from NIS to LDAP for unix accounts. Then when I added a BDC I moved the samba data into ldap.I had used smbpasswd to dump the data to a text file, then wrote a perl script to parse the file into user name, samba SID, and samba password and then rewrite it into an ldapmodify ldif file. I used this file to update the existing LDAP accounts. You MAYBE can use smbpasswd or pdbedit to create the samba accounts in LDAP but I suspect that either it won't preserve the existing password OR it may refuse to create the account. On 11/30/12 12:38, Brian Gold wrote: On 2012-11-30 11:15 am, Gaiseric Vandal wrote: No, you wouldn't sync passwords to TDB. Does your LDAP entry for each user currently have a SambaSID value? Also, when you type pdbedit -Lv someuser you should see the unix account for the user. The unix account is either explicitly created (e.g. in /etc/passwd or ldap or nis) or dynamically created by winbind. No, currently our users do not have SambaSID values in ldap. # pdbedit -Lv someuser Unix username:someuser NT username: someuser Account Flags:[U ] User SID: S-1-5-21-x Primary Group SID:S-1-5-21-xxx Full Name:Some User Home Directory: \\someserver\users\someuser HomeDir Drive:X: Logon Script: logon.bat Profile Path: Domain: SOMEDOMAIN Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 0 Kickoff time: 0 Password last set:Fri, 30 Sep 2011 09:40:43 EDT Password can change: Fri, 30 Sep 2011 09:40:43 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF # Assuming you are not using winbind to allocate uid's and gid's for samba users, your LDAP user entry will eventually look something like dn: uid=someuser,ou=someou,ou=people,o=yourdomain.com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetorgperson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: Some User gidNumber: xx homeDirectory: /home/someuser sambaSID: S-1-5-21- sn: UserLastName uid: someuser uidNumber: 123 displayName: Some User gecos: Some User givenName: Some User loginShell: /bin/tcsh sambaAcctFlags: [UX ] sambaHomeDrive: X: sambaHomePath: \\someserver\users\someuser sambaLogonScript: logon.bat sambaNTPassword: sambaPasswordHistory: 00 00 sambaPwdLastSet: 1291843237 st: xx street: x telephoneNumber: x userPassword:: Although the login script and network home directory probably not relevant in a non-DC setup. We are not using winbind at all currently. Here is a sample user's ldap data: dn: uid=tstaff,ou=people,dc=simons-rock,dc=edu uid: tstaff sn: Staff uinSR: tstaff-false givenName: Test genderSR: m loginShell: /bin/false cn: Test Staff gecos: Test Staff mailSR: test...@simons-rock.edu homeDirectory: /home/testaff objectClass: person objectClass: top objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: personSR objectClass: extensibleObject objectClass: posixAccount objectClass: shadowAccount shadowLastChange: 11551 shadowWarning: 7 gidNumber: 100 shadowMax: 9 uidNumber: 7391 mail: test...@simons-rock.edu groupSR: staff groupSR: hidden employeeNumber: 991991991 sambaNTPassword: REDACTED sambaPwdLastSet: 1354296936 userPassword:: REDACTED -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba file server using ldap backend without AD or PDC?
On 2012-11-30 4:01 pm, Gaiseric Vandal wrote: So when you run pdbedit -Lv for a user, is the Unix user name is an account in ldap? If that is the case, then you probably just want to have a script that runs that runs thru a list of user names and they runs ldapmodify to add the appropriate samba attributes.In theory you can use pdbedit to export the data, then change the backend, then import it back. I found that didn't quite work. I had originally used nis backend for unix accounts and TBD backend for samba. I moved from NIS to LDAP for unix accounts. Then when I added a BDC I moved the samba data into ldap.I had used smbpasswd to dump the data to a text file, then wrote a perl script to parse the file into user name, samba SID, and samba password and then rewrite it into an ldapmodify ldif file. I used this file to update the existing LDAP accounts. You MAYBE can use smbpasswd or pdbedit to create the samba accounts in LDAP but I suspect that either it won't preserve the existing password OR it may refuse to create the account. Here is the output for that same user when I do a pdbedit. The unix username is being pulled from ldap. pdbedit -Lv testaff Unix username:testaff NT username: Account Flags:[U ] User SID: S-1-5-21-2531268310-2106678637-3833209162-15782 Primary Group SID:S-1-5-21-2531268310-2106678637-3833209162-513 Full Name:Test Staff Home Directory: \\elephant\testaff HomeDir Drive: Logon Script: Profile Path: \\elephant\testaff\profile Domain: ELEPHANT Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Fri, 27 Jun 2008 16:50:45 EDT Password can change: Fri, 27 Jun 2008 16:50:45 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF Worth a try I guess. As it is, I'm planning on totally scrapping this existing samba file server when we move to using ldap passwords. The only things that need to carry over are the files on the file server itself. I'm totally fine with not using any of the data that is in tbd currently. Is there a way to autogenerate the samba SID (since I don't necessarily need the one that is being used in my current samba file server) and whatever other samba fields might be needed for all of my existing ldap accounts? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba file server using ldap backend without AD or PDC?
On 11/30/12 16:11, Brian Gold wrote: On 2012-11-30 4:01 pm, Gaiseric Vandal wrote: So when you run pdbedit -Lv for a user, is the Unix user name is an account in ldap? If that is the case, then you probably just want to have a script that runs that runs thru a list of user names and they runs ldapmodify to add the appropriate samba attributes.In theory you can use pdbedit to export the data, then change the backend, then import it back. I found that didn't quite work. I had originally used nis backend for unix accounts and TBD backend for samba. I moved from NIS to LDAP for unix accounts. Then when I added a BDC I moved the samba data into ldap.I had used smbpasswd to dump the data to a text file, then wrote a perl script to parse the file into user name, samba SID, and samba password and then rewrite it into an ldapmodify ldif file. I used this file to update the existing LDAP accounts. You MAYBE can use smbpasswd or pdbedit to create the samba accounts in LDAP but I suspect that either it won't preserve the existing password OR it may refuse to create the account. Here is the output for that same user when I do a pdbedit. The unix username is being pulled from ldap. pdbedit -Lv testaff Unix username:testaff NT username: Account Flags:[U ] User SID: S-1-5-21-2531268310-2106678637-3833209162-15782 Primary Group SID: S-1-5-21-2531268310-2106678637-3833209162-513 Full Name:Test Staff Home Directory: \\elephant\testaff HomeDir Drive: Logon Script: Profile Path: \\elephant\testaff\profile Domain: ELEPHANT Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: never Kickoff time: never Password last set:Fri, 27 Jun 2008 16:50:45 EDT Password can change: Fri, 27 Jun 2008 16:50:45 EDT Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF Worth a try I guess. As it is, I'm planning on totally scrapping this existing samba file server when we move to using ldap passwords. The only things that need to carry over are the files on the file server itself. I'm totally fine with not using any of the data that is in tbd currently. Is there a way to autogenerate the samba SID (since I don't necessarily need the one that is being used in my current samba file server) and whatever other samba fields might be needed for all of my existing ldap accounts? If you write a script you could probably increment the SID for each entry. The pdbedit and smbpasswd commands will create all the necessary fields , including automatically creating a unique SID. But I just know if it will complain the account already exsits. I think it won't complain the account exists (since not all the necessary fields are there) BUT it will probably complain that the account could not be created.I don't think you will know til you test it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated
via d7fdb05 spoolss: fix segfault when default devmode is disabled
from 1106ca5 BUG 9436: Fix leaking sockets of SMB connections to a DC.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -
commit d7fdb05464a67ced7afb8dfdf0aa6be77cb84fd6
Author: David Disseldorp dd...@samba.org
Date: Tue Nov 27 16:10:28 2012 +0100
spoolss: fix segfault when default devmode is disabled
Currently when default devmode is explicitly disabled, and a printer
is added with a null device mode, spoolssd crashes in copy_devicemode().
Both construct_printer_info2() and construct_printer_info8() code paths
currently unconditionally attempt to copy a printers device mode,
without checking whether one is present.
This change fixes this regression such that construct_printer_info*()
functions check for a null device mode before copying.
https://bugzilla.samba.org/show_bug.cgi?id=9433
Reviewed-by: Andreas Schneider a...@samba.org
---
Summary of changes:
source3/rpc_server/spoolss/srv_spoolss_nt.c | 52 +-
1 files changed, 34 insertions(+), 18 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c
b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index 8868a98..b5949e4 100644
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -1942,24 +1942,12 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
* save it here in case we get a job submission on this handle
*/
-if ((Printer-printer_type != SPLHND_SERVER)
-r-in.devmode_ctr.devmode) {
+if ((Printer-printer_type != SPLHND_SERVER)
+ (r-in.devmode_ctr.devmode != NULL)) {
copy_devicemode(NULL, r-in.devmode_ctr.devmode,
Printer-devmode);
}
-#if 0 /* JERRY -- I'm doubtful this is really effective */
- /* HACK ALERT!!! Sleep for 1/3 of a second to try trigger a LAN/WAN
- optimization in Windows 2000 clients --jerry */
-
- if ( (r-in.access_mask == PRINTER_ACCESS_ADMINISTER)
-(RA_WIN2K == get_remote_arch()) )
- {
- DEBUG(10,(_spoolss_OpenPrinterEx: Enabling LAN/WAN hack for
Win2k clients.\n));
- sys_usleep( 50 );
- }
-#endif
-
return WERR_OK;
}
@@ -4037,8 +4025,22 @@ static WERROR construct_printer_info2(TALLOC_CTX
*mem_ctx,
r-cjobs= count;
r-averageppm = info2-averageppm;
- copy_devicemode(mem_ctx, info2-devmode, r-devmode);
- if (!r-devmode) {
+ if (info2-devmode != NULL) {
+ result = copy_devicemode(mem_ctx,
+info2-devmode,
+r-devmode);
+ if (!W_ERROR_IS_OK(result)) {
+ return result;
+ }
+ } else if (lp_default_devmode(snum)) {
+ result = spoolss_create_default_devmode(mem_ctx,
+ info2-printername,
+ r-devmode);
+ if (!W_ERROR_IS_OK(result)) {
+ return result;
+ }
+ } else {
+ r-devmode = NULL;
DEBUG(8,(Returning NULL Devicemode!\n));
}
@@ -4218,8 +4220,22 @@ static WERROR construct_printer_info8(TALLOC_CTX
*mem_ctx,
return result;
}
- copy_devicemode(mem_ctx, info2-devmode, r-devmode);
- if (!r-devmode) {
+ if (info2-devmode != NULL) {
+ result = copy_devicemode(mem_ctx,
+info2-devmode,
+r-devmode);
+ if (!W_ERROR_IS_OK(result)) {
+ return result;
+ }
+ } else if (lp_default_devmode(snum)) {
+ result = spoolss_create_default_devmode(mem_ctx,
+ info2-printername,
+ r-devmode);
+ if (!W_ERROR_IS_OK(result)) {
+ return result;
+ }
+ } else {
+ r-devmode = NULL;
DEBUG(8,(Returning NULL Devicemode!\n));
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag ldb-1.1.14 created
The annotated tag, ldb-1.1.14 has been created at ae3f7139cf13ee222beeb7468977e5c8d2484f28 (tag) tagging 6f47497610352f72128bdbcd3b45313ea9a265ab (commit) replaces ldb-1.1.13 tagged by Stefan Metzmacher on Fri Nov 30 09:50:10 2012 +0100 - Log - ldb: tag release ldb-1.1.14 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAABAgAGBQJQuHNCAAoJEEeTkWETCEAlj4sH/RkMg/tO7q7u25comSE21hRr YuTxqEGpZ5v0DEW0pi10necOWKdzRsnd1aTHj7VMhYhupxb6uKUi0uZ8BpJ+snzf jJyneDDWm9yUhQsbF2lyBEqjix/F/L6jxE7QDe6XOotJhF/uNIfT52ireFfqfT9J GQHwO1nnnkgnP2C/geWlht1MEuf6WJISPNju5Xtu+58TzdAFu6eImaUhwsp4pSL2 6BU+wueWpYbe6JSQr67CMpg71gDGK3C1kw4p3p5Nj9yXjw1vxn/irLPXWEqL3m3k u5+9DbVIQWCK2rVdI8w07n9AMfd8wzFAxsXT6oo4+ryOED4EEYwZLO2+azksgDQ= =Hlq3 -END PGP SIGNATURE- Alexander Bokovoy (1): Fix release script to build full set of documentation Alexander Wuerstlein (3): Set RFC2307 attributes in samba-tool create Tests for 'samba-tool user create' with RFC2307 attributes Warn when setting UID/GID without idmap_ldb:use rfc2307 = Yes Amitay Isaacs (3): s4-dns: dlz_bind9: Ignore zones that are not used by BIND9 DLZ plugin s4-rpc: dnsserver: Ignore DNS zones that are not used by RPC dnsserver s4-dns: Fix format string vulnerability in an error message (bug #9354) Andreas Schneider (24): s3-printing: Increase debug level for info that the db is empty. s3-smbd: Don't segfault if user specified ports out for range. s3-spoolss: Fix builtin forms order to match Windows again. s3fs-smbd: Move housekeeping to the background process. waf: Build pam_smbpass module only if enabled. s3fs-smbd: Make sure the registry is set up before we init printing. s3fs-printing: Fix RAW printing for normal users. packaging: Add config for systemd-tmpfiles. packaging: Add support for reloading systemd services. s3fs-printing: Simplify the comment and location handling. BUG #9295: Build standard auth modules as internal modules. wafsamba: If we define a realname and a soname create a symlink. waf: Create a libnss_winbind.so symlink. waf: Create a libnss_wins.so symlink. ntlm_auth: Increase debug level if we use config domain name. packaging: Move smbprint to a comman location. BUG 9326: Fix net ads join message for the dns domain. packaging: Add NetworkManager dispatcher script for winbind. s3fs-net: Use talloc for memory allocation. s3fs-utils: Free the popt context in smbcacls and smbquotas. s3fs-popt: Add function to burn the commandline password. s3fs-client: Burn commandline password of client utils. torture: Fix smb2.create.blob test. s3:winbind: BUG 9386: Failover if netlogon pipe is not available. Andrew Bartlett (128): libwbclient: bump ABI to 0.11 as wbcAuthenticateUserEx now provides PAC parsing auth/kerberos: add HAVE_KRB5 guard to fix non-krb5 build after winbindd pac changes build: Try not build with LDAP if we do not have ldap.h build: Fix enabled handling for HAVE_LDAP, we need to use bld.CONFIG_SET ntdb: Try to fix the build on Solaris which does not have err lib/replace: Try to fix build on HP-UX for os2_delete test build: Remove unused IRIX and IRIX6 defines lib/util: Remove unbuilt file util_getent.c and BROKEN_GETGRNAM build: Rework waf STAT_ST_BLOCKSIZE to match autoconf, with 512 as the default build: Make waf configure match autoconf for HPUX ACLs lib/replace: Remove unused nap and therefore the SCO define build: Remove unused define UNIXWARE lib/replace: Improve mkstemp test in autoconf and waf lib/replace: Look for special flags needed for c99 build: Add missing dep on tdb_compat torture: tidy up rpc.lsa OpenPolicy2 test to more clearly use torture_fail() torture: use torture_assert rather than return false in rpc.lsa torture: More torture_assert() calls in rpc.lsa build: Fix detection of quotas on macos client: Fix talloc_stackframe() free order assertion in developer mode docs: Update TOSHARG-Install docs: Remove references to default paramters in TOSHARG-PDC docs: Explain the no-domain-logons restriction applies to all HOME editions docs: Add mention of AD DC support in TOSHARG-PDC docs: Remove Win9X/WinMe mentions from TOSHARG-PDC docs: Fix typo in TOSHARG-Passdb docs: Remove mention of auth methods in TOSHARG-Passdb docs: Change TOSHARG-VFS to avoid suggesting VFS modules are Linux/IRIX only lib/util/charset: Try to find iconv on HP-UX lib/util/charset: We do not use fucntions from wchar.h any more selftest: Remove invalid security=share and rename secshare to simpleserver samba_dnsupdate: Move to using tmpfile/rename to keep the dns_hosts_file
[SCM] Samba Shared Repository - annotated tag talloc-2.0.8 created
The annotated tag, talloc-2.0.8 has been created at 055edd4901a0cfe837b0a5e39fd6ad0ea2190b40 (tag) tagging 36ea39edf8dd9ede756debaf9632f3ded2a51abb (commit) replaces ldb-1.1.13 tagged by Stefan Metzmacher on Fri Nov 30 09:52:48 2012 +0100 - Log - talloc: tag release talloc-2.0.8 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAABAgAGBQJQuHPgAAoJEEeTkWETCEAlczAIAJLSLF2aHYivKcn/su9PuGQK LZOJEfyGpdrCiNpW5h6GWgmCYTP8Z/zVtxhAj/sH2IAafIcFFR44ppuMoNemaOg0 L9fbpLwvfsCrxkw+FR454bAcr83DL6TyDJHCv0qBGU8BFmUNBx+ltJZJwWvzfsfB 7vKl7qBKaGDQot+kJ59n4JldNbUukW5APZ6RPDpV4kKgNMzIs7gZFSRcE837Hxix +tt7sdDgG+4xsYqvViFbdvZ9FiKFbKbAEEZUUeLGU7OA6zPlXKEddEnjbpSptbvt z3Qot0J9DiUgf52JD5Au7ETnpgXYA6lEkNkWES0+2Wl2CGNzhEJW45OH4y69gIo= =4oo1 -END PGP SIGNATURE- Alexander Bokovoy (1): Fix release script to build full set of documentation Andreas Schneider (6): s3-printing: Increase debug level for info that the db is empty. s3-smbd: Don't segfault if user specified ports out for range. s3-spoolss: Fix builtin forms order to match Windows again. s3fs-smbd: Move housekeeping to the background process. waf: Build pam_smbpass module only if enabled. s3fs-smbd: Make sure the registry is set up before we init printing. Andrew Bartlett (48): libwbclient: bump ABI to 0.11 as wbcAuthenticateUserEx now provides PAC parsing auth/kerberos: add HAVE_KRB5 guard to fix non-krb5 build after winbindd pac changes build: Try not build with LDAP if we do not have ldap.h build: Fix enabled handling for HAVE_LDAP, we need to use bld.CONFIG_SET ntdb: Try to fix the build on Solaris which does not have err lib/replace: Try to fix build on HP-UX for os2_delete test build: Remove unused IRIX and IRIX6 defines lib/util: Remove unbuilt file util_getent.c and BROKEN_GETGRNAM build: Rework waf STAT_ST_BLOCKSIZE to match autoconf, with 512 as the default build: Make waf configure match autoconf for HPUX ACLs lib/replace: Remove unused nap and therefore the SCO define build: Remove unused define UNIXWARE lib/replace: Improve mkstemp test in autoconf and waf lib/replace: Look for special flags needed for c99 build: Add missing dep on tdb_compat torture: tidy up rpc.lsa OpenPolicy2 test to more clearly use torture_fail() torture: use torture_assert rather than return false in rpc.lsa torture: More torture_assert() calls in rpc.lsa build: Fix detection of quotas on macos client: Fix talloc_stackframe() free order assertion in developer mode docs: Update TOSHARG-Install docs: Remove references to default paramters in TOSHARG-PDC docs: Explain the no-domain-logons restriction applies to all HOME editions docs: Add mention of AD DC support in TOSHARG-PDC docs: Remove Win9X/WinMe mentions from TOSHARG-PDC docs: Fix typo in TOSHARG-Passdb docs: Remove mention of auth methods in TOSHARG-Passdb docs: Change TOSHARG-VFS to avoid suggesting VFS modules are Linux/IRIX only lib/util/charset: Try to find iconv on HP-UX lib/util/charset: We do not use fucntions from wchar.h any more selftest: Remove invalid security=share and rename secshare to simpleserver samba_dnsupdate: Move to using tmpfile/rename to keep the dns_hosts_file consistent samba_dnsupdate: Safely update/create names for Samba3 targets as well build: Add waf configure support for non-linux quotas build: Remove unused samba_cv_sysquotas_file variable from autoconf configure build: Set HAVE_SYS_QUOTAS and WITH_QUOTAS if we have any supported sysquota backend build: Remove unused --with-sys-quotas option nsswitch: Add waf tests for solaris special cases lib/replace: Add test for what flag we need for -Werror behaviour build: Fix quota tests, including move of sysquotas.c to the top level build: Remove duplicate check for struct getquota_rslt member getquota_rslt_u selftest: use an array when starting testenv with system() selftest: Always build a linux-style nss_winbind for nss_wrapper nsswitch: Build nss_winbind on all supported platforms wintest: bump version to 4.1 wintest: Add config file for a second host wintest: Give netdom join more time to complete wintest: Give dcpromo more time Björn Baumbach (5): s3: make recursive_rmdir function non-static s3: vfs_streams_depot: add delete_lost option s4: samba_backup: Fix typos. s3-docs: Fix opening and ending tag mismatch in Samba3-HOWTO (Bug #9235) s3-docs: add delete_lost option to vfs_streams_depot.8 Björn Jacke (2): quota: add supprt for gfs2 replace: fix 520c9b0b0ae33 Christian Ambach (12): s3:utils/net fix a compiler warning s3:rpcclient fix a compiler
[SCM] Samba Shared Repository - annotated tag tdb-1.2.11 created
The annotated tag, tdb-1.2.11 has been created at 259e276dc908ff053142cb9feab0ef2a962bffd1 (tag) tagging c62f8baff878001ead921112dd653ff69d1cfe7d (commit) replaces talloc-2.0.8 tagged by Stefan Metzmacher on Fri Nov 30 09:54:21 2012 +0100 - Log - tdb: tag release tdb-1.2.11 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAABAgAGBQJQuHQ9AAoJEEeTkWETCEAlsN8H/33Gt7Bb5uyjvslBICrWgwTV 8p89Paa21FXVYVmiR1lJhnu7RIi2mYD4LhVimgpT88WSUzCVkuXRXGYMXI9Po0JR VJd0tXfaUOq78sE7ApewsDy1ls4OGGc6jhwz2r8OUtQqdjZ/BoSbXnBBDUa5aFVX H5FofP36J10xL+z4hBsSIz/AqiIfIOATAAIa+qlizoVbSLUqnKGKIwsihIrG6Q3Z /AXiMc7HVsSkqdXdnTFtRj5te00XCyrdoXqspf0wYMzN/DFXU2PclHVaDHQPwTrf I9vGGbBd6RW7rHrD6qzUYvNkn2gtbTpKOPeWRv+hThKF+s5GCGWcSHzgvW+Pr+I= =KMWW -END PGP SIGNATURE- Jeremy Allison (3): Simplify ensure_canon_entry_valid by splitting out the _get codepath. Modify ensure_canon_entry_valid() into ensure_canon_entry_valid_on_set() - makes the logic clearer. We should never just assign an st_mode to an ace-perms field, theoretically Rusty Russell (1): tdb: Make robust against shrinking tdbs Volker Lendecke (1): tdb: Make tdb robust against improper CLEAR_IF_FIRST restart --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 121157a WHATSNEW: Update changes since RC5. via 61afd00 docs: man oLschema2ldif: Add missing meta data. via 68eff14 docs: man ntlm_auth4: Add missing meta data. via 91c2674 docs: man smbtorture: Add missing meta data. via fb6d779 docs: man masktest: Add missing meta data. via 5a99e29 docs: man locktest: Add missing meta data. via b1505ca docs: man gentest: Add missing meta data. via 1bc9abe docs: man 8 samba: Add missing meta data. via e7df1cc docs: man regtree: Add missing meta data. via 52d7901 docs: man regshell: Add missing meta data. via f540628 docs: man regpatch: Add missing meta data. via 6d03994 docs: man regdiff: Add missing meta data. via 71e6ce4 docs: man ndrdump: Add missing meta data. via b0e45aa docs: man tdbtool: Add missing meta data. via 63e77b0 docs: man talloc: Add missing meta data. via 109deeb docs: man ldbsearch: Add missing meta data. via d650a14 docs: man ldbrename: Add missing meta data. via 60c8dfc docs: man ldbmodify: Add missing meta data. via bb2c41e docs: man ldbedit: Add missing meta data. via fa4051a docs: man ldbdel: Add missing meta data. via 09e3bd9 docs: man ldbadd: Add missing meta data. via 4fbde8f docs: man ldb.3: Add missing meta data. via 5a5894c spoolss: fix segfault when default devmode is disabled from 0fa3d75 WHATSNEW: Update changes since RC5. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 121157ac12db410f3283bc1cd4269328704002fa Author: Karolin Seeger ksee...@samba.org Date: Fri Nov 30 09:19:46 2012 +0100 WHATSNEW: Update changes since RC5. Karolin Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Fri Nov 30 10:58:48 CET 2012 on sn-devel-104 commit 61afd00904f1af9b08de00eba2c0e9ca184a685d Author: Karolin Seeger ksee...@samba.org Date: Thu Nov 29 10:15:49 2012 +0100 docs: man oLschema2ldif: Add missing meta data. This avoids warnings during the waf build and removes FIXME entries from the manpage. Karolin Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Thu Nov 29 15:27:45 CET 2012 on sn-devel-104 (cherry picked from commit 26a0ee5a0d915961067050564197a3d44b22d1e3) The last 21 commits fix bug #9437 - Warnings when building manpages with waf. commit 68eff142d055e7d9d38224dcac37eefdc23085ff Author: Karolin Seeger ksee...@samba.org Date: Thu Nov 29 10:15:07 2012 +0100 docs: man ntlm_auth4: Add missing meta data. This avoids warnings during the waf build and removes FIXME entries from the manpage. Karolin Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit e9e9661b23cf8b9da48284bda4e41cd6d98a2050) commit 91c2674a588d0ac923538bdef3069f51d152c4d5 Author: Karolin Seeger ksee...@samba.org Date: Thu Nov 29 10:14:15 2012 +0100 docs: man smbtorture: Add missing meta data. This avoids warnings during the waf build and removes FIXME entries from the manpage. Karolin Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit 6ba7a6686c1e535343aad7748a2338b1bc4a3a6f) commit fb6d779433634fd4a5d0f925959e9d0720297212 Author: Karolin Seeger ksee...@samba.org Date: Thu Nov 29 10:09:07 2012 +0100 docs: man masktest: Add missing meta data. This avoids warnings during the waf build and removes FIXME entries from the manpage. Karolin Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit 122cc5b0230c0f99263ea1f156a34bbcf8b7664d) commit 5a99e296315c371a20e9d9530bfee8fc1127eb2d Author: Karolin Seeger ksee...@samba.org Date: Thu Nov 29 10:04:43 2012 +0100 docs: man locktest: Add missing meta data. This avoids warnings during the waf build and removes FIXME entries from the manpage. Karolin Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit cb501f99d26b638c6bf3ae431a2c31febd54c4f6) commit b1505cabba32ba146e4d124a334cfe5ce483c273 Author: Karolin Seeger ksee...@samba.org Date: Thu Nov 29 10:04:26 2012 +0100 docs: man gentest: Add missing meta data. This avoids warnings during the waf build and removes FIXME entries from the manpage. Karolin Reviewed-by: Andreas Schneider a...@samba.org (cherry picked from commit bd3ad42d07971496b6fd800b752eb0a1b07568e2) commit 1bc9abeb96fe54f30010d2d759aad8f826ccd567 Author: Karolin Seeger ksee...@samba.org Date: Thu Nov 29 10:03:52 2012 +0100 docs: man 8 samba: Add missing meta data. This avoids warnings during
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 234f936 s3:popt_common: Fix password processing. via 3101fccc s3:util: fix usage of popt_burn_cmdline_password() via 4a73adf s3-winbind: use new reconnect logic in rpc_lookup_sids() also. via 7a49c96 s3-winbindd: rework reconnect logic in winbindd_lookup_names(). via cd51774 s3-winbindd: rework reconnect logic in winbindd_lookup_sids(). via 82ace10 s3-winbindd: remove lookup_sids_fn_t. via d924381 s3-winbindd: remove lookup_names_fn_t. via 3c486df s3-rpc_client: make dcerpc_lsa_lookup_names_generic() public. via 2d38154 s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() public. via 7bd9a3b s3-winbindd: add cm_connect_lsat(). via 457c933 s3-rpc_cli: Remove some unused wrapping code. from d5693d9 Fix Bug 9422 - large read requests cause server to issue malformed reply http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 234f9365b93b267f5a42dcc75512f08ccfb840c8 Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 30 12:07:39 2012 +0100 s3:popt_common: Fix password processing. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Fri Nov 30 14:01:08 CET 2012 on sn-devel-104 commit 3101fcccff3ef847a123b10b2b99611e52504414 Author: Stefan Metzmacher me...@samba.org Date: Fri Nov 30 09:31:34 2012 +0100 s3:util: fix usage of popt_burn_cmdline_password() We should only call popt_burn_cmdline_password() after poptFreeContext(), otherwise we remove the password to early. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit 4a73adf6e53fb810056a80a87c72b1370323c583 Author: Günther Deschner g...@samba.org Date: Thu Nov 29 14:31:19 2012 +0100 s3-winbind: use new reconnect logic in rpc_lookup_sids() also. Volker, please check. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit 7a49c966930ad79e954be582816c45e251d477f8 Author: Günther Deschner g...@samba.org Date: Thu Nov 29 12:03:53 2012 +0100 s3-winbindd: rework reconnect logic in winbindd_lookup_names(). Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit cd517743166c55f3a9eb8b5232e9de061b9c8307 Author: Günther Deschner g...@samba.org Date: Thu Nov 29 12:03:16 2012 +0100 s3-winbindd: rework reconnect logic in winbindd_lookup_sids(). Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit 82ace10492c7f71294ece4814817015cb0786bc1 Author: Günther Deschner g...@samba.org Date: Wed Nov 28 20:41:21 2012 +0100 s3-winbindd: remove lookup_sids_fn_t. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit d9243815b484456dc79e99bc8062179fe96b2ecb Author: Günther Deschner g...@samba.org Date: Wed Nov 28 17:03:40 2012 +0100 s3-winbindd: remove lookup_names_fn_t. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit 3c486dfee47d4d232f88bce05c0b583ed8c6a63b Author: Günther Deschner g...@samba.org Date: Wed Nov 28 17:00:49 2012 +0100 s3-rpc_client: make dcerpc_lsa_lookup_names_generic() public. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit 2d38154f91d8cc7bf1269bdc134d161c438eac92 Author: Günther Deschner g...@samba.org Date: Wed Nov 28 16:57:57 2012 +0100 s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() public. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit 7bd9a3b86f4622369f3be57904a022202d934fec Author: Günther Deschner g...@samba.org Date: Wed Nov 28 16:57:24 2012 +0100 s3-winbindd: add cm_connect_lsat(). Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Andreas Schneider a...@samba.org commit 457c933ff04e8ffc11ad1b94bbd9d28c48109066 Author: Günther Deschner g...@samba.org Date: Wed Nov 28 14:53:27 2012 +0100 s3-rpc_cli: Remove some unused wrapping code. Guenther Signed-off-by: Günther Deschner g...@samba.org Reviewed-by: Andreas Schneider a...@samba.org --- Summary of changes: source3/lib/popt_common.c | 13 + source3/rpc_client/cli_lsarpc.c | 101 +++- source3/rpc_client/cli_lsarpc.h | 39 +++--
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 8f3f38e ldb: fix a typo in the comment for ldb_req_is_untrusted()
via 06e1fca libnet: Fix a typo in dbsync error message.
via 7a42936 libnet: Fix copy and paste error in dbsync error message.
via f3d5d14 torture: Fix copy and paste error in debug message.
via 1b170c2 torture: Fix copy and paste error.
via aa7f406 s3-reg: Fix copy and paste error in debug message.
from 234f936 s3:popt_common: Fix password processing.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 8f3f38ece4981d0047024019c6fc8dfde3fffed0
Author: Michael Adam ob...@samba.org
Date: Wed Nov 28 21:55:47 2012 +0100
ldb: fix a typo in the comment for ldb_req_is_untrusted()
Signed-off-by: Michael Adam ob...@samba.org
Autobuild-User(master): Volker Lendecke v...@samba.org
Autobuild-Date(master): Fri Nov 30 15:44:46 CET 2012 on sn-devel-104
commit 06e1fca044718ed2d61ef9fe394845514dd5a652
Author: Michael Adam ob...@samba.org
Date: Fri Nov 30 12:31:55 2012 +0100
libnet: Fix a typo in dbsync error message.
Signed-off-by: Michael Adam ob...@samba.org
commit 7a429367a99fe4d77c8347f21e7b3247281191eb
Author: Andreas Schneider a...@samba.org
Date: Fri Nov 30 11:01:47 2012 +0100
libnet: Fix copy and paste error in dbsync error message.
commit f3d5d14906e588d44fa255fb9206b825215946ec
Author: Andreas Schneider a...@samba.org
Date: Fri Nov 30 10:59:06 2012 +0100
torture: Fix copy and paste error in debug message.
Found by Coverity.
commit 1b170c29bc9239e2077e70c929e7426f5b19104d
Author: Andreas Schneider a...@samba.org
Date: Fri Nov 30 10:57:39 2012 +0100
torture: Fix copy and paste error.
Found by Coverity.
commit aa7f4063177118b8dd37b30f40c5543fdd5f5ec0
Author: Andreas Schneider a...@samba.org
Date: Fri Nov 30 10:53:55 2012 +0100
s3-reg: Fix copy and paste error in debug message.
Found by coverity.
---
Summary of changes:
lib/ldb/common/ldb.c |2 +-
source3/registry/regfio.c|4 ++--
source4/libnet/libnet_samsync.c |2 +-
source4/torture/rpc/drsuapi_cracknames.c |2 +-
source4/torture/smb2/ioctl.c |2 +-
5 files changed, 6 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/ldb/common/ldb.c b/lib/ldb/common/ldb.c
index 49eccb9..7a997f7 100644
--- a/lib/ldb/common/ldb.c
+++ b/lib/ldb/common/ldb.c
@@ -1980,7 +1980,7 @@ uint32_t ldb_req_get_custom_flags(struct ldb_request *req)
/**
- return true is a request is untrusted
+ * return true if a request is untrusted
*/
bool ldb_req_is_untrusted(struct ldb_request *req)
{
diff --git a/source3/registry/regfio.c b/source3/registry/regfio.c
index bde1863..fe80094 100644
--- a/source3/registry/regfio.c
+++ b/source3/registry/regfio.c
@@ -1067,8 +1067,8 @@ static bool hbin_prs_key( REGF_FILE *file, REGF_HBIN
*hbin, REGF_NK_REC *nk )
if ( !hbin_contains_offset( hbin, nk-sk_off ) ) {
sub_hbin = lookup_hbin_block( file, nk-sk_off );
if ( !sub_hbin ) {
- DEBUG(0,(hbin_prs_key: Failed to find HBIN
block containing sk_offset [0x%x]\n,
- nk-subkeys_off));
+ DEBUG(0,(hbin_prs_key: Failed to find HBIN
block containing sk_off [0x%x]\n,
+ nk-sk_off));
return False;
}
}
diff --git a/source4/libnet/libnet_samsync.c b/source4/libnet/libnet_samsync.c
index 7c999db..9629b9f 100644
--- a/source4/libnet/libnet_samsync.c
+++ b/source4/libnet/libnet_samsync.c
@@ -270,7 +270,7 @@ NTSTATUS libnet_SamSync_netlogon(struct libnet_context
*ctx, TALLOC_CTX *mem_ctx
} while (NT_STATUS_EQUAL(dbsync_nt_status,
STATUS_MORE_ENTRIES));
if (!NT_STATUS_IS_OK(dbsync_nt_status)) {
- r-out.error_string = talloc_asprintf(mem_ctx,
libnet_SamSync_netlogon failed: unexpected inconsistancy. Should not get error
%s here, nt_errstr(nt_status));
+ r-out.error_string = talloc_asprintf(mem_ctx,
libnet_SamSync_netlogon failed: unexpected inconsistency. Should not get error
%s here, nt_errstr(dbsync_nt_status));
talloc_free(samsync_ctx);
return dbsync_nt_status;
}
diff --git a/source4/torture/rpc/drsuapi_cracknames.c
b/source4/torture/rpc/drsuapi_cracknames.c
index 80db95c..8d1ab6f 100644
--- a/source4/torture/rpc/drsuapi_cracknames.c
+++ b/source4/torture/rpc/drsuapi_cracknames.c
@@ -354,7 +354,7 @@ bool test_DsCrackNames(struct torture_context *tctx,
if
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 057c56a s4:dsdb/tests: add SdAutoInheritTests
via d317426 s4:dsdb/repl_meta_data: call
dsdb_module_schedule_sd_propagation() for replicated changes
via fb2a41d s4:dsdb/descriptor: inherit nTSecurityDescriptor changes to
children (bug #8621)
via f8c0ad6 s4:dsdb/descriptor: recalculate nTSecurityDescriptor after
a rename (bug #8621)
via dae1b0d s4:dsdb/acl_util: add dsdb_module_schedule_sd_propagation()
via d6962f4 s4:dsdb/descriptor: implement
DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID
via 2101400 s4:dsdb: define DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID
via ddea856 s4:dsdb/descriptor: handle
DSDB_CONTROL_SEC_DESC_PROPAGATION_OID
via 1be4dbc s4:dsdb/schema_data: allow
DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modify
via 7f42a8b s4:dsdb/repl_meta_data: allow
DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modify
via cb9c7ee s4:dsdb/objectclass_attrs: allow
DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modify
via 60f0e17 s4:dsdb: define DSDB_CONTROL_SEC_DESC_PROPAGATION_OID
via 7f88ad3 s4:dsdb/subtree_delete: delete from the leafs to the root
(bug #7711)
via 5dd4555 s4:dsdb/subtree_delete: do the recursive delete
AS_SYSTEM/TRUSTED (bug #7711)
via 60192fd s4:dsdb/subtree_delete: do an early return and avoid some
nesting
via ff274ba s4:dsdb/objectclass: do not pass the callers controls on
helper searches
via 5838637 s4:dsdb/acl: require SEC_ADS_DELETE_TREE if the TREE_DELETE
control is given (bug #7711)
via 60c29a5 s4:dsdb/dirsync: remove unused 'deletedattr' variable
via ffaf9bb s4:provision: add pekList and msDS-ExecuteScriptPassword to
@KLUDGEACL
via 0c2c00e s4:dsdb/common: add pekList and msDS-ExecuteScriptPassword
to DSDB_SECRET_ATTRIBUTES_EX
via b54d268 s4:dsdb/acl: also add DSDB_SECRET_ATTRIBUTES into the
password attributes
via f67f469 s4:dsdb/descriptor: the old nTSecurityDescriptor is always
expected there on modify
via 5aa7dbe s4:dsdb/descriptor: make explicit that we don't support
MOD_DELETE on nTSecurityDescriptor
via 4ef36fd s4:dsdb/descriptor: remove some nesting from
descriptor_modify
via 8d60ac1 s4:dsdb/descriptor: remove some unnecessary nesting
via 8134926 s4:dsdb/descriptor: add some error checks to
descriptor_{add,modify}
via b3486f4 s4:dsdb/descriptor: remove support for unused
LDB_CONTROL_RECALCULATE_SD_OID
via 74e3f0e s4:dsdb/descriptor: move special dn check to the start of
descriptor_{add,modify,rename}
via 4136d96 s4:samba_upgradeprovision: use the sd_flags:1:15 control
with an empty sd
via 118db4c s4:provision: add get_empty_descriptor()
via 7a3e4d0 s4:dsdb/descriptor: if the caller specifies no DACL/SACL
the objects gets a default one
via c2c715f s4:dsdb/descriptor: give SYSTEM the correct default owner
(group) sid
via 990448b s4:dsdb/acl_read: enable acl checking on search by default
(bug #8620)
via fa67676 s4:dsdb/acl_read: specify the correct access_mask for
nTSecurityDescriptor
via ca3c0e2 s4:dsdb/acl_read: do search for instanceType AS_SYSTEM and
with SHOW_RECYCLED
via 53b100b s4:dsdb/acl: calculate the correct access_mask when
modifying nTSecurityDescriptor
via 95b480f s4:dsdb/acl: don't protect confidential attributes when
acl:search = yes is set
via 3d57f17 s4:dsdb/acl: remove unused acl:perform option
via 329afc1 s4:dsdb/acl: do helper searches AS_SYSTEM and with
SHOW_RECYCLED
via 4289859 s4:dsdb/descriptor: make it clear that the SD Flags are
ignored on add
via f018772 s4:dsdb/descriptor: make use of dsdb_request_sd_flags()
via 67045fa s4:dsdb/descriptor: always use descriptor_search_callback
if we return nTSecurityDescriptor
via 690b5e1 s4:dsdb/descriptor: do searches for nTSecurityDescriptor
AS_SYSTEM and with SHOW_RECYCLED
via 2916313 s4:dsdb/acl_util: add dsdb_request_sd_flags() helper
function
via 1cdecf1 s4:dsdb/acl_util: do helper searches AS_SYSTEM
via 8d900d0 s4:dsdb/extended_dn_store: do helper searches AS_SYSTEM
via 659277a s4:dsdb/extended_dn_in: do helper searches AS_SYSTEM and
with SHOW_RECYCLED
via 844b736 s4:dsdb/objectclass: do helper searches AS_SYSTEM and with
SHOW_RECYCLED
via a882b41 s4:dsdb/rootdse: do helper searches AS_SYSTEM
via 964d96d s4:dsdb/rootdse: remove unused variable
via 4970d3c s4:tests/samba_tool/gpo.py: fix accidential line break
via a581242 s4:tests/samba_tool/gpo.py: add test_show_as_admin()
via 325e921 s4:netcmd/gpo.py: let get_gpo_info explicitly ask for the
full ntSecurityDescriptor
via 6779996 s4:netcmd/gpo.py: only ask for OWNER/GROUP/DACL when
validating the nTSecurityDescriptor
via 6bffad6 s4:netcmd/gpo.py: the nTSecurityDescriptor may
