[Samba] WERR_GENERAL_FAILURE joining Samba4 to Win 2k3 domain with Exchange 2007
Hello, I am having a problem joining a Debian/Samba4 machine as a DC to a Windows 2003 level AD domain. The domain has Exchange Server 2007 schema extensions wiht a single Exchange Server which is also the domain controller. I ran the domian join with debug level 10 set, here is what I see: ... a:GUID=redacted;CN=owa (Default Web Site), CN=HTTP,CN=Protocols,CN=servername,CN=Servers,CN=Exchange Administrative Group ( FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=jaydcarter,DC=com,DC=local msExchOWATranscodingMimeTypes: S:52: a:GUID=redacted;CN=owa (Default Web Si te),CN=HTTP,CN=Protocols,CN=servername,CN=Servers,CN=Exchange Administrative Gro up (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Micros oft Exchange,CN=Services,CN=Configuration,DC=jaydcarter,DC=com,DC=local msExchOWATranscodingMimeTypes: S:58: a:GUID=redacted;CN=owa (Default Web Site),CN=HTTP,CN=Protocols,CN=servername,CN=Servers,CN=Exchange Administrati ve Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN= Microsoft Exchange,CN=Services,CN=Configuration,DC=jaydcarter,DC=com,DC=local msExchOWATranscodingFlags: 1 msExchVersion: 4535486012416 ../source4/dsdb/samdb/ldb_modules/linked_attributes.c:164: Failed to find GUID for dn (null) replmd_op_callback failure. Error is: Invalid DN syntax Failed to apply records: Failed to find GUID for (null): Invalid DN syntax Failed to commit objects: WERR_GENERAL_FAILURE Join failed - cleaning up ... If I am reading the log correctly, msExchVersion is the last directory element that was successfully loaded; what I need to know is the next element which apparently fails - there are about 15 elements remaining inside the 'owa (Default Web Site)' cn tha have not been imported so I can't tell exactly which one is failing. I have found several references to the WERR_GENERAL_FAILURE occurring with Exchange Server in the schema, but nothing that points to a solution. Samba is version 4.0.5, running on Linux core 3.2.0-4-amd64 #1 SMP Debian 3.2.35-2 x86_64 GNU/Linux Any ideas or suggestions appreciated! Thanks, Jay D. Carter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] About Samba for SCOUnix
Greetings, we got a SCO Unix Openserver runnin Samba Printing Service, by the day when try to print in Windows 8 it's impossible, the job is sended and the server doesn't send any error but the page never comes out.Do you have any idea about the problem or where can I found a solution? Thanks. David Antonio Bocaletti Comparini Asistente Tecnico Informatica Laboratorios Donovan Werke A.G.,S.A. Tel. 24126200 ext 6161 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Access Denied when creating a GPO with any other domain admins than administrator
Hello, I have a strange issue with Samba 4 as an AD DC regarding GPO creation. I use the following packages on Debian wheezy: dpkg -l | grep samba ii libsamba-credentials0:i386 4.0.0+dfsg1-1i386 Samba Credentials management library ii libsamba-hostconfig0:i3864.0.0+dfsg1-1i386 Samba host configuration library ii libsamba-policy0:i3864.0.0+dfsg1-1i386 Samba policy management ii libsamba-util0:i386 4.0.0+dfsg1-1i386 Samba utility function library ii python-samba 4.0.0+dfsg1-1i386 Python bindings for Samba rc samba2:3.6.6-3i386 SMB/CIFS file, print, and login server for Unix ii samba-common 2:3.6.10-1 all common files used by both the Samba server and client ii samba-common-bin 2:3.6.10-1 i386 common files used by both the Samba server and client ii samba-dsdb-modules 4.0.0+dfsg1-1i386 Samba Directory Services Database ii samba4 4.0.0+dfsg1-1i386 SMB/CIFS file, NT domain and active directory server (version 4) ii samba4-clients 4.0.0+dfsg1-1i386 client utilities from Samba 4 ii samba4-common-bin4.0.0+dfsg1-1i386 Samba 4 common files used by both the server and the client I created an administrative account called admin-domain which is member of the following groups: - Administrators - Domain Admins - Domain Users - Group Policy Creator Owners If I logon with the administrator account, then there is no problem to create a new GPO with the group policy management application from the windows 8 client. However, if I logon with the admin-domain account, is is not possible to create a GPO. The error given is Access Denied I checked and there is no problem for admin-domain to write in the sysvol share. For me being member of Domain Admins and writing to sysvol rights shall be enough to write a GPO. Apart from that, the GPO are correctly applied and I see no other issue. I am sure missing something, but I can't figure out what... Thanks for your help. Antoine -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Access Denied when creating a GPO with any other domain admins than administrator
On 14/05/13 18:40, Antoine Vacher wrote: Hello, I have a strange issue with Samba 4 as an AD DC regarding GPO creation. I use the following packages on Debian wheezy: dpkg -l | grep samba ii libsamba-credentials0:i386 4.0.0+dfsg1-1i386 Samba Credentials management library ii libsamba-hostconfig0:i3864.0.0+dfsg1-1i386 Samba host configuration library ii libsamba-policy0:i3864.0.0+dfsg1-1i386 Samba policy management ii libsamba-util0:i386 4.0.0+dfsg1-1i386 Samba utility function library ii python-samba 4.0.0+dfsg1-1i386 Python bindings for Samba rc samba2:3.6.6-3i386 SMB/CIFS file, print, and login server for Unix ii samba-common 2:3.6.10-1 all common files used by both the Samba server and client ii samba-common-bin 2:3.6.10-1 i386 common files used by both the Samba server and client ii samba-dsdb-modules 4.0.0+dfsg1-1i386 Samba Directory Services Database ii samba4 4.0.0+dfsg1-1i386 SMB/CIFS file, NT domain and active directory server (version 4) ii samba4-clients 4.0.0+dfsg1-1i386 client utilities from Samba 4 ii samba4-common-bin4.0.0+dfsg1-1i386 Samba 4 common files used by both the server and the client I created an administrative account called admin-domain which is member of the following groups: - Administrators - Domain Admins - Domain Users - Group Policy Creator Owners If I logon with the administrator account, then there is no problem to create a new GPO with the group policy management application from the windows 8 client. However, if I logon with the admin-domain account, is is not possible to create a GPO. The error given is Access Denied I checked and there is no problem for admin-domain to write in the sysvol share. For me being member of Domain Admins and writing to sysvol rights shall be enough to write a GPO. Apart from that, the GPO are correctly applied and I see no other issue. : I am sure missing something, but I can't figure out what... Thanks for your help. Antoine Hi A quick check, try running: samba-tool ntacl sysvolreset -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] frequent tdb corruption
Hi Andrew, Can you please clarify: - Is the filesystem on this disk in any way shared? - Is the block device involved in any way shared? I'm not 100% sure what you mean by shared in this context, but the filesystem where the tdbs are stored is: pair of local disks = mirrored together via zfs = zfs filesystem. In case it's relevant: the samba config files are stored on a different filesystem. There are a set of multiple disks which are mirrored over the network with FreeBSD's HAST (pretty much equivalent to DRBD), and the HAST devices are then combined into a RAIDZ2 pool. I have recently had some disk problems with the filesystem where the samba config files are stored (but no problems with the filesystem which stores the tdbs) - is there any mechanism whereby e.g. a timeout in smbd trying to read it's config file could cause problems with the tdbs? - Has the server ever had a unexpected poweroff? No; I installed a different version of FreeBSD (downgraded from 9.1 to 9.0) a week ago to see if it made any difference. The OS partitions were totally wiped and reinstalled, and since then the server has been powered-up and stable, and still exhibiting corrupt tdbs. - Do Samba processes ever crash? No. If the answer is no to all these, then I would strongly suspect a hardware or OS/kernel issue. I'd have said the same, but I've seen this problem on two (nominally) identical pieces of hardware (whilst that doesn't rule out hardware, I think it reduces the likelihood). I do plan to run memtest etc when I can, though. Also, I'm running the same OS/kernel on another server which is *almost* identical hardware, and that's been completely trouble-free for over a year. Could you put your TDB files on a different file system, to rule in our out ZFS (or the glue between FreeBSD and ZFS)? I can certainly give that a go! Thanks for the help, Adam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] frequent tdb corruption
Hi On 16 May 2013 12:15, Adam Thorn al...@cam.ac.uk wrote: Hi Andrew, Can you please clarify: - Is the filesystem on this disk in any way shared? - Is the block device involved in any way shared? I'm not 100% sure what you mean by shared in this context, but the filesystem where the tdbs are stored is: pair of local disks = mirrored together via zfs = zfs filesystem. In case it's relevant: the samba config files are stored on a different filesystem. There are a set of multiple disks which are mirrored over the network with FreeBSD's HAST (pretty much equivalent to DRBD), and the HAST devices are then combined into a RAIDZ2 pool. I think this is what Andrew was asking about. DRDB, unless you have a cluster filesystem, needs to have only a single machine accessing the filesystem at a time. HAST's homepage says the same: HAST works in Primary-Secondary (Master-Backup, Master-Slave) configuration, which means that only one of the cluster nodes can be active at any given time. I think Andrew was asking if perhaps you had two machine accessing the filesystem at once. Do you still get the corruption with a local ZFS filesystem? -- Michael Wood esiot...@gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] frequent tdb corruption
On Thu, May 16, 2013 at 11:15:51AM +0100, Adam Thorn wrote: Hi Andrew, Can you please clarify: - Is the filesystem on this disk in any way shared? - Is the block device involved in any way shared? I'm not 100% sure what you mean by shared in this context, but the filesystem where the tdbs are stored is: pair of local disks = mirrored together via zfs = zfs filesystem. In case it's relevant: the samba config files are stored on a different filesystem. There are a set of multiple disks which are mirrored over the network with FreeBSD's HAST (pretty much equivalent to DRBD), and the HAST devices are then combined into a RAIDZ2 pool. I have recently had some disk problems with the filesystem where the samba config files are stored (but no problems with the filesystem which stores the tdbs) - is there any mechanism whereby e.g. a timeout in smbd trying to read it's config file could cause problems with the tdbs? - Has the server ever had a unexpected poweroff? No; I installed a different version of FreeBSD (downgraded from 9.1 to 9.0) a week ago to see if it made any difference. The OS partitions were totally wiped and reinstalled, and since then the server has been powered-up and stable, and still exhibiting corrupt tdbs. - Do Samba processes ever crash? No. If the answer is no to all these, then I would strongly suspect a hardware or OS/kernel issue. I'd have said the same, but I've seen this problem on two (nominally) identical pieces of hardware (whilst that doesn't rule out hardware, I think it reduces the likelihood). I do plan to run memtest etc when I can, though. Also, I'm running the same OS/kernel on another server which is *almost* identical hardware, and that's been completely trouble-free for over a year. Could you put your TDB files on a different file system, to rule in our out ZFS (or the glue between FreeBSD and ZFS)? I can certainly give that a go! use mmap = no might provide another data point. Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Procedure for installing Windows drivers on Samba with CUPS
Hi, I have spend a lot of time searching for a solution to automatically install printerdrivers over the network until I stumbled on this. I followed your method with samba 4.0.5 in Ubuntu 12.04 and a windows 7 professional x64 client and everything worked. I had some problems at finding ntprint at first but this tutorial: http://techsugar.wordpress.com/2011/04/26/obtaining-ntprint-inf-file-when-installing-x86-printer-drivers-on-windows-server-2008-64-bit/has helped me to obtain it. Now my drivers are automatically installed, if only the printing in samba 4.0.5 would work that would be nice... Best regards Tim Vangehugten 2013/5/13 Adam Nielsen adam.niel...@uq.edu.au Hi all, This isn't a plea for help, but rather I have just been through the procedure for installing Windows drivers on a Samba machine using CUPS, and I thought I'd post my notes in case it helps someone one day as the documentation doesn't focus too strongly on my particular set up (it focuses on using Windows drivers without CUPS, or PostScript drivers with CUPS, but there's less about using Windows drivers with CUPS.) So if you are using CUPS and Samba, and you want to use point-n-print on your Windows machines with the manufacturer's drivers (in this case Ricoh MFDs) here is the process, which has only been tested on Win 7 64-bit, and assumes you have already set up the print$ share and can write to it from the Windows machine you will be using for this procedure. 1. Create a new CUPS print queue. IPP works best, but any protocol will do (IPP causes usernames and job titles to appear on our machines' front panels.) 2. Select the Raw manufacturer, with the Raw Queue model and continue until the queue is ready. 3. killall -HUP smbd to make it see the new printer, possibly even killing your own session (smbstatus | grep username then kill those PIDs.) 4. Run \\server and on the menu below the normal menu (where it says Organize, Search, etc.) choose the last option View remote printers. This view allows remote printers to be examined without trying to install them. 5. If the printer is not visible, in the address bar type in \\server\queuename and then cancel anything that comes up, and go back and refresh the list of printers. The missing queue should now be visible. It seems to take a while before it will show up reliably. 6. Right-click properties on the new printer, and when asked to install the '' driver, it is *very* important to say no. 7. On the Advanced tab click New Driver, then follow the prompts. If the New Driver button is greyed out, you need to give yourself more permissions. Giving permission to an AD group doesn't seem to work, you seem to have to grant your own (Windows) user print management permissions with the 'net' command (on the Linux box.) This worked for me: $ net -U server\\root rpc rights grant 'DOMAIN\username' SePrintOperatorPrivilege 8. In the New Driver window, click Have Disk and find the driver you want to install. 9. If you get an error about needing x64 drivers, edit the driver's .inf file in the driver and replace all instances of NT.5.1 (or higher) with NT.5.0. If this doesn't work, duplicating the 64-bit stuff and putting it in a header for 32-bit works too (but this is only advisable if you don't have any 32-bit Windows machines.) 10. Click OK to close the printer properties and don't worry if you get a weird error. 11. Click properties again and you should see the full printer properties with the new driver. 12. On the Sharing tab click Additional Drivers and install the x64 drivers (it seems to install only 32-bit ones.) If you are prompted for where to install them from select the same driver again. 13. On the Advanced tab make sure you click Printing Defaults and change something and apply the changes so the default settings aren't null (you can change it back, but usually you have to change it to A4 or set paper-to-tray assignments anyway.) 14. On the General tab make sure the queue name matches the CUPS queue name. Some drivers change this from something like my-queue to Bob's Fantastic Printer Company PCL 6, but you won't be able to install the printer on client machines if the names don't match. 15. You should be able to double-click on the printers from client machines normally and have the driver install automatically now. If you get prompted for admin access and you're connected to a domain, add your Samba server in to the approppriate group policy so drivers can be installed from it with no elevation required. Plenty of pages on Google explaining this. 16. If you get an error installing the printer (something about being unable to install the driver), wait for a few hours as this often helps. Maybe restarting Samba would help too, but for us it was a production machine so that wasn't possible. I have successfully used this procedure to install four Ricoh MFDs and their fax
[Samba] samba3/4: libpopt version
Hallo, I'm just playing with samba-4.0.5 (slackware), running as samba3 (and replacing/updating samba-3.6.x). Seems to work fine - many thanks! Perhaps one problem: when I start the server or when I run smbclient -N -L hostname (and perhaps with some other start commands) then samba tells me smbclient: /usr/lib/libpopt.so.0: no version information available (required by smbclient) smbclient: /usr/lib/libpopt.so.0: no version information available (required by /usr/lib/libpopt_samba3.so) My actual slackware distribution comes with popt-1.16. Is that message only a remark, or is it a warning, or is it an error message? Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Procedure for installing Windows drivers on Samba with CUPS
On Thu, 2013-05-16 at 15:22 +0200, Tim Vangehugten wrote: if only the printing in samba 4.0.5 would work that would be nice... Hi The printing doesn't work in 4.0.5 https://bugzilla.samba.org/show_bug.cgi?id=9745 maybe you could add this thread/your use case to the bugzilla? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] frequent tdb corruption
In case it's relevant: the samba config files are stored on a different filesystem. There are a set of multiple disks which are mirrored over the network with FreeBSD's HAST (pretty much equivalent to DRBD), and the HAST devices are then combined into a RAIDZ2 pool. I think this is what Andrew was asking about. DRDB, unless you have a cluster filesystem, needs to have only a single machine accessing the filesystem at a time. HAST's homepage says the same: HAST works in Primary-Secondary (Master-Backup, Master-Slave) configuration, which means that only one of the cluster nodes can be active at any given time. I think Andrew was asking if perhaps you had two machine accessing the filesystem at once. Ah, I see. In which case, the answer is no: it'll never have been running in a primary/primary configuration. Also, just to reiterate - although my samba config files are on the HAST, the tdbs are very definitely local. Do you still get the corruption with a local ZFS filesystem? I can certainly move my samba config to local disk to see if it improves matters. I'm just curious if there's an obvious problem with having the config files on the HAST? (given that we take every possible precaution to avoid primary/primary situations, and our automated monitoring pays close attention to that). Thanks, Adam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] frequent tdb corruption
On Thu, 2013-05-16 at 13:29 +0200, Volker Lendecke wrote: use mmap = no might provide another data point. Hi Volker, Thanks, but I tried setting that some time ago - I continued to see tdb corruption, so have since returned to not explicitly setting any value for use mmap. Adam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.x server with LDAP backend doesn't work
We have a central LDAP server for our enterprise on a Linux box. I have installed Samba 3.4.4 server on an AIX server and trying to get users authenticated via LDAP server. So far my efforts have been unsuccessful. Here is my ldap section of the smb.conf file: passdb backend = ldapsam:ldaps://company_ldap_server/ ldap ssl = start tls ldap suffix = dc=xxx,dc=yyy,dc=zzz ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups Here is the error I am seeing in the Samba errorlog: [2013/05/16 11:08:14, 0] lib/smbldap.c:656(smb_ldap_start_tls) Failed to issue the StartTLS instruction: Can't contact LDAP server [2013/05/16 11:08:14, 1] lib/smbldap.c:1231(another_ldap_try) Connection to LDAP server failed for the 1 try! Is there a documented procedure on how to connect samba users to a backend ldap server? Any help with is greatly appreciated Thanks, Prakash ** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.x server with LDAP backend doesn't work
Is there a documented procedure on how to connect samba users to a backend ldap server? Chapter 5 of Samba 3 by Example http://www.samba.org/samba/docs/man/Samba-Guide/happy.html PDF version: http://www.samba.org/samba/docs/Samba3-ByExample.pdf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.x server with LDAP backend doesn't work
Did you try w/o start TLS support? I realize this can have security implications, so this is only to see if the problem is with TLS or with the configuration in general. It the LDAP server is on the same server as the samba server then I don't think you will need TLS encryption, since there isn't LAN traffic to snoop. don't forget to set set the ldap password with smbpasswd -w Also I think ldaps means ldap over SSL, not ldap+tls. I would also use ldapclient tools (e.g. the command line ldapsearch or the gui Apache Directory Studio ldap browser and editor) to make sure you can connect to the ldap server via LDAP, LDAP+TLS and/or LDAPS-over-SSL. You need to make sure you have all the certificates configured correctly. On 05/16/13 11:27, Gollapalli, Prakash wrote: We have a central LDAP server for our enterprise on a Linux box. I have installed Samba 3.4.4 server on an AIX server and trying to get users authenticated via LDAP server. So far my efforts have been unsuccessful. Here is my ldap section of the smb.conf file: passdb backend = ldapsam:ldaps://company_ldap_server/ ldap ssl = start tls ldap suffix = dc=xxx,dc=yyy,dc=zzz ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups Here is the error I am seeing in the Samba errorlog: [2013/05/16 11:08:14, 0] lib/smbldap.c:656(smb_ldap_start_tls) Failed to issue the StartTLS instruction: Can't contact LDAP server [2013/05/16 11:08:14, 1] lib/smbldap.c:1231(another_ldap_try) Connection to LDAP server failed for the 1 try! Is there a documented procedure on how to connect samba users to a backend ldap server? Any help with is greatly appreciated Thanks, Prakash ** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Procedure for installing Windows drivers on Samba with CUPS
On 05/16/2013 10:46 AM, steve wrote: On Thu, 2013-05-16 at 15:22 +0200, Tim Vangehugten wrote: if only the printing in samba 4.0.5 would work that would be nice... Hi The printing doesn't work in 4.0.5 https://bugzilla.samba.org/show_bug.cgi?id=9745 maybe you could add this thread/your use case to the bugzilla? Cheers, Steve 4.0.5 is useless without printing. I've backed out of 4.0.5. . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 Trust Relationship AD
Hi, does anybody knows if Samba 4 supports Trust Relationship with Active Directory 2003, 2008 ? Thanks! -- Ricardo Suguita Analista de Redes CSCO11723146 Prefeitura Unicamp Ramal 14619 // Fone +55(19)3521-4619 http://www.prefeitura.unicamp.br Cidade Universitária Zeferino Vaz Rua Roxo Moreira, 1831 Campinas, SP – Brasil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Im just curious
Hi, Is it possible (well, look like it works) to include a preconfigured bind zone to samba named.conf, so I don't get that annoying zone conflict error message while I start bind? Actualy, the important question is, this kind of configuration could interfere with samba4 if the server is configured to use BIND9_DLZ? -- Kind regards: Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.x server with LDAP backend doesn't work
Did you try w/o start TLS support? I realize this can have security implications, so this is only to see if the problem is with TLS or with the configuration in general. I have tried without TLS support and without SSL (replaced ldaps with ldap) passdb backend = ldapsam:ldap://company_ldap_server/ ldap ssl = off ldap admin dn = cn=Adminid,dc=xxx,dc=yyy,dc=zzz ldap suffix = dc=xxx,dc=yyy,dc=zzz ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups Now I get the following error: [2013/05/16 16:38:14, 0] lib/smbldap.c:1052(smbldap_connect_system) failed to bind to server ldap://company_ldap_server/ with dn=cn=Adminid,dc=xxx,dc=yyy,dc=zzz Error: Confidentiality required (unknown) It the LDAP server is on the same server as the samba server then I don't think you will need TLS encryption, since there isn't LAN traffic to snoop. Our LDAP server is not on the same server. It is a central enterprise server don't forget to set set the ldap password with smbpasswd -w I did this part for the Adminid Also I think ldaps means ldap over SSL, not ldap+tls. I would also use ldapclient tools (e.g. the command line ldapsearch or the gui Apache Directory Studio ldap browser and editor) to make sure you can connect to the ldap server via LDAP, LDAP+TLS and/or LDAPS-over-SSL. You need to make sure you have all the certificates configured correctly. LDAP authentication works perfectly directly from our AIX server. I can do ldapsearches and can login with my ldap credentials etc.. Only samba authentication doesn't work Thanks, Prakash ** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Failure to join existing domain Windows 2003 Server domain
I compiled samba-4.0.5 from source on Ubuntu 12.04 and was following the instructions here: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC The exact command I executed was: root@va-dc:/usr/local/samba# bin/samba-tool domain join win.starpoint.comhttp://win.starpoint.com DC -Uadministrator --realm=win.starpoint.comhttp://win.starpoint.com --dns-backend=BIND9_DLZ --workgroup win --server va-bdc.win.starpoint.comhttp://va-bdc.win.starpoint.com I added the server parameter to force the replication to use a DC local to me. The join seemed to be going along fine until I hit this error: Partition[CN=Configuration,DC=WIN,DC=STARPOINT,DC=COM] objects[2321] linked_values[0] Partition[CN=Configuration,DC=WIN,DC=STARPOINT,DC=COM] objects[2497] linked_values[53] Failed to apply records: Failed to find GUID for (null): Invalid DN syntax Failed to commit objects: WERR_GENERAL_FAILURE Join failed - cleaning up checking sAMAccountName Deleted CN=VA-DC,OU=Domain Controllers,DC=WIN,DC=STARPOINT,DC=COM Deleted CN=NTDS Settings,CN=VA-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIN,DC=STARPOINT,DC=COM Deleted CN=VA-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIN,DC=STARPOINT,DC=COM ERROR(type 'exceptions.TypeError'): uncaught exception - Failed to process chunk: NT_STATUS_UNSUCCESSFUL File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1104, in join_DC ctx.do_join() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 1009, in do_join ctx.join_replicate() File /usr/local/samba/lib/python2.7/site-packages/samba/join.py, line 734, in join_replicate replica_flags=ctx.replica_flags) File /usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py, line 252, in replicate schema=schema, req_level=req_level, req=req) I reran the command a few times specifying slightly higher debug levels (1,2,3) but didn't get any more information just before the exception but I did see warnings like this: Analyze and apply schema objects ../source4/dsdb/schema/schema_syntax.c:1021: Unknown governsID 0x00030006 Warning: Failed to convert schema object CN=ms-Exch-MHS-Link-Monitoring-Config,CN=Schema,CN=Configuration,DC=WIN,DC=STARPOINT,DC=COM into ldb msg ../source4/dsdb/schema/schema_syntax.c:1021: Unknown governsID 0x00030006 Warning: Failed to convert schema object CN=ms-Exch-MHS-Server-Monitoring-Config,CN=Schema,CN=Configuration,DC=WIN,DC=STARPOINT,DC=COM into ldb msg ../source4/dsdb/schema/schema_syntax.c:1021: Unknown governsID 0x00030041 Warning: Failed to convert schema object CN=ms-Exch-Protocol-Cfg-Shared-Site,CN=Schema,CN=Configuration,DC=WIN,DC=STARPOINT,DC=COM into ldb msg ../source4/dsdb/schema/schema_syntax.c:1021: Unknown governsID 0x00030002 Warning: Failed to convert schema object CN=ms-Exch-DX-Requestor,CN=Schema,CN=Configuration,DC=WIN,DC=STARPOINT,DC=COM into ldb msg What should I do to further troubleshoot this? Thanks in advance for any suggestions. Tony Nelson Starpoint Solutions Below is the entire output of the command in case I missed anything useful. root@va-dc:/usr/local/samba# bin/samba-tool domain join win.starpoint.comhttp://win.starpoint.com DC -Uadministrator --realm=win.starpoint.comhttp://win.starpoint.com --dns-backend=BIND9_DLZ --workgroup win --server va-bdc.win.starpoint.comhttp://va-bdc.win.starpoint.com -d 3 lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf params.c:pm_process() - Processing configuration file /usr/local/samba/etc/smb.conf GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Password for [WIN\administrator]: workgroup is WIN realm is WIN.STARPOINT.COMhttp://WIN.STARPOINT.COM checking sAMAccountName Adding CN=VA-DC,OU=Domain Controllers,DC=WIN,DC=STARPOINT,DC=COM Adding CN=VA-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIN,DC=STARPOINT,DC=COM Adding CN=NTDS Settings,CN=VA-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIN,DC=STARPOINT,DC=COM Using binding ncacn_ip_tcp:va-bdc.win.starpoint.comhttp://bdc.win.starpoint.com[,seal] Adding SPNs to CN=VA-DC,OU=Domain Controllers,DC=WIN,DC=STARPOINT,DC=COM Setting account password for VA-DC$ Enabling account Calling bare provision lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf params.c:pm_process() - Processing configuration file
Re: [Samba] Samba 3.x server with LDAP backend doesn't work
And just to clarify you can use ldapsearch with the samba admin credentials as well? What is the ldap server? (Openldap ?) On 05/16/13 16:44, Gollapalli, Prakash wrote: Did you try w/o start TLS support? I realize this can have security implications, so this is only to see if the problem is with TLS or with the configuration in general. I have tried without TLS support and without SSL (replaced ldaps with ldap) passdb backend = ldapsam:ldap://company_ldap_server/ ldap ssl = off ldap admin dn = cn=Adminid,dc=xxx,dc=yyy,dc=zzz ldap suffix = dc=xxx,dc=yyy,dc=zzz ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups Now I get the following error: [2013/05/16 16:38:14, 0] lib/smbldap.c:1052(smbldap_connect_system) failed to bind to server ldap://company_ldap_server/ with dn=cn=Adminid,dc=xxx,dc=yyy,dc=zzz Error: Confidentiality required (unknown) It the LDAP server is on the same server as the samba server then I don't think you will need TLS encryption, since there isn't LAN traffic to snoop. Our LDAP server is not on the same server. It is a central enterprise server don't forget to set set the ldap password with smbpasswd -w I did this part for the Adminid Also I think ldaps means ldap over SSL, not ldap+tls. I would also use ldapclient tools (e.g. the command line ldapsearch or the gui Apache Directory Studio ldap browser and editor) to make sure you can connect to the ldap server via LDAP, LDAP+TLS and/or LDAPS-over-SSL. You need to make sure you have all the certificates configured correctly. LDAP authentication works perfectly directly from our AIX server. I can do ldapsearches and can login with my ldap credentials etc.. Only samba authentication doesn't work Thanks, Prakash ** Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Trust Relationship AD
Hello Ricardo, Am 16.05.2013 21:42, schrieb Ricardo Suguita: does anybody knows if Samba 4 supports Trust Relationship with Active Directory 2003, 2008 ? Trusts are currently not finished implemented. Samba can be trusted, but can't trust yet. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Trust Relationship AD
On Fri, 17 May 2013, Marc Muehlfeld wrote: Samba can be trusted, but can't trust yet. And that's the way it should be! -s -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Im just curious
Hello, Am 16.05.2013 22:41, schrieb Sandbox: Is it possible (well, look like it works) to include a preconfigured bind zone to samba named.conf, so I don't get that annoying zone conflict error message while I start bind? Actualy, the important question is, this kind of configuration could interfere with samba4 if the server is configured to use BIND9_DLZ? Do you mean, that you have already a zone in Bind and now you want the BIND9_DLZ module to use that zone for your AD? A mixed zonefile (samba LDB and Bind)? I think this is not possible and you won't be able to administrate it from windows or by samba-tool. There was a BIND9_flatfile option for provisioning in the past. But Kai Blin (he wrote the internal DNS server) told me yesterday on SambaXP, that this option is very old and there's not really a documentation how to make it run. So this isn't a good solution, either. But you could write a small script, to import your existing records with samba-tool into the samba LDB (of course you can keep Bind and use the DLZ module, if you like that backend). Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 5e03f1e GUI: Remove dead links/update links. from 01af175 Add link to Richard's The-Samba-VFS.pdf. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 5e03f1e35a6447a799120d05b3d67c38ada4097c Author: Karolin Seeger ksee...@samba.org Date: Thu May 16 09:54:46 2013 +0200 GUI: Remove dead links/update links. This fixes bug #9741 - dead or flaw links in http://www.samba.org/samba/GUI/. Thanks to andreas.matt...@tu-dresden.de for reporting! Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: GUI/index.html | 42 ++ 1 files changed, 6 insertions(+), 36 deletions(-) Changeset truncated at 500 lines: diff --git a/GUI/index.html b/GUI/index.html index 0fd2ad9..767148a 100755 --- a/GUI/index.html +++ b/GUI/index.html @@ -24,7 +24,7 @@ look and feel can be easily adapted to users' needs. h3Smb4K - An SMB share browser for KDE/h3 -pa href=http://smb4k.berlios.de/;Smb4K/a is an SMB share +pa href=http://smb4k.sf.net;Smb4K/a is an SMB share browser for KDE. Its features are inspired by Komba2 by Frank Schwanz. It uses the Samba software suite for an easy access to the SMB shares of your local network neighborhood./p @@ -57,33 +57,11 @@ CGI-binary. You can get more information at a href=http://www.scintilla.utwente.nl/users/frank/smb2www/;http://www.scintilla .utwente.nl/users/frank/smb2www//a./p -h3smbconftool/h3 - -pThis is a Java based tool for smb.conf editing. It is the only one I -know of that preserves comments in existing config files (which is -something I've been trying to work out how to do with SWAT)./p - -pYou can find out more and download the sources from a -href=http://www.eatonweb.com/samba/;here/a./p - h3smb-mode.el - Emacs mode/h3 pa href=http://jrweare.googlepages.com/smb-mode.html;smb-mode.el/a is an Emacs mode for editing smb.conf. /p -h3xSMBrowser - a GUI interface to smbclient/h3 - -pJeffri Fox has written a browser interface using smbclient. -You can find out more and download the sources from a -href=http://www.public.iastate.edu/~chadspen/;here/a./p - -h3GSMB - a GTK interface to smbpasswd/h3 - -pLaurent Foucher has written a GTK interface to the smbpasswd encrypted -password file. You can find more information at the a -href=http://savage.iut-blagnac.fr/projets/developpement/gsmb/;GSMB -home page/a./p - h3gnomba - A GNOME SMB Subnet Scanner/h3 pa href=http://gnomba.sourceforge.net/;Gnomba/a @@ -111,7 +89,7 @@ and can be found a href=http://boombox.campus.luth.se/sambasentinel.php;here h3komba2 - A KDE SMB Subnet Scanner/h3 -pa href=http://komba.sourceforge.net/;Komba2/a +pa href=http://sourceforge.net/projects/komba/;Komba2/a is a GUI machine and share browser for the SMB protocol. Komba2 allows you to scan any number of subnets for machines with SMB. The workgroups, @@ -154,7 +132,7 @@ hosts, and shares on it, mount this shares./p h3B+B Samba Admin Tool/h3 pThis is a graphical config tool created by HP to go along with their -port of a href=http://jazz.external.hp.com/src/samba/;Samba to +port of a href=http://web.guicar.com/Linux/BbSat/;Samba to MPE/iX/a. The tool is freely available. /p h3ChangePassword/h3 @@ -173,7 +151,7 @@ download/upload files and directories or create them both locally and remotely. SMBC features the resume capability and UTF-8 encoding support./p h3SMB Web Client/h3 -pa href=http://smbwebclient.sourceforge.net/;SMB Web Client/a is a +pa href=http://sourceforge.net/projects/smbwebclient/;SMB Web Client/a is a single PHP script to access Windows Networks similar to Windows Network Environment. It requires smbclient, PHP 4.1.x+, and a web server./p @@ -192,22 +170,14 @@ system (with SSL). Possibilities include: view connections, disconnect a user, or send a message (with smbclient -M). For more info see, a href=http://qtsmbstatus.free.fr/;http://qtsmbstatus.free.fr//a./p -h3Samba Console/h3 -pa href=http://imc.sourceforge.net/samba-console.html;Samba Console/a is the -first console developped for IMC (IDEALX Management Console). It offers a simple -and ergonomic interface for managing a Samba domain controler. The goal is to -give a better experience to the new Linux administrators that need to manage a -production Samba server from anywhere using a simple web browser./p - - h3LDAP Admin/h3 pa href=http://ldapadmin.sourceforge.net/;Ldap Admin/a is a free Win32 application for managing LDAP directories. This tool lets you browse, search, modify, create and delete objects on an LDAP server./p h3SMBNetFS/h3 -pa href=http://smbnetfs.airm.net/;SMBNetFS/a is a Linux filesystem that -allow you to use samba/microsoft network in +pa href=http://sourceforge.net/projects/smbnetfs/;SMBNetFS/a is a
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via d8b7721 GUI: Add paragraph to add missing blank line. from 5e03f1e GUI: Remove dead links/update links. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit d8b7721379d8ac89dfb69ffe57fba471d98acf45 Author: Karolin Seeger ksee...@samba.org Date: Thu May 16 10:01:25 2013 +0200 GUI: Add paragraph to add missing blank line. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: GUI/index.html |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/GUI/index.html b/GUI/index.html index 767148a..5b373db 100755 --- a/GUI/index.html +++ b/GUI/index.html @@ -15,12 +15,12 @@ find the URLs./p h3GOsa - A PHP-based administration tool for role-based managing of accounts and systems in LDAP databases./h3 -a href=http://alioth.debian.org/projects/gosa;GOsa/a is a +pa href=http://alioth.debian.org/projects/gosa;GOsa/a is a PHP-based administration tool for role-based managing of accounts and systems in LDAP databases. Standard configurations can manage generic, POSIX/shadow, postfix/cyrus/sieve, pureftpd, fax, and samba 2/3 accounts in LDAP. It has plugins for system/terminal management. The -look and feel can be easily adapted to users' needs. +look and feel can be easily adapted to users' needs./p h3Smb4K - An SMB share browser for KDE/h3 -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 51533ee winbind4: Fix bug 9832 -- talloc use after free from 7ff3cbd source4/winbind/wb_samba3_cmd.c: Fix typo in comment. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 51533eedd7fa162bf8113f1f551064c01741e40e Author: Volker Lendecke v...@samba.org Date: Tue May 7 10:17:26 2013 +0200 winbind4: Fix bug 9832 -- talloc use after free Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Thu May 16 13:37:41 CEST 2013 on sn-devel-104 --- Summary of changes: source4/winbind/wb_server.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/winbind/wb_server.c b/source4/winbind/wb_server.c index 335bdbc..983f9f5 100644 --- a/source4/winbind/wb_server.c +++ b/source4/winbind/wb_server.c @@ -56,7 +56,7 @@ static void wbsrv_call_loop(struct tevent_req *subreq) if (!NT_STATUS_IS_OK(status)) { const char *reason; - reason = talloc_asprintf(call, wbsrv_call_loop: + reason = talloc_asprintf(wbsrv_conn, wbsrv_call_loop: tstream_read_pdu_blob_recv() - %s, nt_errstr(status)); if (!reason) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via c5173ab s3-docs: Remove experimental label on max protocol=SMB2 parameter from 16ed254 Makefile: Fix bug 9868 -- Don't know how to make LIBNDR_PREG_OBJ. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit c5173ab356e49625da01d4f2e703f53748d7db4a Author: SATOH Fumiyasu fumi...@osstech.co.jp Date: Wed Feb 27 02:06:32 2013 +0900 s3-docs: Remove experimental label on max protocol=SMB2 parameter Fix bug #9688 - smb.conf(5) says: max protocol=SMB2 is experimental. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: docs-xml/smbdotconf/protocol/maxprotocol.xml |3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/protocol/maxprotocol.xml b/docs-xml/smbdotconf/protocol/maxprotocol.xml index 3648a5e..6fd26f4 100644 --- a/docs-xml/smbdotconf/protocol/maxprotocol.xml +++ b/docs-xml/smbdotconf/protocol/maxprotocol.xml @@ -35,8 +35,7 @@ /listitem listitem paraconstantSMB2/constant: Re-implementation of the SMB protocol. - Used by Windows Vista and newer. The Samba implementation of SMB2 is - currently marked experimental!/para + Used by Windows Vista and newer./para /listitem /itemizedlist -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 46e98cf dns: Fix allocation of txt_record in txt record tests via 223cf7f dns: more debug debug options in the tests via 4364a3f dns: Add support for MX queries via 2e9cf99 dns: Also add a print-out for the out_packet via f31bda6 dns: Use new DNS debugclass in DNS server via 4b01099 debug: Add debugclass for DNS server from 51533ee winbind4: Fix bug 9832 -- talloc use after free http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 46e98cf20b04f3668e96fb597a414d0b39d5b1ed Author: Kai Blin k...@samba.org Date: Thu May 16 12:13:22 2013 +0200 dns: Fix allocation of txt_record in txt record tests Signed-off-by: Kai Blin k...@samba.org Reviewed-By: Amitay Isaacs ami...@gmail.com Autobuild-User(master): Amitay Isaacs ami...@samba.org Autobuild-Date(master): Thu May 16 15:39:15 CEST 2013 on sn-devel-104 commit 223cf7fb3026daa1d383a2e5796cbfe8beecaac2 Author: Kai Blin k...@samba.org Date: Mon Jan 14 00:56:48 2013 +0100 dns: more debug debug options in the tests Signed-off-by: Kai Blin k...@samba.org Reviewed-By: Amitay Isaacs ami...@gmail.com commit 4364a3faf64fc9a022bc8870e2817573b94a4d0c Author: Kai Blin k...@samba.org Date: Mon Dec 10 05:50:05 2012 +1000 dns: Add support for MX queries Due to an oversight, the internal DNS server supports MX record updates, but not MX record queries. Add support for MX queries and tests. This should fix bug #9485 Signed-off-by: Kai Blin k...@samba.org Reviewed-By: Amitay Isaacs ami...@gmail.com commit 2e9cf99bcef81d5e0b25221956a79e5f2fee1bf0 Author: Kai Blin k...@samba.org Date: Mon Jan 14 00:55:37 2013 +0100 dns: Also add a print-out for the out_packet Signed-off-by: Kai Blin k...@samba.org Reviewed-By: Amitay Isaacs ami...@gmail.com commit f31bda67157c66bd9d7d108395610b514a54f28b Author: Kai Blin k...@samba.org Date: Mon Jan 14 01:14:29 2013 +0100 dns: Use new DNS debugclass in DNS server Signed-off-by: Kai Blin k...@samba.org Reviewed-By: Amitay Isaacs ami...@gmail.com commit 4b010997486b059b90be1f69783a451f400d7df7 Author: Kai Blin k...@samba.org Date: Mon Jan 14 01:13:47 2013 +0100 debug: Add debugclass for DNS server Signed-off-by: Kai Blin k...@samba.org Reviewed-By: Amitay Isaacs ami...@gmail.com --- Summary of changes: lib/util/debug.c|1 + lib/util/debug.h|3 +- python/samba/tests/dns.py | 89 ++ source4/dns_server/dns_crypto.c |3 + source4/dns_server/dns_query.c | 11 + source4/dns_server/dns_server.c |7 +++ source4/dns_server/dns_update.c |3 + source4/dns_server/dns_utils.c |3 + 8 files changed, 109 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/debug.c b/lib/util/debug.c index 6207b61..34aa76f 100644 --- a/lib/util/debug.c +++ b/lib/util/debug.c @@ -177,6 +177,7 @@ static const char *default_classname_table[] = { dmapi, /* DBGC_DMAPI*/ registry, /* DBGC_REGISTRY */ scavenger, /* DBGC_SCAVENGER*/ + dns, /* DBGC_DNS */ NULL }; diff --git a/lib/util/debug.h b/lib/util/debug.h index c61fd13..feea0a8 100644 --- a/lib/util/debug.h +++ b/lib/util/debug.h @@ -80,9 +80,10 @@ bool dbghdr( int level, const char *location, const char *func); #define DBGC_DMAPI 18 #define DBGC_REGISTRY 19 #define DBGC_SCAVENGER 20 +#define DBGC_DNS 21 /* Always ensure this is updated when new fixed classes area added, to ensure the array in debug.c is the right size */ -#define DBGC_MAX_FIXED 20 +#define DBGC_MAX_FIXED 21 /* So you can define DBGC_CLASS before including debug.h */ #ifndef DBGC_CLASS diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py index 49d699e..15672a0 100644 --- a/python/samba/tests/dns.py +++ b/python/samba/tests/dns.py @@ -23,6 +23,9 @@ import samba.ndr as ndr import samba.dcerpc.dns as dns from samba.tests import TestCase +FILTER=''.join([(len(repr(chr(x)))==3) and chr(x) or '.' for x in range(256)]) + + class DNSTest(TestCase): def errstr(self, errcode): @@ -82,36 +85,53 @@ class DNSTest(TestCase): Helper to get dns domain return os.getenv('REALM', 'example.com').lower() -def dns_transaction_udp(self, packet, host=os.getenv('SERVER_IP')): +def dns_transaction_udp(self, packet, host=os.getenv('SERVER_IP'), dump=False): send a DNS query and read the reply s = None try: send_packet = ndr.ndr_pack(packet) +if dump: +
[SCM] Samba Shared Repository - branch v4-0-test updated
The branch, v4-0-test has been updated via 4b2c301 doc-xml/smbdotconf: fix server [min|max] protocol documentation (bug 9883) via 3c33b54 docs: smb.conf: fix max read/write/trans default values (bug #9871) from 84e860a WHATSNEW: Add release notes for Samba 4.0.6. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 4b2c301b056dafbee32a8d3116ba5c05130442b2 Author: Stefan Metzmacher me...@samba.org Date: Tue Apr 30 08:39:00 2013 +0200 doc-xml/smbdotconf: fix server [min|max] protocol documentation (bug 9883) Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Michael Adam ob...@samba.org (cherry picked from commit 0ffd074690529a1833e29829b552b3cf6ebcd914) Autobuild-User(v4-0-test): Karolin Seeger ksee...@samba.org Autobuild-Date(v4-0-test): Thu May 16 16:29:11 CEST 2013 on sn-devel-104 commit 3c33b54e0b603e1646f48a437ef9cf23c3a526e7 Author: Björn Baumbach b...@sernet.de Date: Wed May 8 10:27:26 2013 +0200 docs: smb.conf: fix max read/write/trans default values (bug #9871) Commit 6d128aac119d948f0ecb0dcf6b400b4eb4027fe6 has increased the limit: s3:smb2_server increase defaults for read/write/trans sizes to 1MB Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri May 10 23:14:50 CEST 2013 on sn-devel-104 (cherry picked from commit 3b3b5b0272e48a751ea19ef9dd771a3862da) --- Summary of changes: docs-xml/smbdotconf/protocol/servermaxprotocol.xml | 10 -- docs-xml/smbdotconf/protocol/serverminprotocol.xml |2 +- docs-xml/smbdotconf/protocol/smb2maxread.xml |7 +-- docs-xml/smbdotconf/protocol/smb2maxtrans.xml |7 +-- docs-xml/smbdotconf/protocol/smb2maxwrite.xml |7 +-- 5 files changed, 16 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/smbdotconf/protocol/servermaxprotocol.xml b/docs-xml/smbdotconf/protocol/servermaxprotocol.xml index 94184c8..822e42b 100644 --- a/docs-xml/smbdotconf/protocol/servermaxprotocol.xml +++ b/docs-xml/smbdotconf/protocol/servermaxprotocol.xml @@ -10,16 +10,6 @@ paraPossible values are :/para itemizedlist listitem - paraconstantCORE/constant: Earliest version. No - concept of user names./para - /listitem - - listitem - paraconstantCOREPLUS/constant: Slight improvements on - CORE for efficiency./para - /listitem - - listitem paraconstantLANMAN1/constant: First emphasismodern/emphasis version of the protocol. Long filename support./para /listitem diff --git a/docs-xml/smbdotconf/protocol/serverminprotocol.xml b/docs-xml/smbdotconf/protocol/serverminprotocol.xml index 4edecc4..c324fcb 100644 --- a/docs-xml/smbdotconf/protocol/serverminprotocol.xml +++ b/docs-xml/smbdotconf/protocol/serverminprotocol.xml @@ -15,6 +15,6 @@ relatedserver max protocol/related -value type=defaultCORE/value +value type=defaultLANMAN1/value value type=exampleNT1/value /samba:parameter diff --git a/docs-xml/smbdotconf/protocol/smb2maxread.xml b/docs-xml/smbdotconf/protocol/smb2maxread.xml index 2666821..045e7d9 100644 --- a/docs-xml/smbdotconf/protocol/smb2maxread.xml +++ b/docs-xml/smbdotconf/protocol/smb2maxread.xml @@ -8,10 +8,13 @@ manvolnum8/manvolnum/citerefentry will return to a client, informing the client of the largest size that may be returned by a single SMB2 read call. /para -paraThe maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server./para +paraThe maximum is 1048576 bytes (1MiB), which is the same as a Windows Server 2008 r2./para +paraPlease note that the default is 1MiB, but it's limit is based on the +smb2 dialect (64KiB for SMB2.0, 1MiB for SMB2.1 with LargeMTU). +Large MTU is not supported over NBT (tcp port 139)./para /description relatedsmb2 max write/related relatedsmb2 max trans/related -value type=default65536/value +value type=default1048576/value /samba:parameter diff --git a/docs-xml/smbdotconf/protocol/smb2maxtrans.xml b/docs-xml/smbdotconf/protocol/smb2maxtrans.xml index 1c01ccc..d4d83b9 100644 --- a/docs-xml/smbdotconf/protocol/smb2maxtrans.xml +++ b/docs-xml/smbdotconf/protocol/smb2maxtrans.xml @@ -8,10 +8,13 @@ manvolnum8/manvolnum/citerefentry will return to a client, informing the client of the largest size of buffer that may be used in querying file meta-data via QUERY_INFO and related SMB2 calls. /para -paraThe maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server./para +paraThe maximum is 1048576 bytes (1MiB), which is the same as a Windows Server 2008 r2./para +paraPlease note that the default is 1MiB, but it's
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2ed6b08 auth: Ensure auth_sam is not used on the AD DC via 9b24f65 dsdb: Expand on what the error finding the ntSecurityDescriptor was in acl_read via 60d1c2d autobuild.py add ntdb to the samba-libs task, to ensure it works as an external library via 73628e9 rpc_server-drsuapi: Include the failing DN when unable to convert DB objects to DRS via 11e716a dsdb-schema: Print clear debug message when we find a OID in our local DB we cannot convert via 25402e0 dsdb-repl: Allow the name attribute (and name-based schema lookups) to be skipped in dsdb_repl_make_working_schema() via 3482060 python-samba-tool domain classicupgrade: Use transactions when adding users/groups/members via ef895fe samba-tool dbcheck: Use dsdb.DS_GUID_DELETED_OBJECTS_CONTAINER rather than the literal value via 9c5756c python-samba-tool domain classicupgrade: Correct message about re-promoting BDCs via 1165776 pdb_ldap: Do not skip accounts without a sambaAcctFlags value via 2c04719 python-samba-tool domain classicupgrade: Actually Skip domain trust accounts via 2e1f143 python-samba-tool domain classicupgrade: Skip machine accounts that do not end in $ via 2044541 build: Do not set PATH in install_with_python now we set $PYTHON via 10f6926 s3-rpc_server: Ensure we are root when starting and usiing gensec via 9430310 gensec: Make the no-hostname status message much less scary via 768c3bb build: Blacklist the release-4-0-0 provision as well from 46e98cf dns: Fix allocation of txt_record in txt record tests http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2ed6b0818a68ac07bd9c4270522aa8e2098ec140 Author: Andrew Bartlett abart...@samba.org Date: Thu May 16 10:32:50 2013 +1000 auth: Ensure auth_sam is not used on the AD DC Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu May 16 22:51:26 CEST 2013 on sn-devel-104 commit 9b24f6523e8c78879ada3e6d2927ebbb21dabfdc Author: Andrew Bartlett abart...@samba.org Date: Mon May 13 14:06:14 2013 +1200 dsdb: Expand on what the error finding the ntSecurityDescriptor was in acl_read Reviewed-by: Stefan Metzmacher me...@samba.org commit 60d1c2d5288b01bd9a99f90bb0a9d0ff3c873412 Author: Andrew Bartlett abart...@samba.org Date: Mon May 13 14:05:28 2013 +1200 autobuild.py add ntdb to the samba-libs task, to ensure it works as an external library Reviewed-by: Stefan Metzmacher me...@samba.org commit 73628e9cd9005478cdb225f01917eb54270a3c05 Author: Andrew Bartlett abart...@samba.org Date: Tue Apr 2 16:10:03 2013 +1100 rpc_server-drsuapi: Include the failing DN when unable to convert DB objects to DRS This is a very serious situation (it should not happen) so getting information on the objects that this happens for would be very helpful. Andrew Bartlett Reviewed-by: Stefan Metzmacher me...@samba.org commit 11e716ae0736067272868b997367e94ebf1cdf3b Author: Andrew Bartlett abart...@samba.org Date: Tue Apr 2 15:36:47 2013 +1100 dsdb-schema: Print clear debug message when we find a OID in our local DB we cannot convert We need to work out why we are unable to make a mapping for an OID in our database, because we should not have been able to add it without such a mapping. Andrew Bartlett Reviewed-by: Stefan Metzmacher me...@samba.org commit 25402e06bcdf98e346fdbbfa7e8740504329b42f Author: Andrew Bartlett abart...@samba.org Date: Tue Mar 26 11:51:38 2013 +1100 dsdb-repl: Allow the name attribute (and name-based schema lookups) to be skipped in dsdb_repl_make_working_schema() This allows us to use a schema that may only be valid for attributeID based lookups, during the schema load. Andrew Bartlett Reviewed-by: Stefan Metzmacher me...@samba.org commit 34820602715cc8936179091e188993f7a42808ac Author: Andrew Bartlett abart...@samba.org Date: Sun Apr 14 14:36:08 2013 +1000 python-samba-tool domain classicupgrade: Use transactions when adding users/groups/members This should make things a bit faster when importing very large numbers of users as we will not constantly rewrite the indicies on disk. Andrew Bartlett Reviewed-by: Stefan Metzmacher me...@samba.org commit ef895fe9e4e4043bd4ce1db5007fd2016f0b8673 Author: Andrew Bartlett abart...@samba.org Date: Sun Apr 14 13:32:05 2013 +1000 samba-tool dbcheck: Use dsdb.DS_GUID_DELETED_OBJECTS_CONTAINER rather than the literal value This is better practice. Andrew Bartlett Reviewed-by: Stefan Metzmacher me...@samba.org commit 9c5756c077896e6a3ff8e610acf706f203e4dede Author:
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1a7bd5e nsswitch: fix some typos via 9910b80 s3:lib/dbwrap add missing curly braces via bdc3e9a s3:include remove non-blank line endings from 2ed6b08 auth: Ensure auth_sam is not used on the AD DC http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1a7bd5e12c519f8d14120f21198038dae1e5c914 Author: Christian Ambach a...@samba.org Date: Thu May 16 15:06:49 2013 +0200 nsswitch: fix some typos Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri May 17 01:09:33 CEST 2013 on sn-devel-104 commit 9910b8050ccb073fe47c26b60955d9f2d043 Author: Christian Ambach a...@samba.org Date: Tue May 14 21:02:15 2013 +0200 s3:lib/dbwrap add missing curly braces violation of README.Coding Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org commit bdc3e9acaf1b03af0e523f60b3260c6fdc62523c Author: Christian Ambach a...@samba.org Date: Tue Apr 23 11:20:42 2013 +0200 s3:include remove non-blank line endings Signed-off-by: Christian Ambach a...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org --- Summary of changes: nsswitch/libwbclient/wbclient.h |4 ++-- source3/include/smbprofile.h |6 +++--- source3/lib/dbwrap/dbwrap_ctdb.c |6 -- 3 files changed, 9 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h index a72d09e..dc3e822 100644 --- a/nsswitch/libwbclient/wbclient.h +++ b/nsswitch/libwbclient/wbclient.h @@ -850,7 +850,7 @@ wbcErr wbcAllocateGid(gid_t *pgid); * @brief Set an user id mapping * * @param uid Uid of the desired mapping. - * @param *sid Pointer to the sid of the diresired mapping. + * @param *sid Pointer to the sid of the desired mapping. * * @return #wbcErr * @@ -863,7 +863,7 @@ wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid); * @brief Set a group id mapping * * @param gid Gid of the desired mapping. - * @param *sid Pointer to the sid of the diresired mapping. + * @param *sid Pointer to the sid of the desired mapping. * * @return #wbcErr * diff --git a/source3/include/smbprofile.h b/source3/include/smbprofile.h index 69df2ca..79410e5 100644 --- a/source3/include/smbprofile.h +++ b/source3/include/smbprofile.h @@ -1,6 +1,6 @@ #ifndef _PROFILE_H_ #define _PROFILE_H_ -/* +/* Unix SMB/CIFS implementation. store smbd profiling information in shared memory Copyright (C) Andrew Tridgell 1999 @@ -10,12 +10,12 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/. diff --git a/source3/lib/dbwrap/dbwrap_ctdb.c b/source3/lib/dbwrap/dbwrap_ctdb.c index e55689c..f90e7b8 100644 --- a/source3/lib/dbwrap/dbwrap_ctdb.c +++ b/source3/lib/dbwrap/dbwrap_ctdb.c @@ -986,11 +986,13 @@ static bool db_ctdb_can_use_local_hdr(const struct ctdb_ltdb_header *hdr, static bool db_ctdb_can_use_local_copy(TDB_DATA ctdb_data, bool read_only) { - if (ctdb_data.dptr == NULL) + if (ctdb_data.dptr == NULL) { return false; + } - if (ctdb_data.dsize sizeof(struct ctdb_ltdb_header)) + if (ctdb_data.dsize sizeof(struct ctdb_ltdb_header)) { return false; + } return db_ctdb_can_use_local_hdr( (struct ctdb_ltdb_header *)ctdb_data.dptr, read_only); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3f3576d drsuapi: Debug more clearly why NC is bad in updateRefs from 1a7bd5e nsswitch: fix some typos http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3f3576d64275dbf4964458dab39252ae4da9ba06 Author: Matthieu Patou m...@matws.net Date: Fri Jan 11 20:05:39 2013 -0800 drsuapi: Debug more clearly why NC is bad in updateRefs Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri May 17 04:17:14 CEST 2013 on sn-devel-104 --- Summary of changes: source4/rpc_server/drsuapi/updaterefs.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/rpc_server/drsuapi/updaterefs.c b/source4/rpc_server/drsuapi/updaterefs.c index b7a0b44..14bd3f6 100644 --- a/source4/rpc_server/drsuapi/updaterefs.c +++ b/source4/rpc_server/drsuapi/updaterefs.c @@ -172,9 +172,11 @@ WERROR drsuapi_UpdateRefs(struct drsuapi_bind_state *b_state, TALLOC_CTX *mem_ct W_ERROR_HAVE_NO_MEMORY(dn); ret = dsdb_find_nc_root(sam_ctx, dn, dn, nc_root); if (ret != LDB_SUCCESS) { + DEBUG(2, (Didn't find a nc for %s\n, ldb_dn_get_linearized(dn))); return WERR_DS_DRA_BAD_NC; } if (ldb_dn_compare(dn, nc_root) != 0) { + DEBUG(2, (dn %s is not equal to %s\n, ldb_dn_get_linearized(dn), ldb_dn_get_linearized(nc_root))); return WERR_DS_DRA_BAD_NC; } -- Samba Shared Repository