[Samba] Sync - sysvol and getfacl
Hi, I'm using Samba 4.0.5 and when I use ls -la or getfacl on eg: sysvol/Policies directory Samba dies with this error message: == samba/samba.log == [2013/07/10 07:49:30, 0] ../lib/util/fault.c:72(fault_report) === [2013/07/10 07:49:30, 0] ../lib/util/fault.c:73(fault_report) INTERNAL ERROR: Signal 11 in pid 3222 (4.0.5) Please read the Trouble-Shooting section of the Samba HOWTO [2013/07/10 07:49:30, 0] ../lib/util/fault.c:75(fault_report) === but the command gave this info: # file: Policies/ # owner: root # group: 300 user::rwx user:root:rwx group::rwx group:300:rwx group:301:r-x group:302:rwx group:303:r-x group:304:rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:group::--- default:group:300:rwx default:group:301:r-x default:group:302:rwx default:group:303:r-x default:group:304:rwx default:mask::rwx default:other::--- It is interesting because I dont have that kind of groups with those ID's (according to getent group and wbinfo -g) except 304 which is Group Policy Creator Owners. I suppose the other four groups are (checked from windows side): Administrators, Server Operators, SYSTEM and Authenticated Users. Can I do anything with this? My next question is: sysvol sync. My PDC's and BDC's user and group ID's are totaly different. Is it possible to set my PDC/BDC ID's equal, because as I see BDC couldn't do his job while this isn't solved. Regards, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Sync - sysvol and getfacl
On Wed, 2013-07-10 at 08:30 +0200, Sandbox wrote: My PDC's and BDC's user and group ID's are totaly different. Is it possible to set my PDC/BDC ID's equal, because as I see BDC couldn't do his job while this isn't solved. Hi You can have the same id's everywhere by putting uidNumber and gidNumber attributes in the directory in the DN of the user or group and then recovering them using nss with winbind, nslcd or sssd. But make sure that if you use winbind you actually configure it to pull the values from AD and not any external database. If you already have groups and users, only add the new attributes to one of the DC's. Disable the other DC while you do this. Take the id's from whatever the xidNumber is on the DC you choose. hth Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help Samba license
On Wed, 2013-07-10 at 11:30 +0800, blue_sky886 wrote: Hi, I want to use library of samba that license is GPLv2 in my program that is proprietary. The source code version of samba is 3.0.6. Is it possible to modify the license to LGPL? Thanks. No, it is not possible. We can only suggest you licence your program under GPL compatible terms. Additionally, all supported Samba versions are now licensed under GPLv3 or later, with only some specific support libraries under other less protective licences. I hope this clarifies things, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 - File Share
Hi. I'm trying to set up a file server in a Samba4 domain, but when I use permission groups, I can't access the directories. How can I set the shares with restricted groups? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 - File Share
Hello Natalia, Am 10.07.2013 16:00, schrieb Natália Vaz: I'm trying to set up a file server in a Samba4 domain, but when I use permission groups, I can't access the directories. How can I set the shares with restricted groups? I published a HowTo about file shares yesterday evening: https://wiki.samba.org/index.php/Setup_and_configure_file_shares If your problem can't be solved with the HowTo, please give some more details what you try to do, what exactly went wrong and how you tried it. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Centos 6 + Samba 4 + Memeber server of AD 2008
Samba 3.0.6.9 is the version I have in yum. Is this version ok to act as a member server? Or I should install 3.0.2? -Mensaje original- De: Nico Kadel-Garcia [mailto:nka...@gmail.com] Enviado el: martes, 09 de julio de 2013 23:01 Para: Nicolas Pagliaro CC: samba@lists.samba.org Asunto: Re: [Samba] Centos 6 + Samba 4 + Memeber server of AD 2008 On Tue, Jul 9, 2013 at 6:35 AM, Nicolas Pagliaro npagli...@espectador.com.uy wrote: Hi Nico, thanks for your answer. I don't need to have an AD server installed in my centos. I just needs to connect to my Windows DC that have AD because I need to have samba shares with AD users permissions. Now I remove all samba4 package with. Yum remove samba4* I am downloading the last version of samba from git samba and samba-commons The rpm that you made for me will work for me? I only publish RPM building tools, not binaries. I don't consider my github or other personally available repositories secure enough for me to publush such critical binaries as Samba, but I'm happy to publish open source tools that way. So you'd have to build it. But if you're wirking with an upstream supported, stable environment like CentOS or Scientific Linux, why experiment with new tools you don't need? I wind up needing the newer tools, but suggest that for just a plain client, you should be fine with the default Samba 3.x from CentOS. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] NT_STATUS_TOO_MANY_OPENED_FILES with Samba 4.0.6 and Internal DNS
Hello, I am using Samba 4.0.6 on Ubuntu 12.04 with the internal DNS and dns forwarder set to forward to an upstream dnsmasq server as follows: [global] workgroup = EXAMPLE realm = EXAMPLE.COM netbios name = DC0 server role = active directory domain controller dns forwarder = 192.168.010 idmap_ldb:use rfc2307 = Yes # disable printing since we're not using it and to get rid of printcap errors in log printcap name = /dev/null load printers = no printing = bsd [netlogon] path = /var/lib/samba/sysvol/example.com/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No Samba 4 has been working well so far as an AD DC, however I have seen this message appear in the samba log: [2013/07/10 08:52:35, 0] ../source4/smbd/process_single.c:57(single_accept_connection) single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES I found this bug report and thread regarding this issue, and stating that it had been fixed in 4.0.0 rc3: https://bugzilla.samba.org/show_bug.cgi?id=8878 http://samba.2283325.n4.nabble.com/Samba3-gt-samba-4-td4638214.html I confirmed that the attached patch is indeed applied in my copy of 4.0.6. What else can I do to debug this problem? Thanks, Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Help Samba license
On Wed, Jul 10, 2013 at 11:30:35AM +0800, blue_sky886 wrote: Hi, I want to use library of samba that license is GPLv2 in my program that is proprietary. The source code version of samba is 3.0.6. Is it possible to modify the license to LGPL? I'm afraid not. Your only options are to release your own code under a GPLv2 compatible license or to cease using the Samba library with your proprietary code. Regards, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] domain RODC fails with default provisioning
We're evaluating joining another samba domain controller in read-only mode. With a default provisioning, when running the samba-tool domain RODC, it fails with the following error: ldb: ldb_trace_request: (tdb)-search ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search ldb_wrap open of hklm.ldb ldb: start ldb transaction (nesting: 0) ldb: ldb_trace_request: (tdb)-start_transaction ldb: start ldb transaction error: (null) ldb: ldb_trace_request: ADD dn: @ATTRIBUTES changetype: add key: CASE_INSENSITIVE value: CASE_INSENSITIVE control: NONE ldb: ldb_trace_request: (tdb)-add ldb: ldb_trace_request: (tdb)-prepare_commit ldb: commit ldb transaction (nesting: 0) ldb: ldb_trace_request: (tdb)-end_transaction Key 'key=SOFTWARE,hive=NONE' not found key added: key=SOFTWARE,hive=NONE Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE About to write CurrentVersion with type (null), length 3: 6.1 Key 'key=SYSTEM,hive=NONE' not found key added: key=SYSTEM,hive=NONE Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE About to write ProductType with type (null), length 8: LanmanNT Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE About to write RefusePasswordChange with type dword, length 8: Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE lpcfg_servicenumber: couldn't find ldb lpcfg_servicenumber: couldn't find ldb lpcfg_servicenumber: couldn't find ldb lpcfg_servicenumber: couldn't find ldb partition_metadata: Migrating partition metadata krb5_init_context failed (Invalid argument) smb_krb5_context_init_basic failed (Invalid argument) talloc: access after free error - first free may be at @ �3 Bad talloc magic value - access after free Aborted Is there something special to be done prior to the domain join command? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] domain RODC fails with default provisioning
Nevermind, it was an incorrect krb5.conf on the RODC (hence the krb5 init fail). On Wed, Jul 10, 2013 at 5:27 PM, Andreas Calvo flipy@gmail.com wrote: We're evaluating joining another samba domain controller in read-only mode. With a default provisioning, when running the samba-tool domain RODC, it fails with the following error: ldb: ldb_trace_request: (tdb)-search ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search ldb_wrap open of hklm.ldb ldb: start ldb transaction (nesting: 0) ldb: ldb_trace_request: (tdb)-start_transaction ldb: start ldb transaction error: (null) ldb: ldb_trace_request: ADD dn: @ATTRIBUTES changetype: add key: CASE_INSENSITIVE value: CASE_INSENSITIVE control: NONE ldb: ldb_trace_request: (tdb)-add ldb: ldb_trace_request: (tdb)-prepare_commit ldb: commit ldb transaction (nesting: 0) ldb: ldb_trace_request: (tdb)-end_transaction Key 'key=SOFTWARE,hive=NONE' not found key added: key=SOFTWARE,hive=NONE Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE About to write CurrentVersion with type (null), length 3: 6.1 Key 'key=SYSTEM,hive=NONE' not found key added: key=SYSTEM,hive=NONE Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE About to write ProductType with type (null), length 8: LanmanNT Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE About to write RefusePasswordChange with type dword, length 8: Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE lpcfg_servicenumber: couldn't find ldb lpcfg_servicenumber: couldn't find ldb lpcfg_servicenumber: couldn't find ldb lpcfg_servicenumber: couldn't find ldb partition_metadata: Migrating partition metadata krb5_init_context failed (Invalid argument) smb_krb5_context_init_basic failed (Invalid argument) talloc: access after free error - first free may be at @ �3 Bad talloc magic value - access after free Aborted Is there something special to be done prior to the domain join command? -- Atentamente, Andreas Calvo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Centos 6 + Samba 4 + Memeber server of AD 2008
On Wed, 2013-07-10 at 11:38 -0300, Nicolas Pagliaro wrote: Samba 3.0.6.9 is the version I have in yum. No you don't. Is this version ok to act as a member server? Or I should install 3.0.2? Eh, what are you talking about. If you have the latest CentOS 6.4 then yum should be bringing in a 3.6.9-151 version of Samba, which is perfectly adequate as a member file server in an 2008 domain. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Centos 6 + Samba 4 + Memeber server of AD 2008
Sorry. 3.6.9 That will work like a member? That was the first try and wbinfo -u doesn't work. The join to the domain work ok but I can't see the users Enviado desde mi iPhone El 10/07/2013, a las 13:14, Jonathan Buzzard jonat...@buzzard.me.uk escribió: On Wed, 2013-07-10 at 11:38 -0300, Nicolas Pagliaro wrote: Samba 3.0.6.9 is the version I have in yum. No you don't. Is this version ok to act as a member server? Or I should install 3.0.2? Eh, what are you talking about. If you have the latest CentOS 6.4 then yum should be bringing in a 3.6.9-151 version of Samba, which is perfectly adequate as a member file server in an 2008 domain. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Centos 6 + Samba 4 + Memeber server of AD 2008
On 7/10/2013 11:49 AM, Nicolas Pagliaro wrote: Sorry. 3.6.9 That will work like a member? That was the first try and wbinfo -u doesn't work. The join to the domain work ok but I can't see the users Did you restart winbind after the join? Enviado desde mi iPhone El 10/07/2013, a las 13:14, Jonathan Buzzard jonat...@buzzard.me.uk escribió: On Wed, 2013-07-10 at 11:38 -0300, Nicolas Pagliaro wrote: Samba 3.0.6.9 is the version I have in yum. No you don't. Is this version ok to act as a member server? Or I should install 3.0.2? Eh, what are you talking about. If you have the latest CentOS 6.4 then yum should be bringing in a 3.6.9-151 version of Samba, which is perfectly adequate as a member file server in an 2008 domain. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Centos 6 + Samba 4 + Memeber server of AD 2008
Great! Now I have samba 3.6.9 running from my yum package I have wbinfo -u and wbinfo -t running but getent passwd only show my local users. Any idea? -Mensaje original- De: Jonn Taylor [mailto:jo...@taylortelephone.com] Enviado el: miércoles, 10 de julio de 2013 15:34 Para: Nicolas Pagliaro CC: Jonathan Buzzard; samba@lists.samba.org Asunto: Re: [Samba] Centos 6 + Samba 4 + Memeber server of AD 2008 On 7/10/2013 11:49 AM, Nicolas Pagliaro wrote: Sorry. 3.6.9 That will work like a member? That was the first try and wbinfo -u doesn't work. The join to the domain work ok but I can't see the users Did you restart winbind after the join? Enviado desde mi iPhone El 10/07/2013, a las 13:14, Jonathan Buzzard jonat...@buzzard.me.uk escribió: On Wed, 2013-07-10 at 11:38 -0300, Nicolas Pagliaro wrote: Samba 3.0.6.9 is the version I have in yum. No you don't. Is this version ok to act as a member server? Or I should install 3.0.2? Eh, what are you talking about. If you have the latest CentOS 6.4 then yum should be bringing in a 3.6.9-151 version of Samba, which is perfectly adequate as a member file server in an 2008 domain. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Centos 6 + Samba 4 + Memeber server of AD 2008
Now it works!! I forget to add this in smb.conf idmap uid = 16777216-43554431 idmap gid = 16777216-43554431 I am not sure which range to use... -Mensaje original- De: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] En nombre de Nicolas Pagliaro Enviado el: miércoles, 10 de julio de 2013 15:54 Para: Jonn Taylor CC: samba@lists.samba.org Asunto: Re: [Samba] Centos 6 + Samba 4 + Memeber server of AD 2008 Great! Now I have samba 3.6.9 running from my yum package I have wbinfo -u and wbinfo -t running but getent passwd only show my local users. Any idea? -Mensaje original- De: Jonn Taylor [mailto:jo...@taylortelephone.com] Enviado el: miércoles, 10 de julio de 2013 15:34 Para: Nicolas Pagliaro CC: Jonathan Buzzard; samba@lists.samba.org Asunto: Re: [Samba] Centos 6 + Samba 4 + Memeber server of AD 2008 On 7/10/2013 11:49 AM, Nicolas Pagliaro wrote: Sorry. 3.6.9 That will work like a member? That was the first try and wbinfo -u doesn't work. The join to the domain work ok but I can't see the users Did you restart winbind after the join? Enviado desde mi iPhone El 10/07/2013, a las 13:14, Jonathan Buzzard jonat...@buzzard.me.uk escribió: On Wed, 2013-07-10 at 11:38 -0300, Nicolas Pagliaro wrote: Samba 3.0.6.9 is the version I have in yum. No you don't. Is this version ok to act as a member server? Or I should install 3.0.2? Eh, what are you talking about. If you have the latest CentOS 6.4 then yum should be bringing in a 3.6.9-151 version of Samba, which is perfectly adequate as a member file server in an 2008 domain. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [PLEASE TEST] Samba AD DC winbind hangs and timeouts
A number of patches aimed at fixing the nasty set of hangs, timeouts and crashes hitting our winbind implementation in the AD DC have been merged into master. It would be really, really helpful if you could re-test master and see if your specific problem has been addressed. (It turns out there are multiple overlapping issues here, which all seem to have been uncovered by the one interfaces patch). If not, we will continue to chase this down, otherwise this should allow us to merge the fixes into 4.0 and the new 4.1 branch. Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Losing Permissions of Files
Thanks everyone. The changes suggested seems to have done the trick. Tanveer -- View this message in context: http://samba.2283325.n4.nabble.com/Losing-Permissions-of-Files-tp4649847p4650904.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] domain RODC fails with default provisioning
On Wed, 2013-07-10 at 17:27 +0200, Andreas Calvo wrote: We're evaluating joining another samba domain controller in read-only mode. With a default provisioning, when running the samba-tool domain RODC, it fails with the following error: ldb: ldb_trace_request: (tdb)-search ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search ldb_wrap open of hklm.ldb ldb: start ldb transaction (nesting: 0) ldb: ldb_trace_request: (tdb)-start_transaction ldb: start ldb transaction error: (null) ldb: ldb_trace_request: ADD dn: @ATTRIBUTES changetype: add key: CASE_INSENSITIVE value: CASE_INSENSITIVE control: NONE ldb: ldb_trace_request: (tdb)-add ldb: ldb_trace_request: (tdb)-prepare_commit ldb: commit ldb transaction (nesting: 0) ldb: ldb_trace_request: (tdb)-end_transaction Key 'key=SOFTWARE,hive=NONE' not found key added: key=SOFTWARE,hive=NONE Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE About to write CurrentVersion with type (null), length 3: 6.1 Key 'key=SYSTEM,hive=NONE' not found key added: key=SYSTEM,hive=NONE Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE About to write ProductType with type (null), length 8: LanmanNT Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE About to write RefusePasswordChange with type dword, length 8: Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE lpcfg_servicenumber: couldn't find ldb lpcfg_servicenumber: couldn't find ldb lpcfg_servicenumber: couldn't find ldb lpcfg_servicenumber: couldn't find ldb partition_metadata: Migrating partition metadata krb5_init_context failed (Invalid argument) smb_krb5_context_init_basic failed (Invalid argument) talloc: access after free error - first free may be at @ �3 Bad talloc magic value - access after free Aborted Is there something special to be done prior to the domain join command? Can you re-run this under valgrind? While krb5_init_context should not fail (I did see your reply), it also shouldn't cause a crash, and we can at least fix that much. Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] About NAS versus Samba
Hi there, Has anyone tried to configure a NAS server to authenticate users using a Samba PDC, or even a Samba4 DC (AD-compatible) or an IPA server? I'm evaluating replacing some Linux file server for a NAS product, but all them make me nervous when the vendor talks about Active Directory support and nothing else. In theory, many NASes are Linux boxes running samba, so there shouldn't be a problem, except if the web admin interface won't support a samba DC setup and I won't have SSH access to configure the NAS samba myself. So I'm asking if someone there has had any real experience, be it using Fedora, CentOS or RHEL as the Samba3 PDC or Samba4 DC. PS: I'm cross-posting because I asked before on the samba mailing list and nobody cared to answer. Or nobody has had any real experience. I'm hoing many sysadmins on the Fedora list also works on companies with RHEL or CentOS and had a real experience to share. []s, Fernando Lozano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
On Wed, Jul 10, 2013 at 8:44 PM, Fernando Lozano ferna...@lozano.eti.br wrote: Hi there, Has anyone tried to configure a NAS server to authenticate users using a Samba PDC, or even a Samba4 DC (AD-compatible) or an IPA server? not in a while, but I have done a samba 3 DC I'm evaluating replacing some Linux file server for a NAS product, but all them make me nervous when the vendor talks about Active Directory support and nothing else. if 3rd party support is your concern, why are you using fedora instead of RHEL? In theory, many NASes are Linux boxes running samba, so there shouldn't be a problem, except if the web admin interface won't support a samba DC setup and I won't have SSH access to configure the NAS samba myself. a cheaper nas will probably use samba, but not all NASs do. there are several commercial SMB/CIFS implementation out there. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
On Wed, Jul 10, 2013 at 10:17:56PM -0500, Chris Weiss wrote: a cheaper nas will probably use samba, Or a very expensive one :-). Samba is used mainly in the low end NAS (due to cost), or extremely high end NAS (due to flexibility for the vendor to make it do *anything* :-) but not all NASs do. there are several commercial SMB/CIFS implementation out there. Sure, but non available to buy as a software-only product to my knowledge. They all come with hardware attached :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
Hi Cris, Hi there, Has anyone tried to configure a NAS server to authenticate users using a Samba PDC, or even a Samba4 DC (AD-compatible) or an IPA server? not in a while, but I have done a samba 3 DC This was not my question. I'm ok running samba 3 DCs. :-) Have you ever configured a NAS so it would authenticate users from your Samba DC and them serve SMB file shares (aka network drives) to Windows desktops? I'm evaluating replacing some Linux file server for a NAS product, but all them make me nervous when the vendor talks about Active Directory support and nothing else. if 3rd party support is your concern, why are you using fedora instead of RHEL? Are you trying to sell me RHEL subscriptions or help me with my question? ;-) Anything wrong about asking about Fedora on a Fedora list, or any server issue is forbidden for Fedora users? ;-) AFAIK it shouldn't matter, from a technical perspective, if the samba DC runs Fedora, Debian, Slackware, RHEL, SuSE, Ubuntu, Solaris, whatever. I am not talking about OS level FC drivers or iSCSI initiators. Either a NAS will be compatible with Samba3, Samba4, both or neither. This depends on the SMB and MSRPC features needed by the NAS, all them application level protocols, not kernel modules. If I'll need Red Hat support for managing this system is another, unrelated, question. If the NAS vendors state they suṕport RHEL, that's not que question either, as supporting RHEL could mean the RHEL linux kernel smbfs and cifsfs driver talks to the NAS, not the NAS talks to the Samba DC. Or else, RHEL support may mean just that the NAS talks NFS and so a RHEL machine can mount volumes from tne NAS. That's not what I want. Most times I see linux servers they are simply members of a MSAD domain, not the DC themselves. But mine are. All vendors I talked to assume MSAD, and don't know about Samba. :-( Anyway Fedora is my desktop system and development workstation. The DC in question runs RHEL. But if this works I can try someday using Fedora or CentOS with the same (or other) NAS. In theory, many NASes are Linux boxes running samba, so there shouldn't be a problem, except if the web admin interface won't support a samba DC setup and I won't have SSH access to configure the NAS samba myself a cheaper nas will probably use samba, but not all NASs do. there are several commercial SMB/CIFS implementation out there. At least iomega/lenovo/emc state their NAS runs Samba. And a lot of less know vendors also. I'll buy a single, cheap NAS, not a high end EMC rack full of boxes. :-) But... will any NAS you know work with a Samba DC, or else, using an IPA server? Or will they only work with Microsoft Windows Server AD? All vendors I contacted talk only about MS Active Directory. They don't even know about NT4-style domains, which would mean a Samba3 DC should work. Besides, AFAIK a Samba4 DC isn't supported by RHEL at all -- that's why I included IPA in my question -- I'd have to use Sernet packages for Samba4. Even then, Samba4 is very new, I don't know if a NAS implementation would accept it in place of a MSAD DC. Most vendors talk to me about vmware, exchange and sql server support. They offer me windows-only backup servers and the like. Some even offer me SAP R/3 agents, while my ERP is another one. They can only follow their standard script for windows shops. So I ask for the collective knowledge from the Fedora and Samba lists... can anyone tell me I tried this NAS and it worked? Or should I better forget about this and keep using cheap intel boxes as file servers? Am I the first linux sysadmin in the world who's considering to have a NAS replacing some file servers but keeping his samba DCs? []s, Fernando Lozano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e6a58d3 s4:rpc_server: make sure we don't terminate a connection with pending requests (bug #9820) via 2505d48 s4-winbindd: Do not terminate a connection that is still pending (bug #9820) via df929d6 service_stream: Log if the connection termination is deferred or not (bug #9820) from 577cef8 s3-smbstatus: display [u|g]id of -1 as -1 in connection list http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e6a58d370403e818bc2cfb8389751b78adcc14fd Author: Stefan Metzmacher me...@samba.org Date: Tue Jul 9 16:38:59 2013 +0200 s4:rpc_server: make sure we don't terminate a connection with pending requests (bug #9820) Sadly we may have nested event loops, which won't work correctly with broken connections, that's why we have to do this... Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Jul 10 08:47:38 CEST 2013 on sn-devel-104 commit 2505d48e4fbcd8a805a88ad0b05fb1a16a588197 Author: Andrew Bartlett abart...@samba.org Date: Thu Jun 27 11:28:03 2013 +1000 s4-winbindd: Do not terminate a connection that is still pending (bug #9820) Instead, wait until the call attempts to reply, and let it terminate then (often this happens in the attempt to then write to the broken pipe). Andrew Bartlett Pair-Programmed-With: Stefan Metzmacher me...@samba.org Signed-off-by: Andrew Bartlett abart...@samba.org Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org commit df929d6feb857668ad9da277213e9fae1480ff63 Author: Andrew Bartlett abart...@samba.org Date: Thu Jun 27 11:27:03 2013 +1000 service_stream: Log if the connection termination is deferred or not (bug #9820) Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org --- Summary of changes: source4/rpc_server/dcerpc_server.c | 55 - source4/rpc_server/dcerpc_server.h |8 - source4/smbd/service_stream.c|6 +++- source4/winbind/wb_samba3_protocol.c |5 +++ source4/winbind/wb_server.c | 51 ++- source4/winbind/wb_server.h | 10 +- 6 files changed, 129 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index 389cbe3..10e711b 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -386,6 +386,8 @@ _PUBLIC_ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx, return NT_STATUS_NO_MEMORY; } + p-prev = NULL; + p-next = NULL; p-dce_ctx = dce_ctx; p-endpoint = ep; p-contexts = NULL; @@ -402,7 +404,7 @@ _PUBLIC_ NTSTATUS dcesrv_endpoint_connect(struct dcesrv_context *dce_ctx, p-event_ctx = event_ctx; p-msg_ctx = msg_ctx; p-server_id = server_id; - p-processing = false; + p-terminate = NULL; p-state_flags = state_flags; ZERO_STRUCT(p-transport); @@ -1143,6 +1145,7 @@ _PUBLIC_ NTSTATUS dcesrv_init_context(TALLOC_CTX *mem_ctx, dce_ctx-lp_ctx = lp_ctx; dce_ctx-assoc_groups_idr = idr_init(dce_ctx); NT_STATUS_HAVE_NO_MEMORY(dce_ctx-assoc_groups_idr); + dce_ctx-broken_connections = NULL; for (i=0;endpoint_servers[i];i++) { const struct dcesrv_endpoint_server *ep_server; @@ -1269,12 +1272,45 @@ const struct dcesrv_critical_sizes *dcerpc_module_version(void) static void dcesrv_terminate_connection(struct dcesrv_connection *dce_conn, const char *reason) { + struct dcesrv_context *dce_ctx = dce_conn-dce_ctx; struct stream_connection *srv_conn; srv_conn = talloc_get_type(dce_conn-transport.private_data, struct stream_connection); - stream_terminate_connection(srv_conn, reason); + if (dce_conn-pending_call_list == NULL) { + char *full_reason = talloc_asprintf(dce_conn, dcesrv: %s, reason); + + DLIST_REMOVE(dce_ctx-broken_connections, dce_conn); + stream_terminate_connection(srv_conn, full_reason ? full_reason : reason); + return; + } + + if (dce_conn-terminate != NULL) { + return; + } + + DEBUG(3,(dcesrv: terminating connection due to '%s' defered due to pending calls\n, +reason)); + dce_conn-terminate = talloc_strdup(dce_conn, reason); + if
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-07-10-1344/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-07-10-1344/samba3.stderr http://git.samba.org/autobuild.flakey/2013-07-10-1344/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-07-10-1344/samba.stderr http://git.samba.org/autobuild.flakey/2013-07-10-1344/samba.stdout The top commit at the time of the failure was: commit e6a58d370403e818bc2cfb8389751b78adcc14fd Author: Stefan Metzmacher me...@samba.org Date: Tue Jul 9 16:38:59 2013 +0200 s4:rpc_server: make sure we don't terminate a connection with pending requests (bug #9820) Sadly we may have nested event loops, which won't work correctly with broken connections, that's why we have to do this... Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Jul 10 08:47:38 CEST 2013 on sn-devel-104
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-07-10-1445/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-07-10-1445/samba3.stderr http://git.samba.org/autobuild.flakey/2013-07-10-1445/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-07-10-1445/samba.stderr http://git.samba.org/autobuild.flakey/2013-07-10-1445/samba.stdout The top commit at the time of the failure was: commit e6a58d370403e818bc2cfb8389751b78adcc14fd Author: Stefan Metzmacher me...@samba.org Date: Tue Jul 9 16:38:59 2013 +0200 s4:rpc_server: make sure we don't terminate a connection with pending requests (bug #9820) Sadly we may have nested event loops, which won't work correctly with broken connections, that's why we have to do this... Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Jul 10 08:47:38 CEST 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1573638 Fix typos in man-pages from e6a58d3 s4:rpc_server: make sure we don't terminate a connection with pending requests (bug #9820) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1573638212a9733a44939a4d38a226f38dca36f1 Author: Michele Baldessari mich...@acksyn.org Date: Tue Jul 9 23:23:33 2013 +0200 Fix typos in man-pages Fix some typos in the man-pages. Signed-off-by: Michele Baldessari mich...@acksyn.org Reviewed-by: Simo Sorce i...@samba.org Autobuild-User(master): Simo Sorce i...@samba.org Autobuild-Date(master): Wed Jul 10 16:45:07 CEST 2013 on sn-devel-104 --- Summary of changes: docs-xml/manpages/dbwrap_tool.1.xml |2 +- docs-xml/manpages/idmap_autorid.8.xml|2 +- docs-xml/manpages/net.8.xml |2 +- docs-xml/manpages/pdbedit.8.xml |2 +- docs-xml/manpages/samba.7.xml|2 +- docs-xml/manpages/smbclient.1.xml|2 +- docs-xml/manpages/smbpasswd.5.xml|2 +- docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml |2 +- 8 files changed, 8 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/dbwrap_tool.1.xml b/docs-xml/manpages/dbwrap_tool.1.xml index e2b2cee..a1a2f97 100644 --- a/docs-xml/manpages/dbwrap_tool.1.xml +++ b/docs-xml/manpages/dbwrap_tool.1.xml @@ -49,7 +49,7 @@ listitemparafetch: fetch a record/para/listitem listitemparastore: create or modify a record/para/listitem listitemparadelete: remove a record/para/listitem - listitemparaexists: test for existance of a record/para/listitem + listitemparaexists: test for existence of a record/para/listitem listitemparaerase: remove all records/para/listitem listitemparalistkeys: list all available records/para/listitem listitemparalistwatchers: list processes, which are waiting for changes in a record/para/listitem diff --git a/docs-xml/manpages/idmap_autorid.8.xml b/docs-xml/manpages/idmap_autorid.8.xml index c35f903..7446d53 100644 --- a/docs-xml/manpages/idmap_autorid.8.xml +++ b/docs-xml/manpages/idmap_autorid.8.xml @@ -109,7 +109,7 @@ titleEXAMPLES/title para This example shows you the minimal configuration that will - work for the principial domain and 19 trusted domains / range + work for the principal domain and 19 trusted domains / range extensions. /para diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml index dd5b3ab..0df2e07 100644 --- a/docs-xml/manpages/net.8.xml +++ b/docs-xml/manpages/net.8.xml @@ -1671,7 +1671,7 @@ shares created by other users. paraStarting with version 3.2.0, a Samba server can be configured by data stored in registry. This configuration data can be edited with the new net -conf commands. There is also the possiblity to configure a remote Samba server +conf commands. There is also the possibility to configure a remote Samba server by enabling the RPC conf mode and specifying the the address of the remote server. /para diff --git a/docs-xml/manpages/pdbedit.8.xml b/docs-xml/manpages/pdbedit.8.xml index 4bb3751..c5d6b23 100644 --- a/docs-xml/manpages/pdbedit.8.xml +++ b/docs-xml/manpages/pdbedit.8.xml @@ -289,7 +289,7 @@ retype new password /programlisting /para - noteparapdbedit does not call the unix password syncronisation + noteparapdbedit does not call the unix password synchronization script if smbconfoption name=unix password sync/ has been set. It only updates the data in the Samba user database. diff --git a/docs-xml/manpages/samba.7.xml b/docs-xml/manpages/samba.7.xml index 9299660..cedb4e4 100644 --- a/docs-xml/manpages/samba.7.xml +++ b/docs-xml/manpages/samba.7.xml @@ -91,7 +91,7 @@ manvolnum8/manvolnum/citerefentry/term listitemparaThe commandsamba-tool/command is the main Samba Administration tool regarding - Acitive Directory services./para + Active Directory services./para /listitem /varlistentry diff --git a/docs-xml/manpages/smbclient.1.xml b/docs-xml/manpages/smbclient.1.xml index 328fd50..b222c56 100644 --- a/docs-xml/manpages/smbclient.1.xml +++ b/docs-xml/manpages/smbclient.1.xml @@ -564,7 +564,7 @@ sent to the server on directory listings and file opens. If the backup intent flag is true, the server will try and bypass
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-07-10-1830/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-07-10-1830/samba3.stderr http://git.samba.org/autobuild.flakey/2013-07-10-1830/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-07-10-1830/samba.stderr http://git.samba.org/autobuild.flakey/2013-07-10-1830/samba.stdout The top commit at the time of the failure was: commit 1573638212a9733a44939a4d38a226f38dca36f1 Author: Michele Baldessari mich...@acksyn.org Date: Tue Jul 9 23:23:33 2013 +0200 Fix typos in man-pages Fix some typos in the man-pages. Signed-off-by: Michele Baldessari mich...@acksyn.org Reviewed-by: Simo Sorce i...@samba.org Autobuild-User(master): Simo Sorce i...@samba.org Autobuild-Date(master): Wed Jul 10 16:45:07 CEST 2013 on sn-devel-104
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-07-10-2044/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-07-10-2044/samba3.stderr http://git.samba.org/autobuild.flakey/2013-07-10-2044/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-07-10-2044/samba.stderr http://git.samba.org/autobuild.flakey/2013-07-10-2044/samba.stdout The top commit at the time of the failure was: commit 1573638212a9733a44939a4d38a226f38dca36f1 Author: Michele Baldessari mich...@acksyn.org Date: Tue Jul 9 23:23:33 2013 +0200 Fix typos in man-pages Fix some typos in the man-pages. Signed-off-by: Michele Baldessari mich...@acksyn.org Reviewed-by: Simo Sorce i...@samba.org Autobuild-User(master): Simo Sorce i...@samba.org Autobuild-Date(master): Wed Jul 10 16:45:07 CEST 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 596b51c s4:server: avoid calling into nss_winbind from within 'samba' from 1573638 Fix typos in man-pages http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 596b51c666e549fb518d92931d8837922154a2fe Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 10 14:48:18 2013 +0200 s4:server: avoid calling into nss_winbind from within 'samba' The most important part is that the 'winbind_server' doesn't recurse into itself. This could happen if the krb5 libraries call getlogin(). As we may run in single process mode, we need to set _NO_WINBINDD=1 everywhere, the only exception is the forked 'smbd'. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Jul 10 23:18:06 CEST 2013 on sn-devel-104 --- Summary of changes: file_server/file_server.c |9 + source4/smbd/server.c |7 +++ 2 files changed, 16 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/file_server/file_server.c b/file_server/file_server.c index 5d44d5a..aab5f39 100644 --- a/file_server/file_server.c +++ b/file_server/file_server.c @@ -28,6 +28,7 @@ #include source4/smbd/process_model.h #include file_server/file_server.h #include dynconfig.h +#include nsswitch/winbind_client.h /* called if smbd exits @@ -64,6 +65,8 @@ static void s3fs_task_init(struct task_server *task) smbd_path = talloc_asprintf(task, %s/smbd, dyn_SBINDIR); smbd_cmd[0] = smbd_path; + /* the child should be able to call through nss_winbind */ + (void)winbind_on(); /* start it as a child process */ subreq = samba_runcmd_send(task, task-event_ctx, timeval_zero(), 1, 0, smbd_cmd, @@ -72,6 +75,12 @@ static void s3fs_task_init(struct task_server *task) --foreground, debug_get_output_is_stdout()?--log-stdout:NULL, NULL); + /* the parent should not be able to call through nss_winbind */ + if (!winbind_off()) { + DEBUG(0,(Failed to re-disable recursive winbindd calls after forking smbd\n)); + task_server_terminate(task, Failed to re-disable recursive winbindd calls, true); + return; + } if (subreq == NULL) { DEBUG(0, (Failed to start smbd as child daemon\n)); task_server_terminate(task, Failed to startup s3fs smb task, true); diff --git a/source4/smbd/server.c b/source4/smbd/server.c index 0ad3e6b..37aac62 100644 --- a/source4/smbd/server.c +++ b/source4/smbd/server.c @@ -43,6 +43,7 @@ #include cluster/cluster.h #include dynconfig/dynconfig.h #include lib/util/samba_modules.h +#include nsswitch/winbind_client.h /* recursively delete a directory tree @@ -402,6 +403,12 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[ } } + /* make sure we won't go through nss_winbind */ + if (!winbind_off()) { + DEBUG(0,(Failed to disable recusive winbindd calls. Exiting.\n)); + exit(1); + } + gensec_init(); /* FIXME: */ ntptr_init(); /* FIXME: maybe run this in the initialization function -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6ac6bf9 docs: Bump version in meta data up to 4.1. from 596b51c s4:server: avoid calling into nss_winbind from within 'samba' http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6ac6bf9c8c59fa679436d0d674a1b4525b4c6dbb Author: Karolin Seeger ksee...@samba.org Date: Mon Jul 8 09:07:32 2013 +0200 docs: Bump version in meta data up to 4.1. Signed-off-by: Karolin Seeger ksee...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Thu Jul 11 02:53:34 CEST 2013 on sn-devel-104 --- Summary of changes: docs-xml/manpages/dbwrap_tool.1.xml |2 +- docs-xml/manpages/eventlogadm.8.xml |2 +- docs-xml/manpages/findsmb.1.xml |2 +- docs-xml/manpages/idmap_ad.8.xml |2 +- docs-xml/manpages/idmap_autorid.8.xml|2 +- docs-xml/manpages/idmap_hash.8.xml |2 +- docs-xml/manpages/idmap_ldap.8.xml |2 +- docs-xml/manpages/idmap_nss.8.xml|2 +- docs-xml/manpages/idmap_rfc2307.8.xml|2 +- docs-xml/manpages/idmap_rid.8.xml|2 +- docs-xml/manpages/idmap_tdb.8.xml|2 +- docs-xml/manpages/idmap_tdb2.8.xml |2 +- docs-xml/manpages/libsmbclient.7.xml |2 +- docs-xml/manpages/lmhosts.5.xml |2 +- docs-xml/manpages/log2pcap.1.xml |2 +- docs-xml/manpages/net.8.xml |2 +- docs-xml/manpages/nmbd.8.xml |2 +- docs-xml/manpages/nmblookup.1.xml|2 +- docs-xml/manpages/ntlm_auth.1.xml|2 +- docs-xml/manpages/pam_winbind.8.xml |2 +- docs-xml/manpages/pam_winbind.conf.5.xml |2 +- docs-xml/manpages/pdbedit.8.xml |2 +- docs-xml/manpages/profiles.1.xml |2 +- docs-xml/manpages/rpcclient.1.xml|2 +- docs-xml/manpages/samba-tool.8.xml |2 +- docs-xml/manpages/samba.7.xml|2 +- docs-xml/manpages/samba.8.xml|2 +- docs-xml/manpages/sharesec.1.xml |2 +- docs-xml/manpages/smb.conf.5.xml |2 +- docs-xml/manpages/smbcacls.1.xml |2 +- docs-xml/manpages/smbclient.1.xml|2 +- docs-xml/manpages/smbcontrol.1.xml |2 +- docs-xml/manpages/smbcquotas.1.xml |2 +- docs-xml/manpages/smbd.8.xml |2 +- docs-xml/manpages/smbget.1.xml |2 +- docs-xml/manpages/smbgetrc.5.xml |2 +- docs-xml/manpages/smbpasswd.5.xml|2 +- docs-xml/manpages/smbpasswd.8.xml|2 +- docs-xml/manpages/smbspool.8.xml |2 +- docs-xml/manpages/smbstatus.1.xml|2 +- docs-xml/manpages/smbta-util.8.xml |2 +- docs-xml/manpages/smbtar.1.xml |2 +- docs-xml/manpages/smbtree.1.xml |2 +- docs-xml/manpages/swat.8.xml |2 +- docs-xml/manpages/testparm.1.xml |2 +- docs-xml/manpages/vfs_acl_tdb.8.xml |2 +- docs-xml/manpages/vfs_acl_xattr.8.xml|2 +- docs-xml/manpages/vfs_aio_fork.8.xml |2 +- docs-xml/manpages/vfs_aio_linux.8.xml|2 +- docs-xml/manpages/vfs_aio_pthread.8.xml |2 +- docs-xml/manpages/vfs_audit.8.xml|2 +- docs-xml/manpages/vfs_btrfs.8.xml|2 +- docs-xml/manpages/vfs_cacheprime.8.xml |2 +- docs-xml/manpages/vfs_cap.8.xml |2 +- docs-xml/manpages/vfs_catia.8.xml|2 +- docs-xml/manpages/vfs_commit.8.xml |2 +- docs-xml/manpages/vfs_crossrename.8.xml |2 +- docs-xml/manpages/vfs_default_quota.8.xml|2 +- docs-xml/manpages/vfs_dirsort.8.xml |2 +- docs-xml/manpages/vfs_extd_audit.8.xml |2 +- docs-xml/manpages/vfs_fake_perms.8.xml |2 +- docs-xml/manpages/vfs_fileid.8.xml |2 +- docs-xml/manpages/vfs_full_audit.8.xml |2 +- docs-xml/manpages/vfs_gpfs.8.xml |2 +- docs-xml/manpages/vfs_media_harmony.8.xml|2 +- docs-xml/manpages/vfs_netatalk.8.xml |2 +- docs-xml/manpages/vfs_notify_fam.8.xml |2 +- docs-xml/manpages/vfs_prealloc.8.xml |2 +- docs-xml/manpages/vfs_preopen.8.xml |2 +-
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-07-11-0258/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-07-11-0258/samba3.stderr http://git.samba.org/autobuild.flakey/2013-07-11-0258/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-07-11-0258/samba.stderr http://git.samba.org/autobuild.flakey/2013-07-11-0258/samba.stdout The top commit at the time of the failure was: commit 596b51c666e549fb518d92931d8837922154a2fe Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 10 14:48:18 2013 +0200 s4:server: avoid calling into nss_winbind from within 'samba' The most important part is that the 'winbind_server' doesn't recurse into itself. This could happen if the krb5 libraries call getlogin(). As we may run in single process mode, we need to set _NO_WINBINDD=1 everywhere, the only exception is the forked 'smbd'. Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Wed Jul 10 23:18:06 CEST 2013 on sn-devel-104
[SCM] CTDB repository - branch master updated - ctdb-2.2-110-g9ffcd6a
The branch, master has been updated via 9ffcd6a91287d86bae7b0c73aa129c81126e08e7 (commit) via 14141b02b61d2783b750ee5b30f9520253e88f09 (commit) via e43a4b7b69a21c4cec2453dcac436b64bf5d7f06 (commit) via 30a0040fbb7c4d97d107f0e55c600295c2603a68 (commit) via b6bbfb4c464c39e322830cbbebcc51c225508584 (commit) via e3abc7eebab5cceddc4ce7817890dd5db9be3450 (commit) via c6fded59fa4da67f738a90fdacb51900e41801f9 (commit) via 846109169ee5e3d03135156e45c8dac93aa2e95b (commit) via 2493f57ce268d6fe7e4c40a87852c347fd60d29e (commit) via fc3689c977f48d7988eed0654fb8e5ce4b8bfc8b (commit) via dc834d5e78c3fb97ae15cddf1139b3c4a4051a7c (commit) via 1a74192aa7d51ed99553e7292860027f06b6ef37 (commit) via faabce1b99fb3de9ff03bf54d303e7656538fee3 (commit) via 8225b3e77e140db34b52571a95d553d1e59e3f1e (commit) via 2211cd94bea266547d3e6f167d3160a6b23bec88 (commit) via a415a1986900135f889efc25ecaf2761b1dae81a (commit) via c711ff4702c5f95b75e4bf030665fc2afffc2f9e (commit) via 2bfb8499366d530f16515b08928056bbda40f781 (commit) via 6fc36a7036933237d09151a0baf4d8ccd2bc2c99 (commit) via dcc42a75b4638b3aa40c44ed9e0aaae26483e2b0 (commit) via 594c421f90ce132c75fbd985872114e4967f92b5 (commit) via 26a4653df594d351ca0dc1bd5f5b2f5b0eb0a9a5 (commit) via 545a46437dfb2b755bb2fddb11dea8c4ccce3ed7 (commit) from 41182623891d74a7e9e9c453183411a161201e67 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit 9ffcd6a91287d86bae7b0c73aa129c81126e08e7 Author: Amitay Isaacs ami...@gmail.com Date: Thu Jul 11 11:34:46 2013 +1000 Tests: Correct the arguments to memset Signed-off-by: Amitay Isaacs ami...@gmail.com commit 14141b02b61d2783b750ee5b30f9520253e88f09 Author: Amitay Isaacs ami...@gmail.com Date: Wed Jul 10 14:44:56 2013 +1000 doc: Update NEWS Signed-off-by: Amitay Isaacs ami...@gmail.com Pair-programmed-with: Martin Schwenke mar...@meltin.net commit e43a4b7b69a21c4cec2453dcac436b64bf5d7f06 Author: Martin Schwenke mar...@meltin.net Date: Wed Jul 10 17:19:55 2013 +1000 packaging: Add systemd support Based on an original patch by Sumit Bose sb...@redhat.com. Signed-off-by: Martin Schwenke mar...@meltin.net commit 30a0040fbb7c4d97d107f0e55c600295c2603a68 Author: Martin Schwenke mar...@meltin.net Date: Wed Jul 10 16:35:53 2013 +1000 build: Turn off all deprecation warnings The âtevent_loop_allow_nestingâ is deprecated warnings will be around for a while and are annoying. Signed-off-by: Martin Schwenke mar...@meltin.net commit b6bbfb4c464c39e322830cbbebcc51c225508584 Author: Martin Schwenke mar...@meltin.net Date: Wed Jul 10 16:30:29 2013 +1000 build: Remove -DTEVENT_DEPRECATED_QUIET=1 from CFLAGS This reverts the last part of 788cdbddbc902a5b076d23473450065b551d274d - the rest of this has been implicitly reverted via tevent syncs. This is just leftover noise. Signed-off-by: Martin Schwenke mar...@meltin.net commit e3abc7eebab5cceddc4ce7817890dd5db9be3450 Author: Martin Schwenke mar...@meltin.net Date: Tue Jul 9 15:22:07 2013 +1000 initscript: Simpify initscript and control CTDB via new ctdbd_wrapper Currently the initscript is very complex. This makes it hard to read and hard to add support for new init systems, such as systemd. Create a wrapper called ctdbd_wrapper to be installed alongside ctdbd. This is called by the initscript to start and stop ctdbd. It does the ctdbd option construct and waits until ctdbd is properly initialised before it exits. Signed-off-by: Martin Schwenke mar...@meltin.net Pair-programmed-with: Amitay Isaacs ami...@gmail.com commit c6fded59fa4da67f738a90fdacb51900e41801f9 Author: Martin Schwenke mar...@meltin.net Date: Mon Jul 8 12:45:31 2013 +1000 recoverd: Recovery daemon should use ctdb_get_pnn, which can't fail Signed-off-by: Martin Schwenke mar...@meltin.net commit 846109169ee5e3d03135156e45c8dac93aa2e95b Author: Amitay Isaacs ami...@gmail.com Date: Wed Jul 10 12:23:30 2013 +1000 ctdbd: Print tdb flags when logging attached to database message Signed-off-by: Amitay Isaacs ami...@gmail.com commit 2493f57ce268d6fe7e4c40a87852c347fd60d29e Author: Amitay Isaacs ami...@gmail.com Date: Tue Jul 9 12:32:53 2013 +1000 ctdbd: Set process names for child processes This helps distinguish processes in process list in top, perf, etc. Signed-off-by: Amitay Isaacs ami...@gmail.com commit fc3689c977f48d7988eed0654fb8e5ce4b8bfc8b Author: Amitay Isaacs ami...@gmail.com Date: Tue Jul 9 12:24:59 2013 +1000 common/system: Add ctdb_set_process_name() function Signed-off-by: Amitay Isaacs ami...@gmail.com commit