Re: [Samba] About NAS versus Samba
Hi, what about the samba running on your NAS. I did a lot of NAS hacking pointing a running samba/winbind config of the vendor to my nt-style samba/ldap domain . But if you do so be aware you are loosing your support :-). So if you can change the samba on your NAS you are up and running. Greetings Daniel --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von ferna...@lozano.eti.br Gesendet: Donnerstag, 11. Juli 2013 06:04 An: Chris Weiss Cc: samba; us...@lists.fedoraproject.org Betreff: Re: [Samba] About NAS versus Samba Hi Cris, Hi there, Has anyone tried to configure a NAS server to authenticate users using a Samba PDC, or even a Samba4 DC (AD-compatible) or an IPA server? not in a while, but I have done a samba 3 DC This was not my question. I'm ok running samba 3 DCs. :-) Have you ever configured a NAS so it would authenticate users from your Samba DC and them serve SMB file shares (aka network drives) to Windows desktops? I'm evaluating replacing some Linux file server for a NAS product, but all them make me nervous when the vendor talks about Active Directory support and nothing else. if 3rd party support is your concern, why are you using fedora instead of RHEL? Are you trying to sell me RHEL subscriptions or help me with my question? ;-) Anything wrong about asking about Fedora on a Fedora list, or any server issue is forbidden for Fedora users? ;-) AFAIK it shouldn't matter, from a technical perspective, if the samba DC runs Fedora, Debian, Slackware, RHEL, SuSE, Ubuntu, Solaris, whatever. I am not talking about OS level FC drivers or iSCSI initiators. Either a NAS will be compatible with Samba3, Samba4, both or neither. This depends on the SMB and MSRPC features needed by the NAS, all them application level protocols, not kernel modules. If I'll need Red Hat support for managing this system is another, unrelated, question. If the NAS vendors state they suṕport RHEL, that's not que question either, as supporting RHEL could mean the RHEL linux kernel smbfs and cifsfs driver talks to the NAS, not the NAS talks to the Samba DC. Or else, RHEL support may mean just that the NAS talks NFS and so a RHEL machine can mount volumes from tne NAS. That's not what I want. Most times I see linux servers they are simply members of a MSAD domain, not the DC themselves. But mine are. All vendors I talked to assume MSAD, and don't know about Samba. :-( Anyway Fedora is my desktop system and development workstation. The DC in question runs RHEL. But if this works I can try someday using Fedora or CentOS with the same (or other) NAS. In theory, many NASes are Linux boxes running samba, so there shouldn't be a problem, except if the web admin interface won't support a samba DC setup and I won't have SSH access to configure the NAS samba myself a cheaper nas will probably use samba, but not all NASs do. there are several commercial SMB/CIFS implementation out there. At least iomega/lenovo/emc state their NAS runs Samba. And a lot of less know vendors also. I'll buy a single, cheap NAS, not a high end EMC rack full of boxes. :-) But... will any NAS you know work with a Samba DC, or else, using an IPA server? Or will they only work with Microsoft Windows Server AD? All vendors I contacted talk only about MS Active Directory. They don't even know about NT4-style domains, which would mean a Samba3 DC should work. Besides, AFAIK a Samba4 DC isn't supported by RHEL at all -- that's why I included IPA in my question -- I'd have to use Sernet packages for Samba4. Even then, Samba4 is very new, I don't know if a NAS implementation would accept it in place of a MSAD DC. Most vendors talk to me about vmware, exchange and sql server support. They offer me windows-only backup servers and the like. Some even offer me SAP R/3 agents, while my ERP is another one. They can only follow their standard script for windows shops. So I ask for the collective knowledge from the Fedora and Samba lists... can anyone tell me I tried this NAS and it worked? Or should I better forget about this and keep using cheap intel boxes as file servers? Am I the first linux sysadmin in the world who's considering to have a NAS replacing some file servers but keeping his samba DCs? []s, Fernando Lozano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Announce] CTDB 2.3 available for download
Changes in CTDB 2.3 === User-visible changes * 2 new configuration variables for 60.nfs eventscript: - CTDB_MONITOR_NFS_THREAD_COUNT - CTDB_NFS_DUMP_STUCK_THREADS See ctdb.sysconfig for details. * Removed DeadlockTimeout tunable. To enable debug of locking issues set CTDB_DEBUG_LOCKS=/etc/ctdb/debug_locks.sh * In overall statistics and database statistics, lock buckets have been updated to use following timings: 1ms, 10ms, 100ms, 1s, 2s, 4s, 8s, 16s, 32s, 64s, = 64s * Initscript is now simplified with most CTDB-specific functionality split out to ctdbd_wrapper, which is used to start and stop ctdbd. * Add systemd support. * CTDB subprocesses are now given informative names to allow them to be easily distinguished when using programs like top or perf. Important bug fixes --- * ctdb tool should not exit from a retry loop if a control times out (e.g. under high load). This simple fix will stop an exit from the retry loop on any error. * When updating flags on all nodes, use the correct updated flags. This should avoid wrong flag change messages in the logs. * The recovery daemon will not ban other nodes if the current node is banned. * ctdb dbstatistics command now correctly outputs database statistics. * Fixed a panic with overlapping shutdowns (regression in 2.2). * Fixed 60.ganesha monitor event (regression in 2.2). * Fixed a buffer overflow in the reloadips implementation. * Fixed segmentation faults in ping_pong (called with incorrect argument) and test binaries (called when ctdbd not running). Important internal changes -- * The recovery daemon on stopped or banned node will stop participating in any cluster activity. * Improve cluster wide database traverse by sending the records directly from traverse child process to requesting node. * TDB checking and dropping of all IPs moved from initscript to init event in 00.ctdb. * To avoid rogue IPs the release IP callback now fails if the released IP is still present on an interface. Reporting bugs Development Discussion === Please discuss this release on the samba-technical mailing list or by joining the #ctdb IRC channel on irc.freenode.net. All bug reports should be filed under CTDB product in the project's Bugzilla database (https://bugzilla.samba.org/). Download Details = The source code can be downloaded from: http://ftp.samba.org/pub/ctdb/ Git repository git://git.samba.org/ctdb.git http://git.samba.org/?p=ctdb.git;a=summary (Git via web) CTDB documentation https://ctdb.samba.org/ Amitay. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 KCC
Is the KCC in Samba4 set up to honor site links? I set up a few site links between sites (hub-spoke model), but Samba still appears to be replicating everything everywhere from each domain controller. Am I missing something? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
On Wed, Jul 10, 2013 at 11:00 PM, Jeremy Allison j...@samba.org wrote: but not all NASs do. there are several commercial SMB/CIFS implementation out there. Sure, but non available to buy as a software-only product to my knowledge. They all come with hardware attached :-). right, *I* can't buy the software, but a NAS vendor can license it for a product that I can buy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
On Wed, Jul 10, 2013 at 11:03 PM, ferna...@lozano.eti.br wrote: Hi Cris, Hi there, Has anyone tried to configure a NAS server to authenticate users using a Samba PDC, or even a Samba4 DC (AD-compatible) or an IPA server? not in a while, but I have done a samba 3 DC This was not my question. I'm ok running samba 3 DCs. :-) oh but it was! PDC means NT4 style, so samba PDC means samba 3 domain! If you're searching for information, this kind of nitpicky detail is important for an accurate answer. Have you ever configured a NAS so it would authenticate users from your Samba DC and them serve SMB file shares (aka network drives) to Windows desktops? I'm evaluating replacing some Linux file server for a NAS product, but all them make me nervous when the vendor talks about Active Directory support and nothing else. if 3rd party support is your concern, why are you using fedora instead of RHEL? Are you trying to sell me RHEL subscriptions or help me with my question? ;-) Anything wrong about asking about Fedora on a Fedora list, or any server issue is forbidden for Fedora users? ;-) I guess it's the IT manager in me. I either want something that I make someone else fix, or I want something that I'm probably going to void the warranty on so I can make it do what I want. AFAIK it shouldn't matter, from a technical perspective, [clip] I agree. But you're asking questions that show us that you assume that this is not the case. If that's your concern, then the disto you're using is important since they all put in their own patches, or not, and that's where issues raise. if you can verify the samba version on the nas, that should have your answer since those issues are well tracked. Generally, if it supports AD, it supports a samba AD. Bugs are possible, but bugs can also be fixed. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Windows 7 Registry Tweaks with Samba4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I notice that there are a few registry updates required for Windows 7 when using Samba as a AD DC (according to the Samba wiki). However I've been able to join a Windows 7 workstation to my Samba4 domain without using any registry tweaks; am I likely to encounter problems? What I've read suggests that these settings are required to ensure that the Windows 7 workstation can see the PDC; however this doesn't seem to be a problem as I've joined the workgroup without issue. Therefore can anyone explain what the registry updates do (https://wiki.samba.org/index.php/Windows7#Windows_7_Registry_settings)? That page doesn't mention Samba4, though. So perhaps it's obsolete?? Currently I'm using a Samba 4.0.6 domain controller; and a Samba 3.6.3 File/Printserver. Kind regards, - -- Chris Hayes, Systems Administrator www.proporta.com http://www.proporta.com/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJR3rdtAAoJELgO0A8EguAK7SEH/3iEzaRPpbN4RuR18ZJSThj5 /Ws9heDEksLmF91MfnV83aqpKp11YhoBnXQMFiPBTRcXtUZw6Sr80e/fa+tEYr9O ofOxNj0zB8k95oyKheeyssB0gnOZ/MKhrYKqrhg+pSBUaIzMDnbE/mI4XBUj7Rhu 68xlR9Ar9cJD1UM4SZHWaVUQjf8dl+pGnm90kJM+8zXVFFkzFi/D1BrA8gQcyM/Q 8k9WFo7GwQAsqLbG5fT1lbrSh2uvzi9rCqWhHsVwDnDw0sjwkkH2saCOW1UQcGFk rJbj+5NOigpFWRbNwCfDnJcAJyuFBDDesngyc1A4TLvTraFWjjesBJMfp/SOH/0= =rhM/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Removed params 'force security mode' etc. What to use instead?
I hate to bump, but surely someone can offer some input on this. At least question 1? Thanks, Brian On 7/3/2013 2:56 PM, Brian H. Nelson wrote: I noticed that the fix for bug 9190 (inc in samba 4.0) resulted in the removal of the following config parameters: security mask force security mode directory mask force directory security mode I have a couple questions regarding this, and haven't really seen any good info on it, so... 1) Why were they removed? There doesn't seems to be any explanation in the bug notes or release notes. Maybe I'm missing something? (not judging, just confused) 2) What can be used instead? I don't see any comparable settings in samba to obtain the same effect (preventing clients from removing certain security bits from existing files, ie group permissions) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
Hi Fernando I have a site that runs 2 trusted domain PDC's across a OpenVPN link. At one end there is a (older) Buffalo Terrastation NAS. The NAS quite happily authenticates etc both sets of domain users. It has the option of Workgroup, NT Domain or AD. I use NT Domain. The PDC's run on Debian GNU/Linux 6.0.5 (squeeze) Samba 3.56. I use idmap_tdb winbind of course. This really is an evolving thing here. There are a few issues that likewise I have had no response to list questions over. Am happy to elaborate if you need more info. Bob On 11/07/13 11:44, Fernando Lozano wrote: Hi there, Has anyone tried to configure a NAS server to authenticate users using a Samba PDC, or even a Samba4 DC (AD-compatible) or an IPA server? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 7 Registry Tweaks with Samba4
I have been informed that this is indeed something that would only have been required when using Samba 3, or specifically, when using an NT-style domain. Furthermore I was misunderstanding the term 'PDC' when I submitted this question, as I have been informed that an AD-style domain controller is simply refereed to as a 'DC'. Thanks. -- Chris Hayes, Systems Administrator www.proporta.com http://www.proporta.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
Hi, Hi there, Has anyone tried to configure a NAS server to authenticate users using a Samba PDC, or even a Samba4 DC (AD-compatible) or an IPA server? not in a while, but I have done a samba 3 DC This was not my question. I'm ok running samba 3 DCs. :-) oh but it was! PDC means NT4 style, so samba PDC means samba 3 domain! If you're searching for information, this kind of nitpicky detail is important for an accurate answer. Well, I know how to setup a Samba 3 PDC, with other BDCs using LDAP replication. Fortunately I do not need help doing this. And I was not asking what is a Samba PDC, I know that, I know MSAD and etc I'm not asking the IT manager in you and other list members, I'm asking the network admins and sysadmins about wich products worked or didn't work based on their real-world experience. My question is wether a NAS (which one) will be able to become a member server on the samba NT-style domain, of if it will work only as member of a real MSAD domain from a Windows Server. Do you know the answer, I talked about even a Samba 4 DC because if someone answers me won't work for a samba 3 pdc, but should work with a samba 4 DC I'll seriously think about moving my test-lab samba 4 setup into production, otherwise I was not willing to do this just for the NAS. I'm even open to IPA, a software I've never tried. It looks like can replace my Samba3 DCs with advantes, and is well supported by Red Hat, while Samba 4 is not. Today I'd rather run Samba 4 without support than learning an entirely new network login solution. But if the new solution makes using a NAS easier I may change my mind. AFAIK it shouldn't matter, from a technical perspective, [Fedora vs RHEL] I agree. But you're asking questions that show us that you assume that this is not the case. If that's your concern, then the disto you're using is important since they all put in their own patches, or not, and that's where issues raise. For now it only matters to me if sometone tells i tried with ACME NAS and RHEL and it worked, but tried the same NAS with Fedora and it didn't or vice-versa. I can compile samba myself if needed, or get packages from a repo outisde the official distro ones. if you can verify the samba version on the nas, that should have your answer since those issues are well tracked. Generally, if it supports AD, it supports a samba AD. Bugs are possible, but bugs can also be fixed. If I had the NAS box here I'd verify. But I'm still evaluating which one to buy, and for small purchages / small companies no one gives me a box for a POC. I wish information on with products / vendors have a track record of working (or not working) as member servers to a samba 3 domain, so I won't loose time talking to those vendors or evaluating those products. As I said in the previous messages, trying to get this information from the vendors themselves was a failure, so I'm appealing to the list. Unfortunately, as nobody besides you, on both lists, replied to me, I must assume that no NAS in the market was ever proven to work using a Samba PDC, and so buying any NAS is out of question for me. :-( Maybe I'll instead buy a DAS box to which I can connect 4 to 8 server machines using SAS links, and let the file servers running as samba processes inside linux VMs. []s, Fernando Lozano []s, Fernando Lozano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
Hi Bob, I have a site that runs 2 trusted domain PDC's across a OpenVPN link. At one end there is a (older) Buffalo Terrastation NAS. The NAS quite happily authenticates etc both sets of domain users. It has the option of Workgroup, NT Domain or AD. I use NT Domain. The PDC's run on Debian GNU/Linux 6.0.5 (squeeze) Samba 3.56. I use idmap_tdb winbind of course. Thanks a lot. I found there is a local reseller here for Buffalo storage systems, so it's in. []s, Fernando Lozano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
On Thu, Jul 11, 2013 at 08:01:20AM -0500, Chris Weiss wrote: On Wed, Jul 10, 2013 at 11:00 PM, Jeremy Allison j...@samba.org wrote: but not all NASs do. there are several commercial SMB/CIFS implementation out there. Sure, but non available to buy as a software-only product to my knowledge. They all come with hardware attached :-). right, *I* can't buy the software, but a NAS vendor can license it for a product that I can buy. No, they all write their own these days. None available to license as far as I'm aware. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Removed params 'force security mode' etc. What to use instead?
On Thu, Jul 11, 2013 at 10:25:56AM -0400, Brian H. Nelson wrote: I hate to bump, but surely someone can offer some input on this. At least question 1? Thanks, Brian On 7/3/2013 2:56 PM, Brian H. Nelson wrote: I noticed that the fix for bug 9190 (inc in samba 4.0) resulted in the removal of the following config parameters: security mask force security mode directory mask force directory security mode I have a couple questions regarding this, and haven't really seen any good info on it, so... 1) Why were they removed? There doesn't seems to be any explanation in the bug notes or release notes. Maybe I'm missing something? (not judging, just confused) They were confusing a lot of people, and no one answered the call on samba-technical for a use case when the proposal came to remove them. Using Windows ACL mappings instead seemed like a better solution. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
Hi, No, they all write their own these days. None available to license as far as I'm aware. Most times the proprietary NAS software is simply a web interface over a standard Linux/FreeBSD OS using Samba. If you know Samba and Linux, the web interface may be a hurdle, not allowing access to features you know how to configure from the shell or, worse yet, overwriting those settings, if they provide a shell at all. []s, Fernando Lozano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
On 07/11/13 11:50, Jeremy Allison wrote: On Thu, Jul 11, 2013 at 08:01:20AM -0500, Chris Weiss wrote: On Wed, Jul 10, 2013 at 11:00 PM, Jeremy Allison j...@samba.org wrote: but not all NASs do. there are several commercial SMB/CIFS implementation out there. Sure, but non available to buy as a software-only product to my knowledge. They all come with hardware attached :-). right, *I* can't buy the software, but a NAS vendor can license it for a product that I can buy. No, they all write their own these days. None available to license as far as I'm aware. I had an small iomega personal/workgroup NAS box (I think it was a snapserver.) It did run linux but the samba version didn't work with our samba 3.x PDC's.I think both were 3.0.x so it could have been some issue with our samba implementation.It did work with a Windows 2003 AD but that wasn't much use. Some of the NAS's are now based on Windows Server.But I don't think any vendor will talk about samba compatibility (let alone promise it.) The Oracle/Sun NAS servers are based on on Solaris11 or OpenSolaris. Even if a NAS works with your current environment there is no guarantee the vendor will provide patches to keep it working in the future as you apply security fixes or patches to your samba servers.For samba users implementing a NAS might not simplify things. If you were a windows only show them a NAS is probably great for a small site. I would stick with a real linux/samba server- you then have complete configuration control. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
I've had experience with a Western Digital MyBook Live DUO, and it does NOT support any type of network authentication. Users must be created and deleted on that device. --- CONFIDENTIALITY WARNING: Pseudo-legal disclaimers do not buy you or your employer any legal recourse for leaked information. E-mail messages should never contain privileged or confidential information. Always treat e-mail as public. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Fernando Lozano Sent: Wednesday, July 10, 2013 8:45 PM To: us...@lists.fedoraproject.org; samba@lists.samba.org Subject: [Samba] About NAS versus Samba Hi there, Has anyone tried to configure a NAS server to authenticate users using a Samba PDC, or even a Samba4 DC (AD-compatible) or an IPA server? I'm evaluating replacing some Linux file server for a NAS product, but all them make me nervous when the vendor talks about Active Directory support and nothing else. In theory, many NASes are Linux boxes running samba, so there shouldn't be a problem, except if the web admin interface won't support a samba DC setup and I won't have SSH access to configure the NAS samba myself. So I'm asking if someone there has had any real experience, be it using Fedora, CentOS or RHEL as the Samba3 PDC or Samba4 DC. PS: I'm cross-posting because I asked before on the samba mailing list and nobody cared to answer. Or nobody has had any real experience. I'm hoing many sysadmins on the Fedora list also works on companies with RHEL or CentOS and had a real experience to share. []s, Fernando Lozano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
Hi, what about the samba running on your NAS. I did a lot of NAS hacking pointing a running samba/winbind config of the vendor to my nt-style samba/ldap domain . But if you do so be aware you are loosing your support :-). So if you can change the samba on your NAS you are up and running. I don't have the NAS box yet. I wish advice on which one to buy based on compatibility with a Samba 3 PDC (or Samba 4 DC, or IPA). Vendors I talked to tell me it won't work, I'd have to use Microsoft AD. Knowing the Linux and Windows side (protocols, software) this doesn't make sense to me, I'm guessing the sales people I talked to simply doesn't know and doesn't want to learn. And it's not easy to tell the boss I'll buy a somewhat expensive box (for a small business) just to hack and see if it'll work the way I want. :-( It would help if you simply tell me which NAS you had success and which one was easier, out-of-the-box, or had to hack. []s, Fernando Lozano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] What great things can a non-windows user do with Samba
Hi all, I ask this question about once a decade. I have about 7 computers, all Linux or BSD. Are there any cool things I can do with Samba, even though I have no Windows computers? Thanks, SteveT Steve Litt* http://www.troubleshooters.com/ Troubleshooting Training * Human Performance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] What great things can a non-windows user do with Samba
On Thu, Jul 11, 2013 at 10:52 AM, Steve Litt sl...@troubleshooters.com wrote: Hi all, I ask this question about once a decade. I have about 7 computers, all Linux or BSD. Are there any cool things I can do with Samba, even though I have no Windows computers? Yes! I've found samba and mount.cifs to be far faster than NFS, especially when the server is of limited resources. it's also easier since all your passwd dont' have to match up. though if you do take that effort you can use the unix-extensions and get back a lot of posix features that cifs doesn't normally do. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
Hi Tony, RE: [Samba] About NAS versus Samba I've had experience with a Western Digital MyBook Live DUO, and it does NOT support any type of network authentication. Users must be created and deleted on that device. Thanks. May good for home use, but not for my employee. Anyway a vendor told me this works with linux but was unable to give details about authentication. []s, Fernando Lozano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
On 07/11/13 12:29, Fernando Lozano wrote: Hi, what about the samba running on your NAS. I did a lot of NAS hacking pointing a running samba/winbind config of the vendor to my nt-style samba/ldap domain . But if you do so be aware you are loosing your support :-). So if you can change the samba on your NAS you are up and running. I don't have the NAS box yet. I wish advice on which one to buy based on compatibility with a Samba 3 PDC (or Samba 4 DC, or IPA). Vendors I talked to tell me it won't work, I'd have to use Microsoft AD. Knowing the Linux and Windows side (protocols, software) this doesn't make sense to me, I'm guessing the sales people I talked to simply doesn't know and doesn't want to learn. And it's not easy to tell the boss I'll buy a somewhat expensive box (for a small business) just to hack and see if it'll work the way I want. :-( It would help if you simply tell me which NAS you had success and which one was easier, out-of-the-box, or had to hack. []s, Fernando Lozano It seems common that vendors (esp the sales guys) assume you are running Windows 200x and AD.I think the logic is that none of our customers use linux so we won't support it. It becomes self-fulfilling when anyone wanting something besides the basic Windows AD support looks for other solutions. Getting samba to work sometimes requires fiddling with protocol versions, WINS and DNS. For example windows 7 won't work with Samba 3.x until you tweek the registry. You can probably put together a price-comparable equivalent of the Buffalo using a white-box PC tower and linux. You can even set up software raid. It is more likely to work the way you want than a NAS box. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] What great things can a non-windows user do with Samba
Hi Steve, I have about 7 computers, all Linux or BSD. Are there any cool things I can do with Samba, even though I have no Windows computers? I'd use Samba only to support Windows users. Samba provides three things: 1. File Services 2. Print Services 3. Network Logons As you are a Unix-only shop, you have other (better) alternatives: 1. NFS, AFS 2. CUPS, LPD 3. LDAP, NIS, Kerberos Some people already know how to configure Samba, because they needed it for mixed Unix/Windows shops, and keeps using it for Unix-only shops. That's fine, you won't have to learn NFS, LDAP, etc. But if you already know those, and not Samba, adding samba would bring no value IMHO. []s, Fernando Lozano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
Hi Gaiseric, It seems common that vendors (esp the sales guys) assume you are running Windows 200x and AD.I think the logic is that none of our customers use linux so we won't support it. It becomes self-fulfilling when anyone wanting something besides the basic Windows AD support looks for other solutions. Exactly my problem. Lasy vendors. ;-) Getting samba to work sometimes requires fiddling with protocol versions, WINS and DNS. For example windows 7 won't work with Samba 3.x until you tweek the registry. You can probably put together a price-comparable equivalent of the Buffalo using a white-box PC tower and linux. You can even set up software raid. It is more likely to work the way you want than a NAS box. I have no problem with that. Have been doing this for years and my employee is happy with the results. I'm afraid the NAS box won't give access to tweaking its configuration. But you know, everyone buys NASes today, it's getting harder to explaing a common PC would be better. Here a server box with a RAID controller and a hot-swappable disk bays is way more expensive than an iomega NAS in a rack form factory. []s, Fernando Lozano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
On Thu, Jul 11, 2013 at 12:55 PM, Fernando Lozano ferna...@lozano.eti.br wrote: But you know, everyone buys NASes today, it's getting harder to explaing a common PC would be better. Here a server box with a RAID controller and a hot-swappable disk bays is way more expensive than an iomega NAS in a rack form factory. I've found the performance of those cheap NAS boxes (even the cheap ones are relatively expensive) to be sub-par. Most of them max out at a few MB/second. A reasonable set of hardware in a 2U with hot-swap drives will absolutely smoke a cheap NAS and the price/performance ratio is much better. Plus, you can use ZFS/BTRFS/etc as your backing store if you'd like on your own dedicated box. -- Peace and Blessings, -Scott. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SUSE Linix 11.2 LDAP to AD
[Removing from the Samba developer ML, this belongs on the user list] On Thu, 11 Jul 2013 14:59:24 + Pavetto, David david.pave...@hp.com wrote: I did use the Yast to set this up and yes we are using winbind, since I did use yast to set this up initially, so is there anything I need to do to remove idmap_tdb or will this just be completed within the samba.conf file, Just asking, want to understand going forward since we have a ton of servers to install and just want to script this out The conversion from idmap_tdb to idmap_ad can be done by changing smb.conf. Remove any existing idmap parameters, then add idmap_ad parameters based on your current environment, e.g (from man page). [global] idmap config * : backend = tdb idmap config * : range = 100-199 idmap config DOMAIN : backend = ad idmap config DOMAIN : range = 1000-99 Changing the idmap backend on a running system is generally not a good idea, as file ownership and ACLs may change for mapped users. Idmap caches also need to be purged before restarting winbind. This can be done by backing up /var/lib/samba/*, then deleting winbindd_idmap.tdb and gencache.tdb. nscd should also be disabled. One final caveat, Samba 3.6 idmap_ad uses the rfc2307 gidNumber attribute assigned to groups for which a user is a member of. It ignores the gidNumber attribute explicitly assigned user objects. Cheers, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] What great things can a non-windows user do with Samba
At Thu, 11 Jul 2013 11:52:49 -0400 Steve Litt sl...@troubleshooters.com wrote: Hi all, I ask this question about once a decade. I have about 7 computers, all Linux or BSD. Are there any cool things I can do with Samba, even though I have no Windows computers? Not really. Samba is just a tool to deal with pesky mess-windows machines. On a pure UNIX (Linux, BSD, Solaris, AIX, etc.) LAN, Samba is about as useful as Air Conditioners in Antartica in the middle of the Antartic winter. Thanks, SteveT Steve Litt* http://www.troubleshooters.com/ Troubleshooting Training * Human Performance -- Robert Heller -- 978-544-6933 / hel...@deepsoft.com Deepwoods Software-- http://www.deepsoft.com/ () ascii ribbon campaign -- against html e-mail /\ www.asciiribbon.org -- against proprietary attachments -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba Digest, Vol 127, Issue 11
Estimados, Estoy fuera de la oficina. Ante cualquier requerimiento favor generar el ticket respectivo o comunicarse con roberto.var...@pyaing.cl , freddy.arev...@pyaing.cl o frederick.esco...@pyaing.cl atte Luis Aravena -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] oLschema2ldif segfault
I'm seeing a oLschema2ldif segfault when it comes across attributetypes with syntax '1.3.6.1.4.1.1466.115.121.1.5' that is a BINARY attribute. Is this by design? Can I store binary attributes in samba4 ldap? Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [Announce] Samba 4.1.0rc1 Available for Download
Release Announcements = This is the first release candidate of Samba 4.1. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. Samba 4.1 will be the next version of the Samba suite and includes all the technology found in both the Samba4 series and the stable 3.x series. The primary additional features over Samba 3.6 are support for the Active Directory logon protocols used by Windows 2000 and above. If you are upgrading, or looking to develop, test or deploy Samba 4.1 releases candidates, you should backup all configuration and data. NEW FEATURES Directory database replication (AD DC mode) === Directory replication has been reworked in order to improve the correctness and efficiency. As a net effect of it, replication with other domain controllers with a heavily modified schema is now possible (ie. Windows 2012 DCs or other Windows DC with exchange installed) and replication didn't fail anymore in such environments. Server-Side Copy Support Samba 4.1.0 adds support for server-side copy operations via the SMB2 FSCTL_SRV_COPYCHUNK request. Clients making use of server-side copy support, such as Windows Server 2012, should experience considerable performance improvements for file copy operations, as file data need not traverse the network. This feature is enabled by default on the smbd file server. Btrfs Filesystem Integration The Btrfs VFS module provided with Samba 4.1.0 further improves the performance of server-side copy operations on shares backed by a Btrfs filesystem. It does so by allowing multiple files to share the same on-disk extents, avoiding the unnecessary duplication of source and destination file data during a server-side copy operation. This feature can be explicitly enabled on smbd shares backed by a Btrfs filesystem with the smb.conf parameter: vfs objects = btrfs REMOVED COMPONENTS == The Samba Web Administration Tool (SWAT) has been removed. ## Changes ### smb.conf changes Parameter Name Description Default -- --- --- password level Removed set directoryRemoved use ntdb New No COMMIT HIGHLIGHTS = o David Disseldorp dd...@samba.org * Add vfs_btrfs module. * Add support for server-side copy operations via the SMB2 FSCTL_SRV_COPYCHUNK request. RUNNING Samba 4.1 as an AD DC = A short guide to setting up Samba 4 as an AD DC can be found on the wiki: http://wiki.samba.org/index.php/Samba4/HOWTO ### Reporting bugs Development Discussion ### Please discuss this release on the samba-technical mailing list or by joining the #samba-technical IRC channel on irc.freenode.net. If you do report problems then please try to send high quality feedback. If you don't provide vital information to help us track down the problem then you will probably be ignored. All bug reports should be filed under the Samba 4.1 product in the project's Bugzilla database (https://bugzilla.samba.org/). == == Our Code, Our Bugs, Our Responsibility. == The Samba Team == -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
Al 11/07/13 18:43, En/na Fernando Lozano ha escrit: Hi Tony, RE: [Samba] About NAS versus Samba I've had experience with a Western Digital MyBook Live DUO, and it does NOT support any type of network authentication. Users must be created and deleted on that device. Thanks. May good for home use, but not for my employee. Anyway a vendor told me this works with linux but was unable to give details about authentication. If it may interest you, I tried a couple of lacie devices (a 5big and a network space 2) and, while they use linux+samba, their interface only allows joining an AD domain. I hacked the network space by replacing the stock firmware with debian so I could join it to my samba 3 domain. I didn't bother to modify the 5big (no easy way to do it a the time and the changes made via a backdoor shell would be reverted on boot), so we're using it as an unauthenticated data store (for standard software, catalogues, etc.). Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es Tel. +34 935883004 Fax +34 935883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
If you use raid you should either use a true hardware raid (e.g from LSI or Adaptec) or true software raid. The firmware raid (aka fake raid) included on some motherboards is just asking for trouble.For the price of the true hardware raid card you might as well stick with software raid. Hot swap bays for SATA disks that you can use with a tower PC fairly cheap. http://www.supermicro.com/products/accessories/mobilerack/CSE-M35T-1.cfm Don't cheap out of the disks though.Get 7200 RPM server or raid disks. I set up something Solaris which gave me the benefits of ZFS. If you don't need the zfs functionality I would stick with a linux distro that are comfortable with. Supermicro (and other) also was a range for whitebox tower and servers that are cheaper than buying from Dell or HP.Of course there is no customer support or extended warranty. On 07/11/13 12:59, Scott Lovenberg wrote: On Thu, Jul 11, 2013 at 12:55 PM, Fernando Lozano ferna...@lozano.eti.br wrote: But you know, everyone buys NASes today, it's getting harder to explaing a common PC would be better. Here a server box with a RAID controller and a hot-swappable disk bays is way more expensive than an iomega NAS in a rack form factory. I've found the performance of those cheap NAS boxes (even the cheap ones are relatively expensive) to be sub-par. Most of them max out at a few MB/second. A reasonable set of hardware in a 2U with hot-swap drives will absolutely smoke a cheap NAS and the price/performance ratio is much better. Plus, you can use ZFS/BTRFS/etc as your backing store if you'd like on your own dedicated box. -- Peace and Blessings, -Scott. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] does winbind have an upper limit of 1410065407 for UID numbers?
Hello, I'm seem to be hitting an upper limit on the range in winbind for idmap or I have something configured incorrectly... My uidNumber in AD is 1951526546, which the log message show it retrieved correctly, however, the log message shows the upper limit is 1410065407 even though it's configured to be 99. Here are the lines from my smb.conf idmap config CORP:range = 10-99 idmap config CORP:backend = ad idmap config CORP:schema_mode = rfc2307 [2013/07/05 14:47:09.217707, 5] ../source3/passdb/pdb_interface.c:1392(pdb_default_uid_to_sid) pdb_default_uid_to_sid: Did not find user joshua (1951526546) [2013/07/05 14:47:09.217775, 5] ../source3/winbindd/idmap_tdb_common.c:397(idmap_tdb_common_unixid_to_sid) Requested id (1951526546) out of range (10 - 1410065407). Filtered! Has anyone else had this issue using uid numbers so large? Thanks! Joshua McClintock -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 pdc: Import sudoers active directory schema to ldb
Any updates on this? I am thinking this schema is lacking the sudoers base cn like in openldap we have ou=SUDOERS,cn=... From: mad-proffes...@hotmail.com To: samba@lists.samba.org CC: samba-techni...@lists.samba.org Subject: RE: [Samba] samba4 pdc: Import sudoers active directory schema to ldb Date: Sun, 30 Jun 2013 17:36:16 +0300 Date: Sun, 30 Jun 2013 06:49:26 +0200 From: g...@kzsdabas.hu To: samba@lists.samba.org; mad-proffes...@hotmail.com CC: samba-techni...@lists.samba.org Subject: Re: [Samba] samba4 pdc: Import sudoers active directory schema to ldb 2013-06-29 11:00 keltezéssel, george Nopicture írta: Hi guys and congrats for bringing a fantastic project to the open source world. I' ve setup a samba4 pdc succefully and i am able to do domain logins. I was also able to add the automount schema into the ldb. But when it comes to sudoers schema i cant import it in. Further system details: Debian wheezy 7, samba 4.0.6 compiled from source, sudo-ldap standard binary package from repos. I have split the sudoers active directory schema that came with sudo to 2 ldifs(classSchema apart from attributeSchema) and tried to import them in but i had no luck. I googled around but came up nothing about it. This is the error i get: ERR: (Invalid attribute syntax) LDAP error 21 LDAP_INVALID_ATTRIBUTE_SYNTAX - 200B: objectclass_attrs: attribute 'mayContain' on entry 'CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com' contains at least one invalid value! on DN CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com at block before line 31. First: I've cc-ed samba-technical as extending the schema is still an experimental feature. Second: it would be helpful to be able to look at the ldif files you try to load (messages like block before line 31 doesn't make too much sense without it) Regards Geza Gemes Hello, it appears that i have directly sent you some emails at your personal email address, sorry for that.I am attaching the 2 files for the list and i am also posting their contents here. sudoers-class.ldif: dn: CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com objectClass: top objectClass: classSchema cn: sudoRole distinguishedName: CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com instanceType: 4 possSuperiors: container possSuperiors: top subClassOf: top governsID: 1.3.6.1.4.1.15953.9.2.1 mayContain: sudoUser mayContain: sudoHost mayContain: sudoCommand mayContain: sudoRunAs mayContain: sudoOption mayContain: sudoRunAsUser mayContain: sudoRunAsGroup mayContain: sudoNotBefore mayContain: sudoNotAfter mayContain: sudoOrder rDNAttID: cn showInAdvancedViewOnly: FALSE adminDisplayName: sudoRole adminDescription: Sudoer Entries objectClassCategory: 1 lDAPDisplayName: sudoRole name: sudoRole schemaIDGUID:: SQn432lnZ0+ukbdh3+gN3w== systemOnly: FALSE objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=example,DC=com defaultObjectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=example,DC=com sudoers.ldif dn: CN=sudoUser,CN=Schema,CN=Configuration,DC=example,DC=com objectClass: top objectClass: attributeSchema cn: sudoUser distinguishedName: CN=sudoUser,CN=Schema,CN=Configuration,DC=example,DC=com instanceType: 4 attributeID: 1.3.6.1.4.1.15953.9.1.1 attributeSyntax: 2.5.5.5 isSingleValued: FALSE showInAdvancedViewOnly: TRUE adminDisplayName: sudoUser adminDescription: User(s) who may run sudo oMSyntax: 22 searchFlags: 1 lDAPDisplayName: sudoUser name: sudoUser schemaIDGUID:: JrGcaKpnoU+0s+HgeFjAbg== objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com dn: CN=sudoHost,CN=Schema,CN=Configuration,DC=example,DC=com objectClass: top objectClass: attributeSchema cn: sudoHost distinguishedName: CN=sudoHost,CN=Schema,CN=Configuration,DC=example,DC=com instanceType: 4 attributeID: 1.3.6.1.4.1.15953.9.1.2 attributeSyntax: 2.5.5.5 isSingleValued: FALSE showInAdvancedViewOnly: TRUE adminDisplayName: sudoHost adminDescription: Host(s) who may run sudo oMSyntax: 22 lDAPDisplayName: sudoHost name: sudoHost schemaIDGUID:: d0TTjg+Y6U28g/Y+ns2k4w== objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com dn: CN=sudoCommand,CN=Schema,CN=Configuration,DC=example,DC=com objectClass: top objectClass: attributeSchema cn: sudoCommand distinguishedName: CN=sudoCommand,CN=Schema,CN=Configuration,DC=example,DC=com instanceType: 4 attributeID: 1.3.6.1.4.1.15953.9.1.3 attributeSyntax: 2.5.5.5 isSingleValued: FALSE showInAdvancedViewOnly: TRUE adminDisplayName: sudoCommand adminDescription: Command(s) to be executed by sudo oMSyntax: 22 lDAPDisplayName: sudoCommand name: sudoCommand schemaIDGUID:: D6QR4P5UyUen3RGYJCHCPg== objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=example,DC=com dn: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=example,DC=com objectClass: top objectClass: attributeSchema cn: sudoRunAs
Re: [Samba] What great things can a non-windows user do with Samba
On Thu, 2013-07-11 at 13:46 -0400, Robert Heller wrote: At Thu, 11 Jul 2013 11:52:49 -0400 Steve Litt sl...@troubleshooters.com wrote: Hi all, I ask this question about once a decade. I have about 7 computers, all Linux or BSD. Are there any cool things I can do with Samba, even though I have no Windows computers? Not really. Samba is just a tool to deal with pesky mess-windows machines. On a pure UNIX (Linux, BSD, Solaris, AIX, etc.) LAN, Samba is about as useful as Air Conditioners in Antartica in the middle of the Antartic winter. Hi We network stand alone Linux and xp boxes using s4 AD. As the windows desks break and virus, we replace them with Linux. We have no intention of replacing Samba4 with anything else if the lan becomes pure Linux. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 4.1.0rc1 Available for Download
On Thu, 2013-07-11 at 20:31 +0200, Karolin Seeger wrote: Release Announcements = This is the first release candidate of Samba 4.1. Hi A bit confused about this: From git://git.samba.org/samba f387d9a..940395d master - origin/master 5c488cf..ae2e0a6 v4-1-stable - origin/v4-1-stable * [new tag] samba-4.1.0rc1 - samba-4.1.0rc1 I think I have the 4.1.0rc1 that will be patched to rc2 if there is one and then to 4.2master. Am I close? Let's say I want to stop testing at 4.1.0. Can I then get the tarball and make install it over the last git? Does ./configure for the git take the same defaults as the release? Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Removed params 'force security mode' etc. What to use instead?
On 05/07/13 16:10, Brian H. Nelson wrote: On 7/3/2013 4:54 PM, Jonathan Buzzard wrote: My guess is this is related to the Unix extensions. Basically certain versions of OS X; I can't remember which ones but 10.5 sticks in my mind but that might be related to symbolic links and it was 10.6 that was the problem, notice the file server does Unix extensions and then decides to go behind the Samba servers back and fiddle with the permissions. Indeed. Unfortunately (in this case) we had already disabled unix extensions a while back when 10.6.8/10.7 came out and we started seeing similar permission issues. I'm surprized that force security mode wouldn't work. That actually sounds like a bug if that's the case. I don't believe I ever actually tested it myself but we did pin that as another possible solution at that time. Hum, if Unix extensions are off, then I would try either putting some default POSIX ACL's on the folders or better still make sure the file system is mounted with extended attributes and use the acl_xattr module to do Windows ACL's and see if you cannot fix it that way. This seems to be a different but similar issue on some new machines with 10.8. I'm not yet sure if it's an OS issue or a application issue. So far, I've only seen it when a user 'packages' a project from Adobe InDesign. Many of the extra files in the 'package' (just a folder, not an archive or anything) end up without group permissions which is a big issue for them. My suggestion is to turn the debug level right up on your test setup and then trawl through it till you see exactly what is going on. It's time consuming but it was how I tracked down the Unix extension issue on Mac's issue and a similar wacky issue related to Office 2007/2010 and mapping of DOS attributes. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Excessive allocations from RID master
I have a script that is adding about 16,000 users to my domain. While monitoring the script, I noticed that as soon as a user is added, 500 additional RID's are allocated from the RID Master Please see below the output of the CN=RID Manager$,CN=System and CN=RID Set,CN=DC1,OU=Domain Controllers containers between each user-add As you can see, in CN=RID Set,CN=DC1,OU=Domain Controllers rIDNextRID increments by one between each user, but there is a new rIDAllocationPool each time. And to match that, inside of the CN=RID Manager$,CN=System container the rIDAvailablePool gets depleted by 500 between each new user. Is this normal behavior, or a bug? I thought the DC only requests 500 additional RID's when it was close to being depleted - not on each object addition. == Thu Jul 11 20:45:59 EDT 2013 = dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com rIDAvailablePool: 4837600-1073741823 dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com rIDPreviousAllocationPool: 4760100-4760599 rIDUsedPool: 38 rIDAllocationPool: 4837100-4837599 rIDNextRID: 4760494 == Thu Jul 11 20:46:10 EDT 2013 = dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com rIDAvailablePool: 4838100-1073741823 dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com rIDPreviousAllocationPool: 4760100-4760599 rIDUsedPool: 38 rIDAllocationPool: 4837600-4838099 rIDNextRID: 4760495 == Thu Jul 11 20:46:21 EDT 2013 = dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com rIDAvailablePool: 4838600-1073741823 dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com rIDPreviousAllocationPool: 4760100-4760599 rIDUsedPool: 38 rIDAllocationPool: 4838100-4838599 rIDNextRID: 4760496 == Thu Jul 11 20:46:32 EDT 2013 = dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com rIDAvailablePool: 4839100-1073741823 dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com rIDPreviousAllocationPool: 4760100-4760599 rIDUsedPool: 38 rIDAllocationPool: 4838600-4839099 rIDNextRID: 4760497 == Thu Jul 11 20:46:44 EDT 2013 = dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com rIDAvailablePool: 4839600-1073741823 dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com rIDPreviousAllocationPool: 4760100-4760599 rIDUsedPool: 38 rIDAllocationPool: 4839100-4839599 rIDNextRID: 4760498 == Thu Jul 11 20:46:55 EDT 2013 = dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com rIDAvailablePool: 4840100-1073741823 dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com rIDPreviousAllocationPool: 4760100-4760599 rIDUsedPool: 38 rIDAllocationPool: 4839600-4840099 rIDNextRID: 4760499 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Excessive allocations from RID master
To add to this, I let my script continue until the rIDNextRID reached the end of the pool. This caused a waste of about 129,000 RID's. This concerns me because Microsoft has used 8 billion RID's in 12 years (http://blogs.technet.com/b/askds/archive/2011/09/12/managing-rid-pool-depletion.aspx), and I have burned through almost 5 million in less than a year - and my organization is nowhere near the size of M$. With Samba not supporting domain trusts, there is no ability to migrate users to a new domain, so if this is to continue and cause an excessive RID pool depletion, the missing domain trust feature of Samba will leave users dead with no way to get users onto a new domain with a fresh RID pool. == Thu Jul 11 20:56:55 EDT 2013 = dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com rIDAvailablePool: 4889100-1073741823 dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com rIDPreviousAllocationPool: 4760100-4760599 rIDUsedPool: 38 rIDAllocationPool: 4889100-4889599 rIDNextRID: 4760598 == Thu Jul 11 20:56:57 EDT 2013 = dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com rIDAvailablePool: 4890100-1073741823 dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com rIDAllocationPool: 4889600-4890099 rIDPreviousAllocationPool: 4889600-4890099 rIDUsedPool: 39 rIDNextRID: 4889601 On Jul 11, 2013, at 7:54 PM, Kristofer kristo...@cybernetik.net wrote: I have a script that is adding about 16,000 users to my domain. While monitoring the script, I noticed that as soon as a user is added, 500 additional RID's are allocated from the RID Master Please see below the output of the CN=RID Manager$,CN=System and CN=RID Set,CN=DC1,OU=Domain Controllers containers between each user-add As you can see, in CN=RID Set,CN=DC1,OU=Domain Controllers rIDNextRID increments by one between each user, but there is a new rIDAllocationPool each time. And to match that, inside of the CN=RID Manager$,CN=System container the rIDAvailablePool gets depleted by 500 between each new user. Is this normal behavior, or a bug? I thought the DC only requests 500 additional RID's when it was close to being depleted - not on each object addition. == Thu Jul 11 20:45:59 EDT 2013 = dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com rIDAvailablePool: 4837600-1073741823 dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com rIDPreviousAllocationPool: 4760100-4760599 rIDUsedPool: 38 rIDAllocationPool: 4837100-4837599 rIDNextRID: 4760494 == Thu Jul 11 20:46:10 EDT 2013 = dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com rIDAvailablePool: 4838100-1073741823 dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com rIDPreviousAllocationPool: 4760100-4760599 rIDUsedPool: 38 rIDAllocationPool: 4837600-4838099 rIDNextRID: 4760495 == Thu Jul 11 20:46:21 EDT 2013 = dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com rIDAvailablePool: 4838600-1073741823 dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com rIDPreviousAllocationPool: 4760100-4760599 rIDUsedPool: 38 rIDAllocationPool: 4838100-4838599 rIDNextRID: 4760496 == Thu Jul 11 20:46:32 EDT 2013 = dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com rIDAvailablePool: 4839100-1073741823 dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com rIDPreviousAllocationPool: 4760100-4760599 rIDUsedPool: 38 rIDAllocationPool: 4838600-4839099 rIDNextRID: 4760497 == Thu Jul 11 20:46:44 EDT 2013 = dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com rIDAvailablePool: 4839600-1073741823 dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com rIDPreviousAllocationPool: 4760100-4760599 rIDUsedPool: 38 rIDAllocationPool: 4839100-4839599 rIDNextRID: 4760498 == Thu Jul 11 20:46:55 EDT 2013 = dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com rIDAvailablePool: 4840100-1073741823 dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com rIDPreviousAllocationPool: 4760100-4760599 rIDUsedPool: 38 rIDAllocationPool: 4839600-4840099 rIDNextRID: 4760499 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Excessive allocations from RID master
On Thu, 2013-07-11 at 20:02 -0500, Kristofer wrote: To add to this, I let my script continue until the rIDNextRID reached the end of the pool. This caused a waste of about 129,000 RID's. This concerns me because Microsoft has used 8 billion RID's in 12 years (http://blogs.technet.com/b/askds/archive/2011/09/12/managing-rid-pool-depletion.aspx), and I have burned through almost 5 million in less than a year - and my organization is nowhere near the size of M$. With Samba not supporting domain trusts, there is no ability to migrate users to a new domain, so if this is to continue and cause an excessive RID pool depletion, the missing domain trust feature of Samba will leave users dead with no way to get users onto a new domain with a fresh RID pool. It's just a bug, with a fix in master and a patch attached for 4.0 to https://bugzilla.samba.org/show_bug.cgi?id=10014 Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Excessive allocations from RID master
It's just a bug, with a fix in master and a patch attached for 4.0 to https://bugzilla.samba.org/show_bug.cgi?id=10014 Great, thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [Announce] Samba 4.1.0rc1 Available for Download
On Thu, 2013-07-11 at 23:54 +0200, steve wrote: On Thu, 2013-07-11 at 20:31 +0200, Karolin Seeger wrote: Release Announcements = This is the first release candidate of Samba 4.1. Hi A bit confused about this: From git://git.samba.org/samba f387d9a..940395d master - origin/master 5c488cf..ae2e0a6 v4-1-stable - origin/v4-1-stable * [new tag] samba-4.1.0rc1 - samba-4.1.0rc1 I think I have the 4.1.0rc1 that will be patched to rc2 if there is one and then to 4.2master. Am I close? Let's say I want to stop testing at 4.1.0. Can I then get the tarball and make install it over the last git? Does ./configure for the git take the same defaults as the release? A release branch has been made. What is in v4-1-stable has been tagged samba-4.1.0rc1 and (hopefully small) changes will be made to it before it is released as Samba 4.1 in just a couple of months. GIT master now have Samba 4.2 in it's VERSION file, and will be branched and released as Samba 4.2 in around a year, if things go to plan. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] About NAS versus Samba
On Thu, 2013-07-11 at 01:03 -0300, ferna...@lozano.eti.br wrote: But... will any NAS you know work with a Samba DC, or else, using an IPA server? Or will they only work with Microsoft Windows Server AD? One of the many reasons to upgrade to a Samba 4.0 AD DC is that if a NAS doesn't work with a Samba 4.0 AD DC, then it's a bug we will fix. I work on a NAS product myself, and at this vendor and my previous vendor Samba 4.0 as an AD DC was all I ever needed to use to test the AD integration features of the NAS. Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] oLschema2ldif segfault
On Thu, 2013-07-11 at 13:11 -0500, Bo Kersey wrote: I'm seeing a oLschema2ldif segfault when it comes across attributetypes with syntax '1.3.6.1.4.1.1466.115.121.1.5' that is a BINARY attribute. Is this by design? Can I store binary attributes in samba4 ldap? We need to remove this tool, and someone needs to write a replacement in python. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 KCC
On Thu, 2013-07-11 at 03:42 -0500, Kristofer wrote: Is the KCC in Samba4 set up to honor site links? I set up a few site links between sites (hub-spoke model), but Samba still appears to be replicating everything everywhere from each domain controller. Am I missing something? One of our outstanding tasks is to replace our KCC with a new prototype developed in python. I don't know if it understands sites, but it was designed rather than what we have now, which was just put in place as a stop-gap. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Unable to connect to Samba server, but it shows on the network
Hello friends I am trying to setup Samba on my Fedora 19 installation, but it does not work... although smbclient -L myserver shows my shares, I can't access any of them from other computers and even from the same server, it returns an error that could not connect to to the server... My very simple configuration is this (my computer has fixed IP) [global] workgroup = MYGROUPNAME server string = Samba Server Version %v # log files split per-machine: log file = /var/log/samba/log.%m # maximum size of 50KB per log file, then rotate: max log size = 50 security = user passdb backend = tdbsam load printers = yes cups options = raw [tmp] comment = temporal files path = /tmp public = yes writable = yes printable = no [mp3] comment = my data files path = /mydatafiles public = yes writable = no printable = no I start the service by running # smbd -D # nmbd -D then the logs show: log.nmbd: - [2013/07/11 21:11:47, 0] ../source3/nmbd/nmbd.c:883(main) nmbd version 4.0.7 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 [2013/07/11 21:12:20, 0] ../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2) * Samba name server MYSERVER is now a local master browser for workgroup MYGROUPNAME on subnet 192.168.1.20 * log.smbd: -[2013/07/11 21:11:45, 0] ../source3/smbd/server.c:1200(main) smbd version 4.0.7 started. Copyright Andrew Tridgell and the Samba Team 1992-2012 When I try: # smbclient -L myserver (the name of my computer) Anonymous login successful Domain=[MYGROUPNAME] OS=[Unix] Server=[Samba 4.0.7] Sharename Type Comment - --- tmp Disk temporal files mp3 Disk mp3 music IPC$ IPC IPC Service (Samba Server Version 4.0.7) Anonymous login successful Domain=[SORCERY] OS=[Unix] Server=[Samba 4.0.7] Server Comment - --- MYSERVER Samba Server Version 4.0.7 Workgroup Master - --- MYGROUPNAME MYSERVER From windows computers, it shows on the network, from Linux (dolphin browser) it does not show but calling 'smbclient -L myserver' it shows the shared directories... how can I allow other computers to connect? and how can I allow my local computer see its own shares? Thanks for your help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] CTDB repository - branch master updated - ctdb-2.2-120-g412bc0e
The branch, master has been updated via 412bc0e20bef694d4e911dc9c984fd7716231f1f (commit) via a4afe7af9c9391048d6f80135bbd5e15367770c7 (commit) via 40f2825d6e818dc8c745b6385a545969dfb45fbc (commit) via 76703514040b804b880cab909f6ff52576f80f89 (commit) via 0930a3b80697709c3228726e2250aef1f971 (commit) via a81edf7eb908659a379f0cb55fd5d04551dc2c37 (commit) via da87395d29f5d11ecfedaf36b53fa060a9140bfd (commit) via 05bfdbbd0d4abdfbcf28e3930086723508b35952 (commit) via 5cdcc3d45d358ddbcd7e864898eed9cbd9935429 (commit) via ed9ba1d3dcfcb51aa69bf4d7a74b95063743d8d9 (commit) from 9ffcd6a91287d86bae7b0c73aa129c81126e08e7 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit 412bc0e20bef694d4e911dc9c984fd7716231f1f Author: Martin Schwenke mar...@meltin.net Date: Thu Jul 11 14:26:38 2013 +1000 scripts: ctdbd_wrapper logs a message to syslog if syslog is not being used It can be very disconcerting when logging to syslog is expected but nothing is being logged there. Signed-off-by: Martin Schwenke mar...@meltin.net commit a4afe7af9c9391048d6f80135bbd5e15367770c7 Author: Mathieu Parent math.par...@gmail.com Date: Fri Jun 7 19:01:06 2013 +0200 Update Nagios check to work with ctdb versions past 30 Aug 2011 Because of commit a779d83a6213e2ba Signed-off-by: Martin Schwenke mar...@meltin.net commit 40f2825d6e818dc8c745b6385a545969dfb45fbc Author: Martin Schwenke mar...@meltin.net Date: Thu Jul 11 13:01:13 2013 +1000 recoverd: Really fix bogus info in message about changed flags Commit 9119a568c2b4601318f7751f537dca2f92a7230b attempted to fix this. However, this was wrong because old_flags and new_flags were confused. The latter has since been fixed in commit 7eb2f89979360b6cc98ca9b17c48310277fa89fc so this can now be fixed properly. Signed-off-by: Martin Schwenke mar...@meltin.net commit 76703514040b804b880cab909f6ff52576f80f89 Author: Martin Schwenke mar...@meltin.net Date: Wed Jul 10 14:44:56 2013 +1000 doc: Update NEWS Signed-off-by: Martin Schwenke mar...@meltin.net commit 0930a3b80697709c3228726e2250aef1f971 Author: Sumit Bose sb...@redhat.com Date: Mon Nov 19 18:45:37 2012 +0100 Print deleted nodes as well Signed-off-by: Amitay Isaacs ami...@gmail.com commit a81edf7eb908659a379f0cb55fd5d04551dc2c37 Author: Sumit Bose sb...@redhat.com Date: Thu Sep 1 15:18:46 2011 +0200 IPv6 neighbor solicit cleanup Signed-off-by: Amitay Isaacs ami...@gmail.com commit da87395d29f5d11ecfedaf36b53fa060a9140bfd Author: Sumit Bose sb...@redhat.com Date: Mon Nov 19 11:13:03 2012 +0100 Fix memory leak in ctdb_send_message() Signed-off-by: Amitay Isaacs ami...@gmail.com commit 05bfdbbd0d4abdfbcf28e3930086723508b35952 Author: Sumit Bose sb...@redhat.com Date: Wed Aug 10 17:53:56 2011 +0200 Fixes for various issues found by Coverity Signed-off-by: Amitay Isaacs ami...@gmail.com commit 5cdcc3d45d358ddbcd7e864898eed9cbd9935429 Author: Sumit Bose sb...@redhat.com Date: Mon Nov 19 11:20:31 2012 +0100 Check return value of tdb_delete() Signed-off-by: Amitay Isaacs ami...@gmail.com commit ed9ba1d3dcfcb51aa69bf4d7a74b95063743d8d9 Author: Amitay Isaacs ami...@gmail.com Date: Thu Jul 11 13:46:18 2013 +1000 web: Update webpages Signed-off-by: Amitay Isaacs ami...@gmail.com --- Summary of changes: NEWS |2 ++ client/ctdb_client.c |8 ++-- common/ctdb_logging.c | 12 ++-- common/system_linux.c | 15 --- config/ctdbd_wrapper |8 server/ctdb_daemon.c |3 +++ server/ctdb_logging.c |4 server/ctdb_ltdb_server.c |5 - server/ctdb_recover.c |4 +++- server/ctdb_recoverd.c|8 server/eventscript.c |4 +++- tcp/tcp_connect.c | 11 ++- tests/src/ctdb_fetch.c|5 + tools/ctdb.c | 13 - utils/nagios/check_ctdb |6 +- web/samba.html| 12 +++- 16 files changed, 86 insertions(+), 34 deletions(-) Changeset truncated at 500 lines: diff --git a/NEWS b/NEWS index bde89d6..12aec37 100644 --- a/NEWS +++ b/NEWS @@ -23,6 +23,8 @@ User-visible changes * Initscript is now simplified with most CTDB-specific functionality split out to ctdbd_wrapper, which is used to start and stop ctdbd. +* Add systemd support. + * CTDB subprocesses are now given informative names to allow them to be easily distinguished when using programs like top or perf. diff --git a/client/ctdb_client.c b/client/ctdb_client.c index 5881559..08e4903 100644 --- a/client/ctdb_client.c +++
[SCM] CTDB repository - annotated tag ctdb-2.3 created - ctdb-2.3
The annotated tag, ctdb-2.3 has been created at 319e230914cebb1126e469bef115c469e9d4170e (tag) tagging 412bc0e20bef694d4e911dc9c984fd7716231f1f (commit) replaces ctdb-2.2 tagged by Amitay Isaacs on Thu Jul 11 17:06:59 2013 +1000 - Log - New version 2.3 Amitay Isaacs (56): ctdbd: Make sure we don't kill init process by mistake build: Enable VERBOSE option to display build command line packaging: Update the minimum required library versions tools/ctdb: Do not exit prematurely on control timeout if retrying in a loop client: Exit with non-zero status when unix socket is closed recoverd: When updating flags on nodes, send updated flags and not old flags recoverd: Print banning message only after verifying pnn freeze: Log message from ctdb_start_freeze() and ctdb_control_freeze() freeze: If priority is invalid here, it's time to abort freeze: Make ctdb_start_freeze() a void function banning: Log ban state changes for other nodes at higher debug level recovered: Remove old comment as the code corresponding to that has gone away recoverd: Set node_flags information as soon as we get nodemap recoverd: Also check if current node is in recovery when it is banned banning: Make ctdb_local_node_got_banned() a void function banning: No need to check if banned pnn is for local node banning: Do not come out of ban if databases are not frozen recoverd: Do not set banning credits on a node if current node is inactive recoverd: Always do an early exit from main_loop if node is stopped or banned recoverd: No need to check if node is recovery master when inactive recoverd: Update capabilities only if the current node is active recoverd: Delay the initial election if node is started in stopped state recoverd: Move code to ban other nodes after we get local node flags recoverd: Refactor code to ban misbehaving nodes doc: The second half of monitoring is only for recovery master ctdbd: Don't ban self if init or shutdown event fails packaging: Remove ctdb_transaction from docdir packaging: Install docs using %doc directive packaging: Install README.notify.d using %doc directive packaging: Do not mark /etc/ctdb/functions as configuration file packaging: Allow building RPMs with system tdb/talloc/tevent packaging: Enable compiler optimizations recoverd: Send the result from child process only once build: Fix compiler warnings for uninitialized variables tests: If connection to ctdb daemon fails, exit ping_pong: Validate num_locks argument 0 recoverd: Fix buffer overflow error in reloadips ctdbd: Update debug messages for setting readonly property on database ctdbd: Remove incomplete ctdb_db_statistics_wire structure tools/ctdb: Fix the format of DB statistics output locking: Update locks latency in CTDB statistics only for RECORD or DB locks locking: Update locking bucket intervals locking: Use external script to debug locking issues scripts: Add an example debug_locks.sh script to debug locking issue initscript: Export CTDB_DEBUG_LOCKS variable ctdbd: No need for DeadlockTimeout tunable packaging: When building with system libraries, add dependency for them traverse: Pass reqid and srcnode information to local database traverse traverse: Send records directly from traverse child to srcnode traverse: Remove unused start_time field common/system: Add ctdb_set_process_name() function ctdbd: Set process names for child processes ctdbd: Print tdb flags when logging attached to database message doc: Update NEWS Tests: Correct the arguments to memset web: Update webpages Martin Schwenke (52): recoverd: Log node that causes takoever run to fail eventscripts: Add new option $CTDB_MONITOR_NFS_THREAD_COUNT eventscripts: New configuration varable $CTDB_NFS_DUMP_STUCK_THREADS tests/eventscripts: Add unit tests for $CTDB_MONITOR_NFS_THREAD_COUNT tests/eventscripts: Fix -X tracing in iterate_test() tests/eventscripts: Unit tests for $CTDB_NFS_DUMP_STUCK_THREADS ctdbd: init event should run earlier in daemon initialisation scripts: drop_all_public_ips() now prints messages to stdout, not log scripts: drop_ip() should use delete_ip_from_iface() scripts: Move dropping of all IPs from initscript to init event scripts: Move TDB checking from initscript to init event logging: Notify parent when logging daemon is up tests/eventscripts: setup_ctdb() should always set $CTDB_PUBLIC_ADDRESSES eventscripts: 13.per_ip_routing should not try hard to find public_addresses tests/eventscripts: New tests for 00.ctdb init event eventscripts:
[SCM] Samba Shared Repository - branch v4-1-test updated
The branch, v4-1-test has been updated via d95ed7f VERSION: Bump version number up to 4.1.0rc2... via ae2e0a6 VERSION: Disable git snapshots for the 4.1.0rc1 release. via 55b3970 WHATSNEW: Some updates. from fd036b8 WHATSNEW: Start release notes for Samba 4.1.0rc1. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test - Log - commit d95ed7f2269329843840a02a7a20556c1e690d3c Author: Karolin Seeger ksee...@samba.org Date: Thu Jul 11 10:20:15 2013 +0200 VERSION: Bump version number up to 4.1.0rc2... and re-enable git snapshots. Signed-off-by: Karolin Seeger ksee...@samba.org commit ae2e0a6063752b3c5485c9c9f50afc5dfdaa4acb Author: Karolin Seeger ksee...@samba.org Date: Thu Jul 11 10:19:14 2013 +0200 VERSION: Disable git snapshots for the 4.1.0rc1 release. Signed-off-by: Karolin Seeger ksee...@samba.org commit 55b39702a18429f2062aebf1d88ca3c70bdd8af3 Author: Karolin Seeger ksee...@samba.org Date: Thu Jul 11 10:17:30 2013 +0200 WHATSNEW: Some updates. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: VERSION |2 +- WHATSNEW.txt | 19 +++ 2 files changed, 8 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 99f4603..5914258 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # - 3.0.0rc1 # -SAMBA_VERSION_RC_RELEASE=1 +SAMBA_VERSION_RC_RELEASE=2 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 4c1e769..e49a781 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -16,11 +16,6 @@ If you are upgrading, or looking to develop, test or deploy Samba 4.1 releases candidates, you should backup all configuration and data. -UPGRADING -= - - - NEW FEATURES @@ -81,14 +76,13 @@ smb.conf changes use ntdbNew No -CHANGES SINCE 4.0.7 -=== +COMMIT HIGHLIGHTS += -o Michael Adam ob...@samba.org - - -KNOWN ISSUES - +o David Disseldorp dd...@samba.org +* Add vfs_btrfs module. +* Add support for server-side copy operations via the + SMB2 FSCTL_SRV_COPYCHUNK request. RUNNING Samba 4.1 as an AD DC @@ -98,6 +92,7 @@ A short guide to setting up Samba 4 as an AD DC can be found on the wiki: http://wiki.samba.org/index.php/Samba4/HOWTO + ### Reporting bugs Development Discussion ### -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f387d9a ccan: Fix calling memset with zero length parameter from 6ac6bf9 docs: Bump version in meta data up to 4.1. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f387d9a352141dad9e9aea9e0d19d6d769f414c0 Author: Volker Lendecke v...@samba.org Date: Thu Jul 11 14:57:53 2013 +0200 ccan: Fix calling memset with zero length parameter Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Andreas Schneider a...@samba.org Autobuild-User(master): Andreas Schneider a...@cryptomilk.org Autobuild-Date(master): Thu Jul 11 16:55:49 CEST 2013 on sn-devel-104 --- Summary of changes: lib/ccan/tally/tally.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ccan/tally/tally.c b/lib/ccan/tally/tally.c index 774373c..29f0555 100644 --- a/lib/ccan/tally/tally.c +++ b/lib/ccan/tally/tally.c @@ -506,11 +506,11 @@ char *tally_histogram(const struct tally *tally, if (count covered) { count -= covered; + memset(p, '*', count); } else { count = 0; } - memset(p, '*', count); p += count; *p = '\n'; p++; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-1-stable updated
The branch, v4-1-stable has been updated via ae2e0a6 VERSION: Disable git snapshots for the 4.1.0rc1 release. via 55b3970 WHATSNEW: Some updates. via fd036b8 WHATSNEW: Start release notes for Samba 4.1.0rc1. via e5465d7 VERSION: Set version to 4.1.0rc1-GITSNAPSHOT. via a0130c6 Merge remote-tracking branch 'origin/v4-1-test' into master via e56343f VERSION: Set version to 4.1.0rc1-GITSNAPSHOT. via af6d9ce tevent: Fix a typo via 0025e97 WHATSNEW: Start release notes for Samba 4.1.0rc1. via a68cea6 docs: Fix typos in use ntdb section. via 2763cad dsdb-ridalloc: Fix RID pools - RID numbers increase too quickly via d641469 Make the output of the crackname script more readable via 47bd903 s3-winbind: Allow sec_initial_uid() to store creds. via c153e6c selftest: Use higher ip numbers. via bb122b0 selftest: Add a newline to root entries in the nss files. via 6a0cb7d selftest: Fix domain name of plugindc. via 99c800b torture: Don't segfault in smb2.session on error. via 096ff2e torture: Don't segfault in raw.session on error. via 67c8f87 torture: Fix comparsion of uninitalized bytes. via 2536ee8 Make the output of the crackname script more readable via caf3af3 s3-winbind: Allow sec_initial_uid() to store creds. via a4af4fa selftest: Use higher ip numbers. via d5511b1 selftest: Add a newline to root entries in the nss files. via 7392985 selftest: Fix domain name of plugindc. via bf5bc72 torture: Don't segfault in smb2.session on error. via d295e18 torture: Don't segfault in raw.session on error. via 474eee0 torture: Fix comparsion of uninitalized bytes. via bef3fc8 tsocket: Pass the full port number to getaddrinfo(). via 0b58eed tsocket: Pass the full port number to getaddrinfo(). via 3d20d20 smbtorture: Make cracksname easier to debug by outputing the offered format via 74dd365 Fix a missing parenthesis in the LDAP search request via af41eb6 docs-xml/manpages/smbclient.1.xml: fix case of -T flag in example. via 59462f2 winbindd and nmbd don't set their umask to zero on startup like smbd does. via 011dc52 sharesec: Document --view-all via 4da8984 sharesec: Document -v/--view via 780e2b0 sharesec: Implement --view-all via 4ee73fd s3:smbd/close remove filesystem lock before removing sharemode via 935992f s3:smbd/close use common exit path via 245b5ff s3:lib add mapping for ETXTBSY via 526f0df s3-ctdb: Fix auto-enabling of CTDB readonly support via c9924eb s3:smbd/aio mark file as modified in the SMB2 case via e65c532 nsswitch: fix a comment via 48ae86f heimdal_build: Add missing dep on samba4kgetcred via 7bf8fc7 torture: Add tests for LDAP substring search with no strings provided via 70cb7fd libcli/ldap: Cope with substring match with no chunks in ldap_push_filter via 4ca9639 ldb: bump version to allow a depencency on the substring crash fix via 1a279f7 ldb: Cope with substring match with no chunks in ldb_filter_from_tree via 32d0b75 Note how vfs_gpfs uses the acl map full control parameter. via 056e636 Add missing documentation for vfs_zfsacl. via b00d9d2 Use existing acl map full control parameter to control the adding of the DELETE_CHILD parameter on NFSv4/ZFS/GPFS file ACE's. via 398ee49 s3/smbclient: fix incorrect command tab completions via d544d17 build: Remove the struct MD5Context conf file check. via 9b88166 lsa4: Fix a set but unused variable warning via 0ee8650 ldb: Ensure not to segfault on a filter such as (mail=) via bbe09b3 Add missing SMB2/SMB3 share capability flag define via 06e5401 lsa4: Fix a set but unused variable warning via 7d5daaa lsa4: Remove an unused variable via 2448fe3 lsa4: Remove an unused variable via 720b4d3 lsa4: Remove an unused variable via 6c49f90 Fix glusterfs backend crash found at the Microsoft interop event. via b96cea4 Fix some blank line endings via d2642cb dns: Fix CID 1034969 Uninitialized scalar variable via ad86e2a s3:passdb/pdb_util make pdb_create_builtin consider whether backend deals with BUILTIN via 2d2d13e s3:passdb add a gid argument to pdb_create_builtin_alias via 212baed s3:utils/net_sam make use of pdb_create_builtin helper function via df41835 s3:passdb expose pdb_create_builtin function via 6a048b4 s3:passdb/pdb_tdb add parameter to control handling of BUILTIN via 324b3cc s3:passdb/pdb_ldap remove an unnecessary check via 01e094b s3:passdb/pdb_ldap make the module handle well-known via 987de8a s3:passdb make pdb_sid_to_id honor backend responsibilities via 55dd9e6 s3:passdb/pdb_samba_dsdb make
[SCM] Samba Shared Repository - annotated tag samba-4.1.0rc1 created
The annotated tag, samba-4.1.0rc1 has been created at d760c03b5d38381ea61b20078341b8b8158e6946 (tag) tagging ae2e0a6063752b3c5485c9c9f50afc5dfdaa4acb (commit) replaces ldb-1.1.16 tagged by Karolin Seeger on Thu Jul 11 19:53:49 2013 +0200 - Log - samba: tag release samba-4.1.0rc1 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQBR3vEtbzORW2Vot+oRAuWSAJ9Qih3mLn7Tn1jSMRspY60E163kRgCfcU8r DzVPm7eCjS1Cf7hnZjR7KLE= =lBar -END PGP SIGNATURE- Andreas Schneider (16): tsocket: Pass the full port number to getaddrinfo(). tsocket: Pass the full port number to getaddrinfo(). torture: Fix comparsion of uninitalized bytes. torture: Don't segfault in raw.session on error. torture: Don't segfault in smb2.session on error. selftest: Fix domain name of plugindc. selftest: Add a newline to root entries in the nss files. selftest: Use higher ip numbers. s3-winbind: Allow sec_initial_uid() to store creds. torture: Fix comparsion of uninitalized bytes. torture: Don't segfault in raw.session on error. torture: Don't segfault in smb2.session on error. selftest: Fix domain name of plugindc. selftest: Add a newline to root entries in the nss files. selftest: Use higher ip numbers. s3-winbind: Allow sec_initial_uid() to store creds. Andrew Bartlett (4): libcli/ldap: Cope with substring match with no chunks in ldap_push_filter torture: Add tests for LDAP substring search with no strings provided heimdal_build: Add missing dep on samba4kgetcred dsdb-ridalloc: Fix RID pools - RID numbers increase too quickly Aurélien Aptel (1): docs-xml/manpages/smbclient.1.xml: fix case of -T flag in example. Christian Ambach (5): nsswitch: fix a comment s3:smbd/aio mark file as modified in the SMB2 case s3:lib add mapping for ETXTBSY s3:smbd/close use common exit path s3:smbd/close remove filesystem lock before removing sharemode Daniel Gan-Levi (1): s3-ctdb: Fix auto-enabling of CTDB readonly support Jeremy Allison (1): winbindd and nmbd don't set their umask to zero on startup like smbd does. Karolin Seeger (7): docs: Fix typos in use ntdb section. WHATSNEW: Start release notes for Samba 4.1.0rc1. VERSION: Set version to 4.1.0rc1-GITSNAPSHOT. VERSION: Set version to 4.1.0rc1-GITSNAPSHOT. WHATSNEW: Start release notes for Samba 4.1.0rc1. WHATSNEW: Some updates. VERSION: Disable git snapshots for the 4.1.0rc1 release. Matthieu Patou (4): Fix a missing parenthesis in the LDAP search request smbtorture: Make cracksname easier to debug by outputing the offered format Make the output of the crackname script more readable Make the output of the crackname script more readable Stefan Metzmacher (1): Merge remote-tracking branch 'origin/v4-1-test' into master Volker Lendecke (4): sharesec: Implement --view-all sharesec: Document -v/--view sharesec: Document --view-all tevent: Fix a typo --- -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 70b8e7b Announce Samba 4.1.0rc1. from bc38ac6 Announce Samba 4.0.7. http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 70b8e7b77f2b7d0da3196af3b7a420509c7e2085 Author: Karolin Seeger ksee...@samba.org Date: Thu Jul 11 20:19:17 2013 +0200 Announce Samba 4.1.0rc1. Signed-off-by: Karolin Seeger ksee...@samba.org --- Summary of changes: generated_news/latest_10_bodies.html | 23 +++ generated_news/latest_2_bodies.html | 24 +++- 2 files changed, 22 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/generated_news/latest_10_bodies.html b/generated_news/latest_10_bodies.html index ea4b4d4..206cdcf 100644 --- a/generated_news/latest_10_bodies.html +++ b/generated_news/latest_10_bodies.html @@ -1,3 +1,14 @@ + h5a name=4.1.0rc111 July 2013/a/h5 + p class=headlineSamba 4.1.0rc1 Available for Download/p + pThis is the first release candidate of the upcoming Samba 4.1 release series./p + +pThe uncompressed tarballs and patch files have been signed +using GnuPG (ID 6568B7EA). The source code can be +a href=https://download.samba.org/pub/samba/rc/samba-4.1.0rc1.tar.gz;downloaded +now/a. See a href=https://download.samba.org/pub/samba/rc/WHATSNEW-4.1.0rc1.txt;the +release notes for more info/a./p + + h5a name=4.0.702 July 2013/a/h5 p class=headlineSamba 4.0.7 Available for Download/p pThis is the latest stable release of the Samba 4.0 series./p @@ -114,15 +125,3 @@ now/a. A a href=http://samba.org/samba/ftp/patches/patch-3.6.12-3.6.13.diffs patch against Samba 3.6.12/a is also available. See a href=http://samba.org/samba/history/samba-3.6.13.html; the release notes for more info/a./p - - h5a name=4.0.305 February 2013/a/h5 - p class=headlineSamba 4.0.3 Available for Download/p - pThis is the latest stable release of the Samba 4.0 series./p - -pThe uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -a href=http://samba.org/samba/ftp/stable/samba-4.0.3.tar.gz;downloaded -now/a. A a href=http://samba.org/samba/ftp/patches/patch-4.0.2-4.0.3.diffs.gz; -patch against Samba 4.0.2/a is also available. See -a href=http://samba.org/samba/history/samba-4.0.3.html; the release notes - for more info/a./p diff --git a/generated_news/latest_2_bodies.html b/generated_news/latest_2_bodies.html index cdc55f1..9343c40 100644 --- a/generated_news/latest_2_bodies.html +++ b/generated_news/latest_2_bodies.html @@ -1,3 +1,14 @@ + h5a name=4.1.0rc111 July 2013/a/h5 + p class=headlineSamba 4.1.0rc1 Available for Download/p + pThis is the first release candidate of the upcoming Samba 4.1 release series./p + +pThe uncompressed tarballs and patch files have been signed +using GnuPG (ID 6568B7EA). The source code can be +a href=https://download.samba.org/pub/samba/rc/samba-4.1.0rc1.tar.gz;downloaded +now/a. See a href=https://download.samba.org/pub/samba/rc/WHATSNEW-4.1.0rc1.txt;the +release notes for more info/a./p + + h5a name=4.0.702 July 2013/a/h5 p class=headlineSamba 4.0.7 Available for Download/p pThis is the latest stable release of the Samba 4.0 series./p @@ -9,16 +20,3 @@ now/a. A a href=http://samba.org/samba/ftp/patches/patch-4.0.6-4.0.7.diffs.g patch against Samba 4.0.6/a is also available. See a href=http://samba.org/samba/history/samba-4.0.7.html; the release notes for more info/a./p - - - h5a name=3.6.1619 June 2013/a/h5 - p class=headlineSamba 3.6.16 Available for Download/p - pThis is the latest stable release of the Samba 3.6 series./p - -pThe uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -a href=http://samba.org/samba/ftp/stable/samba-3.6.16.tar.gz;downloaded -now/a. A a href=http://samba.org/samba/ftp/patches/patch-3.6.15-3.6.16.diffs.gz; -patch against Samba 3.6.15/a is also available. -See a href=http://samba.org/samba/history/samba-3.6.16.html; -the release notes for more info/a./p -- Samba Website Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 940395d smbd: Fix a 100% loop at shutdown time via 02ff6ab srvsvc: Use a symbolic constant where we have one from f387d9a ccan: Fix calling memset with zero length parameter http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 940395d38bcc348eb5f1be7ba03cd554d9d3bc93 Author: Volker Lendecke v...@samba.org Date: Thu Jul 11 16:22:26 2013 +0200 smbd: Fix a 100% loop at shutdown time In the destructor of fsp-aio_requests[0] we put another request into fsp-aio_requests[0]. Don't overwrite that with TALLOC_FREE. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Thu Jul 11 20:56:42 CEST 2013 on sn-devel-104 commit 02ff6ab5e778ceac30410136e622310b3a90e903 Author: Volker Lendecke v...@samba.org Date: Thu Jul 11 11:31:50 2013 +0200 srvsvc: Use a symbolic constant where we have one Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org --- Summary of changes: source3/rpc_server/srvsvc/srv_srvsvc_nt.c |7 ++- source3/smbd/close.c |7 +-- 2 files changed, 11 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c index 011d41f..655b0c7 100644 --- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c +++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c @@ -301,7 +301,12 @@ static void init_srv_share_info_501(struct pipes_struct *p, r-name = net_name; r-type = get_share_type(snum); r-comment = remark ? remark : ; - r-csc_policy = (lp_csc_policy(snum) 4); + + /* +* According to [MS-SRVS] 2.2.4.25, the flags field is the same as in +* level 1005. +*/ + r-csc_policy = (lp_csc_policy(snum) SHARE_1005_CSC_POLICY_SHIFT); } /*** diff --git a/source3/smbd/close.c b/source3/smbd/close.c index 2bd588b..f341c72 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -640,9 +640,12 @@ static NTSTATUS close_normal_file(struct smb_request *req, files_struct *fsp, while (fsp-num_aio_requests != 0) { /* * The destructor of the req will remove -* itself from the fsp +* itself from the fsp. +* Don't use TALLOC_FREE here, this will overwrite +* what the destructor just wrote into +* aio_requests[0]. */ - TALLOC_FREE(fsp-aio_requests[0]); + talloc_free(fsp-aio_requests[0]); } } -- Samba Shared Repository