date:20130729

Re: [Samba] Windows 8 pro and Samba 4

2013-07-29 Thread Daniel Müller

Just be sure you did no registry hack on the windows 8 machine!?


---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---
-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im 
Auftrag von Marc Muehlfeld
Gesendet: Sonntag, 28. Juli 2013 18:54
An: iss...@aralar.edunet.es
Cc: samba@lists.samba.org
Betreff: Re: [Samba] Windows 8 pro and Samba 4

Hello Emeka,

Am 28.07.2013 18:39, schrieb iss...@aralar.edunet.es:
 I installed opensuse 12.2, and upgraded the samba 3 it came with to 
 samba 4.
 I successfully joined win xp, win 7 clients to the samba as domain 
 controller but couldn´t join win 8 prof (it keeps displaying domain 
 does not exist message). Does samba 4 really support win 8 prof or we 
 have to wait for some time?


I have one w8 prof in my Samba AD test environment and it works without 
problems.

- Are there any messages/erros in the samba/windows log?
- Can the DNS on your w8 resolve the Samba Domain?

Please give some more information. That would make it easier to help you.


Regards,
Marc


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Compiling Samba 4.0.7 - make test results

2013-07-29 Thread Mgr. Peter Tuharsky, MsU Banska Bystrica

Thank You

Dňa 24.07.2013 15:38, L.P.H. van Belle wrote / napísal(a):
Hai,

Just look here

http://www.enterprisesamba.com/samba/

make an account so you can use the packages of sernet samba.

and use this one for very basic setup.
( this also works for debian, since ubuntu is based on debian )

http://www.ferrara.com.au/mediawiki/index.php/Ubuntu:_Samba_4_Active_Directory_Domain_Master

Best regards,

Louis

-Oorspronkelijk bericht-
Van: tuhar...@misbb.sk [mailto:samba-boun...@lists.samba.org]
Namens Mgr. Peter Tuharsky, MsU Banska Bystrica
Verzonden: woensdag 24 juli 2013 14:08
Aan: samba@lists.samba.org
Onderwerp: Re: [Samba] Compiling Samba 4.0.7 - make test results

The tests eventually finished, however several errors have been
reported. Sincerely, I don't understand them. I'm sending the
st/summary
file in attachment.

Please, is there anybody capable telling me, what's the problem with my
compilation? Am I missing some package, or is there some lack of
information on Wiki, or...?

Or should I better contact the technical mailing list?

I'm not eager to compile samba myself, however Debian packages are
rather old even in experimental branch...

Peter

D?a 23.07.2013 14:17, Mgr. Peter Tuharsky, MsU Banska Bystrica wrote /
napísal(a):
Hallo,

I'm new here. Doing compilation of Samba 4.0.7 on Debian Wheezy
accordingly to Samba Wiki page. I have used configure parameters
--enable-debug --enable-selftest and after make, I ran make test.

Now I'm puzzled, because it apparently stops at step 96 (after 15
minutes, CPU still running at full speed), and I don't know how to
interpret the results. I'm sending the output in attachment.

Please, is my samba ready to go or not? What is the 1
error reported
about? And why the test dosen't end up correctly? Or how
long should one
normally wait for test to complete?

Sincerely,
Peter

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] Question on approach to authenticate Linux against Samba4

2013-07-29 Thread Daniel Müller

So first of all winbind is  the fastest and easiest solution with samba 4:
Just be sure winbind is loaded in your samba4 smb.conf. So winbind can read
from samba:
wbinfo -u
Administrator
Guest
krbtgt
dns-s4master
then do a ldconfig -v | grep winbind
If the result is ex:

ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-358.11.1.el6.x86_64.conf:6:
duplicate hwcap 1 nosegneg
libnss_winbind.so - libnss_winbind.so.2

You have to link libnss_winbind this way ex.:

ln -s  /usr/local/samba/lib/libnss_winbind.so.2  /lib64/libnss_winbind.so
ln  -s /lib64/libnss_winbind.so  /lib64/libnss_winbind.so.2

In your nsswitch.conf:
passwd: files winbind 
shadow: files
group:  files winbind 

now you get all your ads members and groups with getent passwd and group.

Good luck
Daniel 


---
EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen

Tel.: 07071/206-463, Fax: 07071/206-499
eMail: muel...@tropenklinik.de
Internet: www.tropenklinik.de
---

-Ursprüngliche Nachricht-
Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im
Auftrag von dahopk...@comcast.net
Gesendet: Donnerstag, 25. Juli 2013 18:59
An: samba@lists.samba.org
Betreff: [Samba] Question on approach to authenticate Linux against Samba4






This is in a test environment: Also, it is wordy, but I'm hoping it explains
my scenario. 

I am migrating from a custom LDAP+Samba3 authentication solution to Samba4.
I have used the classicupgrade option to pull off the data from the existing
ldap server to populate the samba4 database. I've installed AD DS and Server
for NIS tools on a Windows 2008 server that is connected to the Samba4 DC as
a member server. All the information appears to be correct, including the
Unix uid and group memberships, and the unixHomedirectory. 

Now I need to authenticate a Linux system against the Samba4 DC and I need
to have the unixHomedirectory used. There is a lot of older information on
the net on how to authenticate. I'd prefer to not be required to install
samba4 on these other Linux systems which a lot of these approaches seem to
require. These linux systems are running LTSP so I have 50+ users logged in
at any given time. I currently NFS mount home directories for the linux
systems from a central fileserver. Home directories are of the pattern
/home/Graduation_year/username. 

I've tested the Windows logins. I have an issue with mapped drives to the
fileservers but I expected this since the fileservers don't exist on the
test network. I expect this issue to be resolved once the fileservers are
upgraded to samba4 and joined as member servers. 

I found
http://zachbethel.com/2013/04/10/linux-ldap-authentication-with-samba4/
which I think will work, The ldbsearch works but before embarking further on
this approach, I have some concerns. 

1) will the unixHomedirectory be honored? 
2) will I be able to easily add users so that the unix settings will be
properly configured? I currently use the IDEALX smbldap tools. Being able to
script account creation is very important to me .. adding 200+ user accounts
manually each year is not very appealing. ;) 

3) Will the scripting tools be able to automatically assign a unique uid for
each unix account. Current approach uses NextFreeUnixID but this does not
exist in the Samba4 database (the ldap entry is shown below ) 

dn: cn=NextFreeUnixId,dc=ncs,dc=k12,dc=de,dc=us 
objectClass: inetOrgPerson 
objectClass: sambaUnixIdPool 
cn: NextFreeUnixId 
sn: NextFreeUnixId 
structuralObjectClass: inetOrgPerson 
entryUUID: 4a73a856-83a5-1029-8294-b4ff885ef639 
creatorsName: cn=Manager,dc=ncs,dc=k12,dc=de,dc=us 
createTimestamp: 20050708023946Z 
gidNumber: 1002 
uidNumber: 3885 

I have read through the recent thread on winbind and honestly I am not sure
that I want to pursue either winbind or sssd if it is possible to use
nss_pam_ldap which seems closest to the current approach. 


Thank you for your patience and taking the time to read the above. 

Sincerely, 
Dave Hopkins 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba server accessible but not browsable from network

2013-07-29 Thread Lorenzo Milesi

Hi.
I recently moved a Samba v3.4.7 from being a PDC to a member of a Windows 2008 
domain. 
Everything works fine, shares are visible and usable by users, but only by 
typing the server name, the server is NOT visible while browsing the network.

The only issue i noticed is the DNS update error when doing net ads join 
command. I then manually added the DNS entry in windows and now it's accessible 
via \\fileserver,  but still when browsing the domain network the pc is missing.


Another strange thing is that smbtree still shows pieces of the old 
domain, showing the old name as top level domain, but without any PC in it.
I never restarted the server after the configuration change, just restarted 
smbd and nmbd.

I attach below the current configuration.
What could be the problem? Should I restart the host?

thanks
maxxer


# testparm -s
Load smb config files from /etc/samba/smb.conf
Processing section [homes]
Processing section [netlogon]
Processing section [profiles]
Processing section [profdata]
Processing section [printers]
Processing section [print$]
Processing section [ufficio]
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_MEMBER
[global]
workgroup = COEL2008
realm = COEL.LAN
netbios name = FILESERVER
server string = %h server (YetOpen)
security = ADS
password server = WServer2008.coel.lan
username map = /etc/samba/smbusers
restrict anonymous = 2
ntlm auth = No
client NTLMv2 auth = Yes
syslog = 3
log file = /var/log/samba/%m
max log size = 50
idmap backend = rid:MSG=7-100
idmap uid = 7-100
idmap gid = 7-100
template homedir = /home/%U
template shell = /bin/bash
winbind separator = +
winbind cache time = 10
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
map acl inherit = Yes



-- 
Lorenzo Milesi - lorenzo.mil...@yetopen.it

YetOpen S.r.l. - http://www.yetopen.it/

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba4 - Classicupgrade - pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain

2013-07-29 Thread I Am Netizen

Hi Team,

*I'm migrating to samba4 (samba 4.0.7) and doing Upgrading In Place
**and running classicupgrade; *I have installed openldap-devel...as im
migrating database from ldap.* *

*while doing this am getting the following error message:*


# /usr/local/samba/bin/samba-tool domain classicupgrade
--dbdir=/samba-backup/  --use-xattrs=yes
--realm=mydomain.com/samba-backup/smb.conf  --dns-backend=BIND9_DLZ
Reading smb.conf
Provisioning
smbldap_search_domain_info: Searching
for:[((objectClass=sambaDomain)(sambaDomainName=mydomain.com))]
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
The LDAP server is successfully connected
smbldap_search_domain_info: Problem during LDAPsearch: Timed out
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the
domain. We cannot work reliably without it.
pdb backend ldapsam:ldap://x.x.x.x/ did not correctly init (error was
NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
ERROR(class 'passdb.error'): uncaught exception - Cannot load backend
methods for 'ldapsam:ldap:/x.x.x.x/' backend
(-1073741606,NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
  File
/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py,
line 175, in _run
return self.run(*args, **kwargs)
  File
/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py,
line 1318, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
  File /usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py,
line 616, in upgrade_from_samba3
s3db = samba3.get_sam_db()
  File
/usr/local/samba/lib64/python2.6/site-packages/samba/samba3/__init__.py,
line 390, in get_sam_db
return passdb.PDB(self.lp.get('passdb backend'))


Im also cleaning etc and private directories in order to re-run
classicupgrade but no luck.
rm -rf /usr/local/samba/etc/*
rm -rf /usr/local/samba/private/*

Please help.

I AM Netizen
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] How to install a replacement PDC?

2013-07-29 Thread samba1

I’m testing moving a current Samba PDC configuration from an 
existing Unix server to a new Debian server, and as expected, can’t 

login to the new PDC from a PC which had been connected to the old 
PDC.

The new Debian Samba configuration is working okay in that I can 
join a new PC to it, login, and access shares.

In a test environment I renamed the Debian server’s host and domain 

names to be the same as that of the Unix server, and manually 
created a user account in Debian and Samba for an existing test 
user and PC. I noted that the UIDs and GIDs are within different 
ranges on the two servers – In Unix they’re allocated from 100, 
whereas in Debian they’re allocated from 1000, so the test user and 

machine have been allocated different IDs on the two servers. Also, 

the SIDs are obviously different between the two servers.  I used 
‘net getlocalsid’ to find the two SIDs, and ‘net setlocalsid’ to 
set the SID of the new server to that of the old server.

I’d appreciate some pointers on what to do. I don’t want to have 
the exact same users on the new Debian server (some of the users on 

the Unix server have left) so was hoping to just create users and 
groups manually rather than copy existing files across. Do I need 
to edit the UIDs and GIDs somehow, and then export/import some 
password/security files? I’ve seen that on the Unix server there’s 
a file named /etc/smbpasswd, but that isn’t on the Debian server, 
so I’m wondering if they’re using a different type of security back-

end…  Is there a command which will report this, or which smb.conf 
parameters will identify this? I don’t do a lot of this stuff, so 
any help would be appreciated.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Fwd: About samba 3.0.28 trust AD

2013-07-29 Thread Nico Kadel-Garcia

On Mon, Jul 29, 2013 at 2:26 AM, Wong siu yu lmark1834...@gmail.com wrote:
 Redhat given me the samba-3.6.6 with samba-winbind-3.6.6.
 I can setup the trust relationship with my AD.
 Thanks for your supporting.

Good! And seriously consider updating from RHEL 5.2 to RHEL 5.9. There
are inevitable security and performance patches from any OS that was
released 5 years ago, like RHEL 5.2. As long as you haven't building
too much funky software locally, it should be just a yum update,
then a reboot.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 - Classicupgrade - pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain

2013-07-29 Thread Thomas Simmons

I would guess this is your problem:

--realm=mydomain.com/samba-backup/smb.conf

Should be --realm=mydomain.com


On Mon, Jul 29, 2013 at 6:19 AM, I Am Netizen iamneti...@gmail.com wrote:

 Hi Team,

 *I'm migrating to samba4 (samba 4.0.7) and doing Upgrading In Place
 **and running classicupgrade; *I have installed openldap-devel...as im
 migrating database from ldap.* *

 *while doing this am getting the following error message:*


 # /usr/local/samba/bin/samba-tool domain classicupgrade
 --dbdir=/samba-backup/  --use-xattrs=yes
 --realm=mydomain.com/samba-backup/smb.conf  --dns-backend=BIND9_DLZ
 Reading smb.conf
 Provisioning
 smbldap_search_domain_info: Searching
 for:[((objectClass=sambaDomain)(sambaDomainName=mydomain.com))]
 smbldap_open_connection: connection opened
 ldap_connect_system: successful connection to the LDAP server
 The LDAP server is successfully connected
 smbldap_search_domain_info: Problem during LDAPsearch: Timed out
 pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the
 domain. We cannot work reliably without it.
 pdb backend ldapsam:ldap://x.x.x.x/ did not correctly init (error was
 NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
 ERROR(class 'passdb.error'): uncaught exception - Cannot load backend
 methods for 'ldapsam:ldap:/x.x.x.x/' backend
 (-1073741606,NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
   File
 /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py,
 line 175, in _run
 return self.run(*args, **kwargs)
   File
 /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py,
 line 1318, in run
 useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
   File /usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py,
 line 616, in upgrade_from_samba3
 s3db = samba3.get_sam_db()
   File
 /usr/local/samba/lib64/python2.6/site-packages/samba/samba3/__init__.py,
 line 390, in get_sam_db
 return passdb.PDB(self.lp.get('passdb backend'))


 Im also cleaning etc and private directories in order to re-run
 classicupgrade but no luck.
 rm -rf /usr/local/samba/etc/*
 rm -rf /usr/local/samba/private/*

 Please help.

 I AM Netizen
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba4 on ubuntu precise LTS

2013-07-29 Thread jef peeraer

I installed and configured samba 4.2.0pre1 on this ubuntu server 
12.04.2. It's purpose is to server as an PDC. During provisioning, I had 
to specify --use-ntvfs as option. However, i now read that s3fs is the 
default. Can i change to s3fs without reinstalling ?
What is the best permission setting for a share on the linux server ? 
chmod 0777 and then do all the permission settings from an AD tool in 
windows ?
Do these permission settings in linux have something to do with the 
samba filesystem ntvfs or s3fs ? Some howto's specify that you still 
have to use directory mask = 0777 and create mask = 0777 ?



jef peeraer

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] How to install a replacement PDC?

2013-07-29 Thread samba1

Sorry, forgot to say that the Unix server has Samba 3.0.10, and the 

Debian server is 3.5.6.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba4 - Classicupgrade - pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain

2013-07-29 Thread I Am Netizen

Sorry, that was copy-past error.

Actual command im using is this -

/usr/local/samba/bin/samba-tool domain  classicupgrade
--dbdir=/samba-backup/--use-xattrs=yes --realm=mydomain.com
  /samba-backup/smb.conf --dns-backend=BIND9_DLZ

as per the instructions from
https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO

# /usr/local/samba/bin/samba-tool  domain  classicupgrade
--dbdir=/path/to/samba3/tdbfiles   --use-xattrs=yes
  --realm=myname.org   /path/to/samba3.conf

Parvez


2013/7/29 Thomas Simmons twsn...@gmail.com

 I would guess this is your problem:

 --realm=mydomain.com/samba-backup/smb.conf

 Should be --realm=mydomain.com



On Mon, Jul 29, 2013 at 6:19 AM, I Am Netizen iamneti...@gmail.com wrote:

 Hi Team,

 *I'm migrating to samba4 (samba 4.0.7) and doing Upgrading In Place
 **and running classicupgrade; *I have installed openldap-devel...as im
 migrating database from ldap.* *

 *while doing this am getting the following error message:*



 # /usr/local/samba/bin/samba-tool domain classicupgrade
 --dbdir=/samba-backup/  --use-xattrs=yes
 --realm=mydomain.com/samba-backup/smb.conf  --dns-backend=BIND9_DLZ

 Reading smb.conf
 Provisioning
 smbldap_search_domain_info: Searching
 for:[((objectClass=sambaDomain)(sambaDomainName=mydomain.com))]
 smbldap_open_connection: connection opened
 ldap_connect_system: successful connection to the LDAP server
 The LDAP server is successfully connected
 smbldap_search_domain_info: Problem during LDAPsearch: Timed out
 pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the
 domain. We cannot work reliably without it.
 pdb backend ldapsam:ldap://x.x.x.x/ did not correctly init (error was
 NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
 ERROR(class 'passdb.error'): uncaught exception - Cannot load backend
 methods for 'ldapsam:ldap:/x.x.x.x/' backend
 (-1073741606,NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
   File
 /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py,
 line 175, in _run
 return self.run(*args, **kwargs)
   File
 /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py,
 line 1318, in run
 useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
   File /usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py,
 line 616, in upgrade_from_samba3
 s3db = samba3.get_sam_db()
   File
 /usr/local/samba/lib64/python2.6/site-packages/samba/samba3/__init__.py,
 line 390, in get_sam_db
 return passdb.PDB(self.lp.get('passdb backend'))


 Im also cleaning etc and private directories in order to re-run
 classicupgrade but no luck.
 rm -rf /usr/local/samba/etc/*
 rm -rf /usr/local/samba/private/*

 Please help.

 I AM Netizen
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] How to install a replacement PDC?

2013-07-29 Thread samba1

Also, here are the 'global' sections from the 'testparm' command.

Existing Unix server

[global]
workgroup = DDOMAIN
server string = Samba Server PDC
smb passwd file = /etc/smbpasswd
log file = /usr/lib/samba/var/log.%m
max log size = 50
time server = Yes
keepalive = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = No
disable spoolss = Yes
logon script = %U.bat
logon drive = G:
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
hosts allow = 192.0.0., 127.


New Debian server

[global]
workgroup = DDOMAIN
server string = %h server (Samba %v)
interfaces = 127.0.0.0/8, eth0
bind interfaces only = Yes
obey pam restrictions = Yes
smb passwd file = /etc/smbpasswd  ### I added this, but the 
file 
doesn’t exit
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* 
.
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
logon script = %U.bat
logon drive = G:
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
panic action = /usr/share/samba/panic-action %d 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] How to install a replacement PDC?

2013-07-29 Thread Gaiseric Vandal

Run the testparm -v to see full details, including defaults that may 
not have been explicitly specified in smb.conf.  You want to look 
out for the passdb backend value.  On samba 3.4 or later tdbsam is 
probably the only valid local option.  If you were using the smbpasswd 
file (text?) format on 3.0.x you may need to use the smbpasswd command 
to export / import to the TDB  (trivial data base) format.




With the old primary domain server running you should join the new 
machine to the domain as a member server.  (net join.)   The localsid on 
all dc's should match the domainsid. You can probably then make the 
new machine a DC by changing the smb.conf to allow domain logons and by 
changing the localsid to be the domain sid.Verify that they user 
accounts are the same on each DC with pdbedit -Lv.  You may find that 
some accounts did not export properly.


Also make sure that each domain controller has the same group mappings 
(net rpc groupmap list ?)   From 3.0. to 3.4 or later you may find you 
need to explicitly some of the well known groups. You may also need to 
create an explicit  nobody user in linux (and specify guest account 
= nobody in smb.conf.)



Search for earlier post by me that cover DC migration and 3.0x to 3.4. 
upgrades.







On 07/29/13 11:24, sam...@nym.hush.com wrote:

Also, here are the 'global' sections from the 'testparm' command.

Existing Unix server

[global]
 workgroup = DDOMAIN
 server string = Samba Server PDC
 smb passwd file = /etc/smbpasswd
 log file = /usr/lib/samba/var/log.%m
 max log size = 50
 time server = Yes
 keepalive = 0
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 load printers = No
 disable spoolss = Yes
 logon script = %U.bat
 logon drive = G:
 domain logons = Yes
 os level = 64
 preferred master = Yes
 domain master = Yes
 dns proxy = No
 wins support = Yes
 hosts allow = 192.0.0., 127.


New Debian server

[global]
 workgroup = DDOMAIN
 server string = %h server (Samba %v)
 interfaces = 127.0.0.0/8, eth0
 bind interfaces only = Yes
 obey pam restrictions = Yes
 smb passwd file = /etc/smbpasswd  ### I added this, but the
file
doesn’t exit
 pam password change = Yes
 passwd program = /usr/bin/passwd %u
 passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully*
.
 unix password sync = Yes
 syslog = 0
 log file = /var/log/samba/log.%m
 max log size = 1000
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 logon script = %U.bat
 logon drive = G:
 domain logons = Yes
 os level = 64
 preferred master = Yes
 domain master = Yes
 dns proxy = No
 wins support = Yes
 panic action = /usr/share/samba/panic-action %d



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows 8 pro and Samba 4

2013-07-29 Thread Marc Muehlfeld


Hello,

Am 29.07.2013 16:10, schrieb iss...@aralar.edunet.es:

The win8 machine is able to resolve the netbios name of the server.
ping works fine. I ping the netbios name and it returns the ip address.

I attach the 4 screenshots.
- the first is the message I get on trying to join the domain
- the 2nd - 4th is just to show the network settings of the client. We
normally leave all on default settings.

The surprising thing is that win7 and winxp join the domain without
problems and use exactly the same network settings as the win8.

I send you also my samba 4.x global configuration.

[global]
 workgroup = CMARALAR
 server string = Servidor
 interfaces = 192.168.1.1/255.255.255.0
 bind interfaces only = Yes
 deadtime = 5
 load printers = No
 add machine script = /usr/sbin/useradd  -c Machine -d
/var/lib/nobody -s /bin/false %m$
 logon script = conecta.vbs
 logon path = \\%N\profiles\%U
 logon drive = Z:
 domain logons = Yes
 os level = 65
 preferred master = Yes
 domain master = Yes
 ldap ssl = no
 idmap config * : range =
 idmap config * : backend = tdb
 hide special files = Yes
 hide unreadable = Yes
 hide unwriteable files = Yes
 veto files = /*-China*/*-runtime*/*.desktop*/

Note, I installed opensuse 12.2, after installation, I uninstalled
completely samba 3.x and installed samba 4.x, winxp, win7 joins the
domain without problems but win8 no! I remember we had the same problem
with the samba version that comes with opensuse 11.x and win7, it is
only when we installed opensuse 12.x that win7 was able to connect to
the samba version. Now the problem is with samba 3.x that comes with
opensuse 12.2 and also samba 4.x that is rumoured to support




When you wrote Samba 4 I automatically though AD. Sorry. My fault. I 
run Samba 4 as AD DC. There XP, 7 and 8 doesn't require any changes to 
join the domain.


If you run Samba in a NT4 style domain, it seems that the 
DomainCompatibilityMode and DNSNameResolutionRequired changes are still 
required (at least in this articla about W8 and Samba 3.6.9): 
http://www.admin-magazine.com/Articles/Linux-with-Windows-8


Does it work if you change this two values?


Regards,
Marc

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows 8 pro and Samba 4

2013-07-29 Thread Marc Muehlfeld


Am 29.07.2013 08:00, schrieb Daniel Müller:
 I have one w8 prof in my Samba AD test environment and it works
 without problems.


Just be sure you did no registry hack on the windows 8 machine!?


No registry hack here.
Under 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters 
I don't have the entries DomainCompatibilityMode and 
DNSNameResolutionRequired:

http://s1.directupload.net/images/130729/juvqft2b.png
So both are on default.

My Samba 4 installation is AD (not a NT4-style domain).

So I would say, it's not required for Samba AD. But maybe if Samba is 
providing a NT4 style domain.



Regards,
Marc
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] memory consumption with treesize pro and cifs shares

2013-07-29 Thread Cy Mike

More info on this:

The NAS running FreeBSD has 48GB RAM, same as the test NAS we are
duplicating the error on. Both machines see this error with 3.6.9 Samba.
The initial try at duplicating the error didn't produce it. It wasn't until
we increased the amount of files in the CIFS share that we were able to
duplicate it. Number of files is in the millions. Drive freespace is large
on the test machine and the error still occurs. According to LindaW here,
the test hasn't been reproduce yet using Samba 3.6.16, so we're looking
into another test on our box using the updated version.

Has anyone else encountered an issue like with using TreeSize Pro? Does
anyone need more information to help sort this out? We'll be running
additional tests today looking for a solution and I will post back more on
this later.

Thanks,
Mike


On Tue, Jul 23, 2013 at 6:59 PM, Cy Mike cym...@gmail.com wrote:

 Hi everyone. I'm looking to solve an issue with Samba on a NAS being
 accessed with TreeSize Pro. Using that program to scan through millions of
 files is eating up memory on swap and eventually crashing the system. It's
 scanning mounted CIFS shares on the NAS running TrueNAS with samba version
 3.6.9

 We have a test case and have been able to replicate the issue on another
 machine.

 The solution right now is to simply not run TreeSize Pro. Not the best
 of plans.

 In the meantime, I'm going to continue to check the usual manuals/google
 sources to see if I can find anything. I haven't as yet and am short on
 time with this. Basically looking to see if this is an actual bug that
 might require a patch/upgrade, or something I can fix with some tuneables.

 Thanks,
 Mike




-- 
that's not a bald head, that's a solar panel for a dumbass machine - jon
stewart 5/9/12
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Windows 8 pro and Samba 4

2013-07-29 Thread Chris Rowson

I have a win 8 member on my test domain and it joined fine. Did you try
joining using full domain name as well as the NETBIOS name?

Chris
On 29 Jul 2013 18:46, Marc Muehlfeld sa...@marc-muehlfeld.de wrote:

 Am 29.07.2013 08:00, schrieb Daniel Müller:
  I have one w8 prof in my Samba AD test environment and it works
  without problems.
 

 Just be sure you did no registry hack on the windows 8 machine!?


 No registry hack here.
 Under 
 HKEY_LOCAL_MACHINE\System\**CurrentControlSet\Services\**LanManWorkstation\Parameters
 I don't have the entries DomainCompatibilityMode and
 DNSNameResolutionRequired:
 http://s1.directupload.net/**images/130729/juvqft2b.pnghttp://s1.directupload.net/images/130729/juvqft2b.png
 So both are on default.

 My Samba 4 installation is AD (not a NT4-style domain).

 So I would say, it's not required for Samba AD. But maybe if Samba is
 providing a NT4 style domain.


 Regards,
 Marc
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  
 https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Compiling Samba 4.0.7 - make test results

2013-07-29 Thread Alex Ferrara

Nice to see my how to is helping out.

Sent from my iPhone

On 29/07/2013, at 4:12 PM, Mgr. Peter Tuharsky, MsU Banska Bystrica
tuhar...@misbb.sk wrote:

Thank You

Dňa 24.07.2013 15:38, L.P.H. van Belle wrote / napísal(a):
Hai,

Just look here

http://www.enterprisesamba.com/samba/

make an account so you can use the packages of sernet samba.

and use this one for very basic setup.
( this also works for debian, since ubuntu is based on debian )

http://www.ferrara.com.au/mediawiki/index.php/Ubuntu:_Samba_4_Active_Directory_Domain_Master

Best regards,

Louis

The tests eventually finished, however several errors have been
reported. Sincerely, I don't understand them. I'm sending the
st/summary
file in attachment.

Please, is there anybody capable telling me, what's the problem with my
compilation? Am I missing some package, or is there some lack of
information on Wiki, or...?

Or should I better contact the technical mailing list?

I'm not eager to compile samba myself, however Debian packages are
rather old even in experimental branch...

Peter

D?a 23.07.2013 14:17, Mgr. Peter Tuharsky, MsU Banska Bystrica wrote /
napísal(a):
Hallo,

I'm new here. Doing compilation of Samba 4.0.7 on Debian Wheezy
accordingly to Samba Wiki page. I have used configure parameters
--enable-debug --enable-selftest and after make, I ran make test.

Now I'm puzzled, because it apparently stops at step 96 (after 15
minutes, CPU still running at full speed), and I don't know how to
interpret the results. I'm sending the output in attachment.

Please, is my samba ready to go or not? What is the 1
error reported
about? And why the test dosen't end up correctly? Or how
long should one
normally wait for test to complete?

Sincerely,
Peter
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

[Samba] NT4 clients

2013-07-29 Thread Ryan Bair

I'm attempting to get an old NT4 client participating in a Samba4 domain.
Users can logon to the machine locally and access network shares on other
machines in the network. However, no one can access shares on the NT4
machine using the machine name. Attempting this results in an error The
account is not authorized to log in from this station. Using the IP
address does work however.

The clients are configured to allow no smb signing and NTLMv1, I think I
have all the security settings covered.

I noticed while looking at wireshark though that the client is doing
TGS-REQ for cifs/nt4test and Samba is returning a full TGS-REP. This feels
very odd to me since there is no such SPN cifs/nt4test on the network.
'setspn -Q cifs/nt4test' confirms this.

I've also noticed that the MS docs state:
94 Section 3.2.5.2:
http://msdn.microsoft.com/en-us/library/d367854f-5eee-45e8-a588-eed596a1a521#endNote94When
the server completes negotiation and returns the CAP_EXTENDED_SECURITY flag
as not set, Windows-based SMB clients query the Key Distribution Center
(KDC)http://msdn.microsoft.com/en-us/library/0aa17e1f-b3c1-478a-9bf0-2d826888d081#key_distribution_center_KDCto
verify whether a service ticket is registered for the given security
principal name
(SPN)http://msdn.microsoft.com/en-us/library/54af12e1-fcc1-4d62-bd47-c80514ac2615#spn.
If the query indicates that the
SPNhttp://msdn.microsoft.com/en-us/library/54af12e1-fcc1-4d62-bd47-c80514ac2615#spnis
registered with the
KDChttp://msdn.microsoft.com/en-us/library/0aa17e1f-b3c1-478a-9bf0-2d826888d081#key_distribution_center_KDC,
then the SMB client terminates the connection and returns an
implementation-specific security downgrade error to the caller.

The client does have CAP_EXTENDED_SECURITY set and I'm guessing the TGS-REQ
is how Windows is testing the presence of the SPN. Since the test is
succeeding and the server doesn't advertise the extended security
capability, Windows disconnects.

Can someone confirm my hypothesis?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] NT4 clients

2013-07-29 Thread Ryan Bair

Oh, forgot to mention. Samba 4.0.7-4 Sernet packages running on CentOS 6.4.

On Mon, Jul 29, 2013 at 5:00 PM, Ryan Bair ryandb...@gmail.com wrote:

The clients are configured to allow no smb signing and NTLMv1, I think I
have all the security settings covered.

The client does have CAP_EXTENDED_SECURITY set and I'm guessing the
TGS-REQ is how Windows is testing the presence of the SPN. Since the test
is succeeding and the server doesn't advertise the extended security
capability, Windows disconnects.

Can someone confirm my hypothesis?

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] NT4 clients

2013-07-29 Thread Gaiseric Vandal

I wouldn't have even guessed that NT4 would join a modern AD domain.
It looks like MS did provide client software to join a Windows 2000 AD
domain.Or does the NT4 machine think it is in an NT4 / Samba3 type
domain?

Presumably you can see the domain users in the local user manager
program on the NT4 machine? And verify the security options.

http://www.windowsnetworking.com/articles-tutorials/windows-nt/nt4user.html

Do you have a a WINS server running? With XP/Windows 7 when you
join an AD domain, the machine name usually gets set to a fully
qualified domain name. e.g. mypc.mydomain.com. Does the host name
of the NT4 machine match the expected AD fully qualified domain name
(does nslookup ip_address on the NT4 machine return the expected
hostname? ) Are all machines in DNS? I think a hostname or dns
mismatch could cause problems validating AD kerberos tickets.

I am running Samba 3, not 4, but found that using a WINS server and
making sure key systems were in DNS helped solve some issues.

On 07/29/13 17:05, Ryan Bair wrote:

Oh, forgot to mention. Samba 4.0.7-4 Sernet packages running on CentOS 6.4.

On Mon, Jul 29, 2013 at 5:00 PM, Ryan Bair ryandb...@gmail.com wrote:

The clients are configured to allow no smb signing and NTLMv1, I think I
have all the security settings covered.

The client does have CAP_EXTENDED_SECURITY set and I'm guessing the
TGS-REQ is how Windows is testing the presence of the SPN. Since the test
is succeeding and the server doesn't advertise the extended security
capability, Windows disconnects.

Can someone confirm my hypothesis?

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Re: [Samba] NT4 clients

2013-07-29 Thread Ryan Bair

Yes, AD has explicit support for pre-2000 clients.

WINS is alive and well and name resolution is working.

I really think the bogus TGS reply is messing things up, but I'd like to
have someone more knowledgeable confirm the behavior is incorrect.

On Mon, Jul 29, 2013 at 5:23 PM, Gaiseric Vandal
gaiseric.van...@gmail.comwrote:

I wouldn't have even guessed that NT4 would join a modern AD domain. It
looks like MS did provide client software to join a Windows 2000 AD domain.
Or does the NT4 machine think it is in an NT4 / Samba3 type domain?

Presumably you can see the domain users in the local user manager program
on the NT4 machine? And verify the security options.

http://www.windowsnetworking.**com/articles-tutorials/**
windows-nt/nt4user.htmlhttp://www.windowsnetworking.com/articles-tutorials/windows-nt/nt4user.html

Do you have a a WINS server running? With XP/Windows 7 when you
join an AD domain, the machine name usually gets set to a fully qualified
domain name. e.g. mypc.mydomain.com. Does the host name of the NT4
machine match the expected AD fully qualified domain name (does nslookup
ip_address on the NT4 machine return the expected hostname? ) Are all
machines in DNS? I think a hostname or dns mismatch could cause problems
validating AD kerberos tickets.

I am running Samba 3, not 4, but found that using a WINS server and making
sure key systems were in DNS helped solve some issues.

On 07/29/13 17:05, Ryan Bair wrote:

Oh, forgot to mention. Samba 4.0.7-4 Sernet packages running on CentOS
6.4.

On Mon, Jul 29, 2013 at 5:00 PM, Ryan Bair ryandb...@gmail.com wrote:

The clients are configured to allow no smb signing and NTLMv1, I think I
have all the security settings covered.

I noticed while looking at wireshark though that the client is doing
TGS-REQ for cifs/nt4test and Samba is returning a full TGS-REP. This
feels
very odd to me since there is no such SPN cifs/nt4test on the network.
'setspn -Q cifs/nt4test' confirms this.

I've also noticed that the MS docs state:
94 Section 3.2.5.2:
http://msdn.microsoft.com/en-**us/library/d367854f-5eee-45e8-**
a588-eed596a1a521#endNote94http://msdn.microsoft.com/en-us/library/d367854f-5eee-45e8-a588-eed596a1a521#endNote94
**When

the server completes negotiation and returns the CAP_EXTENDED_SECURITY
flag
as not set, Windows-based SMB clients query the Key Distribution Center
(KDC)http://msdn.microsoft.**com/en-us/library/0aa17e1f-**
b3c1-478a-9bf0-2d826888d081#**key_distribution_center_KDChttp://msdn.microsoft.com/en-us/library/0aa17e1f-b3c1-478a-9bf0-2d826888d081#key_distribution_center_KDCto
verify whether a service ticket is registered for the given security
principal name (SPN)http://msdn.microsoft.**com/en-us/library/54af12e1-
**fcc1-4d62-bd47-c80514ac2615#**spnhttp://msdn.microsoft.com/en-us/library/54af12e1-fcc1-4d62-bd47-c80514ac2615#spn
.
If the query indicates that the SPNhttp://msdn.microsoft.com/**
en-us/library/54af12e1-fcc1-**4d62-bd47-c80514ac2615#spnhttp://msdn.microsoft.com/en-us/library/54af12e1-fcc1-4d62-bd47-c80514ac2615#spnis
registered with the
KDChttp://msdn.microsoft.com/**en-us/library/0aa17e1f-b3c1-**
478a-9bf0-2d826888d081#key_**distribution_center_KDChttp://msdn.microsoft.com/en-us/library/0aa17e1f-b3c1-478a-9bf0-2d826888d081#key_distribution_center_KDC
,

then the SMB client terminates the connection and returns an
implementation-specific security downgrade error to the caller.

The client does have CAP_EXTENDED_SECURITY set and I'm guessing the
TGS-REQ is how Windows is testing the presence of the SPN. Since the test
is succeeding and the server doesn't advertise the extended security
capability, Windows disconnects.

Can someone confirm my hypothesis?

--
To unsubscribe from this list go to the following URL and read the
instructions:
https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

[Samba] Consistent Inter-Samba UID/GID Mappings

2013-07-29 Thread chris . hayes

Hi everyone,

I'm trying to ensure my various Samba3 fileservers have consistent
Samba User/Group - Linux UID/GID mappings between them. The domain is
controlled by a Samba4 DC.

Samba3 is used because it's maintained in the distributions that we
have deployed already.

I believe that using Winbind with idmap_rid is probably the easiest way
to accomplish this, however I have had no luck with this after spending
hours trying different configurations. And after searching online, it
appeared that several people have suggested that this idmap backend no
longer works in 3.6, and that explicitly stored mappings (via RFC2307 /
SFU) is now considered the appropriate way to do what I'm wanting.

Can anyone confirm this?

In an attempt to implement RFC2307 in the Samba directory, I rebuilt my
test domain (Samba4) using the --use-rfc2307 option in the samba-tool
domain provision command.

The --use-rfc2307 option enables your Samba AD automatically to store
posix attributes.
--
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Provisioning_Samba_.28Setting_up_a_new_domain.29

This sounded like it would work perfectly for my needs. However it
doesn't. I'd hoped that it would ensure that any new user or group is
automagically assigned a uidNumber or gidNumber, etc. Currently I'm
using RSAT to administer the directory.

I'm rather hoping that someone can point out something important that
I've not realised. Any information would be enthusiastically received.
I'll update this with further information tomorrow (Samba versions -- I
believe that the DC is 4.0.6 and the fileserver 3.6.3).

Thanks for your time.
Chris
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

[Samba] Samba4 DNS (bind_dlz) management issue on CentOS

2013-07-29 Thread Jason Bailey


To whom it may concern,

Not long ago, I joined a Samba4 box as a DC to a single DC Windows 2003 
Active Directory domain to begin the process of learning Samba4. 
Unfortunately, before I was ready to make the total switch, my Windows 
2003 server died, and the remnants of my domain were left with Samba4. 
While I have got my Samba4 running fairly smoothly (after forcing it to 
take on fsmo roles), there are still a few snags - and DNS happens to be 
one of them.


Right now I'm running two CentOS 6.4 (x64) servers that are operating as 
Active Directory DCs. Both are utilizing Samba 4.0.7 (provided by 
SerNet) on Linux kernel 2.6.32. Both are running BIND 9.8.2 with the 
Samba DLZ plugin for DNS (and for the record, these servers do more than 
run Samba and require BIND for DNS).


I have two primary problems with DNS. One, I can't manage any of my AD 
DNS zones from Windows using MMC, or from samba-tool. MMC either 
complains the DNS server is unreachable, or that the Active Directory 
service is unavailable. The samba-tool utility returns the error code 
ERROR(runtime): uncaught exception - (-1073741249, 
'NT_STATUS_PORT_UNREACHABLE'). Two, while my reverse zone (for a 
10.0.0.0/24 subnet) is being served out of the DLZ, my forward Active 
Directory office zone is not. Right now it is running as a master zone 
in BIND.


Employees can login via AD without issue. Replication appears to be 
working correctly so far as I can tell.


--
Here's my smb.conf file:

# Global parameters
[global]
workgroup = OFFICE
realm = office.domain.com
netbios name = CARBON
netbios aliases = COBALT COBALT-DC FS1
server role = active directory domain controller
server services = +web -smb +s3fs -dns +dns_update +kdc +rpc +nbt 
+wrepl +drepl +ldap +cldap +ntp_signd +kcc
dcerpc endpoint servers = +epmapper +wkssvc +rpcecho +samr 
+netlogon +lsarpc +spoolss +drsuapi +dssetup +unixinfo +browser 
+eventlog6 +backupkey -winreg -srvsvc -dnsserver -dns

load printers = no
log file = /var/log/samba/log.%m
log level = 5
encrypt passwords = yes
idmap config *:backend = tdb
idmap config *:range = 70001-8
idmap config OFFICE:backend = ad
idmap config OFFICE:schema_mode = rfc2307
idmap config OFFICE:range = 1-4
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users  = yes
winbind enum groups = yes
vfs objects = acl_xattr recycle shadow_copy2
acl_xattr:ignore system acls = no
recycle:keeptree = True
recycle:versions = False
recycle:touch = False
recycle:repository = .recycle
recycle:exclude = *.tmp
recycle:exclude_dir =
logon drive = U:
logon script = \\CARBON\netlogon\NetDrives.vbs
logon path = \\CARBON\data\users\%U
--

Here's my named.conf file:

# Loads Samba Active Directory zone
include /var/lib/samba/private/named.conf;

# Global options
options {

   auth-nxdomain yes;

   directory /var/named;

   notify no;

   empty-zones-enable no;

   allow-query {
127.0.0.0/8; 10.0.0.0/24;
   };

   allow-recursion {
127.0.0.0/8; 10.0.0.0/24;
   };

   allow-transfer {
10.0.0.0/24; 127.0.0.1;
   };

   forwarders {
66.111.113.7; 66.111.113.8;
   };

   tkey-gssapi-keytab /var/lib/samba/private/dns.keytab;
   tkey-domain OFFICE.DOMAIN.COM;


};

controls {
   inet 127.0.0.1 port 953
   allow { 10.0.0.0/24; 127.0.0.1; } keys { rndc-key; };
};

key rndc-key {
   algorithm hmac-md5;
   secret  OMMITTED ;
};


# Root servers (required zone for recursive queries)
zone . {
   type hint;
   file named.root;
};


# Required localhost forward-/reverse zones
 zone localhost {
   type master;
   file master/localhost.zone;
};

zone 0.0.127.in-addr.arpa {
   type master;
   file master/0.0.127.zone;
};

#zone 0.0.10.in-addr.arpa {
#   type master;
#   file master/0.0.10.in-addr.arpa.zone;
#   update-policy {
#grant *.COM wildcard *.0.0.10.in-addr.arpa. PTR;
#grant OFFICE.DOMAIN.COM ms-self * A ;
#   };
#};

zone domain.com {
   type master;
   file master/domain.com.zone;
};

zone office.domain.com {
   type master;
   check-names ignore; # Required for MS AD domain
   file master/office.domain.com.zone;
   include /var/lib/samba/private/named.conf.update;
};

--

The office.domain.com zone file came of the fact that I had a backup 
of the zone file because one of my Samba servers was once a slave DNS 
server to the Windows 2003 server that I lost (it was running Samba3 
before my move to Samba4).

Re: [Samba] memory consumption with treesize pro and cifs shares

2013-07-29 Thread Linda W



(some more followup---sorry if I ask too much / too many Q's,
if so, just don't respond! I won't be offended)..

You might look for a file system loop and check for options in treesize pro
to detect such.

Another program to try is WinDirStat's home is 
http://windirstat.sourceforge.net/.


The reason I mention the loop stuff is that windir stat has options to 
detect

remote mounts and remote symbolic links and to follow them or not.

That can cause it to go in loops but not exhaust memory on th server.

Running it now in normal mode, it runs more aggressively against the 
server and
I see the smbd process at 90% cpu usage  (the fact that the protocol is 
single-server/client

makes it difficult to parallelize cpu usage, so 90% is how much of 1 core
it is using, vs. system wide it would be about 6.3%).

Note -- my instance of 3.6.12 is running with millions of files as well 
(a bit over
9 million at last count) and is running on linux-3.9.8.  I'm not sure, 
but I think
linux's multi-tasking ability is considered more efficient than BSD's, 
though BSD is
has had some record of better security -- though to both those figures 
the relative user
bases need to be considered (fewer users, fewer bugs found, more users, 
more need
for different types of HW and efficient algorithms to handle high loads 
across diverse
platforms, as well as the ability to keep source closed under BSD 
(security through obscurity)).



Of note -- on the server, I see two instances of smbd running -- the 
other is from
another machine where I have a logon instance in windows that I left 
suspended
(disconnected from a remote session, so not really suspended -- looks 
like explorer doing
some sort of indexing (which MS refuses to allow their indexer to use to 
update a computer's

local index)).

Anyway, the two of them are running right around 129-137MB Virtual size 
for each

with 24MB resident and 20M Shared...
Server's cpu's are Xeon X5660 @2.8Gh currently running at 1600MHz 
(demand based
scheduler), so they aren't the fastest or the slowest.  Main disk 
subsystem is a RAID50
of reasonable speed.  I would think it unlikely, but perhaps a slow disk 
might cause

a backlog of requests... but I don't see that as likely.

Evidence points to the BSD-samba combination you are using.  :(.
You didn't mention --
* what processor/how many cores the NAS is using/has available?
* What type of disk are in use (Sata/SAS 4000RPM - 15K RPM);
* Is the system using RAID? Type?
* What file system is it using (options?)

Personally, in my limited exploration of home NAS units, I didn't
find any that were well powered; not as even as much as a
low-end workstation based server.  With
48G, your's already sounds better than most, but that's only 1 measure.

Also note, my version of treesizepro isn't the latest, it's officially 
'OUTDATED' (says
so next to the version 5.4.4.707);-).  Newer versions may be more 
aggressive

or have different options.



Cy Mike wrote:

More info on this:

The NAS running FreeBSD has 48GB RAM, same as the test NAS we are 
duplicating the error on. Both machines see this error with 3.6.9 
Samba. The initial try at duplicating the error didn't produce it. It 
wasn't until we increased the amount of files in the CIFS share that 
we were able to duplicate it. Number of files is in the millions. 
Drive freespace is large on the test machine and the error still 
occurs. According to LindaW here, the test hasn't been reproduce yet 
using Samba 3.6.16, so we're looking into another test on our box 
using the updated version.


Has anyone else encountered an issue like with using TreeSize Pro? 
Does anyone need more information to help sort this out? We'll be 
running additional tests today looking for a solution and I will post 
back more on this later.�


Thanks,
Mike�


On Tue, Jul 23, 2013 at 6:59 PM, Cy Mike cym...@gmail.com 
mailto:cym...@gmail.com wrote:


Hi everyone. I'm looking to solve an issue with Samba on a NAS
being accessed with TreeSize Pro. Using that program to scan
through millions of files is eating up memory on swap and
eventually crashing the system. It's scanning mounted CIFS shares
on the NAS running TrueNAS with samba version 3.6.9

We have a test case and have been able to replicate the issue on
another machine.

The solution right now is to simply not run TreeSize Pro. Not
the best of plans.

In the meantime, I'm going to continue to check the usual
manuals/google sources to see if I can find anything. I haven't as
yet and am short on time with this. Basically looking to see if
this is an actual bug that might require a patch/upgrade, or
something I can fix with some tuneables.�

Thanks,
Mike




--
that's not a bald head, that's a solar panel for a dumbass machine - 
jon stewart 5/9/12


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba4 - classicupgrade - problem - passdb.error uncaught exception - Cannot load backend methods for 'ldapsam:ldap://localhost' backend NT_STATUS_CANT_ACCESS_DOMAIN_INFO

2013-07-29 Thread itsaheb

Even after cleaning etc and private directories im still getting the same error:


Provisioning
convert_string_talloc: Conversion not supported.*pdb_init_ldapsam:
WARNING: Could not get domain info, nor add one to the
domain. We cannot work reliably without it.*
pdb backend ldapsam:ldap://localhost did not correctly init (error was
NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
ERROR(class 'passdb.error'): uncaught exception - Cannot load backend
methods for 'ldapsam:ldap://localhost' backend
(-1073741606,NT_STATUS_CANT_ACCESS_DOMAIN_INFO)


Any clues?


Thanks in advance!
Saheb
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] NT4 clients

2013-07-29 Thread Andrew Bartlett

On Mon, 2013-07-29 at 19:29 -0400, Ryan Bair wrote:
 Yes, AD has explicit support for pre-2000 clients.
 
 WINS is alive and well and name resolution is working.
 
 I really think the bogus TGS reply is messing things up,  but I'd like to
 have someone more knowledgeable confirm the behavior is incorrect.

NT4 doesn't know about Kerberos, I think any TGS traffic is highly
likely a red herring.  Are you really sure the client is issuing it, and
you have not additional software installed on the NT4 machine?

Andrew Bartlett
-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Samba Developer, Catalyst IT   http://catalyst.net.nz


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4 - classicupgrade - problem - passdb.error uncaught exception - Cannot load backend methods for 'ldapsam:ldap://localhost' backend NT_STATUS_CANT_ACCESS_DOMAIN_INFO

2013-07-29 Thread Andrew Bartlett

On Tue, 2013-07-30 at 10:27 +0530, itsaheb wrote:
 Even after cleaning etc and private directories im still getting the same 
 error:
 
 
 Provisioning
 convert_string_talloc: Conversion not supported.*pdb_init_ldapsam:
 WARNING: Could not get domain info, nor add one to the
 domain. We cannot work reliably without it.*
 pdb backend ldapsam:ldap://localhost did not correctly init (error was
 NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
 ERROR(class 'passdb.error'): uncaught exception - Cannot load backend
 methods for 'ldapsam:ldap://localhost' backend
 (-1073741606,NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
 

I think you may have cleaned too much, or not have the right settings -
this means that the ldap server listning on port 389 localhost does not
have a copy of your Samba3 domain.

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Samba Developer, Catalyst IT   http://catalyst.net.nz


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Consistent Inter-Samba UID/GID Mappings

2013-07-29 Thread Marc Muehlfeld

Hello Chris,

Am 30.07.2013 01:36, schrieb chris.ha...@proporta.com:

In an attempt to implement RFC2307 in the Samba directory, I rebuilt my
test domain (Samba4) using the --use-rfc2307 option in the samba-tool
domain provision command.

The --use-rfc2307 option enables your Samba AD automatically to store
posix attributes.
--
https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Provisioning_Samba_.28Setting_up_a_new_domain.29

the --use-rfc2307 option doesn't automatically assigns xIDs on your DC.
It add's the additionals schemas to your directory that allows you among
others to assign xIDs to user/groups.

If you migrate to Samba AD, then the values from your old Samba PDC are
filled in this fields. If you provision a new domain and add
users/groups, the fields you require are not set. You can administrate
them through ADUC or other ways.

If you don't want to administrate the posix stuff in your AD, have a
look on sssd instead of winbind.

Regards,
Marc

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

[SCM] CTDB repository - branch master updated - ctdb-2.3-20-g57aa2df

2013-07-29 Thread Amitay Isaacs

The branch, master has been updated
   via  57aa2dffea60abd73a95233f8b761cc676adebb6 (commit)
   via  37ccc7c6cc43a80aaa92291aea7a438f4225488a (commit)
   via  782814288bb560099ee44b607bf35f3eddf37f82 (commit)
   via  a20d94717d2e4ab866d8a002cdf39c0669b74c6a (commit)
   via  af5aa369c266430fe912df0c26116b68bac3572e (commit)
   via  a69e03a5e4671e998d45b4fef8611a421bbdb3e1 (commit)
   via  bf4a7c1ad87e0e848296d15d63eb8cd901ca5335 (commit)
   via  1b016b2dfc5d7d3f2a42ce4dfe569608e90eb714 (commit)
   via  e0f3fa1020e13b84bdd672538168d148f1847d57 (commit)
   via  29e98017221326bdc9b1c4f7c05b3b495c1de29b (commit)
   via  9d6e1c147bd036d832b98c155f405ee2a5d6f57f (commit)
   via  ae3c03d80264e997b7da9f3279d7810e18b8a1df (commit)
   via  90d792cf28d6a823141e4c417b6978f02a9cf596 (commit)
   via  3dd5b925dcf0e9a5b877638e471c5ecf36b46c58 (commit)
   via  53e4eca74429f76adc81d98e3d11d1bd61194d71 (commit)
   via  501f19b16fd6d67fbb754248868c38ee5bcf79ef (commit)
   via  c6ab0f9405d5fa5b0b1693bc92e59da0d555a9d7 (commit)
   via  57ef5d3827ea3417a32703e259a53ce6fd10ac45 (commit)
  from  5740155cc5de1a223412e8529aa1a383a5412514 (commit)

http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master


- Log -
commit 57aa2dffea60abd73a95233f8b761cc676adebb6
Author: Martin Schwenke mar...@meltin.net
Date:   Fri Jul 26 15:09:24 2013 +1000

doc: Update XML files to use standard DocBook DTD

This simplifies building since we don't use any of the Samba
extensions.

Signed-off-by: Martin Schwenke mar...@meltin.net

commit 37ccc7c6cc43a80aaa92291aea7a438f4225488a
Author: Martin Schwenke mar...@meltin.net
Date:   Fri Jul 26 11:20:47 2013 +1000

initscript: The wrapper script should export CTDB_SOCKET

This ensures that any invocation of the ctdb tool (within the wrapper)
gets the desired value.  This at least ensures that ctdbd will be
started.

If a non-standard value is set for CTDB_SOCKET then command-line users
will still need the variable in their environment.

Signed-off-by: Martin Schwenke mar...@meltin.net
Pair-programmed-with: Amitay Isaacs ami...@gmail.com

commit 782814288bb560099ee44b607bf35f3eddf37f82
Author: Martin Schwenke mar...@meltin.net
Date:   Thu Jul 25 16:17:07 2013 +1000

ctdbd: Kill client process without checking for tracked child

Commit f73a4b1495830bcdd094a93732a89dd53b3c2f78 added a safety check
to ensure that CTDB never kills unrelated processes.  However, client
processes are unrelated.

Signed-off-by: Martin Schwenke mar...@meltin.net

commit a20d94717d2e4ab866d8a002cdf39c0669b74c6a
Author: Martin Schwenke mar...@meltin.net
Date:   Thu Jul 25 13:40:43 2013 +1000

eventscripts: kill_tcp_connections() should send connections to stdin

This avoids issuing multiple ctdb killtcp commands to terminate tcp
connections, one per connection.  This will considerably reduce the
time when there is a large number of tcp connections.  This also makes
it possible to avoid calling ctdb killtcp when there are no connections.

Add a couple of unit tests for killtcp and update eventscript unit
test infrastructure to support.

Signed-off-by: Martin Schwenke mar...@meltin.net
Pair-programmed-with: Amitay Isaacs ami...@gmail.com

commit af5aa369c266430fe912df0c26116b68bac3572e
Author: Martin Schwenke mar...@meltin.net
Date:   Thu Jul 25 13:28:26 2013 +1000

tools/ctdb: Allow killtcp to read connections from standard input

This will allows eventscripts to send information about multiple tcp
connections to a single ctdb killtcp command, saving the overhead of
setting up a client connection per tcp connection.

Signed-off-by: Martin Schwenke mar...@meltin.net
Pair-programmed-with: Amitay Isaacs ami...@gmail.com

commit a69e03a5e4671e998d45b4fef8611a421bbdb3e1
Author: Martin Schwenke mar...@meltin.net
Date:   Mon Jul 22 20:11:58 2013 +1000

tests: Always tally the number of passed/failed tests

Regardless of whether a summary is being printed!

Signed-off-by: Martin Schwenke mar...@meltin.net

commit bf4a7c1ad87e0e848296d15d63eb8cd901ca5335
Author: Martin Schwenke mar...@meltin.net
Date:   Mon Jul 22 16:39:46 2013 +1000

recoverd: Call takeover fail callback only once per node

Currently the fail callback is called once per (takeip/releaseip) control
failure.  This is overkill and can get a node banned much too quickly.

Instead, keep track of control failures per node and only call fail
callback once per failed node.

Signed-off-by: Martin Schwenke mar...@meltin.net
Pair-programmed-with: Amitay Isaacs ami...@gmail.com

commit 1b016b2dfc5d7d3f2a42ce4dfe569608e90eb714
Author: Martin Schwenke mar...@meltin.net
Date:   Mon Jul 22 15:08:32 2013 +1000

scripts:

[SCM] Samba Shared Repository - branch master updated

2013-07-29 Thread Andrew Bartlett

The branch, master has been updated
   via  45f5ea0 dns: Update TODO list
  from  73a9e6a selftest: Print error message when smbd does not have ADS 
support

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 45f5ea0b57952b7050279ae10402fa7d570f1c93
Author: Kai Blin k...@samba.org
Date:   Sun Jul 28 23:59:18 2013 +0200

dns: Update TODO list

A lot of the todo items have been resolved, avoid confusing people.

Signed-off-by: Kai Blin k...@samba.org

Reviewed-by: Andrew Bartlett abart...@samba.org

Autobuild-User(master): Andrew Bartlett abart...@samba.org
Autobuild-Date(master): Mon Jul 29 09:12:17 CEST 2013 on sn-devel-104

---

Summary of changes:
 source4/dns_server/TODO |   13 +
 1 files changed, 5 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/dns_server/TODO b/source4/dns_server/TODO
index c6024d7..1949650 100644
--- a/source4/dns_server/TODO
+++ b/source4/dns_server/TODO
@@ -3,13 +3,10 @@ DNS server todo list
 
 Just so we don't forget the required features for an AD-compatible DNS server:
 
-- Forwarding to other nameservers if we don't know the domain
-- Additional record handling (especially in SOA records, but we'll want off of
-  this stuff)
-- TSIG-GSSAPI handling
-- Symmetric Bind-style key handling (not strictly needed for AD, but needed for
+- Symmetric Bind-style TKEY handling (not strictly needed for AD, but needed 
for
   integration to other name servers / tools)
-- Command line tools that unix admins are used to
-- Zone transfer support (XFER, IFER)
+(- Command line tools that unix admins are used to)
+- Zone transfer support (XFER, IFER) (look at AD for permission settings)
 - Caching
-- Tests, tests, tests (probably based on python's dns implementation)
+- dynamic zone reloading
+- Tests, tests, tests


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

2013-07-29 Thread Michael Adam

The branch, master has been updated
   via  8f8e843 s3:winbind: add a warning DEBUG message when skipping a sid 
from the mapped GID list
   via  482212e s3:winbind: change getgroups to only do one sids2xids call 
instead of many
   via  6e41745 s3:winbind: fix the getgroups implementation to include the 
user sid's GID in case of ID_TYPE_BOTH
   via  f62219e s3:winbind: fix gid counting and error handling in the 
getgroups implementation
  from  45f5ea0 dns: Update TODO list

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 8f8e843267636b5fea076014980031afc2c0a7b4
Author: Michael Adam ob...@samba.org
Date:   Fri Jul 26 12:26:30 2013 +0200

s3:winbind: add a warning DEBUG message when skipping a sid from the mapped 
GID list

This presents a potential security problem when ACLs contain DENY ACEs.

Pair-Programmed-With: Stefan Metzmacher me...@samba.org

Signed-off-by: Michael Adam ob...@samba.org
Signed-off-by: Stefan Metzmacher me...@samba.org

Autobuild-User(master): Michael Adam ob...@samba.org
Autobuild-Date(master): Mon Jul 29 14:42:27 CEST 2013 on sn-devel-104

commit 482212e3d348e4247759cbca9507db74f61f9703
Author: Michael Adam ob...@samba.org
Date:   Fri Jul 26 12:25:27 2013 +0200

s3:winbind: change getgroups to only do one sids2xids call instead of many

Pair-Programmed-With: Stefan Metzmacher me...@samba.org

Signed-off-by: Michael Adam ob...@samba.org
Signed-off-by: Stefan Metzmacher me...@samba.org

commit 6e41745173989dff1b4e2f03e174e9d1020857d5
Author: Michael Adam ob...@samba.org
Date:   Fri Jul 26 11:32:34 2013 +0200

s3:winbind: fix the getgroups implementation to include the user sid's GID 
in case of ID_TYPE_BOTH

This is important for acl checks on the unix level where only a group ace
has been added to the ACL for the user sid, e.g. when accessing Files with
nfs or local unix processes.

Signed-off-by: Michael Adam ob...@samba.org
Reviewed-by: Stefan Metzmacher me...@samba.org

commit f62219e71af69ec8b331500b75fd5fd77d51a636
Author: Michael Adam ob...@samba.org
Date:   Fri Jul 26 11:31:41 2013 +0200

s3:winbind: fix gid counting and error handling in the getgroups 
implementation

Pair-Programmed-With: Stefan Metzmacher me...@samba.org

Signed-off-by: Michael Adam ob...@samba.org
Signed-off-by: Stefan Metzmacher me...@samba.org

---

Summary of changes:
 source3/winbindd/winbindd_getgroups.c |  102 +++--
 1 files changed, 71 insertions(+), 31 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/winbindd_getgroups.c 
b/source3/winbindd/winbindd_getgroups.c
index 1774901..b899beb 100644
--- a/source3/winbindd/winbindd_getgroups.c
+++ b/source3/winbindd/winbindd_getgroups.c
@@ -29,7 +29,6 @@ struct winbindd_getgroups_state {
enum lsa_SidType type;
int num_sids;
struct dom_sid *sids;
-   int next_sid;
int num_gids;
gid_t *gids;
 };
@@ -124,18 +123,13 @@ static void winbindd_getgroups_gettoken_done(struct 
tevent_req *subreq)
 
/*
 * Convert the group SIDs to gids. state-sids[0] contains the user
-* sid, so start at index 1.
+* sid. If the idmap backend uses ID_TYPE_BOTH, we might need the
+* the id of the user sid in the list of group sids, so map the
+* complete token.
 */
 
-   state-gids = talloc_array(state, gid_t, state-num_sids-1);
-   if (tevent_req_nomem(state-gids, req)) {
-   return;
-   }
-   state-num_gids = 0;
-   state-next_sid = 1;
-
subreq = wb_sids2xids_send(state, state-ev,
-  state-sids[state-next_sid], 1);
+  state-sids, state-num_sids);
if (tevent_req_nomem(subreq, req)) {
return;
}
@@ -149,38 +143,84 @@ static void winbindd_getgroups_sid2gid_done(struct 
tevent_req *subreq)
struct winbindd_getgroups_state *state = tevent_req_data(
req, struct winbindd_getgroups_state);
NTSTATUS status;
-   struct unixid xid;
+   struct unixid *xids;
+   int i;
 
-   xid.type = ID_TYPE_NOT_SPECIFIED;
-   xid.id = UINT32_MAX;
+   xids = talloc_array(state, struct unixid, state-num_sids);
+   if (tevent_req_nomem(xids, req)) {
+   return;
+   }
+   for (i=0; i  state-num_sids; i++) {
+   xids[i].type = ID_TYPE_NOT_SPECIFIED;
+   xids[i].id = UINT32_MAX;
+   }
 
-   status = wb_sids2xids_recv(subreq, xid);
+   status = wb_sids2xids_recv(subreq, xids);
TALLOC_FREE(subreq);
-   if (xid.type == ID_TYPE_GID || xid.type == ID_TYPE_BOTH) {
-   state-gids[state-num_gids] =

[SCM] Samba Shared Repository - branch v4-1-test updated

2013-07-29 Thread Karolin Seeger

The branch, v4-1-test has been updated
   via  216b3f4 s4-lib/socket: Allocate a the larger sockaddr_un and not 
just a sockaddr_in in unixdom_get_my_addr()
   via  580b51c s4-lib/socket: Allocate a the larger sockaddr_un and not 
just a sockaddr_in in unixdom_get_peer_addr()
   via  4bbb4c8 docs-xml: Remove obsolete swat manpage and references.
  from  f65b92c pam_winbind: update documentation for DIR krb5ccname 
pragma.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-test


- Log -
commit 216b3f46753a8641ca269840b5548ffeaab50393
Author: Stefan Metzmacher me...@samba.org
Date:   Wed Jul 24 10:19:26 2013 +1200

s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in 
in unixdom_get_my_addr()

This caused crashes in _tsocket_address_bsd_from_sockaddr() when we
read past the end of the allocation.

(similar to commit e9ae36e9683372b86f1efbd29904722a33fea083)

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10042

Signed-off-by: Stefan Metzmacher me...@samba.org

Reviewed-by: Andrew Bartlett abart...@samba.org

Autobuild-User(master): Andrew Bartlett abart...@samba.org
Autobuild-Date(master): Wed Jul 24 14:37:43 CEST 2013 on sn-devel-104
(cherry picked from commit 077dfd0a89a854c21b91b0f871d034fd9fe82a9a)

Autobuild-User(v4-1-test): Karolin Seeger ksee...@samba.org
Autobuild-Date(v4-1-test): Mon Jul 29 23:44:45 CEST 2013 on sn-devel-104

commit 580b51cd4841230ad82a2d8168b8506ba04b
Author: Andrew Bartlett abart...@samba.org
Date:   Wed Jul 24 10:19:26 2013 +1200

s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in 
in unixdom_get_peer_addr()

This caused crashes in _tsocket_address_bsd_from_sockaddr() when we
read past the end of the allocation.

Andrew Bartlett

Signed-off-by: Andrew Bartlett abart...@samba.org
Reviewed-by: Jeremy Allison j...@samba.org
(cherry picked from commit e9ae36e9683372b86f1efbd29904722a33fea083)

commit 4bbb4c8966ec9aefeee016c9549cd35db6adb8ac
Author: Andreas Schneider a...@samba.org
Date:   Wed Jul 24 10:12:19 2013 +0200

docs-xml: Remove obsolete swat manpage and references.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10041

Signed-off-by: Andreas Schneider a...@samba.org
Reviewed-by: Kai Blin k...@samba.org

Autobuild-User(master): Andreas Schneider a...@cryptomilk.org
Autobuild-Date(master): Wed Jul 24 12:42:29 CEST 2013 on sn-devel-104

(cherry picked from commit a7801db32afb25cc88f171d9b8896b2f663ba351)
Signed-off-by: Andreas Schneider a...@samba.org

---

Summary of changes:
 docs-xml/manpages/samba.7.xml   |8 -
 docs-xml/manpages/smb.conf.5.xml|5 +-
 docs-xml/manpages/swat.8.xml|  237 ---
 docs-xml/smbdotconf/base/bindinterfacesonly.xml |   15 +--
 docs-xml/wscript_build  |1 -
 source4/lib/socket/socket_unix.c|8 +-
 6 files changed, 7 insertions(+), 267 deletions(-)
 delete mode 100644 docs-xml/manpages/swat.8.xml


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages/samba.7.xml b/docs-xml/manpages/samba.7.xml
index 9299660..fd9297f 100644
--- a/docs-xml/manpages/samba.7.xml
+++ b/docs-xml/manpages/samba.7.xml
@@ -202,14 +202,6 @@
/varlistentry
 
varlistentry
-   termciterefentryrefentrytitleswat/refentrytitle
-   manvolnum8/manvolnum/citerefentry/term
-   listitemparacommandswat/command is a web-based
-   interface to configuring filenamesmb.conf/filename.
-   /para/listitem
-   /varlistentry
-
-   varlistentry
termciterefentryrefentrytitlewbinfo/refentrytitle
manvolnum1/manvolnum/citerefentry/term
listitemparacommandwbinfo/command is a utility
diff --git a/docs-xml/manpages/smb.conf.5.xml b/docs-xml/manpages/smb.conf.5.xml
index dd4f858..750eef8 100644
--- a/docs-xml/manpages/smb.conf.5.xml
+++ b/docs-xml/manpages/smb.conf.5.xml
@@ -21,10 +21,8 @@
para
The filename moreinfo=nonesmb.conf/filename file is a 
configuration  file for the Samba suite. filename
moreinfo=nonesmb.conf/filename contains  runtime configuration 
information for the Samba programs. The
-filename moreinfo=nonesmb.conf/filename file is designed to be 
configured and administered by the
-citerefentryrefentrytitleswat/refentrytitle 
manvolnum8/manvolnum/citerefentry program. The
complete description of the file format and possible parameters held 
within are here for reference purposes.
-   /para 
+   /para
 /refsect1
 
 refsect1 id=FILEFORMATSECT
@@ -800,7 +798,6 @@ chmod 1770

Re: [Samba] Windows 8 pro and Samba 4

Re: [Samba] Compiling Samba 4.0.7 - make test results

Re: [Samba] Question on approach to authenticate Linux against Samba4

[Samba] Samba server accessible but not browsable from network

[Samba] Samba4 - Classicupgrade - pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain

[Samba] How to install a replacement PDC?

Re: [Samba] Fwd: About samba 3.0.28 trust AD

Re: [Samba] Samba4 - Classicupgrade - pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain

[Samba] samba4 on ubuntu precise LTS

Re: [Samba] How to install a replacement PDC?

Re: [Samba] Samba4 - Classicupgrade - pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain

Re: [Samba] How to install a replacement PDC?

Re: [Samba] How to install a replacement PDC?

Re: [Samba] Windows 8 pro and Samba 4

Re: [Samba] Windows 8 pro and Samba 4

Re: [Samba] memory consumption with treesize pro and cifs shares

Re: [Samba] Windows 8 pro and Samba 4

Re: [Samba] Compiling Samba 4.0.7 - make test results

[Samba] NT4 clients

Re: [Samba] NT4 clients

Re: [Samba] NT4 clients

Re: [Samba] NT4 clients

[Samba] Consistent Inter-Samba UID/GID Mappings

[Samba] Samba4 DNS (bind_dlz) management issue on CentOS

Re: [Samba] memory consumption with treesize pro and cifs shares

[Samba] samba4 - classicupgrade - problem - passdb.error uncaught exception - Cannot load backend methods for 'ldapsam:ldap://localhost' backend NT_STATUS_CANT_ACCESS_DOMAIN_INFO

Re: [Samba] NT4 clients

Re: [Samba] samba4 - classicupgrade - problem - passdb.error uncaught exception - Cannot load backend methods for 'ldapsam:ldap://localhost' backend NT_STATUS_CANT_ACCESS_DOMAIN_INFO

Re: [Samba] Consistent Inter-Samba UID/GID Mappings

[SCM] CTDB repository - branch master updated - ctdb-2.3-20-g57aa2df

[SCM] Samba Shared Repository - branch master updated

[SCM] Samba Shared Repository - branch master updated

[SCM] Samba Shared Repository - branch v4-1-test updated

33 matches

Site Navigation

Mail list logo

Footer information