[Samba] Joining Samba4 as DC--Error Failed to find a writeable DC for domain
Dear all, I set up samba 4.1 (SlaveDC)in a test environment on CentOs 6.4. I tried to join this host to my running and provisioned MasterDC (Samba 4/CentOs 6.4). On the SlaveDC I did : samba-tool domain join tplk.loc DC -Uadministrator --realm=tplk.loc --dns-backend=BIND9_DLZ It gives me: [root@s4slave ~]# samba-tool domain join tplk.loc DC -Uadministrator --realm=tplk.loc --dns-backend=BIND9_DLZ Finding a writeable DC for domain 'tplk.loc' ERROR(exception): uncaught exception - Failed to find a writeable DC for domain 'tplk.loc' File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 1082, in join_DC machinepass, use_ntvfs, dns_backend, promote_existing) File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 73, in __init__ ctx.server = ctx.find_dc(domain) File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 246, in find_dc raise Exception(Failed to find a writeable DC for domain '%s' % domain) Do I miss something?Just pulled with git, configure, make, make install, no porovisioning, just domain join!??? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Joining Samba4 as DC--Error Failed to find a writeable DC for domain
Just did the trick: Put the nameserver MasterDC in my /etc/resolv.conf on the SlaveDC and all is finished. Please add this hint to http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Daniel Müller [mailto:muel...@tropenklinik.de] Gesendet: Mittwoch, 31. Juli 2013 09:28 An: 'samba@lists.samba.org'; 'samba-techni...@samba.org' Betreff: Joining Samba4 as DC--Error Failed to find a writeable DC for domain Dear all, I set up samba 4.1 (SlaveDC)in a test environment on CentOs 6.4. I tried to join this host to my running and provisioned MasterDC (Samba 4/CentOs 6.4). On the SlaveDC I did : samba-tool domain join tplk.loc DC -Uadministrator --realm=tplk.loc --dns-backend=BIND9_DLZ It gives me: [root@s4slave ~]# samba-tool domain join tplk.loc DC -Uadministrator --realm=tplk.loc --dns-backend=BIND9_DLZ Finding a writeable DC for domain 'tplk.loc' ERROR(exception): uncaught exception - Failed to find a writeable DC for domain 'tplk.loc' File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 1082, in join_DC machinepass, use_ntvfs, dns_backend, promote_existing) File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 73, in __init__ ctx.server = ctx.find_dc(domain) File /usr/local/samba/lib64/python2.6/site-packages/samba/join.py, line 246, in find_dc raise Exception(Failed to find a writeable DC for domain '%s' % domain) Do I miss something?Just pulled with git, configure, make, make install, no porovisioning, just domain join!??? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Windows 8 pro and Samba 4
El 2013-07-30 22:57, Marc Muehlfeld escribió: Am 30.07.2013 18:43, schrieb Marc Muehlfeld: I'll try to clarify the Wiki article about the registry changes for that during the next time. I over-worked the Wiki Win7 registry hack page and also renamed it: https://wiki.samba.org/index.php/Registry_changes_for_NT4-style_domains It should now be clearer what and when registry changes are needed. If something is missing, let me know. Regards, Marc Should be added to place the domain name (for windows 8 prof only) in control panel- system- computer name- modify/change-more-dns suffix Emeka -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 4.0.7 PANIC invalid lock_order
On Wed, Jul 24, 2013 at 09:53:06AM +, bruno.meneuvr...@ioxar.fr wrote: Dear all, I'm struggling to get samba 4.0.7 working as a file server. I'm using mac osx 10.8.4 with Excel for Mac 2011 (14.3.6). I'm able to create a new Spreadsheet and to save it with a new name. I'm also able to read it. When I open it and change a few cells, I cant't save it. I have to save it with a new name. I found these lines in log file: 2013/07/23 15:27:12.407416, 0] ../lib/dbwrap/dbwrap.c:133(debug_lock_order) lock order: 1:/usr/local/samba/var/lock/locking.tdb 2:none 3:none [2013/07/23 15:27:12.407600, 0] ../source3/lib/util.c:810(smb_panic_s3) PANIC (pid 31203): invalid lock_order Maybe, it's the root cause… You will find attached conf and log files. Unfortunately the attachments were dropped. Can you re-send debug level 10 logs of smbd directly to me? Thanks, Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kont...@sernet.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] DNS update shows errors TKEY is unacceptable on joined Samba 4 DC
Dear all, after succesfull joining my new samba 4 DC to the domain. There is an error on using, samba_dnsupdate --verbose --all-names On the new joined dc: dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 How can I fix it!? Dnsupdate on the Master is running well. [root@s4slave etc]# samba_dnsupdate --verbose --all-names IPs: ['192.168.135.253'] Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389) as we are not a PDC Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389) as we are not a PDC Calling nsupdate for A tplk.loc 192.168.135.253 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: tplk.loc. 900 IN A 192.168.135.253 dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for A s4slave.tplk.loc 192.168.135.253 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: s4slave.tplk.loc. 900 IN A 192.168.135.253 dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for A gc._msdcs.tplk.loc 192.168.135.253 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: gc._msdcs.tplk.loc. 900 IN A 192.168.135.253 dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for CNAME 0fae0583-b14c-421b-b622-00fbfaf1826c._msdcs.tplk.loc s4slave.tplk.loc Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: 0fae0583-b14c-421b-b622-00fbfaf1826c._msdcs.tplk.loc. 900 IN CNAME s4slave.tplk.loc. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kpasswd._tcp.tplk.loc s4slave.tplk.loc 464 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kpasswd._tcp.tplk.loc. 900 IN SRV 0 100 464 s4slave.tplk.loc. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kpasswd._udp.tplk.loc s4slave.tplk.loc 464 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kpasswd._udp.tplk.loc. 900 IN SRV 0 100 464 s4slave.tplk.loc. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kerberos._tcp.tplk.loc s4slave.tplk.loc 88 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kerberos._tcp.tplk.loc. 900IN SRV 0 100 88 s4slave.tplk.loc. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kerberos._tcp.dc._msdcs.tplk.loc s4slave.tplk.loc 88 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kerberos._tcp.dc._msdcs.tplk.loc. 900 IN SRV 0 100 88 s4slave.tplk.loc. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kerberos._tcp.default-first-site-name._sites.tplk.loc s4slave.tplk.loc 88 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kerberos._tcp.default-first-site-name._sites.tplk.loc. 900 IN SRV 0 100 88 s4slave.tplk.loc. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kerberos._tcp.default-first-site-name._sites.dc._msdcs.tplk.loc s4slave.tplk.loc 88 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kerberos._tcp.default-first-site-name._sites.dc._msdcs.tplk.loc. 900 IN SRV 0 100 88 s4slave.tplk.loc. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _kerberos._udp.tplk.loc s4slave.tplk.loc 88 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _kerberos._udp.tplk.loc. 900IN SRV 0 100 88 s4slave.tplk.loc. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1 Calling nsupdate for SRV _ldap._tcp.tplk.loc s4slave.tplk.loc 389 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 0 ;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: _ldap._tcp.tplk.loc.900 IN SRV 0 100 389 s4slave.tplk.loc. dns_tkey_negotiategss: TKEY is unacceptable Failed nsupdate: 1
Re: [Samba] ./configure LDAP checks failing on AIX
2013/7/30 Gaiseric Vandal gaiseric.van...@gmail.com You may also want to set LD_LIBRARY_PATH to include /usr/local/openldap/lib It's the link phase which fails, not the run. The problem *is* the lack of #include ldap.h: without it the configure check fails, with it is successful. I've been able to verify this BTW, AIX uses LIBPATH not LD_LIBRARY_PATH -- Gilles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] nmbd is not running
Hi I have samba domain controller in my network. and recently I have changed the netmask of the network. Then nmbd is not working could you please help me to solve this issue nmbd -i nmbd version 3.5.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2010 Unknown parameter encountered: wide symlinks Ignoring unknown parameter wide symlinks Unknown parameter encountered: wide symlinks Ignoring unknown parameter wide symlinks standard input is not a socket, assuming -D option bind failed on port 137 socket_addr = 172.17.255.255. Error = Cannot assign requested address nmbd_subnetdb:make_subnet() Failed to open nmb bcast socket on interface 172.17.255.255 for port 137. Error was Cannot assign requested address ERROR: Failed when creating subnet lists. Exiting. - /etc/init.d/samba status nmbd is not running ... failed! smbd is running. My samba configuration file --- [global] workgroup = KEVIN netbios name = KEVINDC server string = KEVIN Domain controller obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 name resolve order = lmhosts host wins bcast unix extensions = No add user script = /usr/sbin/adduser --quiet --disabled-password --gecos %u add group script = /usr/sbin/addgroup --force-badname %g add machine script = /usr/sbin/useradd -g machines -c %u machine account -d /var/lib/samba -s /bin/false %u logon path = logon home = domain logons = Yes os level = 33 preferred master = Auto domain master = Yes dns proxy = No panic action = /usr/share/samba/panic-action %d [homes] comment = Home Directories valid users = %S create mask = 0700 directory mask = 0700 browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes share modes = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers Thank you kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to install a replacement PDC?
Thanks for all the info. It sounds like the process might be more involved than I’d hoped, although I had a feeling it might not be totally straightforward. I need to do a bit of reading up on Samba so that I have a better idea of how it hangs together with regard to passwords, groups and SIDs etc. At least I’ve got a bit of time to do the upgrade. Thanks also for the info about the Sernet build – I did think it would be nicer to have a later version of Samba than the one packaged by Debian, so I’ll look into that. On Tue, 30 Jul 2013 18:56:51 +0100 Chris Smith smb...@chrissmith.org wrote: On Tue, Jul 30, 2013 at 12:36 PM, Chris Smith smb...@chrissmith.org wrote: Only problem I had was that I needed to add Samba to run level 2 as it appears my CLI only install of Wheezy doesn't boot into run level 3 (as Debian claims is their default). Just read somewhere else the run level 2 is the default for Debian - in that case I think Sernet should modify the init script. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 - classicupgrade - problem - passdb.error uncaught exception - Cannot load backend methods for 'ldapsam:ldap://localhost' backend NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Thanks Andrew for your reply. This time i have setup Samba4 on new test server but im still getting the same error message: # /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/samba3/ --use-xattrs=yes --realm=mydomain.com /samba3/smb.conf --dns-backend=BIND9_DLZ Reading smb.conf Provisioning smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=MYDOMAIN))] smbldap_open_connection: connection opened ldap_connect_system: successful connection to the LDAP server The LDAP server is successfully connected smbldap_search_domain_info: Problem during LDAPsearch: Timed out smbldap_search_domain_info: Query was: dc=mydomain,dc=com, ((objectClass=sambaDomain)(sambaDomainName=MYDOMAIN)) pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it. pdb backend ldapsam:ldap://x.x.x.x/ did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO) ERROR(class 'passdb.error'): uncaught exception - Cannot load backend methods for 'ldapsam:ldap://x.x.x.x/' backend (-1073741606,NT_STATUS_CANT_ACCESS_DOMAIN_INFO) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py, line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File /usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py, line 616, in upgrade_from_samba3 s3db = samba3.get_sam_db() File /usr/local/samba/lib64/python2.6/site-packages/samba/samba3/__init__.py, line 390, in get_sam_db return passdb.PDB(self.lp.get('passdb backend')) Can you please help on this or direct me in right direction? Thanks in Advance. Regards Saheb 2013/7/30 Andrew Bartlett abart...@samba.org On Tue, 2013-07-30 at 10:27 +0530, itsaheb wrote: Even after cleaning etc and private directories im still getting the same error: Provisioning convert_string_talloc: Conversion not supported.*pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it.* pdb backend ldapsam:ldap://localhost did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO) ERROR(class 'passdb.error'): uncaught exception - Cannot load backend methods for 'ldapsam:ldap://localhost' backend (-1073741606,NT_STATUS_CANT_ACCESS_DOMAIN_INFO) I think you may have cleaned too much, or not have the right settings - this means that the ldap server listning on port 389 localhost does not have a copy of your Samba3 domain. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to solve: client XXX.XXX.XXX.XXX#55873: update 'XXX/IN' denied ---samba_dlz: cancelling transaction on zone
Dear all, how can I solve the issue with samba 4 bind_dlz , when a windows client is joined to the domain I get this error,ex.: 4master named[2814]: client 192.168.135.126#55873: update 'tplk.loc/IN' denied Jul 31 14:29:17 s4master named[2814]: samba_dlz: cancelling transaction on zone tplk.loc I can add the client to the dns by hand: samba-tool dns add s4master tplk.loc EDV2 A 192.168.135.126 -Uadministrator but this is no solution!? --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] nmbd is not running
Can you show the ifconfig -a output on your server (or whatever the appropriate command for your OS .) The bind failed on ... 255 suggests the IP of the server is set wrong. On 07/31/13 05:17, Kevin Sha wrote: Hi I have samba domain controller in my network. and recently I have changed the netmask of the network. Then nmbd is not working could you please help me to solve this issue nmbd -i nmbd version 3.5.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2010 Unknown parameter encountered: wide symlinks Ignoring unknown parameter wide symlinks Unknown parameter encountered: wide symlinks Ignoring unknown parameter wide symlinks standard input is not a socket, assuming -D option bind failed on port 137 socket_addr = 172.17.255.255. Error = Cannot assign requested address nmbd_subnetdb:make_subnet() Failed to open nmb bcast socket on interface 172.17.255.255 for port 137. Error was Cannot assign requested address ERROR: Failed when creating subnet lists. Exiting. - /etc/init.d/samba status nmbd is not running ... failed! smbd is running. My samba configuration file --- [global] workgroup = KEVIN netbios name = KEVINDC server string = KEVIN Domain controller obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 name resolve order = lmhosts host wins bcast unix extensions = No add user script = /usr/sbin/adduser --quiet --disabled-password --gecos %u add group script = /usr/sbin/addgroup --force-badname %g add machine script = /usr/sbin/useradd -g machines -c %u machine account -d /var/lib/samba -s /bin/false %u logon path = logon home = domain logons = Yes os level = 33 preferred master = Auto domain master = Yes dns proxy = No panic action = /usr/share/samba/panic-action %d [homes] comment = Home Directories valid users = %S create mask = 0700 directory mask = 0700 browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes share modes = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers Thank you kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem to demote samba4 dc
Hi all, I recently migrated our samba 3 domain to an AD domain using Samba 4 classic upgrade tool. Well, everything seems to work fine since i'm still alive ;) . I promoted a Windows 2k8 box as a new DC of this domain and I transfer the 5 FSMO roles to it. Now I would like to demote the Samba4 DC but when I tried I got this message : # samba-tool domain demote ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC When check the fsmo roles status via samba-tool fsmo show it confirms that the Samba 4 DC doesn't own anything. How can I manage to demote the Samba 4 box ? Best regards, Davy. -- Davy HUBERT DSI/SMI - Unité Systèmes Université Paul-Valéry, Montpellier 3 davy.hub...@univ-montp3.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Turnkey Samba 4 Solutions?
H - I'm a Resara Server user - Resara Server was a turnkey Samba 4 system. I have been lurking on this list, trying to decide what way to go for the future. I've seen some post regarding moving from Resara, but I'm not sure if I want to get my hands dirty - I've enjoyed the simplicity of Resara. Are there any other turnkey Samba solutions? Or simple cookbook solutions? thanks, steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Joining Samba4 as DC--Error Failed to find a writeable DC for domain
Hello Daniel Am 31.07.2013 09:39, schrieb Daniel Müller: Just did the trick: Put the nameserver MasterDC in my /etc/resolv.conf on the SlaveDC and all is finished. Please add this hint to http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC I already had this on my to-do list, but haven't done yet. But it's done yet. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem to demote samba4 dc
I had the same problem some days ago.no reply from list and still with same problem :( Em 31/07/2013 10:35, Davy HUBERT escreveu: Hi all, I recently migrated our samba 3 domain to an AD domain using Samba 4 classic upgrade tool. Well, everything seems to work fine since i'm still alive ;) . I promoted a Windows 2k8 box as a new DC of this domain and I transfer the 5 FSMO roles to it. Now I would like to demote the Samba4 DC but when I tried I got this message : # samba-tool domain demote ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC When check the fsmo roles status via samba-tool fsmo show it confirms that the Samba 4 DC doesn't own anything. How can I manage to demote the Samba 4 box ? Best regards, Davy. -- = *Jonis Maurin Ceará* Analista de Sistemas FEA-RP/USP - Ramal: 42-4485 / 42-3927 DDR: (16) 3602-4485 / 3602-3927 Atendimento Web: http://sistemas.fearp.usp.br/suporte = -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem to demote samba4 dc
Hello Davy, Am 31.07.2013 15:35, schrieb Davy HUBERT: I recently migrated our samba 3 domain to an AD domain using Samba 4 classic upgrade tool. Well, everything seems to work fine since i'm still alive ;) . I promoted a Windows 2k8 box as a new DC of this domain and I transfer the 5 FSMO roles to it. Now I would like to demote the Samba4 DC but when I tried I got this message : # samba-tool domain demote ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC When check the fsmo roles status via samba-tool fsmo show it confirms that the Samba 4 DC doesn't own anything. How can I manage to demote the Samba 4 box ? * How did you transfered the roles to to your Samba DC? (through windows, samba-tool, ...?) * What Samba version are you running? fsmo seize wasn't working for a while: https://bugzilla.samba.org/show_bug.cgi?id=9461 * Any errors/messages in the log when you transfer the roles? Please give some more information, to make it easier to help. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to install a replacement PDC?
Actually, I seem to have it working now! I’ll need to document what I did, and will have to test it again from scratch as I may have done one or two things which weren’t necessary etc. The PC is logging onto the Debian server with no nasty warnings or errors, the server-side login script is working, and I can access the test network share. I think it might be slightly slow to login, but it is an ancient test PC, and it might also be trying to do other things requiring a DNS server and internet connection (I’ve just got the test PC and Debian server on a crossover cable). Once I have it documented I might post again to check that the process I’m using is good practice etc. On Tue, 30 Jul 2013 18:56:51 +0100 Chris Smith smb...@chrissmith.org wrote: On Tue, Jul 30, 2013 at 12:36 PM, Chris Smith smb...@chrissmith.org wrote: Only problem I had was that I needed to add Samba to run level 2 as it appears my CLI only install of Wheezy doesn't boot into run level 3 (as Debian claims is their default). Just read somewhere else the run level 2 is the default for Debian - in that case I think Sernet should modify the init script. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] nmbd is not running
It looks like you have are using a block of private class B's as a contiguous CIDR range including 172.16.x.x and 172.17.x.x I played around with the IP's using various on line subnet calculators http://jodies.de/ipcalc?host=172.16.30.4mask1=15mask2= Address: 172.16.30.4 Netmask: 255.254.0.0 = 15 Network: 172.16.0.0/15 Broadcast: 172.17.255.255 HostMin: 172.16.0.1 HostMax: 172.17.255.254 It looks to me like the broadcast address is wrong. Or are you trying to treat 172.16.x.x and 172.17.x.x as separate class B subnets? On 07/31/13 08:54, Kevin Sha wrote: root@srv:~# ifconfig -a eth0 Link encap:Ethernet HWaddr be:27:29:d3:c7:33 inet addr:172.17.30.4 Bcast:172.31.255.255 Mask:255.254.0.0 inet6 addr: fe80::bc27:29ff:fed3:c733/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:48965895 errors:0 dropped:0 overruns:0 frame:0 TX packets:1460501 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1888712573 (1.7 GiB) TX bytes:785972618 (749.5 MiB) eth0:1 Link encap:Ethernet HWaddr be:27:29:d3:c7:33 inet addr:172.16.2.3 Bcast:172.31.255.255 Mask:255.254.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:2 Link encap:Ethernet HWaddr be:27:29:d3:c7:33 inet addr:172.16.2.5 Bcast:172.31.255.255 Mask:255.254.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:3 Link encap:Ethernet HWaddr be:27:29:d3:c7:33 inet addr:172.16.2.6 Bcast:172.31.255.255 Mask:255.254.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:4 Link encap:Ethernet HWaddr be:27:29:d3:c7:33 inet addr:172.16.2.17 Bcast:172.31.255.255 Mask:255.254.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:5 Link encap:Ethernet HWaddr be:27:29:d3:c7:33 inet addr:172.16.2.8 Bcast:172.31.255.255 Mask:255.254.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:6 Link encap:Ethernet HWaddr be:27:29:d3:c7:33 inet addr:172.16.2.30 Bcast:172.31.255.255 Mask:255.254.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:7 Link encap:Ethernet HWaddr be:27:29:d3:c7:33 inet addr:172.16.2.4 Bcast:172.31.255.255 Mask:255.254.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:8 Link encap:Ethernet HWaddr be:27:29:d3:c7:33 inet addr:172.16.6.10 Bcast:172.31.255.255 Mask:255.254.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:9 Link encap:Ethernet HWaddr be:27:29:d3:c7:33 inet addr:172.16.6.11 Bcast:172.31.255.255 Mask:255.254.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:10 Link encap:Ethernet HWaddr be:27:29:d3:c7:33 inet addr:172.16.2.18 Bcast:172.31.255.255 Mask:255.254.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:11 Link encap:Ethernet HWaddr be:27:29:d3:c7:33 inet addr:172.16.2.20 Bcast:172.31.255.255 Mask:255.254.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:12 Link encap:Ethernet HWaddr be:27:29:d3:c7:33 inet addr:172.16.2.21 Bcast:172.31.255.255 Mask:255.254.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:13 Link encap:Ethernet HWaddr be:27:29:d3:c7:33 inet addr:172.16.2.29 Bcast:172.31.255.255 Mask:255.254.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:14 Link encap:Ethernet HWaddr be:27:29:d3:c7:33 inet addr:172.16.6.13 Bcast:172.31.255.255 Mask:255.254.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:15 Link encap:Ethernet HWaddr be:27:29:d3:c7:33 inet addr:172.16.2.0 Bcast:172.31.255.255 Mask:255.254.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0:16 Link encap:Ethernet HWaddr be:27:29:d3:c7:33 inet addr:172.16.6.14 Bcast:172.31.255.255 Mask:255.254.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:5532 errors:0 dropped:0 overruns:0 frame:0 TX packets:5532 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:369954 (361.2 KiB) TX bytes:369954 (361.2 KiB) On Wed, Jul 31, 2013 at 6:18 PM, Gaiseric Vandal gaiseric.van...@gmail.com mailto:gaiseric.van...@gmail.com wrote: Can you show the ifconfig -a output on your server (or whatever the appropriate command for your OS .) The bind failed on ... 255 suggests the IP of the server is set wrong. On 07/31/13 05:17, Kevin Sha wrote: Hi I have samba domain controller in my network. and recently I have changed the netmask of the network. Then nmbd is not working could you please help me to solve this issue nmbd -i nmbd version 3.5.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2010 Unknown parameter encountered: wide symlinks Ignoring unknown parameter wide symlinks Unknown parameter encountered: wide symlinks Ignoring unknown parameter wide symlinks standard input is not a socket, assuming -D option bind failed
Re: [Samba] Problem to demote samba4 dc
I had this happen the other day and ran it down to the DomainDNS and ForestDNS not transferring fully. I haven't yet had time to file a bug on this. Ricky On Wed, Jul 31, 2013 at 8:35 AM, Davy HUBERT davy.hub...@univ-montp3.frwrote: Hi all, I recently migrated our samba 3 domain to an AD domain using Samba 4 classic upgrade tool. Well, everything seems to work fine since i'm still alive ;) . I promoted a Windows 2k8 box as a new DC of this domain and I transfer the 5 FSMO roles to it. Now I would like to demote the Samba4 DC but when I tried I got this message : # samba-tool domain demote ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC When check the fsmo roles status via samba-tool fsmo show it confirms that the Samba 4 DC doesn't own anything. How can I manage to demote the Samba 4 box ? Best regards, Davy. -- Davy HUBERT DSI/SMI - Unité Systèmes Université Paul-Valéry, Montpellier 3 davy.hub...@univ-montp3.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem to demote samba4 dc
In my case, all transfer was made using windows GUI and no errors, everything fine.except those 2 'extra' roles, which i don't know (and fsmo show doesn't show). Em 31/07/2013 11:00, Ricky Nance escreveu: I had this happen the other day and ran it down to the DomainDNS and ForestDNS not transferring fully. I haven't yet had time to file a bug on this. Ricky On Wed, Jul 31, 2013 at 8:35 AM, Davy HUBERT davy.hub...@univ-montp3.frwrote: Hi all, I recently migrated our samba 3 domain to an AD domain using Samba 4 classic upgrade tool. Well, everything seems to work fine since i'm still alive ;) . I promoted a Windows 2k8 box as a new DC of this domain and I transfer the 5 FSMO roles to it. Now I would like to demote the Samba4 DC but when I tried I got this message : # samba-tool domain demote ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC When check the fsmo roles status via samba-tool fsmo show it confirms that the Samba 4 DC doesn't own anything. How can I manage to demote the Samba 4 box ? Best regards, Davy. -- Davy HUBERT DSI/SMI - Unité Systèmes Université Paul-Valéry, Montpellier 3 davy.hub...@univ-montp3.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- = *Jonis Maurin Ceará* Analista de Sistemas FEA-RP/USP - Ramal: 42-4485 / 42-3927 DDR: (16) 3602-4485 / 3602-3927 Atendimento Web: http://sistemas.fearp.usp.br/suporte = -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Split DNS with Samba4 internal DNS
Hi team, I have a working Samba4 build on production now (running 4.0.7). The problem is that the AD domain is the same as the external public domain, but the web and mail servers are hosted externally. So basically I need to resolve www.domain.com and mail.domain.com using an external nameserver (where domain.com is my AD domain). In a Windows AD, this would be done by creating a delegation for those hosts pointing to the domain SOA, but this does not seem to work with the internal Samba DNS server (or at least I couldn't make it work). Which would be the best way to handle this situation? Is the internal Samba DNS server capable of handling this scenario, or should I configure BIND? In the meantime, I manually added an A record to the Samba DNS server pointing to the appropriate servers (which works fine), but my web hosting provider tends to change the server's IP address quite often, so I would like this to be handled automatically. Thanks a lot. George -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] NT4 clients
OK. I got all excited and ran the test against a 2008 DC this morning. After allowing NT4 crypto through group policy, it worked seamlessly. Here's what I saw through wireshark: 1. same old failed extended security negotiation .. 2. Win7 sends DC TGS-REQ for cifs/nt4test 3. DC replies KRB-ERROR: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN Just for grins, I then added HOST entries for the NT4 box in AD and tested again. The result was exactly the same as with the Samba DC, Windows issued a ticket and Win7 rejected the connection to the NT4 box. In summary, the evidence strongly points to CIFS being a mapped alias to the HOST SPN. If HOST exists, we can map it to CIFS, if it does not, we should tell the client that the principal does not exist. I will open a bug for this. On Tue, Jul 30, 2013 at 9:44 PM, Ryan Bair ryandb...@gmail.com wrote: Last bit of info. This article, http://support.microsoft.com/kb/258503, indicates that Windows should indeed be setting up its own default SPNs (host and machine name). http://support.microsoft.com/kb/320187 states that the pre-Windows 2000 checkbox is ADUC assigns the machine password based on the machine name. I haven't found any information indicating that it does anything more than this. I'll try to confirm the behavior against a Win2008 DC this week, but right now I'm leaning towards the CIFS SPN being dependent upon a HOST SPN being present. On Tue, Jul 30, 2013 at 8:58 PM, Ryan Bair ryandb...@gmail.com wrote: I've noticed that Win2k+ clients have filled in their servicePrincipalName attribute in AD. I know that the cifs SPN is implicit, but are you certain the host SPN is also implicit? If cifs was only meant to be implicit off of the host (and the host not implicit itself), that could be a way to determine if the request should be fulfilled. I have not tried against a Windows DC. I may set up a test DC to see what the behavior is. Connecting by IP address does work. I'll try using an alternative name, that sounds promising as well. In ADUC, there is a checkbox for pre-Windows 2000 when creating a new machine account. I wonder what this does and if we could use it somehow. I know it's not stored anywhere directly, but I'd suspect its there for a reason. On Tue, Jul 30, 2013 at 6:02 PM, Andrew Bartlett abart...@samba.orgwrote: On Tue, 2013-07-30 at 05:33 -0400, Ryan Bair wrote: Hi Andrew, To clarify, it is the Win7 client sending the TGS request to the DC and the DC responds positively. I now have a more complete understanding of what's going on: 1. Win7 initiates a session with NT4. Nothing interesting. 2. Win7 sends the negotiate protocol response. Of note, we state that we support extended security. 3. NT4 responds that it does not support extended security. More precisely, when NT4 dinosaurs roamed the earth, that bit was likely still reserved. 4. Win7 issues a TGS request to the _DC_ to see if the host with that name really doesn't support extended security, or if the NT4 machine is trying to subject it to some sort of elaborate ruse. (i) 5. DC responds positively to the TGS req. (!!!) 6. Win7 closes the connection, and displays the error to the user. i. The notes on http://msdn.microsoft.com/en-us/library/cc246806.aspx state: 94 Section 3.2.5.2: When the server completes negotiation and returns the CAP_EXTENDED_SECURITY flag as not set, Windows-based SMB clients query the Key Distribution Center (KDC) to verify whether a service ticket is registered for the given security principal name (SPN). If the query indicates that the SPN is registered with the KDC, then the SMB client terminates the connection and returns an implementation-specific security downgrade error to the caller. Since the Samba DC replies that the SPN is available (by fulfilling the request), I'm assuming we're triggering this documented behavior in the Win7 client. Indeed. Also of note, `klist` on the client has an entry for cifs/nt4test which `setspn -Q cifs/nt4test` confirms does not exist. I can't confirm the behavior in #5 is a bug, but it certainly seems suspect. The cifs/nt4test SPN is implicit, from the implicit host/nt4test SPN that comes from nt4test being the machine's name. The issue for us as a KDC is that there is no flag that I know of that can be set to say that this domain member should not be issued a ticket, and the downgrade protection is an important part of the security of the network. (that protection isn't useful if the member server can still negotiate for only NTLM without protection, but waiting for that is for another day). Have you tested and shows windows behaves any differently? Finally, as a workaround try connecting to the machine by IP or by a name the KDC doesn't know. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer,
Re: [Samba] Problem to demote samba4 dc
Hello Marc, Le 31/07/2013 15:50, Marc Muehlfeld a écrit : Hello Davy, Am 31.07.2013 15:35, schrieb Davy HUBERT: I recently migrated our samba 3 domain to an AD domain using Samba 4 classic upgrade tool. Well, everything seems to work fine since i'm still alive ;) . I promoted a Windows 2k8 box as a new DC of this domain and I transfer the 5 FSMO roles to it. Now I would like to demote the Samba4 DC but when I tried I got this message : # samba-tool domain demote ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC When check the fsmo roles status via samba-tool fsmo show it confirms that the Samba 4 DC doesn't own anything. How can I manage to demote the Samba 4 box ? * How did you transfered the roles to to your Samba DC? (through windows, samba-tool, ...?) I transfered the roles through windows from Samba to Windows ;) so now window has all fsmo roles and i can't demote the samba dc. * What Samba version are you running? fsmo seize wasn't working for a while: https://bugzilla.samba.org/show_bug.cgi?id=9461 # samba -V Version 4.0.6 * Any errors/messages in the log when you transfer the roles? Nop :( Please give some more information, to make it easier to help. Regards, Marc Thank you for your help :) Regards, Davy HUBERT DSI/SMI - Unité Systèmes Université Paul-Valéry, Montpellier 3 davy.hub...@univ-montp3.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] file locking failure
4.0.7 DC, 4.0.7 fileserver, with openSUSE, w7 and xp clients. cifs-utils 6.1 on Linux. Hi I have set: kernel oplocks = yes on the fileserver If the xp client opens a file using e.g. Notepad, the opensuse client can edit it at the same time and vica versa. If I open the same file on each client using Libre Office then fine, it works (I think because of Libre Office, not samba) How do I get locking to work outside Libre Office. Nothing else seems to work. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba runs only in interactive mode
Hi, We have migrated our old Win2000 AD domain (~ 1000 user accounts) to Samba 4.0.7 AD, but some things doesn't work as expected (samba process crashes a few times a day/week with PANIC without any noticeable reason; samba dbcheck can't fix some db errrors and so on) , and I'm trying to resolve the issues. I tested this on various servers (Debian wheezy, Ubuntu 12.04) and different samba versions (4.0.6, 4.0.7, 4.1.rc1) - the issues remain the same. Now the problem - I can run samba only in interactive mode When I run in tmux session with command /usr/local/samba/sbin/samba -i -d 3 -M single then samba accepts incoming connections/authorization and so on, until it crashes after some hours or days For example, I can access netlogon share: smbclient //vasec/netlogon -k -c exit Domain=[SKOLA] OS=[Unix] Server=[Samba 4.1.0rc1] When I run samba in daemon mode, then it stops responding (but still shows in process list) /usr/local/samba/sbin/samba -d 3 -M single smbclient //vasec/netlogon -k -c exit session setup failed: NT_STATUS_IO_TIMEOUT server log file shows nothing valuable (at least for mee): http://pastebin.com/WNPa0Lvh Any ideas how to fix or troubleshoot it? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMB throughput inquiry, Jeremy, and James' bow tie
Stan Hoeppner wrote: With FDX fast ethernet steady SMB throughput was ~8.5MB/s. FTP and HTTP throughput were ~11.5MB/s. With GbE steady SMB throughput is ~23MB/s, nearly a 3x improvement, making large file copies such as ISOs much speedier. However ProFTPd and Lighttpd throughput are both a steady ~48MB/s, just over double the SMB throughput. Hi Stan --- I've done a lot of in throughput testing on my home network. Now that you've made the jump to 1Gb, have you given thought to move to jumbo packet sizes? I found that moving up to a 9000 byte packet size (9014 frame size) gave the single best throughput upgrade on winXP. My best throughput rates on WinXP were in the 80-90MBps range, while on Win7, That increased to 125MB/s max write throughput and 119MB/s max read throughput. The reads are 6% slower due to the round-trip time it takes the requester to do the next read. Without that you are unlikely to get more than 40-50MB/s. In my recent testing with a 20Mb connection (An intel 540 dual-interface card at each end, wired straight through, end-to-end (no intervening switches). I further optimized my test setup and wrote a test prog to help my testing: /h iotest iotest [-h]|[BlockSize]; Using Defaults: Count 128 × BS 64M R:128×64M: 8.0GB:18.28s:448.0MB/s W:128×64M: 8.0GB:15.15s:540.7MB/s I only got it a few months back, and haven't made much progress in getting it any faster -- hitting Samba's single threaded limits -- based on the protocol's single threaded server/user design. When I say I optimized my test setup -- I separated network throughput testing from disk-performance. They need to be tackeled separately, and both are important. Note I am using 64MB transfer sizes for my file in the test... as that is about about the largest optimal for this setup. I sometimes get around same perf with 32MB xfer sizes, but higher and lower, I start experiencing drop-offs: /h iotest 32M R:256×32M: 8.0GB:18.59s:440.5MB/s W:256×32M: 8.0GB:14.68s:557.9MB/s /h iotest 16M R:512×16M: 8.0GB:26.58s:308.2MB/s W:512×16M: 8.0GB:16.74s:489.2MB/s /h iotest 8M R:1K×8M: 8.0GB:24.75s:330.9MB/s W:1K×8M: 8.0GB:19.31s:424.1MB/s /h iotest 4M R:2K×4M: 8.0GB:27.13s:301.9MB/s W:2K×4M: 8.0GB:22.29s:367.5MB/s /h iotest 128M R:64×128M: 8.0GB:21.00s:390.0MB/s W:64×128M: 8.0GB:15.03s:544.7MB/s Note -- I haven't tested with ftp or http. My only other testing was with 'scp' which doesn't compete at all with SMB due to the encryption overhead. As a ballpark, a quick run (output looks different due to it being a different machine w/differently installed base HW) over a 1Gb gave (note, this was recorded with me logged in via remote desktop over the same connection). iotest R:512+0 records in 512+0 records out 4294967296 bytes (4.3 GB) copied, 37.2361 s, 115 MB/s W:512+0 records in 512+0 records out 4294967296 bytes (4.3 GB) copied, 36.1117 s, 119 MB/s -- You'll find that switching to jumbo packets will give you a 3x-4x improvement, maybe higher or lower depending on your network cards and such. --- After that you also need to tune the TCP/IP stacks on the server and client (WinXP can benefit from tuning more than Win7), linux has lots of nobs as well. Google is your friend, and I could say more, but this note is too long already... Hope that gives you some ideas. oh... to separate the network from disk testing, use cygwin on client. on server create devices in your home directory for /dev/zero (as a source device) and /dev/null (as a target). Cheers, Linda -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SOLVED: Re: samba runs only in interactive mode
On 07/31/2013 07:06 PM, Gints Neimanis wrote: When I run samba in daemon mode, then it stops responding (but still shows in process list) /usr/local/samba/sbin/samba -d 3 -M single smbclient //vasec/netlogon -k -c exit session setup failed: NT_STATUS_IO_TIMEOUT When samba is run in daemon mode and removed -M single: /usr/local/samba/sbin/samba -d 3 then server is running and responding as expected. G. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Intermittent access to Sysvol/Netlogon shares
After some digging, I believe it to be an issue where samba-tool demote does not remove the DFS records. This causes clients to attempt to map \\domain\ with a DC that is unavailable, giving the error. A manual solution is to remove the bad entries from CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain. I've filed a bug report. https://bugzilla.samba.org/show_bug.cgi?id=10060 - Original Message - From: Mike Ray m...@xes-inc.com To: samba@lists.samba.org Sent: Tuesday, July 30, 2013 2:14:30 PM Subject: [Samba] Intermittent access to Sysvol/Netlogon shares Hello all- Cutting to the chase, I'm noticing varying/intermittent access to the netlogon and sysvol shares. All clients are windows 7 and samba is 4.0.6. Some clients are able to run 'gpupdate /force' and will successfully apply updates. Other clients fail out on this and state that it can't read the default domain policy GPT.INI file from \\domain\ When I try to manually navigate there, I can connect to \\domain\ but am denied access to both netlogon and sysvol with an 'access denied, internal error' message. Connecting to either DC via \\dc\ works and from there, for the clients that failed \\domain\ it seems to be arbitrary if they can browse the entire directory (no relation to nltest /dsgetdc). Additionally, they might not be able to access say netlogon, but if i browse through sysvol, I can get into what is the netlogon folder no problem. Clients that have no issue connecting to \\domain\ are equally able to browse all parts of \\dc\. samba-tool ntacl sysvolcheck, samba-tool drs showrepl, samba_dnsupdate --verbose and samba-tool dbcheck all report zero errors. There is presently nothing in the logs either. Of the two DCs, for the last week or so, one of them was panicking internally and crashing to an weird state every few minutes; a patch provided by Andrew Bartlett has since stopped that behavior. If that DC is the only one running or if the other one is running concurrently, seemingly random clients will experience the above issues and some will be fine. If the DC who didn't have that glitch is the only one running, it appears that this issue does not ever occur. Anyone have any clue what might be so messed up with that first DC? -Mike Ray -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem to demote samba4 dc
Hi all, I recently migrated our samba 3 domain to an AD domain using Samba 4 classic upgrade tool. Well, every seems to work fine since i'm still alive ;) . I promoted a Windows 2k8 box as a new DC of this domain and I transfer the 5 FSMO roles to it. Now I would like to demote the Samba4 DC but when I tried I got this message : # samba-tool domain demote ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC When check the fsmo roles status via samba-tool fsmo show it confirms that the Samba 4 DC doesn't own anything. How can I manage to demote the Samba 4 box ? Best regards, Davy. -- Davy HUBERT DSI/SMI - Unité Systèmes Université Paul-Valéry, Montpellier 3 davy.hub...@univ-montp3.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Correct NTP Settings for Samba 4.0.6?
Hi Andrew, I've been struggling silently with this for quite awhile. With pretty much an identical set-up (save for my W7 machines being handled by Virtual Box) I'm at my wit's end. A tcpdump initially revealed that the server with Samba4(.0.7) and NTP was being sent packets, but never returning them. Similarly, a Linux box was caught in stratum 16. Both of these problems were resolved after amending the ntp.conf file to allow IP's from a specified subnet. So in my case: restrict 192.168.1.128 mask 255.255.255.128 nomodify notrap nopeer Now I get this: C:\Users\administratorw32tm /monitor sambaf.sambafour. http://sambaf.sambafour.co.ecacs16.ab.ca/LOCAL *** PDC ***[192.168.1.131:123]: ICMP: 0ms delay NTP: +0.000s offset from sambaf.sambafour.http://sambaf.sambafour.co.ecacs16.ab.ca/ LOCAL RefID: mx2.trentu.ca [192.75.12.11] Stratum: 3 Warning: Reverse name resolution is best effort. It may not be correct since RefID field in time packets differs across NTP implementations and may not be using IP addresses. BUT, I still get this: C:\Users\administratorw32tm /resync /rediscover Sending resync command to local computer The computer did not resync because no time data was available. C:\Users\administratorw32tm /config /syncfromflags:DOMHIER /update The command completed successfully. C:\Users\administratorw32tm /query /source Local CMOS Clock Tried it all. Disabled Windows firewalls, set iptables, net stop/start, register/unregister, included the signdsocket directory in both the smb and ntp configuration files. I'm really surprised to hear that you received mixed results based on how you launched the ntp service. I've had no such luck. So I'm pretty baffled. Time drift is potentially a massive issue where we deploy machines due to PEBKAC. I hate to piggyback on an issue, but any insight anyone might have would be appreciated. On Sat, Jul 27, 2013 at 10:43 PM, Andrew Martin amar...@xes-inc.com wrote: - Original Message - From: Thomas Simmons twsn...@gmail.com To: Andrew Martin amar...@xes-inc.com Cc: samba@lists.samba.org Sent: Saturday, July 27, 2013 7:07:59 PM Subject: Re: [Samba] Correct NTP Settings for Samba 4.0.6? Your Windows client is not able to access the NTP server, which is why w32tm /resync fails and the reason for the NTP: ERROR_TIMEOUT - no response from server in 1000ms error when running w32tm /monitor. Why? I can't say. Can you setup a Linux box to use this server for NTP and run ntpdate as a test? I've seen this when there is a flaky network connection (traffic, wifi, or when the DC is a VMware VM under certain situations). Your DC is not a VM is it? On Sat, Jul 27, 2013 at 4:15 PM, Andrew Martin amar...@xes-inc.com wrote: - Original Message - From: Andrew Martin amar...@xes-inc.com To: Thomas Simmons twsn...@gmail.com Cc: samba@lists.samba.org Sent: Saturday, July 27, 2013 2:31:21 PM Subject: Re: [Samba] Correct NTP Settings for Samba 4.0.6? - Original Message - From: Thomas Simmons twsn...@gmail.com To: Andrew Martin amar...@xes-inc.com Cc: samba@lists.samba.org Sent: Saturday, July 27, 2013 12:26:57 PM Subject: Re: [Samba] Correct NTP Settings for Samba 4.0.6? Running w32tm /config /update /syncfromflags:DOMHIER net stop w32time net start w32time should make the client query the directory for it's time server. You can verify the configuration with w32tm /query /configuration and look for the Type to be NT5DS. This means it's using AD. You can also run w32tm /monitor and the Windows time service will go through the processes of querying the directory to find a time server, then verify it's accessible. If that works, all is working. I found w32tm /monitor will fail if you have your domain functional level at 2008 or 2008_R2. I don't know if this is a bug in Samba as I haven't had time to test against a real 2008+ server. Just know it's to be expected. On Sat, Jul 27, 2013 at 12:58 PM, Andrew Martin amar...@xes-inc.com wrote: - Original Message - From: Thomas Simmons twsn...@gmail.com To: Andrew Martin amar...@xes-inc.com Cc: samba@lists.samba.org Sent: Saturday, July 27, 2013 11:03:49 AM Subject: Re: [Samba] Correct NTP Settings for Samba 4.0.6? The ls -l command you ran shows the ntp_signd directory is empty, so it looks like samba is not creating the socket (at least in that location). Do you have the ntp signd socket directory option in your smb.conf? If not, try manually it to smb.conf: ntp signd socket directory = /var/run/samba/ntp_signd Apart from that, my suggestion would be to stop
Re: [Samba] ./configure LDAP checks failing on AIX
On Tue, 2013-07-30 at 11:47 +0200, Gilles Pion wrote: Note that with the following fix to .source3/wscript the check is successfull, replaced conf.CHECK_FUNCS_IN('ldap_init ldap_init_fd ldap_initialize ldap_set_rebind_proc', 'ldap') conf.CHECK_FUNCS_IN('ldap_add_result_entry', 'ldap') by conf.CHECK_FUNCS_IN('ldap_init ldap_init_fd ldap_initialize ldap_set_rebind_proc', 'ldap', headers='ldap.h lber.h') conf.CHECK_FUNCS_IN('ldap_add_result_entry', 'ldap', headers='ldap.h') Very interesting! That we certainly can fix, thanks for the heads-up! Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ./configure LDAP checks failing on AIX
On Tue, 2013-07-30 at 11:47 +0200, Gilles Pion wrote: Note that with the following fix to .source3/wscript the check is successfull, replaced conf.CHECK_FUNCS_IN('ldap_init ldap_init_fd ldap_initialize ldap_set_rebind_proc', 'ldap') conf.CHECK_FUNCS_IN('ldap_add_result_entry', 'ldap') by conf.CHECK_FUNCS_IN('ldap_init ldap_init_fd ldap_initialize ldap_set_rebind_proc', 'ldap', headers='ldap.h lber.h') conf.CHECK_FUNCS_IN('ldap_add_result_entry', 'ldap', headers='ldap.h') Very interesting! That we certainly can fix, thanks for the heads-up! Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 - classicupgrade - problem - passdb.error uncaught exception - Cannot load backend methods for 'ldapsam:ldap://localhost' backend NT_STATUS_CANT_ACCESS_DOMAIN_INFO
On Wed, 2013-07-31 at 15:41 +0530, itsaheb wrote: Thanks Andrew for your reply. This time i have setup Samba4 on new test server but im still getting the same error message: # /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/samba3/ --use-xattrs=yes --realm=mydomain.com /samba3/smb.conf --dns-backend=BIND9_DLZ This is clearly your issue: smbldap_search_domain_info: Problem during LDAPsearch: Timed out If your LDAP server is timing out, there is no hope Samba can upgrade this domain. You need to work out why this happens. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Slow FIND_FIRST2 response
On Tue, Jul 30, 2013 at 12:56:18PM -0400, Ryan Bair wrote: I'm running Samba 4.0.7 on CentOS 6.4 running double duty as DC and file server. OS X clients are taking a _long_ time to list long directories. One directory with 10K entries is taking 3-4 minutes to display the entries in Finder. I captured a few seconds worth of packets and noticed that it's doing three requests per file: 1. NTCreateAndX - just opens the file 2. Close 3. FIND_FIRST2 - to look for the resource fork The first two happen extremely fast, the 3rd one is the kicker. Samba is taking about 0.025 seconds to return a response to the client (usually no such file status). Multiple that by 10K requests and you have a few minutes on your hands. I'm guessing the problem is that Samba must honor case-insensitivity for the lookup which is likely an expensive operation. Is there anyway to speed this up? Only by giving me a case-insensitive file system on CentOS 6.4 :-). Otherwise, look at this: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/largefile.html The hard part is this: First, you need to canonicalize all the files in the directory to have one case, upper or lower, take your pick Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to solve: client XXX.XXX.XXX.XXX#55873: update 'XXX/IN' denied ---samba_dlz: cancelling transaction on zone
Hi Daniel, On Wed, Jul 31, 2013 at 10:46 PM, Daniel Müller muel...@tropenklinik.dewrote: Dear all, how can I solve the issue with samba 4 bind_dlz , when a windows client is joined to the domain I get this error,ex.: 4master named[2814]: client 192.168.135.126#55873: update 'tplk.loc/IN' denied Jul 31 14:29:17 s4master named[2814]: samba_dlz: cancelling transaction on zone tplk.loc I can add the client to the dns by hand: samba-tool dns add s4master tplk.loc EDV2 A 192.168.135.126 -Uadministrator but this is no solution!? Windows would usually try to update record insecurely first and if that fails, it would retry using secure updates. In that case you will see the failures as you have mentioned and there would be secure updates which will complete successfully. Amitay. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] UIDs/GIDs Mapping and Permissions in Samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I'm wondering how essential it is to ensure that Samba User/Group to UIDs/GIDs mapping across various Samba servers remain consistent. I realise that Samba uses the extended ACLs and also uses extended attributes to store blobs of Windows ACL information; specifically the reason for this is that Windows ACLs don't map 1:1 with POSIX ones. Basically, I want to know more about which Samba uses, how much it tries to keep the two in sync, etc. For example, a moment ago I changed the POSIX ACLs on a file that already had a security.NTACL glob in the extended attributes; and my change to the POSIX ACL didn't show up in the Security Properties information for that file. By far the best documentation that I've found so far is this thread, which might be out of date now and still leaves me unsure; as this suggests that the security.NTACL glob should have been updated. https://lists.samba.org/archive/samba/2011-February/160799.html For that specific test, I was running quite an old file server (Samba 3.4.7) because it was what I had installed on an old machine. Any information would be greatly appreciated. Kind regards, - -- Chris Hayes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJR+bRsAAoJELgO0A8EguAKXpEH/Awlyq1856PAzRpGSRWGZ9Aw nuY85q3yrOWq1MkjAti4GLa34gu39HAHaw6kaz06rpZPlVOfR1ICFbq08GbPzR3j RCBRbVG7Ai/zUx99ey8ByINq5OmkClW5h9uJCGfPuM6+keJwwj4gT6BiY8FrM3mB Vk1BeYhzZciEXoy/uyP3dnbxWmV9LYGZWXSqwR2lC3ge6jFWRQyL9IES+1+7Ab/7 d+Qj+ObBZffLP5Gxmw3ETPpCMvrexM33B2VAIF5XLMaG+bbukFt8o2uW1UpFiaah AWMdHJbqqAlT7IZD87U5io+ZfKrDvz8tmej4m6LzzJSJD49VzDCAV/4h0sW6U8c= =soq+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Correct NTP Settings for Samba 4.0.6?
Hi Andrew Did you comile NTP with --enable-ntp-signd ? If you run 'ntpd -d' as root do you see: transmit ntp_signd packet: at 44 XX.XX.XX.XX-XX.XX.XX.XX mode 4 keyid 5004 len 68 - Murray On Sun, Jul 28, 2013 at 2:43 PM, Andrew Martin amar...@xes-inc.com wrote: - Original Message - From: Thomas Simmons twsn...@gmail.com To: Andrew Martin amar...@xes-inc.com Cc: samba@lists.samba.org Sent: Saturday, July 27, 2013 7:07:59 PM Subject: Re: [Samba] Correct NTP Settings for Samba 4.0.6? Your Windows client is not able to access the NTP server, which is why w32tm /resync fails and the reason for the NTP: ERROR_TIMEOUT - no response from server in 1000ms error when running w32tm /monitor. Why? I can't say. Can you setup a Linux box to use this server for NTP and run ntpdate as a test? I've seen this when there is a flaky network connection (traffic, wifi, or when the DC is a VMware VM under certain situations). Your DC is not a VM is it? On Sat, Jul 27, 2013 at 4:15 PM, Andrew Martin amar...@xes-inc.com wrote: - Original Message - From: Andrew Martin amar...@xes-inc.com To: Thomas Simmons twsn...@gmail.com Cc: samba@lists.samba.org Sent: Saturday, July 27, 2013 2:31:21 PM Subject: Re: [Samba] Correct NTP Settings for Samba 4.0.6? - Original Message - From: Thomas Simmons twsn...@gmail.com To: Andrew Martin amar...@xes-inc.com Cc: samba@lists.samba.org Sent: Saturday, July 27, 2013 12:26:57 PM Subject: Re: [Samba] Correct NTP Settings for Samba 4.0.6? Running w32tm /config /update /syncfromflags:DOMHIER net stop w32time net start w32time should make the client query the directory for it's time server. You can verify the configuration with w32tm /query /configuration and look for the Type to be NT5DS. This means it's using AD. You can also run w32tm /monitor and the Windows time service will go through the processes of querying the directory to find a time server, then verify it's accessible. If that works, all is working. I found w32tm /monitor will fail if you have your domain functional level at 2008 or 2008_R2. I don't know if this is a bug in Samba as I haven't had time to test against a real 2008+ server. Just know it's to be expected. On Sat, Jul 27, 2013 at 12:58 PM, Andrew Martin amar...@xes-inc.com wrote: - Original Message - From: Thomas Simmons twsn...@gmail.com To: Andrew Martin amar...@xes-inc.com Cc: samba@lists.samba.org Sent: Saturday, July 27, 2013 11:03:49 AM Subject: Re: [Samba] Correct NTP Settings for Samba 4.0.6? The ls -l command you ran shows the ntp_signd directory is empty, so it looks like samba is not creating the socket (at least in that location). Do you have the ntp signd socket directory option in your smb.conf? If not, try manually it to smb.conf: ntp signd socket directory = /var/run/samba/ntp_signd Apart from that, my suggestion would be to stop apparmor and iptables for testing and run ntp and samba with verbose logging on and see what it says. Also, what does w32tm /query /source and w32tm /monitor show on the client? On Sat, Jul 27, 2013 at 11:39 AM, Andrew Martin amar...@xes-inc.com wrote: - Original Message - From: Thomas Simmons twsn...@gmail.com To: Andrew Martin amar...@xes-inc.com Cc: samba@lists.samba.org Sent: Saturday, July 27, 2013 10:33:49 AM Subject: Re: [Samba] Correct NTP Settings for Samba 4.0.6? On Sat, Jul 27, 2013 at 2:26 AM, Andrew Martin amar...@xes-inc.com wrote: Hello, I recently compiled Samba 4.0.6 (as an AD DC) and am running it on Ubuntu 12.04. I followed the instructions on the Samba wiki ( https://wiki.samba.org/index.php/Configure_NTP ) for how to configure ntp, however the domain clients are rejecting the DCs as being acceptable time sources. Below is my ntp.conf: server 127.127.1.0 fudge 127.127.1.0 stratum 10 server 0.pool.ntp.org iburst prefer server 1.pool.ntp.org iburst prefer driftfile /var/lib/ntp/ntp.drift logfile /var/log/ntp ntpsigndsocket /var/run/samba/ntp_signd restrict default kod nomodify notrap nopeer mssntp restrict 127.0.0.1 restrict 0.pool.ntp.org mask 255.255.255.255 nomodify
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-07-31-1140/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-07-31-1140/samba3.stderr http://git.samba.org/autobuild.flakey/2013-07-31-1140/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-07-31-1140/samba.stderr http://git.samba.org/autobuild.flakey/2013-07-31-1140/samba.stdout The top commit at the time of the failure was: commit 7615b2549d9549683978cb3e85b926e2ba63e294 Author: Andrew Bartlett abart...@samba.org Date: Sun Apr 14 13:32:49 2013 +1000 samba-tool dbcheck: Correctly remove deleted DNs in dbcheck The previous pattern never matched, as it was a typo. Andrew Bartlett Signed-off-by: Andrew Bartlett abart...@samba.org Reviewed-by: Stefan Metzmacher me...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Tue Jul 30 12:55:00 CEST 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f9d19c4 Ensure gpfs kernel leases are wrapped in a become_root()/unbecome_root() pair. via 1af8b07 Wrap setting leases in become_root()/unbecome_root() to ensure correct delivery of signals. via 63db069 torture: add LOCAL-sid_to_string testcase via 1a21bc0 torture: add more string_to_sid torture testcases via edd3302 libcli: fix conversion logic in dom_sid_string_buf via 34d3639 libcli: fix conversion logic in dom_sid_parse_endp via ba9d861 wbclient: fix conversion logic in wbcSidToStringBuf via 1a4ec0b wbclient: fix conversion logic in wbcStringToSid via afcc7be schannel: Fix an unused variable from 7615b25 samba-tool dbcheck: Correctly remove deleted DNs in dbcheck http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f9d19c459f01d6e316a4a74a900c69424962eae0 Author: Ralph Wuerthner ral...@de.ibm.com Date: Wed Jul 31 16:33:48 2013 -0700 Ensure gpfs kernel leases are wrapped in a become_root()/unbecome_root() pair. Ensures correct lease owner for signal delivery. Signed-off-by: Ralph Wuerthner ral...@de.ibm.com Reviewed-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Thu Aug 1 03:57:11 CEST 2013 on sn-devel-104 commit 1af8b0792913d3f280b5da0802e04df063f9f59e Author: Jeremy Allison j...@samba.org Date: Wed Jul 31 16:32:20 2013 -0700 Wrap setting leases in become_root()/unbecome_root() to ensure correct delivery of signals. Remove workaround for Linux kernel bug https://bugzilla.kernel.org/show_bug.cgi?id=43336 as we don't need to set capabilities when we're already root. Signed-off-by: Jeremy Allison j...@samba.org Reviewed-by: Simo Sorce i...@samba.org commit 63db0694c45b1ce59b9232f0690226fce39f9c28 Author: Jeff Layton jlay...@samba.org Date: Wed Jul 31 10:38:23 2013 -0400 torture: add LOCAL-sid_to_string testcase Signed-off-by: Jeff Layton jlay...@redhat.com Reviewed-by: Jeremy Allison j...@samba.org commit 1a21bc04830958a8058d7304921c836edd63586e Author: Jeff Layton jlay...@samba.org Date: Wed Jul 31 10:38:22 2013 -0400 torture: add more string_to_sid torture testcases Signed-off-by: Jeff Layton jlay...@redhat.com Reviewed-by: Jeremy Allison j...@samba.org commit edd3302ad46fd70a8e5472f32f41aa4d8305f4e5 Author: Jeff Layton jlay...@samba.org Date: Wed Jul 31 10:38:21 2013 -0400 libcli: fix conversion logic in dom_sid_string_buf Signed-off-by: Jeff Layton jlay...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit 34d3639305bed5fd202114044fc76e53980dfee4 Author: Jeff Layton jlay...@samba.org Date: Wed Jul 31 10:38:20 2013 -0400 libcli: fix conversion logic in dom_sid_parse_endp Signed-off-by: Jeff Layton jlay...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit ba9d8612e3f66fa7c8c1999c26c658167124b18f Author: Jeff Layton jlay...@samba.org Date: Wed Jul 31 10:38:19 2013 -0400 wbclient: fix conversion logic in wbcSidToStringBuf Might as well fix it to handle large authority values properly. Also correct some of the formatting. Signed-off-by: Jeff Layton jlay...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit 1a4ec0b885f95b481d9df6461bd4a8e8fd175f53 Author: Jeff Layton jlay...@samba.org Date: Wed Jul 31 10:38:18 2013 -0400 wbclient: fix conversion logic in wbcStringToSid Signed-off-by: Jeff Layton jlay...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit afcc7beea590f6d480fcfa2e9b2540abee96f549 Author: Volker Lendecke v...@samba.org Date: Wed Jul 31 21:58:25 2013 +0200 schannel: Fix an unused variable Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org --- Summary of changes: libcli/auth/schannel_state_tdb.c |1 - libcli/security/dom_sid.c| 57 ++- nsswitch/libwbclient/wbc_sid.c | 70 - source3/modules/vfs_gpfs.c |6 +++ source3/selftest/tests.py|1 + source3/smbd/oplock_linux.c | 33 +++--- source3/torture/torture.c| 46 + 7 files changed, 144 insertions(+), 70 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c index 8f9c1f0..8c893ee 100644 --- a/libcli/auth/schannel_state_tdb.c +++ b/libcli/auth/schannel_state_tdb.c @@ -284,7 +284,6 @@ NTSTATUS schannel_check_creds_state(TALLOC_CTX *mem_ctx, struct db_context *db_sc; struct netlogon_creds_CredentialState *creds;
[SCM] CTDB repository - branch master updated - ctdb-2.3-31-g824dcec
The branch, master has been updated via 824dcec35ec461d78e22b2ea109473b32bfe3972 (commit) via f6b066a23610fb0092298861c21a9b354b91e2f1 (commit) via 10a057d8e15c8c18e540598a940d3548c731b0b4 (commit) via 7e7e59c4047c78159387089eca65d90037bcf722 (commit) via 32c83e209823e9a4d6306bb7fd63d4500f3e2668 (commit) via fcf77dec5af973a0e32f3999bc012053a6f47a96 (commit) via 049d9beb3783482490e6273a434ccbad23f85f0a (commit) via ab35773518ad15588013f4d859f7bee790437450 (commit) via fde4b4db5a57f75c5efa5647c309f33e0d5a68f3 (commit) via e73b2e12adc9db1dedb48d32bba3a8406a80f4cd (commit) via 023ca2e84f5ed064a288526b9c2bc7e06674dd81 (commit) from 57aa2dffea60abd73a95233f8b761cc676adebb6 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit 824dcec35ec461d78e22b2ea109473b32bfe3972 Author: Amitay Isaacs ami...@gmail.com Date: Tue Jul 30 14:17:55 2013 +1000 ctdbd: Print set db sticky message after it's set Signed-off-by: Amitay Isaacs ami...@gmail.com commit f6b066a23610fb0092298861c21a9b354b91e2f1 Author: Amitay Isaacs ami...@gmail.com Date: Tue Dec 4 18:27:10 2012 +1100 tests: Add a test program to hold a lock on a database Signed-off-by: Amitay Isaacs ami...@gmail.com commit 10a057d8e15c8c18e540598a940d3548c731b0b4 Author: Amitay Isaacs ami...@gmail.com Date: Tue Jul 30 12:45:01 2013 +1000 recoverd: Use correct tdb flags when creating missing databases When creating missing databases either locally or remotely, make sure to use the correct tdb flags from other nodes. Without this, volatile databases can get attached without TDB_INCOMPATIBLE_HASH flag. Signed-off-by: Amitay Isaacs ami...@gmail.com commit 7e7e59c4047c78159387089eca65d90037bcf722 Author: Amitay Isaacs ami...@gmail.com Date: Thu Aug 1 11:07:59 2013 +1000 client: Always use jenkins hash when attaching volatile databases Signed-off-by: Amitay Isaacs ami...@gmail.com commit 32c83e209823e9a4d6306bb7fd63d4500f3e2668 Author: Amitay Isaacs ami...@gmail.com Date: Mon Jul 29 13:50:44 2013 +1000 recoverd: Make sure to use jenkins hash for recovery databases Signed-off-by: Amitay Isaacs ami...@gmail.com commit fcf77dec5af973a0e32f3999bc012053a6f47a96 Author: Amitay Isaacs ami...@gmail.com Date: Mon Jul 22 17:26:28 2013 +1000 recoverd: Assemble up-to-date node flags information from remote nodes Currently nodemap used by recovery master is the one obtained from the local node. This information may have been updated while processing main loop. Before comparing node flags on all the nodes, create up-to-date node flags information based on the information received from all the nodes. Signed-off-by: Amitay Isaacs ami...@gmail.com commit 049d9beb3783482490e6273a434ccbad23f85f0a Author: Amitay Isaacs ami...@gmail.com Date: Mon Jul 15 16:35:30 2013 +1000 tools/ctdb: Only print the hot records with non-zero hopcount Signed-off-by: Amitay Isaacs ami...@gmail.com commit ab35773518ad15588013f4d859f7bee790437450 Author: Amitay Isaacs ami...@gmail.com Date: Mon Jul 15 16:32:40 2013 +1000 ctdbd: Don't consider a hot record if the hopcount is zero Signed-off-by: Amitay Isaacs ami...@gmail.com commit fde4b4db5a57f75c5efa5647c309f33e0d5a68f3 Author: Amitay Isaacs ami...@gmail.com Date: Fri Jul 12 17:33:13 2013 +1000 ctdbd: Fix updating of hot keys in database statistics Signed-off-by: Amitay Isaacs ami...@gmail.com commit e73b2e12adc9db1dedb48d32bba3a8406a80f4cd Author: Amitay Isaacs ami...@gmail.com Date: Mon Jul 15 15:24:11 2013 +1000 ctdbd: Remove incomplete ctdb_db_statistics_wire structure Instead of maintaining another structure, add an element as place holder for marshall buffer of hot keys. This avoids duplication of the structure. Signed-off-by: Amitay Isaacs ami...@gmail.com commit 023ca2e84f5ed064a288526b9c2bc7e06674dd81 Author: Amitay Isaacs ami...@gmail.com Date: Mon Jul 15 14:52:07 2013 +1000 Revert ctdbd: Remove incomplete ctdb_db_statistics_wire structure The structure cannot be removed without adding support for marshalling keys for hot records. This reverts commit 26a4653df594d351ca0dc1bd5f5b2f5b0eb0a9a5. Signed-off-by: Amitay Isaacs ami...@gmail.com --- Summary of changes: Makefile.in |6 - client/ctdb_client.c | 20 + include/ctdb_client.h |2 +- include/ctdb_private.h|4 +++ include/ctdb_protocol.h | 10 libctdb/control.c | 22 --- server/ctdb_call.c| 23 ++-- server/ctdb_control.c | 15 ++--- server/ctdb_ltdb_server.c |