Re: [Samba] moodle + samba4 authentication
2013-08-14 20:50 keltezéssel, Darek Frączkiewicz írta: hello, has anyone tried to log in from Moodle to samba4 AD users? I can't config LDAP authentication. Through MS ActiveDirectory doesn't work. Pozdrowienia -- Darek Frączkiewicz daf...@gmail.com It is working for us. What isn't working for you? What moodle version (we use 2.x) Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trying to Join a Working W2K3 AD
Hello Kevin, hello Eli, Am 15.08.2013 05:48, schrieb Kevin Field: I get to the step /usr/local/samba/bin/samba-tool dns add 192.168.1.252 _msdcs.domain.co.il 2d59ac49-1175-4656-943e-d556baa242cb CNAME DC2.domain.co.il -Uadministrator I get the following error message: ERROR(runtime): uncaught exception - (9601, 'WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST') File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py, line 1053, in run 0, server, zone, name, add_rec_buf, None) Is 192.168.1.252 is the already existing DNS on your W2k3 Server or is it the IP of your Samba DC? It should be the IP of your existing DNS server, because Samba isn't up at that time. You can also add the record through the MS DNS Console on windows. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Delegation
Hi, It has been a while that I did not come back to this topic, however I think I found a work-around for my initial problem. For information, what I was trying to do was: - Create an OU for a group of applications - Delegate control of this OU to a normal user (not helpdesk or domain admin) to be able to create groups and assign domain users to them The problem was, whenever I used Security Groups the delegation did not work. Impossible for the user to whom I delegated group creation and modifaction rights of the ou to add or remove domain users. The work-around (since Security Groups are all to picky) -- Use Distribution Groups. Once I created distribution groups in the OU I was able to freely assing users to them and remove them as required. Now this is definetly not best pratice, but until the same is possible in an easy way with Security Groups this will well serve the purpose. Cheers best, Andreas PS: Marc thx a lot for your help before - since I read a bit more about GIT, I know understand much better the Samba4 building howto and how to get the latest stable version. It's all good now ;-) *On 08 May 2013 23:00, Marc Muehlfeld has written: * Hello Andreas, Am 08.05.2013 20:08, schrieb Andreas Krupp: Thx a lot for the quick reply. I will try to upgrade or possibly reinstall my Samba4 Instance. At the moment the command returns me: 4.1.Opre1-GIT-5f2edd1 I guess that is not really right version or the latest release. I tried your command to reset the ACLs but that command is not part of my dbcheck. I tried and could not find your command in the list either. So I am starting to think that my problems maybe come from the entire version. I will set up a VM, reinstall centos + samba4 and see if that works better :) The '--reset-well-known-acls' option was introduced in 4.0.5 (this is the latest version). Maybe someone else on the list can say if you can switch from your git version to 4.0.5. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 + Winbind + PAM Installation/Configuration
Hello, Now that I have my Samba4 DC running great on CentOS6.4 I was wondering if somebody could help understand better how to install and configure Samba4 with winbind and PAM. I used the tutorial here: [http://wiki.samba.org/index.php/Samba4/Winbind](http://wiki.samba.org/index.php/Samba4/Winbind) This got me through to the point where Using pam_winbind starts. Could anybody help me understand how to do these steps + compile samba4 with pam_winbind on CentOS 6.4? I am more than willing to update the wiki page after that ;-) My questions in detail are: - How do I compile/install Samba4 with pam_winbind support and which prerequisits do I need to install with yum before doing that? - Which pam configuration files do I have to change on CentOS6.4? Cheers thx, Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Delegation
Hello Andreas, Am 15.08.2013 11:07, schrieb Andreas Krupp: For information, what I was trying to do was: - Create an OU for a group of applications - Delegate control of this OU to a normal user (not helpdesk or domain admin) to be able to create groups and assign domain users to them - What where the exact steps you did? - On what Samba version? - Did you run 'samba-tool dbcheck --reset-well-known-acls --fix' to reset the ACLs? This is recommented for 4.0.5 and higher, if you provisioned your domain with an earlier version to fix missing ACLs. (If you haven't done yet, remember, that you'll loose your current delegations!) The problem was, whenever I used Security Groups the delegation did not work. Impossible for the user to whom I delegated group creation and modifaction rights of the ou to add or remove domain users. The work-around (since Security Groups are all to picky) -- Use Distribution Groups. Once I created distribution groups in the OU I was able to freely assing users to them and remove them as required. Now this is definetly not best pratice, but until the same is possible in an easy way with Security Groups this will well serve the purpose. If it's reproducable, you should open a bug report with the exact steps and a level 10 debug log, to get this fixed in future. PS: Marc thx a lot for your help before - since I read a bit more about GIT, I know understand much better the Samba4 building howto and how to get the latest stable version. It's all good now ;-) If you are using versions from git, remember, that they can contain code that shouldn't be used for production yet. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 + Winbind + PAM Installation/Configuration
Just install pam and pam-devel And: /etc/nsswitch.conf: passwd: files winbind shadow: files group: files winbind And: ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2 Test now: [root@s4master lib]# ldconfig -v | grep winbind ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-358.11.1.el6.x86_64.conf:6: duplicate hwcap 1 nosegneg libnss_winbind.so - libnss_winbind.so.2 libnss_winbind.so - libnss_winbind.so.2 and it should work with getent group and getenet passwd --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Andreas Krupp Gesendet: Donnerstag, 15. August 2013 11:15 An: samba Betreff: [Samba] Samba4 + Winbind + PAM Installation/Configuration Hello, Now that I have my Samba4 DC running great on CentOS6.4 I was wondering if somebody could help understand better how to install and configure Samba4 with winbind and PAM. I used the tutorial here: [http://wiki.samba.org/index.php/Samba4/Winbind](http://wiki.samba.org/index .php/Samba4/Winbind) This got me through to the point where Using pam_winbind starts. Could anybody help me understand how to do these steps + compile samba4 with pam_winbind on CentOS 6.4? I am more than willing to update the wiki page after that ;-) My questions in detail are: - How do I compile/install Samba4 with pam_winbind support and which prerequisits do I need to install with yum before doing that? - Which pam configuration files do I have to change on CentOS6.4? Cheers thx, Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 + Winbind + PAM Installation/Configuration
On Thu, 2013-08-15 at 11:15 +0200, Andreas Krupp wrote: This got me through to the point where Using pam_winbind starts. Hi From that point: ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security then: pam-config -a --winbind Add: template shell = /bin/bash to smb.conf Do _not_ start winbindd. Best of luck. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 Delegation
Hi Marc, I will give this another try with the options you have mentioned - however, the same behavior is also present on a Microsoft Windows 2008 R2 Domain Server with the AD at 2008 R2 compatibility level. So for the moment, I have the impression that even Microsoft does not encourage ownership and delegation of security group management in a simple manner. I will keep you posted - and well, I installed a production version for my home network and doing Proof-of-Concepts in a complete enterprise domain environment. The stable releases work fine for the moment ;-) Cheers best! Andreas -Original Message- Sent: jeudi 15 août 2013 11:34 Subject: Re: [Samba] Samba4 Delegation Hello Andreas, Am 15.08.2013 11:07, schrieb Andreas Krupp: For information, what I was trying to do was: - Create an OU for a group of applications - Delegate control of this OU to a normal user (not helpdesk or domain admin) to be able to create groups and assign domain users to them - What where the exact steps you did? - On what Samba version? - Did you run 'samba-tool dbcheck --reset-well-known-acls --fix' to reset the ACLs? This is recommented for 4.0.5 and higher, if you provisioned your domain with an earlier version to fix missing ACLs. (If you haven't done yet, remember, that you'll loose your current delegations!) The problem was, whenever I used Security Groups the delegation did not work. Impossible for the user to whom I delegated group creation and modifaction rights of the ou to add or remove domain users. The work-around (since Security Groups are all to picky) -- Use Distribution Groups. Once I created distribution groups in the OU I was able to freely assing users to them and remove them as required. Now this is definetly not best pratice, but until the same is possible in an easy way with Security Groups this will well serve the purpose. If it's reproducable, you should open a bug report with the exact steps and a level 10 debug log, to get this fixed in future. PS: Marc thx a lot for your help before - since I read a bit more about GIT, I know understand much better the Samba4 building howto and how to get the latest stable version. It's all good now ;-) If you are using versions from git, remember, that they can contain code that shouldn't be used for production yet. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 + Winbind + PAM Installation/Configuration
Hello Daniel, Thx a lot for the quick reply. Actually I did all these steps already and the tests that you proposed and that are documented on the wiki are working fine. http://wiki.samba.org/index.php/Samba4/Winbind It is the next section Using pam_winbind that I cannot get to work. My goal is that I can log on to the linux box with an AD Account, or run a service with an AD account or connect via SSH with an AD account. So where I am stuck is: - I do not know which pam files to edit under CentOS - and it seems that I do not have pam_winbind.so installed/compiled with Samba4.1rc2 On the wiki it says: Ensure that you built Samba 4 with libpam0g-dev installed on your system. If not, install the PAM development libraries and re-compile Samba 4 from the ./configure.developer stage. Install pam_winbind.so in the usual place: ... and I cannot make much sense out of that. Is pam-devel = libpam0g-dev? Would you know the difference between ./configure and ./configure.developer? Cheers thx, Andreas -Original Message- From: Daniel Müller [mailto:muel...@tropenklinik.de] Sent: jeudi 15 août 2013 11:35 To: andreaskr...@akrupp.ch; 'samba' Subject: AW: [Samba] Samba4 + Winbind + PAM Installation/Configuration Just install pam and pam-devel And: /etc/nsswitch.conf: passwd: files winbind shadow: files group: files winbind And: ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2 Test now: [root@s4master lib]# ldconfig -v | grep winbind ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-358.11.1.el6.x86_64.conf:6: duplicate hwcap 1 nosegneg libnss_winbind.so - libnss_winbind.so.2 libnss_winbind.so - libnss_winbind.so.2 and it should work with getent group and getenet passwd --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Andreas Krupp Gesendet: Donnerstag, 15. August 2013 11:15 An: samba Betreff: [Samba] Samba4 + Winbind + PAM Installation/Configuration Hello, Now that I have my Samba4 DC running great on CentOS6.4 I was wondering if somebody could help understand better how to install and configure Samba4 with winbind and PAM. I used the tutorial here: [http://wiki.samba.org/index.php/Samba4/Winbind](http://wiki.samba.org/index .php/Samba4/Winbind) This got me through to the point where Using pam_winbind starts. Could anybody help me understand how to do these steps + compile samba4 with pam_winbind on CentOS 6.4? I am more than willing to update the wiki page after that ;-) My questions in detail are: - How do I compile/install Samba4 with pam_winbind support and which prerequisits do I need to install with yum before doing that? - Which pam configuration files do I have to change on CentOS6.4? Cheers thx, Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trying to Join a Working W2K3 AD
Hi Marc, On 2013-08-15 4:18 AM, Marc Muehlfeld wrote: Hello Kevin, hello Eli, Am 15.08.2013 05:48, schrieb Kevin Field: I get to the step /usr/local/samba/bin/samba-tool dns add 192.168.1.252 _msdcs.domain.co.il 2d59ac49-1175-4656-943e-d556baa242cb CNAME DC2.domain.co.il -Uadministrator I get the following error message: ERROR(runtime): uncaught exception - (9601, 'WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST') File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py, line 1053, in run 0, server, zone, name, add_rec_buf, None) Is 192.168.1.252 is the already existing DNS on your W2k3 Server or is it the IP of your Samba DC? It should be the IP of your existing DNS server, because Samba isn't up at that time. In my case, it is the IP of the W2k3 server which has a working DNS. I've also tried replacing the IP with its hostname instead as I had found suggested somewhere, but it doesn't change the outcome. You can also add the record through the MS DNS Console on windows. Thanks for the suggestion...okay, I've done that. It seemed to work: $ host -t CNAME fb9ec5fd-28a7-44a0-a784-933a41dd830a._msdcs.mydomain.lan. fb9ec5fd-28a7-44a0-a784-933a41dd830a._msdcs.mydomain.lan is an alias for newdc.mydomain.lan. However, I run sudo samba, and then check the log.samba file, and it says: [2013/08/15 08:02:33.285448, 0] ../source4/lib/tls/tlscert.c:166(tls_cert_generate) TLS self-signed keys generated OK [2013/08/15 08:02:34.371461, 0] ../lib/util/util_runcmd.c:334(samba_runcmd_io_handler) /usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure This latter error it repeats about 15-20 times. https://lists.samba.org/archive/samba/2013-February/171688.html says it may be just cosmetic. The Windows AD Replication Status Tools, after a refresh, says: NEWDC.mydomain.lan,Failed to collect data against Node 'NEWDC.mydomain.lan'. It was retried 0 time(s). The following error occurred: Domain controller NEWDC.mydomain.lan does not exist or cannot be contacted.. Type=Microsoft.Sirona.Collection.CollectionException ...but it's been saying that since I ran samba-tool successfully to join the AD. (The LDAP query succeeds, but the Get Domain Controller Replication Status is where it's failing.) ps -A | grep samba shows a bunch of samba threads running that weren't before. samba-tool drs kcc says Consistency check [...] successful. samba-tools drs showrepl gives all successes for inbound neighbours, and then just this: OUTBOUND NEIGHBORS KCC CONNECTION OBJECTS Connection -- Connection name: 90c120f5-b240-4771-a4d6-673927d63b84 Enabled: TRUE Server DNS name : olddc.mydomain.lan Server DN name : CN=NTDS Settings,CN=IN,CN=Servers,CN=mydomain-office,CN=Sites,CN=Configuration,DC=mydomain,DC=lan TransportType: RPC options: 0x0001 Warning: No NC replicated for Connection! Although, this also could just be 'cosmetic': https://lists.samba.org/archive/samba-technical/2011-November/080377.html Okay, so I'll try adding a user. samba-tool user add worked fine, says it added successfully, and I can see info about it with wbinfo. However, it doesn't show up in Active Directory Users and Computers on the old DC. Are these errors all really cosmetic? If so, why doesn't it replicate to the old dc? Thanks for your help, Kev -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 and iptables
Hi everyone, I had posted recently about getting Samba4 to work on CentOS 6.4 but having changes only replicating in one direction, from the Win2k3 AD but not back to it. I solved the problem, this time, by disabling iptables. I find it a bit hard to understand. These are the rules I have set up: *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [52:5888] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -m udp -p udp --dport 53 -m comment --comment DNS -j ACCEPT -A INPUT -m udp -p udp --dport 123 -m comment --comment NTP -j ACCEPT -A INPUT -m udp -p udp --dport 135 -m comment --comment RPC UDP -j ACCEPT -A INPUT -m udp -p udp --dport 389 -m comment --comment LDAP UDP -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 88 -m comment --comment Kerberos -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 464 -m comment --comment Kerberos Password Management -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -m comment --comment SMB CIFS -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -m comment --comment LDAP TCP -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -m comment --comment LDAP SSL -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 3268 -m comment --comment LDAP Global Catalog -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 3269 -m comment --comment LDAP Global Catalog SSL -j ACCEPT -A INPUT -p udp -m udp --dport 631 -m comment --comment CUPS -j ACCEPT -A INPUT -p tcp -m tcp --dport 631 -m comment --comment CUPS -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT Additionally, I used to have -s 10.0.0.0/8 on all of the samba-related ones, but then I couldn't connect to the new DC via the Windows AD Users and Computers tool. Take away -s, and it works. So the above is now what I have, but when iptables is enabled, I get Warning: No NC replicated for Connection! on outbound when I run samba-tool drs showrepl and I get errors like this in Windows Event Viewer: Event Type: Warning Event Source: NTDS KCC Event Category: Knowledge Consistency Checker Event ID: 1925 Date: 2013-08-15 Time: 10:21:27 AM User: NT AUTHORITY\ANONYMOUS LOGON Computer: OLDDC Description: The attempt to establish a replication link for the following writable directory partition failed. Directory partition: DC=mydomain,DC=lan Source domain controller: CN=NTDS Settings,CN=NEWDC,CN=Servers,CN=mydomain-office,CN=Sites,CN=Configuration,DC=mydomain,DC=lan Source domain controller address: fb9ec5fd-28a7-44a0-a784-933a41dd830a._msdcs.mydomain.lan Intersite transport (if any): This domain controller will be unable to replicate with the source domain controller until this problem is corrected. User Action Verify if the source domain controller is accessible or network connectivity is available. Additional Data Error value: 1722 The RPC server is unavailable. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. - (end quote) Also, the AD Replication Status Viewer tool will say that NEWDC cannot be contacted. Disable iptables, and voila, it starts reporting successful replication. IIUC it's the port 135 that allows RPC contact, which I believe my iptables config above should correctly open. If not, could someone show me where I've gone wrong here? Thanks, Kev -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] users don't replicate from W2K3 to CentOS 6.4
With iptables disabled until I can figure out appropriate rules ( http://www.spinics.net/lists/samba/msg104592.html -- what do you do then? ) I added a user using samba-tool user add. If I go to the Windows box and fire up ADUC, the user is not there, even though the AD Replication Status tool reports successful replication. If I right-click the domain in ADUC, and choose Connect to Domain Controller, I can connect to the CentOS/SerNet Samba 4.0.8 DC. When I do that, I see the same list but with my added test user, too. Unlike with iptables, drs showrepl gives a few success entries just after OUTBOUND NEIGHBORS , but then under KCC CONNECTION OBJECTS it gives the same warning as before, Warning: No NC replicated for Connection!. Nonetheless, samba-tool drs kcc from the new DC still reports a successful consistency check when given either the new DC or the old DC. (Every step of the HOWTO or other help seems to end in a new error. Since we don't make extensive use of policies, I'm tempted to set up Samba as a non-AD fileserver and just map drives from the clients.) Any help would be greatly appreciated. Thanks, Kev -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba4 - classicupgrade - problem - passdb.error uncaught exception - Cannot load backend methods for 'ldapsam:ldap://localhost' backend NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Finally its worked. I just added *following parameter in my samba3 conf file. ldap timeout = 50 * *thanks to http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#LDAPTIMEOUT * *Thank you All. * ** 2013/8/1 Andrew Bartlett abart...@samba.org On Wed, 2013-07-31 at 15:41 +0530, itsaheb wrote: Thanks Andrew for your reply. This time i have setup Samba4 on new test server but im still getting the same error message: # /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/samba3/ --use-xattrs=yes --realm=mydomain.com /samba3/smb.conf --dns-backend=BIND9_DLZ This is clearly your issue: smbldap_search_domain_info: Problem during LDAPsearch: Timed out If your LDAP server is timing out, there is no hope Samba can upgrade this domain. You need to work out why this happens. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and iptables
On 8/15/2013 10:36 AM, Kevin Field wrote: Hi everyone, I had posted recently about getting Samba4 to work on CentOS 6.4 but having changes only replicating in one direction, from the Win2k3 AD but not back to it. I solved the problem, this time, by disabling iptables. I find it a bit hard to understand. These are the rules I have set up: *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [52:5888] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -m udp -p udp --dport 53 -m comment --comment DNS -j ACCEPT -A INPUT -m udp -p udp --dport 123 -m comment --comment NTP -j ACCEPT -A INPUT -m udp -p udp --dport 135 -m comment --comment RPC UDP -j ACCEPT -A INPUT -m udp -p udp --dport 389 -m comment --comment LDAP UDP -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 88 -m comment --comment Kerberos -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 464 -m comment --comment Kerberos Password Management -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -m comment --comment SMB CIFS -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -m comment --comment LDAP TCP -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -m comment --comment LDAP SSL -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 3268 -m comment --comment LDAP Global Catalog -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 3269 -m comment --comment LDAP Global Catalog SSL -j ACCEPT -A INPUT -p udp -m udp --dport 631 -m comment --comment CUPS -j ACCEPT -A INPUT -p tcp -m tcp --dport 631 -m comment --comment CUPS -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT https://wiki.samba.org/index.php/Configure_your_firewall Are you missing UDP port 137-138 (and possibly a few others) in your IPTables? Also, try looking at the output of the following to check for ports in use: # netstat -taunp | egrep tcp.*LISTEN|udp | egrep samba|smbd One of our internal Samba servers has the following in /etc/sysconfig/iptables. You won't need the NFSCHECK chains unless you are also using NFS. # Generated by iptables-save v1.4.7 on Fri May 24 21:51:36 2013 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [48:6932] :NFSCHECK - [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 88 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 88 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 135 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 137 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 138 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 389 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 389 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 464 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 464 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 631 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 631 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 636 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 1024 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 3268 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 3269 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 5353 -j ACCEPT -A INPUT -p udp -m state --state NEW -m udp --dport 5353 -j ACCEPT -A INPUT -j NFSCHECK -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited -A NFSCHECK -s 172.30.0.0/24 -p tcp -m multiport --dports 2049,32803,892,662,111 -m comment --comment TCP for nfs, lockd, mountd, statd, portmap -j ACCEPT -A NFSCHECK -s 172.30.0.0/24 -p udp -m multiport --dports 2049,32769,892,662,111 -m comment --comment UDP for nfs, lockd, mountd, statd, portmap -j ACCEPT -A NFSCHECK -j RETURN COMMIT # Completed on Fri May 24 21:51:36 2013 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Remote linux auth vs samba4: winbind or nslcd + openldap.
I'm lost in documentation. I setup a samba4 AD, and configured winbind so I can have local authentification using pam, I can now login to AD users vía ssh. I want to achieve the Holy Gria of 1 source of users and password, for both, linux and windows machines, but I'm lost in documentation. So far I know: samba4 cann't use openldap as backend. samba4 ldap doesn't really is a full ldap. samba4 provides uid/gid mapping using winbind or nlscd So far, I'm using winbind and I can see the samba ad users added to the password database executing: getenv passwd But, after that, I'm lost. Can I impelement remote winbind at remote linux client machines? Do I need to setup a openldap proxy? If I setup an openldap proxy, should I use winbind or nslcd? openldap now uses automatic configuration, any clue to implement the openldap proxy with this type? Thanks... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] FW: Samba4 + Winbind + PAM Installation/Configuration
Hello, The steps so far worked: 1) get all of pam installed via yum install pam* 2) Then recompile samba with ./configure.developer followed by make and make install 3) Restarted Samba... and great stuff, my domain controller, settings and users are still there! This is awesome by the way! 4) linked the pam_winbind.so with ln -s /usr/local/samba/lib/security/pam_winbind.so /lib/security 5) Edited /etc/pam.d/system-auth and added the entries as described in the wiki (http://wiki.samba.org/index.php/Samba4/Winbind) All the tests but 1 are fine: Wbinfo -p (Ok) Wbinfo -u (Ok) Getent passwd (Ok) Id [User] (Ok) Ssh [user]@localhost (Fails) -- Permission denied, please try again I tried with the Administrator Account and a normal user account, both fail in the same way. Any ideas? Cheers thx, Andreas -Original Message- From: Andreas Krupp [mailto:andreaskr...@akrupp.ch] Sent: jeudi 15 août 2013 14:53 To: 'muel...@tropenklinik.de' Subject: RE: [Samba] Samba4 + Winbind + PAM Installation/Configuration Ok I will try that. Just as a possibly important follow up question: If I run ./configure.developer, then make and make install ... is my current samba domain configuration kept or will I have to start setting up the domain from scratch? Cheers thx, Andreas -Original Message- From: Daniel Müller [mailto:muel...@tropenklinik.de] Sent: jeudi 15 août 2013 14:39 To: 'Andreas Krupp' Subject: AW: [Samba] Samba4 + Winbind + PAM Installation/Configuration Yes it is pam-devel. To be shure install with yum install pam* to get all pam packages. ./configure.developer will try all possibilities. It is important to have all packages installed before compiling. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: Andreas Krupp [mailto:andreaskr...@akrupp.ch] Gesendet: Donnerstag, 15. August 2013 14:18 An: muel...@tropenklinik.de; 'samba' Betreff: RE: [Samba] Samba4 + Winbind + PAM Installation/Configuration Hello Daniel, Thx a lot for the quick reply. Actually I did all these steps already and the tests that you proposed and that are documented on the wiki are working fine. http://wiki.samba.org/index.php/Samba4/Winbind It is the next section Using pam_winbind that I cannot get to work. My goal is that I can log on to the linux box with an AD Account, or run a service with an AD account or connect via SSH with an AD account. So where I am stuck is: - I do not know which pam files to edit under CentOS and it seems that - I do not have pam_winbind.so installed/compiled with Samba4.1rc2 On the wiki it says: Ensure that you built Samba 4 with libpam0g-dev installed on your system. If not, install the PAM development libraries and re-compile Samba 4 from the ./configure.developer stage. Install pam_winbind.so in the usual place: ... and I cannot make much sense out of that. Is pam-devel = libpam0g-dev? Would you know the difference between ./configure and ./configure.developer? Cheers thx, Andreas -Original Message- From: Daniel Müller [mailto:muel...@tropenklinik.de] Sent: jeudi 15 août 2013 11:35 To: andreaskr...@akrupp.ch; 'samba' Subject: AW: [Samba] Samba4 + Winbind + PAM Installation/Configuration Just install pam and pam-devel And: /etc/nsswitch.conf: passwd: files winbind shadow: files group: files winbind And: ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib64/libnss_winbind.so ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2 Test now: [root@s4master lib]# ldconfig -v | grep winbind ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-358.11.1.el6.x86_64.conf:6: duplicate hwcap 1 nosegneg libnss_winbind.so - libnss_winbind.so.2 libnss_winbind.so - libnss_winbind.so.2 and it should work with getent group and getenet passwd --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Andreas Krupp Gesendet: Donnerstag, 15. August 2013 11:15 An: samba Betreff: [Samba] Samba4 + Winbind + PAM Installation/Configuration Hello, Now that I have my Samba4 DC running great on CentOS6.4 I was wondering if somebody could help understand better how to install and configure Samba4 with winbind and PAM. I used the tutorial here: [http://wiki.samba.org/index.php/Samba4/Winbind](http://wiki.samba.org/index .php/Samba4/Winbind) This got me through to the point where Using pam_winbind starts.
Re: [Samba] Remote linux auth vs samba4: winbind or nslcd + openldap.
Hello Andres, Am 15.08.2013 18:45, schrieb Andres Tello Abrego: I want to achieve the Holy Gria of 1 source of users and password, for both, linux and windows machines, but I'm lost in documentation. So far I know: samba4 cann't use openldap as backend. Right. samba4 ldap doesn't really is a full ldap. What do you mean by is not a full ldap? samba4 provides uid/gid mapping using winbind or nlscd Samba AD provides the backend, where the accounts are stored. To get the users to your local *nix system, you can use winbind, nslcd or sssd. Can I impelement remote winbind at remote linux client machines? What is remote winbind? Do I need to setup a openldap proxy? I would only use an openldap proxy to AD in my DMZ, because this prevents me from having a Samba AD installation there with all that open ports and Winbind on all DMZ machines. If I setup an openldap proxy, should I use winbind or nslcd? If you get your information from AD via a LDAP proxy, I guess the only solution are LDAP based tools like nslcd. I think Winbind can't access through an LDAP proxy, because it uses more than LDAP to talk to the DC (rpc or whatever). openldap now uses automatic configuration, any clue to implement the openldap proxy with this type? Automatic configuration? Here I placed e. g. a solution for an openLDAP proxy and examples for how to connect other services: https://wiki.samba.org/index.php/Authenticating_other_services_against_AD I guess it's really time, to finish my Winbind/Nslcd/SSSD page for the different methods to get the directory users to the local system. This questions are comming up very often meanwhile :-) I already started a while ago. I'll try to find some time to finish and publish it next week. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Remote linux auth vs samba4: winbind or nslcd + openldap.
How can I help :) maybe you can pass whatever you have written, tip me to mabe, use sssd What I refer to remote winbind is that. currently I have 1box with AD, I want to use that same box, that same users, to client linux... winbind worked as a charm, but I only have authentication to the machine with the AD... 2013/8/15 Marc Muehlfeld sa...@marc-muehlfeld.de Hello Andres, Am 15.08.2013 18:45, schrieb Andres Tello Abrego: I want to achieve the Holy Gria of 1 source of users and password, for both, linux and windows machines, but I'm lost in documentation. So far I know: samba4 cann't use openldap as backend. Right. samba4 ldap doesn't really is a full ldap. What do you mean by is not a full ldap? samba4 provides uid/gid mapping using winbind or nlscd Samba AD provides the backend, where the accounts are stored. To get the users to your local *nix system, you can use winbind, nslcd or sssd. Can I impelement remote winbind at remote linux client machines? What is remote winbind? Do I need to setup a openldap proxy? I would only use an openldap proxy to AD in my DMZ, because this prevents me from having a Samba AD installation there with all that open ports and Winbind on all DMZ machines. If I setup an openldap proxy, should I use winbind or nslcd? If you get your information from AD via a LDAP proxy, I guess the only solution are LDAP based tools like nslcd. I think Winbind can't access through an LDAP proxy, because it uses more than LDAP to talk to the DC (rpc or whatever). openldap now uses automatic configuration, any clue to implement the openldap proxy with this type? Automatic configuration? Here I placed e. g. a solution for an openLDAP proxy and examples for how to connect other services: https://wiki.samba.org/index.**php/Authenticating_other_** services_against_ADhttps://wiki.samba.org/index.php/Authenticating_other_services_against_AD I guess it's really time, to finish my Winbind/Nslcd/SSSD page for the different methods to get the directory users to the local system. This questions are comming up very often meanwhile :-) I already started a while ago. I'll try to find some time to finish and publish it next week. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 and iptables
Thanks for your help, Thomas. I think it was the missing state part of some of the lines. When I use your example, it replicates, even in both directions this time! Which is quite odd, since without iptables running, I still had problems getting my Samba test user to replicate over to the Windows DC. Also in case it helps anyone else who is not using NetBIOS, even if I cut the NetBIOS ports, it still works fine. Same with SSL ports. So now I have for the main part of it: -A INPUT -m comment --comment DNS -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT -A INPUT -m comment --comment DNS -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT -A INPUT -m comment --comment Kerberos -p tcp -m state --state NEW -m tcp --dport 88 -j ACCEPT -A INPUT -m comment --comment Kerberos -p udp -m state --state NEW -m udp --dport 88 -j ACCEPT -A INPUT -m comment --comment End Point Mapper (DCE/RPC Locator Service) -p tcp -m state --state NEW -m tcp --dport 135 -j ACCEPT -A INPUT -m comment --comment LDAP -p tcp -m state --state NEW -m tcp --dport 389 -j ACCEPT -A INPUT -m comment --comment LDAP -p udp -m state --state NEW -m udp --dport 389 -j ACCEPT -A INPUT -m comment --comment SMB -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT -A INPUT -m comment --comment Kerberos kpasswd -p tcp -m state --state NEW -m tcp --dport 464 -j ACCEPT -A INPUT -m comment --comment Kerberos kpasswd -p udp -m state --state NEW -m udp --dport 464 -j ACCEPT -A INPUT -m comment --comment CUPS -p tcp -m state --state NEW -m tcp --dport 631 -j ACCEPT -A INPUT -m comment --comment CUPS -p udp -m state --state NEW -m udp --dport 631 -j ACCEPT -A INPUT -m comment --comment RPC -p tcp -m state --state NEW -m tcp --dport 1024 -j ACCEPT -A INPUT -m comment --comment Global Catalog -p tcp -m state --state NEW -m tcp --dport 3268 -j ACCEPT -A INPUT -m comment --comment Multicast DNS -p tcp -m state --state NEW -m tcp --dport 5353 -j ACCEPT -A INPUT -m comment --comment Multicast DNS -p udp -m state --state NEW -m udp --dport 5353 -j ACCEPT Just tested adding a second user and it replicated immediately. Yay! Thanks again, Kev -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] share permissions
I have a share setup on a Samba 4.0.8 / CentOS 6.4 box that is successfully replicating with a W2K3 server. I'm following the HOWTO here: https://wiki.samba.org/index.php/Setup_and_configure_file_shares [mytest] path = /home/me/mytestshare -- with or without trailing slash read only = No On the W2K3 box, I can browse to \\newdc and I see my test share listed there. I can also see it if I connect to newdc in Computer Management. However, what I can't get from either of those places is a Security tab if I right-click the share and go to Properties. There's a Share Permissions tab in CM only that says that Everyone has Full Control. Despite that, if I try to double-click the share in Explorer, I get: --- \\newdc --- \\newdc\mytest is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. Access is denied. --- OK --- My account has all privileges I can think of, including the SeDiskOperatorPrivilege as laid out in the HOWTO. Even if I chmod 777 /home/me/mytestshare I get this error. What am I missing? Thanks, Kev -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Remote linux auth vs samba4: winbind or nslcd + openldap.
2013-08-15 18:45 keltezéssel, Andres Tello Abrego írta: I'm lost in documentation. I setup a samba4 AD, and configured winbind so I can have local authentification using pam, I can now login to AD users vía ssh. I want to achieve the Holy Gria of 1 source of users and password, for both, linux and windows machines, but I'm lost in documentation. So far I know: samba4 cann't use openldap as backend. samba4 ldap doesn't really is a full ldap. samba4 provides uid/gid mapping using winbind or nlscd So far, I'm using winbind and I can see the samba ad users added to the password database executing: getenv passwd But, after that, I'm lost. Can I impelement remote winbind at remote linux client machines? Do I need to setup a openldap proxy? If I setup an openldap proxy, should I use winbind or nslcd? openldap now uses automatic configuration, any clue to implement the openldap proxy with this type? Thanks... We use winbind from samba 3.6.x on the non DC linux boxes for this. Winbind from samba 4.0.x under testing. Our config (the relevant part of): /etc/krb5.conf: [libdefaults] default_realm = YOURREALM /etc/samba/smb.conf: [global] workgroup = YOURDOMAIN realm = YOURREALM kerberos method = system keytab security = ads winbind enum groups = yes winbind enum users = yes idmap config *:backend = tdb idmap config *:range = 11-30 idmap config YOURDOMAIN:default = yes idmap config YOURDOMAIN:backend = ad idmap config YOURDOMAIN:range = 0-10 idmap config YOURDOMAIN:schema_mode = rfc2307 winbind nss info = rfc2307 winbind expand groups = 5 winbind nested groups = yes winbind use default domain = yes Of course the ranges depend on the uids/gids you've allocated. Regards Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via b706ca6 s3:libsmb: call smb2cli_logoff() from cli_ulogoff() via 1d7bdfc s3:libsmb: make cli_ulogoff_send/recv static via e6be68f s3:libsmb: call smb2cli_tdis() from cli_tdis() via d732e9a s3:libsmb: only set tcon to invalid in smb2cli_tdis* via 80d4f64 s3:libsmb: make cli_tdis_send/recv static via ccf7b37 s3:libsmb: add support for SMB2 in cli_writeall() via a85d451 s3:libsmb: add SMB2 support to cli_pull* via 6896bf0 s3:libsmb: add SMB2 support to cli_push* via 80758e4 s3:libsmb: Plumb cli_smb2_set_security_descriptor() inside cli_set_security_descriptor(). via 1db7e90 s3:libsmb: Plumb cli_smb2_query_security_descriptor() inside cli_query_security_descriptor(). via de895bf s3:libsmb: Plumb cli_smb2_qpathinfo_alt_name() inside cli_qpathinfo_alt_name(). via cba3ed0 s3:libsmb: Plumb cli_smb2_qpathinfo_basic() inside cli_qpathinfo_basic(). via 2bb3e25 s3:libsmb: Plumb cli_smb2_qfileinfo_basic() inside cli_qfileinfo_basic(). via e96309c s3:libsmb: Plumb cli_smb2_qpathinfo_streams() inside cli_qpathinfo_streams(). via f2f566b s3:libsmb: Plumb cli_smb2_qpathinfo2() inside cli_qpathinfo2(). via 73255d3 s3:libsmb: Plumb cli_smb2_list() inside cli_list(). via 7e2d969 s3:libsmb: Plumb cli_smb2_get_ea_list_path() inside cli_get_ea_list_path(). via f8dfc50 s3:libsmb: Plumb cli_smb2_set_ea_fnum() inside cli_set_ea_fnum(). via 3276853 s3:libsmb: Plumb cli_smb2_set_ea_path() inside cli_set_ea_path(). via c1aeada s3:libsmb: Fix cli_set_ea_path() to use frame instead of talloc_tos(). via c6ed0b8 s3:libsmb: Plumb cli_smb2_dskattr() inside cli_dskattr(). via 75d2e18 s3:libsmb: Plumb cli_smb2_getatr() inside cli_getatr(). via ea267a7 s3:libsmb: Plumb cli_smb2_setatr() inside cli_setatr(). via 83c410c s3:libsmb: Plumb cli_smb2_setattrE() inside cli_setattrE(). via 0bbc044 s3:libsmb: Plumb cli_smb2_getattrE() inside cli_getattrE(). via 85f60cc s3:libsmb: Plumb cli_smb2_close_fnum() inside cli_close(). via c1c4491 s3:libsmb: Plumb cli_smb2_create_fnum() inside cli_ntcreate(). via 04d3965 s3:libsmb: Plumb cli_smb2_rmdir() inside cli_rmdir(). via 46da267 s3:libsmb: Plumb cli_smb2_mkdir() inside cli_mkdir(). via 179c27d s3:libsmb: Plumb cli_smb2_unlink() inside cli_unlink(). via c748a95 s3:libsmb: Plumb cli_smb2_rename() inside cli_rename(). via 28591df s3:libsmb: Add in the core of the libsmb client SMB2 functions. via c80349e s3:lib: Factor read_ea_list_entry() and read_nttrans_ea_list() out so they can be used by the SMB2 client code. via 2394f87 s3:client: fix compiler warning via 9b4692f s3:client: use the default io size via 9193a58 s3:libsmb: remove unused cli_readall* via 8062aef s3:libsmb: rewrite cli_pull* to use smb1cli_conn_req_possible() via b846b3a s3:libsmb: rewrite cli_push* to use smb1cli_conn_req_possible() via 7efdc32 libcli/smb: add smb2cli_conn_req_possible() via 111f529 libcli/smb: add smb1cli_conn_req_possible() via 44b5393 libcli/smb: pass max_dyn_len to smb2cli_req_send() via 4a33520 libcli/smb: pass max_dyn_len to smb2cli_req_create() via 318735f libcli/smb: calculate the credit charge on the input and output dyn_len via 1229881 libcli/smb: Change smb2cli_create() and smb2cli_create_recv() to return a parameter blob of the newly opened/created file. via 00f784e libcli/smb: Fix smb2cli_write_recv() and smb2cli_write() to return the bytes written. via 97288b7 libcli/smb: fix the credit handling on a SMB1 = SMB2 negotiate via f6ce50a s3:smbcacls: Add -mMAX PROTOCOL option to smbcacls. via daeb0bd s3:libsmb: make use of lp_cli_{min,max}protocol() in SMBC_server_internal() via 42a493d s3:libsmb: use lp_cli_minprotocol() in do_connect() via dd9155a s3:winbindd: make use of lp_cli_{min,max}protocol() via 7e455e9 s3:lib/netapi: make use of lp_cli_maxprotocol() via 1442132 s3:libsmb: Ensure we ask for DEFAULT_SMB2_MAX_CREDITS on successful negprot. via 42f510c s3:libsmb: Modify cli_start_connection_connected() to use lp_cli_minprotocol()/lp_cli_maxprotocol() instead of hard coding PROTOCOL_CORE, PROTOCOL_NT1. via 9188ee4 s3:lib: remove unused interpret_protocol() via 2c3c8ca s3:torture: avoid interpret_protocol() via 861ee93 s3:client: avoid interpret_protocol() via f2fb829 s3:param: Correctly set up cli_maxprotocol, cli_minprotocol in our parameter block. from 7080917 Followup patch for BUG: https://bugzilla.samba.org/show_bug.cgi?id=10082 http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-08-15-1936/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-08-15-1936/samba3.stderr http://git.samba.org/autobuild.flakey/2013-08-15-1936/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-08-15-1936/samba.stderr http://git.samba.org/autobuild.flakey/2013-08-15-1936/samba.stdout The top commit at the time of the failure was: commit b706ca6e55aa76d4da901c69d991969602facc3b Author: Stefan Metzmacher me...@samba.org Date: Wed Aug 14 15:18:47 2013 -0700 s3:libsmb: call smb2cli_logoff() from cli_ulogoff() Signed-off-by: Stefan Metzmacher me...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Stefan Metzmacher me...@samba.org Autobuild-Date(master): Thu Aug 15 10:53:21 CEST 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0a42493 libctdb: Avoid an explicit memset via e0bda35 torture: support Windows 2k8 response for compress_invalid_buf via 2c7c3fd torture: add more [no-]compress-on-open ioctl tests via 337a94f torture: add file_attribs arg to file create helper via 0ad2ca9 torture: add compressed file attribute ioctl test via e1b4586 torture: check for filesystem compression capability via f47ff9d torture: extend FSCTL_[GET/SET]_COMPRESSION tests from b706ca6 s3:libsmb: call smb2cli_logoff() from cli_ulogoff() http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0a42493763509880e0aa34fc59c78875e6f9af08 Author: Volker Lendecke v...@samba.org Date: Tue Aug 13 10:50:15 2013 + libctdb: Avoid an explicit memset Give the compiler a chance to use better code. Saves a few bytes of text. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri Aug 16 01:51:55 CEST 2013 on sn-devel-104 commit e0bda35cf5f3b4d0da9a1c1a6b84a49390d4e3e2 Author: David Disseldorp dd...@samba.org Date: Tue Aug 13 18:07:28 2013 +0200 torture: support Windows 2k8 response for compress_invalid_buf Windows Server 2012 returns NT_STATUS_INVALID_USER_BUFFER, Windows Server 2008r2 returns NT_STATUS_INVALID_PARAMETER. Don't fail the test if either status is returned. Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit 2c7c3fd2d68ca8ce82f46c32d6c97b02131af524 Author: David Disseldorp dd...@samba.org Date: Tue Aug 13 18:07:27 2013 +0200 torture: add more [no-]compress-on-open ioctl tests compress_create_with_attr: Specifies the FILE_ATTRIBUTE_COMPRESSED attribute at create time, then checks the created file. compress_inherit_disable: Creates under a compressed directory, a file with the NTCREATEX_OPTIONS_NO_COMPRESSION option. Then checks that the newly created file doesn't inherit the parent compression state. Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit 337a94f7568fb3f5e02dbee0e10659de99258c8e Author: David Disseldorp dd...@samba.org Date: Tue Aug 13 18:07:26 2013 +0200 torture: add file_attribs arg to file create helper Allows for the testing of file creation with FILE_ATTRIBUTE_COMPRESSED. Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit 0ad2ca98ce3fd19872637098d9accba6191ec0ee Author: David Disseldorp dd...@samba.org Date: Tue Aug 13 18:07:25 2013 +0200 torture: add compressed file attribute ioctl test After marking a file for compression via FSCTL_SET_COMPRESSION, the FILE_ATTRIBUTE_COMPRESSED flag should be present. Test for this. Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit e1b45869de5b7b36b263cb034b9682401b726422 Author: David Disseldorp dd...@samba.org Date: Tue Aug 13 18:07:24 2013 +0200 torture: check for filesystem compression capability Only run the compression tests if the compression capability is returned by the server in response to an SMB2_QUERY_INFO(FS attribute info) request. Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Jeremy Allison j...@samba.org commit f47ff9d2271990d43a1387ff39c0e75d01611b2a Author: David Disseldorp dd...@samba.org Date: Tue Aug 13 18:07:23 2013 +0200 torture: extend FSCTL_[GET/SET]_COMPRESSION tests Check for inheritance of compression attributes from parent directories. Also, test error handling for invalid requests. Signed-off-by: David Disseldorp dd...@samba.org Reviewed-by: Jeremy Allison j...@samba.org --- Summary of changes: source3/lib/ctdbd_conn.c |3 +- source4/torture/smb2/ioctl.c | 511 ++ 2 files changed, 473 insertions(+), 41 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/ctdbd_conn.c b/source3/lib/ctdbd_conn.c index 1481a9c..4f5dce0 100644 --- a/source3/lib/ctdbd_conn.c +++ b/source3/lib/ctdbd_conn.c @@ -201,7 +201,7 @@ static NTSTATUS ctdbd_connect(TALLOC_CTX *mem_ctx, { struct ctdb_packet_context *result; const char *sockname = lp_ctdbd_socket(); - struct sockaddr_un addr; + struct sockaddr_un addr = { 0, }; int fd; socklen_t salen; @@ -211,7 +211,6 @@ static NTSTATUS ctdbd_connect(TALLOC_CTX *mem_ctx, return map_nt_error_from_unix(errno); } - ZERO_STRUCT(addr); addr.sun_family = AF_UNIX;
autobuild: intermittent test failure detected
The autobuild test system has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey/2013-08-16-0256/flakey.log The samba3 build logs are available here: http://git.samba.org/autobuild.flakey/2013-08-16-0256/samba3.stderr http://git.samba.org/autobuild.flakey/2013-08-16-0256/samba3.stdout The source4 build logs are available here: http://git.samba.org/autobuild.flakey/2013-08-16-0256/samba.stderr http://git.samba.org/autobuild.flakey/2013-08-16-0256/samba.stdout The top commit at the time of the failure was: commit 0a42493763509880e0aa34fc59c78875e6f9af08 Author: Volker Lendecke v...@samba.org Date: Tue Aug 13 10:50:15 2013 + libctdb: Avoid an explicit memset Give the compiler a chance to use better code. Saves a few bytes of text. Signed-off-by: Volker Lendecke v...@samba.org Reviewed-by: Jeremy Allison j...@samba.org Autobuild-User(master): Jeremy Allison j...@samba.org Autobuild-Date(master): Fri Aug 16 01:51:55 CEST 2013 on sn-devel-104
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 52ec52b loadparm: Use the new fully featured kcc by default from 0a42493 libctdb: Avoid an explicit memset http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 52ec52b677e8104596aba7bcb933dfe8fc8cdd5c Author: Matthieu Patou m...@matws.net Date: Fri May 17 02:31:31 2013 -0700 loadparm: Use the new fully featured kcc by default Signed-off-by: Matthieu Patou m...@matws.net Reviewed-by: Andrew Bartlett abart...@samba.org Autobuild-User(master): Andrew Bartlett abart...@samba.org Autobuild-Date(master): Fri Aug 16 04:44:01 CEST 2013 on sn-devel-104 --- Summary of changes: lib/param/loadparm.c |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c index 455c5e6..fc209a7 100644 --- a/lib/param/loadparm.c +++ b/lib/param/loadparm.c @@ -2116,6 +2116,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx) lpcfg_do_global_parameter(lp_ctx, dcerpc endpoint servers, epmapper wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser eventlog6 backupkey dnsserver); lpcfg_do_global_parameter(lp_ctx, server services, s3fs rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate dns); + lpcfg_do_global_parameter(lp_ctx, kccsrv:samba_kcc, true); /* the winbind method for domain controllers is for both RODC auth forwarding and for trusted domains */ lpcfg_do_global_parameter(lp_ctx, private dir, dyn_PRIVATE_DIR); -- Samba Shared Repository