Martin Schwenke | 28 Jul 05:08 2014

[PATCHES] CTDB NAT gateway and test improvements

* ctdb-eventscripts: Remove NAT gateway "monitor" event

  Before doing this, I've been waiting to make failed "ipreallocated"
  events cause a takeover run to fail...  but now I realise that I
  already did that back in September.

* ctdb-tests: Add another LCP2 takeover test

  A new, slightly different test case for the bug fixed by
  f1a20d748f6ab4702be5b17047a3fbfa0f3e8d0c.  The more the merrier.  :-)

* ctdb-eventscripts: Remove unused argument to natgw_ensure_master()

Please review and push if OK.

In my ctdb branch:;a=shortlog;h=refs/heads/ctdb

peace & happiness,
Attachment (ctdb.patches): application/octet-stream, 8 KiB
shirishpargaonkar | 26 Jul 17:41 2014

[PATCH] samba: Retain case sensitivity of cifs client

From: Shirish Pargaonkar <spargaonkar <at>>

When a client supports extended security but server does not,
and that client, in Flags2 field of smb header indicates that

- it supports extended security negotiation
- it does not support security signatures
- it does not require security signatures

Samba server treats a client as a Vista client.

That turns off case sensitivity and that is a problem for cifs vfs client.

So include remote cifs client along with remote samba client
to not do so otherwise.

Signed-off-by: Shirish Pargaonkar <spargaonkar <at>>
 source3/smbd/negprot.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 4cd12d8..225fe39 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
 <at>  <at>  -262,7 +262,8  <at>  <at>  static void reply_nt1(struct smb_request *req, uint16 choice)
 	if ( (req->flags2 & FLAGS2_EXTENDED_SECURITY) &&
-		if (get_remote_arch() != RA_SAMBA) {
(Continue reading)

Alexander Perlis | 26 Jul 02:23 2014

Re: [PATCH] cifs: Workaround a probable Samba case sensitivity bug

On Jun 22, Shirish Pargaonkar wrote:
 > When a client supports extended security but server does not,
 > and that client, in Flags2 field of smb header indicates that
 > - it supports extended security negotiation
 > - it does not support security signatures
 > - it does not require security signatures
 > Samba server treats a client as a Vista client.
 > That turns off case sensitivity and that is a problem for
 > cifs vfs client.

I can report that this bug is affecting folks in production 
environments. It seems a newer version of the kernel cifs client code is 
reporting capabilities that are confusing the Samba server into turning 
off case sensitivity, which breaks a lot of stuff.

For example, on our Samba server we have "case sensitive = Auto" because 
we have both Linux and Windows clients. Our older Linux clients running 
Kubuntu 10.04 indeed obtain the desired case sensitive connections, but 
when we try to upgrade a client to Kubuntu 12.04 with the 14.04 LTS 
enablement stack, the mounts suddenly become case insensitive, after 
which it's not too hard to confuse the client into dropping the 
"serverino" flag on the connection (manually you can do "mkdir Test; cd 
tesT"), after which KDE locking code goes bonkers.

In the referenced post,
Shirish Pargaonkar included a one-line patch to the Samba server 
negprot.c code that fixes this bug.
(Continue reading)

David Bear | 25 Jul 22:51 2014

importing a python module for a user create

I'm looking to script a number of user add/change functions. I know I can
call samba-tool do things but I was hoping I could import some set of
classes and functions in to my own python script and user functions

I found some old presentation by Jelmer but it was date 2008. see samba 4
python scripting presentation.

However the modules specified in that presentation don't seem to exist any
more. There's no tdb module. Theres no ldb module.

Are there any examples of using currently implemented modules and
functions? I've been googling but narrowing the scope down to something
relevant hasn't worked well yet.


David Bear
mobile: (602) 903-6476

Garming Sam | 25 Jul 04:41 2014

[PATCH] Fixes for winbindd


During an auto-build, we managed to come across a segfault in winbindd 
as a result of an RODC DNS update.

We have to ensure that the dns_names parameter is preserved on a long 
term memory context.

The second patch fixes a use after free error when the first error happens.

Please review and push.


Garming Sam
Garming Sam | 25 Jul 04:33 2014

[PATCH] Merging loadparm further

Hi there,

I've run these patches through the usual tests and made sure each patch 
passes the main tests we identified. It also passes the full autobuild 
with the winbindd patches in my other mail.

This set of patches actually makes some good progress in merging the two 
codebases. I managed to remove a reasonable chunk of code.

  lib/param/loadparm.c         | 239 ++++++++++++++++++++++++++----------
  lib/param/loadparm.h         |   1 -
  lib/param/s3_param.h         |   5 -
  source3/param/loadparm.c     | 414 
  source3/param/loadparm_ctx.c |   5 -
  5 files changed, 235 insertions(+), 429 deletions(-)

Changes from now on should hopefully be quite a bit easier than it was 
back when I started.

In particular, performing a 'do_parameter' is now equivalent and setting 
defaults could be done from the same code.

A review would be appreciated.


Garming Sam
(Continue reading)

Michał Półrolniczak | 24 Jul 18:33 2014

Samba4 PDC & Samba 4 SDC and random problem with windows client wanting to join domain


Im using Ubuntu 14.04.01 with samba4 4.1.6 version on both PDC and SDC.
There was a ADDC Samba4 break, and I put up new PDC and added SDC in case of dns coruptions that was present on
out productive DC.
I readded by hand all those machines that where in old domain and migrate old account on those
machines to same name account on new DC.

Alot of win7 pro machines readded and migrate without problems, but few
of them when trying to add to domain said that Administrator account is
bad (password?), but when adding win7 and asked for account name that is
used to add computer to domain and typing administrator <at> domain.local and
password from domain adding successed.

After adding that machine using the  <at> domain.local workaround, none of domain account works (they dont exist)
DNS on that machines points out on PDC, tried with SDC too, and both.

I did try to change SID of adding computer but didnt help, is it a 4.1.6
bug which was fixed? There is no way to add those machines to AD Domain.

This is only problem that I had with Samba in our Enterprise Envirement with about 100+ windows machines.

Volker Lendecke | 24 Jul 15:29 2014

[PATCH] Some minor messaging cleanup patches


Review would be appreciated!



SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen, mailto:kontakt <at>
From 19bda049f57a520326f56560d7f9127628ffd32c Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl <at>>
Date: Wed, 9 Jul 2014 13:06:45 +0000
Subject: [PATCH 1/4] messaging3: Remove two procid_str_static calls

... and thus implicit talloc_tos() calls

Signed-off-by: Volker Lendecke <vl <at>>
 source3/lib/messages.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index 9514392..9d77bf8 100644
--- a/source3/lib/messages.c
(Continue reading)

Björn JACKE | 24 Jul 10:47 2014

[PATCH] 0001-winbind-i18n-update-Japanese-pam-winbind-translation.patch


can someone please review/push attached patch? It's attached gzipped to retain
the encoding.


Stefan (metze) Metzmacher | 24 Jul 09:30 2014

change the default for "winbind expand groups" to "0"


here's a patch to make winbindd more reliable in environments
with large and/or trusted domains.

I'd like to see this included in 4.2.

I'm sure there're a few open bug reports related to this,
but I don't have a reference currently.

I can't number of times I've debugged environments which
require this...

Attachment (tmp.diff): text/x-diff, 3294 bytes
Dr. Hansjoerg Maurer | 23 Jul 13:44 2014

AW: samba4 - strange inconsistency in group membership

-----Ursprüngliche Nachricht-----
> Von:steve <steve <at>>
> Gesendet: Mit 23 Juli 2014 08:13
> An: samba-technical <at>
> Betreff: Re: samba4 - strange inconsistency in group membership
> On Tue, 2014-07-22 at 22:23 +0200, "Dr. Hansjörg Maurer" wrote:
> > Hi
> > 
> > found the reason for this behavior and therefore will answer below the
> > question here myself...
> > 
> > Am 21.07.2014 15:16, schrieb Dr. Hansjoerg Maurer:
> > > Hi
> > >
> > >
> > >
> > > we have a samba4 based AD and I put several users into a windows group test_group using MMC.
> > >
> > >
> > > The group membership is shown, if  I query it using
> > >
> > > samba-tool group listmembers test_group
> > > ...
> > > and if a do an 
> > > id -a 
> > > on a user in this group (using winbind on the samba4 AD-DC) 
> > >
> > >
(Continue reading)