Gustavo Zacarias | 1 Oct 14:55 2014
Picon

Samba 4.2.0rc1 cross compile test results

Hi all.
I've run a couple of cross compiles for samba 4.2.0rc1 and the results
are pretty good.
There are just two minor outstanding nits.

1) Is nsswitch a mandatory dep for 4.2.x?
With 4.1.x this wasn't the case.
rc1 gives me the #error "No nsswitch support detected" salute when built
against a uClibc-based toolchain.
This might also affect musl targets as well, haven't tested that yet.
It's not really serious, i'm just looking for a confirmation or
denial/fix - NAS-class targets usually take a lot of space in the form
of samba itself and benefit from generous resources (RAM), so the space
savings and/or targets supported exclusively by the smaller libcs is
usually off limits.

2) libbsd support has the following unfortunate result:
http://autobuild.buildroot.net/results/657/65726ceccbc2d8fa24e178ea66cd44703768bc95/build-end.log
Currently i just completely disable libbsd support with a patch, maybe a
--disable-libbsd option would be desirable.

Otherwise, everything seems pretty smooth and congrats on the release.
Regards.

Karolin Seeger | 1 Oct 11:48 2014
Picon

[Release Planning 4.2] Samba 4.2.0/4.2.0rc2 on Wednesday, October 15

Hi,

Samba 4.2.0rc1 is finally out now.
Depending on how things are with the release candidate, 4.2.0 or 4.2.0rc2
is scheduled for Wednesday, October 15.

https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.2
has been updated accordingly.

Please help testing! Thanks!

Cheers,
Karolin

--

-- 
Samba			http://www.samba.org
SerNet			http://www.sernet.de
sambaXP			http://www.sambaxp.org

Karolin Seeger | 1 Oct 11:41 2014
Picon

[Announce] Samba 4.2.0rc1 Available for Download

Release Announcements
---------------------

This is the first release candidate of Samba 4.2.  This is *not*
intended for production environments and is designed for testing
purposes only.  Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.

Samba 4.2 will be the next version of the Samba suite.

UPGRADING
=========

Read the "Winbindd/Netlogon improvements" section (below) carefully!

NEW FEATURES
============

Transparent File Compression
============================

Samba 4.2.0 adds support for the manipulation of file and folder
compression flags on the Btrfs filesystem.
With the Btrfs Samba VFS module enabled, SMB2+ compression flags can
be set remotely from the Windows Explorer File->Properties->Advanced
dialog. Files flagged for compression are transparently compressed
and uncompressed when accessed or modified.

Previous File Versions with Snapper
===================================
(Continue reading)

Vivek Patil | 1 Oct 10:21 2014
Picon

Samba as domain controller

Hi All,

I need to centrally authenticate my users ( Mac, Windows, Linux ) using 
open source.
I googled for that and found, samba can fulfill my requirement. LDAP + 
Samba can do this.

Can anybody done such type of setup to manage users centrally like 
Windows Active Directory.

Please guide me how I can setup.

Regards,
Vivek

Matthieu Patou | 1 Oct 09:43 2014
Picon

DFSR client side support

Hello all,

As a result of last week IO lab (InterOperability) with Microsoft I have 
a quite descent implementation of DFSR client side in my dfs-r branch 
located at http://git.samba.org/?p=mat/samba.git;a=log;h=refs/heads/dfs-r

It's limited to one content set per replica group but it should be ok 
for most cases. The code is not ready for prime time yet as it relies on 
the work of Stephan ('Metze') on new DCERPC infrastructure.

Also for the moment the files are downloaded in a staging directory and 
not installed into the target dir. The idea here is to have a python 
script doing the job of putting the file in the target directory as it's 
not super time critical and it should save a lot of time by not having 
to write lot of boiler plate code.

I have some ideas on how to write the server side part, it's actually 
not very complicated once you have the good information in a database on 
what has changed. That's why the first part of the implementation will 
be writing a tool that looks for file/directory change events and assign 
a frstrans_Update structure (plan is to store it in a a tdb database 
with the gvsn as the key and the structure as  the data).

Help on this would be great.

Matthieu.

--

-- 
Matthieu Patou
Samba Team
(Continue reading)

Rhoda Conkright | 24 Sep 22:55 2014
Picon

Samba version 2.2.7 errors

AIX 6.1.0.0

Windows Server 2008 R2 SP1

Samba 2.2.7

The following error coincides with errors that we are finding in the netmon
and application logs.  I have found entries in the Samba lists that indicate
that this error may be addressed/fixed in later versions of Samba.  

Please understand that the process completes normally and files are
translated/transferred 95% of the time.  The 5% is slowing down processing
on a hospital receiving doc.  Any help will be greatly appreciated.

The log file snippet below occurs during the 5%.

Many thanks,

Rhoda Conkright

[2014/09/17 06:16:50, 3] smbd/sec_ctx.c:set_sec_ctx(329)

  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

[2014/09/17 06:16:50, 3] smbd/error.c:error_packet(94)

  error string = No such file or directory

[2014/09/17 06:16:50, 3] smbd/error.c:error_packet(113)

(Continue reading)

Chris Alavoine | 23 Sep 13:18 2014
Picon

Multi DC domain issues

Hi all,

I am running 4.1.5 with 5 DC's connected globally.

I am using Ubuntu 12.04.

My main FSMO roles DC appears to be corrupt and I'm worried that the
meta-data is somehow out of sync.

Can some suggest a good plan of action to replace this DC? My other 4 DC's
appear to be in good shape although one of them refuses to update any DNS
changes. All other replication appears to be ok. The main FSMO DC is
currently working although DNS fails from time to time. The whole domain
feels very unstable and I'm unable to add any new DNS entries (error: "The
local security authority database contains an internal inconsistency")

I am currently building a replacement in the same Site as I've found that
trying to join a new DC I need to specify another DC in the same
subnet/Site for the join to work, i.e:

/usr/local/samba/bin/samba-tool domain join example.com DC -UAdministrator
--realm=example.com --server=DC1 --site=LON

Once I've created this replacement in the same site I will try and transfer
(or seize) the FSMO roles.

If that works then I will remove and then recreate the main DC on the same
IP (lots of stuff points to this IP so I need to retain it).

Once that is done I shall transfer the FSMO roles back the original DC.
(Continue reading)

Oren | 4 Sep 00:25 2014
Picon

Credentials Relay Prevention

Hi,
Can Credentials Relay be prevented for Linux Samba Clients? 
Namely, is there some configuration parameter such that Linux Samba Client <-> Samba Server using correct
domain credentials should work but  Linux Samba Client <-> TCP Proxy (MITM) <-> Samba Server should be rejected?
SMB Signing and/or forcing NTLMv2 does not seem to help here as no payload manipulations are made.

Related Microsoft/Attack posts.
https://technet.microsoft.com/en-us/library/security/974926.aspx

http://pen-testing.sans.org/blog/pen-testing/2013/04/25/smb-relay-demystified-and-ntlmv2-pwnage-with-python

Thanks,
Oren
 		 	   		  
Arthur Ramsey | 27 Aug 20:46 2014

RE: s4-backupkey patches

This patch seems to work for me too.

--

-- 
Arthur Ramsey
Systems Administrator
Mediture
arthur_ramsey <at> mediture.com
952.400.0323

This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH
INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY
PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately,
and notify the Mediture Privacy Officer at privacyofficer <at> mediture.com.

sirovy | 22 Aug 10:57 2014
Picon

samba SSO + KERBEROS

Hi,

I have samba 4.1.6-Ubuntu and I would like to have sso with samba. I 
have already working kerberos auth for ssh and apache. So I can get 
ticket by kinit username and go to web pages and to servers over ssh. 
And if I don't have tiket services ask me for password and auth me.
But samba is avaliable only with tiket and If I don't have ticket samba 
ask me but don't auth me. I nead combination of kerberos and 
username+password auth for user which don't able to get kerberos ticket.

Please look at my config, maybe I try something imposible.

I have this smb.conf (testparm output)
Quote:
[global]
workgroup = DOM.TLD
realm = DOM.TLD
netbios name = SAMBA
server string = %h server (Samba, Ubuntu)
server role = standalone server
security = ADS
auth methods = guest, pam, winbind
map to guest = Bad User
password server = kdc.dom.tld
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
dedicated keytab file = /etc/samba/krb5.keytab
kerberos method = dedicated keytab
(Continue reading)

Rama Rao Katta | 20 Aug 20:27 2014
Picon

New files/folders created with wrong Owner(samba 3.6.12)

Hi,

When a user(member of Domain Admins/Administrators Group) connects to a
share and creates
a file/folder, samba creates the file/folder with Owner as logged-in user.

Whereas Microsoft states that when the currently logged-in user is a member
of the System or Domain Administrators Group creates an object, the owner
is set to the Group by default (not the User who created the object).

Ref link:   http://technet.microsoft.com/en-us/library/cc961992.aspx

Is it fixed in latest releases? if so please provide me patch details.

Regards
Rama Rao Katta


Gmane