headers
Andrew Bartlett | 1 Mar 2008 01:07
Picon
Favicon

Re: [Samba4] How do I activate/use AD Profiles?


On Fri, 2008-02-29 at 08:23 -0500, Richard Hurt wrote:
> On Feb 28, 2008, at 6:22 PM| Feb 28, 2008, Andrew Bartlett wrote:
> 
> >
> > On Thu, 2008-02-28 at 12:38 -0500, Richard Hurt wrote:
> >> I have installed and started playing with Samba4 and am having  
> >> trouble
> >> getting my GPO settings recognized.  For instance, I have tried to
> >> remove all password restrictions from the whole domain by setting all
> >> security settings to none or '0'.  I edit the "Default Domain Policy"
> >> and edit Computer->Windows->Security->Account->Password policies to
> >> the appropriate values.  Then I try to reset a password to 'p' but it
> >> still tells me that I have not met the requirements, which seem to be
> >> still set to the AD default.  I even issued a gpupdate.exe /force and
> >> tried it on a different workstation.  I cant even create a new user
> >> with a small password.
> >
> > Correct, Samba4 doesn't honour it's own group policy, just distributes
> > them to windows clients.  The pwdProperties object in domain object in
> > LDAP controls it for now.
> 
> Hmmm... this seems troubling.  I expected to be able to do basic  
> things like control the password requirements.  Samba4 might not work  
> out for me after all.  :(

I know you are disappointed, but this is exactly the kind of feedback I
wanted, and need.  

6 months ago, when the last person asked me about this, I promised that
(Continue reading)

Permalink | Reply | 0 comments |
headers
Michael B Allen | 1 Mar 2008 01:49
Picon

RPCs for Domains Cache (a.k.a. SPC Cache)

What are the RPCs used for populating the trusted domains cache?

I'm trying to implement proper domain based DFS support in JCIFS. I've
tried dfsutil /spcflush but can't seem to capture that exchange [1].

Ideas?

Mike

[1] I see some DRSUAPI calls but they're encrypted
Permalink | Reply | 0 comments |
headers
Steven Danneman | 1 Mar 2008 03:20

[PATCH] Augmented "wbinfo -m" to list additional information about the type, direction, and transitivty of trusts.

Hey Jerry,

We had a need for additional information about trusted domains to be
available through CLI tools.  This patch plumbs the necessary
information out through a WINBINDD_LIST_TRUSTDOM request then pretty
prints it by doing a "wbinfo -m".

In doing this I ran across a bug in the trust spider logic, where when
joined to a child domain, we'd overwrite known tdc entries with
incorrect trust_flags from the perspective of our forest root.  I fixed
that bug in this patch as well.

This moves one more code section from using the domain_list for trust
information to only using the winbindd_tdc_cache.  Ideally, I can keep
cleaning up this code until I can remove the trust information entirely
from the winbindd_domain struct.  I also believe there's no reason now
to pass back trusted domain information from
winbindd_ads.c:trusted_domains() as a string in the state->extra_data
field, because all trusted domains are stored in the globally available
winbindd_tdc_cache, and the information in that cache is updated every
time we call trusted_domains().  If I have time I'll prune out that
redundant code as well.

Let me know if you have any questions or would like to see parts of this
done differently.  I'll be on vacation next week, but will get back to
you after that. 

Steven Danneman | Software Development Engineer
Isilon Systems    P +1-206-315-7500     F +1-206-315-7501
www.isilon.com
(Continue reading)

Permalink | Reply | 12 comments |
headers
Steven Danneman | 1 Mar 2008 03:29

RE: [PATCH] Augmented "wbinfo -m" to list additional information aboutthe type, direction, and transitivty of trusts.

I meant to include a nice pretty example as well.  Previously a machine
joined to the domain lorg.west.isilon.com would return:

sd-4428-1# wbinfo -m
lorg.west.isilon.com
SD-4428-1
BUILTIN
c2.lorg.west.isilon.com
c3.lorg.west.isilon.com
c1.lorg.west.isilon.com
twok3.isilon.com
2k3-ms.isilon.com
w2k8.west.isilon.com
sd2k3ms2.west.isilon.com
gc1.c1.lorg.west.isilon.com
ggc1.gc1.c1.lorg.west.isilon.com
w2k8child.w2k8.west.isilon.com

Now it'll return:

sd-4428-1# bin/wbinfo -m
Domain Name                        Trust Type  Transitive  Incoming
Outgoing
lorg.west.isilon.com               None        Yes         Yes       Yes
SD-4428-1                          None        Yes         Yes       Yes
BUILTIN                            None        Yes         Yes       Yes
c2.lorg.west.isilon.com            In Forest   Yes         Yes       Yes
c3.lorg.west.isilon.com            In Forest   Yes         Yes       Yes
c1.lorg.west.isilon.com            In Forest   Yes         Yes       Yes
twok3.isilon.com                   Forest      Yes         Yes       Yes
(Continue reading)

Permalink | Reply | 10 comments |
headers
Stefan (metze) Metzmacher | 1 Mar 2008 09:03
Picon
Favicon

Re: Modified revamp of the libsmbclient interface.

derrell.lipman <at> unwireduniverse.com schrieb:
> I think you want to clone ssh://us2.samba.org/data/git/derrell/samba3/
> instead.  Let me know if that works.

Hi Derrell,

I've done this for you:
derrell <at> us2:/data/git/derrell/samba3/.git$ touch git-daemon-export-ok

so git://git.samba.org/derrell/samba3 should work now

metze
Permalink | Reply | 0 comments |
headers
Stefan (metze) Metzmacher | 1 Mar 2008 09:05
Picon
Favicon

Re: Problem with URLs in samba-cvs emails

Andrew Kroeger schrieb:
> All:
> 
> It seems that on 11-Feb a change was made to the gitweb URLs that are
> sent in the samba-cvs SCM emails.  Prior to that time, the working URLs
> appeared as:
> 
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
> 
> The non-working URLs create a 403 error on gitweb and appear as (note
> the missing "p="):
> 
> http://gitweb.samba.org/?samba.git;a=shortlog;h=v4-0-test

Hi Andrew,

thanks for the report. It should be fixed now.

metze
Permalink | Reply | 0 comments |
headers
Volker Lendecke | 1 Mar 2008 09:40
Picon
Favicon

Re: [SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-test-2626-g719527f

On Fri, Feb 29, 2008 at 05:17:17PM -0500, David Collier-Brown wrote:
> I'd say yes, and further that you should make it settable via an
> option.  A good default value would be what gives you good 
> performance on Linux, and if someone cares to do the experiment
> for various OSs, we can simply report that on the wiki.

Ok, removed the async code again. A lot more investigation
is necessary to find something sane.

Karolin,

The branch, v3-2-test has been updated
       via  030bef7f22f7a73466204b7860f397dbca9f2ab0 (commit)
       via  5f53a62be8a21b8d92ac44b18d202882500356e8 (commit)
       via  5ab1cfda500de07ff3c712442ab2fc74eecc8886 (commit)
       via  ac301fada257e2d3b50148109a3d44fa1421b0b4 (commit)
       via  413695e8d0d8232a9c35e693f9a4a8009418ede4 (commit)
      from  956bc602062825493e1c357e2388fee1e5514b50 (commit)

need to be merged before pre2.

Thanks,

Volker
Permalink | Reply | 1 comment |
headers
Volker Lendecke | 1 Mar 2008 10:08
Picon
Favicon

Re: Modified revamp of the libsmbclient interface.

Hi, Derrel!

On Fri, Feb 29, 2008 at 01:56:25PM -0500, Derrell Lipman wrote:
> Given the tacit (if that) approval by some people, and clear disapproval by
> others for my proposed clean-up and reorganization of libsmbclient, I've come
> up with a slightly different approach.  This commit changes back to the
> original libsmbclient.h SMBCCTX structure which will maintain ABI
> compatibility.  I retain, here, the setter and getter functions which all new
> code should use.  Older programs already compiled should continue to work
> fine.  Older programs being recompiled will encounter compile-time errors
> (intentionally!) so that the code can be corrected to use the setter/getter
> interfaces.

As I said in a former message: Would it be possible to do
this patch in a way that the old library is still around? I
would really like to keep that up as is for compatibility
reasons.

I do see the need that the client libraries need to be
worked on, but I would like to be kind to our library users.
At the point when the new library provides new and cool
features, people will switch themselves because they need
those.

Volker
Permalink | Reply | 3 comments |
headers
Adrian Bunk | 1 Mar 2008 10:37

Re: [PATCH][fs/cifs/cifsfs.c] Make use of cifs_xquota_get

On Mon, Feb 11, 2008 at 06:46:51PM +0100, Roel Kluin wrote:
> Functions cifs_xquota_set and cifs_xquota_get at respectively
> fs/cifs/cifsfs.c:367 and 392 are entirely similar - except for
> whitespace
> 
> struct quotactl_ops contains function pointers .set_xquota and
> .get_xquota that both get the address of cifs_xquota_set.
> cifs_xquota_get isn't called anywhere else in the kernel.
> 
> The patch below makes use of the function cifs_xquota_get, As
> an alternative the entire function cifs_xquota_get could be 
> removed.
> ---
> Make use of cifs_xquota_get
> 
> Signed-off-by: Roel Kluin <12o3l <at> tiscali.nl>
> ---
> diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
> index fcc4342..339b829 100644
> --- a/fs/cifs/cifsfs.c
> +++ b/fs/cifs/cifsfs.c
>  <at>  <at>  -461,7 +461,7  <at>  <at>  int cifs_xstate_get(struct super_block *sb, struct fs_quota_stat *qstats)
>  
>  static struct quotactl_ops cifs_quotactl_ops = {
>  	.set_xquota	= cifs_xquota_set,
> -	.get_xquota	= cifs_xquota_set,
> +	.get_xquota	= cifs_xquota_get,
>  	.set_xstate	= cifs_xstate_set,
>  	.get_xstate	= cifs_xstate_get,
>  };
(Continue reading)

Permalink | Reply | 0 comments |
headers
Matthias Dieter Wallnöfer | 1 Mar 2008 12:08
Picon
Favicon

Re: [Samba 4] Python provisioning

Has nobody reproduced this issue with the python provisioning?
Does nobody know about a workaround/solution?
Otherwise I'll open a bug for investigation for it.

Matthias Dieter Wallnöfer schrieb:
> When I reprovisioned with the old EJS script, I got some warnings 
> because of the previous entries in the database, but the operation was 
> possible. This doesn't seem to work no longer with the new python 
> script. There I get a #68 "Entry already exists" message and it breaks.
>
> Matthias
Permalink | Reply | 2 comments |

Gmane