headers
Scott Lovenberg | 1 Jul 2008 04:37
Picon
Gravatar

Samba-4 fresh compile, /usr/local/samba/var/lib missing?

Can anyone else confirm what I'm seeing?  I ran through a full compile, 
but upon starting smbd, I get:
<quote>
error creating directory /usr/local/samba/var/lib/winbindd_privileged: 
No such file or directory
task_server_terminate: [Cannot create winbindd privileged pipe directory]
</quote>

Turns out, I don't have a lib directory! 
If I make the directory, the error goes away.  Anyone else seeing this?

Slackware-12.0 proper, in a VMWare guest for testing.
Permalink | Reply | 4 comments |
headers
Andrew Bartlett | 1 Jul 2008 06:52
Picon
Favicon

Re: Samba-4 fresh compile, /usr/local/samba/var/lib missing?

On Mon, 2008-06-30 at 22:37 -0400, Scott Lovenberg wrote:
> Can anyone else confirm what I'm seeing?  I ran through a full compile, 
> but upon starting smbd, I get:
> <quote>
> error creating directory /usr/local/samba/var/lib/winbindd_privileged: 
> No such file or directory
> task_server_terminate: [Cannot create winbindd privileged pipe directory]
> </quote>
> 
> Turns out, I don't have a lib directory! 
> If I make the directory, the error goes away.  Anyone else seeing this?

Clearly I didn't do much testing before I pushed out alpha5.  Just mkdir
that directory for now, I'll have the 'make install' do it in future.

Andrew Bartlett

--

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
Permalink | Reply | 3 comments |
headers
boyang | 1 Jul 2008 07:29
Picon
Favicon

Update memory and cached creds when changing password from gdm or xdm

Hi, All:
    There is a lot of pain when changing password from 
    gdm or xdm. Ie, When users try to login from gdm or
    xdm, and password expires.

    1. because user didn't login(PAM_AUTH returns 
    NT_STATUS_PASSWORD_EXPIRED), thus ther is no memory
    creds, which causes winbindd_replace_memory_creds()
    fail. It will return NT_STATUS_OBJECT_NAME_NOT_FOUND,
    which is not a real failure. Because changing password
    succeeded.

    2. And there can be no cached creds(If it has been deleted
    if cached creds reach the maximum cached number. Thus
    Updating cached creds will probably fail with NT_STATUS_NO_SUCH_USER.
    It is not a real failure too because changing password succeed.

    3. When login from gdm or xdm with passthrough authentication.
    there is no memory creds. Therefore, we should authenticate with
    new password even for passthrough authentication to update memory
    creds.

    4. because updating cached creds in winbindd_dual_pam_chauthtok()
    can probably fail. Therefore we should set WINBIND_CACHED_LOGIN
    bit in the authentication immediately after changing password
    to cover the hole of the possible failure of updating creds
    in winbindd_dual_pam_chauthtok.

    Please correct if there is anything wrong.
(Continue reading)

Permalink | Reply | 9 comments |
headers
Andrew Bartlett | 1 Jul 2008 08:54
Picon
Favicon

Re: How to process schemaUpdateNow ldap request

On Mon, 2008-06-30 at 17:41 +0200, Michael Ströder wrote:
> Anatoliy Atanasov wrote:
> > 
> > I am trying to make schema cache in dsdb_schema to reload with newly added mappings from ldb.
> > This is done by the following ldap request which is valid command for Win2003
> > 
> > dn:
> > changetype: modify
> > add: schemaUpdateNow
> > schemaUpdateNow: 1
> > 
> > I want to process this in rootdse module .modify function, but it's never called and the return message says:
> > 
> >> ldap_modify_ext: Invalid DN syntax (34)
> >>        additional info: Invalid DN (1 components needed for 'dn')
> 
> FWIW your DN line in your e-mail above is "dn:". Maybe try it with
> "dn: " instead. The space is part of the separator between attribute 
> type and attribute value.
> 
> See declaration of dn-spec and FILL in RFC 2849.

nah, this error occours well past the ldif parsing layer - it's actually
a problem on the server.

If you look at ldap_server/ldap_backend.c, the macro VALID_DN_SYNTAX
takes two argument, the first being the DN, and the second is the number
of components it must have.  Set that to 0 and you should be right.

I don't see why this layer should be trying to determine if a DN is
(Continue reading)

Permalink | Reply | 1 comment |
headers
Scott Lovenberg | 1 Jul 2008 09:09
Picon
Gravatar

Re: Samba-4 fresh compile, /usr/local/samba/var/lib missing?

Andrew Bartlett wrote:
> On Mon, 2008-06-30 at 22:37 -0400, Scott Lovenberg wrote:
>   
>> Can anyone else confirm what I'm seeing?  I ran through a full compile, 
>> but upon starting smbd, I get:
>> <quote>
>> error creating directory /usr/local/samba/var/lib/winbindd_privileged: 
>> No such file or directory
>> task_server_terminate: [Cannot create winbindd privileged pipe directory]
>> </quote>
>>
>> Turns out, I don't have a lib directory! 
>> If I make the directory, the error goes away.  Anyone else seeing this?
>>     
>
> Clearly I didn't do much testing before I pushed out alpha5.  Just mkdir
> that directory for now, I'll have the 'make install' do it in future.
>
> Andrew Bartlett
>
>   
No worries.  Just wanted to make sure I wasn't the only one.
Other than that, it built from source and has been running like a champ 
for a few hours now.  Cheers!
Permalink | Reply | 2 comments |
headers
Andrew Bartlett | 1 Jul 2008 09:59
Picon
Favicon

Re: Samba-4 fresh compile, /usr/local/samba/var/lib missing?

On Tue, 2008-07-01 at 03:09 -0400, Scott Lovenberg wrote:
> Andrew Bartlett wrote: 
> > On Mon, 2008-06-30 at 22:37 -0400, Scott Lovenberg wrote:
> >   
> > > Can anyone else confirm what I'm seeing?  I ran through a full compile, 
> > > but upon starting smbd, I get:
> > > <quote>
> > > error creating directory /usr/local/samba/var/lib/winbindd_privileged: 
> > > No such file or directory
> > > task_server_terminate: [Cannot create winbindd privileged pipe directory]
> > > </quote>
> > > 
> > > Turns out, I don't have a lib directory! 
> > > If I make the directory, the error goes away.  Anyone else seeing this?
> > >     
> > 
> > Clearly I didn't do much testing before I pushed out alpha5.  Just mkdir
> > that directory for now, I'll have the 'make install' do it in future.
> > 
> > Andrew Bartlett
> > 
> >   
> No worries.  Just wanted to make sure I wasn't the only one. 
> Other than that, it built from source and has been running like a
> champ for a few hours now.  Cheers!

Just wondering, are you doing anything interesting with it?  I always
like to know how people are using Samba4, as it gives me a better idea
what to focus on.
(Continue reading)

Permalink | Reply | 1 comment |
headers
Karolin Seeger | 1 Jul 2008 10:36
Picon
Favicon

Re: Reviewing b58e4f6b3d7329....

On Mon, Jun 30, 2008 at 04:09:02PM -0500, Gerald (Jerry) Carter wrote:
> ok.  I give up.  Whatever you want to do.  I still think dropping
> the cache entry is the wrong thing to do but I'll do a patch later.
> Just help me understand why throwing away valid cache information
> was necessary.

Reverted.

Karolin

--

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.SerNet.DE, mailto: Info  <at>  SerNet.DE
Permalink | Reply | 0 comments |
headers
Anatoliy Atanasov | 1 Jul 2008 11:19

RE: prefix_map module add operation fails to modify schema


Hi metze,

The approach we have implemented aims to emulate Windows behavior, where the Schema cache is updated after
modification upon receipt of a schemaUpdateNow request. Initially we intended to implement a much
simpler solution, but at SambaXP after some discussion with abartlet decided that
Windows behavior should be incorporated in samba. 

If we do not support the schemaUpdateNow request, a lot of DEA will not be able to be installed. 
I agree that we can go with your implementation and it's much simpler than what I've done. If there are no
other comments I'll implement it right away.

Regards, 
Anatoliy

-----Original Message-----
 From: Stefan (metze) Metzmacher [mailto:metze <at> samba.org] 
 Sent: Monday, June  30, 2008 18:43
 To: AnatoliyAtanasov
 Cc: samba-technical <at> lists.samba.org; abartlet <at> samba.org
 Subject: Re: prefix_map module add operation fails to modify schema

Hi Anatoliy,

> I have implemented a module to update the prefixMap schema attribute in the ldb. 
> This is needed when we receive add request for an object class or attribute with id that doesn't have
mapping in the prefixMap.
> There is a problem with the code; I couldn't make the ldb_modify function to actually apply the new
prefixMap in the schema. 
> The returned value is 0, and after I restart the smbd and read the prefixMap in prefix_map_init function,
(Continue reading)

Permalink | Reply | 2 comments |
headers
Stefan (metze) Metzmacher | 1 Jul 2008 11:26
Picon
Favicon

Re: prefix_map module add operation fails to modify schema

Anatoliy Atanasov schrieb:
> Hi metze,
> 
> The approach we have implemented aims to emulate Windows behavior, where the Schema cache is updated
after modification upon receipt of a schemaUpdateNow request. Initially we intended to implement a much
simpler solution, but at SambaXP after some discussion with abartlet decided that
> Windows behavior should be incorporated in samba. 
> 
> If we do not support the schemaUpdateNow request, a lot of DEA will not be able to be installed. 
> I agree that we can go with your implementation and it's much simpler than what I've done. If there are no
other comments I'll implement it right away.

The schemaUpdateNow, is the correct way and it's fine to do it based on
my patch, the dsdb_create_prefix_mapping should just update the on disk
prefixMap. The schema reload will then also load the new mappings.

metze
Permalink | Reply | 0 comments |
headers
Scott Lovenberg | 1 Jul 2008 11:35
Picon
Gravatar

Re: Samba-4 fresh compile, /usr/local/samba/var/lib missing?

Andrew Bartlett wrote:
> On Tue, 2008-07-01 at 03:09 -0400, Scott Lovenberg wrote:
>   
>> Andrew Bartlett wrote: 
>>     
>>> On Mon, 2008-06-30 at 22:37 -0400, Scott Lovenberg wrote:
>>>   
>>>       
>>>> Can anyone else confirm what I'm seeing?  I ran through a full compile, 
>>>> but upon starting smbd, I get:
>>>> <quote>
>>>> error creating directory /usr/local/samba/var/lib/winbindd_privileged: 
>>>> No such file or directory
>>>> task_server_terminate: [Cannot create winbindd privileged pipe directory]
>>>> </quote>
>>>>
>>>> Turns out, I don't have a lib directory! 
>>>> If I make the directory, the error goes away.  Anyone else seeing this?
>>>>     
>>>>         
>>> Clearly I didn't do much testing before I pushed out alpha5.  Just mkdir
>>> that directory for now, I'll have the 'make install' do it in future.
>>>
>>> Andrew Bartlett
>>>
>>>   
>>>       
>> No worries.  Just wanted to make sure I wasn't the only one. 
>> Other than that, it built from source and has been running like a
>> champ for a few hours now.  Cheers!
(Continue reading)

Permalink | Reply | 0 comments |

Gmane