Björn JACKE | 1 Feb 03:30 2009
Picon

fix build with external dns_sd libs

Hi all,

can someone please push this please to fix build with external dns_sd libs?

Thanks
Björn
Volker Lendecke | 1 Feb 10:49 2009
Picon

Re: fix build with external dns_sd libs

On Sun, Feb 01, 2009 at 03:30:38AM +0100, Björn JACKE wrote:
> can someone please push this please to fix build with external dns_sd libs?

Done, thanks!

Volker
Björn JACKE | 1 Feb 13:32 2009
Picon

fix configure

Hi all,

an error in the s4 m4 files. Can someone please push?

Thanks
Björn
Matthieu Patou | 1 Feb 15:44 2009
Picon

Re: Expired or must change password with linux/unix/mac clients against Samba4 KDC

Hello Love,
I tried without success your patch !
First problem is that it's not only *_kdc_check_flags which returns 
KRB5KDC_ERR_KEY_EXPIRED* but also
_kdc_windc_client_access.

I first added some code to delay the return of KRB5KDC_ERR_KEY_EXPIRED 
until we have been able to check the identity of the client.
It makes kinit ( v1.6 because v1.4 do nothing) to reissue a request to 
kadmin/changepw server.
But as change_pw is not set I was "obliged" to add a hack on the 
server_name comparison.

It's worth noting that when a windows client has an expired password it 
works (even without the patch), the reason of this is that when it gets 
into authsam_account_ok (which seems to be called by 
kdb_windc_client_access) the field pwdLastSet has the value that is set 
to current time for the request to server kadmin/changepw.

I tried to find the place in the code doing this change but so far I'am 
out of luck so I have this poor hack.

Matthieu.

On 02/01/2009 01:08 AM, Love Hörnquist Åstrand wrote:
> Mattheui,
>
> To get the windows behavior you need the attached patch.
>
> The reason the AS-REQ to kadmin/admin is probably that the hdb layer 
(Continue reading)

Unified-Sean | 1 Feb 21:52 2009

Re: Unable to join a domain with windows 7 beta1


Luke Howard wrote:
> 
> That's good to know. With DSfW, looking at NetSetup.log, somehow early  
> on it decides that the NetBIOS domain name is the least significant  
> component of the DNS domain name (which in my test environment it  
> isn't).
> 
> Still trying to figure out what is triggering this; it appears that in  
> Windows 7 more of the join is done over LDAP than in previous versions  
> of Windows.
> 
> Does anyone know if it's possible to disable LDAP sealing in the  
> domain join?
> 
> --luke
> 
> On 16/01/2009, at 6:27 PM, Volker Lendecke wrote:
> 
>> Hi!
>>
>> On Thu, Jan 15, 2009 at 11:10:55AM -0800, Joshua-M wrote:
>>> I have a Samba 3 / OpenLDAP system working with 2000, XP/2003 and  
>>> Vista
>>> clients, but no go with 7, I will attach what information I have  
>>> gathered.
>>
>> Jim Pinkerton asked me to post this message from Microsoft:
>>
>>  Sincere apologies, but wanted to confirm that there is an issue  
(Continue reading)

Unified-Sean | 1 Feb 21:52 2009

Re: Unable to join a domain with windows 7 beta1


Luke Howard wrote:
> 
> That's good to know. With DSfW, looking at NetSetup.log, somehow early  
> on it decides that the NetBIOS domain name is the least significant  
> component of the DNS domain name (which in my test environment it  
> isn't).
> 
> Still trying to figure out what is triggering this; it appears that in  
> Windows 7 more of the join is done over LDAP than in previous versions  
> of Windows.
> 
> Does anyone know if it's possible to disable LDAP sealing in the  
> domain join?
> 
> --luke
> 
> On 16/01/2009, at 6:27 PM, Volker Lendecke wrote:
> 
>> Hi!
>>
>> On Thu, Jan 15, 2009 at 11:10:55AM -0800, Joshua-M wrote:
>>> I have a Samba 3 / OpenLDAP system working with 2000, XP/2003 and  
>>> Vista
>>> clients, but no go with 7, I will attach what information I have  
>>> gathered.
>>
>> Jim Pinkerton asked me to post this message from Microsoft:
>>
>>  Sincere apologies, but wanted to confirm that there is an issue  
(Continue reading)

Unified-Sean | 1 Feb 21:52 2009

Re: Unable to join a domain with windows 7 beta1


Luke Howard wrote:
> 
> That's good to know. With DSfW, looking at NetSetup.log, somehow early  
> on it decides that the NetBIOS domain name is the least significant  
> component of the DNS domain name (which in my test environment it  
> isn't).
> 
> Still trying to figure out what is triggering this; it appears that in  
> Windows 7 more of the join is done over LDAP than in previous versions  
> of Windows.
> 
> Does anyone know if it's possible to disable LDAP sealing in the  
> domain join?
> 
> --luke
> 
> On 16/01/2009, at 6:27 PM, Volker Lendecke wrote:
> 
>> Hi!
>>
>> On Thu, Jan 15, 2009 at 11:10:55AM -0800, Joshua-M wrote:
>>> I have a Samba 3 / OpenLDAP system working with 2000, XP/2003 and  
>>> Vista
>>> clients, but no go with 7, I will attach what information I have  
>>> gathered.
>>
>> Jim Pinkerton asked me to post this message from Microsoft:
>>
>>  Sincere apologies, but wanted to confirm that there is an issue  
(Continue reading)

Michael Adam | 1 Feb 21:59 2009
Picon

Re: CTDB 1.0.70 missing header file.

Hi Ronnie,

I hope, you are having a nice vacation! :-)

I have pushed more changes to my branch git://git.samba.org/obnox/ctdb.git:

Some bug fixes for the check_tcp_port monitoring.
There were several cases when monitoring failed due to different
locations of nectat and/or netstat binaries, and the netstat
method did not correctly detect daemons listening on the
ipv6 wildcard address ":::$port" (instead of ipv4 "0.0.0.0:$port).

These should all be fixed now.

Cheers - Michael

ronnie sahlberg wrote:
> Thanks for that Michael,
> Ill merge it once im back from vacation
> 
> 
> 
> On Thu, Jan 29, 2009 at 10:04 PM, Michael Adam <ma <at> sernet.de> wrote:
> > Hi William,
> >
> > Thanks for reporting that error.
> > I have reproduced it on our AIX machine.
> >
> > Your fix works but is not entirely correct
> > since it is not portable.
(Continue reading)

Unified-Sean | 1 Feb 22:03 2009

Re: Unable to join a domain with windows 7 beta1


Guys.  I hate to be the one to suggest this and it might just sound
proposterous but I think MS might have completely disabled the Domain
feature in Windows 7 to avoid small business from basing their whole
enterprise on a BETA OS that has not been thoroughly tested in that area of
operation.  MS Enterprise software has always been a HUGE thing to MS and
they have always seemed to put most of their resources into making sure
these things don't  <at> #% up...

To me this theory is pure speculation at best right now but I believe it's a
sensible possibility.  None the less, it's still a hail marry when it comes
to fact.  I have zilch for supporting evidence.  I just see no other reason
why after so much testing on our end using WK8 servers running the domain,
and being able to join many and all other compatible clients, that windows 7
client STILL fails to join.

I have also been scouring the internet for a solution and at this point,
I've started scouring TechNet for an official document saying exactly what
I'm saying here!!  There's nothing out there though.  I imagine we'll hear
something about this soon enough though.  Hundreds of people are wondering
why Windows 7 Beta will not join a domain (still).  for now, I will keep my
eyes and ears open!!!

Luke Howard wrote:
> 
> That's good to know. With DSfW, looking at NetSetup.log, somehow early  
> on it decides that the NetBIOS domain name is the least significant  
> component of the DNS domain name (which in my test environment it  
> isn't).
> 
(Continue reading)

Luke Howard | 1 Feb 23:21 2009

Re: Unable to join a domain with windows 7 beta1


On 02/02/2009, at 8:03 AM, Unified-Sean wrote:

>
> Guys.  I hate to be the one to suggest this and it might just sound
> proposterous but I think MS might have completely disabled the Domain
> feature in Windows 7 to avoid small business from basing their whole

That, I doubt very much.

-- Luke


Gmane