headers
hesam mohamadian | 1 Aug 2010 05:45
Picon

can i join linux client to samba4 active directory

hi everybody my question is can i join linux client to samba4 active
directory and could you introduce a good how to please .

Thanks a lot
Permalink | Reply | 0 comments |
headers
Shuichi Ihara | 1 Aug 2010 07:03
Picon

Re: ctdb with Infiniband

Hi Stefan,

Thanks for sending patch and I saw this just was landed in the CTDB mainstream.
I've confirmed this patch works well and ib{0,1..} interfaces can be
detected and up them if it's still not running.
BTW, I got the following error messages that seems ARP requests can't
send Infiniband based H/W address.
It's different length between Infiniband H/W address and MAC address.

2010/08/01 13:30:55.928960 [ 3687]: common/system_linux.c:120 not an
ethernet address family (0x20)
2010/08/01 13:30:55.928985 [ 3687]: server/ctdb_takeover.c:240 sending
of arp failed on iface 'ib0' (Invalid argument)
2010/08/01 13:30:56.906027 [ 3687]: common/system_linux.c:120 not an
ethernet address family (0x20)
2010/08/01 13:30:56.906053 [ 3687]: server/ctdb_takeover.c:2657
sending of gratious arp on iface 'ib0' failed (Invalid argument)
2010/08/01 13:30:57.033025 [ 3687]: common/system_linux.c:120 not an
ethernet address family (0x20)
2010/08/01 13:30:57.033051 [ 3687]: server/ctdb_takeover.c:240 sending
of arp failed on iface 'ib0' (Invalid argument)
2010/08/01 13:30:57.911046 [ 3687]: common/system_linux.c:120 not an
ethernet address family (0x20)
2010/08/01 13:30:57.911070 [ 3687]: server/ctdb_takeover.c:2657
sending of gratious arp on iface 'ib0' failed (Invalid argument)
2010/08/01 13:30:58.138021 [ 3687]: common/system_linux.c:120 not an
ethernet address family (0x20)
2010/08/01 13:30:58.138047 [ 3687]: server/ctdb_takeover.c:240 sending
of arp failed on iface 'ib0' (Invalid argument)
(Continue reading)

Permalink | Reply | 0 comments |
headers
Stefan (metze) Metzmacher | 1 Aug 2010 10:56
Picon
Favicon

Re: Disabling test for ktpass

Hi Matthieu,

>> commit 0b4247ef7a60e7fe419681919daa3b31cae7bc48
>> Author: Stefan Metzmacher<metze <at> samba.org>
>> Date:   Sat Jul 31 11:31:43 2010 +0200
>>
>>      s4:selftest: skip samba4.blackbox.ktpass for now as it's not
>> portable
>>
>>      ktutil might not be installed or from MIT.
>>      We should build a samba4ktutil and use that instead,
>>      until then we need to skip this test.
>>
>>      metze
>>
> Would it be acceptable if the tests checks if ktutil  (and any other
> programs that ktpass depends on ) is present ?
> Matthieu

I'd prefer to build a samba4ktutil as we do for samba4kinit,
this would be useful on its own. As heimdal ktutil is much more useful
than the MIT ktutil, which is installed on most systems.
And they don't have the same user interface.

I'll try to look at this next week.

And we could run the test on all system then.

metze
(Continue reading)

Permalink | Reply | 1 comment |
headers
Kai Blin | 1 Aug 2010 11:27
Picon
Favicon
Gravatar

Re: yet another idmap rewrite - still for 3.6 ?

On Fri, 30 Jul 2010 17:47:25 +0200
Michael Adam <obnox <at> samba.org> wrote:

> This mail is to request that this code still gets into the
> 3.6 release, even though I did not manage to polish my
> patchset before the pre1 release.
[...]
> 1. The id mapping API should just consist of the methods
>     - sids_to_unixids
>     - unixids_to_sids
>    These calls should be atomic and the backend should know by itself
>    whether it needs to allocate some ids, store mappings and how.
>    To the caller, this should be completely irrelevant.

I really think this will make using winbindd from Samba4 much, much
easier. Basically, this is the central API Samba4 is using already.
Also, this changes allows us to use the concept of SID<->unixid
mappings in the S3 code, which again matches with what Metze and I came
up with when working on the S4 idmapping code in 2007.

I didn't get around to look at the actual patches yet, but I think
simplifying the idmap code while also moving the S3 and S4
implementations closer together is a good thing.

Cheers,
Kai

--

-- 
Kai Blin
Worldforge developer http://www.worldforge.org/
(Continue reading)

Permalink | Reply | 4 comments |
headers
samba.10.maazl | 1 Aug 2010 13:45
Favicon

WriteAndX chain offsets

Hi1,

newer samba 3 builds have a different implementation of chain_reply that 
handles inconsistencies in the chain offsets differently. This seems to 
cause problems with LANMAN2 clients. In fact I could reproduce a crash 
of Thunderbird (on eCS) when deleting mails.

After some tests I disabled one error check at chain_reply (process.c):

   already_used = PTR_DIFF(req->buf+req->buflen, smb_base(req->inbuf));
   if (chain_offset < already_used) {
     DEBUG(10, ("chain_reply: 3 - chain_offset=%i, already_used=%i, 
req->buflen=%i\n", chain_offset, already_used, req->buflen));
     // Do not fail to keep Thunderbird alive.
     // goto error;
   }

This fixed the problem so far. However, it might have other drawbacks. 
So I seek for a more sophisticated solution.

[tshark traces]
Samba 3.2.5 (working)
http://home.arcor.de/maazl/temp/tlog.tbird.3.2.5
Frame 910/911

Samba 3.5.4 (Thunderbird crash)
http://home.arcor.de/maazl/temp/tlog.tbird.3.5.4
Frame 833/834

Obviously with samba 3.2.5 the offset in the reply (48) message is
(Continue reading)

Permalink | Reply | 2 comments |
headers
mohammed siddiq | 1 Aug 2010 15:00
Picon

Kerberos support with Ldap Backend.

Hi;

It is clear from the Samba site the that Samba can be a Logon Server using
NTLM with LDAP as Backend; However is it possible to use kerberos as a logon
protocol instead of NTLM with LDAP backend ?

regards

Mohammed Siddiq
Permalink | Reply | 1 comment |
headers
shirishpargaonkar | 1 Aug 2010 22:40
Picon

[linux-smb2-client][PATCH] Make ntlmv2 as auth mech within NTLMSSP

Make ntlmv2 as an authentication mechanism within ntlmssp
instead of ntlmv1.

Parse type 2 response in ntlmssp negotiation to pluck
AV pairs and use them to calculate ntlmv2 response token.
Also, assign domain name from the sever response in type 2
packet of ntlmssp and use that (netbios) domain name in
calculation of response.

From 4f591f31d8c90afdd7969a0032dceb0d35fa56f9 Mon Sep 17 00:00:00 2001
From: Shirish Pargaonkar <shirishpargaonkar <at> gmail.com>
Date: Sun, 1 Aug 2010 15:35:07 -0500
Subject: [PATCH] make ntlmv2 as auth mech within NTLMSSP

Signed-off-by: Shirish Pargaonkar <shirishpargaonkar <at> gmail.com>
---
 fs/smb2/ntlmssp.c     |  148 +++++++++++++++++++++++++++-----------------
 fs/smb2/ntlmssp.h     |   13 ++++
 fs/smb2/smb2encrypt.c |  164 ++++++++++++++++++++++++++++++-------------------
 fs/smb2/smb2glob.h    |   18 +++++-
 fs/smb2/smb2pdu.c     |    2 +-
 fs/smb2/smb2pdu.h     |   13 +++-
 fs/smb2/smb2proto.h   |    1 +
 7 files changed, 234 insertions(+), 125 deletions(-)

diff --git a/fs/smb2/ntlmssp.c b/fs/smb2/ntlmssp.c
index e1e9fe6..e8a2864 100644
--- a/fs/smb2/ntlmssp.c
+++ b/fs/smb2/ntlmssp.c
 <at>  <at>  -22,6 +22,9  <at>  <at>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andrew Bartlett | 1 Aug 2010 23:47
Picon
Favicon

Re: Samba4 questions

On Tue, 2010-07-27 at 20:41 -0700, tms3 <at> tms3.com wrote:
> Just a few quickies.
> 
> 1.  With a Samba4 PDC, where can I find the manual for the commands to 
> say remove joined/orphaned DC's?

There is no such command yet.  The objects must be removed from the
directory manually. 

> 2.  Is SMB2 enabled by default?  Where can I find the smb.conf 
> options?

Like in Samba3, set 'max protocol = smb2'.

Andrew Bartlett

--

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
Permalink | Reply | 0 comments |
headers
Andrew Bartlett | 2 Aug 2010 00:06
Picon
Favicon

Re: S3 plain text to encrypted password transition

On Wed, 2010-07-28 at 12:05 -0400, Yannick Bergeron wrote:
> fyi
> 
> We do still have DOS, Win9x and other OS/SMB client that still require us to use these 3 settings on our Samba server
>         client lanman auth = Yes
>         client plaintext auth = Yes
>         encrypt passwords = No
> 
> Currently on Samba 3.3.0 but in the process of upgrading to 3.5.4

Is this meant to be in response to the questions about 'update
encrypted'?  If so, then this should not impact you. 

But do those clients really require plaintext, or just lanman passwords?
Also, given how weak plaintext authentication is, would a long-term
alternative for your operation be to simply allowing guest access?

Andrew Bartlett

--

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
Permalink | Reply | 0 comments |
headers
Andrew Bartlett | 2 Aug 2010 00:07
Picon
Favicon

Re: Disabling test for ktpass

On Sun, 2010-08-01 at 10:56 +0200, Stefan (metze) Metzmacher wrote:
> Hi Matthieu,
> 
> >> commit 0b4247ef7a60e7fe419681919daa3b31cae7bc48
> >> Author: Stefan Metzmacher<metze <at> samba.org>
> >> Date:   Sat Jul 31 11:31:43 2010 +0200
> >>
> >>      s4:selftest: skip samba4.blackbox.ktpass for now as it's not
> >> portable
> >>
> >>      ktutil might not be installed or from MIT.
> >>      We should build a samba4ktutil and use that instead,
> >>      until then we need to skip this test.
> >>
> >>      metze
> >>
> > Would it be acceptable if the tests checks if ktutil  (and any other
> > programs that ktpass depends on ) is present ?
> > Matthieu
> 
> I'd prefer to build a samba4ktutil as we do for samba4kinit,
> this would be useful on its own. As heimdal ktutil is much more useful
> than the MIT ktutil, which is installed on most systems.
> And they don't have the same user interface.
> 
> I'll try to look at this next week.
> 
> And we could run the test on all system then.

That would be great.  Thanks metze!
(Continue reading)

Permalink | Reply | 0 comments |

Gmane