headers
Brad Hards | 1 Sep 2010 01:01

Re: Samba build is broken

On Wednesday, September 01, 2010 07:07:00 am Björn JACKE wrote:
> On 2010-08-31 at 17:08 +0300 Zahari Zahariev sent off:
> > http://pastebin.com/h6zzQg1g
> > 
> > Can you fix that?
> 
> didn't see that here, sorry for the breakage. I've reverted it for now.
There appears to be more problems.

OpenChange uses a standalone build of ldb (i.e. we use it outside of the samba 
server), and the build for that is broken in ldbtest.c

[58/74] Compiling tools/ldbtest.c
../tools/ldbtest.c: In function ‘_start_timer’:
../tools/ldbtest.c:48: error: implicit declaration of function 
‘clock_gettime_mono’
Waf: Leaving directory 
`/home/buildslave1/buildbot/everything/build/samba4/source4/lib/ldb/bin'
Build failed:  -> task failed (err #1): 
	{task: cc ldbtest.c -> ldbtest_35.o}
make: *** [all] Error 1

Fixing the declaration is easy, but I'm not sure how to link to the 
appropriate subsystem (LIBSAMBA-UTIL) in a standalone build.

I tried this:
index a885b80..8c4f377 100644
--- a/source4/lib/ldb/tools/ldbtest.c
+++ b/source4/lib/ldb/tools/ldbtest.c
 <at>  <at>  -39,6 +39,7  <at>  <at>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andrew Bartlett | 1 Sep 2010 09:39
Picon
Favicon

[PATCH] --option support on Samba3. (was Re: What is lp_load_ex() in source3/param/loadparm.c?)

On Mon, 2010-08-23 at 08:15 +1000, Andrew Bartlett wrote:
> On Sun, 2010-08-22 at 23:31 +0200, Michael Adam wrote:

> > I'd like to go over all callers of lp_load myself and check
> > whether all the parameters to lp_load are correct at all
> > (there may still be regressions introduced by the introduction
> > of registry shares/registry global config), and verify the
> > correct wrappers.
> > 
> > I also think that there are some inaccuracies in the patches
> > changing callers of lp_load to the new wrappers. Some are simply
> > assigned to the wrong commit (not bad but irritating at first
> > sight), and in at least two places you changed a call to
> > "lp_load_initial_only" which does not load registry globals
> > to a full blown lp_load wrapper. I would like to check all
> > the instances. But I don't think I will make it tonight. :-)
> > 
> > I would like to hold off pushing the introduction of the
> > wrappers until I have gone over the callers in detail, if
> > that's ok for you.
> 
> I very much agree.  The call change to lp_load_initial_only() in
> libsmbclient is indeed a bug - sorry about that.  In the first
> generation of this patch I had incorrectly assumed it was equivalent to
> what I later added as lp_load_for_client(), before I re-read your mail. 
> 
> I've just pushed 'loadparm-changes-lp-set-cmdline' to my git repo, in
> case you want to work from there.  I agree it's really hard to stare
> more than a dozen simple replacements and remain convinced that there
> isn't a typo or behaviour change in there, or on the other hand to find
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andreas Schneider | 1 Sep 2010 10:01
Picon
Favicon
Gravatar

Re: s3-passdb: Try to unlock the account if it is locked out

On Tuesday 31 August 2010 23:03:38 Andrew Bartlett wrote:
> On Tue, 2010-08-31 at 11:16 -0400, Jim McDonough wrote:
> > On Mon, Aug 30, 2010 at 10:44 AM, Simo Sorce <idra <at> samba.org> wrote:
> > > The branch, master has been updated
> > > 
> > >       via  20e7b4e s3-auth: The unlock of the account is now done by
> > >       the get_sampwnam call. via  c5cfad1 s3-passdb: Try to unlock the
> > >       account if it is locked out. via  2ab0b63 s3-passdb: Added a
> > >       pdb_try_account_unlock function. via  9dd7e7f s3-auth: Use
> > >       SamInfo3_for_guest to create guest server_info.
> > >      
> > >      from  5f419ea packaging: Build with -O3
> > 
> > The account locking code is hereby yours!!!
> > 
> > /me runs and hides from bmarsh
> 
> I'm a little worried by these changes, because we only just finished
> removing the magic from passdb that did unexpected things behind
> ordinary-looking interfaces.  (That is, the calls out to sid_to_gid() in
> the set_primary_group_id() wrapper.)
> 
> Is it really the best idea for a read operation 'get_smbpwnam()' to make
> write calls to the database?

I've researched this on a Windows 2008 Server. You can login to the system 
again after the lockout duration which means netr_LogonSamLogon is unlocking 
the account. But a samr_QueryUserInfo doing the same, as Administrator or as 
diffent user. I've first implemented it in the samr_OpenUser call, but then it 
is possible that there are more functions.
(Continue reading)

Permalink | Reply | 7 comments |
headers
Diego Gutierrez Zaldivar | 1 Sep 2010 15:50
Favicon

Trouble vampiring W2K3 into Ubuntu Lucid 10.04 with Samba4

  Thanks in advance for your help. What I'm trying to achieve is to 
vampire a W2K3 AD into a Samba4 and then shutdown the W2K3 AD so Samba4 
takes its place. So far I was able to provision a Samba4 properly and 
then add / remove computers and users to a provisioned Samba4 but when I 
try to replicate those activities on a vampired Samba4 I miserably fail. 
I get to transfer the users and to join the Samba4 as Domain Controller 
but when I try to add a Windows machine to the Samba4 I get an error 
saying the server is not fully funcional. In both scenarios provisioned 
and vampired I get the file shares working without problems. Am I 
missing something?

Thank you very much for your help;
Diego

PD: Another problem I face is that I have to rename the Linux hostname 
every time I vampire as I get an error saying the name already exists 
and the old names keep registered somewhere I can't find because when I 
run source4/scripting/devel/rebuild_zone.sh zones are created for all 
the old hostnames the Linux machine had in the past.

Here are the steps I follow:

- Install required packages on Ubuntu Lucid 10.04
- Get Samba4 source through git
- configure.developer, make, make tests, sudo make install
- sudo /usr/local/samba/bin/net vampire company.company -Ugod 
--realm=company.company (my administrator is called god). This results in:

CLDAP response: forest=company.company dns=company.company 
netbios=company server_site=Nombre-predeterminado-primer-sitio
(Continue reading)

Permalink | Reply | 5 comments |
headers
Michael Wood | 1 Sep 2010 23:15
Picon

Re: [Samba] Implementing Samba4

2010/9/1 Daniel Müller <mueller <at> tropenklinik.de>:
> On Wed, 1 Sep 2010 12:00:29 +0200, Michael Wood <esiotrot <at> gmail.com>
> wrote:
>> Hi
>>
>> 2010/9/1 Juan Asensio Sánchez <okelet <at> gmail.com>:
>>> El 1 de septiembre de 2010 09:54, Daniel Müller
>>> <mueller <at> tropenklinik.de>escribió:
[...]
>>>> Why do not just use the samba 4 internal ldap-server?? And just net
> rpc
>>>> vampire the users and groups from
>>
>> I doubt "net rpc vampire" will do anything except give you an error
>> message :)  I believe the "rpc" vs. "ads" etc. options are considered
>> to have been a mistake, so are not supported by Samba4's net command.
>> Also, there is no support currently for vampiring from Samba3 to
>> Samba4.  Someone is working on a migration script, though.  Check the

> How about: 2 Samba4-DCs with OpenLDAP 2.4.8 in Multi-Master-Replication
> at: http://lists.samba.org/archive/samba-technical/2008-April/058567.html

I think perhaps Samba4 worked better with OpenLDAP in the past and it
should also be fixed to work with it again in future, but at the
moment it won't work:

http://lists.samba.org/archive/samba-technical/2010-July/072445.html
"For various reasons, the OpenLDAP backend for Samba4 is not functional
at this time."
(Continue reading)

Permalink | Reply | 2 comments |
headers
Michael Wood | 1 Sep 2010 23:25
Picon

Re: Trouble vampiring W2K3 into Ubuntu Lucid 10.04 with Samba4

On 1 September 2010 15:50, Diego Gutierrez Zaldivar
<dgz <at> trustedtranslations.com> wrote:
>  Thanks in advance for your help. What I'm trying to achieve is to vampire a
> W2K3 AD into a Samba4 and then shutdown the W2K3 AD so Samba4 takes its
> place. So far I was able to provision a Samba4 properly and then add /
> remove computers and users to a provisioned Samba4 but when I try to
> replicate those activities on a vampired Samba4 I miserably fail. I get to
> transfer the users and to join the Samba4 as Domain Controller but when I
> try to add a Windows machine to the Samba4 I get an error saying the server
> is not fully funcional. In both scenarios provisioned and vampired I get the
> file shares working without problems. Am I missing something?

Well, I'm not sure, but it sounds like you might be vampiring after
provisioning.  If you want to vampire the Win2k3 machine, you should
not run provision first.  I suggest you remove /usr/local/samba
completely (or wherever you installed it), then reinstall and DO NOT
provision.  Just vampire.

Also, if you vampire once and it fails, do not just vampire again.
Rather remove the files created by the vampire process and start
again.  I'm not sure exactly what's created when you
provision/vampire, so you'll have to experiment or see if someone else
enlightens us, but should be easy to see.

--

-- 
Michael Wood <esiotrot <at> gmail.com>
Permalink | Reply | 1 comment |
headers
Diego Gutierrez Zaldivar | 1 Sep 2010 23:54
Favicon

Re: Trouble vampiring W2K3 into Ubuntu Lucid 10.04 with Samba4

  Dear Michel,

Thank you for taking the time to help me. In this case I already deleted 
/usr/local/samba completely and build and vampired from a completely 
clean git pull. Maybe to narrow down the problem you can confirm a 
couple of things for me before I get any further into detail. So far 
what I did is:

- Install required packages on Ubuntu Lucid 10.04 (BIND 9.7.0-P1 included)
- Get Samba4 source through git
- configure.developer, make, make tests, sudo make install (samba 
version 4.0.0alpha12-GIT-5b875a8)
- sudo /usr/local/samba/bin/net vampire company.company -Ugod 
--realm=company.company (my administrator is called god)

I only made the steps described above. Is there a missing step? Also on 
the vampiring process I've got this warnings:

../dsdb/common/util.c:3001: WARNING: domainFunctionality not setup

Is this okay?

TIA for your help!
Diego

Michael Wood wrote:
> On 1 September 2010 15:50, Diego Gutierrez Zaldivar
> <dgz <at> trustedtranslations.com>  wrote:
>>   Thanks in advance for your help. What I'm trying to achieve is to vampire a
>> W2K3 AD into a Samba4 and then shutdown the W2K3 AD so Samba4 takes its
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andrew Bartlett | 2 Sep 2010 00:53
Picon
Favicon

Re: s3-passdb: Try to unlock the account if it is locked out

On Wed, 2010-09-01 at 10:01 +0200, Andreas Schneider wrote:
> On Tuesday 31 August 2010 23:03:38 Andrew Bartlett wrote:
> > On Tue, 2010-08-31 at 11:16 -0400, Jim McDonough wrote:
> > > On Mon, Aug 30, 2010 at 10:44 AM, Simo Sorce <idra <at> samba.org> wrote:
> > > > The branch, master has been updated
> > > > 
> > > >       via  20e7b4e s3-auth: The unlock of the account is now done by
> > > >       the get_sampwnam call. via  c5cfad1 s3-passdb: Try to unlock the
> > > >       account if it is locked out. via  2ab0b63 s3-passdb: Added a
> > > >       pdb_try_account_unlock function. via  9dd7e7f s3-auth: Use
> > > >       SamInfo3_for_guest to create guest server_info.
> > > >      
> > > >      from  5f419ea packaging: Build with -O3
> > > 
> > > The account locking code is hereby yours!!!
> > > 
> > > /me runs and hides from bmarsh
> > 
> > I'm a little worried by these changes, because we only just finished
> > removing the magic from passdb that did unexpected things behind
> > ordinary-looking interfaces.  (That is, the calls out to sid_to_gid() in
> > the set_primary_group_id() wrapper.)
> > 
> > Is it really the best idea for a read operation 'get_smbpwnam()' to make
> > write calls to the database?
> 
> I've researched this on a Windows 2008 Server. You can login to the system 
> again after the lockout duration which means netr_LogonSamLogon is unlocking 
> the account. But a samr_QueryUserInfo doing the same, as Administrator or as 
> diffent user. I've first implemented it in the samr_OpenUser call, but then it
(Continue reading)

Permalink | Reply | 6 comments |
headers
Diego Gutierrez Zaldivar | 2 Sep 2010 03:08
Favicon

Re: Trouble vampiring W2K3 into Ubuntu Lucid 10.04 with Samba4

  I find out the reason why I couldn't vampire the W2K3 AD for the 
second time. The reason is I was only removing the Samba4 AD recently 
joined from the Domain Controllers section of Active Directory Users and 
Computers. To completely remove any reference its also necessary to 
remove the server from the Sites/Servers section of Active Directory 
Sites and Services.

As I saw on my threads the partially removed joined AD are also the 
cause for this kind error messages on Samba:

dreplsrv_notify: Failed to send DsReplicaSync to 
3dac8179-a019-4a04-a8d4-bbc80bfbde7e._msdcs.trusted.trusted for 
DC=trusted,DC=trusted - NT_STATUS_OBJECT_NAME_NOT_FOUND : WERR_BADFILE

On the other hand I made the vampired Samba4 AD work by configuring the 
BIND zones for my domain slave zones of the DNS running on the W2K3 
Server which is good for testing purposes but as I want to shutdown the 
W2K3 Server would be nice to have independence. Any help regarding the 
proper DNS configuration for a vampired server will be highly appreciated :)

Cheers,
Diego

Diego Gutierrez Zaldivar wrote:
>  Thanks in advance for your help. What I'm trying to achieve is to 
> vampire a W2K3 AD into a Samba4 and then shutdown the W2K3 AD so 
> Samba4 takes its place. So far I was able to provision a Samba4 
> properly and then add / remove computers and users to a provisioned 
> Samba4 but when I try to replicate those activities on a vampired 
> Samba4 I miserably fail. I get to transfer the users and to join the
(Continue reading)

Permalink | Reply | 2 comments |
headers
Michael Wood | 2 Sep 2010 08:43
Picon

Re: Trouble vampiring W2K3 into Ubuntu Lucid 10.04 with Samba4

Hi

On 2 September 2010 03:08, Diego Gutierrez Zaldivar
<dgz <at> trustedtranslations.com> wrote:
>  I find out the reason why I couldn't vampire the W2K3 AD for the second
> time. The reason is I was only removing the Samba4 AD recently joined from
> the Domain Controllers section of Active Directory Users and Computers. To
> completely remove any reference its also necessary to remove the server from
> the Sites/Servers section of Active Directory Sites and Services.
>
> As I saw on my threads the partially removed joined AD are also the cause
> for this kind error messages on Samba:
>
> dreplsrv_notify: Failed to send DsReplicaSync to
> 3dac8179-a019-4a04-a8d4-bbc80bfbde7e._msdcs.trusted.trusted for
> DC=trusted,DC=trusted - NT_STATUS_OBJECT_NAME_NOT_FOUND : WERR_BADFILE
>
> On the other hand I made the vampired Samba4 AD work by configuring the BIND
> zones for my domain slave zones of the DNS running on the W2K3 Server which
> is good for testing purposes but as I want to shutdown the W2K3 Server would
> be nice to have independence. Any help regarding the proper DNS
> configuration for a vampired server will be highly appreciated :)

Have a look at the samba (rather than samba-technical) list archives.
There have been some messages recently about setting up dynamic DNS
for Samba4 with some HOWTOs for Centos posted, which might help even
if you're not running Centos.

Sorry, I am not able to help more with this at the moment.
(Continue reading)

Permalink | Reply | 1 comment |

Gmane