Brad Hards | 1 Sep 01:01 2010
Picon

Re: Samba build is broken

On Wednesday, September 01, 2010 07:07:00 am Björn JACKE wrote:
> On 2010-08-31 at 17:08 +0300 Zahari Zahariev sent off:
> > http://pastebin.com/h6zzQg1g
> > 
> > Can you fix that?
> 
> didn't see that here, sorry for the breakage. I've reverted it for now.
There appears to be more problems.

OpenChange uses a standalone build of ldb (i.e. we use it outside of the samba 
server), and the build for that is broken in ldbtest.c

[58/74] Compiling tools/ldbtest.c
../tools/ldbtest.c: In function ‘_start_timer’:
../tools/ldbtest.c:48: error: implicit declaration of function 
‘clock_gettime_mono’
Waf: Leaving directory 
`/home/buildslave1/buildbot/everything/build/samba4/source4/lib/ldb/bin'
Build failed:  -> task failed (err #1): 
	{task: cc ldbtest.c -> ldbtest_35.o}
make: *** [all] Error 1

Fixing the declaration is easy, but I'm not sure how to link to the 
appropriate subsystem (LIBSAMBA-UTIL) in a standalone build.

I tried this:
index a885b80..8c4f377 100644
--- a/source4/lib/ldb/tools/ldbtest.c
+++ b/source4/lib/ldb/tools/ldbtest.c
 <at>  <at>  -39,6 +39,7  <at>  <at> 
(Continue reading)

Andrew Bartlett | 1 Sep 09:39 2010
Picon

[PATCH] --option support on Samba3. (was Re: What is lp_load_ex() in source3/param/loadparm.c?)

On Mon, 2010-08-23 at 08:15 +1000, Andrew Bartlett wrote:
> On Sun, 2010-08-22 at 23:31 +0200, Michael Adam wrote:

> > I'd like to go over all callers of lp_load myself and check
> > whether all the parameters to lp_load are correct at all
> > (there may still be regressions introduced by the introduction
> > of registry shares/registry global config), and verify the
> > correct wrappers.
> > 
> > I also think that there are some inaccuracies in the patches
> > changing callers of lp_load to the new wrappers. Some are simply
> > assigned to the wrong commit (not bad but irritating at first
> > sight), and in at least two places you changed a call to
> > "lp_load_initial_only" which does not load registry globals
> > to a full blown lp_load wrapper. I would like to check all
> > the instances. But I don't think I will make it tonight. :-)
> > 
> > I would like to hold off pushing the introduction of the
> > wrappers until I have gone over the callers in detail, if
> > that's ok for you.
> 
> I very much agree.  The call change to lp_load_initial_only() in
> libsmbclient is indeed a bug - sorry about that.  In the first
> generation of this patch I had incorrectly assumed it was equivalent to
> what I later added as lp_load_for_client(), before I re-read your mail. 
> 
> I've just pushed 'loadparm-changes-lp-set-cmdline' to my git repo, in
> case you want to work from there.  I agree it's really hard to stare
> more than a dozen simple replacements and remain convinced that there
> isn't a typo or behaviour change in there, or on the other hand to find
(Continue reading)

Andreas Schneider | 1 Sep 10:01 2010
Picon

Re: s3-passdb: Try to unlock the account if it is locked out

On Tuesday 31 August 2010 23:03:38 Andrew Bartlett wrote:
> On Tue, 2010-08-31 at 11:16 -0400, Jim McDonough wrote:
> > On Mon, Aug 30, 2010 at 10:44 AM, Simo Sorce <idra <at> samba.org> wrote:
> > > The branch, master has been updated
> > > 
> > >       via  20e7b4e s3-auth: The unlock of the account is now done by
> > >       the get_sampwnam call. via  c5cfad1 s3-passdb: Try to unlock the
> > >       account if it is locked out. via  2ab0b63 s3-passdb: Added a
> > >       pdb_try_account_unlock function. via  9dd7e7f s3-auth: Use
> > >       SamInfo3_for_guest to create guest server_info.
> > >      
> > >      from  5f419ea packaging: Build with -O3
> > 
> > The account locking code is hereby yours!!!
> > 
> > /me runs and hides from bmarsh
> 
> I'm a little worried by these changes, because we only just finished
> removing the magic from passdb that did unexpected things behind
> ordinary-looking interfaces.  (That is, the calls out to sid_to_gid() in
> the set_primary_group_id() wrapper.)
> 
> Is it really the best idea for a read operation 'get_smbpwnam()' to make
> write calls to the database?

I've researched this on a Windows 2008 Server. You can login to the system 
again after the lockout duration which means netr_LogonSamLogon is unlocking 
the account. But a samr_QueryUserInfo doing the same, as Administrator or as 
diffent user. I've first implemented it in the samr_OpenUser call, but then it 
is possible that there are more functions.
(Continue reading)

Michael Wood | 1 Sep 12:00 2010
Picon

Re: Implementing Samba4

Hi

2010/9/1 Juan Asensio Sánchez <okelet <at> gmail.com>:
> El 1 de septiembre de 2010 09:54, Daniel Müller
> <mueller <at> tropenklinik.de>escribió:
>
>> On Wed, 1 Sep 2010 09:42:45 +0200, Juan Asensio Sánchez <okelet <at> gmail.com>
>> wrote:
>> > Hi
>> >
>> > I am trying to install Samba 4 on a Ubuntu 10.04 Server machine. I have
>> > downloaded the sources, compiled it and installed. Now I have to do the
>> > provision step. I want to use an existing LDAP server (389 Directory
>> > Server)

I believe Samba4 currently does not work correctly with an external LDAP server.

>> > installed in other machine (well, really a lot of machines, yet
>> configured
>> > for replication). Also, the servers only accept SSL connections. But all
>> > the
>> Why do not just use the samba 4 internal ldap-server?? And just net rpc
>> vampire the users and groups from

I doubt "net rpc vampire" will do anything except give you an error
message :)  I believe the "rpc" vs. "ads" etc. options are considered
to have been a mistake, so are not supported by Samba4's net command.
Also, there is no support currently for vampiring from Samba3 to
Samba4.  Someone is working on a migration script, though.  Check the
samba-technical archives.
(Continue reading)

Diego Gutierrez Zaldivar | 1 Sep 15:50 2010

Trouble vampiring W2K3 into Ubuntu Lucid 10.04 with Samba4

  Thanks in advance for your help. What I'm trying to achieve is to 
vampire a W2K3 AD into a Samba4 and then shutdown the W2K3 AD so Samba4 
takes its place. So far I was able to provision a Samba4 properly and 
then add / remove computers and users to a provisioned Samba4 but when I 
try to replicate those activities on a vampired Samba4 I miserably fail. 
I get to transfer the users and to join the Samba4 as Domain Controller 
but when I try to add a Windows machine to the Samba4 I get an error 
saying the server is not fully funcional. In both scenarios provisioned 
and vampired I get the file shares working without problems. Am I 
missing something?

Thank you very much for your help;
Diego

PD: Another problem I face is that I have to rename the Linux hostname 
every time I vampire as I get an error saying the name already exists 
and the old names keep registered somewhere I can't find because when I 
run source4/scripting/devel/rebuild_zone.sh zones are created for all 
the old hostnames the Linux machine had in the past.

Here are the steps I follow:

- Install required packages on Ubuntu Lucid 10.04
- Get Samba4 source through git
- configure.developer, make, make tests, sudo make install
- sudo /usr/local/samba/bin/net vampire company.company -Ugod 
--realm=company.company (my administrator is called god). This results in:

CLDAP response: forest=company.company dns=company.company 
netbios=company server_site=Nombre-predeterminado-primer-sitio  
(Continue reading)

Daniel Müller | 1 Sep 21:16 2010
Picon

Re: Implementing Samba4

On Wed, 1 Sep 2010 12:00:29 +0200, Michael Wood <esiotrot <at> gmail.com>
wrote:
> Hi
> 
> 2010/9/1 Juan Asensio Sánchez <okelet <at> gmail.com>:
>> El 1 de septiembre de 2010 09:54, Daniel Müller
>> <mueller <at> tropenklinik.de>escribió:
>>
>>> On Wed, 1 Sep 2010 09:42:45 +0200, Juan Asensio Sánchez
>>> <okelet <at> gmail.com>
>>> wrote:
>>> > Hi
>>> >
>>> > I am trying to install Samba 4 on a Ubuntu 10.04 Server machine. I
>>> > have
>>> > downloaded the sources, compiled it and installed. Now I have to do
>>> > the
>>> > provision step. I want to use an existing LDAP server (389 Directory
>>> > Server)
> 
> I believe Samba4 currently does not work correctly with an external LDAP
> server.
> 
>>> > installed in other machine (well, really a lot of machines, yet
>>> configured
>>> > for replication). Also, the servers only accept SSL connections. But
>>> > all
>>> > the
>>> Why do not just use the samba 4 internal ldap-server?? And just net
rpc
(Continue reading)

Michael Wood | 1 Sep 23:15 2010
Picon

Re: [Samba] Implementing Samba4

2010/9/1 Daniel Müller <mueller <at> tropenklinik.de>:
> On Wed, 1 Sep 2010 12:00:29 +0200, Michael Wood <esiotrot <at> gmail.com>
> wrote:
>> Hi
>>
>> 2010/9/1 Juan Asensio Sánchez <okelet <at> gmail.com>:
>>> El 1 de septiembre de 2010 09:54, Daniel Müller
>>> <mueller <at> tropenklinik.de>escribió:
[...]
>>>> Why do not just use the samba 4 internal ldap-server?? And just net
> rpc
>>>> vampire the users and groups from
>>
>> I doubt "net rpc vampire" will do anything except give you an error
>> message :)  I believe the "rpc" vs. "ads" etc. options are considered
>> to have been a mistake, so are not supported by Samba4's net command.
>> Also, there is no support currently for vampiring from Samba3 to
>> Samba4.  Someone is working on a migration script, though.  Check the

> How about: 2 Samba4-DCs with OpenLDAP 2.4.8 in Multi-Master-Replication
> at: http://lists.samba.org/archive/samba-technical/2008-April/058567.html

I think perhaps Samba4 worked better with OpenLDAP in the past and it
should also be fixed to work with it again in future, but at the
moment it won't work:

http://lists.samba.org/archive/samba-technical/2010-July/072445.html
"For various reasons, the OpenLDAP backend for Samba4 is not functional
at this time."

(Continue reading)

Michael Wood | 1 Sep 23:25 2010
Picon

Re: Trouble vampiring W2K3 into Ubuntu Lucid 10.04 with Samba4

On 1 September 2010 15:50, Diego Gutierrez Zaldivar
<dgz <at> trustedtranslations.com> wrote:
>  Thanks in advance for your help. What I'm trying to achieve is to vampire a
> W2K3 AD into a Samba4 and then shutdown the W2K3 AD so Samba4 takes its
> place. So far I was able to provision a Samba4 properly and then add /
> remove computers and users to a provisioned Samba4 but when I try to
> replicate those activities on a vampired Samba4 I miserably fail. I get to
> transfer the users and to join the Samba4 as Domain Controller but when I
> try to add a Windows machine to the Samba4 I get an error saying the server
> is not fully funcional. In both scenarios provisioned and vampired I get the
> file shares working without problems. Am I missing something?

Well, I'm not sure, but it sounds like you might be vampiring after
provisioning.  If you want to vampire the Win2k3 machine, you should
not run provision first.  I suggest you remove /usr/local/samba
completely (or wherever you installed it), then reinstall and DO NOT
provision.  Just vampire.

Also, if you vampire once and it fails, do not just vampire again.
Rather remove the files created by the vampire process and start
again.  I'm not sure exactly what's created when you
provision/vampire, so you'll have to experiment or see if someone else
enlightens us, but should be easy to see.

--

-- 
Michael Wood <esiotrot <at> gmail.com>

Diego Gutierrez Zaldivar | 1 Sep 23:54 2010

Re: Trouble vampiring W2K3 into Ubuntu Lucid 10.04 with Samba4

  Dear Michel,

Thank you for taking the time to help me. In this case I already deleted 
/usr/local/samba completely and build and vampired from a completely 
clean git pull. Maybe to narrow down the problem you can confirm a 
couple of things for me before I get any further into detail. So far 
what I did is:

- Install required packages on Ubuntu Lucid 10.04 (BIND 9.7.0-P1 included)
- Get Samba4 source through git
- configure.developer, make, make tests, sudo make install (samba 
version 4.0.0alpha12-GIT-5b875a8)
- sudo /usr/local/samba/bin/net vampire company.company -Ugod 
--realm=company.company (my administrator is called god)

I only made the steps described above. Is there a missing step? Also on 
the vampiring process I've got this warnings:

../dsdb/common/util.c:3001: WARNING: domainFunctionality not setup

Is this okay?

TIA for your help!
Diego

Michael Wood wrote:
> On 1 September 2010 15:50, Diego Gutierrez Zaldivar
> <dgz <at> trustedtranslations.com>  wrote:
>>   Thanks in advance for your help. What I'm trying to achieve is to vampire a
>> W2K3 AD into a Samba4 and then shutdown the W2K3 AD so Samba4 takes its
(Continue reading)

Andrew Bartlett | 2 Sep 00:53 2010
Picon

Re: s3-passdb: Try to unlock the account if it is locked out

On Wed, 2010-09-01 at 10:01 +0200, Andreas Schneider wrote:
> On Tuesday 31 August 2010 23:03:38 Andrew Bartlett wrote:
> > On Tue, 2010-08-31 at 11:16 -0400, Jim McDonough wrote:
> > > On Mon, Aug 30, 2010 at 10:44 AM, Simo Sorce <idra <at> samba.org> wrote:
> > > > The branch, master has been updated
> > > > 
> > > >       via  20e7b4e s3-auth: The unlock of the account is now done by
> > > >       the get_sampwnam call. via  c5cfad1 s3-passdb: Try to unlock the
> > > >       account if it is locked out. via  2ab0b63 s3-passdb: Added a
> > > >       pdb_try_account_unlock function. via  9dd7e7f s3-auth: Use
> > > >       SamInfo3_for_guest to create guest server_info.
> > > >      
> > > >      from  5f419ea packaging: Build with -O3
> > > 
> > > The account locking code is hereby yours!!!
> > > 
> > > /me runs and hides from bmarsh
> > 
> > I'm a little worried by these changes, because we only just finished
> > removing the magic from passdb that did unexpected things behind
> > ordinary-looking interfaces.  (That is, the calls out to sid_to_gid() in
> > the set_primary_group_id() wrapper.)
> > 
> > Is it really the best idea for a read operation 'get_smbpwnam()' to make
> > write calls to the database?
> 
> I've researched this on a Windows 2008 Server. You can login to the system 
> again after the lockout duration which means netr_LogonSamLogon is unlocking 
> the account. But a samr_QueryUserInfo doing the same, as Administrator or as 
> diffent user. I've first implemented it in the samr_OpenUser call, but then it 
(Continue reading)


Gmane