Discussions on Samba internals

Andrew Bartlett | 1 Jan 2012 04:36

Picon

Re: [PROPOSAL] Require builtin or system krb5 libs

On Sat, 2011-12-31 at 09:30 -0500, simo wrote:
> On Sat, 2011-12-31 at 20:58 +1100, Andrew Bartlett wrote: 
> > Back in October, I wrote the the list suggesting that we should adopt an
> > explicit policy that we require at least some level of Kerberos support
> > to build Samba:
> > 
> > On Mon, 2011-10-24 at 21:03 +1100, Andrew Bartlett wrote:
> > 
> > > I would actually like us to consider if there are systems that we care
> > > about without krb5-devel, and which cannot use the waf build.  If we
> > > could always expect at least some kind of Kerberos library (internal or
> > > system heimdal from the waf build, or any system from autoconf), we
> > > could make our code much simpler in parts.
> > 
> > I would like to make that a firm proposal.  For me at least, Samba both
> > 3.5.11 and current master do not compile without krb5-devel.  As such,
> > it seems no testing is done on systems without a kerberos library, and
> > our users have not been inconvenienced by this requirement. 
> > 
> > Therefore, as we have a way to build Samba without a system kerberos
> > (the waf build), I would like us to require that users either build with
> > waf, or build with a system krb5-devel.
> > 
> > Doing so would remove a lot of dead, untested #ifndef HAVE_KRB5 stub
> > functions, and make our code easier to follow and simpler to develop. 
> > 
> > What do others think?
> 
> I am ok in always requireing kerberos libraries, but given we are making
> a requirement I would go further and specify a minimum MIT Kerberos or

(Continue reading)

Jeremy Allison | 1 Jan 2012 05:25

Picon

Re: [PROPOSAL] Require builtin or system krb5 libs

On Sun, Jan 01, 2012 at 02:36:49PM +1100, Andrew Bartlett wrote:
> On Sat, 2011-12-31 at 09:30 -0500, simo wrote:
> > On Sat, 2011-12-31 at 20:58 +1100, Andrew Bartlett wrote: 
> > > Back in October, I wrote the the list suggesting that we should adopt an
> > > explicit policy that we require at least some level of Kerberos support
> > > to build Samba:
> > > 
> > > On Mon, 2011-10-24 at 21:03 +1100, Andrew Bartlett wrote:
> > > 
> > > > I would actually like us to consider if there are systems that we care
> > > > about without krb5-devel, and which cannot use the waf build.  If we
> > > > could always expect at least some kind of Kerberos library (internal or
> > > > system heimdal from the waf build, or any system from autoconf), we
> > > > could make our code much simpler in parts.
> > > 
> > > I would like to make that a firm proposal.  For me at least, Samba both
> > > 3.5.11 and current master do not compile without krb5-devel.  As such,
> > > it seems no testing is done on systems without a kerberos library, and
> > > our users have not been inconvenienced by this requirement. 
> > > 
> > > Therefore, as we have a way to build Samba without a system kerberos
> > > (the waf build), I would like us to require that users either build with
> > > waf, or build with a system krb5-devel.
> > > 
> > > Doing so would remove a lot of dead, untested #ifndef HAVE_KRB5 stub
> > > functions, and make our code easier to follow and simpler to develop. 
> > > 
> > > What do others think?
> > 
> > I am ok in always requireing kerberos libraries, but given we are making

(Continue reading)

Volker Lendecke | 1 Jan 2012 11:53

Picon

Re: [PROPOSAL] Require builtin or system krb5 libs

On Sat, Dec 31, 2011 at 08:58:34PM +1100, Andrew Bartlett wrote:
> I would like to make that a firm proposal.  For me at least, Samba both
> 3.5.11 and current master do not compile without krb5-devel.  As such,
> it seems no testing is done on systems without a kerberos library, and
> our users have not been inconvenienced by this requirement. 

If our code does not compile without Kerberos libraries, I
would consider this a bug. Can you file a bug at bugzilla
and assign it to me? I'll see if I can fix it.

Volker

--

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt <at> sernet.de

Michael Wood | 1 Jan 2012 14:29

Picon

Re: upgradeprovision --full fails to find CN=NTDS Settings

On 18 December 2011 18:50, Michael Wood <esiotrot <at> gmail.com> wrote:
> Hi
>
> On 18 December 2011 18:12, Matthieu Patou <mat <at> samba.org> wrote:
>> Hi Micheal,
>>
>> Please file me a bug and try to ping me within a week on this subject I have
>> to take a deep look on this subject ...

ping :)

and Happy New Year.

> Thanks, its https://bugzilla.samba.org/show_bug.cgi?id=8669
>
> Bugzilla would not let me assign it to you or Cc you (using either of
> your addresses).

--

-- 
Michael Wood <esiotrot <at> gmail.com>

Matthieu Patou | 1 Jan 2012 19:21

Picon

Re: Migrating S4 DC

On 30/12/2011 23:04, titantoppler <at> gmail.com wrote:
> Hi all,
>
> Thanks for the insights so far.
>
> As far as I understand things:
> 1) I can use the built-in replication - but what about GPOs? Will they
> propogate to the backup DC as well?
No replication for the moment, setup your own replication scheme ....
> 2) Files (profiles and shared files) will have to be done manually, as will
> the permissions. A hassle, but nothing unmanageable
> 3) S3 isn't ideal for an AD set up since the configuration of the file
> permissions will have to be done from smb.conf - I'd prefer to do it all
> from the Windows management tools (I know, I know...)
No no, I encourage you to use the acl_xattr module so that you have a 
good NTACLs mapping and then you can use the Window explorer to set the 
ACLs.
> Andrew: If I understand you correctly, if I want to retain the correct file
> permissions without having to reapply them (because of the migration from
> posix:eadb to built-in file attributes) I should do the following:
> a) Set up the appropriate shares in the new file server
> b) Copy the files from share to share using Windows - this will preserve
> the file permissions (esp. for user profiles), thus saving me from having
> to reconfigure the permissions again.
> c) Re-map the users' home and profile shares on the AD side of things.
>
> Is there anything else that I should be considering but am not?
>
> Cheers, and happy holidays!
Matthieu.

(Continue reading)

simo | 1 Jan 2012 23:32

Picon

Re: [PROPOSAL] Require builtin or system krb5 libs

On Sat, 2011-12-31 at 20:25 -0800, Jeremy Allison wrote: 
> On Sun, Jan 01, 2012 at 02:36:49PM +1100, Andrew Bartlett wrote:
> > On Sat, 2011-12-31 at 09:30 -0500, simo wrote:
> > > On Sat, 2011-12-31 at 20:58 +1100, Andrew Bartlett wrote: 
> > > > Back in October, I wrote the the list suggesting that we should adopt an
> > > > explicit policy that we require at least some level of Kerberos support
> > > > to build Samba:
> > > > 
> > > > On Mon, 2011-10-24 at 21:03 +1100, Andrew Bartlett wrote:
> > > > 
> > > > > I would actually like us to consider if there are systems that we care
> > > > > about without krb5-devel, and which cannot use the waf build.  If we
> > > > > could always expect at least some kind of Kerberos library (internal or
> > > > > system heimdal from the waf build, or any system from autoconf), we
> > > > > could make our code much simpler in parts.
> > > > 
> > > > I would like to make that a firm proposal.  For me at least, Samba both
> > > > 3.5.11 and current master do not compile without krb5-devel.  As such,
> > > > it seems no testing is done on systems without a kerberos library, and
> > > > our users have not been inconvenienced by this requirement. 
> > > > 
> > > > Therefore, as we have a way to build Samba without a system kerberos
> > > > (the waf build), I would like us to require that users either build with
> > > > waf, or build with a system krb5-devel.
> > > > 
> > > > Doing so would remove a lot of dead, untested #ifndef HAVE_KRB5 stub
> > > > functions, and make our code easier to follow and simpler to develop. 
> > > > 
> > > > What do others think?
> > >

(Continue reading)

Richard Sharpe | 2 Jan 2012 08:03

Picon

A Samba VFS Module for Amazon's S3

Hi folks,

For anyone interested in looking at the code, such as it is at the
moment, you can find it at:

     git://github.com/RichardSharpe/Amazon-S3-VFS.git

--

-- 
Regards,
Richard Sharpe

Andrew Bartlett | 2 Jan 2012 12:56

Picon

[PATCH] Implement GSE as a gensec module for GSSAPI in s3

On Tue, 2011-12-27 at 12:07 +1100, Andrew Bartlett wrote:
> On Thu, 2011-12-22 at 13:44 +0100, Stefan (metze) Metzmacher wrote:
> > Hi Andrew,
> > 
> > > This patch series generalises the auth_ntlmssp code into a more generic
> > > infrastructure, with the aim to have GSSAPI handled via GENSEC in the
> > > smb sealing, rpc server and eventually session setup code.  
> > > 
> > > The patches so far are just the start, but take a very measured, one
> > > small change at a time approach without intentional behaviour change,
> > > and are at: 
> > > http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3-rpc-gensec
> > 
> > Thanks! I plan to sign-off and push this too.
> 
> Thanks for pushing that.  I've updated the branch with a new set of
> changes.  These follow in the same pattern, making the code more
> generic, but not intentionally changing behaviour.  This set of changes
> introduces a new way to specify the gensec modules list.  
> 
> My hope is that once we make the use of NTLMSSP totally generic (ie,
> just specified with a parameter rather than via dedicated functions), it
> will be much easier to call other modules and even the SPNEGO we
> discussed via the same, tested call stack. 

I've been busy over the break, and again updated the branch.
http://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3-rpc-gensec

The big thing I've been working towards is that with these patches, we
now call into the GSE GSSAPI abstraction layer via GENSEC, rather than

(Continue reading)

Daniele Dario | 2 Jan 2012 16:57

Picon

Re: Domain join as BDC

On Fri, 2011-12-30 at 14:35 +0100, Daniele Dario wrote:
> Hi samba team,
> which is the right way to join a new samba4 DC to a domain with a samba4
> PDC having also DNS zones replicated?
> 
> PDC is running samba4 Version 4.0.0alpha18-GIT-32317b0 provisioned with
> --dns-backend=BIND9_DLZ and with bind 9.9.0b1.
> 
> The secondary DC is running samba4 Version 4.0.0alpha18-GIT-c2d6509 and
> bind 9.9.0b1.
> 
> I tried to join it with
> samba-tool domain join SAITELITALIA DC -U administrator
> --realm=saitelitalia.local
> and join has worked but DNS zones where not replicated between the two
> DCs.
> 
> With samba-tool I added replication for
> DC=DOMAINDNSZONES,DC=SAITELITALIA,DC=LOCAL
> DC=FORESTDNSZONES,DC=SAITELITALIA,DC=LOCAL
> but it does not work for the copy in private/dns/sam.ldb and
> private/dns/sam.ldb.d/ .
> 
> Cheers,
> Daniele.
> 
> P.S.
> Happy new year to all of you.
> 
ping

(Continue reading)

Catalin Patulea | 3 Jan 2012 00:47

Picon

Picon

[PATCH] tevent: First stab at a glib backend

Hi,

Here is a glib backend for tevent. This backend lets single-threaded
GTK apps embed parts of Samba which use tevent for I/O. These apps
will also be able to make async calls into, say, smbclient-raw. In
particular, this is the first step towards a Samba 4 backend for GVFS.

fds and timers are mapped to the corresponding glib GSources, and the
main loop is implemented using GMainContext. The dependency of tevent
on glib is optional and auto-detected at configure time. The tevent
ABI change was necessary to expose tevent_common_timed_destructor, and
should not break anything.

I have tested this using the test suite (waf test
--tests=samba4.local.event), and the backend passes with comparable
numbers of pipe events/sec as other backends (172492.00 ev/s for glib
vs 178985.50 ev/s for poll).

I have also tried forcing smbclient to use this backend
(source4/lib/events/tevent_s4.c) and I was able to open a session to a
share as guest (XP SP3 64-bit server), list the current directory, and
download a file.

Catalin

Attachment (0001-tevent-First-stab-at-a-glib-backend.patch): text/x-patch, 24 KiB

Group

gmane.network.samba.internals.

Search Archive

Page

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 41

Articles in period: 407

January 2012

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

[PATCH] winbind: Print error code on connection error in ping_dc (25 May 2013)
Fw: [PROPOSAL] To retire autoconf for 4.1 (25 May 2013)
samba4 debian pkg build 4.0.7-dev - looking for updated debian pkg rul (25 May 2013)
[PATCH 0/2] dns: Add support for more DNS RR types (25 May 2013)
[PATCH 0/2] Support DNS UDP packets larger than 512 bytes (25 May 2013)
[PATCH v6] vfs_glusterfs: Samba VFS module for glusterfs (25 May 2013)
[PATCH] Optimisation for readdir using fstatat. (24 May 2013)
[PATCH] winbind: Print error code on connection error in ping_dc (24 May 2013)
[PATCH] pmda: handle new ctdb_statistics format (24 May 2013)
[PATCH 3/3 v5] vfs_glusterfs: Samba VFS module for glusterfs (24 May 2013)
Max number of ACEs in an SD ... (24 May 2013)
[PATCH 3/3 v4] vfs_glusterfs: Samba VFS module for glusterfs (24 May 2013)
[PATCH 2/3 v4] vfs_posixacl: expose acl_t <--> smb_acl_t converter fun (24 May 2013)
[PATCH 1/3 v4] samba.spec.tmpl: fix typo (24 May 2013)
tdb questions (23 May 2013)
SE_RESTORE_PRIVILEGE, BACKUP_INTENT and W2K08R2 (23 May 2013)
Patch vs upgrade (23 May 2013)
dtrace4linux ... (23 May 2013)
Anybody using "perfcount" modules? (23 May 2013)
Patch vs upgrade (23 May 2013)
Fw: [PROPOSAL] To retire autoconf for 4.1 (23 May 2013)

Archives

719	May 2013
617	April 2013
501	March 2013
491	February 2013
565	January 2013
427	December 2012
752	November 2012
1197	October 2012
686	September 2012
613	August 2012
612	July 2012
978	June 2012
857	May 2012
755	April 2012
486	March 2012
424	February 2012
407	January 2012
319	December 2011
449	November 2011
501	October 2011
398	September 2011
323	August 2011
424	July 2011
500	June 2011
395	May 2011
403	April 2011
444	March 2011
422	February 2011
584	January 2011
462	December 2010
639	November 2010
560	October 2010
565	September 2010
457	August 2010
464	July 2010
464	June 2010
432	May 2010
563	April 2010
474	March 2010
550	February 2010
421	January 2010
376	December 2009
439	November 2009
405	October 2009
562	September 2009
495	August 2009
525	July 2009
385	June 2009
653	May 2009
445	April 2009
510	March 2009
402	February 2009
449	January 2009
385	December 2008
337	November 2008
349	October 2008
426	September 2008
534	August 2008
568	July 2008
517	June 2008
474	May 2008
427	April 2008
340	March 2008
398	February 2008
625	January 2008
349	December 2007
393	November 2007
650	October 2007
481	September 2007
518	August 2007
412	July 2007
596	June 2007
548	May 2007
492	April 2007
544	March 2007
716	February 2007
445	January 2007
388	December 2006
383	November 2006
577	October 2006
472	September 2006
587	August 2006
640	July 2006
474	June 2006
655	May 2006
309	April 2006
532	March 2006
596	February 2006
605	January 2006
390	December 2005
439	November 2005
570	October 2005
510	September 2005
488	August 2005
411	July 2005
582	June 2005
498	May 2005
383	April 2005
475	March 2005
348	February 2005
605	January 2005
489	December 2004
383	November 2004
380	October 2004
420	September 2004
450	August 2004
318	July 2004
345	June 2004
324	May 2004
420	April 2004
535	March 2004
412	February 2004
552	January 2004
434	December 2003
522	November 2003
563	October 2003
490	September 2003
480	August 2003
663	July 2003
554	June 2003
549	May 2003
830	April 2003
855	March 2003
705	February 2003
548	January 2003
423	December 2002
518	November 2002
844	October 2002
596	September 2002
649	August 2002
619	July 2002
689	June 2002
49	May 2002
1	April 2002
2	January 2002
1	July 2001
1	March 2000

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template