Nabble - Samba

Re: Sponsor school award

2009-12-08T21:55:02Z

> I've supplied XCF files for GIMP users so that you can contribute (open
> source design) but if you don't have GIMP handy please feel free to comment
> on the attached PNG files and I will incorporate your ideas.

Attachments and the CLUG mailing list don't mix, can you put them up
somewhere and provide a link instead?

The description of your design sounds good :-)

-I

--
http://darkstarshout.blogspot.com/
--
On the day *I* go to work for Microsoft, faint oinking sounds will be
heard from far overhead, the moon will not merely turn blue but
develop polkadots, and hell will freeze over so solid the brimstone
will go superconductive.
-- Eric S. Raymond, 2005
--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

From forum: Samba - linux

Re: linux Digest, Vol 84, Issue 13

2009-12-08T21:51:22Z

Is it possible to put the subject in replies rather than just digest?

On 09.12.2009, at 08:52, Rod Peters <rpeters@...> wrote:

> On Wednesday 09 December 2009 06:00:02 linux-request@...
> wrote:
>> Re: [clug] Recommended cabling person?
>> From: Chris Smart <mail@...>
>> To: rodneyp@...
>> CC: linux@...
>>
>> 2009/12/8 Rod Peters <rpeters@...>:
>>> That may not be the best topology, if they are getting a fixed line
>>> installed. TransACT hard-wire a splitter at the barge board and
>>> run a
>>> dedicated ADSL line from there to customer's chosen location.
>>> There may
>>> be some advantage in minimising the length of voice grade cable,
>>> particularly for ADSL2+.
>>
>> Hey Rod,
>>
>> Thanks for the suggestions. They are on a pre-existing Telstra line
>> and going to Naked ADSL2+ which means that the router needs to be
>> next
>> to the phone line, which needs to be next to the phone (running off
>> VoIP).
>>
> Cablers generally quote X dollars per run for residental jobs, so
> they might
> as well run from a splitter in the roof/bargeboard. Only downside
> is the
> cost of the hard-wirable splitter (which is not huge), but ADSL2+
> needs a
> good quality splitter anyway, according to tests conducted a few
> years ago by
> one of the PC mags.
>
> This topology does not burn any bridges. Someone can later just
> plug in a
> splitter on the phone line, if they choose to relocate the modem/
> router.
>
>> They don't want the main phone next to the TV in the lounge room and
>> there's no other phone port in the house.
>>
>> I also need to get their primary PC connected to the switch on the
>> router, so I just figured the easiest thing would be to run a
>> external
>> phone cable under the floor to the computer room and do it all from
>> there.
>>
> Disadvantage of this is that it involves more voice-grade cable and
> connection
> blocks, all of which downgrade ADSL2+ signal and could be the
> "tipping point"
> which puts the connection into the next lower download speed.
>
>> If there's a better way I'm all ears!
>>
>> -c
>
> A few years ago I had discussions with a licenced cabler, one Alan
> Desomond,
> re cabling a small office setup. I was happy with his knowledge,
> general
> approach to the job and price, but circumstances intervened and the
> job did
> not proceed.
>
> Can't lay my hands on his card, but ph 6241 1608 will probably
> locate him.
>
> AFAIK, the licencing is federal and an ACT-based cabler should be
> able to do
> work for Lana.
>
>
> Rod
>
> --
> linux mailing list
> linux@...
> https://lists.samba.org/mailman/listinfo/linux

--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

From forum: Samba - linux

Re: surprise behavior #1: ENOENT for existing directories

2009-12-08T21:01:23Z

On 12/09/2009 01:07 AM, aaron brick wrote:
> suresh and jeff,
> i am happy to report no such problems since remounting with
> noserverino. this must be some kind of miracle option.
>
> does it cost much in performance terms to locally assign inode numbers
> like this? i don't know why my NAS is getting them wrong (?), but
> given the results, this is something i really needed.
>

I don't think there will be an noticable performance impact (though
there might be some impact when generating unique inode number for a
large number of inodes). On the upside a call to the server is avoided.
However, there is no choice but to use 'noserverino' option if the
server doesn't guarantee unique inode numbers.

Thanks,

>
>
> 2009/11/30 aaron brick <bricktron@...>:
>> thank you guys very much for responding to my issues. i have now
>> remounted the share with noserverino. hopefully the problems will go
>> away and in a few days i can come back and tell you so.
>>
>> cheers!
>> aaron.
>>
>> -- aaron brick
>> -- aaron@...
>> -- http://www.lithic.org
>>
>>
>>
>>
>>
>> 2009/11/30 Jeff Layton <jlayton@...>:
>>> On Mon, 30 Nov 2009 22:14:22 +0530
>>> Suresh Jayaraman <sjayaraman@...> wrote:
>>>
>>>> On 11/30/2009 06:53 PM, Jeff Layton wrote:
>>>>> On Mon, 30 Nov 2009 16:45:59 +0530
>>>>> Suresh Jayaraman <sjayaraman@...> wrote:
>>>>>
>>>>>> On 11/30/2009 07:46 AM, aaron brick wrote:
>>>>>>> i am having two intermittent problems with CIFS and am sending
>>>>>>> separate emails to the list for each. this paragraph is identical. my
>>>>>>> desktop runs debian and kernel 2.6.32rc7; i am mounting a filesystem
>>>>>>> from my synology NAS, running DSM 2.2-0942 and using ext3 & RAID5
>>>>>>> internally. the link is gigabit through cat5e and a netgear switch.
>>>>>>> the only CIFS dmesg entry i see is a couple of: "CIFS VFS: server
>>>>>>> 10.1.1.2 of type Samba 3.2.8 returned unexpected error on SMB posix
>>>>>>> open, disabling posix open support. Check if server update available."
>>>>>>> (FWIW, synology hasn't released a firmware with a more recent samba.)
>>>>>>>
>>>>>>>
>>>>>>> here, creating files within a directory sometimes fails with ENOENT as
>>>>>>> if the parent did not exist. this generally prevents me from using the
>>>>>>> shared filesystem for compilation. an example follows:
>>>>>>>
>>>>>>>
>>>>>>> 11:08 / > mount | grep nas
>>>>>>> //nas/data on /data type cifs (rw,mand)
>>>>>>> 11:08 / > cd data
>>>>>>> 11:08 /data > mkdir a
>>>>>>> 11:08 /data > mkdir a/b
>>>>>>> mkdir: cannot create directory `a/b': No such file or directory
>>>>>>> 11:08 /data > strace mkdir a/b |& grep mkdir
>>>>>>> execve("/bin/mkdir", ["mkdir", "a/b"], [/* 22 vars */]) = 0
>>>>>>> mkdir("a/b", 0777) = -1 ENOENT (No such file or directory)
>>>>>>> write(2, "mkdir: ", 7mkdir: ) = 7
>>>>>>>
>>>>>>
>>>>>> I have not been able to reproduce this 2.6.31-rc1 against Samba 3.2.7. But a
>>>>>> quick look at the code suggests there could be a problem if we do this
>>>>>> sequence:
>>>>>>
>>>>>> POSIX open against Samba server < 3.3.1 (tcon->broken_posix_open will be set)
>>>>>> followed by a mkdir (will call CIFSPOSIXCreate). As we don't seem to check
>>>>>> whether the broken_posix_open is set, this might have led to this issue I think.
>>>>>>
>>>>>> Does the following patch (a quick, untested) fix the issue?
>>>>>>
>>>>>>
>>>>>>
>>>>>> fs/cifs/inode.c | 3 ++-
>>>>>> 1 files changed, 2 insertions(+), 1 deletions(-)
>>>>>>
>>>>>> diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
>>>>>> index cababd8..f1e9ab6 100644
>>>>>> --- a/fs/cifs/inode.c
>>>>>> +++ b/fs/cifs/inode.c
>>>>>> @@ -1038,7 +1038,8 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, int mode)
>>>>>> return rc;
>>>>>> }
>>>>>>
>>>>>> - if ((pTcon->ses->capabilities & CAP_UNIX) &&
>>>>>> + if (!tcon->broken_posix_open && tcon->unix_ext &&
>>>>> ^^^^ should be "pTcon"
>>>>>
>>>>
>>>> Oops, sorry about the not even compile tested patch. Here is the
>>>> compile tested patch. Could you please test this one?
>>>>
>>>>
>>>> fs/cifs/inode.c | 3 ++-
>>>> 1 files changed, 2 insertions(+), 1 deletions(-)
>>>>
>>>> diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
>>>> index cababd8..31be938 100644
>>>> --- a/fs/cifs/inode.c
>>>> +++ b/fs/cifs/inode.c
>>>> @@ -1038,7 +1038,8 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, int mode)
>>>> return rc;
>>>> }
>>>>
>>>> - if ((pTcon->ses->capabilities & CAP_UNIX) &&
>>>> + if (!pTcon->broken_posix_open && pTcon->unix_ext &&
>>>> + (pTcon->ses->capabilities & CAP_UNIX) &&
>>>> (CIFS_UNIX_POSIX_PATH_OPS_CAP &
>>>> le64_to_cpu(pTcon->fsUnixInfo.Capability))) {
>>>> u32 oplock = 0;
>>>
>>> Now that I think about it though...
>>>
>>> The whole broken_posix_open thing was not a problem for actual creates,
>>> just when opening existing files. I'm pretty sure we still want to use
>>> posix creates for mkdir even if broken_posix_open is set.
>>>
>>> I'm more interested to know whether both of these problems go away if
>>> he mounts with "noserverino".
>>>
>>> --
>>> Jeff Layton <jlayton@...>
>>> _______________________________________________
>>> linux-cifs-client mailing list
>>> linux-cifs-client@...
>>> https://lists.samba.org/mailman/listinfo/linux-cifs-client
>>>
>>

--
Suresh Jayaraman
_______________________________________________
linux-cifs-client mailing list
linux-cifs-client@...
https://lists.samba.org/mailman/listinfo/linux-cifs-client

From forum: Samba - linux-cifs-client

Re: Sponsor school award

2009-12-08T18:15:20Z

Hi everyone

I thought about it played around with cute design elements like funky
rectangles and colour gradients but basically the easiest way to get a high
quality result regardless of the printer is to skip gradients and stay with
bold blocks of single colours. (Even the best professional print shops have
trouble getting a smooth gradient.) The obvious design elements to include
are Tux and the school logo - in addition I chose a border although you may
have other ideas.

I've stuck with the school colours because I love them and they match very
well with Tux. I've deliberately avoided black and yellow so that he will
be eye-catching.

I'm a little shy to throw out something that still obviously needs a little
work (layout, choice of wording etc) but what does everyone think of the
concept? What words are appropriate? Also what's the name of the student
who's winning? Are we allowed to say here or Chris do you want to email me
quietly?

I've supplied XCF files for GIMP users so that you can contribute (open
source design) but if you don't have GIMP handy please feel free to comment
on the attached PNG files and I will incorporate your ideas.

Best wishes
Jessica

--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

From forum: Samba - linux

Re: Unable to add posixAccount objectclass to AD user

2009-12-08T18:11:07Z

Oops! the previous message was supposed to go directly to Andrew
Bartlett. I would not recommend applying these patches, as it breaks
provisioning. He asked me to send him the patches so he can help me
figure out why.

These patches are intended to fix the improper handling of auxiliary
classes in objectclass.c. The two major changes include reimplementing
objectclass_sort to just sort the classes by there subClass_order. As
well as using get_last_structural_class to find the class to do the
checks on, instead of the last class in the list. Other changes
include moving get_last_structural_class from descriptor.c to util.c,
and modifying it to ignore auxiliary classes. The check in
password_hash.c was because I tried to create a user that had a
posixAccount, but no user class. This caused a segfault because
io->u.sAMAccountName would be null.

Sorry for the confusion!

On Tue, Dec 8, 2009 at 4:54 PM, Matthias Dieter Wallnöfer <mdw@...> wrote:

> Hi Brendan,
>
> the first thing I suggest is to set the author name and email address on
> your local GIT installation (should be doable through ".gitconfig" in your
> home directory). Otherwise "git-am" formatted patches are nearly useless for
> us.
>
> Then I notice different patches in your attachments which don't fully
> coincide with the email subject ("objectclass" stuff). Therefore it would be
> really helpful for us that you mention your thoughts and reasons about each
> patch in a email (e.g. the "password_hash" module change - why is the check
> for "sAMAccountName" really needed?).
>
> When you are done with this we can start serious discussions about what to
> apply.
>
> Greets,
> Matthias
>
> brendan powers wrote:
>>
>> Here are the patches we discussed.
>>
>
>

From forum: Samba - samba-technical

Re: Recommended cabling person?

2009-12-08T17:50:08Z

On Wednesday 09 December 2009 11:03:26 linux-request@... wrote:

> Re: [clug] Recommended cabling person?
> From: Chris Smart <mail@...>
> To: "Alastair D'Silva" <alastair@...>
> CC: linux@...
>
> 2009/12/9 Alastair D'Silva <alastair@...>:
> > You could always use a matched pair of DECT handsets, with the base
> > connected to the ADSL modem (wherever it has to be connected), and the
> > second handset where they want a phone to be.
>

I have my DECT base in the study, but it tends to pick up a lot of hum,
perhaps from the computer gear ?

> That's the plan, from the computer room to two other locations in the
> house. Problem is that I'd still need to run a CAT5 cable for the
> computer.. so I figure may as well just do the phone and have it much
> more convenient.
>
> -c

As I understand it, cablers now do wiring for voice outlets in Cat5e anyway
and terminate same in 8 way RJ45 sockets (Cat5 is a superceded grade and not
worth chasing). The stuff costs them ~ 50 cents a metre so it is not worth
stocking multiple classes of cable. Indeed, my splitter to ADSL run is done
in 4 pair Cat5e. The cabler had single pair in his van but thought it more
flexible to use 4 pair rather than save a few dollars and I had already been
quoted a fixed price, so it made no difference to me.

If you are in doubt, consider having more than one run installed. Indeed, for
anyone planning on staying at the site for a while it's worth considering a
few runs of Cat5e fanned out from near the ADSL point to each bedroom, study
and perhaps some living areas. The price per run might come down a little.
May not work out any cheaper than wireless, but relatively more reliable.

If the installation is done by an ACMA licenced installer then the owner
should be free to use any particular run of cable for POTS or LAN as they
choose.

Rod

--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

From forum: Samba - linux

Conflicting OIDs

2009-12-08T17:44:09Z

MS-ADA3 2.305 Attribute thumbnailLogo has:

cn: Logo
ldapDisplayName: thumbnailLogo
attributeId: 2.16.840.1.113730.3.1.36

However, this OID is allocated, according to
http://www.alvestrand.no/objectid/2.16.840.1.113730.3.1.36.html to
Netscape (now Red Hat), and is used for nsLicensedFor.

It appears the official OID for thumbnailLogo is
1.3.6.1.4.1.1466.101.120.36 according to

http://tools.ietf.org/html/draft-ietf-asid-schema-pilot-00

So far, we have found the following OIDs that are allocated to different
names between Microsoft's AD implementation and the official
allocations:

#MiddleName has a conflicting OID
2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.255.1
#defaultGroup has a conflicting OID
1.2.840.113556.1.4.480:1.3.6.1.4.1.7165.4.255.2
#thumbnailPhoto has a conflicting OID
2.16.840.1.113730.3.1.35:1.3.6.1.4.1.7165.4.255.10
#thumbnailLogo has a conflicting OID
2.16.840.1.113730.3.1.36:1.3.6.1.4.1.7165.4.255.11

What I want to know is: What is the full list of OIDs that Microsoft
uses in Active Directory that have conflicting allocations between AD
and either the OID allocation hierarchy or common practice?

This will assist us as we aim for interoperability, as for each
conflict, we must manually remap.

In the long term, we would like to see the AD schema documents annotated
with this conflict (both as as summary table and on each attribute), and
a process put in place to avoid these kinds of problems in future.

Thanks,

Andrew Bartlett

--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.

_______________________________________________
cifs-protocol mailing list
cifs-protocol@...
https://lists.samba.org/mailman/listinfo/cifs-protocol

signature.asc (196 bytes) Download Attachment

From forum: Samba - cifs-protocol

[ANNOUNCE] Samba 4.0.0alpha10

2009-12-08T17:04:30Z

We are proud to a announce another alpha release of Samba 4.
What's new in Samba 4 alpha10
============================

Samba 4 is the ambitious next version of the Samba suite that is being
developed in parallel to the stable 3.0 series. The main emphasis in
this branch is support for the Active Directory logon protocols used
by Windows 2000 and above.

Samba4 alpha10 follows on from the alpha release series we have been
publishing since September 2007

WARNINGS
========

Samba4 alpha10 is not a final Samba release. That is more a reference
to Samba4's lack of the features we expect you will need than a
statement of code quality, but clearly it hasn't seen a broad
deployment yet. If you were to upgrade Samba3 (or indeed Windows) to
Samba4, you would find many things work, but that other key features
you may have relied on simply are not there yet.

For example, while Samba 3.0 is an excellent member of a Active
Directory domain, Samba4 is happier as a domain controller, and it is
in this role where it has seen deployment into production.

Samba4 is subjected to an awesome battery of tests on an
automated basis, we have found Samba4 to be very stable in it's
behaviour. We have to recommend against upgrading production servers
from Samba 3 to Samba 4 at this stage, because there may be the features on
which you may rely that are not present, or the mapping of
your configuration and user database may not be complete.

If you are upgrading, or looking to develop, test or deploy Samba4, you should
backup all configuration and data.

NEW FEATURES
============

Samba4 supports the server-side of the Active Directory logon environment
used by Windows 2000 and later, so we can do full domain join
and domain logon operations with these clients.

Our Domain Controller (DC) implementation includes our own built-in
LDAP server and Kerberos Key Distribution Center (KDC) as well as the
Samba3-like logon services provided over CIFS. We correctly generate
the infamous Kerberos PAC, and include it with the Kerberos tickets we
issue.

The new VFS features in Samba 4 adapts the filesystem on the server to
match the Windows client semantics, allowing Samba 4 to better match
windows behaviour and application expectations. This includes file
annotation information (in streams) and NT ACLs in particular. The
VFS is backed with an extensive automated test suite.

A new scripting interface has been added to Samba 4, allowing
Python programs to interface to Samba's internals.

The Samba 4 architecture is based around an LDAP-like database that
can use a range of modular backends. One of the backends supports
standards compliant LDAP servers (including OpenLDAP), and we are
working on modules to map between AD-like behaviours and this backend.
We are aiming for Samba 4 to be powerful frontend to large
directories.

CHANGES SINCE alpha9
=====================

Alpha9 was released last week, but in the time since the release we
have found and fixed two important segfaults, and improved the
experimental DRS replication.

CHANGES
=======

Those familiar with Samba 3 can find a list of user-visible changes
since that release series in the NEWS file.

KNOWN ISSUES
============

- Domain member support is in it's infancy, and is not comparable to
the support found in Samba3.

- There is no printing support in the current release.

- There is no NetBIOS browsing support in the current release

- The Samba4 port of the CTDB clustering support is not yet complete

- Clock Synchronisation is critical. Many 'wrong password' errors are
actually due to Kerberos objecting to a clock skew between client
and server. (The NTP work in the previous alphas are partly to assist
with this problem).

- The DRS replication code often fails, and is very new

- Users upgrading existing databases to Samba4 should carefully
consult upgrading-samba4.txt. We have made a number of changes in
this release that should make it easier to upgrade in future.
Btw: there exists also a script under the "setup" directory of the
source distribution called "upgrade_from_s3" which should allow a step-up
from Samba3 to Samba4. It's not included yet in the binary distributions
since it's completely experimental!

- ACL are not set by default on shares created by the provision.
Work is underway on this subject and it should be fixed in Alpha10.

RUNNING Samba4
==============

A short guide to setting up Samba 4 can be found in the howto.txt file
in root of the tarball.

DEVELOPMENT and FEEDBACK
========================

Bugs can be filed at https://bugzilla.samba.org/ but please be aware
that many features are simply not expected to work at this stage.

The Samba Wiki at http://wiki.samba.org should detail some of these
development plans.

Development and general discussion about Samba 4 happens mainly on
the #samba-technical IRC channel (on irc.freenode.net) and
the samba-technical mailing list (see http://lists.samba.org/ for
details).

================
Download Details
================

The release tarball is available from the following location:
* http://download.samba.org/samba/ftp/samba4/samba-4.0.0alpha10.tar.gz

This release has been signed using GPG with Andrew's GPG key (28B436BB).

* http://download.samba.org/samba/ftp/samba4/samba-4.0.0alpha10.tar.asc

To verify that the signature is correct, make sure that the tarball has
been unzipped and run:

$ gpg --verify samba-4.0.0alpha10.tar.asc

Happy testing!

The Samba team

--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.

signature.asc (196 bytes) Download Attachment

From forum: Samba - samba-announce

[ANNOUNCE] Samba 4.0.0alpha10

2009-12-08T17:04:30Z

signature.asc (196 bytes) Download Attachment

From forum: Samba - samba-technical

Regedit

2009-12-08T16:40:14Z

Hey Everyone,
So here is what is going on I have two computers on the same network
that are both connected to the PDC of a samba domain (on the same network
segment):

____________________________________________
|
| |
|
| |
_________
_________ ______
| comp1 | | comp2 |
| PDC |
---------------
--------------- ----------

Now when i try to connect to the registry of comp1 from comp2 I get an error
saying i don't have permission to connect using the domain administrator
account. This also coincides with a name mismatch error:

[2009/12/08 16:10:43, 0] lib/util_sock.c:matchname(1721)
matchname: host name/name mismatch: FOO != FOO.bar.com

Could this be causing my problem and how should I troubleshoot this problem.
Any ideas would be greatly appreciated.

Thanks,
Nick
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From forum: Samba - General

password-file problem of cwrsync in windows

2009-12-08T16:19:13Z

i get a problem in use cwrsync in windows, when i use the
password-file. i get the error below: the password-file must not
world-wild read. and when i use rsync in the cygwin with the same
command, it just succeed. if i input the password directly, both ok.

--
从我的移动设备发送

contact me:
MSN: walkerxk@...,walkerxk@...
GTALK: walkerxk@...
QQ:25329680
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

From forum: Samba - rsync

Re: [PATCH] Proposed merge of some NTLMSSP crypto

2009-12-08T16:16:55Z

On Tuesday 08 December 2009 23:29:14 Andrew Bartlett wrote:

> Similarly I moved the code and made syntactic changes before concluding
> the merge with the semantic changes. As such, only the tip of the tree
> is expected to compile and operate, not each individual patch.

I've got most of this working already, only a tiny little bit of API rechange
left that I need to clear up manually. With any luck I might be able to do
that tomorrow.

> We may be able to merge some of these commits before a final push, but I
> wanted to make it crystal clear what code was as was not being modified
> by this merge.

I'm not introducing any functional changes (or at least not on purpose), so
the restructured patches can be the base for a merge to master if people
agree this is a good thing.

Cheers,
Kai

--
Kai Blin
WorldForge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/
--
Will code for cotton.

signature.asc (196 bytes) Download Attachment

From forum: Samba - samba-technical

Re: Neat Backup Solutions for desktops...

2009-12-08T16:03:42Z

On Wed, Dec 9, 2009 at 10:33, Alex Satrapa <grail@...> wrote:
> and then discover that in the intervening five years manufacturers have abandoned your
> tape drive's particular interface (eg: SCSI II) for the latest & greatest (FireWire or
> FibreChannel or …).

:)

And since we are swapping war stories:

It was for this reason that I once spent about 2 weeks reverse
engineering a read only linux driver for a SCSI based 512MB MO drive
backup system for an ageing NMR spectrometer that 'sploded itself. Of
course when I arrived there was no other system that could read them
as Bruker has dumped bfs (Bruker file system) and shifted to an SGI
Indy based platform. Years later they finally shifted to linux but I
digress..

The main HDD of this 19" rackmount/backplane type system was a 'huge'
2GB and enormous and loud. At the time the boffins at Bruker (a german
MRI/NMR manufacturer) decided that there was no filesystem around good
enough to handle big MRI/NMR files so they wrote their own.... :)

Ah, fun times. <twitch>

> at which point we discovered that certain dependencies had crept in such as the
> DNS server relying on the LDAP server for authentication, while the LDAP server
> was depending on the DNS server for various reasons - neither machine would boot
> without the other one already running.

Guffaw! sort of like NFS "mounts of doom" that depend on each other
(I have seen it done...).

--
Andrew Janke
(a.janke@... || http://a.janke.googlepages.com/)
Canberra->Australia +61 (402) 700 883
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

From forum: Samba - linux

Re: Samba 3.4.2 Winbind problem IDMAP GID range full

2009-12-08T15:56:18Z

I updated my smb.conf to include the following parameters:
[global]
idmap backend = tdb
idmap alloc backend = tdb
idmap uid = 10000-11000
idmap gid = 10000-11000
winbind enum users = yes
winbind enum groups = yes

This seems to have fixed some of the errors, but I still get the following
errors in log.winbindd-idmap (repeated many times):
[2009/12/08 16:41:48, 0] winbindd/idmap_tdb.c:341(idmap_tdb_alloc_init)
idmap will be unable to map foreign SIDs: NT_STATUS_UNSUCCESSFUL
[2009/12/08 16:41:48, 0] winbindd/idmap.c:589(idmap_alloc_init)
ERROR: Initialization failed for alloc backend, deferred!
[2009/12/08 16:41:48, 0] winbindd/idmap.c:201(smb_register_idmap_alloc)
idmap_alloc module tdb already registered!
[2009/12/08 16:41:48, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module passdb already registered!
[2009/12/08 16:41:48, 0] winbindd/idmap.c:149(smb_register_idmap)
Idmap module nss already registered!
[2009/12/08 16:41:48, 1] winbindd/idmap_tdb.c:214(idmap_tdb_load_ranges)
idmap uid missing

I tried with and without the backend parameters getting the same result. I'm
not sure if those or the 'enum' parameters are necessary. FWIW, there exitst
a file /var/lib/samba/winbindd_idmap.tdb but the timestamp on it is over two
years ago.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From forum: Samba - General

Re: Neat Backup Solutions for desktops...

2009-12-08T15:33:25Z

On 08/12/2009, at 19:36 , Andrew Janke wrote:

> In short I am yet to find a tape based system that doesn't break right
> when you need it.

Note that your existing backup system doesn't have to be "broken" to actually break.

For example, you might be running a perfectly functional backup system with spare hardware available, but then lightning strikes your site. Your servers are toast, the functional hardware is toast, so you get the spare tape hardware, the offsite tapes, and then discover that in the intervening five years manufacturers have abandoned your tape drive's particular interface (eg: SCSI II) for the latest & greatest (FireWire or FibreChannel or …).

I agree with the comment about the cleansing hard disk failure.

True story: a place I was working for several years tested out the building's UPS. Turns out the diesel generator kicked in just fine, but the building's main switch blew itself up, so we were running on emergency power for a day or two while the switch was being replaced (custom hardware, had to be redesigned to cope with the failure mode and machined from scratch). During this time some computers were shut down which had been running non-stop for several hundred days, of course those hard drives seized up good and proper. Later on in the life of that building we had another power outage, and again there was a failure in the UPS, another bunch of machines lost power, at which point we discovered that certain dependencies had crept in such as the DNS server relying on the LDAP server for authentication, while the LDAP server was depending on the DNS server for various reasons - neither machine would boot without the other one already running.

Rebuilding your production environment from scratch every six months or so is really good for encouraging a disciplined approach to deploying and maintaining systems :)

Alex

--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

From forum: Samba - linux

Re: Winbind + SSH + AIX - Connection to aixserver01 closed by remote host

2009-12-08T15:02:29Z

Does AIX use pam?

If so, check to see if there are any differences on entries relating to
sshd, telnet or other.

On 12/08/09 13:12, RobertoBouza@... wrote:

> Hello everyone, I'm posting this one again I hope to get some kind of
> help. Doing further test telnet works fine authenticating users but not
> SSH.
>
> I was able to get an AIX box configured with winbind, and it looks like
> everything is working as expected but ssh to the machine and I hope you
> can help me with this.
>
> On the AIX server I'm able to issue wbinfo -u and -g with the right
> information and also I'm able to do a "su -<AD user>" without any
> problem. But when doing a remote SSH I just get this:
>
> Client:
>
> debug2: channel 0: send open
> debug1: Requesting no-more-sessions@...
> debug1: Entering interactive session.
> debug1: channel 0: free: client-session, nchannels 1
> debug3: channel 0: status: The following connections are open:
> #0 client-session (t3 r-1 i0/0 o0/0 fd 4/5 cfd -1)
>
> debug3: channel 0: close_fds r 4 w 5 e 6 c -1
> Connection to aixserver01 closed by remote host.
> Connection to aixserver01 closed.
> Transferred: sent 1648, received 1544 bytes, in 0.0 seconds
> Bytes per second: sent 105932.7, received 99247.6
> debug1: Exit status -1
>
> On the server aixserver01:
>
> Dec 3 11:23:15 aixserver01 authpriv:debug sshd[467118]: debug1:
> temporarily_use_uid: 150302/100513 (e=0/0)
> Dec 3 11:23:15 aixserver01 authpriv:debug sshd[467118]: debug1: trying
> public key file /home/users/robertobouza/.ssh/authorized_keys
> Dec 3 11:23:15 aixserver01 authpriv:debug sshd[467118]: debug1:
> restore_uid: 0/0
> Dec 3 11:23:15 aixserver01 authpriv:debug sshd[467118]: debug1:
> temporarily_use_uid: 150302/100513 (e=0/0)
> Dec 3 11:23:15 aixserver01 authpriv:debug sshd[467118]: debug1: trying
> public key file /home/users/robertobouza/.ssh/authorized_keys2
> Dec 3 11:23:15 aixserver01 authpriv:debug sshd[467118]: debug1:
> restore_uid: 0/0
> Dec 3 11:23:15 aixserver01 authpriv:info sshd[467118]: Failed publickey
> for robertobouza from 10.10.20.202 port 55612 ssh2
> Dec 3 11:23:17 aixserver01 authpriv:info sshd[467118]: Accepted password
> for robertobouza from 10.10.20.202 port 55612 ssh2
> Dec 3 11:23:17 aixserver01 authpriv:debug sshd[467118]: debug1:
> monitor_child_preauth: robertobouza has been authenticated by privileged
> process
> Dec 3 11:23:17 aixserver01 authpriv:debug sshd[467118]: debug1:
> do_cleanup
>
> So, it looks like everything is working but why do I get a connection
> closed?
>
> Thank you.
>
> Roberto Bouza.
>

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

From forum: Samba - General

Re: SmbFile.exist: subnet, connection to domain controller

2009-12-08T14:33:09Z

On Tue, Dec 8, 2009 at 2:01 PM, Jean-Marc Autexier <jmau2002@...> wrote:

> Hi,
>
> I'm connecting to a server in another network to check a file on a cifs
> share (using jcifs-1.3.12).
>
> I more or less just use SmbFile with
> "smb://DOMAIN;USER:PASSWORD@MYSERVER/share/myFile" and call exists();
>
> This works fine, except that even before connecting to the server MYSERVER
> SmbFile (or some other code in jcifs) tries to establish a connection to the
> server DOMAIN (this is from observing packets with wireshark), probably
> because somewhere it tries to retrieve the domain controller of the network.
> This happens also when MYSERVER is an IP address.
>
> In local networks this is probably no problem, but here I'm not allowed to
> connect to the DC of the other network (DOMAIN), only to the server
> MYSERVER.
> Because it can't resolve the name of the server DOMAIN it takes few seconds
> (~8sec) until it get a timeout, than the smb connection to MYSERVER is
> established and everything is ok. So no error, it just takes way to long to
> check a file.
>
> I don't see any reason why packets are send to the DC when yxou just want to
> connect to a server. Probably it's just an address resolution which is done
> somewhere.
>
> Does someone has an idea why this happens and if it can be changed?

Hi Jean-Marc,

That communication with the DC is for DFS. If you use a fully
qualified DNS hostname I think JCIFS will not try to do the DFS root
referrals. You should always use a fully qualified DNS hostname anyway
to avoid common name service problems. But I'm not sure if that alone
will stop JCIFS from trying to do DFS. If this is the case, you can
set jcifs.smb.client.dfs.disabled = true in which case JCIFS should
not try to perform DFS root referrals.

Mike

--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/

From forum: Samba - jcifs

Re: Recommended cabling person?

2009-12-08T14:32:04Z

On Tuesday 08 December 2009 22:02:41 Alan Vidler wrote:

> Hopefully someone can recommend someone:
>
> When I moved from two independent phone lines to one line plus
> ADSL1 back in early days of ADSL the bloke simply put a splitter
> in the roof and re-used the #2 phone line as ADSL (it went to my
> then computer room so was where wanted). Since then things have
> moved on and I now have ADSL2+ in theory, but still use my ADSL1
> modem as it delivers at least as much as a borrowed ADSL2 modem
> (about 5MB/s from ISP (iiNet) server)
>

Are you able to locate your exchange cartoographically ? Internode have a
chart of max achievable speed v distance to exchange. If you are at 5Mb/s
distance, then not much point in investigating further.

I have not moved to ADSL2. TransACT still have differential pricing between
ADSL1 & 2 and appear to be one of the few carriers who limit ADSL2 speeds,
depending on monthly fee paid.

I also regard marketed ADSL2+ speeds as largely vapourware. An objective test
might be:

find a "quiet time" for you ISP *and* the server from which you are
downloading (for our timezone that might mean Aust server during wee hours)

download a large file (CD of Linux distro would be good example) and review
average download speed.

might have to repeat for at least one other server, to check whether server or
Tolstra's ADSL infrastructure are the bottleneck.

If you are still getting only ~ 5 Mb/s, then your distance to
exchange/in-house setup would appear to not be the limitation.

Nevertheless, faster speeds are definitely possible. I work at one site where
Indernode is used as the ISP and sustained 8 Mb/s on max 8Mb/s link is
routinely achieved during business hours, but not after hours. They are
actually using ADSL1 modem on ADSL2 link - very similar to your setup.

> I'd *love* to have someone who knows about such things look at
> the in-house setup and see whether it is contributing to limit or
> it is just distance from exchange....

Most ADSL routers have a line speed tester. Even in the days when my service
was limited to 400 kb/s, by the telco, the tester informed me that the line
was capable of 8 Mb/s. This is a very easy first check to run.

As one of their FAQ items, Internode recommend that the total length of "flat"
telephone cable connecting modem to telco's fixed line not exceed 2m. Easily
rectified.

> Such expertise probably is now available, unlike back then....
>
> Alan V
>
> - - - - - - - - -
>
> On 8/12/2009 9:43 PM Rod Peters sent:
> > On Tuesday 08 December 2009 19:17:44 linux-request@... wrote:
> >> [clug] Recommended cabling person?
> >> From: Chris Smart <mail@...>
> >> To: CLUG List <linux@...>
> >>
> >> My Aunty and Uncle just moved to Canberra from Sydney and we need to
> >> cable the phone line (which is in the living room) over to the
> >> computer room at the other end of the house so that they can get ADSL.
> >
> > That may not be the best topology, if they are getting a fixed line
> > installed. TransACT hard-wire a splitter at the barge board and run a
> > dedicated ADSL line from there to customer's chosen location. There may
> > be some advantage in minimising the length of voice grade cable,
> > particularly for ADSL2+.
> >
> > A corrollorary is that, if they are using a TransACT partner as ISP then
> > no action required because the sub-contractor will run the ADSL line
> > anyway.
> >
> >> Does anyone have anyone qualified that they can recommend, or shall I
> >> just look in the yellow pages?
> >>
> >> -c
> >
> > Rod

Rod
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

From forum: Samba - linux

Re: [PATCH] Proposed merge of some NTLMSSP crypto

2009-12-08T14:29:14Z

On Tue, 2009-12-08 at 21:37 +0100, Volker Lendecke wrote:

> On Wed, Dec 09, 2009 at 12:41:41AM +1100, Andrew Bartlett wrote:
> > In my git tree 'ntlmssp-merge-wip' I have the current state of my
> > efforts to merge the NTLMSSP code between Samba3 and Samba4.
> >
> > My hope here is to reduce the duplication of the crypto code, and make
> > an eventual full merge of this important subsystem easier.
> >
> > git://git.samba.org/abartlet/samba.git ntlmssp-merge-wip
> >
> > The tests seem to pass in Samba4, but I still need to look into some
> > Samba3 issues. It will be important to test with Windows clients too,
> > and any assistance in that area, particularly against Samba3 will be
> > most appreciated.
>
> e8d4e5d3e260726c9 does not compile for me, does it for you?

Ahh, when I looked at this in gitk I misread the parent for the commit.
See the next commit.

> Probably it is just too much to ask, but normally I try to
> make every commit in a sequence of commits at least compile.
> For me this makes future "git bisect" runs a lot easier.

This patch series was split up for review, not git bisect. As such, I
change the API and then follow up the callers in separate commits. (The
double-change to the API is unfortunate, but due to development order
was not trivial to merge with the previous commit that made the first
change).

Similarly I moved the code and made syntactic changes before concluding
the merge with the semantic changes. As such, only the tip of the tree
is expected to compile and operate, not each individual patch.

We may be able to merge some of these commits before a final push, but I
wanted to make it crystal clear what code was as was not being modified
by this merge.

Andrew Bartlett

--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.

signature.asc (196 bytes) Download Attachment

From forum: Samba - samba-technical

Re: [PATCH] Proposed merge of some NTLMSSP crypto

2009-12-08T14:19:14Z

On Tue, Dec 08, 2009 at 10:54:34PM +0100, Volker Lendecke wrote:

> On Wed, Dec 09, 2009 at 08:45:03AM +1100, Andrew Bartlett wrote:
> > > e8d4e5d3e260726c9 does not compile for me, does it for you?
> >
> > Yes, that compiled for me, and kblin reports it compiles for him after
> > a ./config.status.
>
> Hmm.
>
> Looking at
>
> libcli/auth/ntlmssp_sign.h in lines 96ff I find the prototype

Ok, sorry for the noise. Just read on irc that this patchset
was not split up for bisect.

Volker

signature.asc (204 bytes) Download Attachment

From forum: Samba - samba-technical

Re: Unable to add posixAccount objectclass to AD user

2009-12-08T13:54:23Z

Hi Brendan,

the first thing I suggest is to set the author name and email address on
your local GIT installation (should be doable through ".gitconfig" in
your home directory). Otherwise "git-am" formatted patches are nearly
useless for us.

Then I notice different patches in your attachments which don't fully
coincide with the email subject ("objectclass" stuff). Therefore it
would be really helpful for us that you mention your thoughts and
reasons about each patch in a email (e.g. the "password_hash" module
change - why is the check for "sAMAccountName" really needed?).

When you are done with this we can start serious discussions about what
to apply.

Greets,
Matthias

brendan powers wrote:
> Here are the patches we discussed.
>

From forum: Samba - samba-technical

Re: [PATCH] Proposed merge of some NTLMSSP crypto

2009-12-08T13:52:53Z

On Wed, Dec 09, 2009 at 08:45:03AM +1100, Andrew Bartlett wrote:
> > e8d4e5d3e260726c9 does not compile for me, does it for you?
>
> Yes, that compiled for me, and kblin reports it compiles for him after
> a ./config.status.

Hmm.

Looking at

libcli/auth/ntlmssp_sign.h in lines 96ff I find the prototype

NTSTATUS ntlmssp_unseal_packet(struct ntlmssp_sign_state *ntlmssp_sign_state,
uint8_t *data, size_t length,
const uint8_t *whole_pdu, size_t pdu_length,
const DATA_BLOB *sig);

In source3/libsmb/smb_seal.c in lines 88ff I find a call

status = ntlmssp_unseal_packet(&ntlmssp_state->crypt,
tmp_ctx,
(unsigned char *)inbuf + 8 + NTLMSSP_SIG_SIZE, /* 4 byte len + 0xFF 'E' <e\
nc> <ctx> */
data_len,
(unsigned char *)inbuf + 8 + NTLMSSP_SIG_SIZE,
data_len,
&sig);

If I count the number of arguments in smb_seal.c, I count 7.
The prototype only has 6 parameters. Are we talking about
the same code?

Volker

signature.asc (204 bytes) Download Attachment

From forum: Samba - samba-technical

Re: linux Digest, Vol 84, Issue 13

2009-12-08T13:52:36Z

On Wednesday 09 December 2009 06:00:02 linux-request@... wrote:

> Re: [clug] Recommended cabling person?
> From: Chris Smart <mail@...>
> To: rodneyp@...
> CC: linux@...
>
> 2009/12/8 Rod Peters <rpeters@...>:
> > That may not be the best topology, if they are getting a fixed line
> > installed. TransACT hard-wire a splitter at the barge board and run a
> > dedicated ADSL line from there to customer's chosen location. There may
> > be some advantage in minimising the length of voice grade cable,
> > particularly for ADSL2+.
>
> Hey Rod,
>
> Thanks for the suggestions. They are on a pre-existing Telstra line
> and going to Naked ADSL2+ which means that the router needs to be next
> to the phone line, which needs to be next to the phone (running off
> VoIP).
>

Cablers generally quote X dollars per run for residental jobs, so they might
as well run from a splitter in the roof/bargeboard. Only downside is the
cost of the hard-wirable splitter (which is not huge), but ADSL2+ needs a
good quality splitter anyway, according to tests conducted a few years ago by
one of the PC mags.

This topology does not burn any bridges. Someone can later just plug in a
splitter on the phone line, if they choose to relocate the modem/router.

> They don't want the main phone next to the TV in the lounge room and
> there's no other phone port in the house.
>
> I also need to get their primary PC connected to the switch on the
> router, so I just figured the easiest thing would be to run a external
> phone cable under the floor to the computer room and do it all from
> there.
>
Disadvantage of this is that it involves more voice-grade cable and connection
blocks, all of which downgrade ADSL2+ signal and could be the "tipping point"
which puts the connection into the next lower download speed.

> If there's a better way I'm all ears!
>
> -c

A few years ago I had discussions with a licenced cabler, one Alan Desomond,
re cabling a small office setup. I was happy with his knowledge, general
approach to the job and price, but circumstances intervened and the job did
not proceed.

Can't lay my hands on his card, but ph 6241 1608 will probably locate him.

AFAIK, the licencing is federal and an ACT-based cabler should be able to do
work for Lana.

Rod

--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

From forum: Samba - linux

Re: Recommended cabling person?

2009-12-08T13:49:39Z

2009/12/9 jhock <jhock@...>:
> Whatever you do *don't* use Telstra. I had a telephone extension put in
> and I had a gortex rain coat stolen. Two Telstra people turned up so I
> didn't know who did it. The police said they couldn't do anything about
> it because I didn't know which of the two took the coat. Also my
> insurance would not pay up because we invited the people into our house.

Not a hope in hell that I'd use Telstra, don't worry! :-)

-c
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

From forum: Samba - linux

Re: Recommended cabling person?

2009-12-08T13:48:37Z

2009/12/9 Leigh Finch <leigh@...>:
> An alternative is to use a adsl router with wireless, and use a client
> ap to connect to the wireless network and cat5 into the pc. Many cheap
> routers now come with client ap capabilities now.
>

Thanks Leigh, but then I'll be going over wireless, which I don't want
to do for the main PC. Their son plays games, etc and wireless kills
that!

-c
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

From forum: Samba - linux

Re: FRS / DFS replication

2009-12-08T13:47:00Z

On Tue, 2009-12-08 at 17:48 +0300, Matthieu Patou wrote:

> Hello,
>
> With all your job on DRS it's likely that sooner or latter we will want
> to have DFS working and in order to allow files to be the same on all
> the domain controller.
> That leads to two protocol that MS product use to do so:
> * FRS file replication protocol (from w2k)
> * DFS replication
>
>
> I think it will be a great plus for samba to support either DFS and/or
> FRS, although in the simple scheme of just s4 server it can be replaced
> by some clever inotify script + rsync (and also maybe in Windows as
> well) it will be needed for mixed windows/samba domain to support at
> least one of the protocol.
>
> As it seems that tridge wants to keep some compatibility with w2k I am
> wondering how far he wants to keep the compatibility as now DFS
> replication replace FRS (it's available since w2k3r2).

Well, we should start with the most recent first, I think. In terms of
Windows 2000, the most important thing to support is the functional
level, not the now-ancient product itself.

Andrew Bartlett

--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.

signature.asc (196 bytes) Download Attachment

From forum: Samba - samba-technical

Re: [PATCH] Proposed merge of some NTLMSSP crypto

2009-12-08T13:45:03Z

On Tue, 2009-12-08 at 21:37 +0100, Volker Lendecke wrote:

Yes, that compiled for me, and kblin reports it compiles for him after
a ./config.status.

Andrew Bartlett

--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.

signature.asc (196 bytes) Download Attachment

From forum: Samba - samba-technical

Re: Recommended cabling person?

2009-12-08T13:45:03Z

Hi Chris,

On Tue, 2009-12-08 at 19:17 +1100, Chris Smart wrote:
> My Aunty and Uncle just moved to Canberra from Sydney and we need to
> cable the phone line (which is in the living room) over to the
> computer room at the other end of the house so that they can get ADSL.
>
> Does anyone have anyone qualified that they can recommend, or shall I
> just look in the yellow pages?
>
> -c

Whatever you do *don't* use Telstra. I had a telephone extension put in
and I had a gortex rain coat stolen. Two Telstra people turned up so I
didn't know who did it. The police said they couldn't do anything about
it because I didn't know which of the two took the coat. Also my
insurance would not pay up because we invited the people into our house.

When I rang Telstra about the issue they wouldn't do anything about it.

John

--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

From forum: Samba - linux

[IPA] Conflicting OID's

2009-12-08T13:41:25Z

Hi Andrew,

I'm trying to enable the change log plugin in the FDS instance
provisioned by Samba. When I added the common schema (02common.ldif)
that contains the change log attributes & classes the instance failed
to start because there are conflicting OID's with some AD attributes.

The common schema is an optional core FDS schema:
http://git.fedorahosted.org/git/?p=389/ds.git;a=blob;f=ldap/schema/02common.ldif

I think it is important to generate an AD schema that doesn't conflict
with FDS core schema even though it's optional.

Attached is the patch to remap the conflicting AD attributes. Is this
correct? Thanks!

--
Endi S. Dewata

[0001-s4-provision-Remap-conflicting-thumbnailPhoto-and-th.patch]

From 92ce8fc15a4985cadf72ee959f0af2af3faec1b8 Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata <edewata@...> Date: Tue, 8 Dec 2009 14:55:16 -0600 Subject: [PATCH] s4:provision - Remap conflicting thumbnailPhoto and thumbnailLogo OID's. --- source4/setup/schema-map-fedora-ds-1.0 | 5 +++++ source4/setup/schema_samba4.ldif | 3 +++ 2 files changed, 8 insertions(+), 0 deletions(-) diff --git a/source4/setup/schema-map-fedora-ds-1.0 b/source4/setup/schema-map-fedora-ds-1.0 index 4ed833f..34d48a0 100644 --- a/source4/setup/schema-map-fedora-ds-1.0 +++ b/source4/setup/schema-map-fedora-ds-1.0 @@ -33,6 +33,11 @@ sambaConfigOption 2.16.840.1.113730.3.1.34:1.3.6.1.4.1.7165.4.255.1 #defaultGroup has a conflicting OID 1.2.840.113556.1.4.480:1.3.6.1.4.1.7165.4.255.2 +#thumbnailPhoto has a conflicting OID +2.16.840.1.113730.3.1.35:1.3.6.1.4.1.7165.4.255.10 +#thumbnailLogo has a conflicting OID +2.16.840.1.113730.3.1.36:1.3.6.1.4.1.7165.4.255.11 + #This large integer format is unimplemented in OpenLDAP 2.3 1.2.840.113556.1.4.906:1.3.6.1.4.1.1466.115.121.1.27 #This case insensitive string isn't available diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index fd663fd..ea61016 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -195,6 +195,9 @@ #Allocated: (dynamicObject) samba4DynamicObject: 1.3.6.1.4.1.7165.4.255.8 #Allocated: (entryTTL) samba4EntryTTL: 1.3.6.1.4.1.7165.4.255.9 +#Allocated: (thumbnailPhoto) attributeID: 1.3.6.1.4.1.7165.4.255.10 +#Allocated: (thumbnailLogo) attributeID: 1.3.6.1.4.1.7165.4.255.11 + # # Based on domainDNS, but without the DNS bits. # -- 1.6.5.2

From forum: Samba - samba-technical

Re: Recommended cabling person?

2009-12-08T13:40:11Z

Chris Smart wrote:

> 2009/12/9 Alastair D'Silva <alastair@...>:
>
>> You could always use a matched pair of DECT handsets, with the base connected to the ADSL modem (wherever it has to be connected), and the second handset where they want a phone to be.
>>
>>
>
> That's the plan, from the computer room to two other locations in the
> house. Problem is that I'd still need to run a CAT5 cable for the
> computer.. so I figure may as well just do the phone and have it much
> more convenient.
>
> -c
>

An alternative is to use a adsl router with wireless, and use a client
ap to connect to the wireless network and cat5 into the pc. Many cheap
routers now come with client ap capabilities now.

leigh
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

From forum: Samba - linux

Re: Recommended cabling person?

2009-12-08T13:36:52Z

2009/12/9 Alastair D'Silva <alastair@...>:
>
> You could always use a matched pair of DECT handsets, with the base connected to the ADSL modem (wherever it has to be connected), and the second handset where they want a phone to be.
>

That's the plan, from the computer room to two other locations in the
house. Problem is that I'd still need to run a CAT5 cable for the
computer.. so I figure may as well just do the phone and have it much
more convenient.

-c
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

From forum: Samba - linux

Re: [PATCH] Proposed merge of some NTLMSSP crypto

2009-12-08T12:35:58Z

On Wed, Dec 09, 2009 at 12:41:41AM +1100, Andrew Bartlett wrote:

> In my git tree 'ntlmssp-merge-wip' I have the current state of my
> efforts to merge the NTLMSSP code between Samba3 and Samba4.
>
> My hope here is to reduce the duplication of the crypto code, and make
> an eventual full merge of this important subsystem easier.
>
> git://git.samba.org/abartlet/samba.git ntlmssp-merge-wip
>
> The tests seem to pass in Samba4, but I still need to look into some
> Samba3 issues. It will be important to test with Windows clients too,
> and any assistance in that area, particularly against Samba3 will be
> most appreciated.

e8d4e5d3e260726c9 does not compile for me, does it for you?

Probably it is just too much to ask, but normally I try to
make every commit in a sequence of commits at least compile.
For me this makes future "git bisect" runs a lot easier. But
probably you are more experienced in git than I am.

Volker

signature.asc (204 bytes) Download Attachment

From forum: Samba - samba-technical

Chrome for linux..

2009-12-08T12:26:37Z

http://www.google.com/chrome/intl/en/w00t.html

--
Andrew Janke
(a.janke@... || http://a.janke.googlepages.com/)
Canberra->Australia +61 (402) 700 883
--
linux mailing list
linux@...
https://lists.samba.org/mailman/listinfo/linux

From forum: Samba - linux

Re: SMBv1 LockAndX return status on lock conflict

2009-12-08T12:07:33Z

Steven,

LockViolationDelayOffset is the file offset beyond which locks are always issued as delayed locks. Default value is 0xEF000000. Please let us know if you have any more questions.

Thanks!

Hongwei

From: Steven Danneman [mailto:steven.danneman@...]
Sent: Monday, December 07, 2009 9:03 PM
To: Hongwei Sun; cifs-protocol@...; pfif@...
Subject: RE: SMBv1 LockAndX return status on lock conflict

Hey Hongwei,

That’s very interesting and indeed explains the behavior I’ve seen.

I can understand the motivation for delaying a small timeout for locks that the server knows are already held. However, the “Offset >= LockViolationDelayOffset” is strange to me. I don’t understand the usefulness of that condition.

Perhaps this is an Office specific feature, since Office applications take small byte range locks past the end of file range as a primitive IPC mechanism.

Can you tell me what the value of LockViolationDelayOffset is? The smbtorture testing seems to indicate it is Offset > 0xEF000000.

Thanks for your help. I certainly wouldn’t have figured these semantics out on my own.

-Steven

From: Hongwei Sun [mailto:hongweis@...]
Sent: Monday, December 07, 2009 4:03 PM
To: Steven Danneman; cifs-protocol@...; pfif@...
Subject: RE: SMBv1 LockAndX return status on lock conflict

Hi, Steven,

For the error returned when a byte range lock conflicts with an existing lock in SMB, the logic is as follows: If a lock request is above a configured offset, or if a lock request matches a previously failed lock offset, it will change it from “fail immediately” with timeout of 0 to timeout of 250 ms on operation issue. The result is that the lock will be pending for 250ms waiting for lock availability, and if it does not retrieve it, it returns a different error (STATUS_FILE_LOCK_CONFLICT).

Pseudo code of above logic should be something as below:

If (FailImmediately) // Timeout = 0

If Offset == Open.LastFailedLockOffset OR Offset >= LockViolationDelayOffset

Set Timeout = LockViolationDelay // within 250 milliseconds

End If

If Timeout = 0 and Lock Not Acquired

Set LockViolationDelayOffset = (Offset of lock attempt)

return STATUS_LOCK_NOT_GRANTED

Else If Timeout > 0 and Lock Not Acquired after Timeout

return STATUS_FILE_LOCK_CONFLICT

Else

return STATUS_SUCCESS

End If.

With the logic above, you can easily explain what shows in your network trace. We will add the logic to the SMB protocol document. Please let us know if you have further questions regarding this behavior.

Thanks!

--------------------------------------------------------------------

Hongwei Sun - Sr. Support Escalation Engineer

DSC Protocol Team, Microsoft

hongweis@...

Tel: 469-7757027 x 57027

---------------------------------------------------------------------

From: Steven Danneman [mailto:steven.danneman@...]
Sent: Wednesday, November 25, 2009 5:54 PM
To: Interoperability Documentation Help; cifs-protocol@...; pfif@...
Subject: SMBv1 LockAndX return status on lock conflict

Hello,

When requesting a byte-range lock over SMBv1 on a range of a file which is already locked and thus will contend, the error code returned is inconsistent. The first attempt to acquire a held lock will return STATUS_LOCK_NOT_GRANTED. Subsequent requests will return STATUS_FILE_LOCK_CONFLICT.

This seems as though it may be an error in the implementation of the SMBv1 protocol as the explanation of the two errors in MS-ERREF implies that STATUS_LOCK_NOT_GRANTED should always be returned in this circumstance:

STATUS_LOCK_NOT_GRANTED A requested file lock cannot be granted due to other existing locks.

STATUS_FILE_LOCK_CONFLICT A requested read/write cannot be granted due to a conflicting file lock.

And in this same scenario the SMBv2 protocol always returns STATUS_LOCK_NOT_GRANTED.

I aware this is a well known issue, as the Samba torture test demonstrating this behavior have existed for a number of years, but I haven’t found any Microsoft documentation describing the semantics of this behavior. I’ve looked in MS-CIFS, MS-SMB, MS-SMB2, and MS-FSA.

Furthermore, which error code is returned becomes even more complicated when additional lock requests are interspersed. For example the attached pcap against a W2K8R2 server shows:

1) Two file handles opened to the same file 0x400b, 0x400c

2) Packet 27,28: Handle 0x400b successfully acquiring an exclusive lock on range 100 – 110

3) Packet 29-32: Handles 0x400b and 0x400c requesting the same held range and receiving STATUS_LOCK_NOT_GRANTED

4) Packet 33-44: Again requesting the same held range and receiving STATUS_FILE_LOCK_CONFLICT

5) Packet 45-54: Requesting a lock on an overlapping range, 105-115, and receiving the same pattern of errors

6) Packet 55-64: Requesting a lock on the previous range, 100-110, and now having the response be “reset” back to STATUS_LOCK_NOT_GRANTED

I’d like to have some documentation of the algorithm for determining which error to return based on the state of existing locks, or history of previously requested locks.

Thanks,

Steven Danneman | Software Development Engineer
Isilon Systems P +1-206-315-7500 F +1-206-315-7501
www.isilon.com

How breakthroughs begin. ™

_______________________________________________
cifs-protocol mailing list
cifs-protocol@...
https://lists.samba.org/mailman/listinfo/cifs-protocol

From forum: Samba - cifs-protocol

Re: surprise behavior #1: ENOENT for existing directories

2009-12-08T11:37:35Z

suresh and jeff,
i am happy to report no such problems since remounting with
noserverino. this must be some kind of miracle option.

does it cost much in performance terms to locally assign inode numbers
like this? i don't know why my NAS is getting them wrong (?), but
given the results, this is something i really needed.

regards and my appreciation!
aaron.

-- aaron brick
-- aaron@...
-- http://www.lithic.org

2009/11/30 aaron brick <bricktron@...>:

> thank you guys very much for responding to my issues. i have now
> remounted the share with noserverino. hopefully the problems will go
> away and in a few days i can come back and tell you so.
>
> cheers!
> aaron.
>
> -- aaron brick
> -- aaron@...
> -- http://www.lithic.org
>
>
>
>
>
> 2009/11/30 Jeff Layton <jlayton@...>:
>> On Mon, 30 Nov 2009 22:14:22 +0530
>> Suresh Jayaraman <sjayaraman@...> wrote:
>>
>>> On 11/30/2009 06:53 PM, Jeff Layton wrote:
>>> > On Mon, 30 Nov 2009 16:45:59 +0530
>>> > Suresh Jayaraman <sjayaraman@...> wrote:
>>> >
>>> >> On 11/30/2009 07:46 AM, aaron brick wrote:
>>> >>> i am having two intermittent problems with CIFS and am sending
>>> >>> separate emails to the list for each. this paragraph is identical. my
>>> >>> desktop runs debian and kernel 2.6.32rc7; i am mounting a filesystem
>>> >>> from my synology NAS, running DSM 2.2-0942 and using ext3 & RAID5
>>> >>> internally. the link is gigabit through cat5e and a netgear switch.
>>> >>> the only CIFS dmesg entry i see is a couple of: "CIFS VFS: server
>>> >>> 10.1.1.2 of type Samba 3.2.8 returned unexpected error on SMB posix
>>> >>> open, disabling posix open support. Check if server update available."
>>> >>> (FWIW, synology hasn't released a firmware with a more recent samba.)
>>> >>>
>>> >>>
>>> >>> here, creating files within a directory sometimes fails with ENOENT as
>>> >>> if the parent did not exist. this generally prevents me from using the
>>> >>> shared filesystem for compilation. an example follows:
>>> >>>
>>> >>>
>>> >>> 11:08 / > mount | grep nas
>>> >>> //nas/data on /data type cifs (rw,mand)
>>> >>> 11:08 / > cd data
>>> >>> 11:08 /data > mkdir a
>>> >>> 11:08 /data > mkdir a/b
>>> >>> mkdir: cannot create directory `a/b': No such file or directory
>>> >>> 11:08 /data > strace mkdir a/b |& grep mkdir
>>> >>> execve("/bin/mkdir", ["mkdir", "a/b"], [/* 22 vars */]) = 0
>>> >>> mkdir("a/b", 0777) = -1 ENOENT (No such file or directory)
>>> >>> write(2, "mkdir: ", 7mkdir: ) = 7
>>> >>>
>>> >>
>>> >> I have not been able to reproduce this 2.6.31-rc1 against Samba 3.2.7. But a
>>> >> quick look at the code suggests there could be a problem if we do this
>>> >> sequence:
>>> >>
>>> >> POSIX open against Samba server < 3.3.1 (tcon->broken_posix_open will be set)
>>> >> followed by a mkdir (will call CIFSPOSIXCreate). As we don't seem to check
>>> >> whether the broken_posix_open is set, this might have led to this issue I think.
>>> >>
>>> >> Does the following patch (a quick, untested) fix the issue?
>>> >>
>>> >>
>>> >>
>>> >> fs/cifs/inode.c | 3 ++-
>>> >> 1 files changed, 2 insertions(+), 1 deletions(-)
>>> >>
>>> >> diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
>>> >> index cababd8..f1e9ab6 100644
>>> >> --- a/fs/cifs/inode.c
>>> >> +++ b/fs/cifs/inode.c
>>> >> @@ -1038,7 +1038,8 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, int mode)
>>> >> return rc;
>>> >> }
>>> >>
>>> >> - if ((pTcon->ses->capabilities & CAP_UNIX) &&
>>> >> + if (!tcon->broken_posix_open && tcon->unix_ext &&
>>> > ^^^^ should be "pTcon"
>>> >
>>>
>>> Oops, sorry about the not even compile tested patch. Here is the
>>> compile tested patch. Could you please test this one?
>>>
>>>
>>> fs/cifs/inode.c | 3 ++-
>>> 1 files changed, 2 insertions(+), 1 deletions(-)
>>>
>>> diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c
>>> index cababd8..31be938 100644
>>> --- a/fs/cifs/inode.c
>>> +++ b/fs/cifs/inode.c
>>> @@ -1038,7 +1038,8 @@ int cifs_mkdir(struct inode *inode, struct dentry *direntry, int mode)
>>> return rc;
>>> }
>>>
>>> - if ((pTcon->ses->capabilities & CAP_UNIX) &&
>>> + if (!pTcon->broken_posix_open && pTcon->unix_ext &&
>>> + (pTcon->ses->capabilities & CAP_UNIX) &&
>>> (CIFS_UNIX_POSIX_PATH_OPS_CAP &
>>> le64_to_cpu(pTcon->fsUnixInfo.Capability))) {
>>> u32 oplock = 0;
>>
>> Now that I think about it though...
>>
>> The whole broken_posix_open thing was not a problem for actual creates,
>> just when opening existing files. I'm pretty sure we still want to use
>> posix creates for mkdir even if broken_posix_open is set.
>>
>> I'm more interested to know whether both of these problems go away if
>> he mounts with "noserverino".
>>
>> --
>> Jeff Layton <jlayton@...>
>> _______________________________________________
>> linux-cifs-client mailing list
>> linux-cifs-client@...
>> https://lists.samba.org/mailman/listinfo/linux-cifs-client
>>
>

_______________________________________________
linux-cifs-client mailing list
linux-cifs-client@...
https://lists.samba.org/mailman/listinfo/linux-cifs-client

From forum: Samba - linux-cifs-client