[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Tue May 24 21:21:02 MDT 2011
The branch, master has been updated
via ee0ee5e s3-testparm Warn about incorrect use of 'password server'
via 3ba3243 s3-param Depricate 'password server = foo:12389' syntax
via ddbc5fa docs: Rewrite 'password server' documentation
via 53b0c44 s4-provision Use correct tkey-gssapi-credential
via 387cbb1 docs: Clarify the 'security=server' fails for NTLMv2
via e7cf95c selftest: Make knowfail/skip files consistent, always use ^prefix
from e719dfd Fix our asn.1 parser to handle negative numbers.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ee0ee5e925dd19d0c185804f41c40564f441cb39
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed May 25 09:19:50 2011 +1000
s3-testparm Warn about incorrect use of 'password server'
This merges master with v3-6-test
Autobuild-User: Andrew Bartlett <abartlet at samba.org>
Autobuild-Date: Wed May 25 05:20:57 CEST 2011 on sn-devel-104
commit 3ba32439c1b3c84f25677f7b1b1eaf092723d24b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon May 23 10:42:57 2011 +1000
s3-param Depricate 'password server = foo:12389' syntax
This was originally intended to allow the LDAP port on a DC to be
varied, but makes little sense to change one port when in an
environment where krb5, ldap, smb and potentially DCE/RPC over TCP are
involved.
Andrew Bartlett
commit ddbc5fa236a91d4b9ecd7641ab1d3c69d9569410
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon May 23 10:20:47 2011 +1000
docs: Rewrite 'password server' documentation
I think this new version is more clear.
Andrew Bartlett
commit 53b0c44d8c0f21682220a212baa4b8a2e0f3ceae
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon May 23 15:27:50 2011 +1000
s4-provision Use correct tkey-gssapi-credential
We changed to ${DNSNAME} (the fully qualified domain name) a while
back, and while it's usually functionally idential to the previous
setting, this breaks down if there is more than one DNS server.
Andrew Bartlett
commit 387cbb1c37fba6a0a18b87ced31c91d0948a0699
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon May 23 10:42:40 2011 +1000
docs: Clarify the 'security=server' fails for NTLMv2
commit e7cf95c5417e07fb3544b8731cb6a33fbcf40eff
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon May 23 09:22:07 2011 +1000
selftest: Make knowfail/skip files consistent, always use ^prefix
Except in one case (where we mark printing tests as knownfail), this
has all our regular expressions start with ^, which ensures we don't
accidentially mix up the samba3/samba4 prefix here.
Because of the particular values in these files at the moment, this
should not change the set of tests, but it will help to ensure that
future edits follow the correct pattern.
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
docs-xml/smbdotconf/security/passwordserver.xml | 106 +++++++-------
docs-xml/smbdotconf/security/security.xml | 3 +
source3/param/loadparm.c | 5 +
source3/selftest/knownfail | 22 ++--
source3/selftest/skip | 46 +++---
source3/utils/testparm.c | 8 +-
.../scripting/python/samba/provision/__init__.py | 4 +-
source4/selftest/knownfail | 160 ++++++++++----------
source4/setup/named.txt | 2 +-
9 files changed, 184 insertions(+), 172 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/security/passwordserver.xml b/docs-xml/smbdotconf/security/passwordserver.xml
index 0e92af9..0ac39f1 100644
--- a/docs-xml/smbdotconf/security/passwordserver.xml
+++ b/docs-xml/smbdotconf/security/passwordserver.xml
@@ -10,54 +10,24 @@
it is possible to get Samba
to do all its username/password validation using a specific remote server.</para>
- <para>This option sets the name or IP address of the password server to use.
- New syntax has been added to support defining the port to use when connecting
- to the server the case of an ADS realm. To define a port other than the
- default LDAP port of 389, add the port number using a colon after the
- name or IP address (e.g. 192.168.1.100:389). If you do not specify a port,
- Samba will use the standard LDAP port of tcp/389. Note that port numbers
- have no effect on password servers for Windows NT 4.0 domains or netbios
- connections.</para>
-
- <para>If parameter is a name, it is looked up using the
- parameter <smbconfoption name="name resolve order"/> and so may resolved
- by any method and order described in that parameter.</para>
-
- <para>The password server must be a machine capable of using
- the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in
- user level security mode.</para>
-
- <note><para>Using a password server means your UNIX box (running
- Samba) is only as secure as your password server. <emphasis>DO NOT
- CHOOSE A PASSWORD SERVER THAT YOU DON'T COMPLETELY TRUST</emphasis>.
- </para></note>
-
- <para>Never point a Samba server at itself for password serving.
- This will cause a loop and could lock up your Samba server!</para>
-
- <para>The name of the password server takes the standard
- substitutions, but probably the only useful one is <parameter moreinfo="none">%m
- </parameter>, which means the Samba server will use the incoming
- client as the password server. If you use this then you better
- trust your clients, and you had better restrict them with hosts allow!</para>
-
<para>If the <parameter moreinfo="none">security</parameter> parameter is set to
- <constant>domain</constant> or <constant>ads</constant>, then the list of machines in this
- option must be a list of Primary or Backup Domain controllers for the
- Domain or the character '*', as the Samba server is effectively
- in that domain, and will use cryptographically authenticated RPC calls
- to authenticate the user logging on. The advantage of using <command moreinfo="none">
- security = domain</command> is that if you list several hosts in the
- <parameter moreinfo="none">password server</parameter> option then <command moreinfo="none">smbd
- </command> will try each in turn till it finds one that responds. This
- is useful in case your primary server goes down.</para>
+ <constant>domain</constant> or <constant>ads</constant>, then this option
+ <emphasis>should not</emphasis> be used, as the default '*' indicates to Samba
+ to determine the best DC to contact dynamically, just as all other hosts in an
+ AD domain do. This allows the domain to be maintained without modification to
+ the smb.conf file. The cryptograpic protection on the authenticated RPC calls
+ used to verify passwords ensures that this default is safe.</para>
- <para>If the <parameter moreinfo="none">password server</parameter> option is set
- to the character '*', then Samba will attempt to auto-locate the
- Primary or Backup Domain controllers to authenticate against by
- doing a query for the name <constant>WORKGROUP<1C></constant>
- and then contacting each server returned in the list of IP
- addresses from the name resolution source. </para>
+ <para><emphasis>It is strongly recommended that you use the
+ default of '*'</emphasis>, however if in your particular
+ environment you have reason to specify a particular DC list, then
+ the list of machines in this option must be a list of names or IP
+ addresses of Domain controllers for the Domain. If you use the
+ default of '*', or list several hosts in the <parameter
+ moreinfo="none">password server</parameter> option then <command
+ moreinfo="none">smbd </command> will try each in turn till it
+ finds one that responds. This is useful in case your primary
+ server goes down.</para>
<para>If the list of servers contains both names/IP's and the '*'
character, the list is treated as a list of preferred
@@ -65,10 +35,12 @@
will be added to the list as well. Samba will not attempt to optimize
this list by locating the closest DC.</para>
+ <para>If parameter is a name, it is looked up using the
+ parameter <smbconfoption name="name resolve order"/> and so may resolved
+ by any method and order described in that parameter.</para>
+
<para>If the <parameter moreinfo="none">security</parameter> parameter is
- set to <constant>server</constant>, then there are different
- restrictions that <command moreinfo="none">security = domain</command> doesn't
- suffer from:</para>
+ set to <constant>server</constant>, these additional restrictions apply:</para>
<itemizedlist>
<listitem>
@@ -82,12 +54,42 @@
</listitem>
<listitem>
- <para>If you are using a Windows NT server as your
- password server then you will have to ensure that your users
+ <para>You will have to ensure that your users
are able to login from the Samba server, as when in <command moreinfo="none">
security = server</command> mode the network logon will appear to
- come from there rather than from the users workstation.</para>
+ come from the Samba server rather than from the users workstation.</para>
</listitem>
+
+ <listitem>
+ <para>The client must not select NTLMv2 authentication.</para>
+ </listitem>
+
+ <listitem>
+ <para>The password server must be a machine capable of using
+ the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in
+ user level security mode.</para>
+ </listitem>
+
+ <listitem>
+ <para>Using a password server means your UNIX box (running
+ Samba) is only as secure as (a host masqurading as) your password server. <emphasis>DO NOT
+ CHOOSE A PASSWORD SERVER THAT YOU DON'T COMPLETELY TRUST</emphasis>.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>Never point a Samba server at itself for password serving.
+ This will cause a loop and could lock up your Samba server!</para>
+ </listitem>
+
+ <listitem>
+ <para>The name of the password server takes the standard
+ substitutions, but probably the only useful one is <parameter moreinfo="none">%m
+ </parameter>, which means the Samba server will use the incoming
+ client as the password server. If you use this then you better
+ trust your clients, and you had better restrict them with hosts allow!</para>
+ </listitem>
+
</itemizedlist>
</description>
diff --git a/docs-xml/smbdotconf/security/security.xml b/docs-xml/smbdotconf/security/security.xml
index e20a73d..55e147e 100644
--- a/docs-xml/smbdotconf/security/security.xml
+++ b/docs-xml/smbdotconf/security/security.xml
@@ -198,6 +198,9 @@
Samba server may fail (from a single client, till it disconnects).
</para></note>
+ <note><para>If the client selects NTLMv2 authentication, then this mode of operation <emphasis>will fail</emphasis>
+ </para></note>
+
<note><para>From the client's point of
view, <command moreinfo="none">security = server</command> is the
same as <command moreinfo="none">security = user</command>. It
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 9bb0ce1..58ead5b 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -9624,6 +9624,11 @@ static bool lp_load_ex(const char *pszFname,
DEBUG(1, ("WARNING: The security=server option is deprecated\n"));
}
+ if (lp_security() == SEC_ADS && strchr(lp_passwordserver(), ':')) {
+ DEBUG(1, ("WARNING: The optional ':port' in password server = %s is deprecated\n",
+ lp_passwordserver()));
+ }
+
bLoaded = True;
/* Now we check bWINSsupport and set szWINSserver to 127.0.0.1 */
diff --git a/source3/selftest/knownfail b/source3/selftest/knownfail
index 95f01f6..b62ef3e 100644
--- a/source3/selftest/knownfail
+++ b/source3/selftest/knownfail
@@ -1,14 +1,14 @@
-samba3.blackbox.failure # this is designed to fail, for testing our test infrastructure
+^samba3.blackbox.failure # this is designed to fail, for testing our test infrastructure
.*printer.*print_test_extended # fails on some hosts due to timing issues ?
.*printer.*print_test # fails on some hosts due to timing issues ?
-samba3.posix_s3.rap.printing # fails sometimes on sn-devel
-samba3.posix_s3.rpc.spoolss.*printserver.enum_printers_old # fails on some hosts due to timing issues ?
-samba3.posix_s3.rpc.spoolss.printer.*addprinterex.print_test # another intermittent failure
-samba3.posix_s3.smb2.lock.*.rw-exclusive # another intermittent failure
+^samba3.posix_s3.rap.printing # fails sometimes on sn-devel
+^samba3.posix_s3.rpc.spoolss.*printserver.enum_printers_old # fails on some hosts due to timing issues ?
+^samba3.posix_s3.rpc.spoolss.printer.*addprinterex.print_test # another intermittent failure
+^samba3.posix_s3.smb2.lock.*.rw-exclusive # another intermittent failure
.*driver.add_driver_timestamps # we only can store dates, not timestamps
-samba3.raw.mux.* #This test is flaky on the async lock time
-samba3.smbtorture_s3.*OPLOCK4 # fails sometimes on sn-devel
-samba3.posix_s3.nbt.dgram.*netlogon2
-samba3.*rap.sam.*.useradd # Not provided by Samba 3
-samba3.*rap.sam.*.userdelete # Not provided by Samba 3
-samba3.*rap.basic.*.netsessiongetinfo # Not provided by Samba 3
+^samba3.raw.mux.* #This test is flaky on the async lock time
+^samba3.smbtorture_s3.*OPLOCK4 # fails sometimes on sn-devel
+^samba3.posix_s3.nbt.dgram.*netlogon2
+^samba3.*rap.sam.*.useradd # Not provided by Samba 3
+^samba3.*rap.sam.*.userdelete # Not provided by Samba 3
+^samba3.*rap.basic.*.netsessiongetinfo # Not provided by Samba 3
diff --git a/source3/selftest/skip b/source3/selftest/skip
index 02166a1..4366ae6 100644
--- a/source3/selftest/skip
+++ b/source3/selftest/skip
@@ -1,23 +1,23 @@
-samba3.smbtorture_s3.*.randomipc
-samba3.smbtorture_s3.*.negnowait
-samba3.smbtorture_s3.*.nbench
-samba3.smbtorture_s3.*.errmapextract
-samba3.smbtorture_s3.*.trans2scan
-samba3.smbtorture_s3.*.nttransscan
-samba3.smbtorture_s3.*.deny1
-samba3.smbtorture_s3.*.deny2
-samba3.smbtorture_s3.*.openattr
-samba3.smbtorture_s3.*.casetable
-samba3.smbtorture_s3.*.eatest
-samba3.smbtorture_s3.*.mangle
-samba3.smbtorture_s3.*.utable
-samba3.smbtorture_s3.*.pipe_number
-samba3.smbtorture_s3.*.CHAIN1
-samba3.*base.charset
-samba3.*raw.acls
-samba3.*raw.composite
-samba3.*raw.context
-samba3.*raw.ioctl
-samba3.*raw.qfileinfo
-samba3.*raw.qfsinfo
-samba3.*raw.sfileinfo.base
+^samba3.smbtorture_s3.*.randomipc
+^samba3.smbtorture_s3.*.negnowait
+^samba3.smbtorture_s3.*.nbench
+^samba3.smbtorture_s3.*.errmapextract
+^samba3.smbtorture_s3.*.trans2scan
+^samba3.smbtorture_s3.*.nttransscan
+^samba3.smbtorture_s3.*.deny1
+^samba3.smbtorture_s3.*.deny2
+^samba3.smbtorture_s3.*.openattr
+^samba3.smbtorture_s3.*.casetable
+^samba3.smbtorture_s3.*.eatest
+^samba3.smbtorture_s3.*.mangle
+^samba3.smbtorture_s3.*.utable
+^samba3.smbtorture_s3.*.pipe_number
+^samba3.smbtorture_s3.*.CHAIN1
+^samba3.*base.charset
+^samba3.*raw.acls
+^samba3.*raw.composite
+^samba3.*raw.context
+^samba3.*raw.ioctl
+^samba3.*raw.qfileinfo
+^samba3.*raw.qfsinfo
+^samba3.*raw.sfileinfo.base
diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
index f8b8c7f..aa48771 100644
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -139,8 +139,8 @@ cannot be set in the smb.conf file. nmbd will abort with this setting.\n");
else
sec_setting = "";
- fprintf(stderr, "ERROR: The setting 'security=%s' requires the 'password server' parameter be set \
-to the default value * or a valid password server.\n", sec_setting );
+ fprintf(stderr, "ERROR: The setting 'security=%s' requires the 'password server' parameter be set\n"
+ "to the default value * or a valid password server.\n", sec_setting );
ret = 1;
}
@@ -153,7 +153,8 @@ to the default value * or a valid password server.\n", sec_setting );
else
sec_setting = "";
- fprintf(stderr, "WARNING: The setting 'security=%s' is should NOT be combined with the 'password server' parameter.\n (by default Samba will discover the correct DC to contact automatically).\n", sec_setting );
+ fprintf(stderr, "WARNING: The setting 'security=%s' should NOT be combined with the 'password server' parameter.\n"
+ "(by default Samba will discover the correct DC to contact automatically).\n", sec_setting );
}
/*
@@ -254,7 +255,6 @@ via the %%o substitution. With encrypted passwords this is not possible.\n", lp_
if (!lp_passdb_backend()) {
fprintf(stderr,"ERROR: passdb backend must have a value or be left out\n");
- ret = 1;
}
if (lp_os_level() > 255) {
diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py
index 8433f23..f987fb8 100644
--- a/source4/scripting/python/samba/provision/__init__.py
+++ b/source4/scripting/python/samba/provision/__init__.py
@@ -1749,6 +1749,7 @@ def provision(logger, session_info, credentials, smbconf=None,
create_named_txt(paths.namedtxt,
realm=names.realm, dnsdomain=names.dnsdomain,
+ dnsname = "%s.%s" % (names.hostname, names.dnsdomain),
private_dir=paths.private_dir,
keytab_name=paths.dns_keytab)
logger.info("See %s for an example configuration include file for BIND", paths.namedconf)
@@ -1985,7 +1986,7 @@ def create_named_conf(paths, realm, dnsdomain,
setup_file(setup_path("named.conf.update"), paths.namedconf_update)
-def create_named_txt(path, realm, dnsdomain, private_dir,
+def create_named_txt(path, realm, dnsdomain, dnsname, private_dir,
keytab_name):
"""Write out a file containing zone statements suitable for inclusion in a
named.conf file (including GSS-TSIG configuration).
@@ -1998,6 +1999,7 @@ def create_named_txt(path, realm, dnsdomain, private_dir,
"""
setup_file(setup_path("named.txt"), path, {
"DNSDOMAIN": dnsdomain,
+ "DNSNAME" : dnsname,
"REALM": realm,
"DNS_KEYTAB": keytab_name,
"DNS_KEYTAB_ABS": os.path.join(private_dir, keytab_name),
diff --git a/source4/selftest/knownfail b/source4/selftest/knownfail
index 52e56ea..d0d3ace 100644
--- a/source4/selftest/knownfail
+++ b/source4/selftest/knownfail
@@ -3,85 +3,85 @@
#
# "make test" will not report failures for tests listed here and will consider
# a successful run for any of these tests an error.
-samba4.local.resolve.*.async
-samba4.local.iconv.*.next_codepoint()
-samba4..*base.delete.*.deltest17
-samba4..*base.delete.*.deltest20a
-samba4..*base.delete.*.deltest20b
-samba4.raw.rename.*.osxrename
-samba4.raw.rename.*.directory rename
-samba4.rpc.winreg.*security
-samba4.local.registry.(dir|ldb).check hive security
-samba4.local.registry.local.security
-samba4.rpc.wkssvc
-samba4.rpc.handles.*.lsarpc-shared
-samba4.rpc.handles.*.mixed-shared
-samba4.rpc.epmapper
-samba4.rpc.drsuapi.*
-samba4.rpc.lsalookup
-samba4.rpc.cracknames
-samba4.rpc.netlogon.*.LogonUasLogon
-samba4.rpc.netlogon.*.LogonUasLogoff
-samba4.rpc.netlogon.*.DatabaseSync
-samba4.rpc.netlogon.*.DatabaseSync2
-samba4.rpc.netlogon.*.LogonControl
-samba4.rpc.netlogon.*.LogonControl2
-samba4.rpc.netlogon.*.DsrEnumerateDomainTrusts
-samba4.rpc.netlogon.*.NetrEnumerateTrustedDomains
-samba4.rpc.netlogon.*.NetrEnumerateTrustedDomainsEx
-samba4.rpc.netlogon.*.GetPassword
-samba4.rpc.netlogon.*.GetTrustPasswords
-samba4.rpc.netlogon.*.DatabaseRedo
-samba4.rpc.netlogon.*.ServerGetTrustInfo
-samba4.rpc.netlogon.*.GetForestTrustInformation
-samba4.rpc.samr.passwords.badpwdcount # Not provided by Samba 4 yet
-samba4.rpc.samr.passwords.lockout
-samba4.base.charset.*.Testing partial surrogate
+^samba4.local.resolve.*.async
+^samba4.local.iconv.*.next_codepoint()
+^samba4..*base.delete.*.deltest17
+^samba4..*base.delete.*.deltest20a
+^samba4..*base.delete.*.deltest20b
+^samba4.raw.rename.*.osxrename
+^samba4.raw.rename.*.directory rename
+^samba4.rpc.winreg.*security
+^samba4.local.registry.(dir|ldb).check hive security
+^samba4.local.registry.local.security
+^samba4.rpc.wkssvc
+^samba4.rpc.handles.*.lsarpc-shared
+^samba4.rpc.handles.*.mixed-shared
+^samba4.rpc.epmapper
+^samba4.rpc.drsuapi.*
+^samba4.rpc.lsalookup
+^samba4.rpc.cracknames
+^samba4.rpc.netlogon.*.LogonUasLogon
+^samba4.rpc.netlogon.*.LogonUasLogoff
+^samba4.rpc.netlogon.*.DatabaseSync
+^samba4.rpc.netlogon.*.DatabaseSync2
+^samba4.rpc.netlogon.*.LogonControl
+^samba4.rpc.netlogon.*.LogonControl2
+^samba4.rpc.netlogon.*.DsrEnumerateDomainTrusts
+^samba4.rpc.netlogon.*.NetrEnumerateTrustedDomains
+^samba4.rpc.netlogon.*.NetrEnumerateTrustedDomainsEx
+^samba4.rpc.netlogon.*.GetPassword
+^samba4.rpc.netlogon.*.GetTrustPasswords
+^samba4.rpc.netlogon.*.DatabaseRedo
+^samba4.rpc.netlogon.*.ServerGetTrustInfo
+^samba4.rpc.netlogon.*.GetForestTrustInformation
+^samba4.rpc.samr.passwords.badpwdcount # Not provided by Samba 4 yet
+^samba4.rpc.samr.passwords.lockout
+^samba4.base.charset.*.Testing partial surrogate
.*net.api.delshare.* # DelShare isn't implemented yet
-samba4.rap.*netservergetinfo
-samba4.rap.*netsessionenum
-samba4.rap.*netsessiongetinfo
-samba4.rap.*netremotetod
-samba4.smb2.persistent.handles1
-samba4.winbind.struct.*.show_sequence # Not yet working in winbind
-samba4.winbind.struct.*.getpwent # Not yet working in winbind
-samba4.winbind.struct.*.setpwent # Not yet working in winbind
-samba4.winbind.struct.*.lookup_name_sid # Not yet working in winbind
-samba4.winbind.struct.*.list_groups
-samba4.*base.delaywrite.*update of write time and SMBwrite truncate$
-samba4.*base.delaywrite.*update of write time and SMBwrite truncate expand$
-samba4.*base.delaywrite.*delayed update of write time 3a$
-samba4.*base.delaywrite.*delayed update of write time 3c$
-samba4.*base.delaywrite.*update of write time using SET_END_OF_FILE$
-samba4.*base.delaywrite.*update of write time using SET_ALLOCATION_SIZE$
-samba4.ldap.python \(dc\).Test add_ldif\(\) with BASE64 security descriptor input using WRONG domain SID$
+^samba4.rap.*netservergetinfo
+^samba4.rap.*netsessionenum
+^samba4.rap.*netsessiongetinfo
+^samba4.rap.*netremotetod
+^samba4.smb2.persistent.handles1
+^samba4.winbind.struct.*.show_sequence # Not yet working in winbind
+^samba4.winbind.struct.*.getpwent # Not yet working in winbind
+^samba4.winbind.struct.*.setpwent # Not yet working in winbind
+^samba4.winbind.struct.*.lookup_name_sid # Not yet working in winbind
+^samba4.winbind.struct.*.list_groups
+^samba4.*base.delaywrite.*update of write time and SMBwrite truncate$
+^samba4.*base.delaywrite.*update of write time and SMBwrite truncate expand$
+^samba4.*base.delaywrite.*delayed update of write time 3a$
+^samba4.*base.delaywrite.*delayed update of write time 3c$
+^samba4.*base.delaywrite.*update of write time using SET_END_OF_FILE$
+^samba4.*base.delaywrite.*update of write time using SET_ALLOCATION_SIZE$
+^samba4.ldap.python \(dc\).Test add_ldif\(\) with BASE64 security descriptor input using WRONG domain SID$
# some operations don't work over the CIFS NTVFS backend yet (eg. root_fid)
-samba4.ntvfs.cifs.base.createx_access
-samba4.ntvfs.cifs.base.createx_sharemodes_dir
-samba4.ntvfs.cifs.base.maximum_allowed
-samba4.base.createx_access # this test is broken for non-administrator users
-samba4.smb2.oplock # oplocks in the s4 SMB2 server are a mess
-samba4.raw.lock.*.async # bug 6960
-samba4.smb2.lock.*.multiple-unlock # bug 6959
-samba4.raw.sfileinfo.*.end-of-file # bug 6962
-samba4.raw.oplock.*.batch22 # bug 6963
-samba4.raw.oplock.*.brl4 # bug 7928
-samba4.raw.lock.*.zerobyteread # bug 6974
-samba4.smb2.lock.*.zerobyteread # bug 6974
-samba4.raw.streams.*.delete
-samba4.raw.streams.*.createdisp
-samba4.raw.streams.*.sumtab
-samba4.raw.acls.*.create_dir
-samba4.raw.acls.*.create_file
-samba4.smb2.create.*.acldir
-samba4.smb2.acls.*.generic
-samba4.smb2.acls.*.inheritflags
-samba4.smb2.acls.*.owner
-samba4.smb2.compound.*.related1
-samba4.smb2.compound.*.related2
-samba4.smb2.compound.*.invalid2
-samba4.ldap.acl.*.search.* # ACL search behaviour not enabled by default
-samba4.ldap.acl.*.ntSecurityDescriptor.* # ACL extended checks on search not enabled by default
-samba4.nbt.winsreplication.owned # fails sometimes, timing related
-samba4.ldap.dirsync.python.dc..__main__.ExtendedDirsyncTests.test_dirsync_deleted_items
-#samba4.ldap.dirsync.python.dc..__main__.ExtendedDirsyncTests.*
+^samba4.ntvfs.cifs.base.createx_access
+^samba4.ntvfs.cifs.base.createx_sharemodes_dir
+^samba4.ntvfs.cifs.base.maximum_allowed
+^samba4.base.createx_access # this test is broken for non-administrator users
+^samba4.smb2.oplock # oplocks in the s4 SMB2 server are a mess
+^samba4.raw.lock.*.async # bug 6960
+^samba4.smb2.lock.*.multiple-unlock # bug 6959
+^samba4.raw.sfileinfo.*.end-of-file # bug 6962
+^samba4.raw.oplock.*.batch22 # bug 6963
+^samba4.raw.oplock.*.brl4 # bug 7928
+^samba4.raw.lock.*.zerobyteread # bug 6974
+^samba4.smb2.lock.*.zerobyteread # bug 6974
+^samba4.raw.streams.*.delete
+^samba4.raw.streams.*.createdisp
+^samba4.raw.streams.*.sumtab
+^samba4.raw.acls.*.create_dir
+^samba4.raw.acls.*.create_file
+^samba4.smb2.create.*.acldir
+^samba4.smb2.acls.*.generic
+^samba4.smb2.acls.*.inheritflags
+^samba4.smb2.acls.*.owner
+^samba4.smb2.compound.*.related1
+^samba4.smb2.compound.*.related2
+^samba4.smb2.compound.*.invalid2
+^samba4.ldap.acl.*.search.* # ACL search behaviour not enabled by default
+^samba4.ldap.acl.*.ntSecurityDescriptor.* # ACL extended checks on search not enabled by default
+^samba4.nbt.winsreplication.owned # fails sometimes, timing related
+^samba4.ldap.dirsync.python.dc..__main__.ExtendedDirsyncTests.test_dirsync_deleted_items
+#^samba4.ldap.dirsync.python.dc..__main__.ExtendedDirsyncTests.*
diff --git a/source4/setup/named.txt b/source4/setup/named.txt
index c1e6b3a..97de69d 100644
--- a/source4/setup/named.txt
+++ b/source4/setup/named.txt
@@ -5,7 +5,7 @@
# - Insert the following lines into the options {} section of your named.conf
# file:
-tkey-gssapi-credential "DNS/${DNSDOMAIN}";
+tkey-gssapi-credential "DNS/${DNSNAME}";
tkey-domain "${REALM}";
# - Modify BIND init scripts to pass the location of the generated keytab file.
--
Samba Shared Repository
More information about the samba-cvs
mailing list