samba-technical Digest, Vol 89, Issue 17
mariA Montilla
srmaria_123 at hotmail.com
Fri May 14 18:57:28 MDT 2010
From: samba-technical-request at lists.samba.org
Subject: samba-technical Digest, Vol 89, Issue 17
To: samba-technical at lists.samba.org
Date: Fri, 14 May 2010 12:00:03 -0600
Send samba-technical mailing list submissions to
samba-technical at lists.samba.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.samba.org/mailman/listinfo/samba-technical
or, via email, send a message with subject or body 'help' to
samba-technical-request at lists.samba.org
You can reach the person managing the list at
samba-technical-owner at lists.samba.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of samba-technical digest..."
--Archivo adjunto de mensaje reenviado--
From: bernd.markgraf at med.ovgu.de
To: samba-technical at lists.samba.org
Date: Fri, 14 May 2010 15:21:28 +0200
Subject: Re: Replication woes
a little follow up on the joined linux host.
kauai is the master, kaula the secondary (linux) box.
With net drs showrepl I only see inbound neighbors on both sides:
./bin/net drs showrepl kauai -U administrator
Password for [DZNE\administrator]:
Default-First-Site-Name\KAUAI
DSA Options: 0x00000001
Site Options: (none)
DSA object GUID: 2fc0b69a-66a6-4f20-8eec-4286c1c34357
DSA invocationID: 78ef9955-a8a1-4fe9-9f50-376e011d382e
==== INBOUND NEIGHBORS ====
DC=dzne,DC=uni-magdeburg,DC=de
Default-First-Site-Name\KAULA via RPC
DSA object GUID: 47b2eff5-7412-41b9-afeb-4ca2b47b6a8e
Last attempt @ Fri May 14 15:14:18 2010 CEST was
successful.
0 consecutive failure(s).
Last success @ Fri May 14 15:14:18 2010 CEST
CN=Schema,CN=Configuration,DC=dzne,DC=uni-magdeburg,DC=de
Default-First-Site-Name\KAULA via RPC
DSA object GUID: 47b2eff5-7412-41b9-afeb-4ca2b47b6a8e
Last attempt @ Fri May 14 15:14:18 2010 CEST was
successful.
0 consecutive failure(s).
Last success @ Fri May 14 15:14:18 2010 CEST
CN=Configuration,DC=dzne,DC=uni-magdeburg,DC=de
Default-First-Site-Name\KAULA via RPC
DSA object GUID: 47b2eff5-7412-41b9-afeb-4ca2b47b6a8e
Last attempt @ Fri May 14 15:14:19 2010 CEST was
successful.
0 consecutive failure(s).
Last success @ Fri May 14 15:14:19 2010 CEST
==== OUTBOUND NEIGHBORS ====
DsReplicaGetInfo failed - WERR_DS_DRA_INTERNAL_ERROR.
return code = -1
DsReplicaGetInfo() failed for
DRSUAPI_DS_REPLICA_INFO_KCC_DSA_CONNECT_FAILURES
./bin/net drs showrepl kaula -U administrator
Password for [DZNE\administrator]:
Default-First-Site-Name\KAULA
DSA Options: (none)
Site Options: (none)
DSA object GUID: 47b2eff5-7412-41b9-afeb-4ca2b47b6a8e
DSA invocationID: 2d6a3360-169c-44f2-a782-6aa6ebe1bfe4
==== INBOUND NEIGHBORS ====
CN=Configuration,DC=dzne,DC=uni-magdeburg,DC=de
Default-First-Site-Name\KAUAI via RPC
DSA object GUID: 2fc0b69a-66a6-4f20-8eec-4286c1c34357
Last attempt @ Fri May 14 15:16:47 2010 CEST was
successful.
0 consecutive failure(s).
Last success @ Fri May 14 15:16:47 2010 CEST
DC=dzne,DC=uni-magdeburg,DC=de
Default-First-Site-Name\KAUAI via RPC
DSA object GUID: 2fc0b69a-66a6-4f20-8eec-4286c1c34357
Last attempt @ Fri May 14 15:16:50 2010 CEST was
successful.
0 consecutive failure(s).
Last success @ Fri May 14 15:16:50 2010 CEST
CN=Schema,CN=Configuration,DC=dzne,DC=uni-magdeburg,DC=de
Default-First-Site-Name\KAUAI via RPC
DSA object GUID: 2fc0b69a-66a6-4f20-8eec-4286c1c34357
Last attempt @ Fri May 14 15:16:47 2010 CEST was
successful.
0 consecutive failure(s).
Last success @ Fri May 14 15:16:47 2010 CEST
==== OUTBOUND NEIGHBORS ====
DsReplicaGetInfo failed - WERR_DS_DRA_INTERNAL_ERROR.
return code = -1
DsReplicaGetInfo() failed for
DRSUAPI_DS_REPLICA_INFO_KCC_DSA_CONNECT_FAILURES
How do I get the outbound part corrected?
Bernd
--Archivo adjunto de mensaje reenviado--
From: esiotrot at gmail.com
CC: samba-technical at lists.samba.org
To: bernd.markgraf at med.ovgu.de
Date: Fri, 14 May 2010 16:48:50 +0200
Subject: Re: Replication woes
On 14 May 2010 15:10, Bernd Markgraf <bernd.markgraf at med.ovgu.de> wrote:
[...]
> p.s. Why is the build output now mainly green?
They've switched to using "waf" as the build tool instead of autoconf/make.
See Waf page on the wiki for more details.
http://wiki.samba.org/index.php/Waf
--
Michael Wood <esiotrot at gmail.com>
--Archivo adjunto de mensaje reenviado--
From: abartlet at samba.org
To: samba-technical at samba.org
Date: Sat, 15 May 2010 00:25:45 +1000
Subject: [PATCH] More Samba3 changes for s3compat
I would like some feedback on these patches.
These include changes to PIDL (to avoid generating unwanted code that is
harder to work around in s3compat) as well as another split of the
winbindd.c code.
I've also proposed to remove winbindd_kill_all_clients. This seems
unsued, but is perhaps a debugging tool?
I apologise for the revert - I have now demonstrated multiple wbinfo -p
operations with s3compat. Previously, the source3/winbindd code would
stop working after one ping, due to event conflicts between it's code
and the stream_connection code.
http://gitweb.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/s3compat-for-review
I've got wbinfo -p and wbinfo -u now working on the s3compat winbindd,
so I'm happier that I won't be changing approach dramatically.
However, anything is possible, until I have everything built.
Please let me know if it's OK to merge any of these patches.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
--Archivo adjunto de mensaje reenviado--
From: mat+Informatique.Samba at matws.net
To: samba-technical at lists.samba.org
Date: Fri, 14 May 2010 19:17:15 +0400
Subject: Mixing DDNS from DHCP and Windows
Hello,
It's a tip for those who wants to mix both because they have either
linux client or printers.
So basicaly you need to have your dhcp.mydomain.org granted for update.
Most of howto on internet tells to add
allow-update { key "dhcp-key"; }; to the mydomain.org zone definition
and also to the reverse(s) zone(s).
But allow-update is incompatible with the grant notation used for the MS
DNS update.
The idea is to translate allow-update { key "dhcp-key"; }; to
grant dhcp.mydomain.org wildcard *.mydomain.org TXT A AAAA;
Steps:
0) test that ddns in interim mode is working (using the allow-update)
1) put the dhcp interim key in a file called /etc/bind/dhcp.key and the
key name MUST be the same as the one you give in the grant (I suggest
dhcp.mydomain.org)
ie.
key "dhcp.mydomain.org" {
algorithm hmac-md5;
secret "superPouperPassword";
};
2) at the top of /etc/bind/named.conf add: include "/etc/bind/dhcp.key";
3) mydomain.org should have line like this: include
"/usr/local/samba/private/named.conf.update";
4) in the reverse(s) zone(s) add a line like this: grant
dhcp.mydomain.org wildcard *.90.16.172.in-addr.arpa. PTR;
5) create the file /usr/local/samba/private/named.conf.update.static
with the following line:
grant dhcp.mydomain.org wildcard *.mydomain.org TXT A AAAA;
6) wait for samba to regenerate the file
/usr/local/samba/private/named.conf.update
7) check that the new /usr/local/samba/private/named.conf.update
contains the grant for dhcp.
8) edit your /etc/dhcp/dhcpd.conf
And add this:
class "foo" {
match if substring (option vendor-class-identifier, 0, 4) = "MSFT";
ddns-updates off;
allow client-updates;
}
This is to prevent MS workstation/server to use the DDNS from DHCP.
Matthieu.
--Archivo adjunto de mensaje reenviado--
From: sassyn at gmail.com
CC: samba-technical at lists.samba.org
To: mat+Informatique.Samba at matws.net
Date: Fri, 14 May 2010 18:51:45 +0300
Subject: Re: Mixing DDNS from DHCP and Windows
Yes, It is working.
I used the same method since samba4 alpha 8.
DDNS is cool, and we have dns kerberos update when adding adding new domain
controller.
What we are still miss is having the DNS database, saved in the AD.
tridge and me was starting at sambaXP to see how we going to implement it,
and I know simo was planing to do the same for freeipa.
I do have bind working with openldap already, but this is not Microsoft
compatible way.
See this link for bind with ldap: http://github.com/mnagy/bind-dyndb-ldap
and also this for an old implementation http://bind9-ldap.bayour.com/
Sassy
On Fri, May 14, 2010 at 6:17 PM, Matthieu Patou <
mat+Informatique.Samba at matws.net <mat%2BInformatique.Samba at matws.net>>wrote:
> Hello,
>
> It's a tip for those who wants to mix both because they have either linux
> client or printers.
>
> So basicaly you need to have your dhcp.mydomain.org granted for update.
> Most of howto on internet tells to add
> allow-update { key "dhcp-key"; }; to the mydomain.org zone definition and
> also to the reverse(s) zone(s).
>
> But allow-update is incompatible with the grant notation used for the MS
> DNS update.
> The idea is to translate allow-update { key "dhcp-key"; }; to
> grant dhcp.mydomain.org wildcard *.mydomain.org TXT A AAAA;
>
> Steps:
> 0) test that ddns in interim mode is working (using the allow-update)
> 1) put the dhcp interim key in a file called /etc/bind/dhcp.key and the key
> name MUST be the same as the one you give in the grant (I suggest
> dhcp.mydomain.org)
> ie.
> key "dhcp.mydomain.org" {
> algorithm hmac-md5;
> secret "superPouperPassword";
> };
> 2) at the top of /etc/bind/named.conf add: include "/etc/bind/dhcp.key";
> 3) mydomain.org should have line like this: include
> "/usr/local/samba/private/named.conf.update";
> 4) in the reverse(s) zone(s) add a line like this: grant
> dhcp.mydomain.org wildcard *.90.16.172.in-addr.arpa. PTR;
> 5) create the file /usr/local/samba/private/named.conf.update.static with
> the following line:
> grant dhcp.mydomain.org wildcard *.mydomain.org TXT A AAAA;
> 6) wait for samba to regenerate the file
> /usr/local/samba/private/named.conf.update
> 7) check that the new /usr/local/samba/private/named.conf.update contains
> the grant for dhcp.
> 8) edit your /etc/dhcp/dhcpd.conf
> And add this:
> class "foo" {
> match if substring (option vendor-class-identifier, 0, 4) = "MSFT";
> ddns-updates off;
> allow client-updates;
> }
> This is to prevent MS workstation/server to use the DDNS from DHCP.
>
>
>
> Matthieu.
>
>
>
>
>
>
--Archivo adjunto de mensaje reenviado--
From: jht at samba.org
To: samba-technical at lists.samba.org
Date: Fri, 14 May 2010 10:53:59 -0500
Subject: Re: Mixing DDNS from DHCP and Windows
On 05/14/2010 10:17 AM, Matthieu Patou wrote:
> Hello,
>
> It's a tip for those who wants to mix both because they have either
> linux client or printers.
>
> So basicaly you need to have your dhcp.mydomain.org granted for update.
> Most of howto on internet tells to add
> allow-update { key "dhcp-key"; }; to the mydomain.org zone definition
> and also to the reverse(s) zone(s).
>
> But allow-update is incompatible with the grant notation used for the MS
> DNS update.
> The idea is to translate allow-update { key "dhcp-key"; }; to
> grant dhcp.mydomain.org wildcard *.mydomain.org TXT A AAAA;
>
> Steps:
> 0) test that ddns in interim mode is working (using the allow-update)
> 1) put the dhcp interim key in a file called /etc/bind/dhcp.key and the
> key name MUST be the same as the one you give in the grant (I suggest
> dhcp.mydomain.org)
> ie.
> key "dhcp.mydomain.org" {
> algorithm hmac-md5;
> secret "superPouperPassword";
> };
> 2) at the top of /etc/bind/named.conf add: include "/etc/bind/dhcp.key";
> 3) mydomain.org should have line like this: include
> "/usr/local/samba/private/named.conf.update";
> 4) in the reverse(s) zone(s) add a line like this: grant
> dhcp.mydomain.org wildcard *.90.16.172.in-addr.arpa. PTR;
> 5) create the file /usr/local/samba/private/named.conf.update.static
> with the following line:
> grant dhcp.mydomain.org wildcard *.mydomain.org TXT A AAAA;
> 6) wait for samba to regenerate the file
> /usr/local/samba/private/named.conf.update
> 7) check that the new /usr/local/samba/private/named.conf.update
> contains the grant for dhcp.
> 8) edit your /etc/dhcp/dhcpd.conf
> And add this:
> class "foo" {
> match if substring (option vendor-class-identifier, 0, 4) = "MSFT";
> ddns-updates off;
> allow client-updates;
> }
> This is to prevent MS workstation/server to use the DDNS from DHCP.
>
>
>
> Matthieu.
Matthieu,
Perhaps you could add this to the wiki? Seems to me this may be usful
info to others wishing to deploy samba4 with DDNS.
Cheers,
John T.
--Archivo adjunto de mensaje reenviado--
From: jra at samba.org
CC: jra at samba.org; samba-technical at samba.org
To: sassyn at gmail.com
Date: Fri, 14 May 2010 09:56:41 -0700
Subject: Re: SMB2, Samba 3 latest git....
On Fri, May 14, 2010 at 12:03:42PM +0300, Sassy Natan wrote:
> Hi Jeremy
>
> Just want to let u know that I have tested the smb2 protocol with "max
> protocol = SMB2 " and I found it working very well.
Thanks. There are still some bugs I'm working on via the
test suite.
> I did a compare with [Windows 2008r2 server <-> Windows 7] vs [Samba 3
> Latest git <->Windows 7] and the result was almost the same.
I'd love to see the results if you can post them !
> I still however wanted to know if file system acls and kerberos are
> also supported when I'm using smb2.
ACLs yes, krb5 currently no (it's one of the things I
intend to fix probably next week whilst I'm up at Microsoft).
> Can u drop a comments on this please...
> I want to find bugs,since I know your life is driven by Bugzila :-)
Please find and log bugs - it's much appreciated. I'm
on target for SMB2 to be fully feature complete and passing
all tests (I know about :-) by end of May for the OEM's to
start productizing.
Jeremy.
_________________________________________________________________
Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy!
http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us
More information about the samba-technical
mailing list