samba-technical Digest, Vol 111, Issue 5

Kums@Arise kumss03 at gmail.com
Mon Mar 5 20:41:04 MST 2012


hi dude's i need to now about full samba config for redhat 5.3 server.plz
attch ...
2012/3/6 <samba-technical-request at lists.samba.org>

> Send samba-technical mailing list submissions to
>        samba-technical at lists.samba.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://lists.samba.org/mailman/listinfo/samba-technical
> or, via email, send a message with subject or body 'help' to
>        samba-technical-request at lists.samba.org
>
> You can reach the person managing the list at
>        samba-technical-owner at lists.samba.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of samba-technical digest..."
>
> Today's Topics:
>
>   1. Re: [Samba] V4 - New Install - Missing Zone File (JDFire)
>   2. Re: [Samba] V4 - New Install - Missing Zone File (Amitay Isaacs)
>   3. The meaning of a DENY ACE for BUILTIN\Administrators against
>      WRITE_DAC | READ_CONTROL (Richard Sharpe)
>   4. Re: The meaning of a DENY ACE for BUILTIN\Administrators
>      against   WRITE_DAC | READ_CONTROL (Richard Sharpe)
>   5. [PATCH] handle endpoint registration and rpc_<service>_init()
>      in        the correct process (Andrew Bartlett)
>   6. Re: The meaning of a DENY ACE for BUILTIN\Administrators
>      against   WRITE_DAC | READ_CONTROL (Jeremy Allison)
>   7. Re: The meaning of a DENY ACE for BUILTIN\Administrators
>      against   WRITE_DAC | READ_CONTROL (Richard Sharpe)
>   8. Improving the speed of make test (Andrew Bartlett)
>   9. Re: Improving the speed of make test (Volker Lendecke)
>  10. Re: Enhance VFS rename op to rename AppleDouble file (Frank Lahm)
>  11. Error with "samba-tool domain join"ERROR(runtime): uncaught
>      exception - (-1073741790, 'Access denied') (Manuel Alguacil Pay?n)
>  12. Re: [PATCH] smb2 FSCTL_SRV_COPYCHUNK support (David Disseldorp)
>  13. repost - how to debug samba4 not becoming DC (Greg Dickie)
>  14. Re: Improving the speed of make test (Jelmer Vernooij)
>  15. Re: Enhance VFS rename op to rename AppleDouble file
>      (Jeremy Allison)
>
>
> ---------- Forwarded message ----------
> From: JDFire <jdfire at cox.net>
> To: Amitay Isaacs <amitay at gmail.com>
> Cc: "samba-technical at lists.samba.org" <samba-technical at lists.samba.org>
> Date: Sun, 4 Mar 2012 17:15:10 -0700
> Subject: Re: [Samba] V4 - New Install - Missing Zone File
> Amitay,
>
> On Mar 3, 2012, at 8:03 AM, Amitay Isaacs <amitay at gmail.com> wrote:
>
> > related to having wrong keytab for dns. Can you try a fresh provision
> > with the latest git tree and check if it works?
> >
> >
>
> Is there any way you could provide the steps for this? I want to make sure
> I follow directions to make sure I do it right.
>
> Regards,
> Jeremy
>
>
> ---------- Forwarded message ----------
> From: Amitay Isaacs <amitay at gmail.com>
> To: JDFire <jdfire at cox.net>
> Cc: "samba-technical at lists.samba.org" <samba-technical at lists.samba.org>
> Date: Mon, 5 Mar 2012 11:25:07 +1100
> Subject: Re: [Samba] V4 - New Install - Missing Zone File
> On Mon, Mar 5, 2012 at 11:15 AM, JDFire <jdfire at cox.net> wrote:
> > Amitay,
> >
> > On Mar 3, 2012, at 8:03 AM, Amitay Isaacs <amitay at gmail.com> wrote:
> >
> >> related to having wrong keytab for dns. Can you try a fresh provision
> >> with the latest git tree and check if it works?
> >>
> >>
> >
> > Is there any way you could provide the steps for this? I want to make
> sure I follow directions to make sure I do it right.
> >
> > Regards,
> > Jeremy
>
> Hi Jeremy,
>
> These are the same steps from Samba4 HOWTO.
>
> Assuming you have pulled the latest git and did make install with
> prefix /usr/local/samba,
>
> 1. Do a new provision
>
> # /usr/local/samba/sbin/provision \
>                  --realm=<realm> \
>                  --domain=<domain> \
>                  --adminpass=<password> \
>                  --server-role="domain controller"
>
> 2. Add following line to the "options" statement of named.conf
>
>     tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
>
> 3. Add following line to named.conf
>
>     include "/usr/local/samba/private/named.conf";
>
> 4. (Re)Start named and make sure /etc/resolv.conf uses local nameserver.
>
> 5. Start samba
>
> You can test if secure dynamic updates are working or not, by executing
>
> # /usr/local/samba/sbin/samba_dnsupdate --verbose
>
> If that works, then your DNS is set up correctly.
>
> Amitay.
>
>
>
> ---------- Forwarded message ----------
> From: Richard Sharpe <realrichardsharpe at gmail.com>
> To: samba-technical <samba-technical at lists.samba.org>
> Cc:
> Date: Sun, 4 Mar 2012 16:30:50 -0800
> Subject: The meaning of a DENY ACE for BUILTIN\Administrators against
> WRITE_DAC | READ_CONTROL
> Hi,
>
> What would it mean if there was a deny ACE in an ACL on a file that
> denies BUILTIN\Administrators WRITE_DAC | READ_CONTROL?
>
> That is, what does Windows do?
>
> The next question is: Is the code that handles DENY entries in
> se_access_check in the Samba master branch correct? It does:
>
>        bits_remaining |= explicitly_denied_bits;
>
> done:
>        if (bits_remaining != 0) {
>                *access_granted = bits_remaining;
>                return NT_STATUS_ACCESS_DENIED;
>        }
>
> This code would seem to override privileges, and I am not sure that
> that is the intent, especially given that Microsoft introduced Owner
> Rights in Server 2008.
>
> --
> Regards,
> Richard Sharpe
> (何以解憂?唯有杜康。--曹操)
>
>
>
> ---------- Forwarded message ----------
> From: Richard Sharpe <realrichardsharpe at gmail.com>
> To: samba-technical <samba-technical at lists.samba.org>
> Cc:
> Date: Sun, 4 Mar 2012 16:38:38 -0800
> Subject: Re: The meaning of a DENY ACE for BUILTIN\Administrators against
> WRITE_DAC | READ_CONTROL
> 2012/3/4 Richard Sharpe <realrichardsharpe at gmail.com>:
> > Hi,
> >
> > What would it mean if there was a deny ACE in an ACL on a file that
> > denies BUILTIN\Administrators WRITE_DAC | READ_CONTROL?
>
> Hmmm, what I really meant was DENY WRITE OWNER ...
>
> > That is, what does Windows do?
> >
> > The next question is: Is the code that handles DENY entries in
> > se_access_check in the Samba master branch correct? It does:
> >
> >        bits_remaining |= explicitly_denied_bits;
> >
> > done:
> >        if (bits_remaining != 0) {
> >                *access_granted = bits_remaining;
> >                return NT_STATUS_ACCESS_DENIED;
> >        }
> >
> > This code would seem to override privileges, and I am not sure that
> > that is the intent, especially given that Microsoft introduced Owner
> > Rights in Server 2008.
> >
> > --
> > Regards,
> > Richard Sharpe
> > (何以解憂?唯有杜康。--曹操)
>
>
>
> --
> Regards,
> Richard Sharpe
> (何以解憂?唯有杜康。--曹操)
>
>
>
> ---------- Forwarded message ----------
> From: Andrew Bartlett <abartlet at samba.org>
> To: Andreas Schneider <asn at cryptomilk.org>
> Cc: samba-technical at samba.org
> Date: Mon, 05 Mar 2012 12:58:30 +1100
> Subject: [PATCH] handle endpoint registration and rpc_<service>_init() in
> the correct process
> Andreas,
>
> The attached patches are the relevant parts of my s3fs-wip tree, which
> shows by passing make test that we do not need to register or initialise
> 'external' rpc services in dcesrv_ep_setup().
>
> Those services which are in the spoolssd and lsasd children are already
> initialised and registered to the endpoint mapper there, and when these
> services are handled externally to smbd (ie, in Samba4 for
> plugin_s4_dc), no initialisation of the s3 service implementation is
> desired or required.
>
> Similarly, it makes no sense to initialise the endpoint mapper except in
> the endpoint mapper's own forked child process, so I have removed this
> code (presumably left over from early development).
>
> Please let me know what you think,
>
> Andrew Bartlett
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
>
>
> ---------- Forwarded message ----------
> From: Jeremy Allison <jra at samba.org>
> To: Richard Sharpe <realrichardsharpe at gmail.com>
> Cc: samba-technical <samba-technical at lists.samba.org>
> Date: Sun, 4 Mar 2012 18:25:14 -0800
> Subject: Re: The meaning of a DENY ACE for BUILTIN\Administrators against
> WRITE_DAC | READ_CONTROL
> On Sun, Mar 04, 2012 at 04:38:38PM -0800, Richard Sharpe wrote:
> > 2012/3/4 Richard Sharpe <realrichardsharpe at gmail.com>:
> > > Hi,
> > >
> > > What would it mean if there was a deny ACE in an ACL on a file that
> > > denies BUILTIN\Administrators WRITE_DAC | READ_CONTROL?
> >
> > Hmmm, what I really meant was DENY WRITE OWNER ...
> >
> > > That is, what does Windows do?
> > >
> > > The next question is: Is the code that handles DENY entries in
> > > se_access_check in the Samba master branch correct? It does:
> > >
> > >        bits_remaining |= explicitly_denied_bits;
> > >
> > > done:
> > >        if (bits_remaining != 0) {
> > >                *access_granted = bits_remaining;
> > >                return NT_STATUS_ACCESS_DENIED;
> > >        }
> > >
> > > This code would seem to override privileges, and I am not sure that
> > > that is the intent, especially given that Microsoft introduced Owner
> > > Rights in Server 2008.
>
> Let's test it against Windows before we change any Samba code...
>
> Jeremy.
>
>
>
> ---------- Forwarded message ----------
> From: Richard Sharpe <realrichardsharpe at gmail.com>
> To: Jeremy Allison <jra at samba.org>
> Cc: samba-technical <samba-technical at lists.samba.org>
> Date: Sun, 4 Mar 2012 18:27:46 -0800
> Subject: Re: The meaning of a DENY ACE for BUILTIN\Administrators against
> WRITE_DAC | READ_CONTROL
> On Sun, Mar 4, 2012 at 6:25 PM, Jeremy Allison <jra at samba.org> wrote:
> > On Sun, Mar 04, 2012 at 04:38:38PM -0800, Richard Sharpe wrote:
> >> 2012/3/4 Richard Sharpe <realrichardsharpe at gmail.com>:
> >> > Hi,
> >> >
> >> > What would it mean if there was a deny ACE in an ACL on a file that
> >> > denies BUILTIN\Administrators WRITE_DAC | READ_CONTROL?
> >>
> >> Hmmm, what I really meant was DENY WRITE OWNER ...
> >>
> >> > That is, what does Windows do?
> >> >
> >> > The next question is: Is the code that handles DENY entries in
> >> > se_access_check in the Samba master branch correct? It does:
> >> >
> >> >        bits_remaining |= explicitly_denied_bits;
> >> >
> >> > done:
> >> >        if (bits_remaining != 0) {
> >> >                *access_granted = bits_remaining;
> >> >                return NT_STATUS_ACCESS_DENIED;
> >> >        }
> >> >
> >> > This code would seem to override privileges, and I am not sure that
> >> > that is the intent, especially given that Microsoft introduced Owner
> >> > Rights in Server 2008.
> >
> > Let's test it against Windows before we change any Samba code...
>
> I agree with that, that is for sure. I am just raising the issue at
> this stage. Will test some time this week.
>
> --
> Regards,
> Richard Sharpe
> (何以解憂?唯有杜康。--曹操)
>
>
>
> ---------- Forwarded message ----------
> From: Andrew Bartlett <abartlet at samba.org>
> To: samba-technical at samba.org
> Cc: jelmer at samba.org
> Date: Mon, 05 Mar 2012 18:36:57 +1100
> Subject: Improving the speed of make test
> Jelmer and others interested in selftest:
>
> A while back, I started doing some profiling to determine where the time
> is spent in 'make test', using 'perf'.
>
> I was surprised to find that 15% of our time is spent in routines
> associated with SHA1, due to adding users and kinit.  Both of these run
> a *lot* of SHA1, because salting the password for the AES-based kerberos
> keys uses multiple thousands of rounds of SHA1, to make brute forcing
> the password hash harder.
>
> The fix is simple:
>  - change acl.py and similar tests not to create a user for each unit
> test, but re-use one for the whole testsuite
>  - kinit once at the start of make test, for all connections that should
> be made as administrator.  Use that credential cache for all connections
> instead of $USERNAME and $PASSWORD
>  - create another user if we ever need to modify the groups of the
> administrator (the cached PAC won't update).
>
> I've not got around to doing this yet, but as the python selftest
> rewrite is under way, I wanted to ensure this was catered for in the
> design.
>
> Andrew Bartlett
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
>
>
>
>
> ---------- Forwarded message ----------
> From: Volker Lendecke <Volker.Lendecke at SerNet.DE>
> To: Andrew Bartlett <abartlet at samba.org>
> Cc: samba-technical at samba.org
> Date: Mon, 5 Mar 2012 09:23:54 +0100
> Subject: Re: Improving the speed of make test
> On Mon, Mar 05, 2012 at 06:36:57PM +1100, Andrew Bartlett wrote:
> > Jelmer and others interested in selftest:
> >
> > A while back, I started doing some profiling to determine where the time
> > is spent in 'make test', using 'perf'.
> >
> > I was surprised to find that 15% of our time is spent in routines
>
> Is that total time or CPU time? Quite some of the tests in
> the file server area look at or depend on timeout behaviour.
> The tests for share modes for example come to mind. With
> some care (independent file names), they could probably very
> well run in parallel and gain quite a bit of total time.
>
> With best regards,
>
> Volker
>
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de, mailto:kontakt at sernet.de
>
>
>
> ---------- Forwarded message ----------
> From: Frank Lahm <franklahm at googlemail.com>
> To: Jeremy Allison <jra at samba.org>
> Cc: samba-technical at lists.samba.org
> Date: Mon, 5 Mar 2012 11:43:28 +0100
> Subject: Re: Enhance VFS rename op to rename AppleDouble file
> Am 1. November 2011 19:47 schrieb Frank Lahm <franklahm at googlemail.com>:
> > 2011/10/17 Jeremy Allison <jra at samba.org>:
> >> On Mon, Oct 17, 2011 at 12:39:31PM +0200, Frank Lahm wrote:
> >>> Hi,
> >>>
> >>> 2011/10/8 Frank Lahm <franklahm at googlemail.com>:
> >>> > 2011/9/22 Frank Lahm <franklahm at googlemail.com>:
> >>> >> 2011/9/21 Volker Lendecke <Volker.Lendecke at sernet.de>:
> >>> >>> On Wed, Sep 21, 2011 at 09:48:54AM +0200, Frank Lahm wrote:
> >>> >>>> 2011/8/24 Frank Lahm <franklahm at googlemail.com>:
> >>> >>>> > wanted to bring this to your attention:
> >>> >>>> > <https://bugzilla.samba.org/show_bug.cgi?id=8398>
> >>> >>>>
> >>> >>>> any additional comments here ? Anything preventing a commit ?
> Thanks!
> >>> >>>
> >>> >>> Well, the become_root() as far as I can see is still in.
> >>> >>
> >>> >> Ok, as I'm not receiving direct response to my reasoning in the bug
> >>> >> report, I've modified the patch to call rename without becoming
> root.
> >>> >>
> >>> >>> This might be a reason not to put this patch in.
> >>> >>
> >>> >> Thanks for taking time.
> >>> >
> >>> > *ping*
> >>> >
> >>> > Thanks!
> >>>
> >>> please review and possibly commit. I can't really continue my work on
> >>> the Netatalk VFS module without this being committed first.
> >>
> >> Still working on this.. Should get committed this week.
> >
> > *ping*
>
> *ping*
>
> Thanks!
> -f
>
>
>
> ---------- Forwarded message ----------
> From: "Manuel Alguacil Payán" <malguacil at gmail.com>
> To: samba-technical at lists.samba.org
> Cc:
> Date: Mon, 5 Mar 2012 13:35:35 +0100
> Subject: Error with "samba-tool domain join"ERROR(runtime): uncaught
> exception - (-1073741790, 'Access denied')
> When I execute the following command:
>
> root# ./samba-tool domain join my.domain DC -Uadministrator
> --realm=my.realm
>
>
> I get the following error:
>
> DC -Uadministrator --realm=my.realm
> Finding a writeable DC for domain 'my.domain'
> Found DC myDC.my.domain
> Password for [my.domain\administrator]:
> Password for [my.domain\administrator]:
> workgroup is MYWRKGRP
> realm is my.realm
> checking sAMAccountName
> Adding CN=MYMACHINE,OU=Domain Controllers,DC=my.domain
> Adding
> CN=MYMACHINE,CN=Servers,CN=xxx,CN=Sites,CN=Configuration,DC=my.domain
> Adding CN=NTDS
>
> Settings,CN=MYMACHINE,CN=Servers,CN=xxx,CN=Sites,CN=Configuration,DC=my.domain*Join
> failed* - cleaning up
> checking sAMAccountName
> Deleted CN=MYMACHINE,OU=Domain Controllers,DC=my.domain
> Deleted
> CN=MYMACHINE,CN=Servers,CN=xxx,CN=Sites,CN=Configuration,DC=my.domain
> ERROR(runtime): uncaught exception - (-1073741790, '*Access denied*')
>  File
>
> "*/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/*__init__.py",
> line 162, in _run
>    return self.run(*args, **kwargs)
>  File
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
> line 180, in run
>    machinepass=machinepass)
>  File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line
> 966, in join_DC
>    ctx.do_join()
>  File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line
> 871, in do_join
>    ctx.join_add_objects()
>  File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line
> 467, in join_add_objects
>    ctx.join_add_ntdsdsa()
>  File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line
> 416, in join_add_ntdsdsa
>    ctx.DsAddEntry([rec])
>  File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line
> 326, in DsAddEntry
>    ctx.drsuapi_connect()
>  File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line
> 305, in drsuapi_connect
>    (ctx.drsuapi_handle, ctx.bind_supported_extensions) =
> drs_utils.drs_DsBind(ctx.drsuapi)
>  File "/usr/local/samba/lib64/python2.6/site-packages/samba/drs_utils.py",
> line 144, in drs_DsBind
>    (info, handle) = drs.DsBind(misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID),
> bind_info)
>
>
> In earlier versions of SAMBA4alpha18 this worked fine, but since two weeks
> ago, I cannot join any SAMBA to the domain.
>
> I got SAMBA from the GIT repository.
>
> --
> *
> **"Debo confesar que nací a una edad muy temprana."*
> * Julius Henry Marx (1890-1977)*
>
>
>
> ---------- Forwarded message ----------
> From: David Disseldorp <ddiss at suse.de>
> To: samba-technical <samba-technical at lists.samba.org>
> Cc:
> Date: Mon, 5 Mar 2012 15:44:47 +0100
> Subject: Re: [PATCH] smb2 FSCTL_SRV_COPYCHUNK support
> Hi,
>
> On Wed, 15 Feb 2012 09:29:32 -0800
> Jeremy Allison <jra at samba.org> wrote:
>
> > On Wed, Feb 15, 2012 at 04:05:39PM +0100, Volker Lendecke wrote:
> ...
> > > The _send/_recv
> > > model makes it possible to keep the main engine
> > > single-threaded but opens up the possibility to do a
> > > threaded implementation in the VFS. See for example the
> > > vfs_aio_pthread module that Jeremy added lately. It still
> > > uses the posix AIO based VFS calls, but I think those should
> > > be converted to pread_send/recv and pwrite_send/recv, hiding
> > > the ugliness of the Posix API in some default module.
> >
> > +1 for that. If we had pread[write]_send() and pread[write]_recv()
> > this code could become a lot simpler (and possibly on by default)
> > in smbd.
>
> Thanks for the feedback so far. I've push a new round of changes which
> add copy chunk _send and _recv VFS hooks, allowing for simplified async
> implementations. The existing vfs_default and vfs_btrfs copy chunk
> back-ends remain synchronous.
>
> A few other changes have been made since the previous push:
> - rebased to master
> - changed chunk limits to match Windows Server 2k8
> - squashed a number of commits
>
> Any further feedback, particularly regarding the async architecture,
> would be much appreciated.
>
> Cheers, David
>
>
> http://git.samba.org/?p=ddiss/samba.git;a=shortlog;h=refs/heads/smb2_copychunk_async_rb5
>
> The following changes since commit
> 14d31376aab703dbb14d1cd786baeaf84361cd96:
>
>  s3-lsasd: Fix debug messages on registration failure (2012-03-05 09:50:17
> +0100)
>
> are available in the git repository at:
>  git://git.samba.org/ddiss/samba.git smb2_copychunk_async_rb5
>
> David Disseldorp (9):
>      s3-smb2: split ioctl handlers into separate functions
>      s3-smb2: split ioctl handler code on device type
>      s3-ioctl: fix smb2 named pipe ioctl handler
>      s3-server: add smb2 FSCTL_SRV_REQUEST_RESUME_KEY support
>      s3-vfs: add copy_chunk vfs hook
>      s3-server: add support for smb2 FSCTL_SRV_COPYCHUNK
>      s3-vfs: add vfs_btrfs module
>      s3-server: remove smb2 ioctl error response assumption
>      s4-torture: skip FSCTL_SRV_ENUM_SNAPS test when not supported
>
>  examples/VFS/skel_opaque.c           |   21 ++
>  examples/VFS/skel_transparent.c      |   22 ++
>  libcli/smb/smb_constants.h           |    2 +
>  selftest/skip                        |    1 -
>  source3/Makefile.in                  |   11 +
>  source3/configure.in                 |   13 +
>  source3/include/vfs.h                |   25 ++-
>  source3/include/vfs_macros.h         |   10 +
>  source3/modules/vfs_btrfs.c          |  142 +++++++++++
>  source3/modules/vfs_default.c        |   65 +++++
>  source3/modules/vfs_full_audit.c     |   34 +++
>  source3/modules/wscript_build        |    9 +
>  source3/selftest/tests.py            |    2 +-
>  source3/smbd/smb2_ioctl.c            |  425
> ++++++---------------------------
>  source3/smbd/smb2_ioctl_dfs.c        |  119 ++++++++++
>  source3/smbd/smb2_ioctl_filesys.c    |   49 ++++
>  source3/smbd/smb2_ioctl_named_pipe.c |  164 +++++++++++++
>  source3/smbd/smb2_ioctl_network_fs.c |  433
> ++++++++++++++++++++++++++++++++++
>  source3/smbd/smb2_ioctl_private.h    |   54 +++++
>  source3/smbd/vfs.c                   |   26 ++-
>  source3/wscript                      |   11 +
>  source3/wscript_build                |    5 +
>  source4/libcli/smb2/ioctl.c          |   29 ++-
>  source4/torture/smb2/ioctl.c         |   68 +++++-
>  24 files changed, 1383 insertions(+), 357 deletions(-)
>  create mode 100644 source3/modules/vfs_btrfs.c
>  create mode 100644 source3/smbd/smb2_ioctl_dfs.c
>  create mode 100644 source3/smbd/smb2_ioctl_filesys.c
>  create mode 100644 source3/smbd/smb2_ioctl_named_pipe.c
>  create mode 100644 source3/smbd/smb2_ioctl_network_fs.c
>  create mode 100644 source3/smbd/smb2_ioctl_private.h
>
>
>
>
> ---------- Forwarded message ----------
> From: Greg Dickie <greg at justaguy.ca>
> To: samba-technical <samba-technical at lists.samba.org>
> Cc:
> Date: Mon, 05 Mar 2012 09:02:14 -0500
> Subject: repost - how to debug samba4 not becoming DC
>
> Hi,
>
>  No response to my other posts. I'm just looking for a pointer of where
> I can look for the cause of my samba-tool domain join failing. Level 10
> debug seems to give ACCESS DENIED on rpc. Nothing interesting I can see
> in the event viewer on the DC.
>
> Any clues?
>
> Thanks,
> Greg
>
> --
> Greg Dickie
> just a guy
> 514-983-5400
>
>
>
>
> ---------- Forwarded message ----------
> From: Jelmer Vernooij <jelmer at samba.org>
> To: samba-technical at lists.samba.org
> Cc:
> Date: Mon, 05 Mar 2012 17:44:35 +0100
> Subject: Re: Improving the speed of make test
> On 03/05/2012 08:36 AM, Andrew Bartlett wrote:
>
>> Jelmer and others interested in selftest:
>>
>> A while back, I started doing some profiling to determine where the time
>> is spent in 'make test', using 'perf'.
>>
>> I was surprised to find that 15% of our time is spent in routines
>> associated with SHA1, due to adding users and kinit.  Both of these run
>> a *lot* of SHA1, because salting the password for the AES-based kerberos
>> keys uses multiple thousands of rounds of SHA1, to make brute forcing
>> the password hash harder.
>>
>> The fix is simple:
>>  - change acl.py and similar tests not to create a user for each unit
>> test, but re-use one for the whole testsuite
>>  - kinit once at the start of make test, for all connections that should
>> be made as administrator.  Use that credential cache for all connections
>> instead of $USERNAME and $PASSWORD
>>  - create another user if we ever need to modify the groups of the
>> administrator (the cached PAC won't update).
>>
>> I've not got around to doing this yet, but as the python selftest
>> rewrite is under way, I wanted to ensure this was catered for in the
>> design.
>>
> Thanks.
>
> I think one of the other issues with selftest is also that we're running
> too much high level (functional) tests rather than unit tests. We can't
> possibly run all tests with all possible permutations of Samba
> configuration options.
>
> For example, is it useful to run all RPC tests against our own servers
> with and without the bigendian option? I can see the bigendian option being
> really useful when running tests against Windows, but our client and server
> code is generated from the same IDL - we won't find errors in the IDL this
> way. If we're trying to catch pidl bugs, I think just running rpc-echo with
> and without 'bigendian' should be sufficient, and more low-level tests for
> pidl.
>
> Cheers,
>
> Jelmer
>
>
>
> ---------- Forwarded message ----------
> From: Jeremy Allison <jra at samba.org>
> To: Frank Lahm <franklahm at googlemail.com>
> Cc: samba-technical at lists.samba.org, Jeremy Allison <jra at samba.org>
> Date: Mon, 5 Mar 2012 10:25:04 -0800
> Subject: Re: Enhance VFS rename op to rename AppleDouble file
> On Mon, Mar 05, 2012 at 11:43:28AM +0100, Frank Lahm wrote:
> > Am 1. November 2011 19:47 schrieb Frank Lahm <franklahm at googlemail.com>:
> > > 2011/10/17 Jeremy Allison <jra at samba.org>:
> > >> On Mon, Oct 17, 2011 at 12:39:31PM +0200, Frank Lahm wrote:
> > >>> Hi,
> > >>>
> > >>> 2011/10/8 Frank Lahm <franklahm at googlemail.com>:
> > >>> > 2011/9/22 Frank Lahm <franklahm at googlemail.com>:
> > >>> >> 2011/9/21 Volker Lendecke <Volker.Lendecke at sernet.de>:
> > >>> >>> On Wed, Sep 21, 2011 at 09:48:54AM +0200, Frank Lahm wrote:
> > >>> >>>> 2011/8/24 Frank Lahm <franklahm at googlemail.com>:
> > >>> >>>> > wanted to bring this to your attention:
> > >>> >>>> > <https://bugzilla.samba.org/show_bug.cgi?id=8398>
> > >>> >>>>
> > >>> >>>> any additional comments here ? Anything preventing a commit ?
> Thanks!
> > >>> >>>
> > >>> >>> Well, the become_root() as far as I can see is still in.
> > >>> >>
> > >>> >> Ok, as I'm not receiving direct response to my reasoning in the
> bug
> > >>> >> report, I've modified the patch to call rename without becoming
> root.
> > >>> >>
> > >>> >>> This might be a reason not to put this patch in.
> > >>> >>
> > >>> >> Thanks for taking time.
> > >>> >
> > >>> > *ping*
> > >>> >
> > >>> > Thanks!
> > >>>
> > >>> please review and possibly commit. I can't really continue my work on
> > >>> the Netatalk VFS module without this being committed first.
> > >>
> > >> Still working on this.. Should get committed this week.
> > >
> > > *ping*
> >
> > *ping*
>
> Thanks - completely forgot about this, sorry :-(.
>
> Keep pinging me until you see it in the git trees...
>
>
> _______________________________________________
> samba-technical mailing list
> samba-technical at lists.samba.org
> https://lists.samba.org/mailman/listinfo/samba-technical
>
>


More information about the samba-technical mailing list