My TODO before RC1

Stefan (metze) Metzmacher metze at
Mon Sep 10 11:04:26 MDT 2012

Am 10.09.2012 19:02, schrieb Stefan (metze) Metzmacher:
> Am 10.09.2012 14:59, schrieb Andrew Bartlett:
>> Metze,
>> You asked for my TODO list before (and after, at this rate) RC1 to see
>> if others might be able to help.
>> It is (in rough order):
>>  - Call for last changes to our WHATSNEW
>>  - Find out if what (else!) folks need to be in RC1 beyond what is
>> already discussed.
>>  - Sort out ACLs after classicupgrade.  Essentially I think the issue is
>> that the idmap isn't reflexive.  I'm trying to implement the posix ACL
>> hash stuff we discussed a couple of months ago. 
>>  - have 'waf dist' run source3/ and incorporate the outputs. 
>>    - this would be easier if that script would run with builddir !=
>> srcdir so we could just point it at a blank directory and collect the
>> outputs (but certainly don't have the energy for that). 
>>  - Merge the outstanding patches from Christof Schmitt
>> <christof.schmitt at>.  
>>   - The PAC patch looks good.  However, as has been ovbious over the
>> past week, I'm a stickler for testing, and I'm still waiting for the
>> tests for the PAC patch.  I prepared the framework in winbind.pac but I
>> was leaving this to Chrisof to finish.  
>>   - The rfc2307 idmap patch seems like a reasonable idea, except for the
>> user/group suffixes (I still dislike them as a concept, even if they are
>> required).  However, I again would like some tests - particularly
>> because we already have folks complaining that idmap_ad doesn't work,
>> and re-using the tests in that configuration could prove that either way
>> (idmap_ad is also modified by the patch). 
>>  - Do the DNS tests that I promised Kai earlier this evening
>>  - Have the WAF and autoconf config.h be identical (enough).  The great
>> work by Björn Jacke <bjacke at> to merge and finish my quota
>> patches means we are close, with only some waf quota checks to go. 
>>  - Run a wintest before doing RC1. 
>>  - Look into the patch for ntlm_auth TLS channel binding.  (There is no
>> practical way i can do this for RC1, but it's almost a year since the
>> patch was posted)
>>  - Look into the whole 'map untrusted to domain' saga properly.  Make
>> winbind return a special NTSTATUS return if the 'authoriative' flag is
>> not set, rather than basing things on the known list of domains.
>>  - many other things I can't think of at this time of night.
>> I plan RC1 on Wednesday, and I don't have a clone army, so clearly I
>> won't get most of this done.  Any assistance would be most welcome.
> I've patches which move provision to 'samba-tool domain provision'
> and move upgradeprovision to samba_upgradeprovision.
> But somehow they fail in the openldap related provision tests...
> Any idea?


[1540/1549 in 1h25m31s] samba4.blackbox.provision-backend
REASON: _StringException: _StringException: Administrator password will
be set randomly!
You are not root or your system do not support xattr, using tdb backend
for attributes.
not using extended attributes to store ACLs and other metadata. If you
intend to use this provision in production, rerun the script as root on
a system supporting xattrs.
Looking up IPv4 addresses
No IPv4 address will be assigned
Looking up IPv6 addresses
No IPv6 address will be assigned

FAILED (1 failures, 0 errors and 0 unexpected successes in 0 testsuites)

A summary with detailed information can be found in:


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the samba-technical mailing list