My TODO before RC1

Andrew Bartlett abartlet at
Mon Sep 10 15:39:50 MDT 2012

On Mon, 2012-09-10 at 19:04 +0200, Stefan (metze) Metzmacher wrote:
> Am 10.09.2012 19:02, schrieb Stefan (metze) Metzmacher:
> > Am 10.09.2012 14:59, schrieb Andrew Bartlett:
> >> Metze,
> >>
> >> You asked for my TODO list before (and after, at this rate) RC1 to see
> >> if others might be able to help.
> >>
> >> It is (in rough order):
> >>  - Call for last changes to our WHATSNEW
> >>  - Find out if what (else!) folks need to be in RC1 beyond what is
> >> already discussed.
> >>  - Sort out ACLs after classicupgrade.  Essentially I think the issue is
> >> that the idmap isn't reflexive.  I'm trying to implement the posix ACL
> >> hash stuff we discussed a couple of months ago. 
> >>  - have 'waf dist' run source3/ and incorporate the outputs. 
> >>    - this would be easier if that script would run with builddir !=
> >> srcdir so we could just point it at a blank directory and collect the
> >> outputs (but certainly don't have the energy for that). 
> >>  - Merge the outstanding patches from Christof Schmitt
> >> <christof.schmitt at>.  
> >>   - The PAC patch looks good.  However, as has been ovbious over the
> >> past week, I'm a stickler for testing, and I'm still waiting for the
> >> tests for the PAC patch.  I prepared the framework in winbind.pac but I
> >> was leaving this to Chrisof to finish.  
> >>   - The rfc2307 idmap patch seems like a reasonable idea, except for the
> >> user/group suffixes (I still dislike them as a concept, even if they are
> >> required).  However, I again would like some tests - particularly
> >> because we already have folks complaining that idmap_ad doesn't work,
> >> and re-using the tests in that configuration could prove that either way
> >> (idmap_ad is also modified by the patch). 
> >>  - Do the DNS tests that I promised Kai earlier this evening
> >>  - Have the WAF and autoconf config.h be identical (enough).  The great
> >> work by Björn Jacke <bjacke at> to merge and finish my quota
> >> patches means we are close, with only some waf quota checks to go. 
> >>  - Run a wintest before doing RC1. 
> >>  - Look into the patch for ntlm_auth TLS channel binding.  (There is no
> >> practical way i can do this for RC1, but it's almost a year since the
> >> patch was posted)
> >>  - Look into the whole 'map untrusted to domain' saga properly.  Make
> >> winbind return a special NTSTATUS return if the 'authoriative' flag is
> >> not set, rather than basing things on the known list of domains.
> >>  - many other things I can't think of at this time of night.
> >>
> >> I plan RC1 on Wednesday, and I don't have a clone army, so clearly I
> >> won't get most of this done.  Any assistance would be most welcome.
> > 
> > I've patches which move provision to 'samba-tool domain provision'
> > and move upgradeprovision to samba_upgradeprovision.
> > 
> > But somehow they fail in the openldap related provision tests...
> > Any idea?
> > 
> >;a=shortlog;h=refs/heads/master4-tmp3
> gives
> [1540/1549 in 1h25m31s] samba4.blackbox.provision-backend
> UNEXPECTED(failure):
> samba4.blackbox.provision-backend.openldap-backend(none)
> REASON: _StringException: _StringException: Administrator password will
> be set randomly!
> You are not root or your system do not support xattr, using tdb backend
> for attributes.
> not using extended attributes to store ACLs and other metadata. If you
> intend to use this provision in production, rerun the script as root on
> a system supporting xattrs.
> Looking up IPv4 addresses
> No IPv4 address will be assigned
> Looking up IPv6 addresses
> No IPv6 address will be assigned

My guess is that it is progressing further or the --use-ntvfs option
isn't being honoured. 

If it's just the OpenLDAP backend failing, then just knownfail or skip
it, and I'll sort it out with you when we meet up in person.  It's not
worth spending time on now, and it's pretty clear that code isn't coming

(The most useful future purpose for the OpenLDAP backend code there
would actually be to automatically setup a Samba3 OpenLDAP backend for
testing against).

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list