IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
It implies 'require strong key = yes' and 'client schannel = yes'.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This uses the code from the source4/ SMB server (the NTVFS smb server)
in common, to force SMB Signing to be on when we are an AD DC.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Nov 22 13:13:05 CET 2013 on sn-devel-104
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Nov 19 14:40:40 CET 2013 on sn-devel-104
Removed extra word "The" from parameter description.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
[ddiss@samba.org: removed white space damage]
Reviewed-by: David Disseldorp <ddiss@samba.org>
Signed-off-by: Björn Jacke <bj@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Nov 1 00:12:19 CET 2013 on sn-devel-104
Windows spoolss print clients only allow association of server-side
drivers with printers when the driver architecture matches the
advertised print server architecture. Samba's spoolss print server
architecture can be changed using this parameter.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Oct 16 17:12:34 CEST 2013 on sn-devel-104
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 15 01:51:39 CEST 2013 on sn-devel-104
In handling RemoteFindFirstPrinterChangeNotifyEx requests, the spoolss
server can establish a "backchannel" connection to the print client, as
a mechanism for sending print notifications. This behaviour is governed
by the "print notify backchannel" smb.conf parameter.
This change sets "print notify backchannel" to "no" by default, which
sees Samba respond to RemoteFindFirstPrinterChangeNotifyEx requests with
WERR_SERVER_UNAVAILABLE. In recieving such a response, print clients can
fall back to polling for print queue changes.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Oct 14 18:49:41 CEST 2013 on sn-devel-104
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 17 05:55:04 CEST 2013 on sn-devel-104
This is a follow-up patch for bug #10134 - Samba 4.0 is stricter in checking
acls for "open for execution".
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Sep 12 11:59:56 CEST 2013 on sn-devel-104
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Sep 11 01:21:00 CEST 2013 on sn-devel-104
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10041
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul 24 12:42:29 CEST 2013 on sn-devel-104
We now only lowercase the password, we do not attempt to find another case
combination that the password might be in.
This option is already depricated, so it is now time to remove it.
Andrew Bartlett
Reviewed-by: Simo Sorce <idra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 17 10:34:18 CEST 2013 on sn-devel-104
Commit 6d128aac11 has increased the limit:
"s3:smb2_server increase defaults for read/write/trans sizes to 1MB"
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 10 23:14:50 CEST 2013 on sn-devel-104
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 7 01:24:54 CEST 2013 on sn-devel-104
set dir seems to have been a special SMB command used by Pathworks clients
the supporting code for it was already removed in 2007, so just remove all
remnants related to it (smb.conf parameter, documentation, ...)
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 12 01:03:37 CET 2013 on sn-devel-104
Add a warning to the "socket options" section of the
smb.conf man page that changing socket options can be
dangerous to performance. Hopefully this will cut down on
users reporting poor performance after changing socket
options.
Signed-off-by: Scott Lovenberg <scott.lovenberg@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Since we open with dbwrap, it auto-converts old tdbs (which it will
rename to secrets.tdb.bak once it's done).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date(master): Wed Feb 20 07:09:19 CET 2013 on sn-devel-104
For simplicity, we use this in the caller to choose between filenames.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Feb 14 18:43:57 CET 2013 on sn-devel-104
And fix the format.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
And fix the format.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ensure we don't apply the masks + force modes on security setting
changes, only on create.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
NT4 is long dead, and we should not change which ACL we return based
on what we think the client is. The reason we should not do this, is
that if we are using vfs_acl_xattr then the hash will break if we do.
Additionally, it would require that the python VFS interface set the
global remote_arch to fake up being a modern client.
This instead seems cleaner and removes untested code (the tests are
updated to then handle the results of the modern codepath).
The supporting 'acl compatability' parameter is also removed.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra@samba.org>
Signing cannot be disabled for SMB2 by design, so fix the documentation
instead.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 3 23:47:23 CEST 2012 on sn-devel-104
This reverts commit e809abf55f.
This parameter still exists, it is just only used as parametric option
in the code and not easy to spot when looking out for lp_xxx
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Thu Sep 27 06:18:38 CEST 2012 on sn-devel-104
This means that instead of failing due to the default commandline values not being quite correct
that we clearly fail at loadparm and testparm time when parsing the printing= line.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 3 10:30:37 CEST 2012 on sn-devel-104
This parameter is only used in our NBT client code and in nmbd as a
fallback when we fail to select a better interface from "interfaces"
to use directly.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 27 12:16:25 CEST 2012 on sn-devel-104
This essentially reverts the commit 611ef42053
Author: Yasuma Takeda <yasuma@osstech.co.jp>
Date: Fri Dec 5 13:37:51 2008 -0800
Fix bug #5944 - nmbd does not boot if socket adress = "" is defined in smb.conf
Intead, the documentation is fixed so that the correct default is
recorded. Removing the special case handling here allows this to be
dealt with in the same way as all other parameters.
Andrew Bartlett
Changes from Lars Müller and Olaf Flebbe:
a) The location in the filesystem defaults to STATEDIR/usershare
b) If undefined the default location is used; if set to zero (the
default) user defined shares are ignored.
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Tue Jun 26 19:55:00 CEST 2012 on sn-devel-104
Thanks to Frans Luteijn <f.a.g.luteijn at knoware.nl> for providing the fixes!
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Mon Jun 11 23:16:26 CEST 2012 on sn-devel-104
This falls out of the removal of security=share, because we now require that
a session setup has been performed before (essentially) all other operations.
Andrew Bartlett
This matches the lib/param code, as is a seperate parameter for the
client there.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed May 30 06:04:41 CEST 2012 on sn-devel-104
Add hint that setting "profile acls = yes" on normal shares can cause trouble.
Karolin
Autobuild-User: Karolin Seeger <kseeger@samba.org>
Autobuild-Date: Tue May 8 18:47:59 CEST 2012 on sn-devel-104
Part of a fix for bug #7938. Based on a patch provided by John Bradshaw
<john@johnbradshaw.org>.
Karolin
Autobuild-User: Karolin Seeger <kseeger@samba.org>
Autobuild-Date: Tue May 8 13:56:32 CEST 2012 on sn-devel-104
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.
The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok. This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server
At the same time, this closes the door on one of the most arcane areas
of Samba authentication.
Naturally, full user-name/password authentication remain available in
security=user and above.
This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.
Andrew Bartlett
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SHARE |
| security=share |
| |
| |
| 5 March |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
Change the defaults and the documentation to reflect the 64k limit.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Oct 13 12:22:23 CEST 2011 on sn-devel-104
Add "allow insecure widelinks" to re-enable the ability (requested
by some sites) to have "widelinks = yes" and "unix extensions = yes".
Based on an original patch by Linda Walsh <samba@tlinx.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Sep 14 03:55:45 CEST 2011 on sn-devel-104
The only users I can find of this on the internet involve confused
users, and our own documentation recommends never setting this. Don't
confuse our users any longer.
Andrew Bartlett
This strange parameter is apparently very rarely used, and it seems to
me that on modern networks, if clients don't have correct clocks and
DST offsets, that many other things (Kerberos) start to fail pretty
quickly, and time and DST tables tend to be internet delivered anyway.
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sat Jun 11 03:54:45 CEST 2011 on sn-devel-104
This means that it no longer takes % substituations, and so the documentation for this behaviour is removed from the smb.conf manpage. (This mode is only useful in security=server, which is already marked as deprecated in 3.6).
Andrew Bartlett
This follows up on the agreement on the samba-technical list in Jan
2011 to deprecate these options, and to possibly remove these in the
4.0 release after user feedback.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri May 13 19:51:41 CEST 2011 on sn-devel-104
This reverts commit ecf48af135.
This makes Samba unusable on systems without Linux and
a modern Filesystem.
This was discussed with Jeremy on IRC:
http://irclog.samba.org/2011/01/20110126-Wed.log
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Mar 28 09:00:09 CEST 2011 on sn-devel-104
Since commit 7022554, smbds share a printcap cache (printer_list.tdb),
therefore ordering of events between smbd processes is important when
updating printcap cache information. Consider the following two process
example:
1) smbd1 receives HUP or printcap cache time expiry
2) smbd1 checks whether pcap needs refresh, it does
3) smbd1 marks pcap as refreshed
4) smbd1 forks child1 to obtain cups printer info
5) smbd2 receives HUP or printcap cache time expiry
6) smbd2 checks whether pcap needs refresh, it does not (due to step 3)
7) smbd2 reloads printer shares prior to child1 completion (stale pcap)
8) child1 completion, pcap cache (printer_list.tdb) is updated by smbd1
9) smbd1 reloads printer shares based on new pcap information
In this case both smbd1 and smbd2 are reliant on the pcap update
performed on child1 completion.
The prior commit "reload shares after pcap cache fill" ensures that
smbd1 only reloads printer shares following pcap update, however smbd2
continues to present shares based on stale pcap data.
This commit addresses the above problem by driving pcap cache and
printer share updates from the parent smbd process.
1) smbd0 (parent) receives a HUP or printcap cache time expiry
2) smbd0 forks child0 to obtain cups printer info
3) child0 completion, pcap cache (printer_list.tdb) is updated by smbd0
4) smbd0 reloads printer shares
5) smbd0 notifies child smbds of pcap update via message_send_all()
6) child smbds read fresh pcap data and reload printer shares
This architecture has the additional advantage that only a single
process (the parent smbd) requests printer information from the printcap
backend.
Use time_mono in housekeeping functions As suggested by Björn Jacke.
vl recently pointed me to a valid reason to use posix locking = no.
Fix the smb.conf manpage to explain this reason, as this question
comes up on the samba mailing list from time to time as well.
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Wed Dec 1 10:37:30 CET 2010 on sn-devel-104
This boolean option controls whether at exit time the server dumps a list of
files with debug level 0 that were still open for write. This is an
administrative aid to find the files that were potentially corrupt if the
network connection died.
Change parameter "wide links" to default to "no".
Ensure "wide links = no" if "unix extensions = yes" on a share.
Fix man pages to refect this.
Remove "within share" checks for a UNIX symlink set - even if
widelinks = no. The server will not follow that link anyway.
Correct DEBUG message in check_reduced_name() to add missing "\n"
so it's really clear when a path is being denied as it's outside
the enclosing share path.
Jeremy.
Thanks to the Debian samba package maintainers
<pkg-samba-maint@lists.alioth.debian.org> for providing the patch!
Fix bug #7017 (Typos and spelling errors in manpages).
Karolin
in the "user.DOSATTRIB" EA. From the docs:
In Samba 3.5.0 and above the "user.DOSATTRIB" extended attribute has been extended to store
the create time for a file as well as the DOS attributes. This is done in a backwards compatible
way so files created by Samba 3.5.0 and above can still have the DOS attribute read from this
extended attribute by earlier versions of Samba, but they will not be able to read the create
time stored there. Storing the create time separately from the normal filesystem meta-data
allows Samba to faithfully reproduce NTFS semantics on top of a POSIX filesystem.
Passes make test but will need more testing.
Jeremy.
When something in the cluster blocks, it can happen that we wait indefinitely
long for ctdb, just adding to the blocking condition. In theory, nothing should
block, but as someone said "In practice the difference between theory and
practice is larger than in theory". This adds a timeout parameter in seconds,
after which we stop waiting for ctdb and panic.