Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • lts-team/packages/samba
  • thctlo/samba-lintianfix
  • arnaudr/samba
  • jrwren/samba
  • paride/samba
  • athos/samba
  • henrich/samba
  • cnotin/samba
  • mimi89999/samba
  • samba-team/samba
  • ahasenack/samba
  • jrtc27/samba
  • noel/samba
13 results
Show changes
Commits on Source (164)
Showing
with 12015 additions and 9 deletions
......@@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
SAMBA_VERSION_RC_RELEASE=1
SAMBA_VERSION_RC_RELEASE=2
########################################################
# To mark SVN snapshots this should be set to 'yes' #
......
Release Announcements
=====================
This is the first release candidate of Samba 4.21. This is *not*
This is the second release candidate of Samba 4.21. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
......@@ -180,8 +180,10 @@ Per-user and group "veto files" and "hide files"
"veto files" and "hide files" can optionally be restricted to certain users and
groups. To apply a veto or hide directive to a filename for a specific user or
group, prefix the filename with "../USERNAME/" or "../GROUPNAME/". For details
consult the updated smb.conf manpage.
group, a parametric option like this can be used:
hide files : USERNAME = /somefile.txt/
veto files : GROUPNAME = /otherfile.txt/
For details consult the updated smb.conf manpage.
Automatic keytab update after machine password change
-----------------------------------------------------
......@@ -191,9 +193,51 @@ updates or manually (e.g. net ads changetrustpw), now winbind will also support
update of keytab entries in case you use newly added option
'sync machine password to keytab'.
The new parameter allows you to describe what keytabs and how should be updated.
From smb.conf(5) manpage - each keytab can have exactly one of these four forms:
account_name
sync_spns
spn_prefixes=value1[,value2[...]]
spns=value1[,value2[...]]
The functionaity provided by the removed commands "net ads keytab
add/delete/add_update_ads" can be achieved via the 'sync machine password to
keytab' as in these examples:
"net ads keytab add wurst/brot@REALM"
- this command is not adding <principal> to AD, so the best fit can be specifier
"spns"
- add to smb.conf:
sync machine password to keytab = /path/to/keytab1:spns=wurst/brot@REALM:machine_password
- run:
"net ads keytab create"
"net ads keytab delete wurst/brot@REALM"
- remove the principal (or the whole keytab line if there was just one)
- run:
"net ads keytab create"
"net ads keytab add_update_ads wurst/brot@REALM"
- this command was adding the principal to AD, so for this case use a keytab
with specifier sync_spns
- add to smb.conf:
sync machine password to keytab = /path/to/keytab2:sync_spns:machine_password
- run:
"net ads setspn add wurst/brot@REALM" # this adds the principal to AD
"net ads keytab create" # this sync it from AD to local keytab
A new parameter 'sync machine password script' allows to specify external script
that will be triggered after the automatic keytab update. For detailed
information check the smb.conf manpage.
that will be triggered after the automatic keytab update. If keytabs should be
generated in clustered environments it is recommended to update them on all
nodes. Check in smb.conf(5) the scripts winbind_ctdb_updatekeytab.sh and
46.update-keytabs.script in section 'sync machine password script' for details.
For detailed information check the smb.conf(5) and net(8) manpages.
REMOVED FEATURES
================
......@@ -226,6 +270,40 @@ smb.conf changes
sync machine password script script
CHANGES SINCE 4.21.0rc1
=======================
o Andreas Schneider <asn@samba.org>
* BUG 15673: --version-* options are still not ergonomic, and they reject
tilde characters.
o Anoop C S <anoopcs@samba.org>
* BUG 15686: Add new vfs_ceph module (based on low level API)
o Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* BUG 15673: --version-* options are still not ergonomic, and they reject
tilde characters.
o Jo Sutton <josutton@catalyst.net.nz>
* BUG 15690: ldb_version.h is missing from ldb public library
o Pavel Filipenský <pfilipensky@samba.org>
* BUG 15689: Can not add/delete special keys to keytab for nfs, cifs, http etc
o Shachar Sharon <ssharon@redhat.com>
* BUG 15686: Add new vfs_ceph module (based on low level API)
o Stefan Metzmacher <metze@samba.org>
* BUG 15673: --version-* options are still not ergonomic, and they reject
tilde characters.
* BUG 15687: undefined reference to winbind_lookup_name_ex
* BUG 15688: per user veto and hide file syntax is to complex
* BUG 15689: Can not add/delete special keys to keytab for nfs, cifs, http etc
o Volker Lendecke <vl@samba.org>
* BUG 15688: per user veto and hide file syntax is to complex
KNOWN ISSUES
============
......
......@@ -286,7 +286,7 @@ def abi_build_vscript(task):
f.close()
def VSCRIPT_MAP_PRIVATE(bld, libname, orig_vscript, version, private_vscript):
version = re.sub(r'\W', '_', version).upper()
version = re.sub(r'[^.\w]', '_', version).upper()
t = bld.SAMBA_GENERATOR(private_vscript,
rule=abi_build_vscript,
source=orig_vscript,
......@@ -314,8 +314,8 @@ def ABI_VSCRIPT(bld, libname, abi_directory, version, vscript, abi_match=None, p
libname = os.path.basename(libname)
version = os.path.basename(version)
libname = re.sub(r'\W', '_', libname).upper()
version = re.sub(r'\W', '_', version).upper()
libname = re.sub(r'[^.\w]', '_', libname).upper()
version = re.sub(r'[^.\w]', '_', version).upper()
t = bld.SAMBA_GENERATOR(vscript,
rule=abi_build_vscript,
......
ctdb/
samba-libs/
tmp/
samba/
samba-common-bin/
samba-common/
samba-testsuite/
smbclient/
libparse-pidl-perl/
registry-tools/
samba-dev/
libpam-smbpass/
libsmbclient-dev/
libsmbclient/
python-samba/
samba-dsdb-modules/
samba-vfs-modules/
winbind/
libnss-winbind/
libpam-winbind/
libwbclient-dev/
libwbclient0/
*.substvars
samba-dbg/
samba-doc/
files
*.debhelper
*.debhelper.log
*~
debian-build-stamp
debhelper-build-stamp
NTP Integration
---------------
Add the following lines to your NTP configuration::
ntpsigndsocket /run/samba/ntp_signd
restrict default mssntp
Bind9 Integration
-----------------
Add the following line to your bind configuration (e.g.
/etc/bind/named.conf.local):
include "/var/lib/samba/private/named.conf";
To enable dynamic DNS updates, add the following lines to your bind
configuration:
options {
[...]
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
[...]
};
If you enable bind, disable the Samba 4 internal DNS server by adding:
server services = -dns
to smb.conf.
-- Jelmer Vernooij <jelmer@debian.org>, Wed, 11 Oct 2012 02:07:52 +0200
README.source.md
\ No newline at end of file
The packaging is kept in https://salsa.debian.org/samba-team/samba.
The version in unstable is on the `master` branch, with the corresponding
upstream version in the `upstream_4.21` branch (with `pristine-tar` information
in the `pristine-tar` branch).
It should be possible to build the package by just running `gbp buildpackage`.
Building
========
The first time:
sudo apt install git-buildpackage pristine-tar cowbuilder dh-python
DIST=sid ARCH=amd64 git-pbuilder create
git clone https://salsa.debian.org/samba-team/samba.git
Each time:
cd samba
git checkout master
gbp pull --track-missing
gbp buildpackage --git-pbuilder --git-dist=sid --git-arch=amd64
Alternatively, source-only:
cd samba
git checkout master
dpkg-buildpackage -S -d
# build the resulting ../samba_*.dsc with other means
Merging minor upstream releases
===============================
Importing a new upstream version can be done like this:
# set target version
upstream_version=4.21.0
# go to git repo
cd $GIT_DIR
# Import upstream
git remote add upstream https://git.samba.org/samba.git
git fetch upstream
# go to the Debian branch
git checkout master
# sync all required branches
gbp pull --track-missing
# Import latest version
gbp import-orig --uscan \
-u "${upstream_version}+dfsg" \
--upstream-vcs-tag "samba-${upstream_version}" \
--merge-mode merge
# all done :)
Please note that there are some files that are not dfsg-free and they need to
be filtered. The settings in the `gpb.conf` configuration file should take
care of that.
Merging major upstream releases
===============================
With a new major version, more work is needed.
After `gbp pull`:
major_version="$(echo $upstream_version | sed 's/.[^.]\+$//')"
# Edit gbp.conf's upstream-branch
editor debian/gbp.conf
# Edit debian/watch's major version
editor debian/watch
# Edit this file's major version
editor debian/README.source.md
# Commit
git commit -m"Update d/gbp.conf, d/watch and d/README.source for ${major_version}" debian/gbp.conf debian/watch debian/README.source.md
# Create the new upstream branch
git branch "upstream_${major_version}" samba-${upstream_version}
# Import latest version
gbp import-orig --uscan \
-u "${upstream_version}+dfsg" \
--upstream-vcs-tag "samba-${upstream_version}" \
--merge-mode=replace
Then several steps are needed:
- Check patches:
QUILT_PATCHES=debian/patches quilt push -a
# then update or drop patches as needed
- Bump talloc, tdb, and tevent Build-Depends in debian/control, from lib/*/wscript
grep ^VERSION lib/{talloc,tdb,tevent}/wscript
editor debian/control
- Check if other Build-Depends need to be bumped
git diff origin/master.."samba-${upstream_version}" \
buildtools/wafsamba/samba_third_party.py
This is an incomplete list of a number of issues that need to be fixed.
- make a list of basic tests that should be done to ensure that the package is
acceptable for unstable (and run these tests)
- investigate impact of changes to libraries to reverse dependencies and plan
transitions (if there are any).
- sssd: uses libndr which changes soname without transition (semi-private lib)
Especially painful for backports.
We're now emitting proper soname for libndrN at least (before it was just part
of samba-libs), so breakage will be at least visible before installing new
samba-libs
- Add script to verify that headers are usable through current dependencies
(to prevent bugs like #525888)
- Investigate which binaries should go to which packages:
- Some libs and shared objects are specific to samba-ad-dc
(eg usr/lib/x86_64-linux-gnu/samba/service/kdc, ntp_signd)
- dlz_*: should these go to samba-ad-dc too? multiarch dlz?
- samba_kcc: where should it go?
- samba-ad-client files: should samba-dnsupdate and samba-spnupdate
be there?
This diff is collapsed.
# remove artifacts left by the build system
.lock-wscript
compile_commands.json
# Waf pycache files
buildtools/wafsamba/__pycache__/
source3/build/__pycache__/
third_party/waf/waflib/__pycache__/
third_party/waf/waflib/extras/__pycache__/
third_party/waf/waflib/Tools/__pycache__/
This diff is collapsed.
This diff is collapsed.
samba (2:4.9.0+dfsg-1) experimental; urgency=medium
From WHATSNEW.txt:
CTDB changes
------------
There are many changes to CTDB in this release.
* Configuration has been completely overhauled
- Daemon and tool options are now specified in a new ctdb.conf
Samba-style configuration file. See ctdb.conf(5) for details.
- Event script configuration is no longer specified in the top-level
configuration file. It can now be specified per event script.
For example, configuration options for the 50.samba event script
can be placed alongside the event script in a file called
50.samba.options. Script options can also be specified in a new
script.options file. See ctdb-script.options(5) for details.
- Options that affect CTDB startup should be configured in the
distribution-specific configuration file. See ctdb.sysconfig(5)
for details.
- Tunable settings are now loaded from ctdb.tunables. Using
CTDB_SET_TunableVariable=<value> in the main configuration file is
no longer supported. See ctdb-tunables(7) for details.
A example script to migrate an old-style configuration to the new
style is available in ctdb/doc/examples/config_migrate.sh.
* The following configuration variables and corresponding ctdbd
command-line options have been removed and not replaced with
counterparts in the new configuration scheme:
CTDB_PIDFILE --pidfile
CTDB_SOCKET --socket
CTDB_NODES --nlist
CTDB_PUBLIC_ADDRESSES --public-addresses
CTDB_EVENT_SCRIPT_DIR --event-script-dir
CTDB_NOTIFY_SCRIPT --notification-script
CTDB_PUBLIC_INTERFACE --public-interface
CTDB_MAX_PERSISTENT_CHECK_ERRORS --max-persistent-check-errors
- The compile-time defaults should be used for the first 6 of these.
- Use a symbolic link from the configuration directory to specify a
different location for nodes or public_addresses (e.g. in the
cluster filesystem).
- Executable notification scripts in the notify.d/ subdirectory of
the configuration directory are now run by unconditionally.
- Interfaces for public IP addresses must always be specified in the
public_addresses file using the currently supported format.
-- Mathieu Parent <sathieu@debian.org> Sat, 22 Sep 2018 07:47:32 +0200
CTDB has the following limitations on GNU Hurd:
- The pid of a peer is not get from the socket [1]. As a consequence, the peer
process is not killed when releasing IP [2].
- network interfaces are always considered present [3]
- Some other functions are not yet supported [4]
[1]: ctdb_get_peer_pid() in common/system_gnu.c
[2]: release_kill_clients() in server/ctdb_takeover.c
[3]: ctdb_sys_check_iface_exists() in common/system_gnu.c
[4]: See FIXME in common/system_gnu.c (ctdb_sys_send_arp(),
ctdb_get_process_name(), ctdb_get_lock_info(), ctdb_get_blocker_pid())
CTDB has the following limitations on Debian/kFreeBSD:
- The pid of a peer is not get from the socket [1]. As a consequence, the peer
process is not killed when releasing IP [2].
- network interfaces are always considered present [3]
- Some other functions are not yet supported [4]
[1]: ctdb_get_peer_pid() in common/system_kfreebsd.c
[2]: release_kill_clients() in server/ctdb_takeover.c
[3]: ctdb_sys_check_iface_exists() in common/system_kfreebsd.c
[4]: See FIXME in common/system_kfreebsd.c (ctdb_sys_send_arp(),
ctdb_get_process_name(), ctdb_get_lock_info(), ctdb_get_blocker_pid())
var/log/ctdb
var/lib/ctdb
var/lib/ctdb/persistent
var/lib/ctdb/state
var/lib/ctdb/volatile
ctdb/README
ctdb/doc/*.txt
debian/tmp/ctdb/README.*
# CTDB: /etc/sysctl.d/98-nfs-static-ports.conf
fs.nfs.nfs_callback_tcpport = 32764
fs.nfs.nlm_tcpport = 32768
fs.nfs.nlm_udpport = 32768
#!/bin/bash -e
base="/usr/share/doc/ctdb/examples/nfs-kernel-server/"
logfile="/tmp/enable-ctdb-nfs.$$.log" ; touch $logfile ;
ghostname=""
# functions ---------
die() { echo error: $@; echo ; exit 1; };
getout() { echo exit: $@; echo ; exit 0; };
stopservice() { echo stopping $1... ; systemctl stop $1 2>&1 >> $logfile 2>&1; }
disableservice() { echo disabling $1... ; systemctl disable $1 2>&1 >> $logfile 2>&1; }
startservice() { echo starting $1... ; systemctl start $1 2>&1 >> $logfile 2>&1; }
sysctlrefresh() { echo refreshing sysctl... ; sysctl --system 2>&1 >> $logfile 2>&1; }
backupfile() {
echo backing up $1
[ -f $1.prvctdb ] && die "backup file $1 already exists!"
[ -f $1 ] && cp $1 $1.prvctdb || true
}
renamefiles() {
for f; do
[ -f "$f" ] || continue
echo "Renaming $f to $f.prvctdb"
mv "$f" "$f".prvctdb
done
}
checkservice() {
(systemctl list-unit-files | grep -q $1.service) || die "service $1 not found"
}
replacefile() {
origfile=$1
replfile=$2
[ ! -f $base/$origfile ] && die "coult not find $base/$origfile"
echo replacing $replfile...
cp $base/$origfile $replfile
}
appendfile() {
origfile=$1
replfile=$2
[ ! -f $base/$origfile ] && die "coult not find $base/$origfile"
echo appending $base/$origfile to $replfile...
cat $base/$origfile >> $replfile
}
execnfsenv() {
file=$1 ; [ -f $file ] || due "inexistent file $file";
echo executing $file...
$file 2>&1 >> $logfile 2>&1;
}
fixnfshostname() {
type nfsconf > /dev/null 2>&1 || die "nfsconf(8) not found"
if [ "$ghostname" == "" ]; then
echo "What is the FQDN for the public IP address of this host ?"
echo -n "> "
read ghostname
fi
echo "Setting $ghostname in nfs.conf..."
nfsconf --set statd name "$ghostname"
}
# end of functions --
[ $UID != 0 ] && die "you need root privileges"
echo """
This script will enable CTDB NFS HA by changing the following files:
(1) /etc/nfs.conf ( replace )
(2) /etc/nfs.conf.d/*.conf ( rename )
(3) /etc/services ( append )
(4) /etc/sysctl.d/98-nfs-static-ports.conf ( create )
(5) /etc/default/quota ( replace )
and disabling the following services, as they will be managed
by ctdb:
(1) rpcbind
(2) nfs-kernel-server
(3) rpc.rquotad
Obs:
- replaced files keep previous versions as "file".prevctdb
- dependant services will also be stopped
"""
while true; do
echo -n "Do you agree with this change ? (N/y) => "
read answer
[ "$answer" == "n" ] && getout "exiting without any changes"
[ "$answer" == "y" ] && break
done
echo "checking requirements..."
checkservice nfs-kernel-server
checkservice quota
checkservice rpcbind
echo "requirements okay!"
echo
backupfile /etc/nfs.conf
renamefiles /etc/nfs.conf.d/*.conf
backupfile /etc/services
backupfile /etc/default/quota
echo
set +e
stopservice ctdb.service
stopservice quota.service
stopservice nfs-kernel-server.service
stopservice rpcbind.service
stopservice rpcbind.socket
stopservice rpcbind.target
echo
disableservice ctdb.service
disableservice quota.service
disableservice nfs-kernel-server.service
disableservice rpcbind.service
disableservice rpcbind.socket
disableservice rpcbind.target
echo
set -e
replacefile nfs.conf /etc/nfs.conf
replacefile 98-nfs-static-ports.conf /etc/sysctl.d/98-nfs-static-ports.conf
replacefile quota /etc/default/quota
echo
appendfile services /etc/services
echo
fixnfshostname
echo
sysctlrefresh
echo
echo """Finished! Make sure to configure properly:
- /etc/exports (containing the clustered fs to be exported)
- /etc/ctdb/nodes (containing all your node private IPs)
- /etc/ctdb/public_addressess (containing public addresses)
A log file can be found at:
- /tmp/enable-ctdb-nfs.$$.log
Remember:
- to place a cluster lock in /etc/ctdb/ctdb.conf:
...
[cluster]
cluster lock = /clustered.filesystem/.reclock
...
And, make sure you enable ctdb service again:
- systemctl enable ctdb.service
- systemctl start ctdb.service
Enjoy!
"""
[general]
pipefs-directory = /run/rpc_pipefs
[lockd]
port = 32768
udp-port = 32768
[mountd]
manage-gids = 1
port = 32767
[nfsd]
threads = 8
vers4 = n
[statd]
ha-callout = /etc/ctdb/statd-callout
name = @NFS_HOSTNAME@
outgoing-port = 32766
port = 32765