On Sun, 2016-12-04 at 19:05 +0000, Rowland Penny via samba
wrote:> On Mon, 05 Dec 2016 07:50:23 +1300
> Andrew Bartlett <abartlet at samba.org> wrote:
>
> >
> > On Sun, 2016-12-04 at 11:43 +0000, Rowland Penny via samba wrote:
> > >
> > > On Sun, 4 Dec 2016 12:11:17 +0100
> > > Marc Muehlfeld via samba <samba at lists.samba.org> wrote:
> > >
> > > >
> > > >
> > > > Hi Scott,
> > > >
> > > > Am 02.12.2016 um 06:55 schrieb Scott Mattan via samba:
> > > > >
> > > > >
> > > > > I am currently trying to get a Samba 4.5.1 environment
set up
> > > > > for testing and I am unable to get samba to request a
new
> > > > > password from
> > > > > a windows user. The error that I get, is in Japanese,
so I
> > > > > don't have the exact translation, however it is
along the
> > > > > lines
> > > > > of...
> > > > >
> > > > > Your user password must be changed before logging in
for the
> > > > > first
> > > > > time.
> > > > >
> > > > > I am currently using SambaDC (although my computer is
not
> > > > > connected
> > > > > to the samba domain).
> > > >
> > > > As far as I know, Windows only prompts for password changes
> > > > when a
> > > > domain user logs into a domain workstation. If a domain user
> > > > just
> > > > access a share from a none-domain-member machine only an
error
> > > > is
> > > > shown and access is denied.
> >
> > This is correct. There isn't a way to forward on the password
> > changes, nor clearly know which DC the file server was using, so no
> > password change prompt can be offered.
> >
> > >
> > > >
> > > >
> > > >
> > > > Am 03.12.2016 um 18:53 schrieb Rowland Penny via samba:
> > > > >
> > > > >
> > > > > You also seem to have built the deprecated
'ntvfs'
> > > > > filesystem.
> > > >
> > > > Yes, but he's not using it:
> > > > >
> > > > >
> > > > > server services = s3fs,...
> > > >
> > > > If he would, Samba 4.5 would fail to start:
> > > >
https://wiki.samba.org/index.php/Updating_Samba#The_ntvfs_File_
> > > > Serv
> > > > er_Back_End_Has_Been_Disabled
> > > >
> > > >
> > >
> > > Yes, I noticed, but everything the OP posted seemed to be just
> > > wrong. He appears to be running Samba as an AD DC, but isn't
> > > joining
> > > anything
> > > to it, he has built the 'ntvfs' filesystem but isn't
using it.
> >
> > That's just because he built with --enable-selftest. That turns
on
> > the ntvfs file server as the selftest relies on it.
> >
>
> Again I knew this, but why does selftest rely on something that isn't
> used anymore, just what does get tested ? and how does using ntvfs
> help ?
It is a lot of work to change the situation, even more so without loss
of important tests. A number of tests, particularly for spoolss but
also of the cifs proxy (which in turn tests kerberos delegation), use
the ntvfs file server.
The next step is to have it build with ntvfs only during the main make,
but re-link without it for the install. That is still non-trivial
however.
Sorry,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba