[Samba] Samba client file locking

[Matthias Reif]

Hello,

I am trying to work out the file locking mechanism on our Samba server when
connecting from Linux clients. I am getting some strange behaviour in a
mixed Linux/Windows environment when multiple clients open/lock the same
file for writing. Everything seems fine when a Windows client creates the
lock, but if a Linux client creates the lock, we get either two or more
Linux clients being able to open the same file for writing (SMBFS) or the
other extreme, if one Linux client opens the file none of the others can't
even open it in read-only mode (CIFS). The main application used on the
network is OpenOffice2.

I have been doing some testing using the cifs and smbfs kernel modules on
one FC4 and one Debian client (both 2.6 kernels), plus a Windows 2000
machine.

I used a simple test program that opens a file on a mounted Samba share and
tries to set a write lock.

I noticed that depending on the client I use Samba creates a different kind
of lock with different behaviour when multiple clients attempt to open the
same file. Neither smbfs nor cifs create the correct lock share mode
(DENY_WRITE) and the access mode is different (smbfs:0x3, cifs:0x12019f as
opposed to Windows: 0x2019f)

Is there any way we can manipulate the share mode and access mode that is
being created with the lock, e.g. with some mount options?

Thanks for any help.
Matt


CIFS:
Client1:
mount -t cifs -o username=user1,rw,dir_mode=0777,file_mode=0777
//server/corp /network/corp
Client2:
mount -t cifs -o username=user2,rw,dir_mode=0777,file_mode=0777
//server/corp /network/corp
smbstatus:
21757  DENY_NONE  0x12019fRDWR   NONE
/opt/samba/corporate/flt.ods   Mon May 22 13:43:50 2006
21757  DENY_NONE  0x12019fRDWR   NONE
/opt/samba/corporate/flt.ods   Mon May 22 13:43:44 2006
Behaviour: First client opens file read/write, second client cannot set
write lock (ok).

SMBFS:
Client1:
mount -t smbfs -o username=user1,rw,dmask=777,fmask=777 //server/corp
/network/corp
Client2:
mount -t smbfs -o username=user1,rw,dmask=777,fmask=777 //server/corp
/network/corp
smbstatus:
22587  DENY_NONE  0x3 RDWR   NONE
/opt/samba/corporate/flt.ods   Mon May 22 14:16:40 2006
23034  DENY_NONE  0x3 RDWR   NONE
/opt/samba/corporate/flt.ods   Mon May 22 14:16:11 2006


WINDOWS 2000:
- Open OpenOffice file
smbstatus:
5106  DENY_WRITE 0x2019f RDWR   EXCLUSIVE+BATCH
/opt/samba/corporate/flt.ods   Mon May 22 16:07:25 2006


Simple Test Program:

int main()
{
   struct flock lock;

   char input[80];

   // open read-only mode first
   int fd = open("/network/corp/flt.ods", O_RDWR );

   if ( fd != -1 )
   {
   printf("File opened.\n");

   // try to lock the entire file
   lock.l_type = F_WRLCK;
   lock.l_whence = SEEK_SET;
   lock.l_start = 0;
   lock.l_len = 0;

   // request a write lock
   int fnctlres = fcntl(fd, F_SETLK, &lock);

   // check if we got granted the lock
   if ( fnctlres == -1)
   {
   printf("Could not set write lock.\n");
   }
   else
   {
   printf("File successfully locked for writing.\n");
   }

   printf("Press a key.\n");

   scanf("%s", input);

   lock.l_type=F_UNLCK;
   fcntl(fd, F_SETLK, &lock);
   close(fd);
   }
   else
   {
   printf("Error.\n");
   }
}




Extract from smb.conf
==

...

  posix locking = yes
  strict locking = yes
  share modes = yes
  debug level = 7
  unix extensions = yes
  ea support = yes

...

# Share Definitions
==

...

[corporate]
  comment = Corporate Files
  path = /opt/samba/corporate
  public = no
  guest ok = no
  writable = yes
  browseable = yes
  share modes = yes
  create mask = 0777


...
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re[2]: [Samba] Samba/DLAP Howto

[listserv . traffic]

> On Sunday 21 May 2006 17:30, [EMAIL PROTECTED] wrote:
>> (I sent this once, but it didn't seem to appear, apologies in advance
>> if it is a duplicate.)
>>
>> Newbie here...wanting to implement and test Samba (current version, 3.0.22)
>> as a PDC on LDAP backend.
>>
>> I'm looking for a good how to.

> Write it!  That's how this sort of problem gets fixed!

I may well do so. However, I first have to figure out how to do it so
I can write about it. (I don't want to be one of those "those that
can't, teach" disasters.)

I've hated to waste time here on the list-serv solving dumb newbie
style problems that undoubtedly will come back as something I missed
in reading, or in some documentation somewhere, so I have not wanted
to ask. Perhaps in working to solve this, and perhaps write a
step-by-step how-to I'll do that more. Someone please stop me before I
make a fool of myself - if I start to do so.

>>
>> I've already looked at Ignacio Coupeau, CTI, University of Navarra and
>> the IDEALX stuff and find them wanting. (Three passes attempting to
>> make the IDEALX stuff work were a bust...but perhaps that just says more
>> about my skills than IDEALX's how to...)
>>
>> "The Official Samba-3" Howto book is even lighter.

> Sorry to hear that it is too light.

> Did you check the book "Samba-3 by Example"?  May be worth a look if you did
> not find it previously. Check chapter 5. You can download it from:
> http://www.samba.org/samba/docs/Samba3-ByExample.pdf

I hadn't seen this, and at first glance, it looks helpful. Let me look
it over. I'm trying to make it as idiot-level as possible. In short,
what I'd write is this... An inquisitive Windows admin with only minimal 
experience with Linux/Unix
could come and use the ideal how-to to get a working PDC with LDAP.

Perhaps that's too idealistic, but that's what I would like to do. It
would give those without a lot of skill an immediate boost in seeing
they COULD get something working right away. Sure it won't be an ideal
production environment, but knowing they could get it working right
away will give them the courage to stick it out for the long term.

Many of us, in these circumstances, feel like we've been dropped off
at the bottom of the Khumbu Icefall on Everest, sans guide, food and tent. 
Faced with
such a daunting task, I think many simply give up and roll over and
die. I'd like to change that.

>> I'd prefer a pretty step-by-step how-to, that doesn't assume I know
>> much at all.

> That's what I set out to produce - is the documentation really completely
> useless?

No, not useless. I'm sorry if I offend. Just there are such gaps of
knowledge that *I* don't have, that filling in those gaps takes huge
amounts of time. I'd like to help fill in those gaps for people who
know less, even than I. Think learning your first lines of programming code - 
you know
"Hello world." and all that. (Though you probably wrote a optimizing C compiler 
for your first project, so I'm sure no sympathy there... *grin*)

>> All are confusing to me. Perhaps I'm just too lazy, but I don't think
>> that's all...
>>
>> Is there a native english speaker who has done a recent and
>> comprehensive how to? Is there one somewhere on the Samba site I'm not
>> aware of?

> Well, I don't know how well you did your homework. If you checked out the book
> "Samba-3 By Example" and decided it is not decent then maybe you really do
> need to start writing. I am sure users will thank you for creating better
> documentation. Will you also contribute the document sources to the Samba
> project?

Glad to. Point me in the right direction, and I'll try.

>> If one doesn't exist, I'd be glad to assist in doing one. I'd like a tech
>> guru to review it and make suggestions so I don't produce a piece of crap
>> that's useless to anyone else.

> Hmmm. Perhaps you should define what you mean by "guru".

Someone to make sure I'm not telling people, for example, to make the
whole LDAP directory readable by anyone. I want to provide a good
how-to, not just a how-to.

>> Again, I'd prefer a pretty step-by-step how-to, that doesn't assume I know
>> much at all.
>>
>> That's also the target output I'll use to create my how-to, should it
>> be a useful thing to others.
>>
>> 
>> One further question. Is FC5 a decent platform to do this on, or is
>> there something better, like say CentOS?

> FC5 is fine. What makes any Linux platform better than another? Is it the same
> thing as that which makes one landscape more decent than another? Honestly -
> what sort of answers would satisfy this question? Are you seeking to discover
> what most people run Samba on? Are you asking about commercial or private
> use?

> The Samba documentation was written using SuSE Linux Enterprise Server 9
> because I had that, its what my customers use, and I did not have Red Hat
> Enterprise Linux Server 4 at the time of writing. You see, my preference is
> to use a commercially supported Linux distro. But Debian. Gentoo,

Re: [Samba] Samba/DLAP Howto

[Felipe Alfaro Solana]

One further question. Is FC5 a decent platform to do this on, or is
there something better, like say CentOS?


My experiences with FC5 have been mixed case: some components seem to
work pretty well (mostly the server components like Apache, Postfix,
OpenLDAP) while others are a little bit unstable (like GNOME).

In my particular case, I decided to stick with CentOS and Red Hat
Enterprise Linux ES for the server components and SUSE Linux for the
GUI and user stuff.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba/DLAP Howto

[listserv . traffic]

(I sent this once, but it didn't seem to appear, apologies in advance
if it is a duplicate.)

Newbie here...wanting to implement and test Samba (current version, 3.0.22) as 
a PDC
on LDAP backend.

I'm looking for a good how to.

I've already looked at Ignacio Coupeau, CTI, University of Navarra and
the IDEALX stuff and find them wanting. (Three passes attempting to
make the IDEALX stuff work were a bust...but perhaps that just says more
about my skills than IDEALX's how to...)

"The Official Samba-3" Howto book is even lighter.

I'd prefer a pretty step-by-step how-to, that doesn't assume I know
much at all.

All are confusing to me. Perhaps I'm just too lazy, but I don't think
that's all...

Is there a native english speaker who has done a recent and
comprehensive how to? Is there one somewhere on the Samba site I'm not
aware of?

If one doesn't exist, I'd be glad to assist in doing one. I'd like a tech guru 
to review it and make suggestions so I don't produce a piece
of crap that's useless to anyone else.

Again, I'd prefer a pretty step-by-step how-to, that doesn't assume I know
much at all.

That's also the target output I'll use to create my how-to, should it
be a useful thing to others.


One further question. Is FC5 a decent platform to do this on, or is
there something better, like say CentOS?

The eventual target environment is mainly small business (<100 users)
work-group servers.

TIA,
Greg

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Unrecognized Samba service.

[Ning Liao]

Hi,

I installed CentOS 4.3 on my machine which comes with Samba
3.0.10pre-installed. I want to use the latest Samba
3.0.22, so I uninstalled Samba package (rpm -e samba, rpm -e samba-client,
samba-common can not be removed due to the package dependency). I then
downloaded Samba 3.0.22 and installed it on my machine. However, when I try
to start samba service and got a "Unrecognized Samba service" error message.

Does anyone know how to solve this problem?

Thanks,

Liang
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Disable printing in samba?

[Daniel Johansson]

I'm running samba 3.0.22 installed from ports on my FreeBSD 6.0 amd64 
server. My problem is that every half an houre samba is trying to 
connect to cups and get refused and then "spam" my smbd.log file with 
the failed attempt.


I don't want to use printing i samba and I don't have any printers or 
cups running. Is there any way to disable printing support in samba?


This is what I have in my smbd.conf already, but that doesn't seem to help.
printing = none
load printers = no

log.smbd:
[2006/05/02 19:43:25, 0] printing/print_cups.c:cups_cache_reload(85)
Unable to connect to CUPS server localhost - Connection refused
[2006/05/02 20:02:12, 0] printing/print_cups.c:cups_cache_reload(85)
Unable to connect to CUPS server localhost - Connection refused
[2006/05/02 20:02:12, 0] printing/print_cups.c:cups_cache_reload(85)
Unable to connect to CUPS server localhost - Connection refused
etc. etc.

There must be a way to tell samba that I don't want to use printing at all?

If you reply to this please CC to me as I'm not signed up to the mailing 
list.


Thanks

--
Daniel Johansson - <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] share with no authentication

[Michael Gasch]

map to guest is a global option

greez

Adam Williams wrote:
> In my [global] I have guest account = nobody and security = user, and in
> my share [wpkg] I have:
> 
> [wpkg]
> comment = Windows Packager
> path = /samba/wpkg
> read only = yes
> browseable = no
> guest ok = Yes
> guest only = no
> # valid users = guest nobody
> map to guest = Bad User
> 
> still asks me for a username and password.  if i set security = share it
> works, but then I have other problems with my windows xp computers
> authenticating.
> 
> Michael Gasch wrote:
>> you could play with "map to guest = bad xxx"
>> that´s how i did it in security=domain (i think it works with user,
>> too) and one share. all other shares have "guest ok = no"
>>
>> greez
>>
>>
> 
> 

-- 
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT Staff)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137
   49 (0)341 - 3550 374

Fax:   49 (0)341 - 3550 399
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba share question

[Wesley Hobbie]

I have the guest account enabled.  However, if I create the same share in
say /var it works how I would like it to work, so I think it has something
to do with /home/wes which is forbidden to anyone but "wes", even though I
have /home/wes/Downloads viewable by anyone.  So it appears that the
hierarchy has something to do with it.  Obviously a normal user does not
have permission to create a folder and share it from /var, and I do not want
everyone to have read access to /home/wes, is there some way I can make it
work that anyone (guest) can view the [Programs] share?

-Original Message-
From: Matthew Easton [mailto:[EMAIL PROTECTED] 
Sent: Saturday, May 20, 2006 9:01 PM
To: Wesley Hobbie
Cc: samba@lists.samba.org
Subject: Re: [Samba] Samba share question



On May 20, 2006, at 6:33 PM, Wesley Hobbie wrote:

> I have the following Samba share:
>
> [Programs]
> writable = yes
> path = /home/wes/Download
>
> I want myself to have write access, and everyone else to have read-
> only
> access.  The write access works fine when I authenticate, but  
> anyone that
> does not authenticate gets the you do not have permission error.  The
> /home/wes/Download folder ACL has read access to group and others.   
> What do
> I need to do to fix that?

You want people who don't authenticate to be able to read the share?   
Enable guest account in samba.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Can't get past login window

[Adam Williams]

you will need this instead of [home directories]

[homes]
   comment = Home Directories
   writeable = Yes
   browseable = No
   hide dot files = yes
   public = no
   valid users = %S


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] share with no authentication

[Adam Williams]

In my [global] I have guest account = nobody and security = user, and in
my share [wpkg] I have:

[wpkg]
comment = Windows Packager
path = /samba/wpkg
read only = yes
browseable = no
guest ok = Yes
guest only = no
# valid users = guest nobody
map to guest = Bad User

still asks me for a username and password.  if i set security = share it
works, but then I have other problems with my windows xp computers
authenticating.

Michael Gasch wrote:

you could play with "map to guest = bad xxx"
that´s how i did it in security=domain (i think it works with user, 
too) and one share. all other shares have "guest ok = no"


greez





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Can't get past login window

[David Ackerman]

I worked with the smb.conf for "several" hours and got it so I can access
the server and workgroup.  I can access the public folder because I set file
permissions to 777.  I cannot access user folders.  I set file permission to
700.  If I set to 775 or whatever, there is no password protection.  How can
I make it so that a person must login with user name and password to access
his or her folder in the /home directory?

 

My global settings look like this:

[global]

  log file = /var/log/samba/log.%m

  load printers = no

  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .

  obey pam restrictions = yes

  socket options = TCP_NODELAY

  encrypt passwords = yes

  public = yes

  passdb backend = tdbsam

  dns proxy = no

  netbios name = XX name here deleted for now

  server string = XX name here deleted for now

  invalid users = root

  path = /home

  workgroup = Students

  os level = 20

  comment = Home Directories

  security = share

  syslog = 0

  create mode = 700

  panic action = /usr/share/samba/panic-action %d

  max log size = 1000

  directory mode = 700

 

My Home directory looks like this:

[Home Folders]

  comment = Home Folders

  path = /home

  public = yes

  create mask = 0700

  directory mask = 0700

  force user = nobody

  force user = nogroup

  writeable = yes

 

And my Public folder looks like this:

[Public Folder]

  comment = Public Access Folder

  path = /home/Public

 

Ideally, I would like a user to login and have access to his/her own folder
and also the public folder.  If the user sees other folders, that is
alright, as long as he/she cannot access these folders.

 

I have been working mostly from the terminal window to edit the smb.conf but
have also used webmin some.  I used webmin to make all system users to be
samba users.

 

Thanks for any help!!

 

David

 

 

  _  

From: c p tiwari [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 19, 2006 6:13 PM
To: David Ackerman
Cc: samba@lists.samba.org
Subject: Re: [Samba] Can't get past login window

 


dear
  First u make it sure that you are accessing it with correct alias
share name.And you try this with cmd line from any linux machine

#smbclient -L // -N
Above cmd will display the share name (alias name).
now
#smbclient /// -U 

If you are not able to access then verify the path of your samba share in
configuration .

regards

cp tiwari






  


On Fri, 19 May 2006 David Ackerman wrote :
>I am new at Samba.  I just about have it working.  From my windows XP
>client, I can access the workgroup and then see the server.  When I click
on
>server to access network folders, the login pops up.  I put in the username
>and password (both of which are already in Samba).  The login window
>refreshes and I get in the login screen:  XXX/username, with XXX being the
>name of my local Windows XP computer.  I put in password and the window
just
>refreshes the same and I can't get past it.  My /home directory is 777 and
>the user's directory is 700.  I am using Webmin as much as possible.  Any
>help will be great.  The answer is probably simple.  Thanks.
>
>
>
>David
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/listinfo/samba



 
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] share with no authentication

[Michael Gasch]

you could play with "map to guest = bad xxx"
that´s how i did it in security=domain (i think it works with user, too) 
and one share. all other shares have "guest ok = no"


greez

Adam Williams wrote:
I've only been able to get no authentication on a share to work in 
security = share mode.  If anyone knows how to make it work with 
security = user, please speak up. :)


[EMAIL PROTECTED] wrote:

Hello,


I got this problem:

I want to mount a directory without providing a login/password  
[indicaf$].


I thought that "guest ok = yes" would be sufficient. But it not works.

What option is the right one to open a share to everyone without a 
login box in windows ?



Thanks.



This is my smb.conf (samab v3.0.7):

tccwebcom# more smb.conf
# Samba config file created using SWAT
# from 146.11.3.28 (146.11.3.28)
# Date: 2006/05/15 18:36:54

# Global parameters
[global]
workgroup = FLEUVE
server string = Samba %v on host %h
interfaces = 2.210.11.1/8
security = DOMAIN
password server = madeira ienissei orenoque
guest account = www
username map = /usr/local/samba/private/usersmap
log file = /usr/local/samba/var/log.%m
max log size = 50
announce version = 3.0
dns proxy = No
wins server = 146.17.1.1, 146.14.1.1

[indicaf$]
comment = Fichier template XLA
path = 
/data01/www/websphere/5.0/webapps/IndicAffaire.ear/IndicAffaire.war/excel

guest only = Yes
guest ok = Yes
follow symlinks = No















Fabien LIOU (THALES SERVICES)
THALES COMMUNICATIONS (LAND & JOINT SYSTEMS)
TS/IOS/IMS/HO
160 Boulevard de Valmy
92700 COLOMBES
*Tél.:01 41 30 41 65
*  email:[EMAIL PROTECTED]


  




--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT Staff)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137
   49 (0)341 - 3550 374

Fax:   49 (0)341 - 3550 399

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba