RE: [Samba] Very Slow!
On Thu, Aug 28, 2008 at 02:34:02PM -0700, Brian McGrew wrote: > > On Thu, Aug 28, 2008 at 02:20:09PM -0700, Brian McGrew wrote: > >> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > > > Quick try: Remove that. > > > > Curious question -- why did you set those options? > - > It didn't change, still says 4 hours and is taking 3 to 4 seconds to copy > 1k. You re-started smbd? - Yeah, I did a 'service smb restart' and everything came back OK. Just for grins I rebooted the server about an hour ago, just in case I missed something. No dice, same thing. Still, very slow. ++4hour estimate to copy a 4GB file. <2mins via FTP. System info: Red Hat Enterprise Linux Server release 5 (Tikanga) Kerlen 2.6.18-8.el5 SMP x86_64 Samba version 3.0.23c-2 Eth0 && Eht1 bonded to bond0, 2Gbps. /etc/samba/smb.conf attached below... I'm seeing very slow transfers from Samba I'm not sure how else to describe it. If I try and copy a 4GB DVD image from the server to any Windows box (XP, 2003, 2008, MacOS) it estimates more than 4 hours to copy. However, if I FTP to the server from any given client I can move the whole file in less than 2 minutes... I'm not a Samba expert, so anything is helpful at this point!!! -brian [global] netbios name = mvppvt125 realm = MACHINEVISIONPRODUCTS.COM security = ads preferred master = no encrypt passwords = yes wins server = 10.0.0.119 workgroup = MVP password server = * server string = Dell PowerVault Server log level = 3 log file = /var/log/samba/smbd.log max log size = 50 winbind use default domain = yes winbind nested groups = yes winbind separator = + client ntlmv2 auth = yes username map = /etc/samba/smbusers template shell = /bin/bash [filevault] comment = File Vault path = /filevault browseable = yes writable = yes create mode = 0777 force create mode = 0777 force directory mode = 0777 [data] comment = MVP Data path = /data browseable = yes writable = yes create mode = 0777 force create mode = 0777 force directory mode = 0777 -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba ignoring socket options?
On Thu, Aug 28, 2008 at 07:20:22PM -0400, Steve Thompson wrote: > On Thu, 28 Aug 2008, Jeremy Allison wrote: > > >On Thu, Aug 28, 2008 at 05:31:50PM -0400, Steve Thompson wrote: > >>BTW, I get 43 MB/s with a single 12 MB file on GbE without any socket > >>options; linux -> linux. > > > >Ok, that's the same as the Windows systems right ? Should be > >higher than that. Ok, at least we've removed the black box > >from the system - everything can be examined in open source > >code now. You should be able to get 100MB/sec (or close to > >it) I think. > > *sound of stick hitting head* > > My destination filesystem was an NFS-mounted volume. Copying instead to a > local software RAID-1 volume, I get 63 MB/sec, which I think is quite > reasonable. The systems were quite busy at the time. Samba 3.0.24 on > CentOS 4.6/x86_64. Ah, twice over the network. Always good for performance :-). Glad to be able to help. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Very Slow!
Volker Lendecke wrote: On Thu, Aug 28, 2008 at 02:20:09PM -0700, Brian McGrew wrote: socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 Quick try: Remove that. Curious question -- why did you set those options? Volker That is in the default smb.conf distributed with many distros. I have been using: socket options = TCP_NODELAY However, I can't tell any difference in xfers, they all work fine here. -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba ignoring socket options?
On Thu, 28 Aug 2008, Jeremy Allison wrote: On Thu, Aug 28, 2008 at 05:31:50PM -0400, Steve Thompson wrote: BTW, I get 43 MB/s with a single 12 MB file on GbE without any socket options; linux -> linux. Ok, that's the same as the Windows systems right ? Should be higher than that. Ok, at least we've removed the black box from the system - everything can be examined in open source code now. You should be able to get 100MB/sec (or close to it) I think. *sound of stick hitting head* My destination filesystem was an NFS-mounted volume. Copying instead to a local software RAID-1 volume, I get 63 MB/sec, which I think is quite reasonable. The systems were quite busy at the time. Samba 3.0.24 on CentOS 4.6/x86_64. What is also interesting is that changing 'socket options' to a variety of different values has no effect whatsoever on the performance (and I did restart smbd each time). Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba ignoring socket options?
On Thu, 2008-08-28 at 15:04 -0700, Jeremy Allison wrote: > Yuk. I was thinking more this... > - DEBUG(1,("(%3.1f kb/s) (average %3.1f kb/s)\n", > + DEBUG(1,("(%3.1f KiloBytes/sec) (average %3.1f > KiloBytes/sec)\n", Fine by me, I was just pointing out the standard to be pedant :-) Simo. -- Simo Sorce Samba Team GPL Compliance Officer <[EMAIL PROTECTED]> Senior Software Engineer at Red Hat Inc. <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba ignoring socket options?
On Thu, Aug 28, 2008 at 10:02:51PM +, simo wrote: > On Thu, 2008-08-28 at 14:53 -0700, Jeremy Allison wrote: > > On Thu, Aug 28, 2008 at 05:31:50PM -0400, Steve Thompson wrote: > > > On Thu, 28 Aug 2008, Jeremy Allison wrote: > > > > > > >Can you try using smbclient to do a large file transfer from > > > >another client Linux box and time that please ? > > > > > > Minor rant. One thing that slightly bugs me about smbclient is that it > > > reports the transfer rate as "kb/s", which means nothing to me. Is this > > > "KB/s" or "Kb/s"? Well, it's the former: kilobytes per second. So > > > shouldn't it say "KB/s"? > > > > Easily fixed. I'll probably do that. > > If we want to be standards compliant then we should write KiB/s[1] not > Kb/s and MiB/s[2] and GiB/s[3] > > :-D Yuk. I was thinking more this... diff --git a/source/client/client.c b/source/client/client.c index 1c0dff9..85f653e 100644 --- a/source/client/client.c +++ b/source/client/client.c @@ -1080,7 +1080,7 @@ static int do_get(const char *rname, const char *lname_in, bool reget) get_total_time_ms += this_time; get_total_size += nread; - DEBUG(1,("(%3.1f kb/s) (average %3.1f kb/s)\n", + DEBUG(1,("(%3.1f KiloBytes/sec) (average %3.1f KiloBytes/sec)\n", nread / (1.024*this_time + 1.0e-4), get_total_size / (1.024*get_total_time_ms))); } -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba ignoring socket options?
On Thu, 2008-08-28 at 14:53 -0700, Jeremy Allison wrote: > On Thu, Aug 28, 2008 at 05:31:50PM -0400, Steve Thompson wrote: > > On Thu, 28 Aug 2008, Jeremy Allison wrote: > > > > >Can you try using smbclient to do a large file transfer from > > >another client Linux box and time that please ? > > > > Minor rant. One thing that slightly bugs me about smbclient is that it > > reports the transfer rate as "kb/s", which means nothing to me. Is this > > "KB/s" or "Kb/s"? Well, it's the former: kilobytes per second. So > > shouldn't it say "KB/s"? > > Easily fixed. I'll probably do that. If we want to be standards compliant then we should write KiB/s[1] not Kb/s and MiB/s[2] and GiB/s[3] :-D Simo. [1] http://en.wikipedia.org/wiki/Kibibyte [2] http://en.wikipedia.org/wiki/Mebibyte [3] http://en.wikipedia.org/wiki/Gibibyte -- Simo Sorce Samba Team GPL Compliance Officer <[EMAIL PROTECTED]> Senior Software Engineer at Red Hat Inc. <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba ignoring socket options?
On Thu, Aug 28, 2008 at 05:31:50PM -0400, Steve Thompson wrote: > On Thu, 28 Aug 2008, Jeremy Allison wrote: > > >Can you try using smbclient to do a large file transfer from > >another client Linux box and time that please ? > > Minor rant. One thing that slightly bugs me about smbclient is that it > reports the transfer rate as "kb/s", which means nothing to me. Is this > "KB/s" or "Kb/s"? Well, it's the former: kilobytes per second. So > shouldn't it say "KB/s"? Easily fixed. I'll probably do that. > BTW, I get 43 MB/s with a single 12 MB file on GbE without any socket > options; linux -> linux. Ok, that's the same as the Windows systems right ? Should be higher than that. Ok, at least we've removed the black box from the system - everything can be examined in open source code now. You should be able to get 100MB/sec (or close to it) I think. You might need to try looking into tbench/dbench to examine where the bottleneck is : http://samba.org/ftp/tridge/dbench/README Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Very Slow!
On Thu, Aug 28, 2008 at 02:34:02PM -0700, Brian McGrew wrote: > > On Thu, Aug 28, 2008 at 02:20:09PM -0700, Brian McGrew wrote: > >> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > > > Quick try: Remove that. > > > > Curious question -- why did you set those options? > - > It didn't change, still says 4 hours and is taking 3 to 4 seconds to copy > 1k. You re-started smbd? Volker pgpM8EvRYYTGd.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Very Slow!
> On Thu, Aug 28, 2008 at 02:20:09PM -0700, Brian McGrew wrote: >> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > Quick try: Remove that. > > Curious question -- why did you set those options? - It didn't change, still says 4 hours and is taking 3 to 4 seconds to copy 1k. I dunno why I set that, probably something I set years ago when I built my first Samba server and it just stuck. -brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba ignoring socket options?
On Thu, 28 Aug 2008, Jeremy Allison wrote: Can you try using smbclient to do a large file transfer from another client Linux box and time that please ? Minor rant. One thing that slightly bugs me about smbclient is that it reports the transfer rate as "kb/s", which means nothing to me. Is this "KB/s" or "Kb/s"? Well, it's the former: kilobytes per second. So shouldn't it say "KB/s"? BTW, I get 43 MB/s with a single 12 MB file on GbE without any socket options; linux -> linux. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Very Slow!
On Thu, Aug 28, 2008 at 02:20:09PM -0700, Brian McGrew wrote: > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 Quick try: Remove that. Curious question -- why did you set those options? Volker pgpixy5KnCfiL.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Very Slow!
System info: Red Hat Enterprise Linux Server release 5 (Tikanga) Kerlen 2.6.18-8.el5 SMP x86_64 Samba version 3.0.23c-2 Eth0 && Eht1 bonded to bond0, 2Gbps. /etc/samba/smb.conf attached below... I¹m seeing very slow transfers from Samba I¹m not sure how else to describe it. If I try and copy a 4GB DVD image from the server to any Windows box (XP, 2003, 2008, MacOS) it estimates more than 4 hours to copy. However, if I FTP to the server from any given client I can move the whole file in less than 2 minutes... I¹m not a Samba expert, so anything is helpful at this point!!! -brian [global] netbios name = mvppvt125 realm = MACHINEVISIONPRODUCTS.COM security = ads preferred master = no encrypt passwords = yes wins server = 10.0.0.119 workgroup = MVP password server = * server string = Dell PowerVault Server log level = 3 log file = /var/log/samba/smbd.log max log size = 50 winbind use default domain = yes winbind nested groups = yes winbind separator = + client ntlmv2 auth = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 username map = /etc/samba/smbusers template shell = /bin/bash [filevault] comment = File Vault path = /filevault browseable = yes writable = yes create mode = 0777 force create mode = 0777 force directory mode = 0777 [data] comment = MVP Data path = /data browseable = yes writable = yes create mode = 0777 force create mode = 0777 force directory mode = 0777 -- -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba ignoring socket options?
On Thu, Aug 28, 2008 at 12:53:00PM -0700, Mike Myers wrote: > Hi everyone. I am running Samba 3.2.0-22.1 (as packaged by OpenSUSE in > 11.0) on a storage server connected to multiple windows based clients > over a gigabit ethernet link. The server is a quad core Intel CPU and > is equipped with an Intel e1000 based gigabit ethernet controller and plugged > into a common gigabit ethernet switch with the windows clients. > > I am seeing performance issues on transfers over the gigabit ethernet network, > and was trying to play with the socket options settings in the smb.conf > file to improve transfers rates, but no matter what I set the SO_RCVBUF > and SO_SNDBUF values too, the transfer rates are unchanged, even if I > set the buffer sizes down to 512, which should have the effect of at > least slowing things down dramatically, leading me to question if Samba > is actually using these settings at all. TCP_NODELAY is set, but it > doesn't seem to matter much if I include it or not on the socket > options line, and the line is definitely not commented out, as if I > misspell something on that line, samba terminates with an error when I > try and restart the daemon. Samba is definately setting these options. > Samba is getting roughly 30 MB/s tranfer rates from the linux server to a > windows vista and a windows XP client, > and the disks on both windows machines are RAID0 (4 and 2 disk RAID0 > sets respectively), so I don't think I am running into filesystem > performance issues on the target. Moving from the windows systems to Samba, > I see about 45 MB/sec transfers rates. > > The > raid array on the samba server consist of 2 6 disk raid5 sets with fast > disks on them, running lvm and XFS for a filesysteem. I can do a dd of > a multigigabyte file to /dev/null and get roughly 500-600 MB/'s > transfer rates through the filesystem, so I don't think the raid array > and file system is a bottleneck. > > I have run netperf tests > between the server and the clients to see if I had some network > plumbing problems. With default socket settings for netperf (8182 > buffer size), I get about 300 mbps transfer rates between the clients > and the server (which matches approximately the 30 MB/s transfer > rates). With 65536 byte buffers, that number goes to 970 or so Mbps, > so I think the interface cards, TCP stack, switches are all ok. Can you try using smbclient to do a large file transfer from another client Linux box and time that please ? That eliminates the Windows clients from the equation, and allows us to test only with things we can examine directly. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba ignoring socket options?
Hi everyone. I am running Samba 3.2.0-22.1 (as packaged by OpenSUSE in 11.0) on a storage server connected to multiple windows based clients over a gigabit ethernet link. The server is a quad core Intel CPU and is equipped with an Intel e1000 based gigabit ethernet controller and plugged into a common gigabit ethernet switch with the windows clients. I am seeing performance issues on transfers over the gigabit ethernet network, and was trying to play with the socket options settings in the smb.conf file to improve transfers rates, but no matter what I set the SO_RCVBUF and SO_SNDBUF values too, the transfer rates are unchanged, even if I set the buffer sizes down to 512, which should have the effect of at least slowing things down dramatically, leading me to question if Samba is actually using these settings at all. TCP_NODELAY is set, but it doesn't seem to matter much if I include it or not on the socket options line, and the line is definitely not commented out, as if I misspell something on that line, samba terminates with an error when I try and restart the daemon. Samba is getting roughly 30 MB/s tranfer rates from the linux server to a windows vista and a windows XP client, and the disks on both windows machines are RAID0 (4 and 2 disk RAID0 sets respectively), so I don't think I am running into filesystem performance issues on the target. Moving from the windows systems to Samba, I see about 45 MB/sec transfers rates. The raid array on the samba server consist of 2 6 disk raid5 sets with fast disks on them, running lvm and XFS for a filesysteem. I can do a dd of a multigigabyte file to /dev/null and get roughly 500-600 MB/'s transfer rates through the filesystem, so I don't think the raid array and file system is a bottleneck. I have run netperf tests between the server and the clients to see if I had some network plumbing problems. With default socket settings for netperf (8182 buffer size), I get about 300 mbps transfer rates between the clients and the server (which matches approximately the 30 MB/s transfer rates). With 65536 byte buffers, that number goes to 970 or so Mbps, so I think the interface cards, TCP stack, switches are all ok. If I do an FTP from the server to a client, I get 45-50 MB/s transfer rates, so I think the problem is somewhere in Samba. Again, if I change the SO_SNDBUF and SO_RCVBUF values, either up or down, or keep them unset, I get almost no variance in transfer rates. Vista is set to use autotuning in it's TCP configuration, and window scaling and RFC 1323 options are enabled, but I see the same exact performance on XP as well, so I don't think it's a client issue. I get somewhat faster copying from a windows 2003 server on the same LAN to the same clients, even though it is not equipped with a raid array and is just reading from one disk with an unoptimized NTFS filesystem. Is there a bug here or am I missing something in the configuration? thanks, Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Receiving SMB: Server stopped responding
On Thu, Aug 28, 2008 at 10:59:50AM -0500, Jason A. Nunnelley wrote: > This seems to be an ongoing, never-ending problem with our installation of > Samba 3.0.31, patched, running in FreeBSD 7.0 Stable RELENG updated. > > tail -f /var/log/samba/winbindd.log > > [2008/08/28 10:26:31, 0, pid=1839] libsmb/clientgen.c:cli_receive_smb(111) > Receiving SMB: Server stopped responding > [2008/08/28 10:26:43, 0, pid=1839] libsmb/clientgen.c:cli_receive_smb(111) > Receiving SMB: Server stopped responding > [2008/08/28 10:26:56, 0, pid=1839] libsmb/clientgen.c:cli_receive_smb(111) > Receiving SMB: Server stopped responding > > And, it seems to be both periodical at times, then completely random. The > thing just stops responding to winbinds for no logged reason. > > Is there any way to get Samba to tell me what the devil it's doing while > it's busy ignoring everything? Attach to the process with gdb and get a backtrace. > So long as network use is light, there's no problem. I also wonder if it's > possible that it just decides to stop responding under some particular > amount of arbitrary load, or perhaps the NIC's bandwidth being close to max > causes it to lock up. I'm grasping at straws. I've got well over 50 hours > in troubleshooting this thing and no real leads on why it's periodically > just refusing connections... then coming back with no fanfare. When you say "locks up" do you mean Samba or the OS ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Security leak in map_nt_perms?
Jeremy Allison ha scritto: > On Wed, Aug 27, 2008 at 11:15:20PM +0200, Abramo Bagnara wrote: >> Jeremy Allison ha scritto: >>> On Sat, Aug 16, 2008 at 09:42:51AM +0200, Abramo Bagnara wrote: This is exactly what I'd expect... >>> Hmmm, not what I'd expect :-). I'll have to check into the POSIX >>> mapping further, been a while since I wrote it. Are you checking >>> on a system with POSIX ACLs enabled or just straight POSIX permissions ? >> Any news? > > No, haven't got to this yet. One more question, were you setting > the user or group ACE to '---' or an alternate user or group > ACE to '---' ? Leaving only READ_CONTROL (ignored permission) for: user: lead to r-- permission group: lead to --- permission others/Everyone: lead to --- permission acl user: lead to --- permission acl group: lead to --- permission Leaving no permission for: user: lead to r-- permission group: lead to --- permission others/Everyone: lead to --- permission acl user: lead to ACL removal acl group: lead to ACL removal >> Are you willing to accept a patch that make samba to ignore request to >> > allow FILE_{READ|WRITE}_{ATTRIBUTES|EA) when computing resulting Unix >> > permission/ACL? > > Not without examining this code thoroughly first, sorry. Please count on my collaboration for whatever you need. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Austin Linux Users Group Presentation
Hi, For those who are interested I will be presenting at the Austin Linux Users Group meeting tonight. Topic: What's holding Linux back? When will grandma be ready for Linux? More info: http://www.austinlug.org/ I'll be happy to answer Samba questions at or after the meeting. Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Receiving SMB: Server stopped responding
This seems to be an ongoing, never-ending problem with our installation of Samba 3.0.31, patched, running in FreeBSD 7.0 Stable RELENG updated. tail -f /var/log/samba/winbindd.log [2008/08/28 10:26:31, 0, pid=1839] libsmb/clientgen.c:cli_receive_smb(111) Receiving SMB: Server stopped responding [2008/08/28 10:26:43, 0, pid=1839] libsmb/clientgen.c:cli_receive_smb(111) Receiving SMB: Server stopped responding [2008/08/28 10:26:56, 0, pid=1839] libsmb/clientgen.c:cli_receive_smb(111) Receiving SMB: Server stopped responding And, it seems to be both periodical at times, then completely random. The thing just stops responding to winbinds for no logged reason. Is there any way to get Samba to tell me what the devil it's doing while it's busy ignoring everything? So long as network use is light, there's no problem. I also wonder if it's possible that it just decides to stop responding under some particular amount of arbitrary load, or perhaps the NIC's bandwidth being close to max causes it to lock up. I'm grasping at straws. I've got well over 50 hours in troubleshooting this thing and no real leads on why it's periodically just refusing connections... then coming back with no fanfare. -- Jason A Nunnelley President Tech Anything, Inc. 1 888 846 4109 Fax 1 256 962 0290 Voice OneBigBook[tm], OneBigBrand[tm], OneBigBiz[tm], and OneBigShow[tm] are services provided by Tech Anything, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Installing Drivers into [print$]
Ah, thanks I guess the print document I was reading has not been updated for this. This kind of seems more complicated than it needs to be. I'm using user level security and we use ldap for all of our account information. There are no local accounts or user groups. Can I get this to work with that? Dale Schroeder wrote: John, This message usually means that the user trying to add the driver does not have the SePrintOperatorPrivilege. See the following: http://us6.samba.org/samba/docs/man/Samba-HOWTO-Collection/rights.html If this does not work for you, you will probably need to post your smb.conf and state which version of Samba you're running. Good luck, Dale John Baker wrote: Hi, I was looking though the easy Add Printer Wizard Driver Installation instructions here http://us6.samba.org/samba/docs/man/Samba-HOWTO-Collection/classicalprinting.html#id2620623 but found that it did not work. After saying no to "Do you want to install the driver now" when properties comes up nothing is editable so one can't connect to advanced or new driver to install drivers and one never finds a place where the copy to server option comes up. I assume this must be due to changes in Windows. (The smb.conf file is right and the right directories exist and can be written to.) Does anybody know of a work around or new way to accomplish this? -- John Baker Network Systems Administrator Marlboro College Phone: 451-7551 off campus; 551 on campus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding users to dirs, acl
> Ah I am using winbind, You still need a working idmap. >I can chown dir's with domain users etc. I can even > set rwx etc with setfacl -m u: "DOMAIN\user":rwx file > > However it does not seem to see the acls from windows... also i can't edit > them from the windows server via the security tab it gives me access denied, > any ideas why? Check your samba logs. You will probably see can not allocate gid John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding users to dirs, acl
John Drescher wrote: On Thu, Aug 28, 2008 at 5:51 AM, Keith Sudbury <[EMAIL PROTECTED]> wrote: I have some users I was to allow access to a dir, I know I will need to setup ACL's however when this is done can I add users to dirs like I can in windows? Yes, this works for me. Make sure your idmap is working. Here is what works for me on a test domain called YOUR_DOMAIN [global] idmap domains = YOUR_DOMAIN TRUSTEDDOMAINS idmap config YOUR_DOMAIN:backend = nss idmap config YOUR_DOMAIN:readonly = yes idmap config TRUSTEDDOMAINS:default = yes idmap config TRUSTEDDOMAINS:backend = tdb idmap config TRUSTEDDOMAINS:range = 1 - 5 idmap alloc backend = tdb idmap alloc config:range = 1 - 5 BTW, I am using ldap with this PDC [global] add user script = /usr/sbin/smbldap-useradd -m "%u" delete user script = /usr/sbin/userdel -r "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" ldap admin dn = cn=Manager,dc=example,dc=net ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap suffix = dc=example,dc=net ldap ssl = no ldap user suffix = ou=Users ldapsam:trusted = yes ldapsam:editposix = yes John Ah I am using winbind, I can chown dir's with domain users etc. I can even set rwx etc with setfacl -m u: "DOMAIN\user":rwx file However it does not seem to see the acls from windows... also i can't edit them from the windows server via the security tab it gives me access denied, any ideas why? do I need to map my AD administrator account to root so it will have perms to edit file system perms?? Or am I missing some thing... Would be great to be able to edit the perms from Windows tbh. Cheers Keith -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Adding users to dirs, acl
On Thu, Aug 28, 2008 at 5:51 AM, Keith Sudbury <[EMAIL PROTECTED]> wrote: > I have some users I was to allow access to a dir, I know I will need to > setup ACL's however when this is done can I add users to dirs like I can in > windows? > Yes, this works for me. Make sure your idmap is working. Here is what works for me on a test domain called YOUR_DOMAIN [global] idmap domains = YOUR_DOMAIN TRUSTEDDOMAINS idmap config YOUR_DOMAIN:backend = nss idmap config YOUR_DOMAIN:readonly = yes idmap config TRUSTEDDOMAINS:default = yes idmap config TRUSTEDDOMAINS:backend = tdb idmap config TRUSTEDDOMAINS:range = 1 - 5 idmap alloc backend = tdb idmap alloc config:range = 1 - 5 BTW, I am using ldap with this PDC [global] add user script = /usr/sbin/smbldap-useradd -m "%u" delete user script = /usr/sbin/userdel -r "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" ldap admin dn = cn=Manager,dc=example,dc=net ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap suffix = dc=example,dc=net ldap ssl = no ldap user suffix = ou=Users ldapsam:trusted = yes ldapsam:editposix = yes John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS Trouble authorizing users.
Chris Bolton wrote: Hi all, I've set up a CentOS machine with samba version 3.0.28-1.el5_2.1 to join a Windows 2003 ADS. Everything seemed to go fine while joining the domain: [EMAIL PROTECTED] ~]# net ads join -U administrator administrator's password: Using short domain name -- MYDOMAIN Joined 'MAILSERVER' to realm 'MYDOMAIN.LOCAL' The trouble I'm having is authorizing users. When connecting the the CentOS machine from a windows XP machine it pops up a username and password dialog. Entering in my details just pops it up again as it would if I'd entered them incorrectly. Nothing is recored in the logs on the CentOS machine (either in /var/log/messages or /var/log/samba/smbd.log) and I am unable to procced. If I try a username in the dialog box that does not exist on the domain I get an error in /var/log/messages: Aug 28 12:58:06 mailserver smbd[23786]: [2008/08/28 12:58:06, 0] auth/auth_domain.c:domain_client_validate(260) Aug 28 12:58:06 mailserver smbd[23786]: domain_client_validate: unable to validate password for user dave in domain MYDOMAIN to Domain controller MANS01.MYDOMAIN.LOCAL. Error was NT_STATUS_NO_SUCH_USER. Have you tried looking at the samba guides? NT_STATUS_NO_SUCH_USER means just that, Samba cannot find the username in Active Directory Some tools to help you are 'getent passwd | grep ', 'wbinfo -i ' You can also turn up the logging with the 'log level' directive in the smb.conf I'm guessing its a problem with the way the CentOS machine is passing on the logon details but without an error message I'm a bit stuck. Any help would be greatful. Cheers. Config files below: /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = MYDOMAIN.LOCAL dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] MYDOMAIN.LOCAL = { kdc = mans01 admin_server = mans01 default_domain = mydomain.local } [domain_realm] .mydomain.local = MYDOMAIN.LOCAL mydomain.local = MYDOMAIN.LOCAL [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } /etc/smaba/smb.conf [global] workgroup = MYDOMAIN netbios name = mailserver server string = Samba Server 3.0 security = ads realm = MYDOMAIN.LOCAL password server = mans01 encrypt passwords = yes printcap name = /etc/printcap load printers = yes printing = cups log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no dns proxy = no # Share Definitions == [public] comment = Share path = /home/public public = yes writable = yes printable = no -- Jas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ADS Trouble authorizing users.
Hi all, I've set up a CentOS machine with samba version 3.0.28-1.el5_2.1 to join a Windows 2003 ADS. Everything seemed to go fine while joining the domain: [EMAIL PROTECTED] ~]# net ads join -U administrator administrator's password: Using short domain name -- MYDOMAIN Joined 'MAILSERVER' to realm 'MYDOMAIN.LOCAL' The trouble I'm having is authorizing users. When connecting the the CentOS machine from a windows XP machine it pops up a username and password dialog. Entering in my details just pops it up again as it would if I'd entered them incorrectly. Nothing is recored in the logs on the CentOS machine (either in /var/log/messages or /var/log/samba/smbd.log) and I am unable to procced. If I try a username in the dialog box that does not exist on the domain I get an error in /var/log/messages: Aug 28 12:58:06 mailserver smbd[23786]: [2008/08/28 12:58:06, 0] auth/auth_domain.c:domain_client_validate(260) Aug 28 12:58:06 mailserver smbd[23786]: domain_client_validate: unable to validate password for user dave in domain MYDOMAIN to Domain controller MANS01.MYDOMAIN.LOCAL. Error was NT_STATUS_NO_SUCH_USER. I'm guessing its a problem with the way the CentOS machine is passing on the logon details but without an error message I'm a bit stuck. Any help would be greatful. Cheers. Config files below: /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = MYDOMAIN.LOCAL dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] MYDOMAIN.LOCAL = { kdc = mans01 admin_server = mans01 default_domain = mydomain.local } [domain_realm] .mydomain.local = MYDOMAIN.LOCAL mydomain.local = MYDOMAIN.LOCAL [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } /etc/smaba/smb.conf [global] workgroup = MYDOMAIN netbios name = mailserver server string = Samba Server 3.0 security = ads realm = MYDOMAIN.LOCAL password server = mans01 encrypt passwords = yes printcap name = /etc/printcap load printers = yes printing = cups log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no dns proxy = no # Share Definitions == [public] comment = Share path = /home/public public = yes writable = yes printable = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Q: Client cannot authenticate
Hi Few days ago I asked about the problem described below but haven't got any replay. I couldn't figure out from reading the source code what is causing this either. There must be someone out there who could give me a hint. Thanks and regards, Chris > Hi > > A new setup Windows client fails to authenticate to my Samba server > (3.0.24-SerNet-RedHat). > What I see in log at level 10 is: > > Got user=[SA-MC-SMSNS at corproot.net] domain=[] workstation=[MSISMSSRV01P] > len1=24 len2=122 > > The empty domain seams to be origin of the problem, for other systems > working OK this field is not empty. > > The Windows client is: > NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[] > PrimaryDomain=[Windows Server 2003 R2 5.2] > Security settings on this system enforce NTLMv2, those ones working OK are > set to use > NTLM (I was told by the Windows admin). > > I guess the problem is on the Windows side but I cannot think about better > place to ask than > this list. > > Log and configs below. > > I would be very thankful for any help. > > Thanks for your time. > Chris [snip] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] shadow_copy for homes share
Aaron Browne wrote: Maybe you can go about it a different way and offer a "recovery" drive to the users. Rather than using "homes" for the shadow_copy, which is posing problems for you, setup another share called "recover" that points to the snapshot area. Users can then to browse into their home directory via the "recover" share and recover/view their old files. Cheers, Aaron Thats a good idea. We already have this in place for Administrators to recover files for end users. I ended up making this work by creating a script to create and delete symlinks in each users folder. The information contained in this communication is intended only for the use of the recipient(s) named above. It may contain information that is privileged or confidential, and may be protected by State and/or Federal Regulations. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please return it to the sender immediately and delete the original message and any copy of it from your computer system. If you have any questions concerning this message, please contact the sender. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Howto to set ACLs (like force user/ force group for single user/group) with Samba
Andreas Ladanyi schrieb: Hi everybody, the force user/group does a great work. But i have to set an ACL with Samba when a file/directory is created. Does Samba have an integrated mechanism ? My alternative idea is to use the "preexec" and "postexec" method. Bye, Andy I found out: i have to set an acl on a parent directory my self with setfacl. If i want that the acl for files and directories below this parent directory are set automatically, i have to set: inherit acl = yes to the share definition. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Indexes and Authentication
Hi there. I'd like to allow directory indexes for certain clients but not for others. Specifically to allow our internal network to view them but external connections to be refused. Is there some way to wrap Options [+-]Indexes within Authentication by IP address ? Thanks very much. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Adding users to dirs, acl
I have some users I was to allow access to a dir, I know I will need to setup ACL's however when this is done can I add users to dirs like I can in windows? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [ANNOUNCE] Samba 3.2.2 Available for Download
Nicholas Brealey wrote: > Brian H. Nelson wrote: > >Michael Adam wrote: > > > >>What is more, rpath also has some bad effects (when > >>updating libraries, e.g.), so it should not be set unconditionally. > > > >Could you elaborate on why/when setting rpath would cause problems? I'm > >having trouble coming up with an example. > > > I think there was an issue with RPATH in the executable taking higher > priority than the LD_LIBRARY_PATH environment variable and Linux > distributions updating libraries in a funny way (moving the old > libraries to a different directory). I think that pretty much nails it down. This for instance makes it impossible (on Linux) to make test from a source/build directory with RPATH without doing "make install" first. > On Solaris LD_LIBRARY_PATH always had a higher priority than RPATH > although I think this broke some standard. To comply with standards, > RUNPATH was introduced which has a lower priority than LD_LIBRARY_PATH > matching the behaviour of the Solaris RPATH. The -R option on Solaris > now sets both RPATH and RUNPATH but RPATH is ignored when RUNPATH is > present. Ah, interesting to know. > A cannot think of any objection to using -R with $ORIGIN on Solaris. Why not simple give it the absolute LIBDIR path from configure? By the way, as already stated in another mail: You can link your binaries with any RPATH you like by calling configure this way (without modifications to samba code): LDFLAGS="-R..." ./configure --prefix=... ... Cheers - Michael -- Michael Adam <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.SerNet.DE, mailto: Info @ SerNet.DE pgp8BcN9ajL6d.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba