[Samba] Configuring MaxMpxCount
Hi, Is it possible to configure MaxMpxCount through smb.conf or by some other means? I appreciate comments. Thanks and Regards Sudheer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mv errors.
Günter Kukkukk-2 wrote: > > > that's what i've expected. > These cifs vfs bugs have been fixed in a later kernel release. > I was able to test that on a (somewhat more recent kernel than > yours) 2.6.22.18-0.2, which was shipped with cifs vfs version 1.49. > The 'mv' and 'cp -p' problems are fixed in there. > > Btw - you can also expect cp -p errors, when ACLs are used and > the remote samba server is exporting a share on a *file system* > which does not support ACLs - or is not configured to do so. > (e.g. ext3 can be mounted with the "acl,user_xattr" option). > On the cifs client side one can use the cifs mount option "noacl" > to disable acls. > > So i can only recommend to update the kernels on your linux clients. > Good luck! :-) > > We use Fluxbox with Rox-filer in the machines. I tried to install Gnome and with Nautilus it seems that the cp/mv warnings won't show up. I'll follow your tips about ACLs and mount options. I'm not sure whether I'm going to upgrade the kernel or not. (I'd have to upgrade Etch to Lenny.) Thanks a lot for your help, time and patience. (everyone) -- View this message in context: http://www.nabble.com/mv-errors.-tp21712791p21759003.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mv errors.
Am Freitag, 30. Januar 2009 schrieb Athunye: > > Günter Kukkukk-2 wrote: > > > > > > Can you please try the "preserving copy cmds": > > 'cp -p srcfile /mounted/samba/share/' > > 'cp -a srcfile /mounted/samba/share/' > > > > Do they work ? > > > > > > bash >>> pwd > /mnt/docs > > bash >>> ls --all > . .. .Trash-1001 > > bash >>> cp -p ~/test.txt ./ > cp: preserving times for `./test.txt': Operation not permitted > > bash >>> cp -a ~/.vimrc ./ > cp: preserving times for `./.vimrc': Operation not permitted > > bash >>> pwd > /mnt/docs > > bash >>> rm .vimrc > (no warnings) > > bash >>> rm test.txt > rm: remove write-protected regular empty file `test.txt'? > that's what i've expected. These cifs vfs bugs have been fixed in a later kernel release. I was able to test that on a (somewhat more recent kernel than yours) 2.6.22.18-0.2, which was shipped with cifs vfs version 1.49. The 'mv' and 'cp -p' problems are fixed in there. Btw - you can also expect cp -p errors, when ACLs are used and the remote samba server is exporting a share on a *file system* which does not support ACLs - or is not configured to do so. (e.g. ext3 can be mounted with the "acl,user_xattr" option). On the cifs client side one can use the cifs mount option "noacl" to disable acls. So i can only recommend to update the kernels on your linux clients. Good luck! :-) Cheers, Günter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
On Fri, Jan 30, 2009 at 01:53:08PM -0800, Jeremy Allison wrote: > Volker's changes are correct, in that delete access in POSIX does not > belong to a file itself, but to the containing directory. So really > we should remove the DELETE_ACCESS bit from both the file and the > directory ACL returned. This unfortunately breaks the fiction of > a rwx permission mapping directly into Windows FULL_CONTROL. What > your users can do with the file over Samba hasn't actually changed, > is they have write access to the directory they can still delete > the file, but the ACLs "look funny". > > I'll think some more about how we can restore the fiction for > the users without having to use the experimental native ACL > store. I have a patch for this but the problem is that it's a harder problem than it looks (still working on the patch). The issue is that whether a file can be deleted or not is a different issue to whether a particular ACL element has the DELETE bit set. A file can be deleted by an admin/root user, or by a user with se_restore privilege set, as well as by users matching an ACL entry. Currently the Samba code conflates the two cases, so I'm having to disentangle them as at the same time. This is an *interesting* change :-). I should have a final fix no later than Monday, but it might take me that long. Just an FYI for people waiting on this fix. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
On Fri, Jan 30, 2009 at 10:49:35PM +, simo wrote: > > Jeremy, would it make sense to set the delete bit (or even full control) > depending on whether the user has write control over the parent > directory ? Doing this right now... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem building Samba 3.3 on Solaris 10
I can't help you with the Sun Studio compiler, but I can tell you that I was able to build Samba 3.3.0 on Solaris 10 using gcc (4.3.3 RC). -David On Thu, Jan 29, 2009 at 5:58 PM, John Center wrote: > Hi, > > I attempted to build v3.3 using Sun Studio 12, but it failed right out of > the gate. It looks like it can't find the standard libraries, but according -- David Eisner http://cradle.brokenglass.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba local master browser crashes the Windows domain master browser
Jeremy Allison wrote: A crash on the Windows server is definately a Microsoft bug. If you can reproduce it at will I'd suggest sending a bug report their way. Jeremy. I agree completely. My main thought was that 'Samba crashing Windows' ultimately makes Samba look bad. Besides that, it's not unlikely that there is also a bug in Samba that is contributing. Either way, there doesn't seem to be a way to even talk to Microsoft without shelling out money. I'm going to check with a co-worker who has an MSDN sub next week and see if there is a route there. -Brian -- --- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: CTDB + Samba: Tune Read Performance
On Fri, Jan 30, 2009 at 03:46:17PM -0700, tim clusters wrote: > By the way, Jumbo Frame is enabled on the 10GigE HCA and raw network > bandwidth peaks at 850MB/s. From the underlying SAN and GPFS file-system, > we get around 1400MB/s aggregate. Single stream bandwidth using native > file-system client (GPFS) with 1MB block-size/packet-size delivers 800MB/s. > > I shall play with network proc settings and post if I come up with further > performance improvements. Keep us informed how it goes :-) Volker pgpcWKYWt7qIy.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Smbtorture + Domain Environment
Hi, Does smbtorture have any issues operating in a Domain environment? I get the following error even for simple tests [r...@d2950-11 samba_tests]# ./smbtorture //D1950-01/global-share -U TESTDOMAIN2+testuserc OPEN using seed 1233356434 Password: host=D1950-01 share=global-share user=TESTDOMAIN2+testuserc myname=D2950-11 Running OPEN starting open test failed to open share connection: //D1950-01/global-share port:0 - NT_STATUS_LOGON_FAILURE TEST OPEN FAILED! OPEN took 0.015798 secs Tried different uses + options + forward and reverse slash. No errors recorded in smb log or syslog. smbclient works fine and so does access from Windows machine. [r...@d2950-11 samba_tests]# id TESTDOMAIN2+testuserc uid=11003(TESTDOMAIN2+testuserc) gid=20001(TESTDOMAIN2+win_users) groups=20001(TESTDOMAIN2+win_users),20002(TESTDOMAIN2+domain users) [r...@d2950-11 samba_tests]# smbclient -U TESTDOMAIN2+testuserc '\\D1950-01\global-share' Enter TESTDOMAIN2+testuserc's password: Domain=[TESTDOMAIN2] OS=[Unix] Server=[Samba 3.2.3] smb: \> pwd Current directory is \\D1950-01\global-share\ smb: \> exit Iam using smbtorture from Samba version 3.2.3. The Linux client is joined to Windows Domain managed by Active Directory. [r...@d2950-11 samba_tests]# net ads testjoin Join is OK Thoughts/suggestions to resolve above will be greatly appreciated. Thanks, -Tim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: CTDB + Samba: Tune Read Performance
On Fri, Jan 30, 2009 at 2:52 PM, Volker Lendecke wrote: > On Fri, Jan 30, 2009 at 02:34:27PM -0700, tim clusters wrote: > > Currently, a SMB server is able to handle sustained 300MB/s on writes and > > 200MB/s on reads. Performance remains constant as you scale clients with > no > > time-outs and performance scales as you add another server. Iam still not > > sure if we can extract more from SMBD as CPU/memory/IO subsystem is less > > than 30% saturated. Seems like the performance bottleneck is > network-related > > + SMB packet-size as raw network yields 450MB/s for 64KB packet-size. > > Not having followed what you already tried, but I can assure > you that smbd is not the bottleneck for the raw transfer > tests. Just this week I was at a customer with 10GigE. > Tested a get operation with smbclient from master. First run > 120MB/sec. Increased window size, got around 300MB/sec. > Activated jumbo frames, got around 600MB/sec. To get this, > we had to make sure the file was already in RAM. It seemed > that above 450MB/sec the file system (ZFS on top of some SAN > with 192 disks in that case) started to be the bottleneck. > > With pure netcat we got a difference of less than 5%, > definitely below the normal variation. > > I'm stressing the use of latest smbclient a bit, because > this should really squeeze what you cat get out of your > hardware, it completely the network latencies. I shall try the latest smbclient. By the way, Jumbo Frame is enabled on the 10GigE HCA and raw network bandwidth peaks at 850MB/s. From the underlying SAN and GPFS file-system, we get around 1400MB/s aggregate. Single stream bandwidth using native file-system client (GPFS) with 1MB block-size/packet-size delivers 800MB/s. I shall play with network proc settings and post if I come up with further performance improvements. Sincere Regards, -Tim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
Effectively, we should remove the "map acl full control" parameter as it now longer has any use except to break things. I'll mark it deprecated with the patch. Yes, I suppose you are right. Thank you for your efforts. I really appreciate your work. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
On Fri, 2009-01-30 at 14:43 -0800, Jeremy Allison wrote: > On Fri, Jan 30, 2009 at 10:32:55PM +, Miguel Medalha wrote: > > > >> Volker's changes are correct, in that delete access in POSIX does not > >> belong to a file itself, but to the containing directory. So really > >> we should remove the DELETE_ACCESS bit from both the file and the > >> directory ACL returned. > > > > Without having the deep knowledge you have about this, it seems to me > > that this statement is indeed correct but... > >> This unfortunately breaks the fiction of a rwx permission mapping directly > >> into Windows FULL_CONTROL. > > > > I can live with that as long as can can set full permissions for users. > > The ideal would be: > > > > 'map acl full control = yes' -> do what it describes > > > > 'map acl full control = no' -> enable us to set the "Delete" permission > > (and others) separately. > > > > The problem with 3.3.0 is that I cannot set the delete permission and as > > such users with rwx at the filesystem level cannot delete the files. > > Ok, I'm preparing a patch for this. Effectively, we should > remove the "map acl full control" parameter as it now longer > has any use except to break things. I'll mark it deprecated > with the patch. Jeremy, would it make sense to set the delete bit (or even full control) depending on whether the user has write control over the parent directory ? Maybe make this behavior could be triggerd by "map acl full control". Simo. -- Simo Sorce Samba Team GPL Compliance Officer Principal Software Engineer at Red Hat, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
Can you give me an exact scenario to reproduce. I can certainly delete files I have created in my test env. I have a directory from which getfacl --t obtains the following: USER Adminrwx rwx GROUP Admins rwx rwx group Admins rwx rwx group Editores rwx rwx group Fotografos --x --x group Graficos rwx rwx group Jornalistas --x --x maskrwx rwx other --- --- --- The share definition contains the following: [Editor] comment = Editores path = /data/Jornal/Editor valid users = @Admins, @Editores, @Graficos write list = @Admins, @Editores, @Graficos --- The acl parameters explicitly set in my smb.conf are the following: acl compatibility = win2k inherit acls = Yes map acl inherit = Yes --- A member of the "Graficos" group extracted an attachment from an email message and put it in that directory. A member of group "Editores", after having read the file, tried to delete it and was prevented from doing it. He then asked the first user to delete the file himself, which he could not do. After similar behavior was found with several files in other directories, the problem was reported to me. I immediately noticed that the "Delete" permission had been cleared. I tried to reset it but was unable to do so. As work was pressing, I reverted to 3.2.7 and all was well again. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
On Fri, Jan 30, 2009 at 10:32:55PM +, Miguel Medalha wrote: > >> Volker's changes are correct, in that delete access in POSIX does not >> belong to a file itself, but to the containing directory. So really >> we should remove the DELETE_ACCESS bit from both the file and the >> directory ACL returned. > > Without having the deep knowledge you have about this, it seems to me > that this statement is indeed correct but... >> This unfortunately breaks the fiction of a rwx permission mapping directly >> into Windows FULL_CONTROL. > > I can live with that as long as can can set full permissions for users. > The ideal would be: > > 'map acl full control = yes' -> do what it describes > > 'map acl full control = no' -> enable us to set the "Delete" permission > (and others) separately. > > The problem with 3.3.0 is that I cannot set the delete permission and as > such users with rwx at the filesystem level cannot delete the files. Ok, I'm preparing a patch for this. Effectively, we should remove the "map acl full control" parameter as it now longer has any use except to break things. I'll mark it deprecated with the patch. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
Volker's changes are correct, in that delete access in POSIX does not belong to a file itself, but to the containing directory. So really we should remove the DELETE_ACCESS bit from both the file and the directory ACL returned. Without having the deep knowledge you have about this, it seems to me that this statement is indeed correct but... This unfortunately breaks the fiction of a rwx permission mapping directly into Windows FULL_CONTROL. I can live with that as long as can can set full permissions for users. The ideal would be: 'map acl full control = yes' -> do what it describes 'map acl full control = no' -> enable us to set the "Delete" permission (and others) separately. The problem with 3.3.0 is that I cannot set the delete permission and as such users with rwx at the filesystem level cannot delete the files. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
On Fri, Jan 30, 2009 at 05:08:14PM -0500, Ryan B. Lynch wrote:
>
> I tested this about four weeks ago, comparing operations from Windows
> clients against our Samba 3.2.7 server and another machine running a
> 3.3.0 pre-release checkout. The ACL rights assignments did appear to be
> different, but I believe that the actual results were different, too.
>
> That is to day, a Windows user could delete, rename, or take ownership
> of a file/directory on which that user had UNIX 'rwx' rights, but only
> on 3.2.7. This didn't work on 3.3.0.
The difference in 3.2.x and 3.3.x here is that for deleting or
renaming a file 3.2.x uses the request :
can_access_file_acl(conn, dname, &sbuf, FILE_WRITE_DATA);
whereas 3.3.x uses the more correct checks :
if (can_access_file_acl(conn, dname, FILE_DELETE_CHILD)) {
return true;
}
return can_access_file_acl(conn, fname, DELETE_ACCESS);
This has probably tightened the restriction on who can do what
to be closer to the Windows access restrictions. This is intentional,
as I think the 3.2.x model was not correct (too permissive).
> But I want to be careful before I say I'm sure, because you (Jeremy)
> certainly know this subject better than me. I'm going to test those
> same operations over the weekend, and I'll confirm whether it's just a
> different appearance or whether it affects the actual operations. I
> will also turn the debug logging up to the max, and I'll attach that to
> bug #6005 with an update.
> For our users, it's a requirement--the business process requires one
> user to be able to rename, delete, etc. directory trees and files that
> other users create.
So long as they have write access into the directory they should
be able to do this.
Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
On Friday 30 January 2009 15:53:08 Jeremy Allison wrote: > On Fri, Jan 30, 2009 at 01:25:02PM -0800, Jeremy Allison wrote: > > > I would describe the problem *slightly* differently from Miguel. I do > > > not think that ACLs are the real problem, because the bug behaviour > > > exists regardless of whether you're using filesystem ACLs or not. > > > > > > The problem seems to be that the configuration option 'acl map full > > > control' isn't working anymore under 3.3. This option took me a long > > > time to understand, because it refers to Windows ACLs, not filesystem > > > ACLs. If the option is set (which is the default under both 3.2.7 and > > > 3.3.0), a user with 'rwx' UNIX permissions should get 'Full Control' > > > rights under Windows. This is regardless of whether the 'rwx' > > > permissions come from the base UNIX permissions or POSIX ACLs. > > > > > > 3.2.7 works as the man page describes, but 3.3.0 does not. Under > > > 3.3.0, a user with 'rwx' will have every Windows right except for > > > 'Delete' and 'Full Control'. Even the file's owner will lack those two > > > rights. Nonetheless, the owner will be able to delete or rename the > > > file, but not any other users, even if they apparently have identical > > > rights. > > > > > > Also, this behaviour seems to persist whether you explicitly turn 'acl > > > map full control' on or off. We also tried a few dozen combinations of > > > other permission, ownership, and ACL-related options in 'smb.conf', and > > > none of them worked. > > > > Ok, here are the two commits that affected this issue to make it differ > > from 3.2.x. > > > > commit 51b5364c2afb3a18df4bec2bc1624760ccc01676 > > Author: Volker Lendecke > > Date: Tue Jun 17 16:22:43 2008 +0200 > > > > RWX on a file does not imply DELETE access > > Without this the changed checks in can_delete_file_in_directory give > > DELETE access where there is none. So we can end up granting the > > ntcreate&x preparing the unlink where we should not, which leads to a > > NT_STATUS_ACCESS_DENIED at close time later, which in turn does *not* > > give the access denied error message in the Windows GUI. > > > > can_delete_file_in_directory will grant access now by looking at the > > directory permissions. > > > > commit daa9b056645a45edfb3a70e3536011ebe5678970 > > Author: Volker Lendecke > > Date: Thu Jun 19 14:53:46 2008 +0200 > > > > Fix checks in can_delete_file_in_directory() > > With at least NFSv4 ACLs around the write permission for the owner is > > a bogus check if we can delete a file in a directory. Like in Windows, > > there are two ways which can grant us such: First, the DELETE permission > > on the file itself, or if that does not help, the DELETE_CHILD permission > > on the directory. It might be a bit more code that runs, but essentially > > we should end up with the same set of syscalls in the non-acl case. > > > > This looks like a compatibility change to make us work better > > with NFSv4 underlying ACLs, not POSIX ones. > > > > I'll do some more digging. > > Volker's changes are correct, in that delete access in POSIX does not > belong to a file itself, but to the containing directory. So really > we should remove the DELETE_ACCESS bit from both the file and the > directory ACL returned. This unfortunately breaks the fiction of > a rwx permission mapping directly into Windows FULL_CONTROL. What > your users can do with the file over Samba hasn't actually changed, > is they have write access to the directory they can still delete > the file, but the ACLs "look funny". > > I'll think some more about how we can restore the fiction for > the users without having to use the experimental native ACL > store. > > Jeremy. Jeremy, Ryan's environment requires that users have full control over all files in a directory. So long as they have read and write access (in the directory and for the file) they must be able to delete the file and/or rename it, even where it belongs to another user. We have not be been able to get this to work with 3.3.0. It is working without any problems with 3.2.7. It does appear that something has changed in 3.3.0 compared with 3.2.7. Ryan is using 3.3.0 so that he can use CTDB. We are in the process of rebuilding the clustered environment and will be able to test the full combination some time next week. Right now we are running tests with samba-3.3.0 without using CTDB but using binaries that have it enabled. Site operators don't really care what the Full Control flags look like, so long as they can delete files that were created by another user. Cheers, John T. -- John H Terpstra "If at first you don't succeed, don't go sky-diving!" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
On Fri, Jan 30, 2009 at 10:03:57PM +, Miguel Medalha wrote: > >> How are they trying to delete the files ? Using Windows explorer or >> cmd.exe or a custom app ? >> >> >> > Using Windows Explorer. This is a CentOS machine serving a network of > Windows XP workstations. Can you give me an exact scenario to reproduce. I can certainly delete files I have created in my test env. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
Jeremy Allison wrote: On Fri, Jan 30, 2009 at 01:25:02PM -0800, Jeremy Allison wrote: > > I would describe the problem *slightly* differently from Miguel. I do > > not think that ACLs are the real problem, because the bug behaviour > > exists regardless of whether you're using filesystem ACLs or not. > > > > The problem seems to be that the configuration option 'acl map full > > control' isn't working anymore under 3.3. This option took me a long > > time to understand, because it refers to Windows ACLs, not filesystem > > ACLs. If the option is set (which is the default under both 3.2.7 and > > 3.3.0), a user with 'rwx' UNIX permissions should get 'Full Control' > > rights under Windows. This is regardless of whether the 'rwx' > > permissions come from the base UNIX permissions or POSIX ACLs. > > > > 3.2.7 works as the man page describes, but 3.3.0 does not. Under 3.3.0, > > a user with 'rwx' will have every Windows right except for 'Delete' and > > 'Full Control'. Even the file's owner will lack those two rights. > > Nonetheless, the owner will be able to delete or rename the file, but > > not any other users, even if they apparently have identical rights. > > > > Also, this behaviour seems to persist whether you explicitly turn 'acl > > map full control' on or off. We also tried a few dozen combinations of > > other permission, ownership, and ACL-related options in 'smb.conf', and > > none of them worked. > > Ok, here are the two commits that affected this issue to make it differ > from 3.2.x. > > commit 51b5364c2afb3a18df4bec2bc1624760ccc01676 > Author: Volker Lendecke > Date: Tue Jun 17 16:22:43 2008 +0200 > > RWX on a file does not imply DELETE access > Without this the changed checks in can_delete_file_in_directory give DELETE > access where there is none. So we can end up granting the ntcreate&x preparing > the unlink where we should not, which leads to a NT_STATUS_ACCESS_DENIED at > close time later, which in turn does *not* give the access denied error message > in the Windows GUI. > > can_delete_file_in_directory will grant access now by looking at the directory > permissions. > > commit daa9b056645a45edfb3a70e3536011ebe5678970 > Author: Volker Lendecke > Date: Thu Jun 19 14:53:46 2008 +0200 > > Fix checks in can_delete_file_in_directory() > With at least NFSv4 ACLs around the write permission for the owner is a bogus > check if we can delete a file in a directory. Like in Windows, there are two > ways which can grant us such: First, the DELETE permission on the file itself, > or if that does not help, the DELETE_CHILD permission on the directory. It > might be a bit more code that runs, but essentially we should end up with the > same set of syscalls in the non-acl case. > > This looks like a compatibility change to make us work better > with NFSv4 underlying ACLs, not POSIX ones. > > I'll do some more digging. Volker's changes are correct, in that delete access in POSIX does not belong to a file itself, but to the containing directory. So really we should remove the DELETE_ACCESS bit from both the file and the directory ACL returned. This unfortunately breaks the fiction of a rwx permission mapping directly into Windows FULL_CONTROL. What your users can do with the file over Samba hasn't actually changed, is they have write access to the directory they can still delete the file, but the ACLs "look funny". I tested this about four weeks ago, comparing operations from Windows clients against our Samba 3.2.7 server and another machine running a 3.3.0 pre-release checkout. The ACL rights assignments did appear to be different, but I believe that the actual results were different, too. That is to day, a Windows user could delete, rename, or take ownership of a file/directory on which that user had UNIX 'rwx' rights, but only on 3.2.7. This didn't work on 3.3.0. But I want to be careful before I say I'm sure, because you (Jeremy) certainly know this subject better than me. I'm going to test those same operations over the weekend, and I'll confirm whether it's just a different appearance or whether it affects the actual operations. I will also turn the debug logging up to the max, and I'll attach that to bug #6005 with an update. I'll think some more about how we can restore the fiction for the users without having to use the experimental native ACL store. For our users, it's a requirement--the business process requires one user to be able to rename, delete, etc. directory trees and files that other users create. -Ryan -- Ryan B. Lynch Engineer Innovative Discovery, LLC http://www.id-edd.com/ 347.633.0512 ryan.ly...@id-edd.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
How are they trying to delete the files ? Using Windows explorer or cmd.exe or a custom app ? Using Windows Explorer. This is a CentOS machine serving a network of Windows XP workstations. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
On Fri, Jan 30, 2009 at 09:59:58PM +, Miguel Medalha wrote: > >> What your users can do with the file over Samba hasn't actually changed, >> is they have write access to the directory they can still delete >> the file, but the ACLs "look funny". >> >> > > No, they can't. I was alerted to this problem precisely because users > who have full access to the directory suddenly could not delete files > inside it. How are they trying to delete the files ? Using Windows explorer or cmd.exe or a custom app ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
What your users can do with the file over Samba hasn't actually changed, is they have write access to the directory they can still delete the file, but the ACLs "look funny". No, they can't. I was alerted to this problem precisely because users who have full access to the directory suddenly could not delete files inside it. The ACLs "look funny" and "are funny". -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
On Fri, Jan 30, 2009 at 01:25:02PM -0800, Jeremy Allison wrote: > > I would describe the problem *slightly* differently from Miguel. I do > > not think that ACLs are the real problem, because the bug behaviour > > exists regardless of whether you're using filesystem ACLs or not. > > > > The problem seems to be that the configuration option 'acl map full > > control' isn't working anymore under 3.3. This option took me a long > > time to understand, because it refers to Windows ACLs, not filesystem > > ACLs. If the option is set (which is the default under both 3.2.7 and > > 3.3.0), a user with 'rwx' UNIX permissions should get 'Full Control' > > rights under Windows. This is regardless of whether the 'rwx' > > permissions come from the base UNIX permissions or POSIX ACLs. > > > > 3.2.7 works as the man page describes, but 3.3.0 does not. Under 3.3.0, > > a user with 'rwx' will have every Windows right except for 'Delete' and > > 'Full Control'. Even the file's owner will lack those two rights. > > Nonetheless, the owner will be able to delete or rename the file, but > > not any other users, even if they apparently have identical rights. > > > > Also, this behaviour seems to persist whether you explicitly turn 'acl > > map full control' on or off. We also tried a few dozen combinations of > > other permission, ownership, and ACL-related options in 'smb.conf', and > > none of them worked. > > Ok, here are the two commits that affected this issue to make it differ > from 3.2.x. > > commit 51b5364c2afb3a18df4bec2bc1624760ccc01676 > Author: Volker Lendecke > Date: Tue Jun 17 16:22:43 2008 +0200 > > RWX on a file does not imply DELETE access > Without this the changed checks in can_delete_file_in_directory give > DELETE > access where there is none. So we can end up granting the ntcreate&x > preparing > the unlink where we should not, which leads to a NT_STATUS_ACCESS_DENIED > at > close time later, which in turn does *not* give the access denied error > message > in the Windows GUI. > > can_delete_file_in_directory will grant access now by looking at the > directory > permissions. > > commit daa9b056645a45edfb3a70e3536011ebe5678970 > Author: Volker Lendecke > Date: Thu Jun 19 14:53:46 2008 +0200 > > Fix checks in can_delete_file_in_directory() > With at least NFSv4 ACLs around the write permission for the owner is a > bogus > check if we can delete a file in a directory. Like in Windows, there are > two > ways which can grant us such: First, the DELETE permission on the file > itself, > or if that does not help, the DELETE_CHILD permission on the directory. It > might be a bit more code that runs, but essentially we should end up with > the > same set of syscalls in the non-acl case. > > This looks like a compatibility change to make us work better > with NFSv4 underlying ACLs, not POSIX ones. > > I'll do some more digging. Volker's changes are correct, in that delete access in POSIX does not belong to a file itself, but to the containing directory. So really we should remove the DELETE_ACCESS bit from both the file and the directory ACL returned. This unfortunately breaks the fiction of a rwx permission mapping directly into Windows FULL_CONTROL. What your users can do with the file over Samba hasn't actually changed, is they have write access to the directory they can still delete the file, but the ACLs "look funny". I'll think some more about how we can restore the fiction for the users without having to use the experimental native ACL store. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: CTDB + Samba: Tune Read Performance
On Fri, Jan 30, 2009 at 02:34:27PM -0700, tim clusters wrote: > Currently, a SMB server is able to handle sustained 300MB/s on writes and > 200MB/s on reads. Performance remains constant as you scale clients with no > time-outs and performance scales as you add another server. Iam still not > sure if we can extract more from SMBD as CPU/memory/IO subsystem is less > than 30% saturated. Seems like the performance bottleneck is network-related > + SMB packet-size as raw network yields 450MB/s for 64KB packet-size. Not having followed what you already tried, but I can assure you that smbd is not the bottleneck for the raw transfer tests. Just this week I was at a customer with 10GigE. Tested a get operation with smbclient from master. First run 120MB/sec. Increased window size, got around 300MB/sec. Activated jumbo frames, got around 600MB/sec. To get this, we had to make sure the file was already in RAM. It seemed that above 450MB/sec the file system (ZFS on top of some SAN with 192 disks in that case) started to be the bottleneck. With pure netcat we got a difference of less than 5%, definitely below the normal variation. I'm stressing the use of latest smbclient a bit, because this should really squeeze what you cat get out of your hardware, it completely the network latencies. Volker pgp0RL6f8GxF2.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
I would describe the problem *slightly* differently from Miguel. I do not think that ACLs are the real problem, because the bug behaviour exists regardless of whether you're using filesystem ACLs or not. You may be right. I didn't have the time to thoroughly test it because I had to immediately revert to 3.2.7; there was work to be done. The problem seems to be that the configuration option 'acl map full control' isn't working anymore under 3.3. If that is the case, it is not working neither "on" nor "off". f the option is set (which is the default under both 3.2.7 and 3.3.0), a user with 'rwx' UNIX permissions should get 'Full Control' rights under Windows. This is regardless of whether the 'rwx' permissions come from the base UNIX permissions or POSIX ACLs. I can live without 'acl map full control' as long as I can set the appropriate permissions. I tried to enable the "Delete" permission with the Windows ACL editor and it didn't work, with both 'acl map full control' "on" or "off". Maybe there is something here which deserves further investigation. Under 3.3.0, a user with 'rwx' will have every Windows right except for 'Delete' and 'Full Control'. Even the file's owner will lack those two rights. Nonetheless, the owner will be able to delete or rename the file, but not any other users, even if they apparently have identical rights. Yes, that describes what I saw. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Re: CTDB + Samba: Tune Read Performance
On Thu, Jan 29, 2009 at 10:45 PM, John H Terpstra wrote: > On Thursday 29 January 2009 21:40:55 tim clusters wrote: > > On Tue, Jan 27, 2009 at 6:30 PM, tim clusters >wrote: > > > Hi, > > > > > > I have a two server setup that acts as SMB as well as NFS servers in > > > active/active configuration managed by CTDB(http://ctdb.samba.org/). > > > > > > The write performance is around 100MB/s per client however the read > > > performance is only 0.6MB/s (using Iozone benchmark). I use Windows > 2003 > > > Server as CIFS client. Sometimes the read performance is good only from > > > one of the CTDB managed Samba servers but not consistent when you > restart > > > CTDB + Samba. > > > > The issue is resolved and was network related. Tcpdump revealed lots of > > retransmission from the server to client owing to improper TcpWindowSize > > value. > > > > Cheers, > > -Tim > > Tim, > > Thanks for reporting that back to the list. This is useful information for > others. Would it be possible to perhaps provide a little more detail? > I apologize for being too terse. I myself need to narrow the right settings for SO_RCVBUF,SO_SNDBUF and TCP/IP settings to get max bandwidth. Initially, I had set SO_RCVBUF and SO_SNBUF to 262144 (larger packet size, more performance) [pid 29734] setsockopt(32, SOL_SOCKET, SO_RCVBUF, [262144], 4) = 0^M [pid 29734] setsockopt(32, SOL_SOCKET, SO_SNDBUF, [262144], 4) = 0^M Strace of SMBD revealed the server doing sendfile in chunk of 64KB from disk file to socket. [pid 29848] sendfile(32, 38, [3207168], 61440) = 61440 [pid 29848] sendfile(32, 38, [3268608], 61440) = 61440 [pid 29848] sendfile(32, 38, [3330048], 61440) = 61440 So, the server was doing as expected but still the performance was poor and network trace revealed lots of retransmission only from the server to the client (not the other way around). 9.990078 192.168.97.5 -> 192.168.97.1 SMB [TCP Retransmission] Read AndX Response, 61440 bytes 10.322077 192.168.97.5 -> 192.168.97.1 SMB [TCP Retransmission] Read AndX Response, 61440 bytes Then I set the SO_RCVBUF and SO_SNDBUF to 65536 to align to sendfile size. Still retransmissions was being seen. Googling, the primary suspect pointed to TCP/IP stack in particular the TCP/IP window size. TCP/IP Window Size = Bandwidth * RTT The Windows machine has Myrinet 10GigE HCA while Linux server has Chelsio 10GigE HCA. For 64KB SMB packet-size, Network testing led me to the following conclusion: Myrinet 10GigE: TCP Window Size = 3Gbps * 300 microsec ==> 150KB Chelsio 10GigE: TCP Window Size = 3.7Gbps * 260 microsec ==> 120KB Myricom recommends TCP/IP windows size of 512KB for Windows, while on Linux the window-size was set to 87.3KB (75% of 120KB to account for small packets?). net.ipv4.tcp_rmem=4096 87380 16777216 net.ipv4.tcp_wmem=4096 87380 16777216 As a results during read operation, the amount of unacknowledged data in flight that the server sent did not cause client to respond (as its window size was 512KB) causing the server to retransmit after timeout (not receiving acknowledgement). Also, TCP Window Scaling (RFC 1323) was not enabled on Windows client. Setting the Windows TCP/IP Windows size to 87.3KB (similar to Server) + TCP_1323Opts resolved the issue. Currently, a SMB server is able to handle sustained 300MB/s on writes and 200MB/s on reads. Performance remains constant as you scale clients with no time-outs and performance scales as you add another server. Iam still not sure if we can extract more from SMBD as CPU/memory/IO subsystem is less than 30% saturated. Seems like the performance bottleneck is network-related + SMB packet-size as raw network yields 450MB/s for 64KB packet-size. I may be wrong, but this is the closest explanation I can come with. Please suggest if there is room for further performance improvements. [snip] of smb.conf socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536 SO_KEEPALIVE use mmap = No use sendfile = Yes blocking locks = No Regards, -Tim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
On Fri, Jan 30, 2009 at 03:35:24PM -0500, Ryan B. Lynch wrote: > Miguel Medalha wrote: >> >>> Much of the ACL code has been rewritten to allow underlying >>> filesystems to implement "native" NT ACLs directly (...) >> >> Good! >> >>> but the functionality should be the same as 3.2.x when not >>> using the "experimental" ACL modules. >>> >>> >> >> I am not using the ACL modules and the functionality is definitely NOT >> the same. My users complained immediately. > > > We've been working to implement Samba 3.3 at our site since December. We > saw the same behaviour that Miguel describes since RC2, and we see it > today in a test with the final 3.3.0 release. > > We opened a bug report, #6005, but we didn't have a chance to post the > debug logs that Volcker requested, and it's closed, now. We will > probably do that next week and reopen it. Here's the link: > https://bugzilla.samba.org/show_bug.cgi?id=6005 > > I would describe the problem *slightly* differently from Miguel. I do > not think that ACLs are the real problem, because the bug behaviour > exists regardless of whether you're using filesystem ACLs or not. > > The problem seems to be that the configuration option 'acl map full > control' isn't working anymore under 3.3. This option took me a long > time to understand, because it refers to Windows ACLs, not filesystem > ACLs. If the option is set (which is the default under both 3.2.7 and > 3.3.0), a user with 'rwx' UNIX permissions should get 'Full Control' > rights under Windows. This is regardless of whether the 'rwx' > permissions come from the base UNIX permissions or POSIX ACLs. > > 3.2.7 works as the man page describes, but 3.3.0 does not. Under 3.3.0, > a user with 'rwx' will have every Windows right except for 'Delete' and > 'Full Control'. Even the file's owner will lack those two rights. > Nonetheless, the owner will be able to delete or rename the file, but > not any other users, even if they apparently have identical rights. > > Also, this behaviour seems to persist whether you explicitly turn 'acl > map full control' on or off. We also tried a few dozen combinations of > other permission, ownership, and ACL-related options in 'smb.conf', and > none of them worked. Ok, here are the two commits that affected this issue to make it differ from 3.2.x. commit 51b5364c2afb3a18df4bec2bc1624760ccc01676 Author: Volker Lendecke Date: Tue Jun 17 16:22:43 2008 +0200 RWX on a file does not imply DELETE access Without this the changed checks in can_delete_file_in_directory give DELETE access where there is none. So we can end up granting the ntcreate&x preparing the unlink where we should not, which leads to a NT_STATUS_ACCESS_DENIED at close time later, which in turn does *not* give the access denied error message in the Windows GUI. can_delete_file_in_directory will grant access now by looking at the directory permissions. commit daa9b056645a45edfb3a70e3536011ebe5678970 Author: Volker Lendecke Date: Thu Jun 19 14:53:46 2008 +0200 Fix checks in can_delete_file_in_directory() With at least NFSv4 ACLs around the write permission for the owner is a bogus check if we can delete a file in a directory. Like in Windows, there are two ways which can grant us such: First, the DELETE permission on the file itself, or if that does not help, the DELETE_CHILD permission on the directory. It might be a bit more code that runs, but essentially we should end up with the same set of syscalls in the non-acl case. This looks like a compatibility change to make us work better with NFSv4 underlying ACLs, not POSIX ones. I'll do some more digging. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
Miguel Medalha wrote: Much of the ACL code has been rewritten to allow underlying filesystems to implement "native" NT ACLs directly (...) Good! but the functionality should be the same as 3.2.x when not using the "experimental" ACL modules. I am not using the ACL modules and the functionality is definitely NOT the same. My users complained immediately. We've been working to implement Samba 3.3 at our site since December. We saw the same behaviour that Miguel describes since RC2, and we see it today in a test with the final 3.3.0 release. We opened a bug report, #6005, but we didn't have a chance to post the debug logs that Volcker requested, and it's closed, now. We will probably do that next week and reopen it. Here's the link: https://bugzilla.samba.org/show_bug.cgi?id=6005 I would describe the problem *slightly* differently from Miguel. I do not think that ACLs are the real problem, because the bug behaviour exists regardless of whether you're using filesystem ACLs or not. The problem seems to be that the configuration option 'acl map full control' isn't working anymore under 3.3. This option took me a long time to understand, because it refers to Windows ACLs, not filesystem ACLs. If the option is set (which is the default under both 3.2.7 and 3.3.0), a user with 'rwx' UNIX permissions should get 'Full Control' rights under Windows. This is regardless of whether the 'rwx' permissions come from the base UNIX permissions or POSIX ACLs. 3.2.7 works as the man page describes, but 3.3.0 does not. Under 3.3.0, a user with 'rwx' will have every Windows right except for 'Delete' and 'Full Control'. Even the file's owner will lack those two rights. Nonetheless, the owner will be able to delete or rename the file, but not any other users, even if they apparently have identical rights. Also, this behaviour seems to persist whether you explicitly turn 'acl map full control' on or off. We also tried a few dozen combinations of other permission, ownership, and ACL-related options in 'smb.conf', and none of them worked. -Ryan -- Ryan B. Lynch Engineer Innovative Discovery, LLC http://www.id-edd.com/ 347.633.0512 ryan.ly...@id-edd.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba local master browser crashes the Windows domain master browser
On Fri, Jan 30, 2009 at 11:08:05AM -0500, Brian H. Nelson wrote: > Not even a comment on this? A crash on the Windows server is definately a Microsoft bug. If you can reproduce it at will I'd suggest sending a bug report their way. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
Much of the ACL code has been rewritten to allow underlying filesystems to implement "native" NT ACLs directly (...) Good! but the functionality should be the same as 3.2.x when not using the "experimental" ACL modules. I am not using the ACL modules and the functionality is definitely NOT the same. My users complained immediately. Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
On Fri, Jan 30, 2009 at 11:58:16AM -0800, Jeremy Allison wrote: > On Fri, Jan 30, 2009 at 08:50:50PM +0100, Volker Lendecke wrote: > > On Fri, Jan 30, 2009 at 11:43:04AM -0800, Jeremy Allison wrote: > > > Not yet, it's on my list of things to document and > > > discuss in a talk at SambaXP this year. > > > > As you mention it -- did I miss your talk submitted? > > Just hit the "submit" button on the Web site :-) Thanks, got it :-) Volker pgpCZUxf99zeQ.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
On Fri, Jan 30, 2009 at 08:50:50PM +0100, Volker Lendecke wrote: > On Fri, Jan 30, 2009 at 11:43:04AM -0800, Jeremy Allison wrote: > > Not yet, it's on my list of things to document and > > discuss in a talk at SambaXP this year. > > As you mention it -- did I miss your talk submitted? Just hit the "submit" button on the Web site :-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
On Fri, Jan 30, 2009 at 11:43:04AM -0800, Jeremy Allison wrote: > Not yet, it's on my list of things to document and > discuss in a talk at SambaXP this year. As you mention it -- did I miss your talk submitted? Volker pgpsFkI5d4z9U.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACLs under Samba 3.3.0
On Fri, Jan 30, 2009 at 07:24:34PM +, Miguel Medalha wrote: > Is behavior of ACLs under Samba 3.3.0 (Sernet) completely different from > that under version 3.2.7? The release notes only talks about some > "fixes". > > I installed version 3.3.0 and got completely different result with the > same filesystem and the exact same samba configuration. The ACLs behaved > strangely and appeared very different under Windows ACL editor. Users > were now unable to delete the exact same files they had just created in > a folder. > > When seen under the Windows ACL editor, the "Delete" permission was > unselected. All efforts to activate it failed. Even resetting the > permissions on the command line with setfacl did not have any effect. I > then reverted to 3.2.7-38 and all was right again, without any > modification whatsoever. > > Is this a bug or is it by design? If it is by design, then the release > notes really should have warned against such a *huge* difference in > behavior... Much of the ACL code has been rewritten to allow underlying filesystems to implement "native" NT ACLs directly, but the functionality should be the same as 3.2.x when not using the "experimental" ACL modules. > On the subject of ACLs, is there any documentation available about the > experimental vfs modules acl_tdb and acl_xattr? Not yet, it's on my list of things to document and discuss in a talk at SambaXP this year. Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mv errors.
Günter Kukkukk-2 wrote: > > > Can you please try the "preserving copy cmds": > 'cp -p srcfile /mounted/samba/share/' > 'cp -a srcfile /mounted/samba/share/' > > Do they work ? > > bash >>> pwd /mnt/docs bash >>> ls --all . .. .Trash-1001 bash >>> cp -p ~/test.txt ./ cp: preserving times for `./test.txt': Operation not permitted bash >>> cp -a ~/.vimrc ./ cp: preserving times for `./.vimrc': Operation not permitted bash >>> pwd /mnt/docs bash >>> rm .vimrc (no warnings) bash >>> rm test.txt rm: remove write-protected regular empty file `test.txt'? -- View this message in context: http://www.nabble.com/mv-errors.-tp21712791p21754249.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ACLs under Samba 3.3.0
Is behavior of ACLs under Samba 3.3.0 (Sernet) completely different from that under version 3.2.7? The release notes only talks about some "fixes". I installed version 3.3.0 and got completely different result with the same filesystem and the exact same samba configuration. The ACLs behaved strangely and appeared very different under Windows ACL editor. Users were now unable to delete the exact same files they had just created in a folder. When seen under the Windows ACL editor, the "Delete" permission was unselected. All efforts to activate it failed. Even resetting the permissions on the command line with setfacl did not have any effect. I then reverted to 3.2.7-38 and all was right again, without any modification whatsoever. Is this a bug or is it by design? If it is by design, then the release notes really should have warned against such a *huge* difference in behavior... I observed this under Samba Sernet 3.3.0+CentOS 5.2. On the subject of ACLs, is there any documentation available about the experimental vfs modules acl_tdb and acl_xattr? Than you for your attention. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User Manager for Domains -- Groups not showing
On Fri, Jan 30, 2009 at 12:13:45AM -0800, Ray Klassen wrote: > I have a network of about 100+ users with a Samba 3.0.25 server with > an LDAP backend that I configured myself (with some help). Recently I > have had to add about 300 more users to my system and now I need to > get a slightly less technical person to help me manage the accounts. > I've been happily using smbldap-tools all of this time, but when I > showed what I do to my hapless trainee, her eyes started to glaze > over. So as an alternative I'd like to start using the 'User Manager > for Domains' in the SRVTOOLS.EXE archive. She might find the point and > click of it all more friendly. Only thing is, when I start up User > Manager, I can see all the users, but I can't see the groups. So I did > a bit of checking and found that nowhere are those available as a > list. Not even 'net rpc group list' will give me a list, even though > if I add someone to my Domain Admins group everything works correctly. > At the windows workstation end I can access the groups by name, to set > the permissions of a share to certain group, etc. but I can't list > them as I can the users.I've checked all the files... > smb.conf,ldap.conf,slapd.conf,smbldap.conf and the Groups directive > matches up with the right ldap 'ou' and so on. Has anyone any > pointers? There was a bug in earlier versions of the smbldap-tools that creates groups with the wrong sid-type. I'd suggest upgrading to 3.0.34 (latest 3.0.x release) and then ensuring the group-type is changed in your LDAP db (I think it should be type 5, rather than type 4 but this could be the other way around :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with offline drive
Walter Mautner wrote: Bad. Storing mail databases on network drives (in particular when they become bigger) or storing them on a roaming profile path is not supported for Microsofts e-mail programs. Even though Thunderbird/Mozilla don't explicitely forbid it, it is also bad for Thunderbird. You would be far better with plain local storage and synchronization or imap/offline imap. As a workaround, change the mail profile to a local path and use Microsoft synctoy to sync with the path in M: when online. For Gods sake, disable offline file function in XP. Yes I agree here. You can hack the registry to save the Local Settings folder with the roaming profile, or change the location of outlook.pst. But when your users aren't locally on your network, they won't have a connection to M:, hence outlook breaks. Here we use Seamonkey and IMAP, so that all mail stays on the server. You should really be using imap, it helps keeps the profile smaller, and with the mail being stored on the server, its better for backups and archiving. I also agree to disable offline files. If it syncs when logging off, its no better then using a roaming profile, and if you have it sync at a certain time of day, if the user makes any changes after that time, they are log when they unplug themselves. Personally, I use roaming profiles, and tell my users if they are taking a notebook out of town, copy the files they think they will need to their desktop because i redirect my documents to a folder on their home drive to make the roaming profiles save and load quicker. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mv errors.
Am Freitag, 30. Januar 2009 schrieb Athunye: > > Günter Kukkukk-2 wrote: > > > > > > looks like cifs vfs (version 1.45) is failing here. > > Do your not _failing_ linux clients use a more recent version of cifs vfs? > > > > > > I do not have not_failing_linux_clients because I only have four machines > with Debian Etch (wich are updated every two or three days). > -- > View this message in context: > http://www.nabble.com/mv-errors.-tp21712791p21744578.html > Sent from the Samba - General mailing list archive at Nabble.com. > cifs vfs around version 1.45 had issues when setting file times and permissions (and a mv cmd is preserving the original settings). Can you please try the "preserving copy cmds": 'cp -p srcfile /mounted/samba/share/' 'cp -a srcfile /mounted/samba/share/' Do they work ? Cheers, Günter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with offline drive
Am Thursday 29 January 2009 17:02:09 schrieb BOURIAUD: > Hi ! > I hope that someone will be abble to help me with the problem I get with my > samba machines, though it is not really a samba problem. > Here is the config I use : > I'm running a samba controler on a rhel 5 machine (rpm -qa says > samba-3.0.33-3.7.el5) which acts as a domain controler. > My machines, all windows XP use to be connected to this controler. I have > no problem with them. The problem occurs with laptops. > Indeed, we have some drives mapped to the domain controler. The one that > causes problem is the M: drive, on which is stored the profile of Bad. Storing mail databases on network drives (in particular when they become bigger) or storing them on a roaming profile path is not supported for Microsofts e-mail programs. Even though Thunderbird/Mozilla don't explicitely forbid it, it is also bad for Thunderbird. You would be far better with plain local storage and synchronization or imap/offline imap. As a workaround, change the mail profile to a local path and use Microsoft synctoy to sync with the path in M: when online. For Gods sake, disable offline file function in XP. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba local master browser crashes the Windows domain master browser
Not even a comment on this? -Brian Brian H. Nelson wrote: Hi all, I have a Windows 2003sp2 domain with a few Samba 3.0 member servers. This domain services about 700 XP PCs distributed across 15 or so subnets. On one particular subnet there are about 300 PCs, 2 or 3 2003 member servers and a samba 3.0.28 member server (solaris). When/if the samba server picks up the local master browser role, it will cause the domain master browser to crash after a short while (5-30 min). As long as one of the windows machines is LMB, everything works fine. I have been able to reproduce the crash several times by switching the samba machine back to LMB (with os level = 255). I do have at least one other Samba machine acting as a local master. This machine does not seem to cause the above problem, but it is on a different subnet that has far fewer machines (less that 50). That samba is 3.0.23c (ancient, I know). The domain master is the 2003 DC that carries the PDC emulator FSMO role. Moving the PDC role around to other DCs causes the crash problem to follow to the new machine. Stopping the Computer Browser service on that DC prevents the crash from happening, but that is not really a solution. Setting 'local master = no' on the samba machine also takes care of this problem, which I have done, but I still feel that this is a pretty major issue and should be investigated further. I suspect that this is ultimately a Microsoft bug, but being that only Samba seems to tickle it is why I'm posting here. Are there any known issues related to this? I have a network trace and a level 10 nmbd log of the problem. Should I open a bug? Thanks much, -Brian -- --- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: RE: [Samba] User Manager for Domains -- Groups not showing
I got a debug log going on the actual ldap query and it looks like its looking for an attribute sambaSIDList but that attribute is set on none of my groups. Any guesses as how I should populate that? On Fri, Jan 30, 2009 at 12:23 AM, wrote: > Currently ... > > passwd: files ldap > shadow: files ldap > group: files ldap > > > yeah the unix end of things is perfectly happy with ldap > > getent passwd | grep root gives me both the /etc/passwd and ldap entries > > getent group |grep Domain\ Users gives me the ldap samba group > > Group Mappings are just fine. except no list through samba... > > > > On Jan 30, 2009 12:17am, "L. P. H. van Belle" wrote: >> hi, >> >> >> >> check >> >> nsswitch.conf >> >> should have something like.. >> >> >> >> passwd: compat ldap >> >> group: compat ldap >> >> shadow: compat ldap >> >> >> >> >> >> Louis >> >> >-Oorspronkelijk bericht- >> >> >Van: rayklas...@gmail.com >> >> >[mailto:samba-bounces+belle=bazuin...@lists.samba.org] Namens >> >> >Ray Klassen >> >> >Verzonden: 2009-01-30 09:14 >> >> >Aan: samba@lists.samba.org >> >> >Onderwerp: [Samba] User Manager for Domains -- Groups not showing >> >> > >> >> >I have a network of about 100+ users with a Samba 3.0.25 server with >> >> >an LDAP backend that I configured myself (with some help). Recently I >> >> >have had to add about 300 more users to my system and now I need to >> >> >get a slightly less technical person to help me manage the accounts. >> >> >I've been happily using smbldap-tools all of this time, but when I >> >> >showed what I do to my hapless trainee, her eyes started to glaze >> >> >over. So as an alternative I'd like to start using the 'User Manager >> >> >for Domains' in the SRVTOOLS.EXE archive. She might find the point and >> >> >click of it all more friendly. Only thing is, when I start up User >> >> >Manager, I can see all the users, but I can't see the groups. So I did >> >> >a bit of checking and found that nowhere are those available as a >> >> >list. Not even 'net rpc group list' will give me a list, even though >> >> >if I add someone to my Domain Admins group everything works correctly. >> >> >At the windows workstation end I can access the groups by name, to set >> >> >the permissions of a share to certain group, etc. but I can't list >> >> >them as I can the users.I've checked all the files... >> >> >smb.conf,ldap.conf,slapd.conf,smbldap.conf and the Groups directive >> >> >matches up with the right ldap 'ou' and so on. Has anyone any >> >> >pointers? >> >> >-- >> >> >To unsubscribe from this list go to the following URL and read the >> >> >instructions: https://lists.samba.org/mailman/options/samba >> >> > >> >> > >> >> >> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: RE: [Samba] User Manager for Domains -- Groups not showing
net rpc group list -- returns nothing net rpc group members domain\ users -- works fine! >recheck your smbldap-tools/smbldap.conf >there must be a typo inhere, or >your smb.conf has a typo. checked and rechecked! On Fri, Jan 30, 2009 at 12:23 AM, wrote: > Currently ... > > passwd: files ldap > shadow: files ldap > group: files ldap > > > yeah the unix end of things is perfectly happy with ldap > > getent passwd | grep root gives me both the /etc/passwd and ldap entries > > getent group |grep Domain\ Users gives me the ldap samba group > > Group Mappings are just fine. except no list through samba... > > > > On Jan 30, 2009 12:17am, "L. P. H. van Belle" wrote: >> hi, >> >> >> >> check >> >> nsswitch.conf >> >> should have something like.. >> >> >> >> passwd: compat ldap >> >> group: compat ldap >> >> shadow: compat ldap >> >> >> >> >> >> Louis >> >> >-Oorspronkelijk bericht- >> >> >Van: rayklas...@gmail.com >> >> >[mailto:samba-bounces+belle=bazuin...@lists.samba.org] Namens >> >> >Ray Klassen >> >> >Verzonden: 2009-01-30 09:14 >> >> >Aan: samba@lists.samba.org >> >> >Onderwerp: [Samba] User Manager for Domains -- Groups not showing >> >> > >> >> >I have a network of about 100+ users with a Samba 3.0.25 server with >> >> >an LDAP backend that I configured myself (with some help). Recently I >> >> >have had to add about 300 more users to my system and now I need to >> >> >get a slightly less technical person to help me manage the accounts. >> >> >I've been happily using smbldap-tools all of this time, but when I >> >> >showed what I do to my hapless trainee, her eyes started to glaze >> >> >over. So as an alternative I'd like to start using the 'User Manager >> >> >for Domains' in the SRVTOOLS.EXE archive. She might find the point and >> >> >click of it all more friendly. Only thing is, when I start up User >> >> >Manager, I can see all the users, but I can't see the groups. So I did >> >> >a bit of checking and found that nowhere are those available as a >> >> >list. Not even 'net rpc group list' will give me a list, even though >> >> >if I add someone to my Domain Admins group everything works correctly. >> >> >At the windows workstation end I can access the groups by name, to set >> >> >the permissions of a share to certain group, etc. but I can't list >> >> >them as I can the users.I've checked all the files... >> >> >smb.conf,ldap.conf,slapd.conf,smbldap.conf and the Groups directive >> >> >matches up with the right ldap 'ou' and so on. Has anyone any >> >> >pointers? >> >> >-- >> >> >To unsubscribe from this list go to the following URL and read the >> >> >instructions: https://lists.samba.org/mailman/options/samba >> >> > >> >> > >> >> >> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] ACL
I believe that XFS is setup for ACL by default getfacl yo.txt # file: yo.txt # owner: root # group: root user::rw- user:admin1:rwx user:jon:r-- group::r-- mask::rwx other::r-- Seems like that is all working. -Original Message- From: samba-bounces+clinton=hitcents@lists.samba.org [mailto:samba-bounces+clinton=hitcents@lists.samba.org] On Behalf Of Collen Blijenberg Sent: Friday, January 30, 2009 3:01 AM To: samba@lists.samba.org Subject: Re: [Samba] ACL Did you also setup ACL in your fstab ?? the mounted partition needs acl to make samba use it. Cheers, Collen Clinton Mills wrote: > Hi samba group, > > > > I'm trying to get samba to act like Windows in the Security tab (to be able > to add, remove, and modify ACLs on certain files/folders). We are running > Centos 5.2 (2.6.18-92.1.22.el5) with XFS installed for the /share partition. > > > > I currently have these versions of samba installed: > > samba-3.0.28-1.el5_2.1 > > samba-common-3.0.28-1.el5_2.1 > > > > I am pretty sure the ACL is all setup and working correctly. I can maintain > ACL from Linux and I can even see them in the security tab for windows. I > can also remove users from the security tab in Windows. > > > > These are the things I need help with > > . When I try and add a user it ask me for a username and password. I > cannot get this to accept my password. > > . When I first load up the security tab it shows a long number > "S-1-5-21-..." This screen takes a while to change these numbers to names. > Is there a way to speed this up? > > . Is there a way to restrict people from adding them self to > files/folder they do not have access to? > > > > I have looked all over and cannot find clear instructions on how to set ACL > up in a user environment. If you could point me to one of these documents > that would be very helpful. > > > > We currently have Samba setup to work without a domain. I have read on other > websites that this is not a good idea: > > > > One problem with Samba ACL support is that listing users to use for access > control entries (ACEs) within ACLs can be troublesome. Specifically, if > you're using Samba in a standalone mode (i.e., configured with "user" > security mode), Windows 2000 and Windows XP users might not be able to > consistently list Samba users when configuring an ACL. > > > > We really don't have the option of doing a PDC. Is this a bad idea to try > and get this to work without using PDC? > > > > smbd -b | grep ACL > >HAVE_SYS_ACL_H > >HAVE_ACL_LIBACL_H > >HAVE_POSIX_ACLS > > > > smb.conf > > [global] > > > > > > passdb backend = tdbsam > > > > add user script = /usr/sbin/useradd -m %u > > delete user script = /usr/sbin/userdel -r %u > > add group script = /usr/sbin/groupadd %g > > delete group script = /usr/sbin/groupdel %g > > add user to group script = /usr/sbin/groupmod -A %u %g > > delete user from group script = /usr/sbin/groupmod -R %u %g > > add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody %u > > > > security = user > > encrypt passwords = yes > > > > preferred master = Yes > > domain master = Yes > > domain logons = Yes > > > > debuglevel = 3 > > > > workgroup = Workgroup > > workgroup = temp > > netbios name = hitsnap > > bind interfaces only = True > > interfaces = eth1 lo > > > > max disk size = 99 ;some programs (like PS7) can't deal with more than > 1TB > > > > allow hosts = 192.168.0.0/16 > > socket options = TCP_NODELAY > > server string = Hitsnap > > smb ports = 139 > > > > syslog = 0 > > log level = 2 > > log file = /var/log/samba/log.%m > > > > vfs objects = recycle > > > > client ntlmv2 auth = yes > > ;recycle:repository = .recycle > > ;recycle:keeptree = Yes > > ;recycle:versions = Yes > > ;recycle:touch = Yes > > > > [netlogon] > > path = /var/lib/samba/netlogon > > read only = yes > > > > > > > > [homes] > > read only = no > > browseable = no > > > > [share1] > > ;minauth=none > > path = /share/hdrive/share1 > > read only = no > > browseable = yes > > writable = yes > > admin users = admin1 > > valid users = admin1 > > public = no > > create mask = 0777 > > directory mask = 0777 > > nt acl support = yes > > acl map full control = yes > > > > dont descend = .recycle > > > > Thanks > > Clinton Mills > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mv errors.
Also, I have something else to ask. I was talking to someone in #samba (freenode) and I was told that "cifs isn't posix". Also: "it's trying to set posix permissions on a filesystem that isn't posix capable". What do guys have to say about that ? -- View this message in context: http://www.nabble.com/mv-errors.-tp21712791p21745257.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mv errors.
Günter Kukkukk-2 wrote: > > > looks like cifs vfs (version 1.45) is failing here. > Do your not _failing_ linux clients use a more recent version of cifs vfs? > > I do not have not_failing_linux_clients because I only have four machines with Debian Etch (wich are updated every two or three days). -- View this message in context: http://www.nabble.com/mv-errors.-tp21712791p21744578.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] mv errors.
All machines are logging in with the user smbuser... I mean, all machines have the fstab this way: //192.168.1.1/docs /mnt/docs cifs noauto,users,username=smbuser,password=**,_netdev,uid=debuser 0 0 Rob Shinn wrote: > > With the 'valid users = smbuser' directive, all users will be logging in > as guest. Note that when you use 'cp' the copies end up being owned by > smbuser. But smbuser can't change the datestamp of files it doesn't own > -- the server's OS won't allow it. That's likely the cause of your > problem. > > -Original Message- > Date: Thursday, January 29, 2009 7:21:34 pm > To: samba@lists.samba.org > From: "Athunye" > Subject: RE: [Samba] mv errors. > > > [global] > netbios name = Server > workgroup = Grupo > unix extensions = yes > case sensitive = yes > ea support = yes > #msdfs root = no > server string = Servidor Samba > encrypt passwords = yes > hosts allow = 192.168.1. > interfaces = eth1 > bind interfaces only = yes > local master = yes > os level = 100 > preferred master = yes > wins support = yes > map to guest = bad user > guest account = smbuser > > [docs] > path = /mnt/docs > writable = yes > valid users = smbuser > > -- > View this message in context: > http://www.nabble.com/mv-errors.-tp21712791p21739237.html > Sent from the Samba - General mailing list archive at Nabble.com. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > -- View this message in context: http://www.nabble.com/mv-errors.-tp21712791p21744472.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs is not working (smbclient does work), somekind of recursive content in mount-dir
modinfo cifs: filename: /lib/modules/2.6.24-21-generic/kernel/fs/cifs/cifs.ko version:1.52 description:VFS to access servers complying with the SNIA CIFS Specification e.g. Samba and Windows license:GPL author: Steve French srcversion: 358B7F0F1DB5F2E9360AFD9 depends: vermagic: 2.6.24-21-generic SMP mod_unload 586 parm: CIFSMaxBufSize:Network buffer size (not including header). Default: 16384 Range: 8192 to 130048 (int) parm: cifs_min_rcv:Network buffers in pool. Default: 4 Range: 1 to 64 (int) parm: cifs_min_small:Small network buffers in pool. Default: 30 Range: 2 to 256 (int) parm: cifs_max_pending:Simultaneous requests to server. Default: 50 Range: 2 to 256 (int) Thanks! > please post the outcome of 'modinfo cifs' (done as root). > > Cheers, Günter > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ACL
Did you also setup ACL in your fstab ?? the mounted partition needs acl to make samba use it. Cheers, Collen Clinton Mills wrote: Hi samba group, I'm trying to get samba to act like Windows in the Security tab (to be able to add, remove, and modify ACLs on certain files/folders). We are running Centos 5.2 (2.6.18-92.1.22.el5) with XFS installed for the /share partition. I currently have these versions of samba installed: samba-3.0.28-1.el5_2.1 samba-common-3.0.28-1.el5_2.1 I am pretty sure the ACL is all setup and working correctly. I can maintain ACL from Linux and I can even see them in the security tab for windows. I can also remove users from the security tab in Windows. These are the things I need help with . When I try and add a user it ask me for a username and password. I cannot get this to accept my password. . When I first load up the security tab it shows a long number "S-1-5-21-..." This screen takes a while to change these numbers to names. Is there a way to speed this up? . Is there a way to restrict people from adding them self to files/folder they do not have access to? I have looked all over and cannot find clear instructions on how to set ACL up in a user environment. If you could point me to one of these documents that would be very helpful. We currently have Samba setup to work without a domain. I have read on other websites that this is not a good idea: One problem with Samba ACL support is that listing users to use for access control entries (ACEs) within ACLs can be troublesome. Specifically, if you're using Samba in a standalone mode (i.e., configured with "user" security mode), Windows 2000 and Windows XP users might not be able to consistently list Samba users when configuring an ACL. We really don't have the option of doing a PDC. Is this a bad idea to try and get this to work without using PDC? smbd -b | grep ACL HAVE_SYS_ACL_H HAVE_ACL_LIBACL_H HAVE_POSIX_ACLS smb.conf [global] passdb backend = tdbsam add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/groupmod -A %u %g delete user from group script = /usr/sbin/groupmod -R %u %g add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody %u security = user encrypt passwords = yes preferred master = Yes domain master = Yes domain logons = Yes debuglevel = 3 workgroup = Workgroup workgroup = temp netbios name = hitsnap bind interfaces only = True interfaces = eth1 lo max disk size = 99 ;some programs (like PS7) can't deal with more than 1TB allow hosts = 192.168.0.0/16 socket options = TCP_NODELAY server string = Hitsnap smb ports = 139 syslog = 0 log level = 2 log file = /var/log/samba/log.%m vfs objects = recycle client ntlmv2 auth = yes ;recycle:repository = .recycle ;recycle:keeptree = Yes ;recycle:versions = Yes ;recycle:touch = Yes [netlogon] path = /var/lib/samba/netlogon read only = yes [homes] read only = no browseable = no [share1] ;minauth=none path = /share/hdrive/share1 read only = no browseable = yes writable = yes admin users = admin1 valid users = admin1 public = no create mask = 0777 directory mask = 0777 nt acl support = yes acl map full control = yes dont descend = .recycle Thanks Clinton Mills -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with offline drive
That's a windows caching function http://support.microsoft.com/kb/307853 On Jan 29, 2009 8:02am, BOURIAUD wrote: Hi ! I hope that someone will be abble to help me with the problem I get with my samba machines, though it is not really a samba problem. Here is the config I use : I'm running a samba controler on a rhel 5 machine (rpm -qa says samba-3.0.33-3.7.el5) which acts as a domain controler. My machines, all windows XP use to be connected to this controler. I have no problem with them. The problem occurs with laptops. Indeed, we have some drives mapped to the domain controler. The one that causes problem is the M: drive, on which is stored the profile of thunderbird. When the laptop is connected to the network, no problems. Thunderbird works just fine. All mails are here. When the laptop is out of the office, connected or not to another network doesn't change anything, thunderbird shows a weird interface, there are missing mails, missing folders on the left view and so on. When I connected the M: drive to \\server\mail, I right-clicked on the M: drive in the "My computer" view and selected the option to have this drive offline. When I'm disconnected of the network, I can walk in this drive and see all the files that belongs to thunderbird. I even can view the content of individual files with notepad for example. Is there anyone here either to help me or to direct me to another place where I could find help for this peculiar topic ? I've of course searched the web, read many things about offline drives, but found nothing helpfull. Thanks in advance for any help provided. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: RE: [Samba] User Manager for Domains -- Groups not showing
Currently ... passwd: files ldap shadow: files ldap group: files ldap yeah the unix end of things is perfectly happy with ldap getent passwd | grep root gives me both the /etc/passwd and ldap entries getent group |grep Domain\ Users gives me the ldap samba group Group Mappings are just fine. except no list through samba... On Jan 30, 2009 12:17am, "LPH van Belle" wrote: hi, check nsswitch.conf should have something like.. passwd: compat ldap group: compat ldap shadow: compat ldap Louis >-Oorspronkelijk bericht- >Van: rayklas...@gmail.com >[mailto:samba-bounces+belle=bazuin...@lists.samba.org] Namens >Ray Klassen >Verzonden: 2009-01-30 09:14 >Aan: samba@lists.samba.org >Onderwerp: [Samba] User Manager for Domains -- Groups not showing > >I have a network of about 100+ users with a Samba 3.0.25 server with >an LDAP backend that I configured myself (with some help). Recently I >have had to add about 300 more users to my system and now I need to >get a slightly less technical person to help me manage the accounts. >I've been happily using smbldap-tools all of this time, but when I >showed what I do to my hapless trainee, her eyes started to glaze >over. So as an alternative I'd like to start using the 'User Manager >for Domains' in the SRVTOOLS.EXE archive. She might find the point and >click of it all more friendly. Only thing is, when I start up User >Manager, I can see all the users, but I can't see the groups. So I did >a bit of checking and found that nowhere are those available as a >list. Not even 'net rpc group list' will give me a list, even though >if I add someone to my Domain Admins group everything works correctly. >At the windows workstation end I can access the groups by name, to set >the permissions of a share to certain group, etc. but I can't list >them as I can the users.I've checked all the files... >smb.conf,ldap.conf,slapd.conf,smbldap.conf and the Groups directive >matches up with the right ldap 'ou' and so on. Has anyone any >pointers? >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with offline drive
Hi ! I hope that someone will be abble to help me with the problem I get with my samba machines, though it is not really a samba problem. Here is the config I use : I'm running a samba controler on a rhel 5 machine (rpm -qa says samba-3.0.33-3.7.el5) which acts as a domain controler. My machines, all windows XP use to be connected to this controler. I have no problem with them. The problem occurs with laptops. Indeed, we have some drives mapped to the domain controler. The one that causes problem is the M: drive, on which is stored the profile of thunderbird. When the laptop is connected to the network, no problems. Thunderbird works just fine. All mails are here. When the laptop is out of the office, connected or not to another network doesn't change anything, thunderbird shows a weird interface, there are missing mails, missing folders on the left view and so on. When I connected the M: drive to \\server\mail, I right-clicked on the M: drive in the "My computer" view and selected the option to have this drive offline. When I'm disconnected of the network, I can walk in this drive and see all the files that belongs to thunderbird. I even can view the content of individual files with notepad for example. Is there anyone here either to help me or to direct me to another place where I could find help for this peculiar topic ? I've of course searched the web, read many things about offline drives, but found nothing helpfull. Thanks in advance for any help provided. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Groups not Showing
I have a network of about 100+ users with a Samba 3.0.25 server with an LDAP backend that I configured myself (with some help). Recently I have had to add about 300 more users to my system and now I need to get a slightly less technical person to help me manage the accounts. I've been happily using smbldap-tools all of this time, but when I showed what I do to my hapless trainee, her eyes started to glaze over. So as an alternative I'd like to start using the 'User Manager for Domains' in the SRVTOOLS.EXE archive. She might find the point and click of it all more friendly. Only thing is, when I start up User Manager, I can see all the users, but I can't see the groups. So I did a bit of checking and found that nowhere are those available as a list. Not even 'net rpc group list' will give me a list, even though if I add someone to my Domain Admins group everything works correctly. At the windows workstation end I can access the groups by name, to set the permissions of a share to certain group, etc. but I can't list them as I can the users.I've checked all the files... smb.conf,ldap.conf,slapd.conf,smbldap.conf and the Groups directive matches up with the right ldap 'ou' and so on. Has anyone any pointers? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] User Manager for Domains -- Groups not showing
I have a network of about 100+ users with a Samba 3.0.25 server with an LDAP backend that I configured myself (with some help). Recently I have had to add about 300 more users to my system and now I need to get a slightly less technical person to help me manage the accounts. I've been happily using smbldap-tools all of this time, but when I showed what I do to my hapless trainee, her eyes started to glaze over. So as an alternative I'd like to start using the 'User Manager for Domains' in the SRVTOOLS.EXE archive. She might find the point and click of it all more friendly. Only thing is, when I start up User Manager, I can see all the users, but I can't see the groups. So I did a bit of checking and found that nowhere are those available as a list. Not even 'net rpc group list' will give me a list, even though if I add someone to my Domain Admins group everything works correctly. At the windows workstation end I can access the groups by name, to set the permissions of a share to certain group, etc. but I can't list them as I can the users.I've checked all the files... smb.conf,ldap.conf,slapd.conf,smbldap.conf and the Groups directive matches up with the right ldap 'ou' and so on. Has anyone any pointers? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] smbcacls -- ERROR: unable to open credentials file!
Hello All, Tried googling for more info on this...none found. When i try to run smbcacls //host/share/file.txt -A ACL:user:ALLOWED/0/RWX the ff error message is returned: ERROR: Unable to open credentials file! There seems to be no mention of the credentials file in the samba docs or man pages; i've also looked into the smbcacls.c source code, no mention of it as well. Can anyone point me into the general direction of a solution to this? tia -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
