[Samba] ANNOUNCE: cifs-utils release 6.2 ready for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Again, nothing earth-shattering in this release. Mostly some minor bugfixes and cleanups. Some highlights: - - setcifsacl can now work without a plugin - - systemd-ask-password is found using $PATH now - - cifs.upcall now works with KEYRING: credcaches Go forth and download! webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed list of changes since 6.2: commit 8919d8c6437aabb69a53c251e8ff6a8163ca227b Author: Jeff Layton Date: Mon Jul 8 09:06:46 2013 -0400 autoconf: set version to 6.1.1 for interim builds Signed-off-by: Jeff Layton commit 9fd9f71afc8a849df97973764227d6a13f2768f3 Author: Jeff Layton Date: Mon Jul 8 09:08:01 2013 -0400 manpage: fix nouser_xattr description The manpage erroneously states that nouser_xattr is the default, when it's actually the reverse. Reported-by: Dome Signed-off-by: Jeff Layton commit fe230e5ecaed98d3bb70292b60d44c3c7c47c720 Author: Jeff Layton Date: Thu Jul 18 10:08:27 2013 -0400 setcifsacl: add fallback for when plugin can't be loaded Allow setcifsacl to function even in the case where the plugin can't be initialized. ID mapping of course won't work, but we can still allow it to accept "raw" SID strings. Signed-off-by: Jeff Layton commit e18d42adddbea9178d93b6051132f9cdee4cc9e0 Author: Jeff Layton Date: Thu Jul 18 10:14:21 2013 -0400 cifs-utils: fix some sparse warnings Signed-off-by: Jeff Layton commit 3ec619fce9abaa37edd4540840913682d48c5359 Fixes: https://bugzilla.samba.org/show_bug.cgi?id=10054 Signed-off-by: Michał Górny commit 92262eafa12b4e11fca1d6f3647cfdeff2f4281c Author: Steve French Date: Mon Sep 9 09:55:46 2013 -0500 autoconf: add another suggested package name for krb5 headers Added an alternate package name for krb5 headers. Noticed the following suggestion asks for the wrong package (at least wrong for FC17) checking krb5.h presence... no checking for krb5.h... no checking krb5/krb5.h usability... no checking krb5/krb5.h presence... no checking for krb5/krb5.h... no configure: WARNING: krb5.h not found, consider installing krb5-libs-devel. Disabling cifs.upcall. [sfrench@w500smf cifs-utils]$ sudo yum install krb5-libs-devel Loaded plugins: langpacks, presto, refresh-packagekit No package krb5-libs-devel available. Error: Nothing to do [sfrench@w500smf cifs-utils]$ sudo yum install krb5-devel (installing krb5-devel worked, but not krb5-libs-devel for this version) Signed-off-by: Steve French commit f03c51c5169fdf9431afd1f30f372531a6be Author: Jeff Layton Date: Tue Sep 17 11:39:13 2013 -0400 cifs.upcall: try to use default credcache if we didn't find one Fedora is in the process of moving to KEYRING: credcaches which are not currently handled by cifs.upcall. We could try to detect when they're in use, but it's simpler and more robust to just try to use the default credcache whenever we don't find a FILE: or DIR: cache. Signed-off-by: Jeff Layton commit 2f832e350ec472ea974c82133734c640bc02e869 Author: Jeff Layton Date: Fri Oct 4 07:12:32 2013 -0400 autoconf: update configure.ac a'la autoupdate Signed-off-by: Jeff Layton commit 1ad2f127b150b32325b9858639f5f4f2ae949f82 Author: Jeff Layton Date: Fri Oct 4 06:56:41 2013 -0400 autoconf: set version to 6.2 Signed-off-by: Jeff Layton - -- Jeff Layton -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQIcBAEBAgAGBQJSTqn0AAoJEAAOaEEZVoIVgZcQANHmJUU6kQisv4KaDHf6T1VW YeFJEEFuoa3mvYil3k/lKJxuZV/KVnpEtjCK5Q52UWWxF/TBmK5S1VXOAGXiq/O8 589ip/XTqWe8dJgqrNN4mn6/sI481ADmWdPi6RRQ5knJV5+I00RvrSdW3MNSNMnC cMD9+oFoaJwLcZB9+5Ep94U891HzB0VIh0LuxWfYYjziOoKVel51L3V4N8ZBCEAD 0wDs4XxuGqX0Cdk+qhy4s+7Pa0yMckzwvmAmEC8z6SgJPBQNuayD4FGjnYY2E4KO iTVvcBdXIhl2FGyPh4Rwra4Dqn1WVQ6fdFFvl1ByAO2HwFTg/C605f1eFO8pJtQl IIGL5UMXGmYgTlbwpCIwkwLQ9AHBrW2USQRjWOBliMrC7UDkCPYSYfgKbdWZ8TEj ZYDg2h+Yr8o7LN0B6znKrMV+5OjlK2ajoTDn5K4u/FtsvMbD+9ufgJ393ilhHcBl 5Hhl+zhqsv+vj19kWWdWmV+bzs2GcbqOTaAqV85IzInrsToFsEyUYmDRvzCdafxg WoRj39FFQEC6CgwC/9RJHFzWLDTHXZYpjA2eB3lRQ6tP7dpCTomOjWaUwdAxfFTQ OVZY18Wk3K4CJyKyV1xSD9vKHXDdJQDT2UysM6a0f8y6p4ItuodkwOYHd0lz4y6B GAT2slbEkY8N6VYOOPDE =m1ow -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Speed differences for windows clients
On Mon, 12 Aug 2013 10:00:18 +0200 Philipp Lies wrote: > Hi, > > we have a strange phenomenon with the transfer speed between windows > clients and samba servers. Here's the setup: > > server 1: centos 6.3 with samba 3.5.10 > server 2: centos 6.4 with samba 3.6.9 > both servers are configured as BDC and have - aside from netbios name - > identical smb.conf which contains ldapsam as backend and all other > parameters are not set (i.e. default) > > When I mount a share from a linux client, the transfer speed is > ~112MB/sec to either server from any linux client. However, when I mount > a share from Windows clients, the speed to server 1 is ~95MB/s and to > server 2 ~85MB/s. We tested this with several windows clients (all > running Windows 7 with all updates). > > The speed difference between linux client and windows client is not > what's confusing me but that server 2 is always slower than server 1. > > Any ideas what could cause this? > > Philipp The speed difference between Linux and Windows clients is most likely explained by the fact that Linux clients will almost always negotiate POSIX extensions with the server. At that point, they're allowed to bump up the rsize/wsize values to much larger values. Newer kernels will default to 1M for both. That greatly increases throughput. As far as the difference between the two servers from windows clients, it'll be difficult to be sure without doing some more legwork to track down the cause. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 6.0 ready for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It has been a few months since the last cifs-utils release. There hasn't been much activity, but there are a few bugfixes that we ought to get into a release. So, nothing much earth-shattering here, mostly just bugfixes and documentation updates. With this release too, support for NFS-style devicenames has now been removed (as previously announced via a warning at mount time): Go forth and download! webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed list of changes since 5.9: commit 9c988b1e39c5abe88e795bb3fb9285ee6c4b80fc Author: Jeff Layton Date: Mon Jan 7 10:23:09 2013 -0500 autoconf: set release to 5.9.1 for interim builds Signed-off-by: Jeff Layton commit 739289ad3ce915e1ee2705ecd7ac4e907cd91405 Author: Jeff Layton Date: Mon Jan 7 10:25:30 2013 -0500 cifsidmap: clean up comments on API description ...typo and grammatical fixes, mostly. Signed-off-by: Jeff Layton commit 1a01f7c4b90695211d12291d7a24bec05b1f2922 Author: Jeff Layton Date: Sat Jan 12 22:02:01 2013 -0500 mount.cifs: set parsed_info->got_user when a cred file supplies a username commit 85d18a1ed introduced a regression when using a credentials file. It set the username in the parsed mount info properly, but didn't set the "got_user" flag in it. Also, fix an incorrect strlcpy length specifier in open_cred_file. Reported-by: "Mantas M." Signed-off-by: Jeff Layton commit fba9d20495719f3fa323401b087ebef60a0d Author: Jeff Layton Date: Mon Jan 28 21:38:12 2013 -0500 setcifsacl: fix infinite loop in getnumcaces Jian pointed out that this loop can cycle infinitely when the string contains a ','. Also, fix typo in manpage that shows a trailing ',' in one example. Reported-by: Jian Li Signed-off-by: Jeff Layton commit 653a6c66312382da381a2d44f8018d3222cadbdf Author: Jeff Layton Date: Tue Jan 29 07:08:48 2013 -0500 setcifsacl: fix offset calculation in "set" code Previously the code assumed that the ACE that was copied was of a fixed size. Save off the return value from copy_ace and ensure that we apply it correctly to the size and offset. Reported-by: Jian Li Signed-off-by: Jeff Layton commit d1d96fafe50b04395ff3ee4590777452e6612e02 Author: Jeff Layton Date: Fri Feb 1 12:41:57 2013 -0500 cifs-utils: add autoconf test to make sure that libwbclient is usable The idmapwb plugin requires a usable wbcSidsToUnixIds() function. Check to ensure that the wbclient library provides that symbol, and handle it appropriately if it doesn't. If someone were so inclined they probably could fix idmapwb to fall back to the older mapping functions if that symbol doesn't exist, but for now this patch just makes it refuse to build the plugin. Reported-by: Shirish Pargaonkar Signed-off-by: Jeff Layton commit 257c119e79feee8f4aed38b54bd1f8bbe5b5f3b9 Author: Jeff Layton Date: Sat Mar 16 21:28:18 2013 -0400 manpage: document the mount.cifs vers= option Thanks to Tom Talpey for clarifying some of the info here. Cc: Tom Talpey Signed-off-by: Jeff Layton commit fa6c3ca6e032ff6cb0caba97b46bfc1cffc401b5 Author: Jeff Layton Date: Tue Mar 19 11:00:49 2013 -0400 manpage: better document the default sec= mount option The default changed in mainline kernel v3.8. Signed-off-by: Jeff Layton commit 8ef14ea81773310a439a70e419f33dcc1c76f1eb Author: Jeff Layton Date: Fri Mar 22 06:43:46 2013 -0400 mount.cifs: remove support for "NFS syntax" ...as promised for version 6.0. Cc: Scott Lovenberg Signed-off-by: Jeff Layton commit 00cb36de848a52a5aaa510a46a5bdd40a7417692 Author: Jeff Layton Date: Fri Mar 22 06:18:19 2013 -0400 autoconf: set version to 6.0 Signed-off-by: Jeff Layton -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iQIcBAEBAgAGBQJRUGhDAAoJEAAOaEEZVoIVD5cQAMfcS6HdSP0ll5xqEekNwpCm VMU6Kh9sIDGIAk3IQ/mYe94uZ69qldBv/BQsj5SmeGhAIvYngLUNf3y2d78m6pIM ldHojLcUSZgwaJu1tE5VN6XoukS3PrhIq55cHopW/5+ty0a3XYvVLab7xPqgECpP 0nZpv5Lo0yW9gKVM9qbk9zlY9zsztBjTA9dgdq/TAgfAasdSaZO70Gi0Fje8fJwF Qxj+oKZmIhT+sfJkcRzAnfsuQENFPZyM5mqD7+53MlZLBPNFY/x6GL5oG5BPUwBJ tE3VFsT3AkIbHQ6VO5h9guxpE4EllZnxGBuCRNoAFfgavFFlLLRfurw8BAfX5lNM KkeYKRzMwGEOnyjdeBAgRtOs8O255pX0evgjZJCp3MAqaFuNFSLRmsfxs34xlAtx BzAwuVq0GWqTJjy4+KYlPCAOvRlznMlDaSKXa21Kiw8fvRYbPoAhHgqAJDWlNSSS E8HIt1lyG4lDJ81mPJC2gi+VAOhtSaiOCtRY0Vk/XVkF18nBT6uc/M9aE8ewddtV a6I5QitCJjw3jWlKMSoSH1wGubkfQ+ob/Vvb8omsRySvgiaZ/0vspeeASMFatYxQ Cvo0HvSuYn8Py5PfbkzRp46ZmqvCSBMBEcKBf6tUGlL
Re: [Samba] smbclient using smb2 protocol linux-2-linux share
On Sat, 16 Mar 2013 09:21:53 -0700 Jeremy Allison wrote: > On Wed, Feb 06, 2013 at 01:41:56PM -0800, rmarquez wrote: > > Trying to get a linux samba file server using samba 4.0.3 (compiled on the > > machine) running on ubuntu 3.8rc6 kernel to share out and negotiate with a > > linux client running the same kernel and smbd compiled from 4.0.3 samba > > source. > > Using wireshark to view the negotiations, I only see NT LM 0.12 (SMB v. 1). > > > > Tried forcing the file server via "min protocol = SMB2" in the > > /usr/local/samba/etc/smb.conf and keep getting this error: > > "mount error(95): Operation not supported" > > I try to mount that share in Windows 7 and it works, even negotiates at > > SMB2.1. > > > > How can I get a linux client to mount a linux samba share using protocol > > SMB2.1? > > This is not yet supported in CIFSFS although the Team is working > on it. > > It's also not supported in smbclient either, again it's something > we're working on (we have all the underlying plumbing for this). > Mounting with cifs.ko should work in current mainline kernels (3.8 and up?), but it's still pretty new and some things may not work exactly right. Try mounting with "-o vers=2.1". -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 5.9 ready for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 With the merge of the new plugin interface, it's probably a good time for a new cifs-utils release. Distro packagers should take special note of the changes with the new plugin interface since it has implications for how the tools are packaged. In particular, it's necessary to set a symlink to the plugin in the correct location (/etc/cifs-utils/idmap-plugin by default). Here are the main highlights: * There is a new plugin architecture for the ID mapping tools. This encapsulates the winbind interfaces inside a plugin and allows the writing of others. * The DOMAIN\username@password format for username= arguments have been deprecated. The discrete mount options for each of those values should be used instead. * Full RELRO (vs. partial) is now enabled on all binaries by default Go forth and download! webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed list of changes since 5.8: commit 92e12ecc28ac1a41eb48f693837be0ba070dc8af Author: Jeff Layton Date: Thu Nov 15 15:22:13 2012 -0500 autoconf: set version to 5.8.1 for interim builds Signed-off-by: Jeff Layton commit 8b6e0cc242fc62436b0dd073e393bbdd62f39a83 Author: Jeff Layton Date: Sun Nov 18 20:38:38 2012 -0500 mount.cifs: treat uid=,gid=,cruid= options as name before assuming they're a number Sergio Conrad reported a problem trying to set up an autofs map to do a krb5 mount. In his environment, many users have usernames that are comprised entirely of numbers. While that's a bit odd, POSIX apparently allows for it. The current code assumes that when a numeric argument is passed to one of the above options, that it's a uid or gid. Instead, try to treat the argument as a user or group name first, and only try to treat it as a number if that fails. Signed-off-by: Jeff Layton commit de299f69392c18dc71d207482566f38abc909837 Author: Jeff Layton Date: Wed Nov 28 15:17:44 2012 -0500 mount.cifs: don't pass "flag" options to the kernel When certain options are passed to the mount helper, we want to turn them into mountflags for the mount() syscall. There's no need to copy them to the options string in that case though. Signed-off-by: Jeff Layton commit 7e3149fe1529f0043f4fdf60082ea359ae8d656f Author: Jeff Layton Date: Mon Dec 3 11:03:19 2012 -0500 autotools: remove unnecessary files from distro Having them in the distro prevents autoreconf -i from installing the latest copies. Signed-off-by: Jeff Layton commit 7dacd96a24edf9ab2e3d7ed798bd28bba5425349 Author: Jeff Layton Date: Mon Dec 3 13:41:12 2012 -0500 getcifsacl: use "size" instead of reconverting original field to host endian Signed-off-by: Jeff Layton commit c1fd5753a3f996203e4b39158e360f4b799a3254 Author: Jeff Layton Date: Tue Dec 4 06:12:13 2012 -0500 getcifsacl: free strings returned by wbcLookupSid Signed-off-by: Jeff Layton commit bacbbf7c0994bdeaf49234abd07d840673d37e95 Author: Jeff Layton Date: Tue Dec 4 06:21:06 2012 -0500 getcifsacl: ensure that we don't overrun the wbcDomainSid when converting If we get a SID that contains more than 15 subauthorities, we'll end up overrunning the struct wbcDomainSid. Just ignore any past 15. Signed-off-by: Jeff Layton commit 2584e62c06dbea59bbd6a001040d7780959c8358 Author: Jeff Layton Date: Thu Dec 6 06:45:57 2012 -0500 autoconf: enable full RELRO in cifs-utils binaries This is safer since it also protects the GOT from getting clobbered. Signed-off-by: Jeff Layton commit 53894f4e2cb4d15fedf0612e9a4bd47a537284b3 Author: Jeff Layton Date: Thu Dec 6 07:17:17 2012 -0500 cifs-utils: only link in -lrt to binaries that need it ...which is really only mount.cifs. Cc: Björn Jacke Signed-off-by: Jeff Layton commit fac79a1425a1474f0daf0795900d227307ec5db3 Author: Jeff Layton Date: Fri Dec 7 08:39:16 2012 -0500 getcifsacl: remove unneeded openlog() call getcifsacl doesn't log to syslog, so there's no need to open a channel to it. Also, remove the unneeded "prog" global variable since only the usage() function needs it. Signed-off-by: Jeff Layton commit b4dc50798e6baf026d6101ff3775ffc0c3a0e2f2 Author: Jeff Layton Date: Fri Dec 7 12:07:23 2012 -0500 setcifsacl: remove syslog goop setcifsacl doesn't use syslog, so no need to open a channel to it. Signed-off-by: Jeff Layton commit d4f9df9159c5ac93b97c36b0f98ffbd318866e38 Author: Jeff Layton Date: Thu Dec 13 08:58:54 2012 -0500 cifs-utils: struct cifs_s
[Samba] ANNOUNCE: cifs-utils release 5.8 is ready for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Time for another cifs-utils release! Most of the patches in this release are for cifs.idmap, getcifsacl and setcifsacl. There were many bugs in those tools, so anyone that's deploying or using them is highly encouraged to upgrade. Highlights: * NFS-style device names are being deprecated in 6.0. Anyone using that sort of device name should move to the UNC-style syntax that the manpage has always documented. * Many bugs in cifs.idmap, getcifsacl and setcifsacl have been fixed. These tools should also be more efficient now and work correctly on big-endian architectures. webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed list of changes since 5.8: commit 819018e34696b0fb9bf1b386304b5dce39ae0e6d Author: Jeff Layton Date: Fri Oct 12 13:28:37 2012 -0400 autoconf: set release to 5.7.1 for interim builds Signed-off-by: Jeff Layton commit 679fbebb5a656b4eb1a8988fb0d8697a5f919794 Author: Scott Lovenberg Date: Tue Oct 23 15:37:03 2012 -0400 mount.cifs: add warning that NFS syntax is deprecated and will be removed in cifs-utils-6.0. [jlayton: Added newline to end of warning] Signed-off-by: Scott Lovenberg commit 60bca663f94e27436ed1afe1e673a8afa3342e1d Author: Jeff Layton Date: Mon Oct 29 15:45:37 2012 -0400 cifs.idmap: make sure cifsacl structs are packed The kernel equivalent definitions are defined with __attribute__((packed)), and the code seems to assume the userspace and kernel ones will be properly aligned. Fix the userspace definitions in a similar fashion. Given the way these structs are, there is probably not any padding between fields on most arches, but it's best to be safe here. Reviewed-by: Shirish Pargaonkar Signed-off-by: Jeff Layton commit 1a0523fbc469e34560bec0f06ce4622bb7db7b04 Author: Jeff Layton Date: Mon Oct 29 15:45:37 2012 -0400 cifs.idmap: get rid of useless strcmp prior to idmapping The code copies off the key description and then ensures that it's prefixed with "cifs.idmap". What's the point of that? Presumably request-key would never have called this otherwise. There's little harm in going ahead and doing the idmapping if this is called with the wrong string. Also, the error handling here is wrong. If the prefix doesn't match the code will exit 0 without doing any mapping. Just remove it. Reviewed-by: Shirish Pargaonkar Signed-off-by: Jeff Layton commit d9b876bc5b047682854123aed082c1004b995b69 Author: Jeff Layton Date: Mon Oct 29 15:45:37 2012 -0400 cifs.idmap: add an options struct to handle long options ...since the manpage advertises them. Reviewed-by: Shirish Pargaonkar Signed-off-by: Jeff Layton commit 035f69a9b5fe3c72df73bbbda2d7e570891f971e Author: Jeff Layton Date: Mon Oct 29 15:45:37 2012 -0400 cifs.idmap: clean up strget and avoid memory allocation Don't do a strlen() call if strstr() isn't going to match anyway. There's no need to duplicate the string here. None of the callers modify it, so just return a pointer into the original string. Reviewed-by: Shirish Pargaonkar Signed-off-by: Jeff Layton commit 803feff6aa66c0bb0f0a703eb2404477889a56d5 Author: Jeff Layton Date: Mon Oct 29 15:45:37 2012 -0400 cifs.idmap: don't use atoi to convert unsigned int to number atoi() is for signed integers, and is deprecated in any case. Use strtoul() instead and check the result carefully before using it. Also add a log message when the string(s) can't be converted and fix the signedness of the types in other log messages. Reviewed-by: Shirish Pargaonkar Signed-off-by: Jeff Layton commit 0454be8978815b90baae7652b0717d0c0696e295 Author: Jeff Layton Date: Mon Oct 29 15:45:37 2012 -0400 cifs.idmap: set a timeout on keys that it instantiates ...and add a command-line option to allow the admin to tune that value. I think this is a better way to handle this instead of trying to set the timeouts in kernel space. Reviewed-by: Shirish Pargaonkar Signed-off-by: Jeff Layton commit c49a6767051979368eea1087c9724a2c2994bd56 Author: Jeff Layton Date: Mon Oct 29 15:45:37 2012 -0400 cifs.idmap: add a --help option for cifs.idmap To make it print the usage message and exit. Reviewed-by: Shirish Pargaonkar Signed-off-by: Jeff Layton commit f0269e2a0efacf5299b123801d9ec49695ed30b6 Author: Jeff Layton Date: Mon Oct 29 16:04:11 2012 -0400 setcifsacl: clean up sizing of cifs_sid The max number of subauthorities on windows and in
Re: [Samba] Scenario with CIFS
On Mon, 29 Oct 2012 22:13:34 + Alumno Etsii wrote: > Hi all! > > I'm trying to get samba working with CIFS, mounting a share on a client and > keeping the original file/dir permissions. The problem is that after I > (successfully) mount that share by CIFS, I can't write anything in it, > because I get a 'Permission denied' error. smbd version is 6.3.6. > > My testparm is: > > root@samba:~# testparm > Load smb config files from /etc/samba/smb.conf > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > Processing section "[shared]" > Loaded services file OK. > Server role: ROLE_STANDALONE > Press enter to see a dump of your service definitions > > [global] > workgroup = SMB > server string = %h server (Samba, Ubuntu) > map to guest = Bad User > obey pam restrictions = Yes > pam password change = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > unix password sync = Yes > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 1000 > load printers = No > printcap name = /dev/null > disable spoolss = Yes > show add printer wizard = No > dns proxy = No > panic action = /usr/share/samba/panic-action %d > idmap config * : backend = tdb > hosts allow = 127.0.0.1, 192.168.0. > hosts deny = 0.0.0.0/0 > printing = bsd > print command = lpr -r -P'%p' %s > lpq command = lpq -P'%p' > lprm command = lprm -P'%p' %j > > [shared] > comment = Shared documents > path = /shared > valid users = myuser > admin users = admin > read only = No > create mask = 0700 > force create mode = 0700 > directory mask = 0700 > browseable = No > > /// > > Mounting command is: > # mount -t cifs //192.168.0.99/shared ./mount -o > uid=localuser,gid=localuser,iocharset=utf8,credentials=/tmp/credentials,nosetuids,noperm > > File /tmp/credentials contains username myuser and its password. > > I successfully mount that share, I can list, cd, etc. but not write: > > root@monitor:/mnt/mount/archiveupload# ll > total 40 > drwxrwxr-x 4 localuser localuser 0 oct 29 21:25 ./ > drwxr-xr-x 3 localuser localuser 0 oct 29 17:30 ../ > -rw-rw-r-- 1 localuser localuser 9129 oct 29 19:41 action.php > drwxrwxr-x 2 localuser localuser 0 may 21 2009 conf/ > -rw-rw-r-- 1 localuser localuser 17992 may 21 2009 COPYING > drwxrwxr-x 4 localuser localuser 0 may 21 2009 lang/ > -rw-rw-r-- 1 localuser localuser 241 may 21 2009 README > -rw-rw-r-- 1 localuser localuser11 may 21 2009 VERSION > root@monitor:/mnt/mount/archiveupload# touch a > touch: no se puede efectuar `touch' sobre «a»: Permiso denegado > > 'localuser' exists in both server and client. My goal is to make that any > newly created file gets server's 'localuser' permissions. Then that won't work. You're connecting to the share as "myuser". Any files you create will be created as "myuser", not "localuser". > I added a > 'smbpasswd -a' for myuser. I wonder why can't I write on this share from > the client, since I think permissions and mount options are ok. > > I'll be very grateful for any idea! > > Regards. Ok, so the file isn't created at all when you "touch"? Does "myuser" have permission to write to /shared on the server? -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Add warning that NFS syntax is deprecated and will be removed in cifs-utils-6.0.
On Thu, 18 Oct 2012 14:07:49 -0400 scott.lovenb...@gmail.com wrote: > From: Scott Lovenberg > > Signed-off-by: Scott Lovenberg > --- > mount.cifs.c |4 > 1 files changed, 4 insertions(+), 0 deletions(-) > > diff --git a/mount.cifs.c b/mount.cifs.c > index 756fce2..061ce32 100644 > --- a/mount.cifs.c > +++ b/mount.cifs.c > @@ -1335,6 +1335,7 @@ static int parse_unc(const char *unc_name, struct > parsed_mount_info *parsed_info > } > > /* Set up "host" and "share" pointers based on UNC format. */ > + /* TODO: Remove support for NFS syntax as of cifs-utils-6.0. */ > if (strncmp(unc_name, "//", 2) && strncmp(unc_name, "", 2)) { > /* >* check for nfs syntax (server:/share/prepath) > @@ -1351,6 +1352,9 @@ static int parse_unc(const char *unc_name, struct > parsed_mount_info *parsed_info > share++; > if (*share == '/') > ++share; > + fprintf(stderr, "WARNING: using NFS syntax for mounting CIFS " > + "shares is deprecated and will be removed in cifs-utils" > + "-6.0. Please migrate to UNC syntax."); > } else { > host = unc_name + 2; > hostlen = strcspn(host, "/\\"); Merged (with addition of a newline to the end of warning message)... -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS: Deprecating NFS mounting syntax in mount.cifs
On Tue, 23 Oct 2012 19:22:32 +0200 steve wrote: > On 10/23/2012 07:02 PM, Jeff Layton wrote: > > On Tue, 23 Oct 2012 18:47:37 +0200 > > steve wrote: > > > >> On 10/23/2012 05:56 PM, Scott Lovenberg wrote: > >> Currently, we have this map: * -fstype=cifs,rw,sec=krb5 > >> ://myserver/myshare/& > > Does that really work? What purpose does the ':' serve there? > Yes. They always put a ':' before the mount except for the default NFS. > I took a look at the example /etc/auto.misc which comes (commented out) > with openSUSE. They always put a ':'. Ok, I see now. From autofs(5): If the filesystem to be mounted begins with a / (such as local /dev entries or smbfs shares) a : needs to be prefixed (e.g. :/dev/sda1). ...I guess it's necessary for the autofs parser. I assume that the ':' doesn't get passed to the actual mount invocation though, so that should continue to work just fine. > > That > > should probably be removed. I doubt we'd end up breaking that syntax, > > but I can't be certain. > > > Just to say that this is a seemingly innocuous patch, but one which may > lead to confusion. Well, better confusion now than confusion when it breaks. cifs really is just too "loose" about the syntax of things that it accepts, which sounds great until you have to test all of the different variations... -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS: Deprecating NFS mounting syntax in mount.cifs
On Tue, 23 Oct 2012 18:47:37 +0200 steve wrote: > On 10/23/2012 05:56 PM, Scott Lovenberg wrote: > > On 10/18/2012 2:07 PM, scott.lovenb...@gmail.com wrote: > > no one has objected (or really said anything). Can we merge this patch? > > -- > Hi > I'm just trying to represent users. Can we take this to user level by > giving an example of what will work and what will not work after the patch? > > For example, the Linux automounter. > > Currently, we have this map: > * -fstype=cifs,rw,sec=krb5 ://myserver/myshare/& > Does that really work? What purpose does the ':' serve there? That should probably be removed. I doubt we'd end up breaking that syntax, but I can't be certain. > Are you talking about the difference between that and this: > * -fstype=cifs,rw,sec=krb5 myserver:/myshare/& Right, the above syntax would no longer work after the change. > > Question: will I need to change anything due to this patch? > For this patch, you don't need to do anything. It just adds a warning. Eventually though, nfs-style "devicenames" would no longer work for cifs mounts. For your map above, you probably want something like: * -fstype=cifs,rw,sec=krb5 //myserver/myshare/& (i.e. get rid of the extraneous ':'). -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs: regular freezes with s3fs
On Thu, 18 Oct 2012 18:34:07 +0200 steve wrote: > On 18/10/12 18:28, John Drescher wrote: > >> through user login, freeze (twice) and user logout until the login prompt > >> returned: > >> https://dl.dropbox.com/u/45150875/cifs-freeze2 > >> > > > > When I click the above link I get: > > > > We can't find the page you're looking for. Check out our Help Center > > and forums for help, or head back to home. > > > > John > > > > Sorry, It hadn't synced. It's there now. > Cheers, > Steve > In this one, I don't see any issues with oplock breaks. I also don't see any calls that are taking longer than expected. I do see a bunch of page-sized reads in the capture for what appear to be sequential reads. Reads also seem to be serialized, which is makes me think its falling into the readpage codepath. There were some fixes to rsize handling in later kernels, so it's probably worthwhile to test those before you do too much debugging. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs: regular freezes with s3fs
On Thu, 18 Oct 2012 13:21:39 +0200 steve wrote: > On 18/10/12 11:48, Jeff Layton wrote: > > On Thu, 18 Oct 2012 10:18:05 +0200 > > steve wrote: > > > >> cifs-utils-5.6 > >> samba Version 4.0.0rc3 > >> openSUSE 12.2 > >> LAN of XP, w7 and Linux clients under Samba4 DC and s3fs fileserver > >> > >> Hi > >> I am testing the possibility of migrating from nfs to cifs to serve our > >> Linux clients. > >> > >> Currently we mount the samba shares, e.g. the home directory, using nfs. > >> > >> The test setup is that instead of: > >> mount -t nfs hh1:/home2 /home2 -osec=rw,krb5 > >> I changed to: > >> mount -t cifs //hh1/home2 /home2 -osec=rw,sec=krb5,multiuser > >> > >> This works fine for console logins, but is very slow (unusable) for > >> graphical logins to either LXDE or XFCE. > >> > >> The login sometimes works: > >> Kerberos: AS-REQ ste...@hh3.site from ipv4:192.168.1.41:57380 for > >> krbtgt/hh3.s...@hh3.site > >> Kerberos: Client sent patypes: 149 > >> Kerberos: Looking for PKINIT pa-data -- ste...@hh3.site > >> Kerberos: Looking for ENC-TS pa-data -- ste...@hh3.site > >> Kerberos: No preauth found, returning PREAUTH-REQUIRED -- ste...@hh3.site > >> Kerberos: AS-REQ ste...@hh3.site from ipv4:192.168.1.41:41237 for > >> krbtgt/hh3.s...@hh3.site > >> Kerberos: Client sent patypes: encrypted-timestamp, 149 > >> Kerberos: Looking for PKINIT pa-data -- ste...@hh3.site > >> Kerberos: Looking for ENC-TS pa-data -- ste...@hh3.site > >> Kerberos: ENC-TS Pre-authentication succeeded -- ste...@hh3.site using > >> arcfour-hmac-md5 > >> Kerberos: AS-REQ authtime: 2012-10-18T09:57:33 starttime: unset endtime: > >> 2012-10-18T19:57:33 renew till: 2012-10-19T09:55:48 > >> Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, > >> aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using > >> arcfour-hmac-md5/arcfour-hmac-md5 > >> Kerberos: Requested flags: renewable, forwardable > >> Kerberos: TGS-REQ ste...@hh3.site from ipv4:192.168.1.41:50790 for > >> host/hh7.hh3.s...@hh3.site [canonicalize, renewable, forwardable] > >> Kerberos: TGS-REQ authtime: 2012-10-18T09:57:33 starttime: > >> 2012-10-18T09:57:33 endtime: 2012-10-18T10:02:33 renew till: > >> 2012-10-19T09:55:48 > >> Kerberos: TGS-REQ ste...@hh3.site from ipv4:192.168.1.41:44350 for > >> cifs/h...@hh3.site [canonicalize, renewable, forwardable] > >> Kerberos: TGS-REQ authtime: 2012-10-18T09:57:33 starttime: > >> 2012-10-18T09:57:33 endtime: 2012-10-18T19:57:33 renew till: > >> 2012-10-19T09:55:48 > >> > >> But then as soon as we open the file manager (or do anything else) it > >> freezes for as long as 5 minutes, before it makes another cifs request > >> and comes alive for a while: > >> > >> Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv() > >> - NT_STATUS_CONNECTION_DISCONNECTED' > >> single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() - > >> NT_STATUS_CONNECTION_DISCONNECTED] > >> Kerberos: TGS-REQ ste...@hh3.site from ipv4:192.168.1.41:58872 for > >> cifs/h...@hh3.site [canonicalize, renewable, forwardable] > >> Kerberos: TGS-REQ authtime: 2012-10-18T09:57:33 starttime: > >> 2012-10-18T09:59:58 endtime: 2012-10-18T19:57:33 renew till: > >> 2012-10-19T09:55:48 > >> > >> It is then OK for a few minutes more until it freezes again until the > >> next cifs request etc etc. . . > >> > >> This sometimes occurs in the samba log but with different files each time: > >> usr/local/samba/sbin/smbd: Oplock break failed for file > >> home/steve3/.cache/openbox/openbox.log -- replying anyway > >> > >> Here is the test smb.conf: > >> > >> # Global parameters > >> [global] > >> workgroup = MARINA > >> realm = hh3.site > >> netbios name = HH1 > >> server role = active directory domain controller > >> dns forwarder = 192.168.1.1 > >> idmap_ldb:use rfc2307 = Yes > >> unix extensions = Yes > >> panic action = /home/steve/samba-master/selftest/gdb_backtrace %d > >> > >> [netlogon] > >> path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts > >> read only = No > >> > >> [sysvol] > >> p
Re: [Samba] mount.cifs: regular freezes with s3fs
On Thu, 18 Oct 2012 10:18:05 +0200 steve wrote: > cifs-utils-5.6 > samba Version 4.0.0rc3 > openSUSE 12.2 > LAN of XP, w7 and Linux clients under Samba4 DC and s3fs fileserver > > Hi > I am testing the possibility of migrating from nfs to cifs to serve our > Linux clients. > > Currently we mount the samba shares, e.g. the home directory, using nfs. > > The test setup is that instead of: > mount -t nfs hh1:/home2 /home2 -osec=rw,krb5 > I changed to: > mount -t cifs //hh1/home2 /home2 -osec=rw,sec=krb5,multiuser > > This works fine for console logins, but is very slow (unusable) for > graphical logins to either LXDE or XFCE. > > The login sometimes works: > Kerberos: AS-REQ ste...@hh3.site from ipv4:192.168.1.41:57380 for > krbtgt/hh3.s...@hh3.site > Kerberos: Client sent patypes: 149 > Kerberos: Looking for PKINIT pa-data -- ste...@hh3.site > Kerberos: Looking for ENC-TS pa-data -- ste...@hh3.site > Kerberos: No preauth found, returning PREAUTH-REQUIRED -- ste...@hh3.site > Kerberos: AS-REQ ste...@hh3.site from ipv4:192.168.1.41:41237 for > krbtgt/hh3.s...@hh3.site > Kerberos: Client sent patypes: encrypted-timestamp, 149 > Kerberos: Looking for PKINIT pa-data -- ste...@hh3.site > Kerberos: Looking for ENC-TS pa-data -- ste...@hh3.site > Kerberos: ENC-TS Pre-authentication succeeded -- ste...@hh3.site using > arcfour-hmac-md5 > Kerberos: AS-REQ authtime: 2012-10-18T09:57:33 starttime: unset endtime: > 2012-10-18T19:57:33 renew till: 2012-10-19T09:55:48 > Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, > aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using > arcfour-hmac-md5/arcfour-hmac-md5 > Kerberos: Requested flags: renewable, forwardable > Kerberos: TGS-REQ ste...@hh3.site from ipv4:192.168.1.41:50790 for > host/hh7.hh3.s...@hh3.site [canonicalize, renewable, forwardable] > Kerberos: TGS-REQ authtime: 2012-10-18T09:57:33 starttime: > 2012-10-18T09:57:33 endtime: 2012-10-18T10:02:33 renew till: > 2012-10-19T09:55:48 > Kerberos: TGS-REQ ste...@hh3.site from ipv4:192.168.1.41:44350 for > cifs/h...@hh3.site [canonicalize, renewable, forwardable] > Kerberos: TGS-REQ authtime: 2012-10-18T09:57:33 starttime: > 2012-10-18T09:57:33 endtime: 2012-10-18T19:57:33 renew till: > 2012-10-19T09:55:48 > > But then as soon as we open the file manager (or do anything else) it > freezes for as long as 5 minutes, before it makes another cifs request > and comes alive for a while: > > Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv() > - NT_STATUS_CONNECTION_DISCONNECTED' > single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() - > NT_STATUS_CONNECTION_DISCONNECTED] > Kerberos: TGS-REQ ste...@hh3.site from ipv4:192.168.1.41:58872 for > cifs/h...@hh3.site [canonicalize, renewable, forwardable] > Kerberos: TGS-REQ authtime: 2012-10-18T09:57:33 starttime: > 2012-10-18T09:59:58 endtime: 2012-10-18T19:57:33 renew till: > 2012-10-19T09:55:48 > > It is then OK for a few minutes more until it freezes again until the > next cifs request etc etc. . . > > This sometimes occurs in the samba log but with different files each time: > usr/local/samba/sbin/smbd: Oplock break failed for file > home/steve3/.cache/openbox/openbox.log -- replying anyway > > Here is the test smb.conf: > > # Global parameters > [global] > workgroup = MARINA > realm = hh3.site > netbios name = HH1 > server role = active directory domain controller > dns forwarder = 192.168.1.1 > idmap_ldb:use rfc2307 = Yes > unix extensions = Yes > panic action = /home/steve/samba-master/selftest/gdb_backtrace %d > > [netlogon] > path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts > read only = No > > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No > > [home2] > path = /home2 > read only = No > > Here is the wireshark of a login and a 'cifs freeze'. > https://dl.dropbox.com/u/45150875/cifs-freeze > > Please note that this works fine for the same user and data with both > nfs3 and nfs4. > I think you probably want send this sort of thing to linux-c...@vger.kernel.org (cc'ed here), and not to me directly. What kernel is the client running here? -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ANNOUNCE: cifs-utils release *5.7* is ready for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 9 Oct 2012 20:51:21 -0400 Jeff Layton wrote: > Hash: SHA1 > > Time for another cifs-utils release! > > Nothing terribly earth shattering here. Some distros (like Fedora) are > moving krb5 credcaches out of /tmp by default. Users of these distros > will definitely want to upgrade. > > Highlights: > > * Fixes for mounting with '/' in usernames with sec=krb5 > > * Support for DIR: type krb5 ccaches > > * support for "nofail" option in mount.cifs > > webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils > tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ > git:git://git.samba.org/cifs-utils.git > gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary > > Detailed list of changes since 5.6: > > commit 692842e34c1f2fcc84b6b64136f5e28dd7062f46 > Author: Jeff Layton > Date: Tue Aug 7 11:06:41 2012 -0400 > > autoconf: set version to 5.6.1 for interim builds > > Signed-off-by: Jeff Layton > > commit 569cfcb3a467dfdf967a36ed6f7896559edab2ba > Author: Jeff Layton > Date: Tue Aug 7 11:11:26 2012 -0400 > > mount.cifs: deprecate the DOMAIN/username%password username syntax > > mount.cifs has in the past allowed users to specify a username using > the above syntax, which would populate the domain and password fields > with the different pieces. > > Unfortunately, there are cases where it is legit to have a '/' in a > username. krb5 SPNs generally contain a '/' and we have no clear way > to distinguish between the two. > > I don't see any real value in keeping that syntax allowed. It's no > easier than specifying "pass=" and "domain=" on the command line. Ditto > for credential files. > > Begin the transition away from that syntax by adding a warning message > that support for it will be removed in 5.9. > > Signed-off-by: Jeff Layton > > commit 3a965467611637ca05bcd55460ff69fec6ad8be7 > Author: Jeff Layton > Date: Tue Aug 7 11:52:15 2012 -0400 > > mount.cifs: handle username= differently depending on sec= option > > This patch is intended as a temporary workaround for krb5 users that need > to specify usernames with '/' in them. I intend to remove this hack from > mount.cifs once the legacy username handling code is removed. > > The idea here is to save off the raw username string while we're parsing > options. If the mount options specify "sec=krb5" or "sec=krb5i" then > we'll not do the legacy username parsing and will instead just pass in > the username string as-is. > > Obviously, this is a nasty hack and we don't really want to carry this > in perpetuity, so this can go away once the "legacy" username parsing > has gone away. > > Signed-off-by: Jeff Layton > > commit 377898e63a8689b0e8c5c656ce9cfa98223cf74b > Author: Jeff Layton > Date: Tue Aug 21 15:18:54 2012 -0400 > > cifs-utils: fix up references to getcifsacl and setcifsacl files > > When I moved the manpages for this to section 1, I missed some references > to them. Also, get rid of the unneeded clean-local-aclprogs makefile > target. > > Signed-off-by: Jeff Layton > > commit d006986221b7f1aad50e894851dc573650b7611c > Author: Nalin Dahyabhai > Date: Thu Aug 23 11:14:45 2012 -0400 > > cifs.upcall: also consider DIR:-type ccaches > > If we encounter a subdirectory while scanning a directory for a user's > ccache, check if it's a "DIR" ccache. Otherwise, continue as before, > checking if it's a "FILE" ccache if it looks like a regular file. > > commit ca0894e40480a9115c6bad670149b075646ead2c > Author: Nalin Dahyabhai > Date: Thu Aug 23 11:14:56 2012 -0400 > > cifs.upcall: scan /run/user/${UID} for ccaches, too > > When scanning for credential caches, check the user's directory under > /run/user first, then fall back to /tmp as we have previously. Because > we now call find_krb5_cc() twice (once for each directory), we move its > state to be outside of the function. We also add a substitution > mechanism to make the process of resolving the location of the user's > home directory before searching it a bit more explicable. > > commit 72bce53289d939c3539b7d3cb957b748a4b1d2ec > Author: Jeff Layton > Date: Thu Aug 23 07:46:40 2012 -0400 > > cifs.upcall: use strncmp in scandir filter
[Samba] ANNOUNCE: cifs-utils release 5.6 is ready for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Time for another cifs-utils release! Nothing terribly earth shattering here. Some distros (like Fedora) are moving krb5 credcaches out of /tmp by default. Users of these distros will definitely want to upgrade. Highlights: * Fixes for mounting with '/' in usernames with sec=krb5 * Support for DIR: type krb5 ccaches * support for "nofail" option in mount.cifs webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed list of changes since 5.6: commit 692842e34c1f2fcc84b6b64136f5e28dd7062f46 Author: Jeff Layton Date: Tue Aug 7 11:06:41 2012 -0400 autoconf: set version to 5.6.1 for interim builds Signed-off-by: Jeff Layton commit 569cfcb3a467dfdf967a36ed6f7896559edab2ba Author: Jeff Layton Date: Tue Aug 7 11:11:26 2012 -0400 mount.cifs: deprecate the DOMAIN/username%password username syntax mount.cifs has in the past allowed users to specify a username using the above syntax, which would populate the domain and password fields with the different pieces. Unfortunately, there are cases where it is legit to have a '/' in a username. krb5 SPNs generally contain a '/' and we have no clear way to distinguish between the two. I don't see any real value in keeping that syntax allowed. It's no easier than specifying "pass=" and "domain=" on the command line. Ditto for credential files. Begin the transition away from that syntax by adding a warning message that support for it will be removed in 5.9. Signed-off-by: Jeff Layton commit 3a965467611637ca05bcd55460ff69fec6ad8be7 Author: Jeff Layton Date: Tue Aug 7 11:52:15 2012 -0400 mount.cifs: handle username= differently depending on sec= option This patch is intended as a temporary workaround for krb5 users that need to specify usernames with '/' in them. I intend to remove this hack from mount.cifs once the legacy username handling code is removed. The idea here is to save off the raw username string while we're parsing options. If the mount options specify "sec=krb5" or "sec=krb5i" then we'll not do the legacy username parsing and will instead just pass in the username string as-is. Obviously, this is a nasty hack and we don't really want to carry this in perpetuity, so this can go away once the "legacy" username parsing has gone away. Signed-off-by: Jeff Layton commit 377898e63a8689b0e8c5c656ce9cfa98223cf74b Author: Jeff Layton Date: Tue Aug 21 15:18:54 2012 -0400 cifs-utils: fix up references to getcifsacl and setcifsacl files When I moved the manpages for this to section 1, I missed some references to them. Also, get rid of the unneeded clean-local-aclprogs makefile target. Signed-off-by: Jeff Layton commit d006986221b7f1aad50e894851dc573650b7611c Author: Nalin Dahyabhai Date: Thu Aug 23 11:14:45 2012 -0400 cifs.upcall: also consider DIR:-type ccaches If we encounter a subdirectory while scanning a directory for a user's ccache, check if it's a "DIR" ccache. Otherwise, continue as before, checking if it's a "FILE" ccache if it looks like a regular file. commit ca0894e40480a9115c6bad670149b075646ead2c Author: Nalin Dahyabhai Date: Thu Aug 23 11:14:56 2012 -0400 cifs.upcall: scan /run/user/${UID} for ccaches, too When scanning for credential caches, check the user's directory under /run/user first, then fall back to /tmp as we have previously. Because we now call find_krb5_cc() twice (once for each directory), we move its state to be outside of the function. We also add a substitution mechanism to make the process of resolving the location of the user's home directory before searching it a bit more explicable. commit 72bce53289d939c3539b7d3cb957b748a4b1d2ec Author: Jeff Layton Date: Thu Aug 23 07:46:40 2012 -0400 cifs.upcall: use strncmp in scandir filter function We want to require that the filename begins with the correct string, not just that it contains it somewhere. Signed-off-by: Jeff Layton commit a0bf123541ec6fd53948f41f17c9dba5d6a43648 Author: Jeff Layton Date: Thu Aug 23 10:18:02 2012 -0400 mount.cifs: silence compiler warnings about ignoring return code In this case we explicitly don't care what these functions return, so declare a couple of unused variables to catch the results. Signed-off-by: Jeff Layton commit 82f93c44343f281ce61f547ff8f9e5f79945cb20 Author: Jeff Layton Date: Wed Sep 12 07:49:44 2012 -0400 m
Re: [Samba] mount.cifs ms dfs and failover
On Wed, 18 Jul 2012 17:31:28 +1000 Sam Abed wrote: > > Hello, > I can't find any reference on if linux understands multiple targets when it > mounts a MS dfs share, specifically if it can failover. > I can mount a MS dfs share fine, however if the server "picked" is shutdow > the mount hangs. I tried it on a recent ubuntu to discount the "enterprise" > lag. > > am I missing something or is it not working > (cc'ing linux-cifs) No, there's currently no support for failover with Linux CIFS DFS code. Once it picks the server, it stays with it. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS mount intermittently unavailable: cifs_mount failed w/return code = -5
On Mon, 27 Aug 2012 08:48:42 -0400 Jeff Layton wrote: > On Thu, 16 Aug 2012 19:57:27 +1000 > Robert S wrote: > > > I have a debian machine called "debian" and a windows XP machine > > called "server". I have a permanent mounted read-only share called > > \\server\doc. My /etc/fstab looks like this: > > > > //server/doc/opt/chroot/mnt/server cifs > > credentials=/root/.smbmount,username=medical,uid=medical,file_mode=0755,dir_mode=0755,noserverino > > 0 0 > > > > This works well most of the time but at times I get a input/output > > error when I try to access this share. My syslog shows the following: > > > > Aug 16 15:36:35 debian kernel: [1289131.676869] Status code returned > > 0xc0d0 NT_STATUS_REQUEST_NOT_ACCEPTED > > Aug 16 15:36:35 debian kernel: [1289131.676875] CIFS VFS: Send error > > in SessSetup = -5 > > Aug 16 15:36:35 debian kernel: [1289131.676899] CIFS VFS: cifs_mount > > failed w/return code = -5 > > Aug 16 15:36:46 debian kernel: [1289142.653770] Status code returned > > 0xc0d0 NT_STATUS_REQUEST_NOT_ACCEPTED > > Aug 16 15:36:46 debian kernel: [1289142.653775] CIFS VFS: Send error > > in SessSetup = -5 > > Aug 16 15:36:46 debian kernel: [1289142.653799] CIFS VFS: cifs_mount > > failed w/return code = -5 > > Aug 16 15:37:01 debian kernel: [1289158.491697] Status code returned > > 0xc0d0 NT_STATUS_REQUEST_NOT_ACCEPTED > > Aug 16 15:37:01 debian kernel: [1289158.491703] CIFS VFS: Send error > > in SessSetup = -5 > > Aug 16 15:37:01 debian kernel: [1289158.491727] CIFS VFS: cifs_mount > > failed w/return code = -5 > > > > Does anyone have any suggestions? Can somebody explain what return > > code -5 means? > > > > I have tried replacing "server" with its fixed IP address > > (192.168.0.32), but this does not help. I have even moved all the > > files to another location on the Windows box and recreated the share, > > but it still occurs. > > (cc'ing linux-cifs ml) > > -5 is -EIO which is the generic error that we map stuff to when there's > not a better mapping. We don't have a standard mapping for > NT_STATUS_REQUEST_NOT_ACCEPTED, so that's why you get -EIO back. > > The bigger question is why your server is returning that error. You may > need to check the logs on the server side to see why it's not accepting > these requests. > ...and interestingly, the description of this error in the MS-CIFS doc from microsoft says: "No resources currently available for this SMB request.", which sounds like you're occasionally hitting some sort of resource limit on the server... -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS mount intermittently unavailable: cifs_mount failed w/return code = -5
On Thu, 16 Aug 2012 19:57:27 +1000 Robert S wrote: > I have a debian machine called "debian" and a windows XP machine > called "server". I have a permanent mounted read-only share called > \\server\doc. My /etc/fstab looks like this: > > //server/doc/opt/chroot/mnt/server cifs > credentials=/root/.smbmount,username=medical,uid=medical,file_mode=0755,dir_mode=0755,noserverino > 0 0 > > This works well most of the time but at times I get a input/output > error when I try to access this share. My syslog shows the following: > > Aug 16 15:36:35 debian kernel: [1289131.676869] Status code returned > 0xc0d0 NT_STATUS_REQUEST_NOT_ACCEPTED > Aug 16 15:36:35 debian kernel: [1289131.676875] CIFS VFS: Send error > in SessSetup = -5 > Aug 16 15:36:35 debian kernel: [1289131.676899] CIFS VFS: cifs_mount > failed w/return code = -5 > Aug 16 15:36:46 debian kernel: [1289142.653770] Status code returned > 0xc0d0 NT_STATUS_REQUEST_NOT_ACCEPTED > Aug 16 15:36:46 debian kernel: [1289142.653775] CIFS VFS: Send error > in SessSetup = -5 > Aug 16 15:36:46 debian kernel: [1289142.653799] CIFS VFS: cifs_mount > failed w/return code = -5 > Aug 16 15:37:01 debian kernel: [1289158.491697] Status code returned > 0xc0d0 NT_STATUS_REQUEST_NOT_ACCEPTED > Aug 16 15:37:01 debian kernel: [1289158.491703] CIFS VFS: Send error > in SessSetup = -5 > Aug 16 15:37:01 debian kernel: [1289158.491727] CIFS VFS: cifs_mount > failed w/return code = -5 > > Does anyone have any suggestions? Can somebody explain what return > code -5 means? > > I have tried replacing "server" with its fixed IP address > (192.168.0.32), but this does not help. I have even moved all the > files to another location on the Windows box and recreated the share, > but it still occurs. (cc'ing linux-cifs ml) -5 is -EIO which is the generic error that we map stuff to when there's not a better mapping. We don't have a standard mapping for NT_STATUS_REQUEST_NOT_ACCEPTED, so that's why you get -EIO back. The bigger question is why your server is returning that error. You may need to check the logs on the server side to see why it's not accepting these requests. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 5.6 is ready for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Time for another cifs-utils release! Highlights: * binaries are now built by default with PIE and RELRO support for better protection against exploits * better debugging and warnings for cifs.upcall and cifscreds * better integration with systemd by having mount.cifs use systemd-ask-password if it's appropriate and available webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed list of changes since 5.5: commit df561d40947e0b520deb48e1a4749afe9787949a Author: Jeff Layton Date: Fri Jun 1 13:56:21 2012 -0400 autoconf: set version to 5.5.1 for interim builds Signed-off-by: Jeff Layton commit 74edf24d9780900f3ce15d2403c6e331b031d454 Author: Jeff Layton Date: Thu Jun 14 10:59:18 2012 -0400 automake: revert -Werror by default I think in hindsight, that adding -Werror by default was a mistake. cifs-utils is built in a wide range of environments and tools, and it's very difficult to eliminate all of the possible warnings. Let's go ahead and remove it and reduce the steady trickle of patches that are simply to silence obscure warnings. Cc: Suresh Jayaraman Signed-off-by: Jeff Layton commit 0eb3daa4b17ee64b464594f1a5d413ecb364957c Author: Jeff Layton Date: Thu Jun 14 10:59:18 2012 -0400 mount.cifs: set rc to 0 in libcap toggle_dac_capability Thus spake Jochen: The mount.cifs program from the cifs-utils package 5.5 did not work on my Linux system. It just exited without an error message and did not mount anything. [...] I think, when this variable rc is now used in this function, it has also to be properly initialized there. Reported-by: Jochen Roderburg Signed-off-by: Jeff Layton commit b7bea5254443cb121b0cf03a64b123b85d7f9fbb Author: Jeff Layton Date: Thu Jun 14 11:05:43 2012 -0400 cifs.upcall: more debug logging for krb5 upcalls While helping to track down a configuration problem, I found this little bit of extra debug logging to be helpful. Might as well make it part of the stock binary. Signed-off-by: Jeff Layton commit a8611e25d44211cd57a91dce4fe7d7a7ad7534d4 Author: Jeff Layton Date: Fri Jul 6 11:48:18 2012 -0400 replace: remove bzero() redefinition from replace.h I borrowed replace.h from samba when I split off the package, and we have a ton of definitions in there that we don't really need. This is one of them and it causes a warning when we build on RHEL5. Reported-by: Andreas Schneider Signed-off-by: Jeff Layton commit 233e17db8ef7edba1fea660e076a03a56b0117d2 Author: Jeff Layton Date: Mon Jul 9 14:12:33 2012 -0400 autoconf: add --enable-pie and --enable-relro -pie and -fpie enable the building of position-independent executables, and -Wl,-z,relro turns on read-only relocation support in gcc. These options are important for security purposes to guard against possible buffer overflows that lead to exploits. Follow the example of samba here and enable these by default, but add configure options that allow people to turn them off at build-time if necessary. We may also want to eventually add checks to ensure that the compiler and linker understand these options, but I'll wait until we have some evidence that it's needed before I expend the effort. Reported-by: Andreas Schneider Signed-off-by: Jeff Layton commit ced19dedc0fa7b36087b8eaeef6a6a9dc76aa55e Author: Andreas Schneider Date: Mon Jul 9 22:21:04 2012 -0400 autoconf: Fix building with autoconf version older than 2.60. AC_PROG_SED is only avaliable in recent autoconf versions. Use AC_CHECK_PROG instead if AC_PROG_SED is not present. Signed-off-by: Andreas Schneider commit 4e264031d0da7d3f2a287337e86b623e814f5c56 Author: Ankit Jain Date: Wed Jul 18 06:47:07 2012 -0400 mount.cifs: Use systemd's mechanism for getting password, if present. If systemd is running and /bin/systemd-ask-password if available, then use that else fallback on getpass(..). And add a --enable-systemd configure option, which defaults to yes. Signed-off-by: Ankit Jain commit 877701f3cc23df3cb2a293c060bdbf05a87bff6a Author: Luk Claes Date: Thu Jul 19 09:27:01 2012 -0400 mount.cifs: Use errno instead of having unknown error When access() fails, use errno for a sensible error message. Signed-off-by: Luk Claes commit c44d290f3b5f221e7617bdb409bb8e44ceafef3e Author: Jeff Layton Date: Fri Jul 20 10:30:50 2012 -0400 cifscreds: add a check and warnings for session keyring problems Many distros do not call int
[Samba] ANNOUNCE: cifs-utils release 5.5 is ready for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nothing terribly earth-shattering in this release. We had a number of reports of build-breaking problems in version 5.4, mostly due to the fact that we now turn on -Werror by default, and a number of patches to fix them. I'm starting to have doubts as to whether it's a good idea to keep - -Werror in the default CFLAGS. This is built in a large range of environments and with a large range of different tool versions. Catching all of the warnings can be difficult. I've left that flag in place for now, but if it's causing significant pain for anyone then please speak up, and we might remove it in a later release. Highlights: * a bunch of fixes for compile time warnings and build breaks * some fixes in the libcap capabilities dropping code * remove unneeded mount.smb2 multicall code and other prep work for smb2 support * manpage updates for kernel-level behavior changes webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed list of changes since 5.4: commit 676f0386df51b36df42d8b6b815b7d9d8b6934dc Author: Jeff Layton Date: Thu Apr 19 07:29:33 2012 -0400 autoconf: set version to 5.4.1 for interim builds Signed-off-by: Jeff Layton commit 8c6268cbbd4202631e5c4b30297adc0088a1d568 Author: Jeff Layton Date: Thu Apr 19 07:29:46 2012 -0400 mount.cifs: fix up some -D_FORTIFY_SOURCE=2 warnings ...and add -D_FORTIFY_SOURCE=2 to the default $CFLAGS. Acked-by: Acked-by: Suresh Jayaraman Signed-off-by: Jeff Layton commit be5b954e35858c09dfaeee33bf06bb0dc76a86f9 Author: Lars Mueller Date: Fri Apr 20 07:58:54 2012 -0400 mount.cifs: uninitialized variables in mount.cifs older gcc versions (4.3 in the case of SUSE Linux Enterprise 11 SP 1 and SP 2) complain about uninitialized variables in the recent 5.4 release. The attached patch makes the build process a bit quieter. Acked-by: Suresh Jayaraman Signed-off-by: Lars Mueller commit e5f124c10fa8e582c5df61017d6f6c2b10c397dc Author: Lars Mueller Date: Fri Apr 20 07:59:06 2012 -0400 cifs.upcall: missing prototype for krb5_auth_con_set_req_cksumtype in MIT krb5 < 1.7 products coming with MIT krb5 < 1.7 (like SUSE Linux Enterprise 11 SP 1 or SP 2) suffer from the same issue as described by https://bugzilla.samba.org/show_bug.cgi?id=6918 The declaration of krb5_auth_con_set_req_cksumtype is missing. Inspiration: https://bugzilla.samba.org/show_bug.cgi?id=6918 Acked-by: Suresh Jayaraman Signed-off-by: Lars Mueller commit 0aa12de5c1565d56a240d7b0dd814316f4ea81f3 Author: Lars Mueller Date: Fri Apr 20 07:59:15 2012 -0400 mount.cifs: toggle_dac_capability() stores return code the build process of the cifs-utils for Mandriva 2011 made me notice of the unused variable rc in toggle_dac_capability() of mount.cifs.c. A bit up in the code we store the return value and do not make use of it while calling return. The attached patch intends to fix this. The failing build result is still visible at https://build.opensuse.org/package/live_build_log?arch=x86_64&package=cifs-utils&project=network%3Asamba%3ASTABLE&repository=Mandriva_2011 Acked-by: Suresh Jayaraman Signed-off-by: Lars Mueller commit a91fb0671273e4ef9079ee7860574c460aa94a51 Author: Jeff Layton Date: Fri Apr 20 07:59:17 2012 -0400 mount.cifs: remove unnecessary getuid() check in libcap version of toggle_dac_capability I'm not sure what I was thinking when I added that check in, but it's been there since the inception. We shouldn't care at all what the real uid is when we call toggle_dac_capability and indeed we don't care with the libcap-ng version. Remove that check. Signed-off-by: Jeff Layton commit bab572a89bd0d989bd761e8cea926dfcf48b938d Author: Jeff Layton Date: Wed May 2 14:25:28 2012 -0400 mount.cifs: don't pass credentials= option to the kernel We handle this option in userspace, so there's little value in also passing it to the kernel. Also fix minor double-comma nit in the options string. Reported-by: Ronald Signed-off-by: Jeff Layton commit 9410c776a3bd69a8434e5f01174bc59f08e7e62a Author: Jeff Layton Date: Mon May 14 06:41:29 2012 -0400 doc: update mailing list Signed-off-by: Luk Claes commit 9e3c3c4b4ae4c3e9eb2eb6297c31c50337b2fd07 Author: Jeff Layton Date: Thu May 17 06:46:38 2012 -0400 mount.cifs: don't send a mandatory ver= option to the kernel Traditionally, this ver= option was used to specify the "options version" that we
Re: [Samba] mount.cifs Is it possible to have a file owned by the user who creates the file?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 17 May 2012 14:37:00 +0200 steve wrote: > On 05/17/2012 02:34 AM, Jeff Layton wrote: > > On Wed, 16 May 2012 17:30:23 +0200 > > steve wrote: > > > >> On 05/16/2012 02:56 PM, steve wrote: > >>> Hi > >>> e.g. > >>> mount.cifs //192.168.1.6/reports /mnt -o rw,setuids,nodev,user=steve2 > >>> > >>> Any file created in the share is always owned by steve2 (or the person > >>> who mounted the share). > >>> > >>> According to man cifs(8), the setuids overrides this but doesn't seem > >>> to work for us. We'd like it to be the same behavior as nfs if that's > >>> possible. > >>> > >>> Version 4.0.0alpha21-GIT-46a41d0 with s3fs > >>> > >>> Cheers, > >>> Steve > >>> > >>> > >> CORRECTION: > >> It _looks_ as though it's owned by the person specified as user _when in > >> the share_ but the actual file (the unmounted file) is always owned by > >> root. > >> Steve > > Sadly, permissions enforcement and handling in cifs.ko are badly > > broken by default. > > > > The only way to do this properly is to switch to using multiuser > > mounts. Have a look at the multiuser option in mount.cifs(8) and > > cifscreds(1). > > > > Cheers, > Hi Jeff > Thanks for the confirmation. Strangely, I found by accident that using > the .gvfs smb:// mount in Nautilus does actually create user owned > files. I'm sure that there must be a catch there somewhere though: > AFAIK, the .gvfs stuff uses a libsmbclient fuse-based fs. Apples and oranges here... > kinit Administrator > mount.cifs -o rw,uid=308,sec=krb5 //server/share /somewhere > Calling mount.cifs directly isn't recommended. It's a mount helper that's intended to only be called from /bin/mount. > produces uid 308 files no matter who accesses the share. Leaving off > the uid= creates files as uid=root. Maybe the .gvfs is doing what you > described on a who-ever-is-logged-in-and-access's-it basis? > That's correct behavior. If you've specified uid= which tells the client to forcibly override all of the uids in the inodes with the value you provided. It can't do that on the server however. All the server sees is a call to create a file that came from the client by "Administrator". That probably doesn't match up to uid 308 on the server, which is why you see the mismatch. What you may want to do is to instead use "-o sec=krb5,multiuser", which will make cifs.ko switch to multiuser mode. In that mode, each uid on the client that accesses the mount will do so using their own credentials and (most importantly) the client won't try to enforce permissions locally. It does mean that every user who accesses the mount will need a krb5 ticket however instead of every user sharing the same set of credentials. - -- Jeff Layton -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.18 (GNU/Linux) iQIcBAEBAgAGBQJPvhjQAAoJEAAOaEEZVoIVyq4P/j7te66su6d4RkZJ6DOPELae v89mjwfn79ro4JBRnrdj8M2Qo7vO3a4Y/F7x0VhO2mVmU5P8JPmzunCuS/z31G+k 7hHUCTbl1sME2tePHk18SybW/zbrKINPJjK+pzkyoDfWLRZjDF0yeJv2rSFjI2ET tAd71oZ2gyOtPJemZwAkeGrqDIEENS0D5m1U0HNKkOyqd7VJxxvu+C6Z8bD2jYKR ByO63Fe6D7YM+ldGPCR+XLgGj7aBTzeWTdrvzPXWPMEl09btG7Yy6kktlLanae3T a6LZ2p2r66/18OfFgZpR9Mifgd4diZx/bNTKaM59joh1DUyrPOT8o7xs7Pdi2XW6 E+NUCbDoZZ4zo7mfdZDRHYTVDw6Z6LhXE6O+gvpzBvMeDVWx4ciW+64c2ml6GdIv NS1wX74joA7Hwb9Mnnr5mhUUjnZXpviSDFFY6DESEI4okJFY7bxGv6+rllnPrbji GKqW4xhR0Bl9/TzXnKY4yvJMcL94wbuLo+c1TGKcC6Q+ObNEHrcny3LMe+wYb2fo rCwPrZ3essw6J8j6/u42eol0pC4BjWgfMr1ex/HTyHiMycCTKd+rVL2cO94751at spGZ15HZ9hMJZow0S9A41/JG+5enHSz+PX4DfnFAIKd+rpIbqX2N1bkZsyyIup/s Yc32hr1g5iphc5g9hueH =R+2L -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trouble with mount.cifs while smbclient works (Ubuntu 12.04)
On Tue, 22 May 2012 15:24:56 +0200 Michael Wood wrote: > On 21 May 2012 17:44, Jeff Layton wrote: > > On Mon, 21 May 2012 09:59:44 -0500 > > wrote: > > > >> Early responses are not encouraging. It sounds like this was not an > >> accidently happening, but they *intend* to obscure the root level of the > >> share. > >> > >> Might it work to try to downgrade my Samba installation to a version prior > >> to the introduction of this bug? If so, do you know which version would > >> be the latest to still work? > >> > > > > No, it was not intentional, just not simple to fix. > > I think you misinterpreted Scott's message :) > > I read it to mean that the people who set up his NAS intended for the > root of the share to be "obscured". Not that the cifsfs developers > intended to break things. > Yes, he mailed that to me privately later. He also asked whether downgrading the client's kernel might help here. It might, but you'll need to go pretty far back -- pre-3.0 or so... -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trouble with mount.cifs while smbclient works (Ubuntu 12.04)
On Mon, 21 May 2012 09:59:44 -0500 wrote: > Early responses are not encouraging. It sounds like this was not an > accidently happening, but they *intend* to obscure the root level of the > share. > > Might it work to try to downgrade my Samba installation to a version prior to > the introduction of this bug? If so, do you know which version would be the > latest to still work? > No, it was not intentional, just not simple to fix. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Edit security/permissions of Windows share from Linux client?
On Thu, 17 May 2012 04:54:14 -0700 Jack Bates wrote: > Is there a way to edit the security/permissions of a Windows share from > a Linux client? > > The Windows share belongs to a Windows Server 2008 server. From a > Windows client I can go to the "Security" tab of the "Properties" dialog > and edit the permissions. I want to do effectively the same thing, but > from my Linux client > > Is there any way? Recent cifs-utils versions contain the getcifsacl and setcifsacl programs that allow you to query and set ACLs directly. That does require a relatively recent kernel (2.6.37 or so). -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trouble with mount.cifs while smbclient works (Ubuntu 12.04)
On Fri, 18 May 2012 16:32:29 -0500 wrote: > Yes, I think that has been the normal behavior since our data was moved to > this device. I assumed it was due to filesystem permissions -- that I don't > have read access to the root level of the share, but do have r/w access to > the /training/ directory below it. > > Using smbclient, get "NT_STATUS_ACCESS_DENIED" when I try: > > ls > ls training > ls /training > ls /training/ > > but if I cd to training, I can list its contents. > > BTW, > > I've tried appending the path in my mount command as well and mount.cifs > still doesn't handle it: > > Known problem since the superblock sharing patches went in. cifs.ko needs to establish a dentry and inode for the root of the share and then walks down to the "prefixpath" for the mount. Unfortunately if you don't have access to any point along that path, the mount will fail. There have been a couple of proposals to fix it, but they've had their own problems. What probably needs to happen is to do something like what NFS does in its superblock sharing model. Allow several trees of dentries within a superblock and only connect them later if we happen to stumble across the right entry. See commit 54ceac45159 for an explanation of the model NFS uses for this. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs Is it possible to have a file owned by the user who creates the file?
On Wed, 16 May 2012 17:30:23 +0200 steve wrote: > On 05/16/2012 02:56 PM, steve wrote: > > Hi > > e.g. > > mount.cifs //192.168.1.6/reports /mnt -o rw,setuids,nodev,user=steve2 > > > > Any file created in the share is always owned by steve2 (or the person > > who mounted the share). > > > > According to man cifs(8), the setuids overrides this but doesn't seem > > to work for us. We'd like it to be the same behavior as nfs if that's > > possible. > > > > Version 4.0.0alpha21-GIT-46a41d0 with s3fs > > > > Cheers, > > Steve > > > > > CORRECTION: > It _looks_ as though it's owned by the person specified as user _when in > the share_ but the actual file (the unmounted file) is always owned by root. > Steve Sadly, permissions enforcement and handling in cifs.ko are badly broken by default. The only way to do this properly is to switch to using multiuser mounts. Have a look at the multiuser option in mount.cifs(8) and cifscreds(1). Cheers, -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 5.4 is ready for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Since we now have a fix of sorts for CVE-2012-1586, it seems like as good a time as any to do a new release. Go forth, download and build cifs-utils-5.4. Highlights: * the "rootsbindir" can now be specified at configure time * mount.cifs now supports the -s option by passing "sloppy" to the kernel in the options string * cifs.upcall now properly respects the domain_realm section in krb5.conf * unprivileged users can no longer mount onto dirs into which they can't chdir (fixes CVE-2012-1586) webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed list of changes since 5.3: commit 9d74366169305bd3ea3c4bac036bfc982aa15648 Author: Jeff Layton Date: Sun Feb 12 07:32:27 2012 -0500 autoconf: set release to 5.3.1 for interim builds Signed-off-by: Jeff Layton commit f9524f772c62bbfd7c190b8249ed66990ed3227a Author: Jeff Layton Date: Sun Feb 12 07:33:01 2012 -0500 autoconf: set release to 5.3.1 for interim builds Signed-off-by: Jeff Layton commit c753cfe5491cfb1f1f74ca41444706383ab9f0e3 Author: Jeff Layton Date: Sun Feb 12 07:33:05 2012 -0500 cifs-utils: allow specifying rootsbindir at configure time ...via the $ROOTSBINDIR environment variable, and AC_ARG_VAR macro. The default is to use /sbin for this value, which only currently affects the installation location of mount.cifs. Signed-off-by: Jeff Layton commit 1c2f85a6aecffa7260709e5a44d77335bcade13f Author: Jeff Layton Date: Mon Feb 20 09:02:54 2012 -0500 manpage: update wsize= entry to account for change in default wsize Signed-off-by: Jeff Layton commit f6384b4fe1ffdeebee3e9d73dd533a4fbf83b6d8 Author: Jeff Layton Date: Thu Feb 23 10:42:09 2012 -0500 mount.cifs: fix tests for strtoul success The current test just looks to see if errno was 0 after the conversion but we need to do a bit more. According to the strtoul manpage: If there were no digits at all, strtoul() stores the original value of nptr in *endptr (and returns 0). So, if you pass in a string of letters, strtoul will return 0, but won't actually have converted anything. Luckily, in most cases, /bin/mount papers over this bug by doing uid/gid conversions itself before calling mount.cifs. Fix this by also checking to ensure that strtoul() converted the entire string in addition to checking that it didn't set errno. While we're at it, fix the test in backupuid/backupgid options as well which don't currently check whether errno got set. Reported-by: Kyle Squizzato Signed-off-by: Jeff Layton commit b0bc3861bfc7b258045d1d456cf2ef4a43ea9562 Author: Jeff Layton Date: Tue Mar 6 10:54:28 2012 -0500 mount.cifs: add support for -s option autofs generally calls mount helpers with '-s'. Handle that the same way we do for NFS -- append ",sloppy" option to the mount options. The kernel can look for that option to decide whether to ignore unknown mount options, warn, or error out. Signed-off-by: Jeff Layton commit c5dcf26c0d87d9e8342d2c946e039066de29d30a Author: Jeff Layton Date: Thu Mar 29 09:11:29 2012 -0400 cifs.upcall: use krb5_sname_to_principal to construct principal name Currently, we build the string by hand then then construct the principal name with krb5_parse_name. That bypasses the domain_realm section in krb5.conf however. Switch the code to use krb5_sname_to_principal instead which is more suited to this task. In order for that to work, we change a couple of calling functions to pass down a hostname instead of a principal name, and then pass in "cifs" as the service name. Reported-and-Tested-by: Nirupama Karandikar Signed-off-by: Jeff Layton commit fd31a7c0ba7f1282d2d81193d4d100fdc926b99b Author: Jeff Layton Date: Mon Apr 2 15:28:56 2012 -0400 mount.cifs: don't allow unprivileged users to mount onto dirs to which they can't chdir If mount.cifs is installed as a setuid root program, then a user can use it to gather information about files and directories to which he does not have access. One of the first things that mount.cifs does is to chdir() into the mountpoint and then proceeds to perform the mount onto ".". A malicious user could exploit this fact to determine information about directories to which he does not have access. Specifically, whether the dentry in question is a file or directory and whether it exists at all. This patch fixes this by making the program switch the fsuid to the real uid for un
Re: [Samba] Transfer speed
On Tue, 10 Apr 2012 16:36:56 +0200 Volker Lendecke wrote: > On Tue, Apr 10, 2012 at 08:55:14AM -0500, Chris Weiss wrote: > > On Tue, Apr 10, 2012 at 8:53 AM, Volker Lendecke > > wrote: > > > On Tue, Apr 10, 2012 at 08:26:48AM -0500, Chris Weiss wrote: > > >> that's dramatic! what needs done (from a user POV) to get this > > >> backported into Stable distro kernels? suggestions? > > > > > > Wait until the next major releases pick it up. > > > > that's a really crappy option. in certain cases that > > could be 4 years from now. > > Well, if you are an important enough RH customer you might > be able to apply pressure. But that's a LOT of money > probably. Same for SuSE. Debian will likely be very > resistant against that kind of bribery^Wincentive. > The patches involved here are pretty invasive. Backporting them is not for the faint-of-heart. Async write support went into RHEL 6.2. So far, no one has piped up to request async read support in RHEL6 yet, but we may backport it there at some point if someone requests it. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Transfer speed
On Tue, 10 Apr 2012 15:43:53 +0200 Emmanuel Florac wrote: > Le Tue, 10 Apr 2012 08:26:48 -0500 > Chris Weiss écrivait: > > > that's dramatic! what needs done (from a user POV) to get this > > backported into Stable distro kernels? suggestions? > > Most distros have recent kernels available in their repositories AFAIK. > I personnally prefer to compile my own kernels from vanilla unpatched > source. > > BTW I've tested with 3.1.10 too, and it falls in between 2.6.35 and > 3.2 : writes fast at 100 MB/s like 3.2 but reads slowly at 35 MB/s > like 2.6.35. > That's because async write support went in first (3.0?) and then async read support went into 3.2 or 3.3. 3.4 will get async write support for "strictcache" writes (when the client doesn't have an oplock and is writing around the cache). I'm currently working on a set of patches to do async reads around the cache as well when we don't have an oplock, and at that point I'll propose to make "strictcache" the default (as the protocol mandates). -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] system freeze with message CIFS VFS: Unexpected lookup error -88
On Thu, 23 Feb 2012 15:31:40 +0100 Denis Cardon wrote: > Hi everyone, > > I have had a few system freezes in the recent months (debian squeeze > with vmlinuz-2.6.32-5-686-bigmem), with the following message in dmesg : > > CIFS VFS: Unexpected lookup error -88 > CIFS VFS: Send error in SessSetup = -88 > > It is the same symptoms as in the redhat bugzilla : > > https://bugzilla.redhat.com/show_bug.cgi?id=711400 > > It it mentionned that it is patched in redhat kernel > kernel-2.6.32-170.el6, but I have not found any information if that > patch was sent upstream, and if yes, in which cifs module version. > > If anyone has information on this one, I'd be glad to hear. > > Cheers, > > Denis Cardon It's upstream commit 7fdbaa1b. Cheers, -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs gives error 13 after changing servers -- hidden cache??
On Wed, 15 Feb 2012 13:23:06 -0600 Digit Ijit wrote: > A sysadmin moved a share from one Windows server to another. I am now > getting error 13 when trying to mount the share from the new server. > > The following worked before the server was replaced: > > mount.cifs //ipaddress1/share1$ /mnt/share1 -o > credientials/home/whatever/.smbcredentials,rw > mount.cifs //ipaddress2/share2$ /mnt/share2 -o > credientials/home/whatever/.smbcredentials,ro > > Change: server ipaddress2 was replaced with server ipaddress3 and share2$ > was created on that server. > > mount.cifs //ipaddress1/share1$ /mnt/share1 -o > credientials/home/whatever/.smbcredentials,rw > Still works! > mount.cifs //ipaddress3/share2$ /mnt/share2 -o > credientials/home/whatever/.smbcredentials,ro > FAILS with mount error(13): Permission denied > > However, I can browse to //ipaddress3/share2$ using nautilus, and it is > also accessible from any Windows box on the network! This problem looks > similar to > lists.samba.org/archive/samba/2011-June/162704.html. Clearly, mount.cifs > seems to cache information somewhere. I have looked through /etc, /lib, > /var and /proc for any evidence that ipaddress2 was cached, but cannot find > anything. Any tips on how to solve this problem? > > Thanks! No, mount.cifs doesn't cache anything. It's more likely that the server is just rejecting the authentication for some reason. mount.cifs generally just passes the username and password to the kernel, so the problem is likely there... What kernel are you using on the client here, and what version of cifs-utils do you have? -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 5.3 is ready for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 With the overhaul of the cifscreds utility, I figured this would be a good time to do a new release. Highlights: * admins can now tell cifs.upcall to use an alternate krb5.conf file * on remount, mount.cifs no longer adds a duplicate mtab entry * the cifscreds utility has seen a major overhaul to allow for multiuser mounts without krb5 auth webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed list of changes since 5.1: commit c3fff275e873fd9b9639124e993dd4ad737614db Author: Jeff Layton Date: Fri Dec 9 21:36:00 2011 -0500 autoconf: bump release to 5.2.1 for interim builds Signed-off-by: Jeff Layton commit 2a9738cefaf8a9496ff0683e18357b3548da0b28 Author: Jeff Layton Date: Sat Dec 10 06:49:33 2011 -0500 contrib: add a set of sample /etc/request-key.d files Add a contrib directory, a set of sample /etc/request-key.d files and a README that explains what they're for. This version sets the path to the upcall programs based on the configure options. Signed-off-by: Jeff Layton commit cee919c2f3fb7b96518b800680664a15a6551d93 Author: Jeff Layton Date: Tue Jan 10 18:30:56 2012 -0500 get/setcifsacl: don't link in -lkeyutils These binaries don't use keys API at all. There's no need to link in the keys library. Reported-by: Frédéric L. W. Meunier Signed-off-by: Jeff Layton Acked-by: Shirish Pargaonkar commit 80682b216fed9ea52e1498890eb248567aba2a06 Author: Jeff Layton Date: Tue Jan 10 18:34:43 2012 -0500 cifs.upcall: allow admins to specify an alternate krb5.conf file This was actually requested by the Red Hat QA group, who sometimes work with multiple krb5.conf files when testing. Requested-by: Marko Myllynen Signed-off-by: Jeff Layton commit f46dd7661cfb87257c95081fc2071c934bfbbb16 Author: Carlos Maiolino Date: Mon Jan 16 12:29:49 2012 -0500 mount.cifs: Properly update mtab during remount During a remount of a cifs filesystem, the mtab file is not properly updated, which leads to a doubled entry of the same filesystem in the /etc/mtab file. This patch adds a new function del_mtab() which is called before the add_mtab() in case the fs is being remounted. The del_mtab() function will delete from the mtab, the old entry from the filesystem which is being remounted, and then, calls add_mtab() to add an updated entry to the mtab file. Signed-off-by: Carlos Maiolino commit 92be8b6775958814d39fb19247ff85947a2e4f9e Author: Jeff Layton Date: Mon Jan 16 13:22:28 2012 -0500 mount.cifs: handle errors from rename() in del_mtab The new del_mtab code ignored errors from rename(). Make it handle that error as well like it does other errors. Cc: Carlos Maiolino Signed-off-by: Jeff Layton commit 9da16c91477293e7b367127b0bdec92d9613440f Author: Jeff Layton Date: Tue Jan 17 14:43:23 2012 -0500 util: move getusername to util.c Signed-off-by: Jeff Layton commit 0c84231d1a735c10cad94b47a4a5e5eb560d1cdb Author: Jeff Layton Date: Tue Jan 17 14:43:23 2012 -0500 cifscreds: add unused attribute to argv parm in cifscreds_clearall ...to eliminate this warning: cifscreds.c: In function ‘cifscreds_clearall’: cifscreds.c:422:47: warning: unused parameter ‘argv’ Signed-off-by: Jeff Layton commit 57881972fa03c3624ea06f3245e1ba6c84cc2d68 Author: Jeff Layton Date: Tue Jan 17 14:43:23 2012 -0500 cifscreds: eliminate domain parm from most functions Eventually we'll add this back in a different way. The domain and address should be exclusive of one another. IOW, we want the kernel to be able to find credentials for a specific address or for the domain of which the server is a member. Signed-off-by: Jeff Layton commit d8b906abc655726079aaff753b3dfa7517b19067 Author: Jeff Layton Date: Tue Jan 17 14:43:24 2012 -0500 cifscreds: remove user parameter from create_description The username should be part of the key payload and not part of the description. Also, prefix the address with an "a:" in the description. Eventually we'll also need a "domain" key variant. Signed-off-by: Jeff Layton commit 1578af7afadf0c9cb132ea9224c877dced1f0114 Author: Jeff Layton Date: Tue Jan 17 14:43:24 2012 -0500 cifscreds: make username part of value instead of description Change the payload to be "username:password". Since usernames can't contain ':', this is suitable delimiter. Also, create_description is just a sprintf now, so eliminate it. Signed-off-by: Jeff Layton commit c0
[Samba] ANNOUNCE: cifs-utils release 5.2 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Things have been relatively quiet lately. Time for a release! Highlights: * A lot of manpage updates, additions and corrections * cifs.idmap can now map uid/gid to SID in addition to the other way around * getcifsacl/setcifsacl are now installed by default in /usr/bin instead of /usr/sbin. The manpages are now in section 1. * cifs.upcall has a new scheme for picking the SPN on krb5 mounts. The hostname is now always lowercased. If we fail to get a ticket using an unqualified name, it now attempts to guess the domain name. webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed list of changes since 5.1: commit 62a1005814793dd7fa5e819d6619065ae8edf240 Author: Jeff Layton Date: Fri Sep 23 14:00:14 2011 -0400 autoconf: bump version to 5.1.1 for interim builds Signed-off-by: Jeff Layton commit f9df5f8e629176db7a1812f7914a45e2977c3e4c Author: Jeff Layton Date: Sat Sep 24 08:01:16 2011 -0400 acltools: install them in $bindir, not $sbindir Move the manpages to section 1 since getcifsacl and setcifsacl are user, not sysadmin tools. Get rid of the useless sed calls on the manpages. They don't have any explicit paths in them that need replacing. Also get rid of the "4.0" in the footers of all the manpages. Signed-off-by: Jeff Layton commit 814a5e1868e8a557cbff8181a480fb84b45abae7 Author: Jeff Layton Date: Tue Oct 18 07:35:21 2011 -0400 manpage: move SEE ALSO section in setcifsacl.1 nearer to bottom The convention is to have that close to the bottom of the manpage. In this case, we want it after the EXAMPLES section. Signed-off-by: Jeff Layton commit ca20bbff426d3b84c23df1df71d7a227206e Author: Suresh Jayaraman Date: Tue Oct 18 08:01:21 2011 -0400 cifs-utils: mention the kernel version that introduced setcifsacl Reviewed-by: Shirish Pargaonkar Signed-off-by: Suresh Jayaraman commit d9c1bf93015e6939d16a319411566de1563a93ca Author: Suresh Jayaraman Date: Tue Oct 18 08:01:26 2011 -0400 cifs-utils: manpage: mention the kernel version that introduced getcifsacl Reviewed-by: Shirish Pargaonkar Signed-off-by: Suresh Jayaraman commit a31ff1481f4dc633d2f32d1e0772d1da9b5dee46 Author: Suresh Jayaraman Date: Tue Oct 18 08:01:30 2011 -0400 cifs-utils: manpage: mention the required kernel version to make cifs.idmap work Cc: Shirish Pargaonkar Signed-off-by: Suresh Jayaraman commit c55ad41d1a11e897b4db166f800d4abd71d86652 Author: Shirish Pargaonkar Date: Wed Oct 19 14:18:07 2011 -0400 mount.cifs: Add mount options for backup intent and their manpages (try #8) Add mount options backupuid and backugid and their manpage contents. Check for either a valid uid/gid or valid user/group name. Signed-off-by: Shirish Pargaonkar commit e92709981e5d3e927a0ba823d7c94d7cf0940897 Author: Jeff Layton Date: Wed Oct 19 14:18:12 2011 -0400 manpage: cleanups to new backupuid/gid sections Minor cleanups and consistency fixes... Cc: Shirish Pargaonkar Signed-off-by: Jeff Layton commit 71c358b25c9bcd9b030a8f6844eecd42488e6724 Author: Shirish Pargaonkar Date: Wed Oct 19 14:18:12 2011 -0400 cifs.idmap: Add uid/gid to SID mapping functions (try #3) Add functions to map a uid and gid to a SID. These functions are similar to SID to uid and gid mapping functions. A SID is what is returned to the cifs module. Signed-off-by: Shirish Pargaonkar commit b6eb2f2f9f5ce0c64c57e2f59ef2ce80932decca Author: Jeff Layton Date: Wed Oct 19 14:25:31 2011 -0400 manpage: document new rsize= behavior With the addition of async readpages in 3.2 kernels, the behavior of the rsize= option has changed. Signed-off-by: Jeff Layton commit fa488d9fd2a0d722cfcccea6c84599366b58b0de Author: Jeff Layton Date: Sat Nov 12 09:58:02 2011 -0500 cifs.upcall: silence unused parameter warning cifs.upcall.c: In function ‘cifs_krb5_principal_get_realm’: cifs.upcall.c:80:57: warning: unused parameter ‘context’ [-Wunused-parameter] Signed-off-by: Jeff Layton commit d540fe20e3943293f493a80529da012d00782ebe Author: Jeff Layton Date: Sat Dec 3 05:57:11 2011 -0500 resolve_host: silence compiler warning about discarding const qualifier ...don't use "ipaddr" here since it's a const pointer. Signed-off-by: Jeff Layton Reviewed-by: Steve French commit 7976a38aa27acdc2057e3314b87cfce3893a04e8 Author: Jeff Layton Date: Sat Dec 3 05:57:14 2011 -0500 cifs.upcall: move to an on-stack princ buffer ...and check to see if provided hostname will exceed it.
[Samba] ANNOUNCE: cifs-utils release 5.1 available for download
We've had a number of changes since the last release, and we have some other upcoming kernel changes that might require corresponding cifs-utils changes. So it's probably as good a time as any for a new release. Highlights: + fix for a minor security issue that can corrupt the mtab + new getcifsacl/setcifsacl tools that allow you to fetch and set raw Windows ACLs via an xattr. + a lot of manpage patches webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed list of changes since 5.0: commit 2c9e666011c352605a019ee82f39eefb53cc6ad8 Author: Jeff Layton Date: Fri Jul 8 09:59:26 2011 -0400 autoconf: bump release number to 5.0.1 for interim builds Signed-off-by: Jeff Layton commit 775610358cb4cff8a6f322d0e8d5fade078f6f54 Author: Jeff Layton Date: Tue Jul 12 07:30:57 2011 -0400 manpage: add some missing options to mount.cifs.8 Clarify servernetbiosname parameter name, add mention of ignorecase, and add a section on noposixpaths. Signed-off-by: Jeff Layton commit f6eae44a3d05b6515a59651e6bed8b6dde689aec Author: Jeff Layton Date: Tue Jul 12 08:19:33 2011 -0400 mtab: handle ENOSPC/EFBIG condition properly when altering mtab It's possible that when mount.cifs goes to append the mtab that there won't be enough space to do so, and the mntent won't be appended to the file in its entirety. Add a my_endmntent routine that will fflush and then fsync the FILE if that succeeds. If either fails then it will truncate the file back to its provided size. It will then call endmntent unconditionally. Have add_mtab call fstat on the opened mtab file in order to get the size of the file before it has been appended. Assuming that that succeeds, use my_endmntent to ensure that the file is not corrupted before closing it. It's possible that we'll have a small race window where the mtab is incorrect, but it should be quickly corrected. This was reported some time ago as CVE-2011-1678: http://openwall.com/lists/oss-security/2011/03/04/9 ...and it seems to fix the reproducer that I was able to come up with. Signed-off-by: Jeff Layton Reviewed-by: Suresh Jayaraman commit aa442e80e754f2952b0d90dbdbf2cb2807816ed2 Author: Shirish Pargaonkar Date: Mon Jul 18 12:06:03 2011 -0400 manpages: add contents for mount option cifsacl (try #3) Manpage contents for cifs mount option cifsacl Signed-off-by: Shirish Pargaonkar commit d791892d901adde0dfb9e8d1099488f078704c73 Author: Jeff Layton Date: Tue Jul 19 08:12:13 2011 -0400 manpage: corrections and cleanups to the cifsacl option sections ..also update the part that describes what kernel version this manpage is accurate against. Signed-off-by: Jeff Layton commit 861824f588a870da7c110b6f199eb5ce7d4dc476 Author: Jeff Layton Date: Tue Jul 19 14:53:47 2011 -0400 cifs-utils: add a note about inclusion of keys.dns_resolver program in keyutils As of version 1.5, the keyutils package is shipping a generic dns_resolver upcall. Add a note to the cifs.upcall manpage that mentions this and recommends the use of that program over cifs.upcall. Eventually, we may want to be able to conditionally compile out the dns_resolver part of the upcall, but it's already pretty small and wouldn't save us very much. Signed-off-by: Jeff Layton commit 1e7a32924b22d1f786b6f490ce8590656f578f91 Author: Jeff Layton Date: Fri Jul 29 07:12:48 2011 -0400 mount.cifs: check_newline returns EX_USAGE on error, not -1 Reported-by: Jan Lieskovsky Signed-off-by: Jeff Layton commit e0bb4418f79cb8670d06170fcd33c286839d258e Author: Jeff Layton Date: Tue Aug 23 09:02:11 2011 -0400 autoconf: fix help message for --enable-cifsidmap It currently says "no" is the default, but it should be "yes". Reported-by: Elias Pipping Signed-off-by: Jeff Layton commit 86ec330e309af06459f8e64aad7899fd3fb7a9bf Author: Shirish Pargaonkar Date: Thu Aug 25 14:16:23 2011 -0400 cifsacl: Add file cifsacl.h (try #2) Add defines and structures related to security descriptor, ACL, ACE, various fields within an ACE, and SID. Also define various file permissions and acess types. Signed-off-by: Shirish Pargaonkar commit 7b090a36a06efec017ebf12a733136ea3968a637 Author: Shirish Pargaonkar Date: Thu Aug 25 14:16:23 2011 -0400 cifsacl: Add file getcifsacl.c (try #2) Parse the blob that contains a security descriptor obtained by calling getxattr API using attribute system.cifs_acl . Start parsing and printing security descriptor inclu
Re: [Samba] Clearcase, Samba, and mnode values
On Thu, 8 Sep 2011 10:14:47 -0700 Kathy wrote: > That's possible and yesterday I was looking at possibly using Valgrind > to see if I could dig further into that idea. I've never used it > before, though, so not sure if there is an easier method to detect > kernel memory leaks. > > And about static things in swap, I agree. I have noticed on our old > Clearcase/Samba server, that it consumes all the memory down to about > 150M plus 72k of swap and just sits there like that. Seems to be fine > and can run for 2 months or longer like that. That server, though, > has only 4 gigs of memory and so I was assuming that it did that > because it didn't have a lot of memory. However, this new Clearcase > server, which has 32 GB of memory appears to perhaps want to do the > same thing. So I began to wonder if that is just normal behavior -- > i.e., it caches all its memory. But I think it's a problem because > people started to report Clearcase running really really slow when it > got down to almost nothing left and it just seems odd that it would > consume all 32 GB of memory in less than 12 hours. > That's normal. Linux will use up as much free RAM as it can to cache file data, based on the principle that free RAM is wasted RAM. What really matters is not free RAM, so much as *reclaimable* RAM. If the memory is clean (meaning that it doesn't have data that needs to be written back out), then the kernel can just free it on a least-recently-used basis when the need arises. If not, then the kernel will require more active participation to free up memory, which is comparatively slow. I think you'll probably need to step back and determine what the application is doing when it becomes slow. It may very well be that there is a problem with memory allocation at that time that's causing the slowdown. But, you can't really assume that or you might end up down a rabbit hole that has nothing to do with the real problem. Determining that will probably require help from IBM as only they have real insight into clearcase -- it's a closed source program, after all. Either way, it's highly doubtful that this has anything to do with samba. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs -> Unisys MCP Mainframe -- Linux touch command "setting times of `testfile.txt': Permission denied"
On Wed, 31 Aug 2011 17:35:39 -0400 Tim Lank wrote: > On Wed, Aug 31, 2011 at 3:41 PM, Jeff Layton wrote: > > > On Wed, 31 Aug 2011 14:55:26 -0400 > > Tim Lank wrote: > > > > > the mount.cifs is from (cifs-utils-4.8.1-2.el6.x86_64) > > > > > > > > > On Tue, Aug 30, 2011 at 8:05 PM, Tim Lank wrote: > > > > > > > I've got a share from a Unisys MCP Mainframe mounted with mount.cifs > > from > > > > RHEL 6.1 (samba-common-3.5.6-86.el6.x86_64). > > > > > > > > when I try to touch a file, it creates the file, but reports an error - > > > > "setting times of `testfile.txt': Permission denied" > > > > > > > > strace on the touch command shows that it is erroring out on the > > > > utimensat() call > > > > > > > > utimensat(0, NULL, NULL, 0) = -1 EACCES (Permission denied) > > > > > > > > Documentation from the Unisys Mainframe can be found here > > > > > > > > > > http://public.support.unisys.com/aseries/docs/clearpath-mcp-12.0/pdf/70118328-103.pdf > > > > Pages: C-2 and C3 show what POSIX functions are/not supported > > > > utime() and utimensat() are not among the supported functions listed > > there. > > > > > > > > > > > > Is there any combination of parameters to mount.cifs that can be used > > that > > > > would prevent touch from reporting this error? > > > > > > > > > > > > > > > > (cc'ing linux-cifs ml) > > > > Most likely, this is a local (unix) permissions issue. CIFS has a rather > > unintuitive permissions model. It attempts to enforce permissions > > locally, but doesn't really have enough information to do so properly. > > This leads to these sorts of problems. > > > > When you create files as a particular user, then they end up being > > owned by the "default" file owner on the mount rather than the user > > that just created the file. Then when you go to set the time, the > > kernel tries to enforce the permissions on the file and denies you > > access to do so. This varies somewhat depending on whether CIFS posix > > extensions are in force, but it's a common problem. > > > > The best scheme is to switch the mount to being multiuser, but that > > requires a kerberized setup at the moment. > > > > Another workaround is to mount with '-o noperm' which disables local > > permissions checking entirely. This will however allow any process on > > the box to read and write to the server using the mount credentials. > > > > Another idea is to get creative with the uid=,gid=,file_mode=, and > > dir_mode= options. See the mount.cifs manpage. If you're careful, you > > can craft a set of options that will allow the users you want to have > > proper access without opening everything up. > > > > My SambaXP talk from last year covers a lot of this in detail if you're > > interested > > > >http://sambaxp.org/index.php?id=38 > > > > Good luck! > > -- > > Jeff Layton > > > > Jeff, > > Thanks for all the info. > > A wireshark analysis shows that the Mainframe here is returning a frame that > shows that the file is created and granted exclusive open for writing. The > file actually gets created on the Mainframe (presumably because of the > combination of my uid=,gid=,file_mode=, and > dir_mode= options) and I can modify it from all users on the mount.cifs > box. The next request is from the mount.cifs box to modify "Created, Last > Access, Last Write, and Change" timestamp attributes for the (already) > opened file. The response frame from the Mainframe is a basic "Access > Denied" message which I suppose the touch command turns into a "setting > times of" ... Permission Denied message being returned. > In that case, none of what I said above applies :) This sounds like a server implementation issue. If the server doesn't support this call, then there's not much you can do other than report it to them as a bug and plan to ignore it. > I'd like to try and get a kerberized setup going with mount.cifs. I see the > sec=krb5 option, but is there a series of other config steps that I need to > perform (modifying /etc/krb5.conf for example). Supposedly the Mainframe > already has kerberos mapping setup for all the users on our mount.cifs > system. > > Any references (besides the mount.cifs manpage) that you can provide that > walk through the kerberized setup would be appreciated. > There isn't much, mostly you need to set up krb5 on the client, and then set up cifs.upcall to be called when the kernel requests a key (see the cifs.upcall manpage for details on that). After that it should "just work". That said, it's not likely to help this specific problem... -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs -> Unisys MCP Mainframe -- Linux touch command "setting times of `testfile.txt': Permission denied"
On Wed, 31 Aug 2011 14:55:26 -0400 Tim Lank wrote: > the mount.cifs is from (cifs-utils-4.8.1-2.el6.x86_64) > > > On Tue, Aug 30, 2011 at 8:05 PM, Tim Lank wrote: > > > I've got a share from a Unisys MCP Mainframe mounted with mount.cifs from > > RHEL 6.1 (samba-common-3.5.6-86.el6.x86_64). > > > > when I try to touch a file, it creates the file, but reports an error - > > "setting times of `testfile.txt': Permission denied" > > > > strace on the touch command shows that it is erroring out on the > > utimensat() call > > > > utimensat(0, NULL, NULL, 0) = -1 EACCES (Permission denied) > > > > Documentation from the Unisys Mainframe can be found here > > > > http://public.support.unisys.com/aseries/docs/clearpath-mcp-12.0/pdf/70118328-103.pdf > > Pages: C-2 and C3 show what POSIX functions are/not supported > > utime() and utimensat() are not among the supported functions listed there. > > > > > > Is there any combination of parameters to mount.cifs that can be used that > > would prevent touch from reporting this error? > > > > > > (cc'ing linux-cifs ml) Most likely, this is a local (unix) permissions issue. CIFS has a rather unintuitive permissions model. It attempts to enforce permissions locally, but doesn't really have enough information to do so properly. This leads to these sorts of problems. When you create files as a particular user, then they end up being owned by the "default" file owner on the mount rather than the user that just created the file. Then when you go to set the time, the kernel tries to enforce the permissions on the file and denies you access to do so. This varies somewhat depending on whether CIFS posix extensions are in force, but it's a common problem. The best scheme is to switch the mount to being multiuser, but that requires a kerberized setup at the moment. Another workaround is to mount with '-o noperm' which disables local permissions checking entirely. This will however allow any process on the box to read and write to the server using the mount credentials. Another idea is to get creative with the uid=,gid=,file_mode=, and dir_mode= options. See the mount.cifs manpage. If you're careful, you can craft a set of options that will allow the users you want to have proper access without opening everything up. My SambaXP talk from last year covers a lot of this in detail if you're interested http://sambaxp.org/index.php?id=38 Good luck! -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 5.0 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It's been a while since our last release and Shirish's new cifs.idmap utility has now been merged. The last release was 4.9, so I've been a bit torn -- should I call this one 4.10 or 5.0? Then I figured...when in doubt, copy Linus. Since he just bumped the major version number of the kernel, this is now version 5.0. The main changes: - - mount.cifs always uses the original device string to ensure that umounts by unprivileged users are not problematic - - there is a new cifs.idmap program for handling idmapping upcalls - - a lot of manpage patches webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed changelog since 4.9: commit 201e3fcc8fd2437990d061b29283de256a7f37fd Author: Jeff Layton Date: Tue Mar 15 13:30:37 2011 -0400 autoconf: bump version to 4.9.1 for interim builds Signed-off-by: Jeff Layton commit bc2bb65950525081457575a833251355c61b6599 Author: Pavel Shilovsky Date: Tue Mar 15 13:30:44 2011 -0400 manpage: add entry for strictcache option Signed-off-by: Pavel Shilovsky commit ffac601c45b167a1af1d35561f1c01ab0813cc14 Author: Luk Claes Date: Fri Apr 8 14:13:35 2011 -0400 mount.cifs: Use original device string all the way Don't construct a device name, but use the original device string to mount so the device name in /proc/mounts matches the one in /etc/fstab. Signed-off-by: Luk Claes commit 00e7fcbe9f519a8251707321eadd34cf156447e5 Author: Jeff Layton Date: Fri Apr 15 07:49:51 2011 -0400 mount.cifs: fix test for strtoul failure in mount.cifs It currently test to see if errno == -EINVAL and whether the endptr is '\0'. That's not correct however. What we really want it to do is check to see if any error occurred by setting errno to 0 before the conversion. If one did, then try to treat the value as a name. Also fix a bogus compiler warning about cruid being uninitialized. Reported-by: Jian Li Signed-off-by: Jeff Layton commit a6c23f4421ae02de9f01bb6264a03ede9970cb19 Author: Pavel Shilovsky Date: Fri May 20 07:36:33 2011 -0400 manpage: make serverino and noserverino option descriptions clear Signed-off-by: Pavel Shilovsky commit f699e959d2afadffc6a4db96b57f873f7dd5e9d9 Author: Shirish Pargaonkar Date: Tue May 24 14:49:56 2011 -0400 cifs-utils: Create new binary cifs.idmap for sid to uid/gid mapping (try #4) Handle cifs.idmap type of key. Extract a SID string from the description and map it to either an uid or gid using winbind APIs. If that fails (e.g. because winbind is not installed/running or winbind returns an error), kernel assigns uid and gid (from mount superblock). Enable including winbind header files and idmapping code conditional to winbind devel rpms (header and library). An entry such as this create cifs.idmap * * /usr/sbin/cifs.idmap %k is needed in the file /etc/request-key.conf. [Note: Modified to not build new tool by default, and to fix up some whitespace munging] Modified-by: Jeff Layton Signed-off-by: Shirish Pargaonkar commit 0a32d6990e67c48753435e986c7073876cafe7f3 Author: Jeff Layton Date: Tue May 24 14:49:58 2011 -0400 cifs.idmap: remove 2 unused variables cifs.idmap.c: In function ‘cifs_idmap’: cifs.idmap.c:85:16: warning: unused variable ‘gr’ [-Wunused-variable] cifs.idmap.c:84:17: warning: unused variable ‘pw’ [-Wunused-variable] Signed-off-by: Jeff Layton commit fd6405b059d3d066ecdff90a4b0024d28795948e Author: Jeff Layton Date: Tue May 24 14:50:00 2011 -0400 cifs.upcall: don't syslog usage message Signed-off-by: Jeff Layton commit 3a2a7fc40d98389766c82435a5b5332ab2272838 Author: Jeff Layton Date: Thu May 26 14:56:37 2011 -0400 manpage: update the description of the wsize= option ...to account for the changes in the async write patchset. Signed-off-by: Jeff Layton commit a669fb3bb4411e4f4d95de1a1a2ec9cccfe14873 Author: Pavel Shilovsky Date: Mon May 30 20:02:19 2011 -0400 manpage: add decription about matching superblock to wsize= option ...according to shared superblock capability merged into cifs-2.6 git tree recently. Signed-off-by: Pavel Shilovsky commit 9954c780b8b5db38ea9dfd920ff5bba0f683a9be Author: Pavel Shilovsky Date: Mon May 30 20:02:27 2011 -0400 manpage: add entry for rwpidforward option Signed-off-by: Pavel Shilovsky commit bb95a848469d6912b5f0d06068006cc824c590f6 Author: Jeff Layton Date: Mon May 30 20:05:01 2011 -0400 manpage: change mention of kernel 2.6.40 to 3.0.0
Re: [Samba] CIFS mount with non-ascii (UTF8) password is not working
On Fri, 25 Mar 2011 10:44:42 + Moray Henderson wrote: > Katariya Rahul wrote: > > I have French CIFS server. > > > > If I try to map a share from any windows machine with non-ascii (UTF-8, > > french characters are part of password) password, it is successful. > > > > But If I try from linux machine, it fails. > > > > mount -t cifs //MACHINE/DatasetFIGS_ùÉÀÊÚÎÏŒÄÑ£₣€ /tmp/rahul -o > > user=ùù,password=ùù,domain=eKKDr > > mount error 13 = Permission denied > > Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) > > > > > > Does CIFS supports non-ascii password? > > On the Linux machine, what output does the "locale" command give you? > > If you type the password at the Linux prompt where you can see it, do you get > the right characters? If the keyboard isn't set right in Linux, it won't > work. To see exactly how the password is being encoded, use "echo > | xxd" (although obviously don't post the output for a real password here). > > Was the password set from Windows or from Linux? If from Windows, then I > would expect the encoding to be in either UTF-16 or the Windows locale 8-bit > encoding, not UTF-8. For example, "Latin Small Letter E With Acute" is > encoded as 0xE9 in the Windows Western encoding, 0xE900 in UTF-16, and 0xC3A9 > in UTF-8. > > Does it work any better if you use Samba's own mount.cifs program directly > rather than going through mount? > > I do not know what (if any) character encoding translation the cifs module > does. Check whether the locale and "testparm -vs | grep char" on your CIFS > server match the settings on the Linux machine you are doing the mapping from. > > Linux CIFS generally treats passwords as an opaque series of bytes. It does no translation of that piece. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.9 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The last release (4.8.1) was back in January. Things have been pretty quiet but we've had a few bugs fixed since then, so it's probably time for another release. Not a lot of major changes with this one -- mostly just bugfixes. The main changes since 4.8.1 are: * Some distros (namely Fedora) are moving to having /etc/mtab be a symlink to /proc/mounts. We automatically skip trying to alter the mtab if it's a symlink. * fix for a bug that could prevent root from mounting onto a directory to which he did not have explicit execute permission. * fix for a bug that caused the mount helper to pass in a corrupt address when someone specified an IPv6 address with a scopeid. * mount.cifs bugfix for an uninitialized variable that could cause a segfault webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed changelog: commit 51e3999b5fcd76502e05325174f34e0428c4742e Author: Jeff Layton Date: Mon Jan 31 11:54:44 2011 -0500 autoconf: bump release to 4.8.2 for interim builds Signed-off-by: Jeff Layton commit fba28cfe2f13dd8bdae3cec76178f42b001a40ca Author: Jeff Layton Date: Mon Jan 31 15:04:35 2011 -0500 mount.cifs: don't try to alter mtab if it's a symlink Some distros replace /etc/mtab with a symlink to /proc/mounts. In that situation, mount.cifs will hang for a while trying to lock the mtab. /bin/mount checks to see if the mtab is a symlink. If it is or if a stat() call on it fails, it doesn't try to to update the mtab. Have mount.cifs do the same. Signed-off-by: Jeff Layton commit 24093bef78e1e4ea5d541716ebba63e8d4e15c58 Author: Jeff Layton Date: Tue Feb 1 14:24:30 2011 -0500 mount.cifs: fix possible use of uninitialized variable It's possible to "goto return_i" in this function at several points before line_buf is set. At that point, the NULL pointer check won't work correctly and we can end up with a SIGSEGV. Signed-off-by: Jeff Layton commit b6d2d91df012f965f29ba26489aca009712a230c Author: Jeff Layton Date: Tue Feb 8 15:33:09 2011 -0500 mount.cifs: reacquire CAP_DAC_READ_SEARCH before calling mount(2) It's possible that the user is trying to mount onto a directory to which he doesn't have execute perms. If that's the case then the mount will currently fail. Fix this by reenabling CAP_DAC_READ_SEARCH before calling mount(2). That will ensure that the kernel's permissions check for this is bypassed. Reported-by: Erik Logtenberg Signed-off-by: Jeff Layton Reviewed-by: Steve French commit 38eaab88a08a66adb535d0e5cdcaea9859131c5b Author: Jeff Layton Date: Tue Feb 15 13:30:47 2011 -0500 mount.cifs: fix handling of scopeid in resolve_host We get a pointer to the end of the address string (ipaddr), but the call snprintf and pass in tmpbuf which is a pointer to the beginning of the address string. If someone passes in an address with a scopeid then we end up overwriting the entire address string. Reported-by: Björn JACKE Signed-off-by: Jeff Layton commit cf7d6d481a84fdfc8272e38a6eb49c8a52fa201f Author: Jeff Layton Date: Fri Mar 4 14:54:18 2011 -0500 autoconf: bump release to 4.9 Signed-off-by: Jeff Layton - -- Jeff Layton -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAk1xSmcACgkQyP0gxQMdzIBRfwCeOuyPL9QXOAbxHJdt+KIZ+jzR fkMAn1/lD47v9CwYsOZ+GLilIfpcgJ8q =RlVa -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Running and testing SMB2 under RHEL 5 and RHEL 6
On Sat, 19 Feb 2011 19:04:35 -0500 Nico Kadel-Garcia wrote: > Does RHEL 5 or RHEL 6, or the current versions of cifs-utils available > for either, actually support SMB2? I don't see a "mount.smb2" binary > in the packages, though I see it mentioned in the docs, and I'd like > to really hammer the SMB2 server for performance comparisons. But it's > meaningless if if it's not actually mounting as SMB2. smb2fs is still under development upstream and neither RHEL5 or 6 include client-side support in the kernel. I'm not clear on whether server-side support is being shipped in either though (the folks that maintain that piece would need to comment). -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.8.1 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It turns out that the 4.8 release had some mis-generated autoconf files. In particular, the aclocal files for libcap-ng were not properly included. This would lead to mount.cifs not being built with support for dropping capabilities via libcap-ng. This minor release fixes that and only that. People who install mount.cifs as a setuid root program should consider upgrading (unless they did an autoreconf or similar at build time). webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed changelog: commit eb0f1cad7ed85e9d98fef4f8dfbecdac67477e76 Author: Jeff Layton Date: Wed Jan 19 21:04:14 2011 -0500 autoconf: bump release to 4.8.1 The 4.8 release had mis-generated autoconf files (they didn't include the libcap-ng autoconf goop). 4.8.1 will have that fixed. Signed-off-by: Jeff Layton - -- Jeff Layton -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAk05210ACgkQyP0gxQMdzIBtQwCeLWGJYotDqXgUw0awG2/Bd84Z rloAn0Kk2MIFLfKGwJsTAStxriKZK9r5 =HZ7F -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.8 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The last release (4.7) was back in October. We've had a number of good fixes committed in the last few weeks, so it's a good time to cut a new release. Also, note that I've transplanted the cifs-utils manpage to the Samba Wiki. The old URL still works and redirects browsers to the new page. o hardcoded paths in the cifs.upcall manpage are rewritten at build time o a cifs.upcall pathset from Stefan Metzmacher to add GSSAPI checksums to the SPNEGO blob. This is necessary for interoperability with certain krb5 implementations (EMC's specifically) o cifs.upcall can now use the system-default keytab for automatic mounts o mount.cifs handles the cruid= option in a similar fashion to the uid= mount option. The kernel will gain support for this in 2.6.38 and in earlier stable releases. ...plus the usual assortment of bugfixes and manpage updates. webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed changelog: commit 4154422a9e58c2fe7009312f45543fedc20d1ffd Author: Jeff Layton Date: Thu Dec 9 09:30:03 2010 -0500 cifs-utils: bump version number to 4.7.1 for interim builds Signed-off-by: Jeff Layton commit 0f588214bc07682b522ac14814b4d97a9b6455d4 Author: Suresh Jayaraman Date: Thu Dec 9 09:37:52 2010 -0500 mount.cifs: manpage: add entry for "actimeo" option Signed-off-by: Suresh Jayaraman Signed-off-by: Jeff Layton commit 68691e68937ab9dc7f2d570da7e38659f25d41c1 Author: Jeff Layton Date: Thu Dec 9 09:37:52 2010 -0500 cifs-utils: rewrite hardcoded paths in manpages Currently the manpages (particularly cifs.upcall.8) have hardcoded paths in them that need to be manually adjusted. Replace those paths with @sbindir@ and add a makefile target that will use sed to replace those paths with the ones set by autoconf. Signed-off-by: Jeff Layton commit 3e15450d879a42598a2596f2f1f535e95d423057 Author: Jeff Layton Date: Tue Dec 14 12:05:04 2010 -0500 cifs-utils: fixes for manpage pathname replacement scheme Fix up some small problems with pathname replacement: 1) replace the bare 'sed' with $(SED) 2) '\@' is apparently not portable, so we need to use a different scheme in case we end up using a non-typical sed binary. 3) do the sed conversion to a new file and then move it into place. If sed falls down halfway through the conversion we could end up with a half-baked manpage. 4) use the $@ construct for brevity and maintainability 5) add a comment so that the rationale behind this is explained Many thanks to several folks inside Red Hat who pointed out these issues. Signed-off-by: Jeff Layton commit e3c9b40fbe124bda174753785772e56344c68968 Author: Stefan Metzmacher Date: Tue Dec 28 14:21:26 2010 -0500 cifs.upcall: fix memory and call krb5_auth_con_free() Signed-off-by: Stefan Metzmacher commit 1d8859b4111a363d30bd3256660e77a216e82a83 Author: Stefan Metzmacher Date: Tue Dec 28 14:21:31 2010 -0500 cifs.upcall: use krb5_auth_con_init() to create an explicit auth_context Signed-off-by: Stefan Metzmacher commit 99dfd04655aab3a8e6ea03184a32e360f23df9ad Author: Stefan Metzmacher Date: Tue Dec 28 14:21:34 2010 -0500 cifs.upcall: use krb5_auth_con_set_req_cksumtype() and pass a GSSAPI checksum (bug #7890) Some closed source SMB servers doesn't support all checksum types, so we should try to match windows clients. This is almost the same logic which is used by Samba. Signed-off-by: Stefan Metzmacher commit f240ebe98b881f3daadf229bb24501829d3731ac Author: Pavel Shilovsky Date: Wed Jan 5 07:23:37 2011 -0500 manpage: change port option description Provide changes according to new ip/port connection logic in CIFS. Signed-off-by: Pavel Shilovsky commit 7075a466159e59a46575739cc89b8d8a8c3ea3bc Author: Jeff Layton Date: Wed Jan 5 10:52:19 2011 -0500 cifs.upcall: add 'l' to getopt_long string Reported-by: Stefan Walter Signed-off-by: Jeff Layton Reviewed-by: Shirish Pargaonkar commit 5979d6dfe7fde7ab05f6bc02e771b4c05d994213 Author: Jeff Layton Date: Wed Jan 5 10:52:19 2011 -0500 cifs.upcall: fix crash when trying to free uninitialized var If cifs.upcall is passed an invalid argument then it will "goto out". The decoded_args struct however is uninitialized at that point so it will usually segfault when trying to free fields in it. Move the initialization up in the function. Signed-off-by: Jeff Layton commit 0b4bcc203d6c6934eedb8db756bb768457097142 Author: Jeff Layton Date: Thu
Re: [Samba] cifs and Netapp DFS-shares problems
On Fri, 10 Dec 2010 11:25:46 +0100 Marcus wrote: > Hi, > > Am Donnerstag, den 09.12.2010, 01:37 +0100 schrieb Marcus: > > > > are there any known issues with cifs and DFS-shares on Netapp file > > servers? We have a Netapp file sever with DFS on the user's home shares. > > The home shares can successfully mounted with > > > > mount -t cifs //sever/home/username /mnt/ -o user=username,domain=AD > > > > but the connection hangs in the moment a directory listing is started. > > The strange thing is that only shares with activated DFS show this > > problem. I'm not maintaining the Netapp file server therefore a can't > > post more information about that system. On client side I'm using Ubuntu > > LTS 10.04.1. > > This error only comes up, if DFS is activated on a share on the NetApp > Server. Here is a kernel log: > > Dec 10 11:10:37 lebowski kernel: [ 3586.471662] Bad SMB: : dump of 48 > bytes of data at 0xe44e5c00 > Dec 10 11:10:37 lebowski kernel: [ 3586.471675] 009a 424d53ff > 0032 80018800 . . . . ÿ S M B 2 . . . . . . . > Dec 10 11:10:37 lebowski kernel: [ 3586.471688] > 26420040 . . . . . . . . . . . . @ . B & > Dec 10 11:10:37 lebowski kernel: [ 3586.471701] 001a0800 720a > 0200 3800 . . . . . . . p . . . . . 8 . . > Dec 10 11:11:03 lebowski kernel: [ 3612.832108] CIFS VFS: server not > responding > Dec 10 11:11:03 lebowski kernel: [ 3612.832125] CIFS VFS: No response > for cmd 50 mid 26 > Dec 10 11:11:05 lebowski kernel: [ 3614.656937] CIFS VFS: RFC1001 size > 154 bigger than SMB for Mid=30 > Dec 10 11:11:05 lebowski kernel: [ 3614.656953] Bad SMB: : dump of 48 > bytes of data at 0xe44e5c00 > Dec 10 11:11:05 lebowski kernel: [ 3614.656967] 009a 424d53ff > 0032 80018800 . . . . ÿ S M B 2 . . . . . . . > Dec 10 11:11:05 lebowski kernel: [ 3614.656979] > 26420040 . . . . . . . . . . . . @ . B & > Dec 10 11:11:05 lebowski kernel: [ 3614.656994] 001e0800 720a > 0200 3800 . . . . . . . p . . . . . 8 . . > Dec 10 11:11:33 lebowski kernel: [ 3642.832284] CIFS VFS: server not > responding > Dec 10 11:11:33 lebowski kernel: [ 3642.832299] CIFS VFS: No response > for cmd 50 mid 30 > Dec 10 11:11:40 lebowski kernel: [ 3649.895000] CIFS VFS: RFC1001 size > 154 bigger than SMB for Mid=34 > Dec 10 11:11:40 lebowski kernel: [ 3649.895017] Bad SMB: : dump of 48 > bytes of data at 0xe44e5c00 > Dec 10 11:11:40 lebowski kernel: [ 3649.895030] 009a 424d53ff > 0032 80018800 . . . . ÿ S M B 2 . . . . . . . > Dec 10 11:11:40 lebowski kernel: [ 3649.895043] > 26420040 . . . . . . . . . . . . @ . B & > Dec 10 11:11:40 lebowski kernel: [ 3649.895056] 00220800 720a > 0200 3800 . . " . . . . p . . . . . 8 . . > -- > > umounting is impossible and gives the following error: > > -- > unmount error 16 = Device or resource busy > Refer to the umount.cifs(8) manual page (man 8 umount.cifs) > unmount error 16 = Device or resource busy > Refer to the umount.cifs(8) manual page (man 8 umount.cifs) > -- > > Any ideas? Seems to be an error of the NetApp Fileserver acting not RFC > conform. > > Is this the right list to discuss or should I post on linux-cifs-client > list? > (cc'ing linux-cifs mailing list) Probably because the ls is hung and is holding references to the mount... I've successfully tested against netapp's CIFS implementation in the past, but there are significant bugs in it. The errors you're seeing look like an alignment problem of some sort -- i.e. the server is sending packets that have incorrect length fields in them. This isn't the first such problem I've seen with OnTap. You're welcome to open a bug at bugzilla.samba.org, cc me, and I'll take a look when I have time. Gathering wire captures during one of these events and attaching them to the bug would help to track down the problem. It's likely to be Netapp's bug however... -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs and Umlaut in share name
On Tue, 23 Nov 2010 08:39:56 -0500 Jeff Layton wrote: > On Tue, 23 Nov 2010 10:33:31 +0100 > Andreas Heinlein wrote: > > > Hello, > > > > I need to mount a CIFS share (in the end via fstab, for now manually > > from terminal) which has both a space and a german umlaut in its name. I > > cannot get mount.cifs to mount it, it always complains it cannot find it. > > > > I managed to get around the space problem in fstab with the \040 trick, > > but I cannot find a way to correctly encode the umlaut. When looking at > > the output of "mount.cifs --verbose '//server/Täst Freigabe' /mnt", it > > looks like it is accessing the correct share, but it does not work. > > > > I also got a hint here > > (https://bugs.launchpad.net/ubuntu/+source/gnome-vfs/+bug/414865) to > > pipe the share name through iconv, but "mount.cifs $(echo //server/Täst > > Freigabe | iconv -t850) /mnt" also does not work. > > > > What can I do? Changing the share name is currently not an option, there > > are just too many users with links/bookmarks to it. > > > > Thanks, > > Andreas > > Seems like something we ought to be able to fix. Could you open a bug > at bugzilla.samba.org, cc me on it, and then post the output of > "mount.cifs --verbose '//server/Täst Freigabe' /mnt" to it? > > Thanks, Following up here in case others see this problem... Andreas opened bug 7822: https://bugzilla.samba.org/show_bug.cgi?id=7822 The problem seems to be related to the default NLS codepage setting in Ubuntu's kernel. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs and Umlaut in share name
On Tue, 23 Nov 2010 10:33:31 +0100 Andreas Heinlein wrote: > Hello, > > I need to mount a CIFS share (in the end via fstab, for now manually > from terminal) which has both a space and a german umlaut in its name. I > cannot get mount.cifs to mount it, it always complains it cannot find it. > > I managed to get around the space problem in fstab with the \040 trick, > but I cannot find a way to correctly encode the umlaut. When looking at > the output of "mount.cifs --verbose '//server/Täst Freigabe' /mnt", it > looks like it is accessing the correct share, but it does not work. > > I also got a hint here > (https://bugs.launchpad.net/ubuntu/+source/gnome-vfs/+bug/414865) to > pipe the share name through iconv, but "mount.cifs $(echo //server/Täst > Freigabe | iconv -t850) /mnt" also does not work. > > What can I do? Changing the share name is currently not an option, there > are just too many users with links/bookmarks to it. > > Thanks, > Andreas Seems like something we ought to be able to fix. Could you open a bug at bugzilla.samba.org, cc me on it, and then post the output of "mount.cifs --verbose '//server/Täst Freigabe' /mnt" to it? Thanks, -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.7 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The last cifs-utils release (4.6) was on July 30th, so it's probably a good time to go ahead and release a new one with kernel 2.6.36 shipping soon. Major highlights: - - new cifscreds program has been added. This will eventually allow for stashing of username/password in the kernel's keyring for use by cifs. Kernel code for this is not in place yet, and the program is not yet built by default. Configuring with --enable-cifscreds=yes will enable it. - - timeouts for things like mtab locking now use monotonic time and should no longer have problems if the clock jumps ...plus the usual assortment of minor bugfixes and manpage updates. webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed changelog: commit 6739b667677b28740b87ede94e53dfc500718acb Author: Jeff Layton Date: Tue Oct 19 14:59:49 2010 -0400 autoconf: bump release to 4.7 Signed-off-by: Jeff Layton commit 202f4b43209da32afc7ce5445a8f561c354c8f82 Author: Jeff Layton Date: Fri Oct 8 15:11:58 2010 -0400 manpage: add mount.cifs manpage entry for "multiuser" option Signed-off-by: Jeff Layton commit d90691a283d0f2ed928476fc96970b1ef2a28662 Author: Jeff Layton Date: Fri Oct 8 15:11:57 2010 -0400 mount.cifs: reinstate ip= as an override for address resolution The manpage says: ip=arg sets the destination IP address. This option is set automatically if the server name portion of the requested UNC name can be resolved so rarely needs to be specified by the user. ...but recent changes have made it not work anymore as an override if someone specifies an ip= option as part of the mount options. Reinstate that behavior by copying the ip= option verbatim into the addrlist of the parsed options struct and then skipping the name resolution. That should allow the ip= option to pass unadulterated to the kernel. Signed-off-by: Jeff Layton commit f2daa2a08bf8706f90e1154272c5bfe6279895cd Author: Björn Jacke Date: Tue Aug 24 13:30:05 2010 -0400 mount.cifs: use monotonic time for timeouts this is especially important during the boot process, where the clock is often being set initially and clock jumps are more common. commit 79774488814b0f5267644628e31c07c7ac380a65 Author: Björn Jacke Date: Tue Aug 24 13:29:59 2010 -0400 autoconf: add checks for clock_gettime commit 909c1bac5eb3b1fc677ef0d4de011cb68e999d15 Author: Igor Druzhinin Date: Fri Aug 20 14:53:38 2010 -0400 cifs-utils: infrastructure for stashing passwords in keyring It is a userspace part of a new infrastructure for stashing passwords in kernel keyring per user basis. The patch adds the "cifscreds" utility for management keys with credentials. Assembling of the utility from the distribution is possible with --enable-cifscreds=yes option of configure script. Signed-off-by: Igor Druzhinin commit c546d8d786f70204968fbc78d276bc2c8d2eb670 Author: Igor Druzhinin Date: Fri Aug 20 14:53:05 2010 -0400 cifs-utils: moving resolve_host into separate file The resolve_host routine from mount.cifs is carried out in separate file and appropriate corrections are made. Signed-off-by: Igor Druzhinin commit 2b2ce5830fec4317e0c264115cf93e64344b1417 Author: Suresh Jayaraman Date: Wed Aug 4 07:55:54 2010 -0400 mount.cifs: remove redundant error assignment Avoid setting error code twice by moving error handling out of add_mtab_exit block. We already set error code and report error in other places. Signed-off-by: Suresh Jayaraman commit 796c714569f5a2d1563f284d94333f2971217417 Author: Jeff Layton Date: Wed Aug 4 06:35:24 2010 -0400 autoconf: bump version number to 4.6.1 for non-release builds Signed-off-by: Jeff Layton - -- Jeff Layton -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAky98dYACgkQyP0gxQMdzIDiFQCfclgv5NgozZUEYsdKHFSTUNZI wm0AoKsqHk1FT1Wzz32KqSxr3Psr9ZEq =Q3yq -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] question about CIFS client glitches
On Fri, 17 Sep 2010 19:38:21 -0400 starli...@binnacle.cx wrote: > At 05:50 PM 9/16/2010 -0500, Steve French wrote: > >On Thu, Sep 16, 2010 at 4:39 PM, wrote: > >> Trying out a CIFS mount of a W2K8 x64 file system from CentOS > >> 5.5 and running into problems, and trying to figure out how to > >> proceed. > ... > > > >This is quite old kernel, but perhaps it was updated to include more > >recent fixes - can you view the version information on the file, ie > >the cifs.ko module (you can do this by running modinfo on cifs.ko) > > > Tried the RHEL6 beta 2 and it behaves the same as RHEL 5.5. > 'modinfo' output for both attached. 'cifs.ko' versions are > 1.60RH and 1.63. > > In both versions it seems like hard-links work and symbolic > links fail with > >ln: creating symbolic link `': Operation not supported > That's expected. The core cifs protocol as implemented in windows doesn't support symlinks. You need unix extensions for that, or you may want to play with the "mfsymlinks" patches that Metze proposed recently. > And it appears that a 'pax -r' extraction followed by 'rm' for > selected files has some difficulty with CIFS 1.6x rendered > hard link in the mix. > > I'm probably giving up on the idea for now, but thanks > for your help. What sort of difficulty is it having? -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] question about CIFS client glitches
On Thu, 16 Sep 2010 20:00:14 -0400 starli...@binnacle.cx wrote: > At 05:50 PM 9/16/2010 -0500, Steve French wrote: > >On Thu, Sep 16, 2010 at 4:39 PM, wrote: > >> Trying out a CIFS mount of a W2K8 x64 file system from CentOS > >> 5.5 and running into problems, and trying to figure out how to > >> proceed. > ... > > > >This is quite old kernel, but perhaps it was updated to include more > >recent fixes - can you view the version information on the file, ie > >the cifs.ko module (you can do this by running modinfo on > >cifs.ko) > > > > Thank you for the follow-up. Per my last message this was my > being a clueless in regards to the lack of hard/soft link > support in the old version. 'modinfo' pegs it as 1.60RH. > > Hopefully RHEL6 will include CIFS file links as it might work > better to compile on Linux from a Windows share rather than > vice-versa. 'makedepend' runs painfully slow from Windows over > a Samba share unless IPoIB is used for transport. > > Perhaps I'll try it under Fedora, though in general I find > wrestling with the constant change of the moving-target distro > too much. > > It is quite encouraging to see CIFS work in general. Last time > I tried three or four years ago the system crashed shortly after > issuing the mount command. > RHEL6 is fairly current with mainline code (at least as of this past spring or so). If it works OK on Fedora, it should be OK in RHEL6. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] question about CIFS client glitches
On Thu, 16 Sep 2010 18:49:49 -0400 starli...@binnacle.cx wrote: > At 05:39 PM 9/16/2010 -0400, starli...@binnacle.cx wrote: > >Trying out a CIFS mount of a W2K8 x64 file system from CentOS > >5.5 and running into problems, and trying to figure out how to > >proceed. > > Oops. I see the problem is that CIFS, at least in the older > stable versions, does not support hard links. The extracted > archives have a few of these and so the resulting tree is not a > synchronized copy of the original. > > Oh well, so much for that. > Ok, good to know. There were patches that went to mainline to make CIFS support server inode numbers correctly, which is sort of a requirement for proper hardlink support. Those were really too invasive for a minor RHEL release however. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.6 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It has been a while since I've cut a new release for cifs-utils. This one has more visible changes than were in the last few releases. Major highlights: - - documentation additions for the fsc option - - mount.cifs deals with _netdev, mand and nomand options correctly now - - a change in how mount.cifs handles the MS_MANDLOCK flag. It used to set it by default and you had to specify "nolock" or "nobrl" to turn it off. Now, it's off by default and you need to specify the "mand" option to turn it on. This is more in line with how other filesystems deal with mandatory locking. In practice, we hardly ever want the kernel to enforce mandatory locking -- the server deals with that. - - cifs.upcall will now preferentially use the creduid= upcall option rather than uid=. This makes mounting with krb5 work more as expected. The credcache is now always expected to be owned by the real uid of the mount process, rather than the value in the uid= option. A command-line option is provided for those who need legacy behavior. webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed changelog: commit 0540777249f7673499c6d53b59b56815b0df2935 Author: Jeff Layton Date: Fri Jul 30 08:17:01 2010 -0400 autoconf: bump version to 4.6 Signed-off-by: Jeff Layton commit cbf27473d6e8e45fb9525aea61f6391d7cdc93e8 Author: Jeff Layton Date: Tue Jul 27 15:24:04 2010 -0400 data_blob: change for loop indices to a unsigned int To silence these warnings: data_blob.c: In function ‘data_blob_hex_string_lower’: data_blob.c:155:16: warning: comparison between signed and unsigned integer expressions data_blob.c: In function ‘data_blob_hex_string_upper’: data_blob.c:172:16: warning: comparison between signed and unsigned integer expressions Signed-off-by: Jeff Layton commit 986923d1317faf82253996079ddab5d43ae44d29 Author: Jeff Layton Date: Tue Jul 27 15:20:44 2010 -0400 cifs.upcall: swap c99 initializers for memset calls gcc says: cifs.upcall.c: In function ‘cifs_krb5_get_req’: cifs.upcall.c:261:2: warning: missing initializer cifs.upcall.c:261:2: warning: (near initialization for ‘in_creds.client’) cifs.upcall.c: In function ‘main’: cifs.upcall.c:622:9: warning: missing initializer cifs.upcall.c:622:9: warning: (near initialization for ‘arg.ver’) ...this is probably just gcc being balky, but we can silence the warning. It may also be a micro optimization in an error condition if we delay zeroing out the struct until it's needed. Signed-off-by: Jeff Layton commit fb5d150aec004111a838a015bdc1309a6e539925 Author: Jeff Layton Date: Tue Jul 27 15:09:27 2010 -0400 mtab: add __attribute__((unused)) to unused variables ...to silence -Wextra warnings. Signed-off-by: Jeff Layton commit 62369ecb38316bb285c5cc2f5af25aaa11cea15c Author: Jeff Layton Date: Tue Jul 27 15:09:23 2010 -0400 automake: add -Wextra to CFLAGS ...for extra warning goodness. Signed-off-by: Jeff Layton commit 20a845ba996f709a87dd879d55e1b662dd316144 Author: Suresh Jayaraman Date: Tue Jul 27 13:35:59 2010 -0400 mount.cifs: document the 'fsc' mount option Changes since last post: - added the information about the kernel CONFIG option - also added the information that caching is currently enabled for files opened as read-only Document the newly added local caching feature using FS-Cache. This patch could be queued and considered once the local caching patches gets merged upstream. Signed-off-by: Suresh Jayaraman commit 434a5945e607084a6f8f6ea1ed41ca4559eb0df8 Author: Suresh Jayaraman Date: Tue Jul 27 12:52:44 2010 -0400 mount.cifs: clarify 'fsc' mount option Changes since last post: - added the information about the kernel CONFIG option - also added the information that caching is currently enabled for files opened as read-only Document the newly added local caching feature using FS-Cache. This patch could be queued and considered once the local caching patches gets merged upstream. Signed-off-by: Suresh Jayaraman commit cdbb6556d8394618bdb81cf2c0eaaebd58e9f1cd Author: Jeff Layton Date: Tue Jul 27 12:33:33 2010 -0400 autoconf: bump version to 4.5.2 Signed-off-by: Jeff Layton commit 87a8a4491cc27bc8e99b4de85c3e0a2abbd4 Author: Suresh Jayaraman Date: Tue Jul 27 11:11:43 2010 -0400 mount.cifs: add 'fsc' mount option to the usage help text Add 'fsc' mount option to the 'Less commonly used options'
Re: [Samba] Encryption
On Fri, 25 Jun 2010 12:20:41 -0700 Jeremy Allison wrote: > On Fri, Jun 25, 2010 at 06:54:08PM +, Dan Lenski wrote: > > On Sun, 18 Apr 2010 10:29:38 -0400, simo wrote: > > > > > On Sun, 2010-04-18 at 10:05 -0400, Nico Kadel-Garcia wrote: > > >> > > >> Reviewing the docs, this tool requires Samba 3.2 or later on both the > > >> client and server sides. I'm therefore assuming that it's not > > >> compatible with a contemporary Windows fileserver: can you confirm > > >> this? Does anyone know if NetApp supports such encryption? > > > > > > It is an extension created by the Samba Team as part of unix extensions, > > > and at the moment the only client that implements it is smbclient. Not > > > even the in kernel cifs driver implements it. And we have no knowledge > > > of any other implementer adopting it yet. > > > > Does anyone know a time-frame for inclusion of transport encryption in > > the kernel CIFS driver? I'm really looking forward to this feature! > > Steve, Jeff ping ? :-) > Sadly, there are enough bugs in this area that it may be a bit before we get around to adding new features. I know Shirish was poking around in here a while back, but I think he's working on other stuff now. I think before we can reasonably add that we really need to move all of the cifs crypto to use the kernel's standard crypto libs rather than the homegrown routines they use now. There are some definite problems wrt to unicode in there (not directly related to crypto, but it needs fixing). NTLMSSP auth is also busted which is a rather important item. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.5 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The rate of incoming patches has been pretty low lately, so it's probably a good time to do a new stable release and get what's queued up into people's hands... This release consists of a couple of bugfixes and some (hopefully) non-user-visible cleanups to the mount.cifs code. webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed changelog: commit a90771d63e85b514bc5d2101eb8a52587eca1195 Author: Jeff Layton Date: Fri May 21 16:04:14 2010 -0400 cifs-utils: bump version number to 4.5 Signed-off-by: Jeff Layton commit 3439ca0527f103ad79e840092d06a461a36e9d72 Author: Scott Lovenberg Date: Fri May 14 19:34:26 2010 -0400 mount.cifs: cosmetic alignment patch Align CRED_ macro values to keep style consistent with last patch. Signed-off-by: Scott Lovenberg commit 268079992cf85bfb9954b6fd4abb3eebf911a9d3 Author: Scott Lovenberg Date: Fri May 14 19:32:05 2010 -0400 mount.cifs: clean up option parsing Moved option string parsing to function parse_opt_token(char*). Main loop in parse_options(const char*, struct parsed_mount_info*) transplanted to a switch block. The parsing function folds common options to a single macro: 1.) 'unc','target', and 'path' -> 'OPT_UNC' 2.) 'dom*' and 'workg*' -> 'OPT_DOM' 3.) 'nobrl' and 'nolock' -> 'OPT_NO_LOCK' Kept 'fmask' and 'dmask' (OPT_FMASK, OPT_DMASK), which fall through to 'file_mode' and 'dir_mode' in the main loop. Signed-off-by: Scott Lovenberg commit 2fcf89a2077d3ddf203b73d72985aa68c6402693 Author: Steve French Date: Fri May 14 15:30:07 2010 -0400 mount.cifs: unitialized variable in cred parsing error path Signed-off-by: Steve French Signed-off-by: Jeff Layton commit 3f794556e3ec633dc6250ce12f76d6ba79c192a9 Author: Steve French Date: Tue May 11 09:32:34 2010 -0400 mount.cifs: turn into a multicall binary for smb2 mount.smb2 has different help (many fewer mount options) and different fsname, but otherwise can reuse all of the good work Jeff did on mount.cifs. This patch allow mount.cifs to detect if run as mount.smb2 (to display different help and fsname). Signed-off-by: Steve French commit 400ebcb3bea6f21678b9e656d930a14bbd71fe7a Author: Scott Lovenberg Date: Tue May 11 09:32:34 2010 -0400 mount.cifs: removed magic number for max username in parse_options Replaced max username in parse_options with the sum of its potential parts for "domain/user%password" formatted values. Note that forward slashes still expand to a double back slash in the parse_username function, though. Signed-off-by: Scott Lovenberg commit e5d3ceb9958437ef50510a578b0274615a37bcf7 Author: Jeff Layton Date: Sun May 2 06:32:34 2010 -0400 mount.cifs: strip leading delimiter off of prefixpath option ...the kernel doesn't expect to see it and it causes a regression when mounting some UNCs. Reported-by: Ales Zelinka Signed-off-by: Jeff Layton commit 373146ceda319fb7585439d74f216b8a94b9525b Author: Jeff Layton Date: Sun May 2 06:32:30 2010 -0400 cifs-utils: bump version number to 4.4.1 for interim builds Signed-off-by: Jeff Layton - -- Jeff Layton -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAkv26UUACgkQyP0gxQMdzIA5awCfb0nFV4qb5sOtx3KvO6xrgIFZ SOwAoJZsCPmyTTQU/LleFWtqAvUCOf/n =YZyG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbclient -k works; mount -t cifs does not
On Mon, 03 May 2010 23:25:13 -0400 Mike Leone wrote: > I am confused (nothing new there ...). I have 2 Ubuntu 9.10 Samba > servers. I am trying to mount a share from the other (i.e., "workhorse" > is trying to mount a share on "dual-booter"). If I specify a smbmount > command with a -k option, I can mount the share: > > tur...@workhorse:~$ klist > Ticket cache: FILE:/tmp/krb5cc_1000 > Default principal: tur...@dacrib.local > > Valid starting ExpiresService principal > 05/03/10 18:55:31 05/04/10 04:55:31 krbtgt/dacrib.lo...@dacrib.local > renew until 05/09/10 22:56:03 > 05/03/10 23:07:07 05/04/10 04:55:31 > cifs/dual-booter.dacrib.lo...@dacrib.local > renew until 05/09/10 22:56:03 > > > tur...@workhorse:~$ smbclient //dual-booter/TestShare /mnt -k > Domain=[DACRIB] OS=[Unix] Server=[Samba 3.4.0] > smb: \> ls > . D0 Sat May 1 19:27:48 2010 > .. D0 Mon May 3 19:58:00 2010 > TestFile0 Sat May 1 19:27:48 2010 > > 37555 blocks of size 524288. 22379 blocks available > > However, I can't seem to mount it using mount -t cifs: > > $ sudo mount -t cifs //dual-booter/TestShare /mnt -o username=DACRIB+turgon > [sudo] password for turgon: > Password: > mount error(13): Permission denied > Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) > > What I'd like to do is to set this in /etc/fstab. But there seems to be > no way to use Kerberos to authenticate the mounting, and it's only > Kerberos (and smbmount) that seems to work. And using the "-o sec=krb5" > options on mount doesn't seem to work, either. > > $ sudo mount -t cifs //dual-booter/TestShare /mnt -o sec=krb5 > mount error(2): No such file or directory > Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) > Try using the FQDN of the server in the UNC. For instance: //dual-booter.dacrib.local/TestShare > Anyone? I really don't want to have to make a script that uses smbmount > -k, running on login, rather than in /etc/fstab. > > Thanks -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot mount Windows 7 share with CIFS Error 112 Host is down
On Fri, 30 Apr 2010 15:33:23 + (UTC) iancs...@comcast.net wrote: > Hi. I just got a new Windows 7 Home Edition computer and am unable to mount > its shares on my Linux system. > I'm running Fedora 11, samba 3.4.7 > I have no trouble mounting shares from XP systems on the network using the > mount command below. > I can access the Windows 7 share with no problems using smbclient on Linux. > The Windows 7 share is accessible from the XP systems. > Here is the mount command: > > mount.cifs //pirin/c /mnt -o > user=yanko,uid=500,gid=100,file_mode=0666,dir_mode=0777,noperm,iocharset=utf8,directio,ip=192.168.1.12 > > Password: > mount error(112): Host is down > Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) > > The dmesg log has: > > CIFS VFS: No response for cmd 114 mid 1 > CIFS VFS: cifs_mount failed w/return code = -112 > Your client sent an SMB_COM_NEGOTIATE request and the server never responded. > I have not found any errors logged in Windows 7 but perhaps I don't know > where to look. > I can access the Windows 7 share with no problems using smbclient on Linux. > Any ideas will be very much appreciated. Probably a client kernel bug. Might want to post some info about what you're using. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.4 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This release is primarily bugfixes in mount.cifs: - - acquire capabilities before a couple of operations - - fix a segfault that could occur when parsing the address list - - autoconf/automake problem that could cause compilation to fail - - cleanup/overhaul of credential file parsing and help ensure that passwords aren't left in memory webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed changelog: commit b046d4196855294d57bf57a5b31fbfab41125d4b Author: Jeff Layton Date: Wed Apr 28 07:13:17 2010 -0400 mount.cifs: fix parsing of password in parse_username Signed-off-by: Jeff Layton commit 6c917ebf360b3dbbc4c7ad9af3e106170528aa3c Author: Scott Lovenberg Date: Sun Apr 25 09:35:13 2010 -0400 mount.cifs: continued cleanup of open_cred_file and zero out buffer The parsing for values has been moved to its own function and is a bit cleaner. Temporary buffers are zeroed out before being freed to ensure passwords/credentials aren't left in released memory. Signed-off-by: Scott Lovenberg Signed-off-by: Jeff Layton commit 605412558bc4b368ee656e75f80bc41d3966e1e5 Author: Scott Lovenberg Date: Fri Apr 23 06:50:34 2010 -0400 mount.cifs: clean up credential file parsing Remove magic numbers, redundant code and extra variables from open_cred_file(). Remove check for domain length since strlcpy is safe from buffer overflows. Signed-off-by: Scott Lovenberg commit 72dd35b2ed2fd17e8ce2b03607c9ac942d96ff5d Author: Jeff Layton Date: Sat Apr 17 06:21:02 2010 -0400 mount.cifs: remove unneeded newline in verbose output Signed-off-by: Jeff Layton commit 1876123958c3afd44becce0427755257ddf87db9 Author: Jeff Layton Date: Wed Apr 14 14:11:37 2010 -0400 mount.cifs: check for NULL pointer before calling strchr() mount.cifs calls strchr on currentaddress, which may be a NULL pointer. Signed-off-by: Jeff Layton commit 9eb040343a5917c08c80d43ef3123d796f88bf6e Author: Jeff Layton Date: Tue Apr 13 10:18:13 2010 -0400 automake: don't use @foo@ constructs in Makefile.am ...use $(foo) instead. That doesn't rely on an explicit AC_SUBST(). Reported-by: Lars Müller Signed-off-by: Jeff Layton commit 310ae910b548e232cc86b34896bd7010c3b1cad2 Author: Jeff Layton Date: Mon Apr 12 06:55:24 2010 -0400 cifs: enable CAP_DAC_READ_SEARCH before chdir() and realpath() calls It's possible that root won't have privileges to chdir or evaluate the paths without that capability. Signed-off-by: Jeff Layton - -- Jeff Layton -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAkvYHpoACgkQyP0gxQMdzICiRgCfcQrHQ0k3DToY/EUvYn11FOGn ogAAnA31wMKshao9ttY7AMAlbwf8BgW6 =LzEl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to stop mount.cifs remembering password
On Thu, 1 Apr 2010 09:44:04 +0200 "Andy Gibbs" wrote: > Dear all, > > I'm fairly new to Samba and CIFS and, for that matter, Linux in general. > I'm having a problem with "mount.cifs" as provided with Debian 5. I'm > afraid I cannot say what version of mount.cifs I have since doing > "mount.cifs -V" does not (contrary to the message it shows when I do this) > actually show the version, but rather how to use the program. > > The problem I have is that having successfully logged into a Windows shared > folder, I can subsequently log in *without* the correct password. > > So... > > mount.cifs \\192.168.1.0\folder /mnt -o user=joebloggs,pass=correct > umount /mnt > mount.cifs \\192.168.1.0\folder /mnt -o user=joebloggs,pass=incorrect > > At this point it has remounted and given me full access, even though I've > got my password wrong the second time (and each subsequent time). I can > even do "-o user=user,guest". If I change user, then I must get the > password right at least once, but then once I have got it right, I then no > longer need to get it right. The problem is that anyone using the computer > after someone has accessed the Windows share, can also then access it > without knowing the password. > > As far as I can see, and I'm no expert, this is not a Windows problem since > in Windows, connecting to the folder requires the correct password every > time. > > Is there any way I can force mount.cifs to forget the correct password so > that it requires it to be correct each time? > > I'm sorry if I have not provided the correct information: I will happily do > so if told what to provide! I have tried the Samba website and Google for > answers, but haven't found the right search phrase. If I've missed > something, I'll happily just receive a link to the right page. > > Thanks for any help! > > Andy > The Linux cifs client aggressively shares connections to the server, and isn't very careful about making sure that the mount options for new mounts are considered when matching existing connections to the server. This is a kernel bug, but not one that's trivial to fix. It's also another good reason why it's not prudent to allow unprivileged users to mount shares not listed in /etc/fstab. You'll probably get more response from these sorts of questions on the linux-cifs-cli...@samba.org mailing list. Fixing this will likely mean significant design changes in how CIFS deals with connections to the server. Cheers, -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.3 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This release is primarily to fix a few bugs that were introduced with the mount.cifs overhaul in the last release. Most of the problems were issues with the handling of capabilities that prevented credential files from being accessed when mount.cifs was run by root. There are a few other changes: - - credential files accept parameter names consistent with mount options - - some problems with linking are fixed - - libcap-ng is used if it's available -- in the future, I may remove the older libcap code as it's far more difficult to work with. Distros should consider making their cifs-utils packages depend on libcap-ng and building against that. - - the capability bounding set is zeroed out for greater security - - CAP_DAC_OVERRIDE is only enabled when updating the mtab webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed changelog: commit e4593787a6488573fbec99e5ee604a2e25bc1e5c Author: Jeff Layton Date: Fri Apr 9 09:08:08 2010 -0400 cifs-utils: bump version number to 4.3 Signed-off-by: Jeff Layton commit 8d08f2b352e3521674465c21bbbd2a2a991781bd Author: Jeff Layton Date: Fri Apr 9 08:47:11 2010 -0400 autoconf: remove explicit check for prctl ...it's already checked in AC_LIBCAP Signed-off-by: Jeff Layton commit c3fb3cb1376065734f1b238843d9614d1b9631f0 Author: Jeff Layton Date: Tue Apr 6 15:45:00 2010 -0400 autotools: add --with-libcap autoconf option ...it's rather confusing since we can compile against libcap or libcap-ng but this is helpful for testing. Signed-off-by: Jeff Layton commit cad70a330c0f8db02af112d42be0b645b0ceaba2 Author: Jeff Layton Date: Tue Apr 6 15:22:05 2010 -0400 mount.cifs: fix capability issues when libcap isn't present ...some #defines are missing in that case. This fixes the build for all possible libcap/libcap-ng availability scenarios. Signed-off-by: Jeff Layton commit aeba78abbe4f25ae77328e4ca6a67360dd4ea344 Author: Scott Lovenberg Date: Tue Apr 6 14:52:07 2010 -0400 mount.cifs: make credentials file parameters consistent with mount options This patch makes the mount.cifs credentials file parameters consistent with the command line parameters to remove ambiguity between the command line parameter format and the credentials file format. That is, it parses for both short and long form of the 'username', 'password', and 'domain' parameters. This patch is against the current cifs-utils-4.2. I'm also thinking of adding a second patch that allows for parsing a "domain/user", "domain%user" and "domain/user%password" formats as allowed from the command line. Signed-off-by: Scott Lovenberg commit 2a78385bbf879c16c538b0c78ff4e939724fafd4 Author: Jeff Layton Date: Mon Apr 5 11:23:37 2010 -0400 mount.cifs: restrict capabilities further Only the parent process will ever need CAP_DAC_OVERRIDE. The child can get by with CAP_DAC_READ_SEARCH. Signed-off-by: Jeff Layton commit da77c1b3ae934e29025d05b50eebecdbf569bfa4 Author: Jeff Layton Date: Mon Apr 5 11:23:32 2010 -0400 mount.cifs: properly prune the capabilities bounding set ...libcap-ng does this in a much easier fashion. If that's not available, then we have to do it manually. Signed-off-by: Jeff Layton commit 4b52d2fdea00107f3c23388891467bbb7f2711eb Author: Jeff Layton Date: Sun Apr 4 10:09:38 2010 -0400 mount.cifs: use libcap-ng to manage capabilities ...in preference to libcap if it's available. Signed-off-by: Jeff Layton commit 0c287aa5ce5def56d901716e58943f3e9825e3a3 Author: Jeff Layton Date: Sun Apr 4 09:51:31 2010 -0400 autotools: don't link mount.cifs against krb5 library mount.cifs is being linked against the krb5 library. Fix it so that that doesn't happen. Signed-off-by: Jeff Layton commit 16c29a1920e48e7480595edd0ae96094d6e220c8 Author: Jeff Layton Date: Sat Apr 3 07:12:06 2010 -0400 mount.cifs: fix toggle_cap_dac_override ...it clears the capability set completely, which it shouldn't do. It also doesn't call cap_set_proc to make the new capability set active. Signed-off-by: Jeff Layton commit 55c00c67ced28102209e640fd50bcab9d0332a7f Author: Jeff Layton Date: Sat Apr 3 06:49:43 2010 -0400 mount.cifs: only enable CAP_DAC_OVERRIDE when needed When dropping capabilities, drop CAP_DAC_OVERRIDE from the effective set but not the permitted. When we need to open credential or password files, make it effective again and dr
Re: [Samba] how to mount shares as a user without mount.cifs setuid
On Thu, 08 Apr 2010 00:37:30 -0400 Gary Dale wrote: > Jeff Layton wrote: > > On Wed, 07 Apr 2010 16:44:47 -0400 > > Gary Dale wrote: > > > > > >> I'm running Debian/Squeeze on an AMD64 system. For some reason they have > >> recently stopped shipping mount.cifs with the setuid bit set. > >> > > > > That would be because it was horribly unsecure. > > > > > >> Now it > >> appears that they have changed the internal settings to prevent it from > >> running setuid. This means that I can't define the share in fstab with > >> "user" and connect from my Linux user account. Mounting smb/cifs shares > >> seems to be blocked except for root. > >> > >> > > > > Yes, we added a patch a while back to make it such that mount.cifs > > would not allow itself to run as a setuid root program unless it that > > check was compiled out. > > > > This was done due to a rather constant stream of "security issues" that > > were brought about when people installed mount.cifs setuid root. Since > > it had never been vetted for security, we really had no other choice to > > communicate that installing it setuid root was unsafe. > > > > > >> Presumably this has been done for security reasons. However, I can't > >> currently do much with my network shares unless I'm root because the > >> shares and all the files are owned by root:root. This is despite the > >> fstab setting username= and I get prompted for > >> the password. That only seems to be used for connecting to the share, > >> not for the permissions. > >> > >> My Debian box hasn't joined a domain - I'm just using local accounts. I > >> mainly have the domain for some Windows boxes used by my family. > >> > >> How do I mount an smb/cifs share as a normal user without running > >> mount.cifs? Or if I have to mount the share as root, how can I get > >> reasonable access to the shares? > >> > >> > > > > You need to set the uid=/gid= options when mounting. When it's run by a > > non-root user, /bin/mount adds these options automatically. > > > Except that when I run mount as a non-root user, I get the error about > mount.cifs not being setuid. This is generated from the user option in > fstab. If I remove the user option, I am told that only root can mount > the share. Thus my problem that normal users cannot mount smbfs/cifs > shares. This appears to be reserved now only for root. > Sorry, I should have been more clear. The uid=/gid= options will just fix the ownership issues if you do the mount as root. It won't allow the mount to be performed by a non-privileged user. > > It's also worthwhile to note that I've recently re-enabled the ability > > to run mount.cifs as a setuid root program in the latest cifs-utils > > release: > > > > http://linux-cifs.samba.org/cifs-utils/ > > > > ...you may want to switch to using that instead if you need the ability > > to use mount.cifs in this way. > > > I would except that Debian/Squeeze has its own repositories that I'd > prefer to stick with. Hopefully they'll catch up shortly. > > While the ability to run mount.cifs setuid again is appreciated, how > does that fit in with the "horribly unsecure" reasoning that led to it > being removed? The code has been substantially reworked and should be far safer than it was previously. It does privilege separation now such that the bulk of the mount process is performed as an unprivileged user, and if linked against the right libs, with capabilities pruned to the minimum. At this point, I'd say it's safe enough that we no longer need to restrict it from being installed setuid root. As always, you should weigh carefully whether to do so in your own environment and packages. FWIW, I have no plans to make the Fedora cifs-utils package install mount.cifs setuid root. Part of the reason for that is that no one has requested it. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to mount shares as a user without mount.cifs setuid
On Thu, 8 Apr 2010 00:45:20 -0400 Chris Smith wrote: > On Wed, Apr 7, 2010 at 9:39 PM, Jeff Layton wrote: > > Yes, we added a patch a while back to make it such that mount.cifs > > would not allow itself to run as a setuid root program unless it that > > check was compiled out. > > > > This was done due to a rather constant stream of "security issues" that > > were brought about when people installed mount.cifs setuid root. Since > > it had never been vetted for security, we really had no other choice to > > communicate that installing it setuid root was unsafe. > > Not the place for it so the inquiry is only rhetorical. > How can you equate adding a patch preventing a sysadmin from using an > app as designed to communicating? Communication is one thing, > handcuffs are another. > Our hand was forced. After repeatedly telling people who were installing it setuid root "don't do that", we continued to get CVE's reported from people who continued to use it that way and expected us to treat the problem as a security issue. Our fix was somewhat heavy-handed, but we absolutely had to make it clear that it wasn't safe to install mount.cifs in that fashion. The patch to remove that check was trivial (simply change one #define in the code), but required the person building the program to consciously override our warnings. The Debian package maintainer wisely chose not to do so. In any case, the point is somewhat moot now. The current mount.cifs that ships in cifs-utils no longer prevents installation as a setuid root program. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to mount shares as a user without mount.cifs setuid
On Wed, 07 Apr 2010 16:44:47 -0400 Gary Dale wrote: > I'm running Debian/Squeeze on an AMD64 system. For some reason they have > recently stopped shipping mount.cifs with the setuid bit set. That would be because it was horribly unsecure. > Now it > appears that they have changed the internal settings to prevent it from > running setuid. This means that I can't define the share in fstab with > "user" and connect from my Linux user account. Mounting smb/cifs shares > seems to be blocked except for root. > Yes, we added a patch a while back to make it such that mount.cifs would not allow itself to run as a setuid root program unless it that check was compiled out. This was done due to a rather constant stream of "security issues" that were brought about when people installed mount.cifs setuid root. Since it had never been vetted for security, we really had no other choice to communicate that installing it setuid root was unsafe. > Presumably this has been done for security reasons. However, I can't > currently do much with my network shares unless I'm root because the > shares and all the files are owned by root:root. This is despite the > fstab setting username= and I get prompted for > the password. That only seems to be used for connecting to the share, > not for the permissions. > > My Debian box hasn't joined a domain - I'm just using local accounts. I > mainly have the domain for some Windows boxes used by my family. > > How do I mount an smb/cifs share as a normal user without running > mount.cifs? Or if I have to mount the share as root, how can I get > reasonable access to the shares? > You need to set the uid=/gid= options when mounting. When it's run by a non-root user, /bin/mount adds these options automatically. It's also worthwhile to note that I've recently re-enabled the ability to run mount.cifs as a setuid root program in the latest cifs-utils release: http://linux-cifs.samba.org/cifs-utils/ ...you may want to switch to using that instead if you need the ability to use mount.cifs in this way. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS VFS: Send error in read
On Tue, 6 Apr 2010 19:28:32 +0530 Kaushal Shriyan wrote: > Hi, > > I get while installing windows XP on a I ball Laptop using unattended > (http://unattended.sourceforge.net/) > > *** Trying mount.cifs \\ntinstall\install /z -o username=guest,ro,nocase > CIFS VFS: No response to cmd 46 mid 13 No response to a SMB_COM_READ_ANDX request. > CIFS VFS: Send error in read = -11 -11 is -EAGAIN. Usually means that sending a request timed out. > > CIFS VFS: No response to cmd 162 mid 17 > CIFS VFS: No response to cmd 162 mid 21 > CIFS VFS: No response to cmd 162 mid 25 > CIFS VFS: No response to cmd 162 mid 29 > CIFS VFS: No response to cmd 162 mid 33 > CIFS VFS: No response to cmd 162 mid 37 > CIFS VFS: No response to cmd 162 mid 41 > CIFS VFS: No response to cmd 162 mid 45 > CIFS VFS: No response to cmd 162 mid 49 > CIFS VFS: No response to cmd 162 mid 53 > CIFS VFS: No response to cmd 162 mid 57 > CIFS VFS: No response to cmd 162 mid 61 > CIFS VFS: No response to cmd 162 mid 65 > CIFS VFS: No response to cmd 162 mid 69 > No response to a SMB_COM_NT_CREATE_ANDX request (an open call). Looks like you have either a network connectivity or server problem. What kernel is this? -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.2 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This release contains a significant overhaul of mount.cifs that is intended to make it safer to install setuid root. With this release, setuid capability is no longer disabled by default. Among the changes are: - - mount.cifs now does privilege separation. It forks very early and the child drops privileges. Most of the mount option processing is handled by the child. The parent simply waits for the child to exit and proceeds with the mount and mtab update based on the child's exit status. - - mount.cifs uses libcap if it is available to prune its capability set - - mount.cifs is more careful about signal handling during mtab updates This should not however be construed as a recommendation to install mount.cifs setuid root. As always, distributions and administrators should weigh carefully whether they should install it that way in their own packages and environments. There are also a couple of patches in this release that should make cifs.upcall work with the heimdal kerberos implementation. The git tag for this release is also annotated and signed. Note that the webpage URL below has changed: webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed changelog: commit 9e2c2536f5a49ff7385ff17f0866ef1489bed671 Author: Jeff Layton Date: Fri Apr 2 06:42:20 2010 -0400 cifs-utils: bump version to 4.2 - fix URL's and email addresses - update copyright notices Signed-off-by: Jeff Layton commit d52478ee762d88aa23db476639cdcb5379dddfa4 Author: Jeff Layton Date: Thu Apr 1 22:05:47 2010 -0400 cifs.upcall: run it through Lindent ...coding style cleanup. Signed-off-by: Jeff Layton commit d946beecf6e9cc7cf6897368bed8f43b0ec61ed1 Author: Torsten Kurbad Date: Thu Apr 1 21:47:25 2010 -0400 cifs-upcall: krb5.h inclusion quick fix ...eventually it might be better to make autoconf set -I/usr/include/krb5 or whatever and get rid of the #ifdef's here. It's a little tricky to figure out the include dir however, so this will do for now. Signed-off-by: Torsten Kurbad commit f5b79b44f25cdf4ba4363c7c05892af2865ce890 Author: Torsten Kurbad Date: Thu Apr 1 21:47:18 2010 -0400 cifs-upcall: heimdal fixes Signed-off-by: Torsten Kurbad commit 20a5ec8bd8ea3edb943adb517f378938e31f1c41 Author: Jeff Layton Date: Thu Apr 1 15:29:59 2010 -0400 mount.cifs: re-enable setuid usage Now that mount.cifs is safe(r) we don't need to disable setuid capability by default. Signed-off-by: Jeff Layton commit da54228cd9e6fe144efcb2d6da87e3cbb5db5b4c Author: Jeff Layton Date: Thu Apr 1 15:28:57 2010 -0400 mount.cifs: drop capabilities if libcap is available Might as well be as safe as possible. Have child drop all capabilities, and have the parent drop all but CAP_SYS_ADMIN (needed for mounting) and CAP_DAC_OVERRIDE (needed in case mtab isn't writable by root). We might even eventually consider being clever and dropping CAP_DAC_OVERRIDE when root has access to the mtab. Signed-off-by: Jeff Layton commit 810f7e4e0f2dbcbee0294d9b371071cb08268200 Author: Jeff Layton Date: Thu Apr 1 15:28:54 2010 -0400 mount.cifs: guard against signals by unprivileged users If mount.cifs is setuid root, then the unprivileged user who runs the program can send the mount.cifs process a signal and kill it. This is not a huge problem unless we happen to be updating the mtab at the time, in which case the mtab lockfiles might not get cleaned up. To remedy this, have the privileged mount.cifs process set its real uid to the effective uid (usually, root). This prevents unprivileged users from being able to signal the process. While we're at it, also mask off signals while we're updating the mtab. This leaves a SIGKILL by root as the only way to interrupt the mtab update, but there's really nothing we can do about that. Signed-off-by: Jeff Layton commit 294215ef969ce3ecb91063fbbb8a8c075272cc8d Author: Jeff Layton Date: Thu Apr 1 15:19:17 2010 -0400 mount.cifs: introduce privilege separation Much of the mount option parsing and other activities can be done by an unprivileged process. Allocate the parsed_mount_info struct as an anonymous mmap() segment and then fork to do the actual mount option parsing. The child can then drop root privileges before populating the parsed_mount_info struct. The parent waits for the child to exit and then continues the mount process based on the child's exit status. Signed-off-by: Jeff Layton commit e87a203fbaf059831292f2cb9a0692ef7a78a267 Author: Jeff Layton Date: Thu Apr
Re: [Samba] [linux-cifs-client] ANNOUNCE: cifs-utils release 4.1 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 24 Mar 2010 20:26:37 -0400 Jeff Layton wrote: > On Wed, 24 Mar 2010 20:24:17 -0400 > Jeff Layton wrote: > > > On Wed, 24 Mar 2010 07:55:09 -0400 > > Jeff Layton wrote: > > > > > On Tue, 23 Mar 2010 23:11:17 -0700 > > > Steve Langasek wrote: > > > > > > > Hi Jeff, > > > > > > > > On Tue, Mar 23, 2010 at 10:10:44AM -0400, Jeff Layton wrote: > > > > > This release is primarily a number of small bugfixes and cleanups. I > > > > > wanted to do a release with those prior to the coming overhaul of > > > > > mount.cifs to allow it to more safely be installed setuid root. > > > > > > > > Could you please provide detached GPG signatures for cifs-utils on the > > > > download site, so we have some cryptographic assurance of the integrity > > > > of > > > > the tarballs as we do for the samba tarballs? > > > > > > > > Cheers, > > > > > > Good point. I'm working now on getting a "cifs-utils" mail alias set up > > > that I can stuff into the key. Once I do so, I'll go back and sign all > > > of the tarballs and make sure they're signed on release in the future. > > > > > > Thanks, > > > > Done. A new cifs-utils signing key has been generated and the existing > > tarballs are now signed with it. The public key and signatures are > > available at the ftp location. > > > > ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ > > > > I'll update the webpage with that info soon. > > ...and in hindsight I should have probably signed that email. > Apologies for the spam, this one should be signed :) - -- Jeff Layton -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAkuqr+IACgkQyP0gxQMdzICKOACgj77famnypt2J7F2/zhCg8VUO kGoAn0D7EFDvZW9xKcZabdygM55P5D7H =F9SW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [linux-cifs-client] ANNOUNCE: cifs-utils release 4.1 available for download
On Wed, 24 Mar 2010 20:24:17 -0400 Jeff Layton wrote: > On Wed, 24 Mar 2010 07:55:09 -0400 > Jeff Layton wrote: > > > On Tue, 23 Mar 2010 23:11:17 -0700 > > Steve Langasek wrote: > > > > > Hi Jeff, > > > > > > On Tue, Mar 23, 2010 at 10:10:44AM -0400, Jeff Layton wrote: > > > > This release is primarily a number of small bugfixes and cleanups. I > > > > wanted to do a release with those prior to the coming overhaul of > > > > mount.cifs to allow it to more safely be installed setuid root. > > > > > > Could you please provide detached GPG signatures for cifs-utils on the > > > download site, so we have some cryptographic assurance of the integrity of > > > the tarballs as we do for the samba tarballs? > > > > > > Cheers, > > > > Good point. I'm working now on getting a "cifs-utils" mail alias set up > > that I can stuff into the key. Once I do so, I'll go back and sign all > > of the tarballs and make sure they're signed on release in the future. > > > > Thanks, > > Done. A new cifs-utils signing key has been generated and the existing > tarballs are now signed with it. The public key and signatures are > available at the ftp location. > > ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ > > I'll update the webpage with that info soon. ...and in hindsight I should have probably signed that email. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [linux-cifs-client] ANNOUNCE: cifs-utils release 4.1 available for download
On Wed, 24 Mar 2010 07:55:09 -0400 Jeff Layton wrote: > On Tue, 23 Mar 2010 23:11:17 -0700 > Steve Langasek wrote: > > > Hi Jeff, > > > > On Tue, Mar 23, 2010 at 10:10:44AM -0400, Jeff Layton wrote: > > > This release is primarily a number of small bugfixes and cleanups. I > > > wanted to do a release with those prior to the coming overhaul of > > > mount.cifs to allow it to more safely be installed setuid root. > > > > Could you please provide detached GPG signatures for cifs-utils on the > > download site, so we have some cryptographic assurance of the integrity of > > the tarballs as we do for the samba tarballs? > > > > Cheers, > > Good point. I'm working now on getting a "cifs-utils" mail alias set up > that I can stuff into the key. Once I do so, I'll go back and sign all > of the tarballs and make sure they're signed on release in the future. > > Thanks, Done. A new cifs-utils signing key has been generated and the existing tarballs are now signed with it. The public key and signatures are available at the ftp location. ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ I'll update the webpage with that info soon. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ANNOUNCE: cifs-utils release 4.1 available for download
On Tue, 23 Mar 2010 23:11:17 -0700 Steve Langasek wrote: > Hi Jeff, > > On Tue, Mar 23, 2010 at 10:10:44AM -0400, Jeff Layton wrote: > > This release is primarily a number of small bugfixes and cleanups. I > > wanted to do a release with those prior to the coming overhaul of > > mount.cifs to allow it to more safely be installed setuid root. > > Could you please provide detached GPG signatures for cifs-utils on the > download site, so we have some cryptographic assurance of the integrity of > the tarballs as we do for the samba tarballs? > > Cheers, Good point. I'm working now on getting a "cifs-utils" mail alias set up that I can stuff into the key. Once I do so, I'll go back and sign all of the tarballs and make sure they're signed on release in the future. Thanks, -- Jeff Layton signature.asc Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.1 available for download
This release is primarily a number of small bugfixes and cleanups. I wanted to do a release with those prior to the coming overhaul of mount.cifs to allow it to more safely be installed setuid root. There a couple of other noticeable changes too: - the version reported by all programs in the tarball now matches the VERSION define set by autoconf. That is, if someone runs "mount.cifs --version", it'll report "4.1" for this release. This should make it easier to get accurate release info in bug reports. - cifs.upcall is now optional. It's still built by default, but if any of libraries or headers aren't present that it needs, a warning is printed by "configure" and it'll be disabled. Note that some of the URLs below have changed: webpage:http://www.samba.org/linux-cifs/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Changelog: commit 279b1648a661c5e38e7650da74551cff9322a4f9 Author: Jeff Layton Date: Tue Mar 23 09:47:07 2010 -0400 cifs-utils: release 4.1 Signed-off-by: Jeff Layton commit c0371fced801f70cdf90f8bfcaf3413b93b6f491 Author: Jeff Layton Date: Tue Mar 23 09:21:25 2010 -0400 mount.cifs: fix ver= option passed to the kernel Rather than passing the VERSION string to the kernel in the ver= option, track the OPTIONS_VERSION separately and pass that to the kernel. If we ever need to have different behavior in kernel for different mount.cifs versions, we can bump this number. Signed-off-by: Jeff Layton commit d8f8e0b6dd2f85c0b4ed597bdf2ac2fad113e51f Author: Jeff Layton Date: Mon Mar 22 08:03:38 2010 -0400 mount.cifs: don't use exit(3) in get_password_from_file Signed-off-by: Jeff Layton commit e7208f48afed859b3d0188aadc90dc925ab1fb23 Author: Jeff Layton Date: Mon Mar 22 08:03:38 2010 -0400 mount.cifs: don't use exit(3) in mount_cifs_usage() and open_cred_file() ...to help ensure that exit processing is handled appropriately. Signed-off-by: Jeff Layton commit 7c0ea6b9a8ff064312da587ff0dcf701b7032c42 Author: Jeff Layton Date: Mon Mar 22 08:03:38 2010 -0400 mount.cifs: don't use exit(3) in main() Clean up error handling in main() so that cleanup tasks are completed rather than assuming exit processing will handle it. Signed-off-by: Jeff Layton commit 7fae11e1a1ddb0c2fe2a7cc419bea073c82eb79e Author: Jeff Layton Date: Mon Mar 22 08:03:38 2010 -0400 mount.cifs: fix error handling when duplicating options string Signed-off-by: Jeff Layton commit 1cd520efdfc49bfdcd411c345f7ac190684a698a Author: Jeff Layton Date: Mon Mar 22 08:03:38 2010 -0400 mount.cifs: make check_mountpoint a noop for non-legacy builds Now that we chdir() to the mountpoint, the checks in that function are pointless. Just make it a noop for non-legacy setuid builds. Signed-off-by: Jeff Layton commit f603d4229a996124acb3e8e34e09ad93322b12d5 Author: Jeff Layton Date: Mon Mar 22 08:03:37 2010 -0400 mount.cifs: remove uuid option Signed-off-by: Jeff Layton commit 6a8408fbd447217d5ef6d66ac0c7e65f79f21792 Author: Jeff Layton Date: Mon Mar 22 08:03:37 2010 -0400 mount.cifs: remove bogus rsize/wsize options They don't actually do anything. Signed-off-by: Jeff Layton commit 8562ecf3071be32f242e21cd7babd3be046a4b3b Author: Jeff Layton Date: Mon Mar 22 08:03:37 2010 -0400 mount.cifs: simplify command-line option parsing Let getopt_long do the work of parsing options, then check what's left. Signed-off-by: Jeff Layton commit 7d09eb5669e8e5c93005a059551d4a0ae5c735d6 Author: Jeff Layton Date: Mon Mar 22 08:03:37 2010 -0400 mount.cifs: remove unneeded uname call Signed-off-by: Jeff Layton commit 470d8aa3bc1d7947cbe3afda6bcf7e154100f3c0 Author: Jeff Layton Date: Mon Mar 22 08:03:35 2010 -0400 mount.cifs: clean up parse_server Get rid of a lot of unnecessary nesting. Signed-off-by: Jeff Layton commit 82f2ebc299d27a86a1eba7c285c849ab5f45607d Author: Jeff Layton Date: Sat Mar 20 08:10:24 2010 -0400 mount.cifs: clean up preprocessor macros ...remove some unneeded junk. Signed-off-by: Jeff Layton commit 2b03d5454e5828112fd4a21322067c8d7e861eed Author: Jeff Layton Date: Sat Mar 20 07:50:10 2010 -0400 Update the README Signed-off-by: Jeff Layton commit 330cb93bc946d61825e227b5cac27234be584abb Author: Jeff Layton Date: Sat Mar 20 07:49:44 2010 -0400 cifs-utils: switch to using autoconf package version Rather than using a hardcoded version string, use the VERSION macro that autoconf provides. This will help make it clear what version is actually being used in bug reports when
[Samba] ANNOUNCE: cifs-utils release 4.0 available for download
First official release! As previously noted, I'm declaring this version 4.0 to help ease the transition for distro packagers. There are only a couple of small changes since 4.0rc1 -- a small #include change in cifs.spnego and an autotools fix. I'm still working on a more permanent location for the webpage and FTP repo, but I don't see that as a reason to hold up the initial release. Thus, the locations are the same: webpage:http://www.samba.org/~jlayton/cifs-utils/ tarball:ftp://ftp.samba.org/pub/samba/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Changelog: commit f54e674a82fc00e574e1ebbc77ba5841d8342b6d Author: Jeff Layton Date: Fri Feb 26 21:36:56 2010 -0500 autotools: check for keyutils.h ...and throw a (hopefully) helpful error message if it's not present. Signed-off-by: Jeff Layton commit 8ddbdf13169ac38ef7fe552de5abc683e6d63c0f Author: Jeff Layton Date: Fri Feb 26 21:36:45 2010 -0500 cifs.upcall: use non-legacy krb5.h location is deprecated in favor of . Also, make autoconf throw a more helpful error message if it's not present. Signed-off-by: Jeff Layton -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Setuid bit always set on Vista mount
On Fri, 12 Feb 2010 14:39:05 -0800 "Robert Edgar" wrote: > Files on my Vista mount always have the S mode (setgid bit?) set according > to ls -l. This is a security hole and causes other problems. I can't clear > the bit with chmod; in fact the results of doing chmod don't make any sense > to me (I'll be glad to provide examples). Typical files show as -rwxrwSrwx, > though not all. The smb.conf file has create mask 0666 and directory mask > 0777 various places. I inherited this smb.conf so am reluctant to mess with > it since I don't know what I'm doing. > Thanks for any advice. > Robert. > > I assuming this is using Linux CIFS? Older Linux CIFS versions set the file_mode to 02767. That has the setgid bit set, but the group execute bit is cleared. That's not really a security issue -- that combination is supposed to signal to the kernel that it should enforce mandatory locking. The problem though is that we don't really want or need the kernel to enforce that. Thus, more recent Linux kernel versions set the mode to something a bit more sane (0755, IIRC). You can override that on the one you're running by setting the file_mode= mount option (see the mount.cifs manpage). -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMB/CIFS seq. transfers top out at 30MiB/s (NFSv4 and HTTP: 100MiB/s+)
On Thu, 21 Jan 2010 00:10:07 +0100 Johannes Truschnigg wrote: > On Wednesday 20 January 2010 20:55:16 Jeff Layton wrote: > > […] > > Most likely, you're running into the lack of parallelism in Linux' CIFS > > client. Writes are done in in turn currently and not in parallel as > > they should be. > > […] > > Very interesting; but that wouldn't explain why it's slow for Windows XP > clients, would it? Is there any SMB/CIFS client implementation that's known > for its speed so I could test if it's really a client issue? > Oops, missed that point in the initial email. You're correct -- it wouldn't explain why windows is slow. I *think* smbclient is actually reasonably fast and does parallel reads/writes. You may want to try it. If it's also slow, I'd probably do some analysis of the traffic on the wire and see if you can determine the cause that way. -- Jeff Layton signature.asc Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba, and NFS. lag?
On Wed, 20 Jan 2010 13:36:18 -0500 Nathan Lager wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > OK, Here we go. > > http://www.undrground.org/smb/smbd.strace > > > On 01/20/2010 12:56 PM, Volker Lendecke wrote: > > On Wed, Jan 20, 2010 at 12:28:41PM -0500, Nathan Lager wrote: > >> That hasnt helped either. > >> > >> Same lag on file modification. > >> > >> Thanks. > > > > Please connect, look in smbstatus which process is > > responsible for your client and strace it. > > > > strace -ttT -o /tmp/smbd.strace -p > > > > Upload /tmp/smbd.strace somewhere please. > > > > Volker > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ > > iEYEARECAAYFAktXTSIACgkQsZqG4IN3sunZqACffagPWZAH3BKFTfe2NSytiOWx > zfAAoJgks2s5Dt1Pg0vh+49o9FMIcRWj > =uCY5 > -END PGP SIGNATURE- Looks like it's taking forever for flock() calls to time out, and then it finally fails with -ENOLCK: 13:24:00.268018 flock(28, 0x60 /* LOCK_??? */) = -1 ENOLCK (No locks available) <30.000971> ...often that means that you don't have rpc.statd running on the client. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMB/CIFS seq. transfers top out at 30MiB/s (NFSv4 and HTTP: 100MiB/s+)
On Wed, 20 Jan 2010 19:41:24 +0100 Johannes Truschnigg wrote: > Hello list, > > I'm using Samba 3.4.5 on a home-hosted fileserver of mine to easily share > files with both GNU/Linux and Windows XP (Professional 32Bit SP3) clients. > The > machines are connected to each other via a switched GBit ethernet network, > the > actual available bandwidth between the server and the nodes over TCP amounts > to about 940-980MBit (according to iperf). > > The server's storage backend is aquite potent, and achieves sequential read > and write speeds well over the network's linespeed (somewhere around 180MiB/s > read and 130MiB/s write at worst and well over 200MiB/s and 160MiB/s, resp., > at best). When serving files from the very same filesystem as with Samba, > Apache 2.2 delivers about 110MiB/s on average, and NFSv4-transfers match that > number in terms of speed. > > With Samba and SMB/CIFS, however, the transfer speed tops out at rather > disappointing 28-30MiB/s, serving both Windows and GNU/Linux clients. I'm > using the in-kernel CIFS support on the GNU/Linux machines, and the default > "Attach Network Drive"-feature with Windows. Using the (afaik pure userspace) > `smbclient` implementation on the GNU machine doesn't change anything to the > better, the speed remains at the aforementioned ~30MiB/s. > > The server system isn't really loaded while serving files over CIFS (its > cores > don't even clock to higher frequencies, but remain at a comfortable 1GHz), > and > smbd never consumes substantially more than ~15% CPUtime while reading from > disk and delivering to the clients. > > I tried adopting advice from the Samba manual's performance tuning section > (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/speed.html), but > that didn't improve the situation at all - transfer speed remained roughly > the > same, compared to these settings' default values. Playing with the clients' > mount options (rsize and wsize, specifically) didn't yield any noticeable > improvements, either. > > I continue to see other peoples' reports on the web that they manage to > squeeze much higher transfer rates (70MiB/s+) out of dedicated NAS appliances > via SMB/CIFS (most of which supposedly also run Samba for providing that > service), and I fail to see why my platform won't deliver similar results, as > the hardware should easily match whatever those NAS-devices offer. > > Below I will list what I think might be relevant information to track down > what's wrong; in case I'm missing something that'd be of use, please, let me > know! > > SNIP START: egrep -v '^[[:space:]]*[;#]|^$' /etc/samba/smb.conf > [global] > workgroup = ARBEITSGRUPPE > security = share > load printers = no > guest account = nobody > dns proxy = no > syslog = 1 > syslog only = yes > socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 > disable netbios = yes > unix extensions = yes > unix charset = UTF-8 > display charset = UTF-8 > use mmap = yes > use sendfile = yes > wins support = no > [files] >path = /srv/files/pub/ >public = yes >only guest = yes >writable = yes >printable = no > SNIP END: egrep -v '^[[:space:]]*[;#]|^$' /etc/samba/smb.conf > > My GNU/Linux client mounts the share with the following options: > SNIP START: /etc/fstab > //virtue.local/files /media/network cifs \ > auto,user,pass=,rw,uid=1000,gid=100,noexec,nolock,\ > file_mode=0664,dir_mode=0775,iocharset=utf8,\ > wsize=57344,rsize=57344 0 0 > SNIP END: /etc/fstab > > The output of `smbd -d` is recorded here: http://pasted.at/fb1889588d_nl.html > > All GNU/Linux clients use recent (2.6.32+) kernels and are x86_64 machines. > All clients are able to get the HTTP transfer speeds described above. > > I'm still using the very same kernel that was used to build Samba/smbd on. > There's nothing out of the ordinary recorded in the server's logs. `nmbd` > isn't running on the server, as I don't need that kind of name resolution > support. Samba is Version 3.4.5, running on Gentoo GNU/Linux ~amd64. > > > If anyone spots something obvious that might limit transfer speeds in the way > I described, please leave a comment. Thanks very much in advance for your > time > and effort! Most likely, you're running into the lack of parallelism in Linux' CIFS client. Writes are done in in turn currently and not in parallel as they should be. Fixing it is something we'd like to do, but it's a non-trivial amount of work and it'll probably be a while before it's fixed. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] nfs vs. cifs based on my usage profile
On Thu, 31 Dec 2009 13:50:10 -0600 Terry wrote: > Hello, > > I have an interesting architecture consisting of a 3 RHEL 5.3 NFS > nodes that mounts about 30 TB worth of iscsi disk and presents them as > 6 different NFS shares. It is an active-active-active cluster with > each node presenting a couple of shares. It works pretty well. I am > doubting my decision to use NFS and am wondering if CIFS would be a > better route. Here are the NFS stats: > > getattr lookup access readwrite readdirplus > 20% 16% 7% 44% 9% 1% > > Each NFS node pushes about 65 MB/s so they are pretty busy. It is a > backup/recovery application so I would describe the I/O as lots of > small reads/writes. > > Any thoughts? > Why are you looking to switch? As always, the only way to really tell is to bench it out yourself. I can tell you though that the Linux CIFS client doesn't parallelize writes well at all and that will probably hobble your throughput somewhat. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User executional bit set when creating/modifying file on linux server from linux client
On Wed, 02 Dec 2009 16:53:53 +0100 Fredrik Liljegren wrote: > Jeff Layton wrote: > > I was actually more interested in a wire capture, but this tells me > > something too... > > > > The logs here indicate that unix extensions were in effect. With that, > > the file_mode and dir_mode should really never have any effect. I have > > a feeling that these are bugs that existed prior to the big overhaul of > > inode handling that went into 2.6.31. > > > > Is there a way for you to test a more recent kernel here (something > > 2.6.31 or 2.6.32-ish)? > > > I upgraded to 2.6.31-1-amd64 (debian sid), but that didn't change > anything. Without file_mode in the mount, a simple file change still > adds u+x. > > /F > > PS: I tried without nodfs, but then I get permission denied trying to > change mode with chmod u-x... > (adding samba list back to cc list) I see where we do send the mnt_file_mode in a posix open call if we're opening an existing file. The server should ignore that however. Even if it didn't, 3.0.24 probably has broken posix open calls for existing files so I'm not sure it would use that codepath anyway. This sounds really strange. Could you get a wire capture so we can see what's happening there? It might also be best to open a bug at bugzilla.samba.org as that would give us a better forum for tracking this issue. If you do that, please add me to the cc list (or email me with the bug number and I'll add myself). Thanks, -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS and ghost files.
On Wed, 2 Dec 2009 10:55:50 -0500 robertobo...@bayviewassetmanagement.com wrote: > Hello everyone. > > I hope I can get some help with this problem we are having. > > We have a CIFS mount (from a NetApp) were we write files (php > application). Then the files are being copied to a directory in the same > CIFS filesystem, then a process on a Windows server picks up the file and > deletes it. > > The thing is, later the php app, generates a new file and when it tries to > copy it it says "the file doesn't exists". So if I go to the "copy" > location and do an ls I don't see the file, but if I do ls -l "filename" > then it shows!!! > > I issue a rm "filename" and I got a "no such file or directory", then I do > a ls -l "filename" is not there anymore. here some steps: > > A.- On a CIFS filesystem /path/ on a RHEL 5 server (server1): > > 1.- PHP app generates file (test.txt) on /path/temp/ > 2.- PHP app copies file from /path/temp/ to /path/final/ > > B.- On a Windows server accessing the same /path/ share (server2) > > 1.- Informatica sees the test.txt file on /path/final/ executes a > proccess, deletes the file > > C.- On server 1 > > 1.- PHP app generates file (test.txt) on /path/temp/ > 2.- PHP app copies file from /path/temp/ to /path/final/ > the app > fails with an error > > D.- Admin (ME) > > 1.- Goes to the server an does: ls -l /path/final/ ---> file is not there > 2.- Does: ls -l /path/final/test.txt and gets: -rwxrwSrwx 1 wwwspool > wwwspool 0 Nov 4 10:38 test.txt > 3.- Does: rm /path/final/test.txt and gets: rm: cannot remove `test.txt': > No such file or directory > > The cycle starts again on A. > > thanks for your help. Interesting. What kernel are you using here? -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User executional bit set when creating/modifying file on linux server from linux client
On Wed, 02 Dec 2009 15:01:35 +0100 Fredrik Liljegren wrote: > Jeff Layton wrote: > > On Wed, 02 Dec 2009 10:19:52 +0100 > > Fredrik Liljegren wrote: > > > > > >> Whenever I create or modify a file on my cifs-mount, be it by `echo > >> "test" >> file` or from bash, the file mode is changed with u+x. > >> However, that does not happen with touch, and usign chmod u-x works as > >> it should. This is very annoying... > >> > > That is strange, I'm not aware of anything in cifs that would change inode > > permissions on a write call. Some questions: > > > > What mount options are you using? > > > I used > nodfs,rw,iocharset=utf8,localcharset=utf8,uid=fiddur,gid=fiddur,credentials=/home/fiddur/.effie-smb > > Hmm, could it be nodfs that messes it up? That's a remnant of earlier > tries to get this right... > > I discovered now that using file_mode=0664,dir_mode=0775 works, but that > is quite suboptimal... > > > > Does the server have any special "create mode" or "create mask" type > > settings that might affect the mode assigned to the inode? > > > The server uses: > force create mode = 0664 > force directory mode = 0775 > > ...but I guess it is unix extensions that makes files other than 0664. > > > What kernel is this client running? > > > 2.6.30-1-amd64 from debian. > > > What kernel is the ubuntu client running? > > > The ubuntu mount used file_mode and dir_mode in the mounting, so that > would be the reason for the difference. (It's a collegues computer...) > > > It might be interesting to see a wire capture while recreating this. > > Instructions on doing that are here: > > > > http://wiki.samba.org/index.php/LinuxCIFS_troubleshooting > > > > If you like, you can send the capture to me directly and I'll have a > > look. > > > Here's the output from a `echo "test" > test1` where test1 gets u+x > (including it, it's <100 rows): > > [195493.276026] > /build/buildd-linux-2.6_2.6.30-4-amd64-zA7FCt/linux-2.6-2.6.30/debian/build/source_amd64_none/fs/cifs/file.c: > CIFS VFS: in cifs_writepages as Xid: 940557 with uid: 0 > [195493.276031] > /build/buildd-linux-2.6_2.6.30-4-amd64-zA7FCt/linux-2.6-2.6.30/debian/build/source_amd64_none/fs/cifs/file.c: > CIFS VFS: leaving cifs_writepages (xid = 940557) rc = 0 > [195500.523217] > /build/buildd-linux-2.6_2.6.30-4-amd64-zA7FCt/linux-2.6-2.6.30/debian/build/source_amd64_none/fs/cifs/inode.c: > CIFS VFS: in cifs_revalidate as Xid: 940558 with uid: 1000 > [195500.523224] > /build/buildd-linux-2.6_2.6.30-4-amd64-zA7FCt/linux-2.6-2.6.30/debian/build/source_amd64_none/fs/cifs/inode.c: > Revalidate: /tmp/test1 inode 0x880112cf75e0 count 1 dentry: > 0x880112cb18c0 d_time 4343754864 jiffies 4343767426 > [195500.523228] > /build/buildd-linux-2.6_2.6.30-4-amd64-zA7FCt/linux-2.6-2.6.30/debian/build/source_amd64_none/fs/cifs/inode.c: > Getting info on /tmp/test1 > [195500.523231] > /build/buildd-linux-2.6_2.6.30-4-amd64-zA7FCt/linux-2.6-2.6.30/debian/build/source_amd64_none/fs/cifs/cifssmb.c: > In QPathInfo (Unix) the path /tmp/test1 > [195500.523252] > /build/buildd-linux-2.6_2.6.30-4-amd64-zA7FCt/linux-2.6-2.6.30/debian/build/source_amd64_none/fs/cifs/transport.c: > For smb_command 50 > [195500.523255] > /build/buildd-linux-2.6_2.6.30-4-amd64-zA7FCt/linux-2.6-2.6.30/debian/build/source_amd64_none/fs/cifs/transport.c: > Sending smb: total_len 98 > [195500.523618] > /build/buildd-linux-2.6_2.6.30-4-amd64-zA7FCt/linux-2.6-2.6.30/debian/build/source_amd64_none/fs/cifs/connect.c: > rfc1002 length 0xa4 > [195500.523628] > /build/buildd-linux-2.6_2.6.30-4-amd64-zA7FCt/linux-2.6-2.6.30/debian/build/source_amd64_none/fs/cifs/inode.c: > Old time 4343754864 > [195500.523630] > /build/buildd-linux-2.6_2.6.30-4-amd64-zA7FCt/linux-2.6-2.6.30/debian/build/source_amd64_none/fs/cifs/inode.c: > New time 4343767426 > [195500.523634] > /build/buildd-linux-2.6_2.6.30-4-amd64-zA7FCt/linux-2.6-2.6.30/debian/build/source_amd64_none/fs/cifs/inode.c: > Size 5 and blocks 8 > [195500.523636] > /build/buildd-linux-2.6_2.6.30-4-amd64-zA7FCt/linux-2.6-2.6.30/debian/build/source_amd64_none/fs/cifs/inode.c: > cifs_revalidate - inode unchanged > [195500.523641] > /build/buildd-linux-2.6_2.6.30-4-amd64-zA7FCt/linux-2.6-2.6.30/debian/build/source_amd64_none/fs/cifs/file.c: > CIFS VFS: in cifs_writepages as Xid: 940559 with uid: 1000 > [195500.523645] > /build/buildd-linux-2.6_2.6.30-4-amd64-zA7FCt/linux-2.6-2.6.30/debian/build/source_amd64_none/fs/cifs/file.c: > CIFS VFS: le
Re: [Samba] User executional bit set when creating/modifying file on linux server from linux client
On Wed, 02 Dec 2009 10:19:52 +0100 Fredrik Liljegren wrote: > Whenever I create or modify a file on my cifs-mount, be it by `echo > "test" >> file` or from bash, the file mode is changed with u+x. > However, that does not happen with touch, and usign chmod u-x works as > it should. This is very annoying... > > It is a linux samba server running samba 3.0.24. I know it's not the > latest, and if you know there was a bug fixed that can solve my problem, > I can probably get the serveradmins to upgrade it... but if it's a > config problem, that's easier... > > I use linux mount.cifs version: 1.12-3.4.3 > > On another computer here, runnig ubuntu instead of debian, and > mount.cifs 1.12-3.3.2, modifying files does NOT set u+x! > > > > Example: > > Initial directory: > > fid...@ydalar:~/mnt/liljegren/tmp$ ls -la > totalt 0 > drwxrwxr-x 2 fiddur fiddur 0 2 dec 09.51 . > drwxrwsr-x 15 fiddur fiddur 0 2 dec 09.51 .. > > > Creating file with touch doesn't get any u+x: > fid...@ydalar:~/mnt/liljegren/tmp$ touch test1 > fid...@ydalar:~/mnt/liljegren/tmp$ ls -la > totalt 0 > drwxrwxr-x 2 fiddur fiddur 0 2 dec 09.52 . > drwxrwsr-x 15 fiddur fiddur 0 2 dec 09.51 .. > -rw-rw-r-- 1 fiddur fiddur 0 2 dec 09.52 test1 > > > Creating a file by output redirection gives u+x: > fid...@ydalar:~/mnt/liljegren/tmp$ echo "hej" > test2 > fid...@ydalar:~/mnt/liljegren/tmp$ ls -la > totalt 4 > drwxrwxr-x 2 fiddur fiddur 0 2 dec 09.53 . > drwxrwsr-x 15 fiddur fiddur 0 2 dec 09.51 .. > -rw-rw-r-- 1 fiddur fiddur 0 2 dec 09.52 test1 > -rwxrw-r-- 1 fiddur fiddur 4 2 dec 09.53 test2 > > Removing with chmod works: > fid...@ydalar:~/mnt/liljegren/tmp$ chmod u-x test2 > fid...@ydalar:~/mnt/liljegren/tmp$ ls -la > totalt 4 > drwxrwxr-x 2 fiddur fiddur 0 2 dec 09.53 . > drwxrwsr-x 15 fiddur fiddur 0 2 dec 09.51 .. > -rw-rw-r-- 1 fiddur fiddur 0 2 dec 09.52 test1 > -rw-rw-r-- 1 fiddur fiddur 4 2 dec 09.53 test2 > > Modifying with appending redirection adds u+x too: > fid...@ydalar:~/mnt/liljegren/tmp$ echo "test" >> test1 > fid...@ydalar:~/mnt/liljegren/tmp$ ls -la > totalt 8 > drwxrwxr-x 2 fiddur fiddur 0 2 dec 09.53 . > drwxrwsr-x 15 fiddur fiddur 0 2 dec 09.51 .. > -rwxrw-r-- 1 fiddur fiddur 5 2 dec 09.54 test1 > -rw-rw-r-- 1 fiddur fiddur 4 2 dec 09.53 test2 > > > > Additional info: > > fid...@ydalar:~/mnt/liljegren/tmp$ cat /proc/fs/cifs/DebugData > Display Internal CIFS Data Structures for Debugging > --- > CIFS Version 1.58 > Active VFS Requests: 0 > Servers: > 1) Name: xxx.xxx.xxx.xxx Domain: Uses: 1 OS: Unix > NOS: Samba 3.0.24Capability: 0x80f3fd > SMB session status: 1TCP status: 1 > Local Users To Server: 1 SecMode: 0x3 Req On Wire: 0 > Shares: > 1) \\EFFIE\liljegren.devshop Mounts: 1 Type: NTFS DevInfo: 0x0 > Attributes: 0x2b > PathComponentMax: 255 Status: 0x1 type: 0 > > MIDs: > That is strange, I'm not aware of anything in cifs that would change inode permissions on a write call. Some questions: What mount options are you using? Does the server have any special "create mode" or "create mask" type settings that might affect the mode assigned to the inode? What kernel is this client running? What kernel is the ubuntu client running? It might be interesting to see a wire capture while recreating this. Instructions on doing that are here: http://wiki.samba.org/index.php/LinuxCIFS_troubleshooting If you like, you can send the capture to me directly and I'll have a look. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] compiling 3.2.15: cifs.upcall not found afer RPM build
On Fri, 30 Oct 2009 10:01:40 -0400 David Magda wrote: > On Oct 29, 2009, at 19:40, Jeff Layton wrote: > > > It sounds like something is broken with your install. My RHEL4 host > > has > > a keyutils.so and keyutils.h as part of the keyutils-devel and > > keyutils-libs packages. > > > According to the RPM database things are the way they should be: > > $ rpm -qa | grep keyutil > keyutils-0.3-1 > keyutils-devel-0.3-1 > $ rpm -Vv keyutils keyutils-devel > /bin/keyctl > c /etc/request-key.conf > /lib/libkeyutil.so.0 > /lib/libkeyutil.so.0.3.1 > /sbin/request-key > /usr/share/doc/keyutils-0.3 > d /usr/share/doc/keyutils-0.3/LICENCE.GPL > d /usr/share/doc/keyutils-0.3/LICENCE.LGPL > d /usr/share/doc/keyutils-0.3/README > /usr/share/keyutils/request-key-debug.sh > /usr/share/man/man1 > d /usr/share/man/man1/keyctl.1.gz > /usr/share/man/man5 > d /usr/share/man/man5/request-key.conf.5.gz > /usr/share/man/man8 > d /usr/share/man/man8/request-key.8.gz > /lib/libkeyutil.so > /usr/include/keyutil.h > > $ cat /etc/redhat-release > Red Hat Enterprise Linux AS release 4 (Nahant Update 2) > $ uname -a > Linux foo.example.com 2.6.9-22.ELsmp #1 SMP Mon Sep 19 18:32:14 EDT > 2005 i686 i686 i386 GNU/Linux > Ahh, that would explain it. RHEL4.2 is 4 years old. From the keyutils changelog: * Mon Nov 28 2005 David Howells - 1.0-1 - Rename library and header file "keyutil" -> "keyutils" for consistency ...I suggest patching your RHEL4 machine(s) and not just for this reason. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] compiling 3.2.15: cifs.upcall not found afer RPM build
On Thu, 29 Oct 2009 15:34:41 -0400 (EDT) "David Magda" wrote: > On Thu, October 29, 2009 15:05, Jeff Layton wrote: > > > Be forewarned that there's no kernel support for DFS or krb5 in RHEL4 > (unless you've added that yourself). So there's little reason to install > cifs.upcall there. > > So is the samba.spec file designed for RHEL 5+ then? I'm trying to > simplify things by using the included scripts and files and not rolling my > own. If 'configure' does not find the proper headers (or libraries), > there's no sense having the .spec file look for the binaries if they're > not going to be generated. Not sure if there's a way to automated that. > I'm not sure. I'm afraid that I've never used makerpms.sh. > Turns out that Samba is looking for "keyutils.h", while RHEL4 has > "keyutil.h" (no 's'). Ditto for "libkeyutil[s].so". Create a soft link > fixed the 'configure' and linking errors, and allowed the RPMs to be > built. > It sounds like something is broken with your install. My RHEL4 host has a keyutils.so and keyutils.h as part of the keyutils-devel and keyutils-libs packages. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] compiling 3.2.15: cifs.upcall not found afer RPM build
On Wed, 28 Oct 2009 15:42:43 -0400 (EDT) "David Magda" wrote: > Hello, > > Trying to compile Samba 3.2.15 on a RHEL AS 4u2 (i686) and I'm getting the > following result from 'sh makerpms.sh': > > > Provides: samba-doc = 3.2.15-1 > > Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 > rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(VersionedDependencies) <= > 3.0.3-1 > > > > > > RPM build errors: > > File not found: /var/tmp/samba-3.2.15-root/usr/sbin/cifs.upcall > > File not found by glob: > /var/tmp/samba-3.2.15-root/usr/share/man/man8/cifs.upcall.8.* > > makerpms.sh: Done. > > Not really anything present either: > > > # find /var/tmp/samba-3.2.15-root -name 'cifs*' > > /var/tmp/samba-3.2.15-root/usr/share/swat/help/manpages/cifs.upcall.8.html > > # > > No binaries seem to be present either: > > > # find /usr/src/redhat/BUILD/samba-3.2.15 -name 'cifs*' > > /usr/src/redhat/BUILD/samba-3.2.15/source/client/cifs_spnego.h > > /usr/src/redhat/BUILD/samba-3.2.15/source/client/cifs.upcall.c > > /usr/src/redhat/BUILD/samba-3.2.15/docs-xml/Samba3-Developers-Guide/cifsntdomain.xml > /usr/src/redhat/BUILD/samba-3.2.15/docs-xml/manpages-3/cifs.upcall.8.xml > > /usr/src/redhat/BUILD/samba-3.2.15/docs-xml/Samba4-HOWTO/cifsfs.xml > > # > > Is this an issue with the samba.spec file, or am i missing something? > > > Be forewarned that there's no kernel support for DFS or krb5 in RHEL4 (unless you've added that yourself). So there's little reason to install cifs.upcall there. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] linux 2 linux transfer very slow
On Mon, 26 Oct 2009 00:24:48 +0100 "Jean-Yves F. Barbier" <12u...@gmail.com> wrote: > SVR > Debian sid V. 3.4.2-1 > CLI > Debian lenny > = > > Hi list, > > Sometimes ago I noticed a samba slowing down but as I don't use it > very much it was not a PB (NO conf changes.) > > Today I made this test on CLI: > mount -t cifs //svr/myshare /mnt/ -o username=myuser,password=mypw,ro > then: > cp /mnt/films/20090911_0025_footage.avi . (this one's 2GB) > > The speed (measured w/ iptraf) is terribly slow (~750KB/s), so I made > another test: ftp using filezilla: ~7500KB/s (!) > > There's nothing special in my conf file, and I've got a line as doc say: > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > I really don't understand why there's so much difference between samba & ftp > mostly because formerly (well, may be a year ago) there was only a very small > gap between these speeds. This probably has little to do with samba and more to do with the fact that writes with Linux CIFS are essentially synchronous within the context of a single thread. That said, your SO_RCVBUF size seems very small. You probably at least need to make it large enough to hold a few writes before closing the window. The folks who work on the samba server might be able to offer better guidance as to a size. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] cifs.upcall not respecting krb5ccname env var?
On Thu, 24 Sep 2009 01:47:04 +1000 "Samuel Denbigh Leslie" wrote: > Hi Jeff, > > Thanks for the clarification on the cifs.upcall behaviour I was seeing and > the fix in Git master. > > The box in question is a CentOS 5.3 x86_64 box using the SerNet 3.2 > binaries, and so, upgrading to the latest sources in the Samba Git tree > wasn't really an option for a stable production server. > > However, I've managed to "backport" the fix simply by rebuilding the > relevant SRPM (which SerNet makes available) after patching it with the > latest cifs.upcall source. The only required modification was of an include > to point to the correct file (hierarchy seems to have changed a fair bit > since the 3.2-branch unsurprisingly); specifically: > > 29 #include "../libcli/auth/spnego.h" > > To > > 29 #include "spnego.h" > Yeah, not too surprising there... > This compiles fine and seems to work great, while still using stable sources > provided by SerNet. I recognise this is probably not ideal or recommended, > but it does work, and fixes the problem. > > Thanks again for the advice and the fix you committed! > > -SDL > Glad you got it working. If you see any trouble with it, then please let me know. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] cifs.upcall not respecting krb5ccname env var?
On Sat, 19 Sep 2009 20:14:56 +1000 "Samuel Denbigh Leslie" wrote: > Hello, > > > > I've been doing some extensive troubleshooting with respect to some issues > mounting CIFS shares on a Windows box via Kerberos. We're using the command: > > /sbin/mount.cifs //whatever/whatever /whatever -o sec=krb5i > > > > This should mount the share using Kerberos & Packet-signing by using the > cached credentials of the user executing the command. With judicious use of > strace, it seems that cifs.upcall makes the assumption that the Kerberos > credentials will be present at /tmp/krb5cc_UID, however, this is not always > the case; the credentials may have a random element in the file name. Here's > an example output from the system: > > /tmp/krb5cc_0 /tmp/krb5cc_1_IKsPGl4129 /tmp/krb5cc_10003_SXDRDQ7677 > (side-note: The random element is usually placed there by pam_krb5) > > > As such, the command works fine under root, but will fail for users with > UIDs 1 and 10003. I'm guessing the difference is in logon mechanism; > root is logged on locally while the 1000* UIDs are logging in over SSH. > Eliminating the random element would not be feasible as a single user may > have multiple Kerberos cached credentials. > > > The correct behaviour should be to read the value of the KRB5CCNAME > variable, which if present, should point to the correct location of the > Kerberos cached credentials for that session, and if not, use the present > default of /tmp/krb5cc_UID. Example output: > > KRB5CCNAME=FILE:/tmp/krb5cc_1_IKsPGl4129 > > > > At no point in the strace logs of both successful and failed mounts for > mount.cifs or cifs.upcall is the getenv() syscall used, it would appear it > is making a (seriously incorrect) assumption and completely disregarding the > relevant environment variable. > > > > I'm not a Linux expert, and may have this completely wrong, but can anyone > else shed some insight into this. Is this a bug? > > > > Note that symlinking krb5cc_UID to the correct credentials will fix the > problems, but this is not a feasible solution long term. > > No, you're correct. cifs.upcall shipping today with most distros doesn't handle this correctly. The latest version of cifs.upcall in samba's git tree should have a fix for this. We can't actually use the value of $KRB5CCNAME since we cannot guarantee that it'll be set to the correct value if the reconnect is handled in the context of a different user. The scheme is to search /tmp for the best possible credcache and to use that instead. You may want to try pulling down the latest samba git tree and building the latest cifs.upcall there (the one in the master branch). -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Wed, 16 Sep 2009 12:26:04 -0400 (EDT) Christoph Lameter wrote: > On Tue, 15 Sep 2009, Jeff Layton wrote: > > > Yow, that version of mount.cifs is really old. I wonder if it may be > > passing bad mount options to the kernel? Might be interesting to strace > > that. Something like: > > > > # strace -f -s 256 -e mount mount -t cifs //chiprodfs2/company /mnt > > -ouser=clameter,domain=xxx > > > > ...it'll probably have a cleartext password in it so you might want to > > doctor the options a bit before sending along if you do. > > > > Alternately, you might just want to try a newer version of mount.cifs > > and see whether that fixes this. > > Tried a newer version of mount.cifs without any change. > Ok, good to rule that out then. > > > I cannot mount the clameter dir on the 32 bit box. Hangs. So I will mount > > > /company. > > > > > > > Actually, the trace of a hanging mount would probably be interesting. > > > > Does the 32-bit capture that you sent represent a mount attempt that > > hung? Or was it successful? > > No it was successful. > Hmm, ok. That isn't going to tell me as much as a mount that fails. For now, I suggest that we focus on determining why these mounts hang/fail. After that we can see whether the solution there has any bearing on why the server is so slow to respond to this particular client. > > What's the "devname" that you're giving to the mount command for the > > "clameter" dir? If there's more than 1 path component after the > > hostname, then the problem may be in the old version of mount.cifs. > > Some of them had broken handling for path prefixes. > > its //machinename/company/clameter > > So two components. > Also good to know. What we should probably do at this point is track down why the 32-bit client has such a hard time mounting the clameter dir. Here's what would be most helpful: 1) some debug log info of the mount attempt: # modprobe cifs # echo 7 > /proc/fs/cifs/cifsFYI ...then attempt the mount. After it hangs for a few seconds, ^c the mount to kill it. Collect the output from dmesg and send it to me. That should give me some idea of what the client is doing during this phase. If you can simultaneously capture wire traffic during the same mount attempt that would also be helpful. Cheers, -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Mon, 14 Sep 2009 16:10:47 -0400 (EDT) Christoph Lameter wrote: > On Thu, 10 Sep 2009, Jeff Layton wrote: > > > In any case, I think we need to look closely at what's happening at > > mount time. First, I'll need some other info: > > > > 1) output of "/sbin/mount.cifs -V" from both machines > > The 32 bit machine > > #/sbin/mount.cifs -V > mount.cifs version: 1.5 > //chiprodfs2/company /mnt -ouser=clameter,domain=xxx > mount -t cifs //chiprodfs2/company /mnt -ouser=clameter,domain=xxx > Yow, that version of mount.cifs is really old. I wonder if it may be passing bad mount options to the kernel? Might be interesting to strace that. Something like: # strace -f -s 256 -e mount mount -t cifs //chiprodfs2/company /mnt -ouser=clameter,domain=xxx ...it'll probably have a cleartext password in it so you might want to doctor the options a bit before sending along if you do. Alternately, you might just want to try a newer version of mount.cifs and see whether that fixes this. > 64 bit machine > > $ /sbin/mount.cifs -V > mount.cifs version: 1.12-3.4.0 > > mount -t cifs //chiprodfs2/company /mnt -ouser=clameter,domain=w2k > > > 3) wire captures from mount attempts on both machines. Try to mount the > > "clameter" dir on both boxes and do captures of each attempt. Maybe > > this time use -s 0 with tcpdump so we get all of the traffic. > > I cannot mount the clameter dir on the 32 bit box. Hangs. So I will mount > /company. > Actually, the trace of a hanging mount would probably be interesting. Does the 32-bit capture that you sent represent a mount attempt that hung? Or was it successful? > > There may be crackable password hashes in the captures, so you may want > > to send them to me privately and not cc the list. > > Ok will follow. > Thanks for the info, I had a look at the captures. They both look fairly similar. The main difference is that the 32-bit box doesn't seem to have sent any more calls after sending a QPathInfo call to the server for the root inode of the mount. What's the "devname" that you're giving to the mount command for the "clameter" dir? If there's more than 1 path component after the hostname, then the problem may be in the old version of mount.cifs. Some of them had broken handling for path prefixes. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Wed, 9 Sep 2009 13:07:52 -0400 (EDT) Christoph Lameter wrote: > On Wed, 9 Sep 2009, Jeff Layton wrote: > > > My suspicion would be that the server needs to perform an oplock break > > to another client before it can send the response. The only way I know > > how to tell that is to sniff all SMB traffic on the server and watch > > for oplock break calls to other clients when these stalls occur. > > That could be tested by switching them off right? If I do > > echo 0 >/proc/fs/cifs/OplockEnabled > > and then remount the volume it should switch off oplocks? > > This has no effect on the stalls. > That'll stop your client from requesting oplocks, but that won't prevent others from doing so. If my suspicion is correct, then another client is holding an oplock and the server needs to break it before it can reply to yours. Unfortunately I doubt there's much you can do from your client to prevent that (if that is the case). There may be a way to turn off oplocks on the server side, but that may very well be even worse for performance. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Fri, 4 Sep 2009 12:27:35 -0400 (EDT) Christoph Lameter wrote: > This is on 32 bit x86 on a Dell 1950 > > After mouting a cifs share we have 5 second hiccups. Typical log output > when doing a simple "ls /mnt": > > Sep 4 16:21:43 rd-spare kernel: fs/cifs/transport.c: For smb_command 50 > Sep 4 16:21:43 rd-spare kernel: fs/cifs/transport.c: Sending smb: > total_len 118 > Sep 4 16:21:43 rd-spare kernel: fs/cifs/inode.c: CIFS VFS: leaving > cifs_revalidate (xid = 258) rc = 0 > Sep 4 16:21:43 rd-spare kernel: fs/cifs/dir.c: CIFS VFS: in cifs_lookup > as Xid: 263 with uid: 0 > Sep 4 16:21:43 rd-spare kernel: fs/cifs/dir.c: parent inode = 0xf58d2e60 > name is: AutoWire.bmp and dentry = 0xf5adb63c > Sep 4 16:21:43 rd-spare kernel: fs/cifs/dir.c: NULL inode in lookup > Sep 4 16:21:43 rd-spare kernel: fs/cifs/dir.c: Full path: \AutoWire.bmp > inode = 0x(null) > Sep 4 16:21:43 rd-spare kernel: fs/cifs/inode.c: Getting info on > \AutoWire.bmp > Sep 4 16:21:43 rd-spare kernel: fs/cifs/transport.c: For smb_command 50 > Sep 4 16:21:43 rd-spare kernel: fs/cifs/transport.c: Sending smb: > total_len 104 > > 5 second hiccup > > Sep 4 16:21:48 rd-spare kernel: fs/cifs/connect.c: rfc1002 length 0xce > Sep 4 16:21:48 rd-spare kernel: fs/cifs/connect.c: rfc1002 length 0xc0 (adding linux-cifs-client mailing list) It looks like it's just taking 5s for the server to respond here. Do you happen to have a wire capture of one of these events? That may tell us more than cifsFYI info... > Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: inode 0xf5876518 > old_time=26000 new_time=32751 > Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: cifs_revalidate - inode > unchanged > Sep 4 16:21:48 rd-spare kernel: fs/cifs/file.c: CIFS VFS: in > cifs_writepages as Xid: 264 with uid: 0 > Sep 4 16:21:48 rd-spare kernel: fs/cifs/file.c: CIFS VFS: leaving > cifs_writepages (xid = 264) rc = 0 > Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: CIFS VFS: leaving > cifs_revalidate (xid = 262) rc = 0 > Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: CIFS VFS: in > cifs_revalidate as Xid: 265 with uid: 0 > Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: Revalidate: \Akamai > Headsets.doc inode 0xf5876518 count 2 dentry: 0xf5ada8d0 d_time 260 > 00 jiffies 32751 > Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: CIFS VFS: leaving > cifs_revalidate (xid = 265) rc = 0 > Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: CIFS VFS: in > cifs_revalidate as Xid: 266 with uid: 0 > Sep 4 16:21:48 rd-spare kernel: fs/cifs/inode.c: Revalidate: \Akamai > Headsets.doc inode 0xf5876518 count 2 dentry: 0xf5ada8d0 d_time 260 > 00 jiffies 32751 > > > This is happening intermittently on a variety of hosts. > > cat /proc/fs/cifs/DebugData > > Display Internal CIFS Data Structures for Debugging > --- > CIFS Version 1.60 > Active VFS Requests: 2 > Servers: > 1) Name: 10.2.4.64 Domain: W2K Uses: 1 OS: Windows Server 2003 R2 3790 > Service Pack 2 > NOS: Windows Server 2003 R2 5.2 Capability: 0x1f3fd > SMB session status: 1 TCP status: 1 > Local Users To Server: 1 SecMode: 0x3 Req On Wire: 2 > Shares: > 1) \\chiprodfs2\company Mounts: 1 Type: NTFS DevInfo: 0x20 > Attributes: 0x700ff > PathComponentMax: 255 Status: 0x1 type: DISK > > MIDs: > State: 2 com: 50 pid: 5951 tsk: f756d1b0 mid 277 > State: 2 com: 50 pid: 6044 tsk: f69d4760 mid 278 > > cat /proc/fs/cifs/Stats > > Resources in use > CIFS Session: 1 > Share (unique mount targets): 1 > SMB Request/Response Buffer: 5 Pool size: 5 > SMB Small Req/Resp Buffer: 1 Pool size: 30 > Operations (MIDs): 2 > > 0 session 0 share reconnects > Total vfs operations: 525 maximum at one time: 3 > > 1) \\chiprodfs2\company > SMBs: 305 Oplock Breaks: 0 > Reads: 0 Bytes: 0 > Writes: 0 Bytes: 0 > Flushes: 0 > Locks: 0 HardLinks: 0 Symlinks: 0 > Opens: 0 Closes: 0 Deletes: 0 > Posix Opens: 0 Posix Mkdirs: 0 > Mkdirs: 0 Rmdirs: 0 > Renames: 0 T2 Renames 0 > FindFirst: 2 FNext 0 FClose 0 > > > What is this ??? > > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ > -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Wed, 9 Sep 2009 12:33:21 -0400 (EDT) Christoph Lameter wrote: > On Sat, 5 Sep 2009, Jeff Layton wrote: > > > It looks like it's just taking 5s for the server to respond here. Do > > you happen to have a wire capture of one of these events? That may tell > > us more than cifsFYI info... > > I did a tcpdump and nothing stands out. Server acks the "cmd 50" and then > waits 5 seconds before sending the data. > > 16:23:34.336373 IP (tos 0x0, ttl 64, id 20616, offset 0, flags [DF], proto > 6, length: 118) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: P > 2801206064:2801206142(78) ack 468207120 win 190 > 16:23:34.336624 IP (tos 0x0, ttl 125, id 19869, offset 0, flags [DF], proto > 6, length: 206) dogmeat.jules.org.microsoft-ds > fawkes.jules.org.43355: P > 1:167(166) ack 78 win 64548 > 16:23:34.336636 IP (tos 0x0, ttl 64, id 20617, offset 0, flags [DF], proto > 6, length: 40) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: . > [tcp sum ok] 78:78(0) ack 167 win 190 > 16:23:34.336669 IP (tos 0x0, ttl 64, id 20618, offset 0, flags [DF], proto > 6, length: 128) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: P > 78:166(88) ack 167 win 190 > 16:23:34.456343 IP (tos 0x0, ttl 125, id 20045, offset 0, flags [DF], proto > 6, length: 40) dogmeat.jules.org.microsoft-ds > fawkes.jules.org.43355: . > [tcp sum ok] 167:167(0) ack 166 win 64460 > > hiccup > > 16:23:39.284930 IP (tos 0x0, ttl 125, id 27544, offset 0, flags [DF], proto > 6, length: 230) dogmeat.jules.org.microsoft-ds > fawkes.jules.org.43355: . > 167:357(190) ack 166 win 64460 > 16:23:39.324060 IP (tos 0x0, ttl 64, id 20619, offset 0, flags [DF], proto > 6, length: 40) fawkes.jules.org.43355 > dogmeat.jules.org.microsoft-ds: . > [tcp sum ok] 166:166(0) ack 357 win 190 A binary capture would probably be easier to infer something from -- we'd be able to open it up in wireshark and get a little more info about what sort of call the client is doing. My suspicion would be that the server needs to perform an oplock break to another client before it can send the response. The only way I know how to tell that is to sniff all SMB traffic on the server and watch for oplock break calls to other clients when these stalls occur. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Thu, 10 Sep 2009 17:27:53 -0400 (EDT) Christoph Lameter wrote: > Right. 32 bit cannot mount the clameter directory for strange reasons. I > have to go one level higher. [...] > One other issue that may be important: The mounting operation is very slow > on 32 bit. Could it be that the handshake does not work out? Ok, looks like the 64 bit client is using a different level of interest than the 32 bit on the FIND_FIRST call. I suspect that that difference may account for the difference in response time. It's not completely clear to me why that would be. Maybe a windows bug that causes a slowdown with that LOI? In any case, I think we need to look closely at what's happening at mount time. First, I'll need some other info: 1) output of "/sbin/mount.cifs -V" from both machines 2) mount options that you're using on both boxes 3) wire captures from mount attempts on both machines. Try to mount the "clameter" dir on both boxes and do captures of each attempt. Maybe this time use -s 0 with tcpdump so we get all of the traffic. There may be crackable password hashes in the captures, so you may want to send them to me privately and not cc the list. Thanks, -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Thu, 10 Sep 2009 15:42:28 -0400 (EDT) Christoph Lameter wrote: > On Thu, 10 Sep 2009, Jeff Layton wrote: > > > I assume that the 32 and 64 bit clients you have are calling "ls" in > > the same dir. If so, maybe a similar capture from a 64-bit client might > > help us see the difference? > > 64 bit trace attached. A couple of differences. First, the "ls's" were done in different directories since they had different search patterns: 32 == \* 64 == \clameter\* ...did they also mount different shares from the server? The 64-bit capture was done in a directory with only 50 files, whereas the other one had at least 600-700 files (capture ends before it finished listing the files). That may make quite a bit of difference on the server (not sure how windows works internally in this case). The only other substantive difference I see is that the Level of Interest that the client is requesting is different: 32 == SMB_FIND_FILE_DIRECTORY_INFO 64 == SMB_FIND_FILE_ID_FULL_DIR_INFO That probably means that the 32 bit client has disabled CIFS_MOUNT_SERVER_INUM for some reason. That means that it's not asking the server for the windows equivalent of inode numbers. We typically disable that flag automatically if a query for the inode number of a path fails. Since these are the same server, that may be an indicator that the server is serving out info from two different filesystem types (maybe FAT vs. NTFS, or maybe even a CDROM or something). If so, then that may help explain some of the performance delta there. I'd be more interested to see how the 64 bit client behaves when it mounts the exact same share and does an ls in the same directory as the 32 bit client. Cheers, -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Thu, 10 Sep 2009 14:53:12 -0400 (EDT) Christoph Lameter wrote: > On Wed, 9 Sep 2009, Jeff Layton wrote: > > > Well, I can see the delays in the capture, but the snarflen for the > > capture is a little too small to tell much else. Can you redo the > > capture with a larger snarflen (maybe -s 512 or so)? > > -s 1000 version attached. > > > Also, were you able to tell anything from a server-side capture? Is the > > server issuing oplock breaks at those times? > > Thats a pretty busy system. They have not gotten around to do any logging > on that end. Ok. I had a look at the capture. The stalls seem to be occurring on FIND_FILE requests. Those are similar to READDIRPLUS requests in NFS, it returns a list of files that match a particular set of criteria and their attributes. Each time the client is making one of these calls to the server, it requests a set of up to 150 files. The server grinds for 5s each time and then responds. The calls themselves seem to be sane AFAICT. I don't see any problems with the parameters we're sending for the search. I also had a look over the FIND_FIRST code and it doesn't seem to have any obvious word size related problems. I assume that the 32 and 64 bit clients you have are calling "ls" in the same dir. If so, maybe a similar capture from a 64-bit client might help us see the difference? Thanks, -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Wed, 9 Sep 2009 17:27:57 -0400 (EDT) Christoph Lameter wrote: > On Wed, 9 Sep 2009, Jeff Layton wrote: > > > That sounds rather strange. Maybe we do have a bug of some sort? The > > thing to do might be to get a binary capture of the 32-bit traffic > > around the time of the stalls. We could then inspect the packets and > > see whether we have something wrong in there. > > Capture attached. Well, I can see the delays in the capture, but the snarflen for the capture is a little too small to tell much else. Can you redo the capture with a larger snarflen (maybe -s 512 or so)? Also, were you able to tell anything from a server-side capture? Is the server issuing oplock breaks at those times? Cheers, Jeff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Wed, 9 Sep 2009 13:28:24 -0400 (EDT) Christoph Lameter wrote: > On Wed, 9 Sep 2009, Jeff Layton wrote: > > > That'll stop your client from requesting oplocks, but that won't > > prevent others from doing so. If my suspicion is correct, then another > > client is holding an oplock and the server needs to break it before it > > can reply to yours. > > > > Unfortunately I doubt there's much you can do from your client to > > prevent that (if that is the case). There may be a way to turn off > > oplocks on the server side, but that may very well be even worse for > > performance. > > Hmmm... We can look at that. > > Another interesting tidbit is that I have never seen this from a 64 bit > Linux kernel. Only occurs with 32 bit kernels it seems. > That sounds rather strange. Maybe we do have a bug of some sort? The thing to do might be to get a binary capture of the 32-bit traffic around the time of the stalls. We could then inspect the packets and see whether we have something wrong in there. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] 2.6.31-rc8: CIFS with 5 seconds hiccups
On Wed, 9 Sep 2009 13:33:33 -0400 (EDT) Christoph Lameter wrote: > On Wed, 9 Sep 2009, Jeff Layton wrote: > > > Unfortunately I doubt there's much you can do from your client to > > prevent that (if that is the case). There may be a way to turn off > > oplocks on the server side, but that may very well be even worse for > > performance. > > Also note that these hiccups occur when simply doing an > > ls > > we are not accessing or writing files. > Hmm... The hiccups you posted in the original email happened during a QPathInfo call (somewhat similar to a NFS GETATTR). I wouldn't think that would cause an oplock break, but I suppose it might. The server might decide that it needs to revoke the oplock in order to retrieve accurate size, LastWriteTime (aka mtime), etc. It could also be a windows bug... Here's an excerpt from an IRC conversation on this in #samba-technical, that might give a little info: 13:42 < jlayton> would a QPathInfo call cause an oplock break? 13:42 < jlayton> (typically)? 13:47 < sdann> jlayton, no it shouldn't, as it's path based and could be done with a stat() call. Only an open() or brl() operation should break an oplock. 13:48 < jlayton> ok, good to know -- thx 13:49 < jlayton> sdann: actually though, I'm asking about win2k3 server... 13:49 < jlayton> do you know whether it might break the oplock on a qpathinfo? 13:49 < jlayton> i.e. to get accurate size info, for instance 13:50 < sdann> well in general, only opens, writes (truncate included), and byte-range-lock ops break oplocks 13:50 < sdann> so any kind of meta-data request should not 13:51 < jlayton> hmm ok, one of the linux-kernel guys is seeing QPathInfo calls go out to win2k3 server and the server waits 5s before responding 13:51 < jlayton> my initial thought was oplock break to another client is causing the stall, but maybe it's something else 13:51 < coffeedude> sdann, SetFileInfo (allocationInfo and EndofFile) will as well. 13:51 < jlayton> I'm pretty sure this is QPathInfo call 13:52 < sdann> a quick torture test in source4/torture/raw/oplock.c would solve the issue :) 13:52 < coffeedude> jlayton, internally in Windows, the NTFS interface is handle based so I assume the server does a NtCreateFile(), QueryInformationFile(), CloseFile(). 13:52 < jlayton> ahhh maybe so 13:52 < coffeedude> jlayton, the internal opens should done with FILE_READ_ATTRIBUTES so they don't cause a break but it could be a Windows bug. 13:53 < jlayton> sounds plausible 13:53 < jlayton> coffeedude, sdann: thanks! 13:53 < coffeedude> jlayton, any open with nothing other than FILE_READ_ATTRIBUTES, FILE_WRITE_ATTRIBUTES or SYNCHRONIZE should nto cause an oplock break either. 13:53 < sdann> coffeedude, yeah that's certainly possible 13:53 < coffeedude> jlayton, any open with nothing other than FILE_READ_ATTRIBUTES, FILE_WRITE_ATTRIBUTES or SYNCHRONIZE should nto cause an oplock break either. 13:53 < sdann> coffeedude, yeah that's certainly possible 13:53 < coffeedude> sdann, only know cause I've done it :) I'd probably start with sniffing traffic at the server side and see if you can correlate the stalls with traffic to other hosts (oplock breaks in particular). If so then maybe consider patching the server or testing with a different flavor of windows. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: [linux-cifs-client] Unable to mount using sec=none and mount.cifs
0x00 > 0x88 0x01 0x80 | s _ _ _ _ _ _ _ > Mar 5 14:28:38 bee kernel: [1723623.071574] | 0x00 0x00 0x00 0x00 0x00 > 0x00 0x00 0x00 | _ _ _ _ _ _ _ _ > Mar 5 14:28:38 bee kernel: [1723623.071583] | 0x00 0x00 0x00 0x00 0x00 > 0x00 0xb3 0x42 | _ _ _ _ _ _ ³ B > Mar 5 14:28:38 bee kernel: [1723623.071593] | 0x00 0x00 0x02 0x00 0x00 > 0x00 0x00 0x00 | _ _ _ _ _ _ _ _ > Mar 5 14:28:38 bee kernel: [1723623.071603] | 0x40 0x06 0x5c 0x67 0xc0 > 0x46 0xfe 0x1b | @ _ \ g À F \376 _ > Mar 5 14:28:38 bee kernel: [1723623.071614] | 0xc0 0x46 0xfe 0x1c 0x01 > 0xbd 0xab 0x7c | À F \376 _ _ ½ « | > Mar 5 14:28:38 bee kernel: [1723623.071624] | 0x43 0x1e 0x01 0x43 0x81 > 0x9c 0x51 0xf4 | C _ _ C _ _ Q ô > Mar 5 14:28:38 bee kernel: [1723623.071634] | 0x80 0x18 0x44 0x70 0x97 > 0x34 0x00 0x00 | _ _ D p _ 4 _ _ > Mar 5 14:28:38 bee kernel: [1723623.071644] | 0x01 0x01 0x08 0x0a 0x12 > 0x89 0x3b 0x36 | _ _ _ _ _ _ ; 6 > Mar 5 14:28:38 bee kernel: [1723623.071681] | _ _ _ _ _ _ ; 6 > Mar 5 14:28:38 bee kernel: [1723623.071687] fs/cifs/netmisc.c: > !!Mapping smb error code 1 to POSIX err -5 !! > Mar 5 14:28:38 bee kernel: [1723623.071693] fs/cifs/misc.c: Null buffer > passed to cifs_small_buf_release > Mar 5 14:28:38 bee kernel: [1723623.071715] fs/cifs/sess.c: ssetup rc > from sendrecv2 is -5 > Mar 5 14:28:38 bee kernel: [1723623.071721] fs/cifs/sess.c: ssetup > freeing small buf d1312800 > Mar 5 14:28:38 bee kernel: [1723623.071726] CIFS VFS: Send error in > SessSetup = -5 > Mar 5 14:28:38 bee kernel: [1723623.071762] fs/cifs/connect.c: cifsd > thread killed > Mar 5 14:28:39 bee kernel: [1723623.203454] fs/cifs/connect.c: No > session or bad tcon > Mar 5 14:28:39 bee kernel: [1723623.203463] fs/cifs/connect.c: CIFS > VFS: leaving cifs_mount (xid = 29) rc = -5 > Mar 5 14:28:39 bee kernel: [1723623.203467] CIFS VFS: cifs_mount failed > w/return code = -5 > > > Mounting the same share using the old smbfs module works, (but I get > no symlinks). Similarly, Mac OS X and Windows XP clients can mount > (with the proper hacks to enable cleartext auth) (but of course get no > symlinks). > > > What is going wrong? And how can I fix it? > > I pushed this patch to Steve ~last may. You might want to check that the kernel you're working with has it. Without it, sec=none doesn't really do what you expect... -- Jeff Layton <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Propose mount.cifs/smbfs able to mount the child folder of share folder
On Tue, 08 Jan 2008 00:19:47 +0800 kstan <[EMAIL PROTECTED]> wrote: > Hi Samba team, > > I feel user will feel more confortable when they can mount folder (via > mount.cifs or mount.smbfs) under particular shared folder. > > Example: > I have a share folder call department, all department's folder arrange > inside > > so I have a share folder call \\server\department > > if I have a linux client under purchasing, I 2 command to get the > correct place, and I feel it is giving more trouble > > command 1 > === > mount -t cifs -o (with necessary > option) //server/department /sharefolder/.pathtoatempararyfolder > > > command 2: > == > ln -s /sharefolder/.pathtoatempararyfolder/purchasing > > > It is much more better if we can simplied the share via this command: > mount -t cifs -o (with necessary > option) //server/department/purchasing > /home/purchasinguser/Desktop/mydepartmentdata > This is already doable today. There were some issues with earlier versions, but with current CIFS and mount.cifs programs, this should now work as expected. -- Jeff Layton <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unable to join domain hosted by 3.0 PDC
On Fri, 2004-07-23 at 20:25, Craig White wrote: > smbadmin group cannot create unix user (machine is in essence a user > account too) - unless you have some magic that wasn't revealed in your > email. > > either group map 'Domain Admins' to the 'root' group or add the specific > users to root equivalent in smbusers > > Craig I had precreated the unix account for the machine (hostname$), and added a machine account for it to the tdbsam (via 'smbpasswd -a -m hostname$'), so I didn't think I needed any special privileges for the account joining the domain. But leaving off this for a minute, even if I hadn't, why would I need to give this account any sort of special access? The accounts would be created by child processes of 'smbd', so they should already have root access, correct? -- Jeff Layton <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unable to join domain hosted by 3.0 PDC
Craig White wrote: You don't give details on your configuration but generally... A member of 'Domain Admins' (RID 512) /etc/smb/smbusers root = Administrator administrator etc. user with uidnumber of 0 Craig Sorry for the delay in response, but I finally got around to checking this out again today. Any hints you can provide as to why I can't join the domain as an unprivileged user would be much appreciated. I'm using samba 3.0.4 from the Debian package archive on Debian Linux. I have a user set up as a member of the 'Domain Admins' group (name changed to protect the guilty): % net user info userfoo Domain Admins Domain admins are indeed the '-512' group: % sudo net groupmap list Domain Admins (S-1-5-21-4238268982-3733527442-3588021054-512) -> smbadmin I can mount shares as this user, use smbclient as this user, etc, but when I try to use this user to join a machine to the domain, I get the following in the log (at loglevel 2). Joining the domain as root works fine.: [snip]--- [2004/07/23 19:20:29, 2] smbd/sesssetup.c:setup_new_vc_session(602) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/07/23 19:20:29, 2] smbd/sesssetup.c:setup_new_vc_session(602) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/07/23 19:20:29, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [userfoo] -> [userfoo] -> [userfoo] succeeded [2004/07/23 19:20:29, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2477) Returning domain sid for domain MYDOMAIN -> S-1-5-21-4238268982-3733527442-3588021054 [2004/07/23 19:20:29, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x0211) [2004/07/23 19:20:29, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2477) Returning domain sid for domain MYDOMAIN -> S-1-5-21-4238268982-3733527442-3588021054 [2004/07/23 19:20:29, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x0201; required: 0x0010) [2004/07/23 19:20:29, 2] smbd/server.c:exit_server(568) Closing connections [2004/07/23 19:20:30, 2] smbd/server.c:exit_server(568) Closing connections [2004/07/23 19:20:30, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [userfoo] -> [userfoo] -> [userfoo] succeeded [2004/07/23 19:20:30, 2] smbd/server.c:exit_server(568) Closing connections [2004/07/23 19:20:55, 2] smbd/sesssetup.c:setup_new_vc_session(602) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/07/23 19:20:55, 2] smbd/sesssetup.c:setup_new_vc_session(602) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [snip]--- FWIW, here is the global section of my smb.conf (some names suitably changed): [global] netbios name = PDCHOST panic action = /usr/share/samba/panic-action %d printing = cups printcap name = cups load printers = yes security = user workgroup = MYDOMAIN domain logons = yes server string = %h server (Samba %v) syslog only = no syslog = 0; log level = 2; log file = /var/log/samba/log.%m socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 encrypt passwords = true passdb backend = tdbsam wins support = yes os level = 66 domain master = yes local master = yes preferred master = yes name resolve order = lmhosts host wins bcast dns proxy = yes preserve case = yes short preserve case = yes unix password sync = false max log size = 1000 obey pam restrictions = no Again any ideas why I can't join the domain as a non-root user? Let me know if there's other info that would be helpful. -- Jeff -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unable to join domain hosted by 3.0 PDC
On Wed, Jul 21, 2004 at 01:54:52PM +0200, Nikola Vanevski wrote: > Hi! > > I experienced the same problem a couple of days ago. It is a > misconfiguration in global parameters, but I don't exactly know where. I > copied the smb.conf [Globals] options from a working server and it fixed > the problem. Because I was in a great hurry, I did not check where did I > go wrong. Here are the parameters that worked on _my_ server : > (smbpasswd backend) > > [global] >workgroup = MBPR2 >server string = Samba Server >interfaces = 127.0.0.1, eth0 >bind interfaces only = Yes >map to guest = Bad User >username map = /etc/samba/smbusers >add machine script = /usr/sbin/useradd -c Machine -d > /var/lib/nobody -s /bin/false %m$ >logon path = >logon home = >domain logons = Yes >os level = 65 >preferred master = Yes >domain master = Yes >ldap suffix = dc=example,dc=com >ldap ssl = no >printer admin = @ntadmin, root, administrator > > Hope this helps. If you find what's going on (like the difference > between your settings and these), Id like to know. > > Greetings > > Nino Thanks for the info. I eventually found another way to solve it. I had: invalid users = root so I commented that out, and was then able to use the root account to join the domain. I'd like to be able to figure out how to do it using a non-root account, though. Apparently it should be possible to do so if the account is a member of the Domain Admins, but that didn't seem to work for me. It would be nice to know what privileges are required to add machines to the domain, so you could delegate out that privilege without having to use the root account. Any samba experts care to comment? -- Jeff -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba