[Samba] How can Windows 2000 mount a share as a service?
I've asked every M$ expert I know, trolled through M$ TechNet, experimented with SRVANY/INSTSRV login scripts which hard-code username/passwords to login to a Samba 2.2.8a SMB server. I've experiment with and without the "Allow service to interact with Desktop" switch turned on. I am stuck. :( I can find no way to mount a share as a service, so that IIS can serve web-pages from a shared content directed located on a network drive. When I run my login script when I'm logged in as the Administrator or another user, the script works fine. The share's mounted and available as the specified drive letter specified in the script. I'm using just the standard "net use" as follows: net use z: \\192.168.0.1\Web mypassword /user:webuser I've fiddled with adding a domain name to the user, to no avail. I've experimented with using the samba server's "Netbios" name as well as DNS name, to no avail. The script only seems to work when SOMEONE is logged into the machine. When it's run as a service, no dice. It just fails with a single digit error code (5, I think). The error is opaque and non-descriptive. It's as if SMB mounting was specifically prohibited by the OS at some internal bowel juncture. This is insane. Surely, people running web-server clusters behind load balancers don't manually synchronise their content! My web application accepts user-uploaded files, so I can't use the "manual resync" method anyway. The upload area needs to be shared by all web-server members. There must be a solution for this very common requirement. I don't want or need a "SAN" block-device-level solution, I want a file-level solution. If anyone can share some ideas or experise, I would be very grateful. This must be a solved problem somewhere. =MB= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] best filesystem choice for samba (was: new user cannotlogon)
Quoting Mark Lidstone <[EMAIL PROTECTED]>: > ARGH! I'm wondering if airing thoughts about VFAT performance publicly > was a good idea. I doubt VFAT's case insensitivity would be worth dealing with its terrible linear-search-time directory lookup methods. The reason I suggested reiserfs (or ext3 with directory hashing) is to reduce the high costs of locating a directory entry within a directory of many (> 10,000) files. msdos/vfat does not offer superior directory lookup times, and from my limited testing, neither does NTFS. ext2/ext3 in stock configuration is also slow, though it appears very recent kernels/ext2fsutils offer an FFS-like "directory hashing" option which needs a format-time decision to be made upon setting up the filesystem. I have no knowledge about XFS or JFS and how they compare. I know both are "industrial" filesystems brought down from the Ivory Towers onto the pipsqueak platforms. As for "horror stories", well, each filesystem has had their respective tales of misery and woe... ext3 had shocking and fatal dataloss bugs in the adolescent versions of 2.4.x., and some RAID + reiserfs configs saw some real wowsers as well. From bug reports/changelogs, I've seen similar tales of woe for XFS and JFS if you trigger just the right combination of things. >From my own experiences, things have matured and stabilised with reiserfs and ext3 to the point where using either is fine for my purposes. The decision comes down to: 1) Do you need quotas? If yes, you cannot use reiserfs. 2) Do you need ACLs? If yes, only ext2/ext3 has well-tested seamless support, though I think there are wildcat patches to bring this to XFS (and maybe others) as well. I'm not sure about the stability of this. ext3 used with -O dir_index *MAY* provide better performance for large directory list lookups, but I've never tested it. It requires Linux 2.6 for starters for the kernel-side stuff to actually support it properly. grepping the linux 2.4 source shows no mention of hashing b-trees or dir_index options for ext[23]. This is a RECENT addition to ext3, and I don't think the support actually exists within 2.4 yet. I've seen mention of "special backported patches" but this smells scarier to me than using filesystems which have been seamlessly integrated for over a year or so now. So in terms of viable performance-driven alternatives, I see it being reiserfs, xfs, or jfs. vfat/dos isn't faster, even with case insensitive semantics, for directory sizes of 20,000 or more. =MB= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Re: [Samba] Windows 2K outperform Linux/Samba very much?
Jacky Kim <[EMAIL PROTECTED]> wrote: > I trid 20,000 files in a directory too, and found the same result: > Windows's share is about 10 times faster than Linux/samba's one > when get small file's property(NOT content). Jacky, Not all Linux filesystems are created equally, especially for this kind of file access method. Ext2/Ext3 is probably the slowest filesytem for this kind of thing. I have seen some glimpses of directory hashing being retrofitted into ext2/ext3, but this requires a format-time option with very new tools, with new mount/kernels, etc. You'd be MUCH better off with reiserfs. I've had 500,000 files in a single directory without a significant decrease in performance. I've never managed to get Windows 2000 to manage this without really tanking in performance [I've given up the test harness long before it got that far]. I don't think you'll ever see samba outperforming Windows in this though, because of the case-insensitivity issue, though it should at least match the performance. Reiserfs may provide other benefits (superior access locality) which MIGHT boost performance a bit towards Linux/Samba, but I'd not hold my breath. =MB= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: want to ban XP Home Edition
> That's an interesting way to go and I think it *would* work but my > original question was if it is possible for *samba* to distinguish OS > releases and allow/disallow computers then. Or rather I'm sure it is > possible to distuingish them but I just don't know if such config was > ever implemented. Sounds like an excellent excuse to fire up the smb-aware tcpdump tool and look at the initial exchanges between client and server. I would doubt there's an smb.conf option to let you control this, however with the source at your disposal, you can make a patch easily enough. Is your main goal to avoid "weak" operating systems like XP Home, or are you targetting specific users with this requirement? It's a bit unusual. =MB= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] want to ban XP Home Edition
> Just for sake of curiosity: > > Is that possible ? > I'd like to support XP Pro *only* and to ban any other Windows OS There are some very advanced networking stacks which allow you to specify filtering based on TCP fingerprints. OpenBSD does, for example. I don't know if XP Home and XP Pro have different enough fingerprints to allow a reliable discrimination between them. This is a puzzling request, though. I am assuming that these unwanted hosts can change their ip#, thus evading firewall/smb.conf based access lists. It's easier to distinguish between XP versus 2000 versus 95, 98, Me, and NT4, etc. Those have rather different fingerprints. If you don't use OpenBSD, I suppose you could make use of nmap to perform a quick on-the-fly OS fingerprint and then pull up a firewall against that ip#, thus blocking the unwanted user(s). It seems to me that it'd be simpler to just allow access only from certain domains, etc. Malcolm -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] conflict between Realtek 8139 (client) and 3c2000T(server) NIC's with Samba?
> I *might* be a Realtek issue... I have heard that Sage (the accounts > software folk) say that their software will not work properly over a > network which uses these Realtek cards. Save yourself far more than the few dollars of false economy and throw away your Realtek junk. I had so many "strange" and "seemingly application level" problems just vanish when I put real 3Com/Intel/etc network cards into my servers and workstations. The 8139, 8169, et al... all of them are junk. I just spent a week diagnosing a strange packet loss issue with the 8169 (GigE) interface which only manifested itself under pretty heavy loads in a difficult to reproduce manner. It occurred often enough to break my application at least twice a day, but I couldn't get it to fail predictably so I could easily debug it. After the usual wasted DAYS of swapping NICs, cables, switches, and even machines... I changed to an Intel network card, and all of my problems were solved. Do yourself a favour: get rid of that junk. The math just doesn't work. Cost delta of NIC? Maybe $15-20 tops. Cost your wasted time? HUNDREDS of $$$, at least. =Malcom= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba - Oplocks = no
> In order to deal with bizarre MS Office junk, it looks like I may have > to disable oplocks on my samba server. I feel your pain. You *CAN* just oplock veto all M$ Office files instead. > What kinds of problems, if any could arise from my having disabled > the oplocks? Just lower performance. Oplocks are "OPportunistic LOCKS", which provide for client-side caching to be performed safely. No oplocks, no caching. What I always wonder though is whether or not these oplock problems plague Windows NT/2000 file servers as well, or if it's just an achilles heel within Samba. =MB= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Time server
> This will not automatically work against Samba, as we mimic NT4, which > didn't know about NTP. > > But you can manually configure the NTP server on the client, and run an > NTP server on your PDC if you wish. The Microsoft time services are substandard and do not implement a full NTP time management protocol. It's best to leave that to a real implementation like the xntpd-4 (or equivalent commercialised NT/2000 products built on similar technology). If you want to use the W32Time services, use them as clients. The default (under 2000) is to resync the time periodically in increasing intervals, settling in at about 3 syncs/day, I believe. Simple recipe to configure Windows servers to use it: net stop w32time net time /setsntp: dns-name-of-real-ntp-server (or it's ip#) w32time -s (hit Control-C if it doesn't return after 4 or 5 seconds) w32time -s (yes, sometimes it takes a couple of tries to get the time locked down) net start w32time Then make sure in the Services control panel that the Windows Time Service is configured to auto-start. Thereafter, it will resync every 45 minutes until the error is under 1 second, and then resync every 8 hours from that point forward. No clock-skew adjustments or other time conditioning is attempted, unlike a real NTP implementation. The MS W32time service seems to only care about one-second accuracy. Be aware of this if you "chain" time services as this jitter will accumulate. =MB= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Re[2]: [Samba] NUA + MYSQL?
> why don't you map your users to the nobody or guest account ?? > (is this possible ??) Sure, but you can kiss away all pretenses of file security between "users". > so all users are guests... > dunno how to do it, but would be a nice work around.. It's easy. But very unwise. I highly doubt the original poster wants all of his users to have the same security contexts with respect to file ownership/access. =MB= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NUA + MYSQL?
> Re: the release of Samba3 and NUA capabilities I have found this: > > [...] > Late in the > development cycle, the team doing this work hit upon some obstacles that > prevents this solution from being used. > > > Can anyone tell me what sort of progress has been made in the NUA areas? > Specifically I want something like "passdb backend = mysql_nua". I would imagine the passwords would be the least of the problems. I don't know of any way you could completely do away with "user accounts" or at least, entries in /etc/passwd, given that most UNIX systems lookup passwd/NIS for UID/GID on file ownerships and whatnot. You might have all "locked" passwords in /etc/shadow [or equiv], with authentication for samba being all SQL driven, but at the end of the day, the smbd needs some EUID/EGID's for the file permissions stuff. I imagine there's quite a bit of funk to get through. =MB= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] why "xcopy /d" doesn't work
Quoting [EMAIL PROTECTED]: > Curious. I wonder if this is related to problems me and others have been > having when trying to keep linux / windows shares in sync using rsync? Hrm... I assume this isn't a dos filetime resolution time sort of issue? There are also differences in date semantics between DOS/Windows and POSIX. A careful perusal of the smb.conf documentation will clarify the issues involved. =MB= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] How to share WIN partitions from SAMBA (Dual boot) Srvrto WIN clients?
> There _is_ a write-read ntfs driver available for Linux. It's > called Captive. I've not tested it myself. So I can only inform. Yes, I know. But it's dangerous to actually use, and can only be safely used to overwrite files of exactly the same size, which has been used by various Windows 2000/NT "Administrator Password Reset" tools. It's *NOT* safe to use for writing/creating files the way you would normally expect read/write support to work. YOU WILL CORRUPT YOUR NTFS VOLUME! =R= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] How to share WIN partitions from SAMBA (Dual boot) Srvr to WIN clients?
> Malcolm > Perhaps I am getting near the end ...)of this process, of my rope, or > both) Uh-oh. > I ensured the fstab reeferenced the NTFS partitions as ro (read only) Please zip up your /etc/fstab file and email this to me. > I ensured my smb.conF to declare the WIN shares as browseable=yes, and > read only = yes. You've restarted smbd since changing the smb.conf file? > Paths are /mnt/hd/c and d, respectively, corresponding to > two DOS/WIN partitions C: and D: (/dev/hda2 and /dev/hda5) Both of these are mounted? Paste the output of cat /etc/mtab in an email to me. > I chmod the actual /mnt directory to Octal 555 (r_x), and the > sub-directories also. > Both Linux Server and WIN client can access the shares, but there are no > files there ...ls command returns nothing. That is my problem. The ls command under which environment? The local Samba server's? (logged in via SSH or console?) Firstly, please verify you can see the files from the SAMBA server locally, i.e., login to its console or via SSH, and perform an ls /mnt/hd/c and make sure you see the files there. It's also possible that the file permissions the ntfs driver is passing back are too restrictive. Aha. This is your problem. I just peeked at the ntfs section of mount: Mount options for ntfs: [...] uid=value, gid=value and umask=value Set the file permission on the filesystem. The umask value is given in octal. By default, the files are owned by root and not readable by ^^^ somebody else. ^^ In the options section of /etc/fstab for the two NTFS volumes, you will want the following options: uid=desired-uid-to-own-the-files,gid=desired-group-number,umask=770 So something like: /dev/hda2 /mnt/hd/cntfs ro,uid=1000,gid=100,umask=770 0 0 /dev/hda5 /mnt/hd/dntfs ro,uid=1000,gid=100,umask=770 0 0 Should do the trick. Replace uid/gid with whatever values you deem pertinent. Keep in mind that ntfs permissions will be disregarded for the most part [from a user/group perspective]. =MB= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] How to share WIN partitions from SAMBA (Dual boot) Srvr to WIN clients?
[Replying to list] Quoting George Peters <[EMAIL PROTECTED]>: > Malcolm - thanks for the prompt reply. > I don't think I am trying to share a remote smbmounted file. Rather, I > AM trying to share a LOCAL (and presumably MOUNTed) WIN partition. OK. > Why am I doing this? On my home network, the WIN client runs WIN apps > like MS OUTLOOK that share one common OUTLOOK data file (one user at a > time) with my "server" WINXP machine. I want to have this box in Linux > mode (not WIN). You don't have many options then. 1) If you're stuck with using NTFS, you can only use read-only mode. Make your smb.conf share those as read-only [you can enable fake oplocks on the read-only shares for extra speed w/o risks]. You will need to mount the share as ro. Make sure you change the /mnt directory permissions to allow browsing (+rx). 2) If you can reformat the partition to use FAT32 (note: despite Win2k's protestations at FORMATTING a FAT32 larger than 32GB, the format DOES support up to 127GB. There are replacement tools for Win32 (which are essentially ports of the Linux mkdosfs) to format FAT32's > 32GB. Google for them. > How can I make it available? Is it even possible? I am prepared to > forget about the Read-only constraint. Sure it's possible. It's very simple and straightforward. Samba will cheerfully share that read-only NTFS volume for you. Cheers, =MB= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to share WIN partitions from SAMBA (Dual boot) Srvr to WIN clients?
> Finally , booting LINUX mounts the NTFS file systems (from fstab file), > with a warning "W2K+, Read Only". Correct. The ntfs filesystem on linux is still very early, and writing to an NTFS volume will cause it to be damaged unless what+how you write is carefully restricted. For your purposes, it's useless for writing. > I thought write to NTFS was possible thru SAMBA. No. All Samba does is allow remote clients to mount UNIX-accessible volumes via SMB/CIFS. These may be Windows, UNIX, or even MacOS (X|Classic) clients. > Again, I must be missing something. SMB.CONF file appears to be > correct, defining the shares as writeable, etc Samba can't even exceed the capabilities of the native operating system under which it's running. With or without samba, you cannot get Linux to (safely) write to NTFS volumes on its local filesystems. If what you're trying to do is re-export a mounted share via the samba server, that will probably work, but you will cause a great deal of redundant network traffic, and the performance will tank. (In other words, you mount some remote WinXP share via smbmount, and then use samba to share that volume...) Good luck, =R= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] One samba, two interfaces
> Is it possible to have a samba listen on different interfaces for > different NETBIOS names specific to that interface? > > I have a samba listening to eth0 and eth1, which are two interfaces on > the same network. Even when I use smbclient to the ip address of eth1, > smb.conf's %h gives me the eth0 hostname, so it doesn't seem I can do > any include trickery to make this work. Is it even possible? I'd look at the code to see if the expansion for %h takes into account the destination IP# address connected to. If you can't patch it to do what you want, you might need to run two sambas, each with its own smb.conf file bound to a single interface. If you're using an OS with "real" oplock support and reasonable locking, then things should be fine, since cross-smbd locking will just work. =R= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Win viruses
> We have had our server blocked as it is probing port 25 Port 25 is the SMTP (mail delivery) port. Maybe your Samba server is trying to issue emails out for some reason. Odd that this would be considered a "probe" though. Does the Samba server run any kind of SOCKS proxying software, or even web-proxying software? > My question: Is it actually possible for a Samba system to be infected > with Win viruses such as MyDoom or Blaster? I'll answer your question with another question: is it possible for a UNIX-based mail host to "be infected" with MyDoom or Blaster emails? In both the Samba and the Mailhost case, you have three parties, one of whom doesn't really "parse" data content, but to the other two parties [the source and destination parties, really], the payload has a great deal more "meaning". Clear now? :) Cheers, =Rob= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Re: Purpose of param. "time server" ?
> Yes, ntp is the solution, but my original question was what is purpose > of that fucking option ?! I would say, have you tried reading the fucking documentation? :) >> from smb.conf << time server (G) This parameter determines if nmbd(8) advertises itself as a time server to Windows clients. Default: time server = no <<< There. It looks like an *NMBD* option more than an *SMBD* option. =R= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Purpose of param. "time server" ?
> a) Ability to set clock by "net time ..." don't depend on value of this > parameter on SAMBA server. I don't know if Samba supports the call if you don't specify that. > b) Ability to set clock by net time on NT and subsequent Windows is based > on system rights of current user, and so it is not sure to work. Correct. Consumer Windows [95/98/Me] let you do it unconditionally. > c) Setting clock during execution of login script is dependent on user > logging and then accurancy of clock depends on frequency of logging in. Correct. And it's not very precise either. I think +/- 0.5 second is the best you can expect, and it's probably not even that good. It's not NTP, nor does it condition the system's clocks. You're better off using W32Time for NTP, which comes built-in with Windows 2000, and is an easily obtained download for Windows NT. > Is somebody able to explain me it more thoroughly ? You'd sprinkle "net time \\sambaserver /set" into the login scripts of your various users. This is easier to do for Windows 95/98/Me of course. =R= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Automount from Windows w/o logging in first?
> let's stay on the list. No worries. > DFS is windows version of nfs exports/mounts I got that far... but... but... looking at the M$ doccos for DFS, I don't see where "clients" of the DFS servers are setup. > Samba 3 supports dfs. I don't think 2.2.x does. > > Microsoft offers Services for Unix for free - you can mount nfs shares > on Windows. Hrm I'd prefer to mount SMB shares, because my experience with Windows mounting NFS isn't entirely pleasant. I don't think locking is consistently designed or implemented. I remember alot of headache with this the last time I tried using NFS under Windows NT. > Windows share mounts in user space don't work because someone has to log > in to Windows machine - it's something that has to run as a service as > you have discovered. Hrm. Surely I can't be the first person to want to serve IIS pages out of a network share?! > In my mind it's either nfs mounts or dfs or you have to 're-think' your > options (i.e. rsync files on each windows server from 'master') rsync, blech. Are there good rsync implementations for Windows? OK, then, I'll bite. Just how DO load-balanced webservers serve up content from a central content repository? I can't believe people rely on out-of-band file/directory sync tools. It seems like having a "system mounted" share which is activated at service start time prior to the invocation of IIS would be a straight-forward matter. What do servers which rely on SANs for centralised storage make use of? Surely not "normal" SMB, then. If these were UNIX webservers, yes, NFS would be the natural choice. =MB= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Automount from Windows w/o logging in first?
I am trying to do something which should seem very straightforward, not to mention, not unusual for load-balanced web servers, namely: providing a faceless/login-less mounting of SMB shares from NT4 and Win2K servers. Yes, I accept that I will need to stash a plaintext login key in some script or registry key. The security impacts are acceptable. I have the latest Samba 2.2.x server, and a bunch of NT4 (soon to be Windows 2000 Server) web-servers from which I'd like to serve IISROOT directories residing on a samba share. I've tried NTResKit srvany.exe'ing a "net use" command and lots of other hacks to wire in a "service" which provides a complete "net use W: \\server\WEB\ webpassword /user:weblogin" sort of thing. No dice. Soo how DO you automatically mount shares without having to login at the console, so that IIS/Cold-Fusion can serve content out of the Samba share? Thanks! M.B. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Lots of automount help for Linux clients, but how about FROM Windows?
I am trying to do something which should seem very straightforward, not to mention, not unusual for load-balanced web servers, namely: providing a faceless/login-less mounting of SMB shares from NT4 and Win2K servers. Yes, I accept that I will need to stash a plaintext login key in some script or registry key. The security impacts are acceptable. I have the latest Samba 2.2.x server, and a bunch of NT4 (soon to be Windows 2000 Server) web-servers from which I'd like to serve IISROOT directories residing on a samba share. I've tried NTResKit srvany.exe'ing a "net use" command and lots of other hacks to wire in a "service" which provides a complete "net use W: \\server\WEB\ webpassword /user:weblogin" sort of thing. No dice. Soo how DO you automatically mount shares without having to login at the console, so that IIS/Cold-Fusion can serve content out of the Samba share? Thanks! M.B. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
