[Samba] ANNOUNCE: cifs-utils release 6.2 ready for download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Again, nothing earth-shattering in this release. Mostly some minor
bugfixes and cleanups. Some highlights:
- - setcifsacl can now work without a plugin
- - systemd-ask-password is found using $PATH now
- - cifs.upcall now works with KEYRING: credcaches
Go forth and download!
webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils
tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git:git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
Detailed list of changes since 6.2:
commit 8919d8c6437aabb69a53c251e8ff6a8163ca227b
Author: Jeff Layton
Date: Mon Jul 8 09:06:46 2013 -0400
autoconf: set version to 6.1.1 for interim builds
Signed-off-by: Jeff Layton
commit 9fd9f71afc8a849df97973764227d6a13f2768f3
Author: Jeff Layton
Date: Mon Jul 8 09:08:01 2013 -0400
manpage: fix nouser_xattr description
The manpage erroneously states that nouser_xattr is the default, when
it's actually the reverse.
Reported-by: Dome
Signed-off-by: Jeff Layton
commit fe230e5ecaed98d3bb70292b60d44c3c7c47c720
Author: Jeff Layton
Date: Thu Jul 18 10:08:27 2013 -0400
setcifsacl: add fallback for when plugin can't be loaded
Allow setcifsacl to function even in the case where the plugin can't
be initialized. ID mapping of course won't work, but we can still allow
it to accept "raw" SID strings.
Signed-off-by: Jeff Layton
commit e18d42adddbea9178d93b6051132f9cdee4cc9e0
Author: Jeff Layton
Date: Thu Jul 18 10:14:21 2013 -0400
cifs-utils: fix some sparse warnings
Signed-off-by: Jeff Layton
commit 3ec619fce9abaa37edd4540840913682d48c5359
Fixes: https://bugzilla.samba.org/show_bug.cgi?id=10054
Signed-off-by: Michał Górny
commit 92262eafa12b4e11fca1d6f3647cfdeff2f4281c
Author: Steve French
Date: Mon Sep 9 09:55:46 2013 -0500
autoconf: add another suggested package name for krb5 headers
Added an alternate package name for krb5 headers.
Noticed the following suggestion asks for the wrong package (at least
wrong for FC17)
checking krb5.h presence... no
checking for krb5.h... no
checking krb5/krb5.h usability... no
checking krb5/krb5.h presence... no
checking for krb5/krb5.h... no
configure: WARNING: krb5.h not found, consider installing
krb5-libs-devel. Disabling cifs.upcall.
[sfrench@w500smf cifs-utils]$ sudo yum install krb5-libs-devel
Loaded plugins: langpacks, presto, refresh-packagekit
No package krb5-libs-devel available.
Error: Nothing to do
[sfrench@w500smf cifs-utils]$ sudo yum install krb5-devel
(installing krb5-devel worked, but not krb5-libs-devel for this version)
Signed-off-by: Steve French
commit f03c51c5169fdf9431afd1f30f372531a6be
Author: Jeff Layton
Date: Tue Sep 17 11:39:13 2013 -0400
cifs.upcall: try to use default credcache if we didn't find one
Fedora is in the process of moving to KEYRING: credcaches which are not
currently handled by cifs.upcall. We could try to detect when they're in
use, but it's simpler and more robust to just try to use the default
credcache whenever we don't find a FILE: or DIR: cache.
Signed-off-by: Jeff Layton
commit 2f832e350ec472ea974c82133734c640bc02e869
Author: Jeff Layton
Date: Fri Oct 4 07:12:32 2013 -0400
autoconf: update configure.ac a'la autoupdate
Signed-off-by: Jeff Layton
commit 1ad2f127b150b32325b9858639f5f4f2ae949f82
Author: Jeff Layton
Date: Fri Oct 4 06:56:41 2013 -0400
autoconf: set version to 6.2
Signed-off-by: Jeff Layton
- --
Jeff Layton
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.19 (GNU/Linux)
iQIcBAEBAgAGBQJSTqn0AAoJEAAOaEEZVoIVgZcQANHmJUU6kQisv4KaDHf6T1VW
YeFJEEFuoa3mvYil3k/lKJxuZV/KVnpEtjCK5Q52UWWxF/TBmK5S1VXOAGXiq/O8
589ip/XTqWe8dJgqrNN4mn6/sI481ADmWdPi6RRQ5knJV5+I00RvrSdW3MNSNMnC
cMD9+oFoaJwLcZB9+5Ep94U891HzB0VIh0LuxWfYYjziOoKVel51L3V4N8ZBCEAD
0wDs4XxuGqX0Cdk+qhy4s+7Pa0yMckzwvmAmEC8z6SgJPBQNuayD4FGjnYY2E4KO
iTVvcBdXIhl2FGyPh4Rwra4Dqn1WVQ6fdFFvl1ByAO2HwFTg/C605f1eFO8pJtQl
IIGL5UMXGmYgTlbwpCIwkwLQ9AHBrW2USQRjWOBliMrC7UDkCPYSYfgKbdWZ8TEj
ZYDg2h+Yr8o7LN0B6znKrMV+5OjlK2ajoTDn5K4u/FtsvMbD+9ufgJ393ilhHcBl
5Hhl+zhqsv+vj19kWWdWmV+bzs2GcbqOTaAqV85IzInrsToFsEyUYmDRvzCdafxg
WoRj39FFQEC6CgwC/9RJHFzWLDTHXZYpjA2eB3lRQ6tP7dpCTomOjWaUwdAxfFTQ
OVZY18Wk3K4CJyKyV1xSD9vKHXDdJQDT2UysM6a0f8y6p4ItuodkwOYHd0lz4y6B
GAT2slbEkY8N6VYOOPDE
=m1ow
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Speed differences for windows clients
On Mon, 12 Aug 2013 10:00:18 +0200 Philipp Lies wrote: > Hi, > > we have a strange phenomenon with the transfer speed between windows > clients and samba servers. Here's the setup: > > server 1: centos 6.3 with samba 3.5.10 > server 2: centos 6.4 with samba 3.6.9 > both servers are configured as BDC and have - aside from netbios name - > identical smb.conf which contains ldapsam as backend and all other > parameters are not set (i.e. default) > > When I mount a share from a linux client, the transfer speed is > ~112MB/sec to either server from any linux client. However, when I mount > a share from Windows clients, the speed to server 1 is ~95MB/s and to > server 2 ~85MB/s. We tested this with several windows clients (all > running Windows 7 with all updates). > > The speed difference between linux client and windows client is not > what's confusing me but that server 2 is always slower than server 1. > > Any ideas what could cause this? > > Philipp The speed difference between Linux and Windows clients is most likely explained by the fact that Linux clients will almost always negotiate POSIX extensions with the server. At that point, they're allowed to bump up the rsize/wsize values to much larger values. Newer kernels will default to 1M for both. That greatly increases throughput. As far as the difference between the two servers from windows clients, it'll be difficult to be sure without doing some more legwork to track down the cause. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 6.0 ready for download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It has been a few months since the last cifs-utils release. There
hasn't been much activity, but there are a few bugfixes that we ought
to get into a release.
So, nothing much earth-shattering here, mostly just bugfixes and
documentation updates. With this release too, support for NFS-style
devicenames has now been removed (as previously announced via a warning
at mount time):
Go forth and download!
webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils
tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git:git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
Detailed list of changes since 5.9:
commit 9c988b1e39c5abe88e795bb3fb9285ee6c4b80fc
Author: Jeff Layton
Date: Mon Jan 7 10:23:09 2013 -0500
autoconf: set release to 5.9.1 for interim builds
Signed-off-by: Jeff Layton
commit 739289ad3ce915e1ee2705ecd7ac4e907cd91405
Author: Jeff Layton
Date: Mon Jan 7 10:25:30 2013 -0500
cifsidmap: clean up comments on API description
...typo and grammatical fixes, mostly.
Signed-off-by: Jeff Layton
commit 1a01f7c4b90695211d12291d7a24bec05b1f2922
Author: Jeff Layton
Date: Sat Jan 12 22:02:01 2013 -0500
mount.cifs: set parsed_info->got_user when a cred file supplies a username
commit 85d18a1ed introduced a regression when using a credentials file.
It set the username in the parsed mount info properly, but didn't set
the "got_user" flag in it.
Also, fix an incorrect strlcpy length specifier in open_cred_file.
Reported-by: "Mantas M."
Signed-off-by: Jeff Layton
commit fba9d20495719f3fa323401b087ebef60a0d
Author: Jeff Layton
Date: Mon Jan 28 21:38:12 2013 -0500
setcifsacl: fix infinite loop in getnumcaces
Jian pointed out that this loop can cycle infinitely when the string
contains a ','.
Also, fix typo in manpage that shows a trailing ',' in one example.
Reported-by: Jian Li
Signed-off-by: Jeff Layton
commit 653a6c66312382da381a2d44f8018d3222cadbdf
Author: Jeff Layton
Date: Tue Jan 29 07:08:48 2013 -0500
setcifsacl: fix offset calculation in "set" code
Previously the code assumed that the ACE that was copied was of a
fixed size. Save off the return value from copy_ace and ensure that
we apply it correctly to the size and offset.
Reported-by: Jian Li
Signed-off-by: Jeff Layton
commit d1d96fafe50b04395ff3ee4590777452e6612e02
Author: Jeff Layton
Date: Fri Feb 1 12:41:57 2013 -0500
cifs-utils: add autoconf test to make sure that libwbclient is usable
The idmapwb plugin requires a usable wbcSidsToUnixIds() function. Check
to ensure that the wbclient library provides that symbol, and handle
it appropriately if it doesn't.
If someone were so inclined they probably could fix idmapwb to fall
back to the older mapping functions if that symbol doesn't exist,
but for now this patch just makes it refuse to build the plugin.
Reported-by: Shirish Pargaonkar
Signed-off-by: Jeff Layton
commit 257c119e79feee8f4aed38b54bd1f8bbe5b5f3b9
Author: Jeff Layton
Date: Sat Mar 16 21:28:18 2013 -0400
manpage: document the mount.cifs vers= option
Thanks to Tom Talpey for clarifying some of the info here.
Cc: Tom Talpey
Signed-off-by: Jeff Layton
commit fa6c3ca6e032ff6cb0caba97b46bfc1cffc401b5
Author: Jeff Layton
Date: Tue Mar 19 11:00:49 2013 -0400
manpage: better document the default sec= mount option
The default changed in mainline kernel v3.8.
Signed-off-by: Jeff Layton
commit 8ef14ea81773310a439a70e419f33dcc1c76f1eb
Author: Jeff Layton
Date: Fri Mar 22 06:43:46 2013 -0400
mount.cifs: remove support for "NFS syntax"
...as promised for version 6.0.
Cc: Scott Lovenberg
Signed-off-by: Jeff Layton
commit 00cb36de848a52a5aaa510a46a5bdd40a7417692
Author: Jeff Layton
Date: Fri Mar 22 06:18:19 2013 -0400
autoconf: set version to 6.0
Signed-off-by: Jeff Layton
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.19 (GNU/Linux)
iQIcBAEBAgAGBQJRUGhDAAoJEAAOaEEZVoIVD5cQAMfcS6HdSP0ll5xqEekNwpCm
VMU6Kh9sIDGIAk3IQ/mYe94uZ69qldBv/BQsj5SmeGhAIvYngLUNf3y2d78m6pIM
ldHojLcUSZgwaJu1tE5VN6XoukS3PrhIq55cHopW/5+ty0a3XYvVLab7xPqgECpP
0nZpv5Lo0yW9gKVM9qbk9zlY9zsztBjTA9dgdq/TAgfAasdSaZO70Gi0Fje8fJwF
Qxj+oKZmIhT+sfJkcRzAnfsuQENFPZyM5mqD7+53MlZLBPNFY/x6GL5oG5BPUwBJ
tE3VFsT3AkIbHQ6VO5h9guxpE4EllZnxGBuCRNoAFfgavFFlLLRfurw8BAfX5lNM
KkeYKRzMwGEOnyjdeBAgRtOs8O255pX0evgjZJCp3MAqaFuNFSLRmsfxs34xlAtx
BzAwuVq0GWqTJjy4+KYlPCAOvRlznMlDaSKXa21Kiw8fvRYbPoAhHgqAJDWlNSSS
E8HIt1lyG4lDJ81mPJC2gi+VAOhtSaiOCtRY0Vk/XVkF18nBT6uc/M9aE8ewddtV
a6I5QitCJjw3jWlKMSoSH1wGubkfQ+ob/Vvb8omsRySvgiaZ/0vspeeASMFatYxQ
Cvo0HvSuYn8Py5PfbkzRp46ZmqvCSBMBEcKBf6tUGlL
Re: [Samba] smbclient using smb2 protocol linux-2-linux share
On Sat, 16 Mar 2013 09:21:53 -0700 Jeremy Allison wrote: > On Wed, Feb 06, 2013 at 01:41:56PM -0800, rmarquez wrote: > > Trying to get a linux samba file server using samba 4.0.3 (compiled on the > > machine) running on ubuntu 3.8rc6 kernel to share out and negotiate with a > > linux client running the same kernel and smbd compiled from 4.0.3 samba > > source. > > Using wireshark to view the negotiations, I only see NT LM 0.12 (SMB v. 1). > > > > Tried forcing the file server via "min protocol = SMB2" in the > > /usr/local/samba/etc/smb.conf and keep getting this error: > > "mount error(95): Operation not supported" > > I try to mount that share in Windows 7 and it works, even negotiates at > > SMB2.1. > > > > How can I get a linux client to mount a linux samba share using protocol > > SMB2.1? > > This is not yet supported in CIFSFS although the Team is working > on it. > > It's also not supported in smbclient either, again it's something > we're working on (we have all the underlying plumbing for this). > Mounting with cifs.ko should work in current mainline kernels (3.8 and up?), but it's still pretty new and some things may not work exactly right. Try mounting with "-o vers=2.1". -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Logging denied connections from outside LAN
Greetings - I have an interesting issue that I am trying to understand. This may not be a direct Samba related issue, but the results of the issue are showing up in the Samba log, so I thought I would start here. Please direct me elsewhere if there is a better forum for this question. I have spent some time Googling and have a small understanding of what is going on, but now my Google-fu is exhausted and I still don't have a complete understanding of the issue and whether I need to make some configuration changes in my network. Issue: I am seeing in my samba log file denied connections from IP addresses that are outside my network. Since I believe that I have my network firewalled and access adequately restricted from outside, I am trying to understand how the access attempts are only showing up in my Samba logs. /var/log/samba/samba.log [2013/01/22 21:24:34.477896, 0] lib/util_sock.c:1514(matchname) matchname: host name/address mismatch: :::14.132.17.44 != 14-132-17-44.aichiwest1.commufa.jp [2013/01/22 21:24:34.479447, 0] lib/util_sock.c:1635(get_peer_name) Matchname failed on 14-132-17-44.aichiwest1.commufa.jp :::14.132.17.44 [2013/01/22 21:24:34.479723, 0] lib/access.c:413(check_access) Denied connection from UNKNOWN (:::14.132.17.44) [2013/01/22 21:24:34.479961, 1] smbd/process.c:2299(smbd_process) Connection denied from :::14.132.17.44 Logwatch - samba Begin Connections Denied: smbd/process.c:2299(smbd_process) :::109.72.49.42 : 1 Time(s) smbd/process.c:2299(smbd_process) :::111.254.232.135 : 1 Time(s) smbd/process.c:2299(smbd_process) :::114.46.201.200 : 1 Time(s) smbd/process.c:2299(smbd_process) :::121.67.7.193 : 1 Time(s) smbd/process.c:2299(smbd_process) :::121.67.7.200 : 1 Time(s) smbd/process.c:2299(smbd_process) :::124.11.241.39 : 1 Time(s) smbd/process.c:2299(smbd_process) :::14.132.17.44 : 1 Time(s) -- samba End - Background & Network Information: 1. The server in which Samba is running (a KVM guest, CentOS 6) does have a public IP address. 2. The firewall rules on this server has ports open for SSH, OpenVPN, Webmin, and Samba. The bottom rule on the input chain deny's all. 3. On the Server: HostDeny = all, and HostAllow = 192.168.112 (internal lan), 10.9.8. (OpenVPN lan), and loopback 4. Samba config: hosts allow = 127. 192.168.112. 10.9.8. What I think I understand at this point: 1. Google research indicates that the Host Name/Address mismatch portion of the log file refers to IPV6 name resolution not working. There are some suggestions for fixing that, but it isn't really the issue I am trying to understand. 2. The firewall may not be denying access to Samba because the Samba ports are open to make Samba available over our remote access. What I don't understand: 1. If the Server OS configuration is restricting access to only the internal lan addresses and the OpenVPN lan addresses, then how are the access attempts from external addresses getting to Samba where they are being logged. If someone can give me some insight as to what is going on here I would appreciate it. Then I can figure out what I might need to change in my network or server. Thanks. Also, I am only receiving the Daily Digest of the mailing list, so would appreciate any responses CC'ing me directly also. Jeff Boyce Meridian Environmental www.meridianenv.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 5.9 ready for download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
With the merge of the new plugin interface, it's probably a good time
for a new cifs-utils release. Distro packagers should take special note
of the changes with the new plugin interface since it has implications
for how the tools are packaged. In particular, it's necessary to set a
symlink to the plugin in the correct location
(/etc/cifs-utils/idmap-plugin by default).
Here are the main highlights:
* There is a new plugin architecture for the ID mapping tools. This
encapsulates the winbind interfaces inside a plugin and allows the
writing of others.
* The DOMAIN\username@password format for username= arguments have been
deprecated. The discrete mount options for each of those values
should be used instead.
* Full RELRO (vs. partial) is now enabled on all binaries by default
Go forth and download!
webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils
tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git:git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
Detailed list of changes since 5.8:
commit 92e12ecc28ac1a41eb48f693837be0ba070dc8af
Author: Jeff Layton
Date: Thu Nov 15 15:22:13 2012 -0500
autoconf: set version to 5.8.1 for interim builds
Signed-off-by: Jeff Layton
commit 8b6e0cc242fc62436b0dd073e393bbdd62f39a83
Author: Jeff Layton
Date: Sun Nov 18 20:38:38 2012 -0500
mount.cifs: treat uid=,gid=,cruid= options as name before assuming they're
a number
Sergio Conrad reported a problem trying to set up an autofs map to do
a krb5 mount. In his environment, many users have usernames that are
comprised entirely of numbers. While that's a bit odd, POSIX apparently
allows for it.
The current code assumes that when a numeric argument is passed to one
of the above options, that it's a uid or gid. Instead, try to treat the
argument as a user or group name first, and only try to treat it as a
number if that fails.
Signed-off-by: Jeff Layton
commit de299f69392c18dc71d207482566f38abc909837
Author: Jeff Layton
Date: Wed Nov 28 15:17:44 2012 -0500
mount.cifs: don't pass "flag" options to the kernel
When certain options are passed to the mount helper, we want to turn
them into mountflags for the mount() syscall. There's no need to copy
them to the options string in that case though.
Signed-off-by: Jeff Layton
commit 7e3149fe1529f0043f4fdf60082ea359ae8d656f
Author: Jeff Layton
Date: Mon Dec 3 11:03:19 2012 -0500
autotools: remove unnecessary files from distro
Having them in the distro prevents autoreconf -i from installing the latest
copies.
Signed-off-by: Jeff Layton
commit 7dacd96a24edf9ab2e3d7ed798bd28bba5425349
Author: Jeff Layton
Date: Mon Dec 3 13:41:12 2012 -0500
getcifsacl: use "size" instead of reconverting original field to host endian
Signed-off-by: Jeff Layton
commit c1fd5753a3f996203e4b39158e360f4b799a3254
Author: Jeff Layton
Date: Tue Dec 4 06:12:13 2012 -0500
getcifsacl: free strings returned by wbcLookupSid
Signed-off-by: Jeff Layton
commit bacbbf7c0994bdeaf49234abd07d840673d37e95
Author: Jeff Layton
Date: Tue Dec 4 06:21:06 2012 -0500
getcifsacl: ensure that we don't overrun the wbcDomainSid when converting
If we get a SID that contains more than 15 subauthorities, we'll end up
overrunning the struct wbcDomainSid. Just ignore any past 15.
Signed-off-by: Jeff Layton
commit 2584e62c06dbea59bbd6a001040d7780959c8358
Author: Jeff Layton
Date: Thu Dec 6 06:45:57 2012 -0500
autoconf: enable full RELRO in cifs-utils binaries
This is safer since it also protects the GOT from getting clobbered.
Signed-off-by: Jeff Layton
commit 53894f4e2cb4d15fedf0612e9a4bd47a537284b3
Author: Jeff Layton
Date: Thu Dec 6 07:17:17 2012 -0500
cifs-utils: only link in -lrt to binaries that need it
...which is really only mount.cifs.
Cc: Björn Jacke
Signed-off-by: Jeff Layton
commit fac79a1425a1474f0daf0795900d227307ec5db3
Author: Jeff Layton
Date: Fri Dec 7 08:39:16 2012 -0500
getcifsacl: remove unneeded openlog() call
getcifsacl doesn't log to syslog, so there's no need to open a channel
to it. Also, remove the unneeded "prog" global variable since only
the usage() function needs it.
Signed-off-by: Jeff Layton
commit b4dc50798e6baf026d6101ff3775ffc0c3a0e2f2
Author: Jeff Layton
Date: Fri Dec 7 12:07:23 2012 -0500
setcifsacl: remove syslog goop
setcifsacl doesn't use syslog, so no need to open a channel to it.
Signed-off-by: Jeff Layton
commit d4f9df9159c5ac93b97c36b0f98ffbd318866e38
Author: Jeff Layton
Date: Thu Dec 13 08:58:54 2012 -0500
cifs-utils: struct cifs_s
[Samba] ANNOUNCE: cifs-utils release 5.8 is ready for download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Time for another cifs-utils release!
Most of the patches in this release are for cifs.idmap, getcifsacl and
setcifsacl. There were many bugs in those tools, so anyone that's
deploying or using them is highly encouraged to upgrade.
Highlights:
* NFS-style device names are being deprecated in 6.0. Anyone using that
sort of device name should move to the UNC-style syntax that the manpage
has always documented.
* Many bugs in cifs.idmap, getcifsacl and setcifsacl have been fixed.
These tools should also be more efficient now and work correctly on
big-endian architectures.
webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils
tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git:git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
Detailed list of changes since 5.8:
commit 819018e34696b0fb9bf1b386304b5dce39ae0e6d
Author: Jeff Layton
Date: Fri Oct 12 13:28:37 2012 -0400
autoconf: set release to 5.7.1 for interim builds
Signed-off-by: Jeff Layton
commit 679fbebb5a656b4eb1a8988fb0d8697a5f919794
Author: Scott Lovenberg
Date: Tue Oct 23 15:37:03 2012 -0400
mount.cifs: add warning that NFS syntax is deprecated and will be
removed in cifs-utils-6.0.
[jlayton: Added newline to end of warning]
Signed-off-by: Scott Lovenberg
commit 60bca663f94e27436ed1afe1e673a8afa3342e1d
Author: Jeff Layton
Date: Mon Oct 29 15:45:37 2012 -0400
cifs.idmap: make sure cifsacl structs are packed
The kernel equivalent definitions are defined with
__attribute__((packed)), and the code seems to assume the userspace and
kernel ones will be properly aligned. Fix the userspace definitions in a
similar fashion.
Given the way these structs are, there is probably not any padding
between fields on most arches, but it's best to be safe here.
Reviewed-by: Shirish Pargaonkar
Signed-off-by: Jeff Layton
commit 1a0523fbc469e34560bec0f06ce4622bb7db7b04
Author: Jeff Layton
Date: Mon Oct 29 15:45:37 2012 -0400
cifs.idmap: get rid of useless strcmp prior to idmapping
The code copies off the key description and then ensures that it's
prefixed with "cifs.idmap". What's the point of that?
Presumably request-key would never have called this otherwise. There's
little harm in going ahead and doing the idmapping if this is called
with the wrong string.
Also, the error handling here is wrong. If the prefix doesn't match
the code will exit 0 without doing any mapping. Just remove it.
Reviewed-by: Shirish Pargaonkar
Signed-off-by: Jeff Layton
commit d9b876bc5b047682854123aed082c1004b995b69
Author: Jeff Layton
Date: Mon Oct 29 15:45:37 2012 -0400
cifs.idmap: add an options struct to handle long options
...since the manpage advertises them.
Reviewed-by: Shirish Pargaonkar
Signed-off-by: Jeff Layton
commit 035f69a9b5fe3c72df73bbbda2d7e570891f971e
Author: Jeff Layton
Date: Mon Oct 29 15:45:37 2012 -0400
cifs.idmap: clean up strget and avoid memory allocation
Don't do a strlen() call if strstr() isn't going to match anyway.
There's no need to duplicate the string here. None of the callers modify
it, so just return a pointer into the original string.
Reviewed-by: Shirish Pargaonkar
Signed-off-by: Jeff Layton
commit 803feff6aa66c0bb0f0a703eb2404477889a56d5
Author: Jeff Layton
Date: Mon Oct 29 15:45:37 2012 -0400
cifs.idmap: don't use atoi to convert unsigned int to number
atoi() is for signed integers, and is deprecated in any case. Use
strtoul() instead and check the result carefully before using it.
Also add a log message when the string(s) can't be converted and
fix the signedness of the types in other log messages.
Reviewed-by: Shirish Pargaonkar
Signed-off-by: Jeff Layton
commit 0454be8978815b90baae7652b0717d0c0696e295
Author: Jeff Layton
Date: Mon Oct 29 15:45:37 2012 -0400
cifs.idmap: set a timeout on keys that it instantiates
...and add a command-line option to allow the admin to tune that value.
I think this is a better way to handle this instead of trying to set the
timeouts in kernel space.
Reviewed-by: Shirish Pargaonkar
Signed-off-by: Jeff Layton
commit c49a6767051979368eea1087c9724a2c2994bd56
Author: Jeff Layton
Date: Mon Oct 29 15:45:37 2012 -0400
cifs.idmap: add a --help option for cifs.idmap
To make it print the usage message and exit.
Reviewed-by: Shirish Pargaonkar
Signed-off-by: Jeff Layton
commit f0269e2a0efacf5299b123801d9ec49695ed30b6
Author: Jeff Layton
Date: Mon Oct 29 16:04:11 2012 -0400
setcifsacl: clean up sizing of cifs_sid
The max number of subauthorities on windows and in
Re: [Samba] Scenario with CIFS
On Mon, 29 Oct 2012 22:13:34 + Alumno Etsii wrote: > Hi all! > > I'm trying to get samba working with CIFS, mounting a share on a client and > keeping the original file/dir permissions. The problem is that after I > (successfully) mount that share by CIFS, I can't write anything in it, > because I get a 'Permission denied' error. smbd version is 6.3.6. > > My testparm is: > > root@samba:~# testparm > Load smb config files from /etc/samba/smb.conf > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > Processing section "[shared]" > Loaded services file OK. > Server role: ROLE_STANDALONE > Press enter to see a dump of your service definitions > > [global] > workgroup = SMB > server string = %h server (Samba, Ubuntu) > map to guest = Bad User > obey pam restrictions = Yes > pam password change = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > unix password sync = Yes > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 1000 > load printers = No > printcap name = /dev/null > disable spoolss = Yes > show add printer wizard = No > dns proxy = No > panic action = /usr/share/samba/panic-action %d > idmap config * : backend = tdb > hosts allow = 127.0.0.1, 192.168.0. > hosts deny = 0.0.0.0/0 > printing = bsd > print command = lpr -r -P'%p' %s > lpq command = lpq -P'%p' > lprm command = lprm -P'%p' %j > > [shared] > comment = Shared documents > path = /shared > valid users = myuser > admin users = admin > read only = No > create mask = 0700 > force create mode = 0700 > directory mask = 0700 > browseable = No > > /// > > Mounting command is: > # mount -t cifs //192.168.0.99/shared ./mount -o > uid=localuser,gid=localuser,iocharset=utf8,credentials=/tmp/credentials,nosetuids,noperm > > File /tmp/credentials contains username myuser and its password. > > I successfully mount that share, I can list, cd, etc. but not write: > > root@monitor:/mnt/mount/archiveupload# ll > total 40 > drwxrwxr-x 4 localuser localuser 0 oct 29 21:25 ./ > drwxr-xr-x 3 localuser localuser 0 oct 29 17:30 ../ > -rw-rw-r-- 1 localuser localuser 9129 oct 29 19:41 action.php > drwxrwxr-x 2 localuser localuser 0 may 21 2009 conf/ > -rw-rw-r-- 1 localuser localuser 17992 may 21 2009 COPYING > drwxrwxr-x 4 localuser localuser 0 may 21 2009 lang/ > -rw-rw-r-- 1 localuser localuser 241 may 21 2009 README > -rw-rw-r-- 1 localuser localuser11 may 21 2009 VERSION > root@monitor:/mnt/mount/archiveupload# touch a > touch: no se puede efectuar `touch' sobre «a»: Permiso denegado > > 'localuser' exists in both server and client. My goal is to make that any > newly created file gets server's 'localuser' permissions. Then that won't work. You're connecting to the share as "myuser". Any files you create will be created as "myuser", not "localuser". > I added a > 'smbpasswd -a' for myuser. I wonder why can't I write on this share from > the client, since I think permissions and mount options are ok. > > I'll be very grateful for any idea! > > Regards. Ok, so the file isn't created at all when you "touch"? Does "myuser" have permission to write to /shared on the server? -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Disabling Roaming Profile Support
Well on my setup unless I manually set the profile to local or set a registry setting to allow only local profiles, it always fails to create a local profile. I can't figure out why. On Wed, Oct 31, 2012 at 9:45 AM, Jeff Dickens wrote: > I have "logon drive =" in smb.conf but testparm does not report that. > > Does it on your system, Marcio? > > ex: > > root@grackle:~# grep logon /etc/samba/smb.conf >domain logons = yes >logon drive = >logon home = >logon path = > [netlogon] >path = /home/samba/netlogon > root@grackle:~# > root@grackle:~# testparm | grep logon > Load smb config files from /etc/samba/smb.conf > ...snip... > Loaded services file OK. > Server role: ROLE_DOMAIN_PDC > Press enter to see a dump of your service definitions > > logon path = > logon home = > domain logons = Yes > [netlogon] > path = /home/samba/netlogon > root@grackle:~# > > On Tue, Oct 30, 2012 at 5:10 PM, Jeff Dickens wrote: > >> From >> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html: >> >> Disabling Roaming Profile Support >> >> The question often asked is, “How may I enforce use of local profiles?” >> or “How do I disable roaming profiles?” >> >> There are three ways of doing this: >> In smb.conf >> >> Affect the following settings and ALL clients will be forced to use a >> local profile: logon home = >> <http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONHOME>and >> logon >> path = >> <http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONPATH> >> >> The arguments to these parameters must be left blank. It is necessary to >> include the = sign to specifically assign the empty value. >> >> >> This apparently no longer works, or at least it doesn't work properly >> with an LDAP server. >> >> Can anyone comment on why? I'm running Samba 3.6.3-2 on Ubuntu 12.04. >> >> >> >> -- >> * Jeff Dickens* >> IT Manager 978-632-1513 >> >> >> > > > -- > * Jeff Dickens* > IT Manager 978-632-1513 > > > -- * Jeff Dickens* IT Manager 978-632-1513 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Disabling Roaming Profile Support
I have "logon drive =" in smb.conf but testparm does not report that. Does it on your system, Marcio? ex: root@grackle:~# grep logon /etc/samba/smb.conf domain logons = yes logon drive = logon home = logon path = [netlogon] path = /home/samba/netlogon root@grackle:~# root@grackle:~# testparm | grep logon Load smb config files from /etc/samba/smb.conf ...snip... Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions logon path = logon home = domain logons = Yes [netlogon] path = /home/samba/netlogon root@grackle:~# On Tue, Oct 30, 2012 at 5:10 PM, Jeff Dickens wrote: > From > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html: > > Disabling Roaming Profile Support > > The question often asked is, “How may I enforce use of local profiles?” > or “How do I disable roaming profiles?” > > There are three ways of doing this: > In smb.conf > > Affect the following settings and ALL clients will be forced to use a > local profile: logon home = > <http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONHOME>and > logon > path = > <http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONPATH> > > The arguments to these parameters must be left blank. It is necessary to > include the = sign to specifically assign the empty value. > > > This apparently no longer works, or at least it doesn't work properly with > an LDAP server. > > Can anyone comment on why? I'm running Samba 3.6.3-2 on Ubuntu 12.04. > > > > -- > * Jeff Dickens* > IT Manager 978-632-1513 > > > -- * Jeff Dickens* IT Manager 978-632-1513 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Disabling Roaming Profile Support
From http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html: Disabling Roaming Profile Support The question often asked is, “How may I enforce use of local profiles?” or “How do I disable roaming profiles?” There are three ways of doing this: In smb.conf Affect the following settings and ALL clients will be forced to use a local profile: logon home = <http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONHOME>and logon path = <http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/smb.conf.5.html#LOGONPATH> The arguments to these parameters must be left blank. It is necessary to include the = sign to specifically assign the empty value. This apparently no longer works, or at least it doesn't work properly with an LDAP server. Can anyone comment on why? I'm running Samba 3.6.3-2 on Ubuntu 12.04. -- * Jeff Dickens* IT Manager 978-632-1513 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Add warning that NFS syntax is deprecated and will be removed in cifs-utils-6.0.
On Thu, 18 Oct 2012 14:07:49 -0400
scott.lovenb...@gmail.com wrote:
> From: Scott Lovenberg
>
> Signed-off-by: Scott Lovenberg
> ---
> mount.cifs.c |4
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/mount.cifs.c b/mount.cifs.c
> index 756fce2..061ce32 100644
> --- a/mount.cifs.c
> +++ b/mount.cifs.c
> @@ -1335,6 +1335,7 @@ static int parse_unc(const char *unc_name, struct
> parsed_mount_info *parsed_info
> }
>
> /* Set up "host" and "share" pointers based on UNC format. */
> + /* TODO: Remove support for NFS syntax as of cifs-utils-6.0. */
> if (strncmp(unc_name, "//", 2) && strncmp(unc_name, "", 2)) {
> /*
>* check for nfs syntax (server:/share/prepath)
> @@ -1351,6 +1352,9 @@ static int parse_unc(const char *unc_name, struct
> parsed_mount_info *parsed_info
> share++;
> if (*share == '/')
> ++share;
> + fprintf(stderr, "WARNING: using NFS syntax for mounting CIFS "
> + "shares is deprecated and will be removed in cifs-utils"
> + "-6.0. Please migrate to UNC syntax.");
> } else {
> host = unc_name + 2;
> hostlen = strcspn(host, "/\\");
Merged (with addition of a newline to the end of warning message)...
--
Jeff Layton
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS: Deprecating NFS mounting syntax in mount.cifs
On Tue, 23 Oct 2012 19:22:32 +0200 steve wrote: > On 10/23/2012 07:02 PM, Jeff Layton wrote: > > On Tue, 23 Oct 2012 18:47:37 +0200 > > steve wrote: > > > >> On 10/23/2012 05:56 PM, Scott Lovenberg wrote: > >> Currently, we have this map: * -fstype=cifs,rw,sec=krb5 > >> ://myserver/myshare/& > > Does that really work? What purpose does the ':' serve there? > Yes. They always put a ':' before the mount except for the default NFS. > I took a look at the example /etc/auto.misc which comes (commented out) > with openSUSE. They always put a ':'. Ok, I see now. From autofs(5): If the filesystem to be mounted begins with a / (such as local /dev entries or smbfs shares) a : needs to be prefixed (e.g. :/dev/sda1). ...I guess it's necessary for the autofs parser. I assume that the ':' doesn't get passed to the actual mount invocation though, so that should continue to work just fine. > > That > > should probably be removed. I doubt we'd end up breaking that syntax, > > but I can't be certain. > > > Just to say that this is a seemingly innocuous patch, but one which may > lead to confusion. Well, better confusion now than confusion when it breaks. cifs really is just too "loose" about the syntax of things that it accepts, which sounds great until you have to test all of the different variations... -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS: Deprecating NFS mounting syntax in mount.cifs
On Tue, 23 Oct 2012 18:47:37 +0200 steve wrote: > On 10/23/2012 05:56 PM, Scott Lovenberg wrote: > > On 10/18/2012 2:07 PM, scott.lovenb...@gmail.com wrote: > > no one has objected (or really said anything). Can we merge this patch? > > -- > Hi > I'm just trying to represent users. Can we take this to user level by > giving an example of what will work and what will not work after the patch? > > For example, the Linux automounter. > > Currently, we have this map: > * -fstype=cifs,rw,sec=krb5 ://myserver/myshare/& > Does that really work? What purpose does the ':' serve there? That should probably be removed. I doubt we'd end up breaking that syntax, but I can't be certain. > Are you talking about the difference between that and this: > * -fstype=cifs,rw,sec=krb5 myserver:/myshare/& Right, the above syntax would no longer work after the change. > > Question: will I need to change anything due to this patch? > For this patch, you don't need to do anything. It just adds a warning. Eventually though, nfs-style "devicenames" would no longer work for cifs mounts. For your map above, you probably want something like: * -fstype=cifs,rw,sec=krb5 //myserver/myshare/& (i.e. get rid of the extraneous ':'). -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Unusual behavior when two users have different shares with the same name
Hi, In our global smb.conf we have the line: include = /etc/smb/smb.%U.conf which allows us to provide a different set of available shares to each user who connects. Notably, two users might have shares with the same name, but which point to different locations. And if both those users attempt to mount their own homonymous shares from the same machine, they each see their own share. But this breaks down if one of the users has already mounted something: * Mount share foo as user A * Mount share bar as user B * Mount share bar as user A * Observe that user A sees user B's version of bar There is a workaround, which has inconsistent success: * Unmount, then remount share bar as user A * Observe that user A sees its own version of bar, as it should be It seems to be related to the fact that the CIFS VFS layer only uses one TCP connection for all the mounts; when we tried examining these shares with three separate connections (using the smbclient tool), the users saw their own versions of all the shares. This was observed on samba 3.4.2 and 3.6.3, with mount.cifs up through version 5.6. Is this a bug? Is it a use case which is simply beyond samba's scope? Any clarifications would be much appreciated. Regards, --Jeff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs: regular freezes with s3fs
On Thu, 18 Oct 2012 18:34:07 +0200 steve wrote: > On 18/10/12 18:28, John Drescher wrote: > >> through user login, freeze (twice) and user logout until the login prompt > >> returned: > >> https://dl.dropbox.com/u/45150875/cifs-freeze2 > >> > > > > When I click the above link I get: > > > > We can't find the page you're looking for. Check out our Help Center > > and forums for help, or head back to home. > > > > John > > > > Sorry, It hadn't synced. It's there now. > Cheers, > Steve > In this one, I don't see any issues with oplock breaks. I also don't see any calls that are taking longer than expected. I do see a bunch of page-sized reads in the capture for what appear to be sequential reads. Reads also seem to be serialized, which is makes me think its falling into the readpage codepath. There were some fixes to rsize handling in later kernels, so it's probably worthwhile to test those before you do too much debugging. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs: regular freezes with s3fs
On Thu, 18 Oct 2012 13:21:39 +0200 steve wrote: > On 18/10/12 11:48, Jeff Layton wrote: > > On Thu, 18 Oct 2012 10:18:05 +0200 > > steve wrote: > > > >> cifs-utils-5.6 > >> samba Version 4.0.0rc3 > >> openSUSE 12.2 > >> LAN of XP, w7 and Linux clients under Samba4 DC and s3fs fileserver > >> > >> Hi > >> I am testing the possibility of migrating from nfs to cifs to serve our > >> Linux clients. > >> > >> Currently we mount the samba shares, e.g. the home directory, using nfs. > >> > >> The test setup is that instead of: > >> mount -t nfs hh1:/home2 /home2 -osec=rw,krb5 > >> I changed to: > >> mount -t cifs //hh1/home2 /home2 -osec=rw,sec=krb5,multiuser > >> > >> This works fine for console logins, but is very slow (unusable) for > >> graphical logins to either LXDE or XFCE. > >> > >> The login sometimes works: > >> Kerberos: AS-REQ ste...@hh3.site from ipv4:192.168.1.41:57380 for > >> krbtgt/hh3.s...@hh3.site > >> Kerberos: Client sent patypes: 149 > >> Kerberos: Looking for PKINIT pa-data -- ste...@hh3.site > >> Kerberos: Looking for ENC-TS pa-data -- ste...@hh3.site > >> Kerberos: No preauth found, returning PREAUTH-REQUIRED -- ste...@hh3.site > >> Kerberos: AS-REQ ste...@hh3.site from ipv4:192.168.1.41:41237 for > >> krbtgt/hh3.s...@hh3.site > >> Kerberos: Client sent patypes: encrypted-timestamp, 149 > >> Kerberos: Looking for PKINIT pa-data -- ste...@hh3.site > >> Kerberos: Looking for ENC-TS pa-data -- ste...@hh3.site > >> Kerberos: ENC-TS Pre-authentication succeeded -- ste...@hh3.site using > >> arcfour-hmac-md5 > >> Kerberos: AS-REQ authtime: 2012-10-18T09:57:33 starttime: unset endtime: > >> 2012-10-18T19:57:33 renew till: 2012-10-19T09:55:48 > >> Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, > >> aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using > >> arcfour-hmac-md5/arcfour-hmac-md5 > >> Kerberos: Requested flags: renewable, forwardable > >> Kerberos: TGS-REQ ste...@hh3.site from ipv4:192.168.1.41:50790 for > >> host/hh7.hh3.s...@hh3.site [canonicalize, renewable, forwardable] > >> Kerberos: TGS-REQ authtime: 2012-10-18T09:57:33 starttime: > >> 2012-10-18T09:57:33 endtime: 2012-10-18T10:02:33 renew till: > >> 2012-10-19T09:55:48 > >> Kerberos: TGS-REQ ste...@hh3.site from ipv4:192.168.1.41:44350 for > >> cifs/h...@hh3.site [canonicalize, renewable, forwardable] > >> Kerberos: TGS-REQ authtime: 2012-10-18T09:57:33 starttime: > >> 2012-10-18T09:57:33 endtime: 2012-10-18T19:57:33 renew till: > >> 2012-10-19T09:55:48 > >> > >> But then as soon as we open the file manager (or do anything else) it > >> freezes for as long as 5 minutes, before it makes another cifs request > >> and comes alive for a while: > >> > >> Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv() > >> - NT_STATUS_CONNECTION_DISCONNECTED' > >> single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() - > >> NT_STATUS_CONNECTION_DISCONNECTED] > >> Kerberos: TGS-REQ ste...@hh3.site from ipv4:192.168.1.41:58872 for > >> cifs/h...@hh3.site [canonicalize, renewable, forwardable] > >> Kerberos: TGS-REQ authtime: 2012-10-18T09:57:33 starttime: > >> 2012-10-18T09:59:58 endtime: 2012-10-18T19:57:33 renew till: > >> 2012-10-19T09:55:48 > >> > >> It is then OK for a few minutes more until it freezes again until the > >> next cifs request etc etc. . . > >> > >> This sometimes occurs in the samba log but with different files each time: > >> usr/local/samba/sbin/smbd: Oplock break failed for file > >> home/steve3/.cache/openbox/openbox.log -- replying anyway > >> > >> Here is the test smb.conf: > >> > >> # Global parameters > >> [global] > >> workgroup = MARINA > >> realm = hh3.site > >> netbios name = HH1 > >> server role = active directory domain controller > >> dns forwarder = 192.168.1.1 > >> idmap_ldb:use rfc2307 = Yes > >> unix extensions = Yes > >> panic action = /home/steve/samba-master/selftest/gdb_backtrace %d > >> > >> [netlogon] > >> path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts > >> read only = No > >> > >> [sysvol] > >> p
Re: [Samba] mount.cifs: regular freezes with s3fs
On Thu, 18 Oct 2012 10:18:05 +0200 steve wrote: > cifs-utils-5.6 > samba Version 4.0.0rc3 > openSUSE 12.2 > LAN of XP, w7 and Linux clients under Samba4 DC and s3fs fileserver > > Hi > I am testing the possibility of migrating from nfs to cifs to serve our > Linux clients. > > Currently we mount the samba shares, e.g. the home directory, using nfs. > > The test setup is that instead of: > mount -t nfs hh1:/home2 /home2 -osec=rw,krb5 > I changed to: > mount -t cifs //hh1/home2 /home2 -osec=rw,sec=krb5,multiuser > > This works fine for console logins, but is very slow (unusable) for > graphical logins to either LXDE or XFCE. > > The login sometimes works: > Kerberos: AS-REQ ste...@hh3.site from ipv4:192.168.1.41:57380 for > krbtgt/hh3.s...@hh3.site > Kerberos: Client sent patypes: 149 > Kerberos: Looking for PKINIT pa-data -- ste...@hh3.site > Kerberos: Looking for ENC-TS pa-data -- ste...@hh3.site > Kerberos: No preauth found, returning PREAUTH-REQUIRED -- ste...@hh3.site > Kerberos: AS-REQ ste...@hh3.site from ipv4:192.168.1.41:41237 for > krbtgt/hh3.s...@hh3.site > Kerberos: Client sent patypes: encrypted-timestamp, 149 > Kerberos: Looking for PKINIT pa-data -- ste...@hh3.site > Kerberos: Looking for ENC-TS pa-data -- ste...@hh3.site > Kerberos: ENC-TS Pre-authentication succeeded -- ste...@hh3.site using > arcfour-hmac-md5 > Kerberos: AS-REQ authtime: 2012-10-18T09:57:33 starttime: unset endtime: > 2012-10-18T19:57:33 renew till: 2012-10-19T09:55:48 > Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, > aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using > arcfour-hmac-md5/arcfour-hmac-md5 > Kerberos: Requested flags: renewable, forwardable > Kerberos: TGS-REQ ste...@hh3.site from ipv4:192.168.1.41:50790 for > host/hh7.hh3.s...@hh3.site [canonicalize, renewable, forwardable] > Kerberos: TGS-REQ authtime: 2012-10-18T09:57:33 starttime: > 2012-10-18T09:57:33 endtime: 2012-10-18T10:02:33 renew till: > 2012-10-19T09:55:48 > Kerberos: TGS-REQ ste...@hh3.site from ipv4:192.168.1.41:44350 for > cifs/h...@hh3.site [canonicalize, renewable, forwardable] > Kerberos: TGS-REQ authtime: 2012-10-18T09:57:33 starttime: > 2012-10-18T09:57:33 endtime: 2012-10-18T19:57:33 renew till: > 2012-10-19T09:55:48 > > But then as soon as we open the file manager (or do anything else) it > freezes for as long as 5 minutes, before it makes another cifs request > and comes alive for a while: > > Terminating connection - 'wbsrv_call_loop: tstream_read_pdu_blob_recv() > - NT_STATUS_CONNECTION_DISCONNECTED' > single_terminate: reason[wbsrv_call_loop: tstream_read_pdu_blob_recv() - > NT_STATUS_CONNECTION_DISCONNECTED] > Kerberos: TGS-REQ ste...@hh3.site from ipv4:192.168.1.41:58872 for > cifs/h...@hh3.site [canonicalize, renewable, forwardable] > Kerberos: TGS-REQ authtime: 2012-10-18T09:57:33 starttime: > 2012-10-18T09:59:58 endtime: 2012-10-18T19:57:33 renew till: > 2012-10-19T09:55:48 > > It is then OK for a few minutes more until it freezes again until the > next cifs request etc etc. . . > > This sometimes occurs in the samba log but with different files each time: > usr/local/samba/sbin/smbd: Oplock break failed for file > home/steve3/.cache/openbox/openbox.log -- replying anyway > > Here is the test smb.conf: > > # Global parameters > [global] > workgroup = MARINA > realm = hh3.site > netbios name = HH1 > server role = active directory domain controller > dns forwarder = 192.168.1.1 > idmap_ldb:use rfc2307 = Yes > unix extensions = Yes > panic action = /home/steve/samba-master/selftest/gdb_backtrace %d > > [netlogon] > path = /usr/local/samba/var/locks/sysvol/hh3.site/scripts > read only = No > > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No > > [home2] > path = /home2 > read only = No > > Here is the wireshark of a login and a 'cifs freeze'. > https://dl.dropbox.com/u/45150875/cifs-freeze > > Please note that this works fine for the same user and data with both > nfs3 and nfs4. > I think you probably want send this sort of thing to linux-c...@vger.kernel.org (cc'ed here), and not to me directly. What kernel is the client running here? -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] temporary profiles problem - don't want roaming profiles
Apparently my problem is a bad combination of mystifying and uninteresting :-) since I've not had a reply. Can anyone maybe suggest how to debug this? How can I find out what name it's looking for when it gets "The network name cannot be found" ? Is it true that I should be able to have a Samba-3 Domain without roaming profiles by just specifying logon path = logon home = in smb.conf and not providing any *sambaProfilePath* attribute in LDAP ? On Fri, Oct 5, 2012 at 5:42 PM, Jeff Dickens wrote: > I have a Samba PDC (Ubuntu 12, OpenLDAP 2.4.28, Samba 3.6.3), and at two > remote sites, I have some Samba BDCs. > > For now I've manually entered the DCs as WINS servers on the workstations > I'm using for testing. At the remote sites, I can log in with an account > that has no logon path or logon home specified, and it works perfectly. > But at the main site, when I try to log on to one of these accounts I get > first get the "can't find the server copy of the roaming profile" and then > "can't find the local profile logging you in with a temporary profile" > errors. I can't figure this one out. I'm using the same account, and the > samba setups are nearly identical - just one is a BDC and one a PDC. > > This is smb.conf on the PDC: > > [global] > workgroup = SEAMANPAPER > server string = %h server (Samba, Ubuntu) > map to guest = Bad User > obey pam restrictions = Yes > passdb backend = ldapsam:ldap://localhost > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 1000 > smb ports = 137 138 139 445 > name resolve order = wins bcast hosts > load printers = No > printcap name = /dev/null > disable spoolss = Yes > rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold' > delete user script = /usr/sbin/smbldap-userdel '%u' > add group script = /usr/sbin/smbldap-groupadd -p '%g' > delete group script = /usr/sbin/smbldap-groupdel '%g' > add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' > delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' > '%g' > set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' > add machine script = /usr/sbin/smbldap-useradd -W '%u' -t 1 > logon path = > logon home = > domain logons = Yes > os level = 65 > domain master = Yes > dns proxy = No > wins support = Yes > ldap admin dn = cn=admin,dc=intranet,dc=seamanpaper,dc=com > ldap group suffix = ou=Groups > ldap idmap suffix = ou=Idmap > ldap machine suffix = ou=Computers > ldap passwd sync = yes > ldap suffix = dc=intranet,dc=seamanpaper,dc=com > ldap ssl = no > ldap user suffix = ou=People > panic action = /usr/share/samba/panic-action %d > idmap config * : range = 100-199 > idmap config * : backend = ldap > printing = bsd > print command = lpr -r -P'%p' %s > lpq command = lpq -P'%p' > lprm command = lprm -P'%p' %j > > [profiles] > comment = Windows Profiles > path = /home/samba/profiles > read only = No > create mask = 0600 > directory mask = 0700 > store dos attributes = Yes > browseable = No > csc policy = disable > > [netlogon] > comment = Network Logon Service > path = /home/samba/netlogon > guest ok = Yes > > [homes] > comment = Home Directories > valid users = %S > read only = No > browseable = No > > and on the BDC: > > > [global] > workgroup = SEAMANPAPER > server string = %h server (Samba, Ubuntu) > map to guest = Bad User > obey pam restrictions = Yes > passdb backend = ldapsam:ldap://localhost > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 1000 > smb ports = 137 138 139 445 > name resolve order = wins bcast hosts > load printers = No > printcap name = /dev/null > disable spoolss = Yes > rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold' > delete user script = /usr/sbin/smbldap-userdel '%u' > add group script = /usr/sbin/smbldap-groupadd -p '%g' > delete group s
Re: [Samba] ANNOUNCE: cifs-utils release *5.7* is ready for download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 9 Oct 2012 20:51:21 -0400
Jeff Layton wrote:
> Hash: SHA1
>
> Time for another cifs-utils release!
>
> Nothing terribly earth shattering here. Some distros (like Fedora) are
> moving krb5 credcaches out of /tmp by default. Users of these distros
> will definitely want to upgrade.
>
> Highlights:
>
> * Fixes for mounting with '/' in usernames with sec=krb5
>
> * Support for DIR: type krb5 ccaches
>
> * support for "nofail" option in mount.cifs
>
> webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils
> tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
> git:git://git.samba.org/cifs-utils.git
> gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
>
> Detailed list of changes since 5.6:
>
> commit 692842e34c1f2fcc84b6b64136f5e28dd7062f46
> Author: Jeff Layton
> Date: Tue Aug 7 11:06:41 2012 -0400
>
> autoconf: set version to 5.6.1 for interim builds
>
> Signed-off-by: Jeff Layton
>
> commit 569cfcb3a467dfdf967a36ed6f7896559edab2ba
> Author: Jeff Layton
> Date: Tue Aug 7 11:11:26 2012 -0400
>
> mount.cifs: deprecate the DOMAIN/username%password username syntax
>
> mount.cifs has in the past allowed users to specify a username using
> the above syntax, which would populate the domain and password fields
> with the different pieces.
>
> Unfortunately, there are cases where it is legit to have a '/' in a
> username. krb5 SPNs generally contain a '/' and we have no clear way
> to distinguish between the two.
>
> I don't see any real value in keeping that syntax allowed. It's no
> easier than specifying "pass=" and "domain=" on the command line. Ditto
> for credential files.
>
> Begin the transition away from that syntax by adding a warning message
> that support for it will be removed in 5.9.
>
> Signed-off-by: Jeff Layton
>
> commit 3a965467611637ca05bcd55460ff69fec6ad8be7
> Author: Jeff Layton
> Date: Tue Aug 7 11:52:15 2012 -0400
>
> mount.cifs: handle username= differently depending on sec= option
>
> This patch is intended as a temporary workaround for krb5 users that need
> to specify usernames with '/' in them. I intend to remove this hack from
> mount.cifs once the legacy username handling code is removed.
>
> The idea here is to save off the raw username string while we're parsing
> options. If the mount options specify "sec=krb5" or "sec=krb5i" then
> we'll not do the legacy username parsing and will instead just pass in
> the username string as-is.
>
> Obviously, this is a nasty hack and we don't really want to carry this
> in perpetuity, so this can go away once the "legacy" username parsing
> has gone away.
>
> Signed-off-by: Jeff Layton
>
> commit 377898e63a8689b0e8c5c656ce9cfa98223cf74b
> Author: Jeff Layton
> Date: Tue Aug 21 15:18:54 2012 -0400
>
> cifs-utils: fix up references to getcifsacl and setcifsacl files
>
> When I moved the manpages for this to section 1, I missed some references
> to them. Also, get rid of the unneeded clean-local-aclprogs makefile
> target.
>
> Signed-off-by: Jeff Layton
>
> commit d006986221b7f1aad50e894851dc573650b7611c
> Author: Nalin Dahyabhai
> Date: Thu Aug 23 11:14:45 2012 -0400
>
> cifs.upcall: also consider DIR:-type ccaches
>
> If we encounter a subdirectory while scanning a directory for a user's
> ccache, check if it's a "DIR" ccache. Otherwise, continue as before,
> checking if it's a "FILE" ccache if it looks like a regular file.
>
> commit ca0894e40480a9115c6bad670149b075646ead2c
> Author: Nalin Dahyabhai
> Date: Thu Aug 23 11:14:56 2012 -0400
>
> cifs.upcall: scan /run/user/${UID} for ccaches, too
>
> When scanning for credential caches, check the user's directory under
> /run/user first, then fall back to /tmp as we have previously. Because
> we now call find_krb5_cc() twice (once for each directory), we move its
> state to be outside of the function. We also add a substitution
> mechanism to make the process of resolving the location of the user's
> home directory before searching it a bit more explicable.
>
> commit 72bce53289d939c3539b7d3cb957b748a4b1d2ec
> Author: Jeff Layton
> Date: Thu Aug 23 07:46:40 2012 -0400
>
> cifs.upcall: use strncmp in scandir filter
[Samba] ANNOUNCE: cifs-utils release 5.6 is ready for download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Time for another cifs-utils release!
Nothing terribly earth shattering here. Some distros (like Fedora) are
moving krb5 credcaches out of /tmp by default. Users of these distros
will definitely want to upgrade.
Highlights:
* Fixes for mounting with '/' in usernames with sec=krb5
* Support for DIR: type krb5 ccaches
* support for "nofail" option in mount.cifs
webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils
tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git:git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
Detailed list of changes since 5.6:
commit 692842e34c1f2fcc84b6b64136f5e28dd7062f46
Author: Jeff Layton
Date: Tue Aug 7 11:06:41 2012 -0400
autoconf: set version to 5.6.1 for interim builds
Signed-off-by: Jeff Layton
commit 569cfcb3a467dfdf967a36ed6f7896559edab2ba
Author: Jeff Layton
Date: Tue Aug 7 11:11:26 2012 -0400
mount.cifs: deprecate the DOMAIN/username%password username syntax
mount.cifs has in the past allowed users to specify a username using
the above syntax, which would populate the domain and password fields
with the different pieces.
Unfortunately, there are cases where it is legit to have a '/' in a
username. krb5 SPNs generally contain a '/' and we have no clear way
to distinguish between the two.
I don't see any real value in keeping that syntax allowed. It's no
easier than specifying "pass=" and "domain=" on the command line. Ditto
for credential files.
Begin the transition away from that syntax by adding a warning message
that support for it will be removed in 5.9.
Signed-off-by: Jeff Layton
commit 3a965467611637ca05bcd55460ff69fec6ad8be7
Author: Jeff Layton
Date: Tue Aug 7 11:52:15 2012 -0400
mount.cifs: handle username= differently depending on sec= option
This patch is intended as a temporary workaround for krb5 users that need
to specify usernames with '/' in them. I intend to remove this hack from
mount.cifs once the legacy username handling code is removed.
The idea here is to save off the raw username string while we're parsing
options. If the mount options specify "sec=krb5" or "sec=krb5i" then
we'll not do the legacy username parsing and will instead just pass in
the username string as-is.
Obviously, this is a nasty hack and we don't really want to carry this
in perpetuity, so this can go away once the "legacy" username parsing
has gone away.
Signed-off-by: Jeff Layton
commit 377898e63a8689b0e8c5c656ce9cfa98223cf74b
Author: Jeff Layton
Date: Tue Aug 21 15:18:54 2012 -0400
cifs-utils: fix up references to getcifsacl and setcifsacl files
When I moved the manpages for this to section 1, I missed some references
to them. Also, get rid of the unneeded clean-local-aclprogs makefile target.
Signed-off-by: Jeff Layton
commit d006986221b7f1aad50e894851dc573650b7611c
Author: Nalin Dahyabhai
Date: Thu Aug 23 11:14:45 2012 -0400
cifs.upcall: also consider DIR:-type ccaches
If we encounter a subdirectory while scanning a directory for a user's
ccache, check if it's a "DIR" ccache. Otherwise, continue as before,
checking if it's a "FILE" ccache if it looks like a regular file.
commit ca0894e40480a9115c6bad670149b075646ead2c
Author: Nalin Dahyabhai
Date: Thu Aug 23 11:14:56 2012 -0400
cifs.upcall: scan /run/user/${UID} for ccaches, too
When scanning for credential caches, check the user's directory under
/run/user first, then fall back to /tmp as we have previously. Because
we now call find_krb5_cc() twice (once for each directory), we move its
state to be outside of the function. We also add a substitution
mechanism to make the process of resolving the location of the user's
home directory before searching it a bit more explicable.
commit 72bce53289d939c3539b7d3cb957b748a4b1d2ec
Author: Jeff Layton
Date: Thu Aug 23 07:46:40 2012 -0400
cifs.upcall: use strncmp in scandir filter function
We want to require that the filename begins with the correct string,
not just that it contains it somewhere.
Signed-off-by: Jeff Layton
commit a0bf123541ec6fd53948f41f17c9dba5d6a43648
Author: Jeff Layton
Date: Thu Aug 23 10:18:02 2012 -0400
mount.cifs: silence compiler warnings about ignoring return code
In this case we explicitly don't care what these functions return, so
declare a couple of unused variables to catch the results.
Signed-off-by: Jeff Layton
commit 82f93c44343f281ce61f547ff8f9e5f79945cb20
Author: Jeff Layton
Date: Wed Sep 12 07:49:44 2012 -0400
m
Re: [Samba] temporary profiles problem - don't want roaming profiles
(\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\SmartCardRoot Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\Disallowed Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Policies\Microsoft\SystemCertificates Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Policies\Microsoft\SystemCertificates Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Policies\Microsoft\SystemCertificates Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Policies\Microsoft\SystemCertificates Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\My Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\CA Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\trust Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\TrustedPeople Process 1396 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3331739098-3736223119-3628203672-500\Software\Microsoft\SystemCertificates\Root " Error10/8/2012 4:27:43 PMMicrosoft-Windows-User Profiles Service 1511NoneWindows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error10/8/2012 4:27:43 PMMicrosoft-Windows-User Profiles Service 1521None"Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. This error may be caused by network problems or insufficient security rights. DETAIL - The network name cannot be found. " Warning10/8/2012 4:28:17 PMMicrosoft-Windows-User Profiles Service1530None"Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-947950628-2177205791-3689072656-513: Process 10400 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-947950628-2177205791-3689072656-513 " On Fri, Oct 5, 2012 at 5:42 PM, Jeff Dickens wrote: > I have a Samba PDC (Ubuntu 12, OpenLDAP 2.4.28, Samba 3.6.3), and at two > remote sites, I have some Samba BDCs. > > For now I've manually entered the DCs as WINS servers on the workstations > I'm using for testing. At the remote sites, I can log in with an account > that has no logon path or logon home specified, and it works perfectly. > But at the main site, when I try to log on to one of these accounts I get > first get the "can't find the server copy of the roaming profile" and then > "can't find the local profile logging you in with a temporary profile" > errors. I can't figure this one out. I'm using the same account, and the > samba setups are nearly identical - just one is a BDC and one a PDC. > > This is smb.conf on the PDC: > > [global] > workgroup = SEAMANPAPER > server string = %h server (Samba, Ubuntu) > map to guest = Bad User > obey pam restrictions = Yes > passdb backend = ldapsam:ldap://localhost > syslog = 0 > log file = /var/log/samba/log.%m > max log size
[Samba] temporary profiles problem - don't want roaming profiles
e = 100-199 idmap config * : backend = ldap printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j [profiles] comment = Windows Profiles path = /home/samba/profiles read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes browseable = No csc policy = disable [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes [homes] comment = Home Directories valid users = %S read only = No browseable = No Also notice that my account (which has a roaming profile and works fine at all sites) has a "sambaProfilePath" attribute and the boris and rpoole accounts don't. This should make them no-roaming-profile accounts but it doesn't work consistently. It works at the two satellite sites but not at my main site. root@grackle:~# ldapsearch -W -D cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap://grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com "(uid=*jeff*)" | grep Path Enter LDAP Password: sambaHomePath: \\wilkins1\home *sambaProfilePath: \\wilkins1\home\.winProfile* root@grackle:~# root@grackle:~# ldapsearch -W -D cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap://grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com "(uid=*boris*)" | grep Path Enter LDAP Password: sambaHomePath: \\wilkins1\home root@grackle:~# ldapsearch -W -D cn=admin,dc=intranet,dc=seamanpaper,dc=com -H ldap://grackle.intranet.seamanpaper.com -b dc=intranet,dc=seamanpaper,dc=com "(uid=*rpoole*)" | grep Path Enter LDAP Password: sambaHomePath: \\wilkins1\home -- * Jeff Dickens* IT Manager 978-632-1513 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4, DHCP, & BIND DLZ
Hello, I have recently compiled, installed and configured samba4 to run on a FreeBSD server. samba -V reports the version to be Version 4.1.0pre1-GIT-57990cb. The server has working BIND 9.9 and ISC-DHCP services running on it. I have provisioned samba 4 to use the BIND_DLZ DNS backend. On the whole things seem to be working. local names are being resolved. phpLDAPAdmin shows the new AD. I need to resolve a couple of things though. (1) log.samba has a lot of [2012/09/20 15:41:08, 0] ../lib/util/util_runcmd.c:334(samba_runcmd_io_handler) /usr/local/samba/sbin/samba_dnsupdate: response to GSS-TSIG query was unsuccessful [2012/09/20 15:41:08, 0] ../lib/util/util_runcmd.c:334(samba_runcmd_io_handler) /usr/local/samba/sbin/samba_dnsupdate: response to GSS-TSIG query was unsuccessful [2012/09/20 15:41:08, 0] ../lib/util/util_runcmd.c:334(samba_runcmd_io_handler) /usr/local/samba/sbin/samba_dnsupdate: response to GSS-TSIG query was unsuccessful [2012/09/20 15:41:08, 0] ../lib/util/util_runcmd.c:334(samba_runcmd_io_handler) /usr/local/samba/sbin/samba_dnsupdate: response to GSS-TSIG query was unsuccessful [2012/09/20 15:41:09, 0] ../lib/util/util_runcmd.c:334(samba_runcmd_io_handler) /usr/local/samba/sbin/samba_dnsupdate: response to GSS-TSIG query was unsuccessful [2012/09/20 15:41:09, 0] ../lib/util/util_runcmd.c:334(samba_runcmd_io_handler) /usr/local/samba/sbin/samba_dnsupdate: response to GSS-TSIG query was unsuccessful What does it mean and how do I fix it?? (2) I need to ensure that DHCP is playing nicely with samba4. How are DNS updates from the DHCP server propagated to samba4?? I've changed my BIND so that it no longer uses zone files for the local domain. Instead it uses the bind9 dlz driver that came with samba4. If I understand correctly, this means that bind will now pass queries about the local domain off to samba. So samba must be updated whenever a new DHCP lease is granted by the dhcp server. Does the DLZ driver handle this, or does the DHCP server need to be configured to cause these updates to go directly to samba?? Thanks, Jeff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4, DHCP, & BIND DLZ
Hello, I have recently compiled, installed and configured samba4 to run on a FreeBSD server. samba -V reports the version to be Version 4.1.0pre1-GIT-57990cb. The server has working BIND 9.9 and ISC-DHCP services running on it. I have provisioned samba 4 to use the BIND_DLZ DNS backend. On the whole things seem to be working. local names are being resolved. phpLDAPAdmin shows the new AD. I need to resolve a couple of things though. (1) log.samba has a lot of [2012/09/20 15:41:08, 0] ../lib/util/util_runcmd.c:334(samba_runcmd_io_handler) /usr/local/samba/sbin/samba_dnsupdate: response to GSS-TSIG query was unsuccessful [2012/09/20 15:41:08, 0] ../lib/util/util_runcmd.c:334(samba_runcmd_io_handler) /usr/local/samba/sbin/samba_dnsupdate: response to GSS-TSIG query was unsuccessful [2012/09/20 15:41:08, 0] ../lib/util/util_runcmd.c:334(samba_runcmd_io_handler) /usr/local/samba/sbin/samba_dnsupdate: response to GSS-TSIG query was unsuccessful [2012/09/20 15:41:08, 0] ../lib/util/util_runcmd.c:334(samba_runcmd_io_handler) /usr/local/samba/sbin/samba_dnsupdate: response to GSS-TSIG query was unsuccessful [2012/09/20 15:41:09, 0] ../lib/util/util_runcmd.c:334(samba_runcmd_io_handler) /usr/local/samba/sbin/samba_dnsupdate: response to GSS-TSIG query was unsuccessful [2012/09/20 15:41:09, 0] ../lib/util/util_runcmd.c:334(samba_runcmd_io_handler) /usr/local/samba/sbin/samba_dnsupdate: response to GSS-TSIG query was unsuccessful What does it mean and how do I fix it?? (2) I need to ensure that DHCP is playing nicely with samba4. How are DNS updates from the DHCP server propagated to samba4?? I've changed my BIND so that it no longer uses zone files for the local domain. Instead it uses the bind9 dlz driver that came with samba4. If I understand correctly, this means that bind will now pass queries about the local domain off to samba. So samba must be updated whenever a new DHCP lease is granted by the dhcp server. Does the DLZ driver handle this, or does the DHCP server need to be configured to cause these updates to go directly to samba?? Thanks, Jeff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs ms dfs and failover
On Wed, 18 Jul 2012 17:31:28 +1000 Sam Abed wrote: > > Hello, > I can't find any reference on if linux understands multiple targets when it > mounts a MS dfs share, specifically if it can failover. > I can mount a MS dfs share fine, however if the server "picked" is shutdow > the mount hangs. I tried it on a recent ubuntu to discount the "enterprise" > lag. > > am I missing something or is it not working > (cc'ing linux-cifs) No, there's currently no support for failover with Linux CIFS DFS code. Once it picks the server, it stays with it. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS mount intermittently unavailable: cifs_mount failed w/return code = -5
On Mon, 27 Aug 2012 08:48:42 -0400 Jeff Layton wrote: > On Thu, 16 Aug 2012 19:57:27 +1000 > Robert S wrote: > > > I have a debian machine called "debian" and a windows XP machine > > called "server". I have a permanent mounted read-only share called > > \\server\doc. My /etc/fstab looks like this: > > > > //server/doc/opt/chroot/mnt/server cifs > > credentials=/root/.smbmount,username=medical,uid=medical,file_mode=0755,dir_mode=0755,noserverino > > 0 0 > > > > This works well most of the time but at times I get a input/output > > error when I try to access this share. My syslog shows the following: > > > > Aug 16 15:36:35 debian kernel: [1289131.676869] Status code returned > > 0xc0d0 NT_STATUS_REQUEST_NOT_ACCEPTED > > Aug 16 15:36:35 debian kernel: [1289131.676875] CIFS VFS: Send error > > in SessSetup = -5 > > Aug 16 15:36:35 debian kernel: [1289131.676899] CIFS VFS: cifs_mount > > failed w/return code = -5 > > Aug 16 15:36:46 debian kernel: [1289142.653770] Status code returned > > 0xc0d0 NT_STATUS_REQUEST_NOT_ACCEPTED > > Aug 16 15:36:46 debian kernel: [1289142.653775] CIFS VFS: Send error > > in SessSetup = -5 > > Aug 16 15:36:46 debian kernel: [1289142.653799] CIFS VFS: cifs_mount > > failed w/return code = -5 > > Aug 16 15:37:01 debian kernel: [1289158.491697] Status code returned > > 0xc0d0 NT_STATUS_REQUEST_NOT_ACCEPTED > > Aug 16 15:37:01 debian kernel: [1289158.491703] CIFS VFS: Send error > > in SessSetup = -5 > > Aug 16 15:37:01 debian kernel: [1289158.491727] CIFS VFS: cifs_mount > > failed w/return code = -5 > > > > Does anyone have any suggestions? Can somebody explain what return > > code -5 means? > > > > I have tried replacing "server" with its fixed IP address > > (192.168.0.32), but this does not help. I have even moved all the > > files to another location on the Windows box and recreated the share, > > but it still occurs. > > (cc'ing linux-cifs ml) > > -5 is -EIO which is the generic error that we map stuff to when there's > not a better mapping. We don't have a standard mapping for > NT_STATUS_REQUEST_NOT_ACCEPTED, so that's why you get -EIO back. > > The bigger question is why your server is returning that error. You may > need to check the logs on the server side to see why it's not accepting > these requests. > ...and interestingly, the description of this error in the MS-CIFS doc from microsoft says: "No resources currently available for this SMB request.", which sounds like you're occasionally hitting some sort of resource limit on the server... -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS mount intermittently unavailable: cifs_mount failed w/return code = -5
On Thu, 16 Aug 2012 19:57:27 +1000 Robert S wrote: > I have a debian machine called "debian" and a windows XP machine > called "server". I have a permanent mounted read-only share called > \\server\doc. My /etc/fstab looks like this: > > //server/doc/opt/chroot/mnt/server cifs > credentials=/root/.smbmount,username=medical,uid=medical,file_mode=0755,dir_mode=0755,noserverino > 0 0 > > This works well most of the time but at times I get a input/output > error when I try to access this share. My syslog shows the following: > > Aug 16 15:36:35 debian kernel: [1289131.676869] Status code returned > 0xc0d0 NT_STATUS_REQUEST_NOT_ACCEPTED > Aug 16 15:36:35 debian kernel: [1289131.676875] CIFS VFS: Send error > in SessSetup = -5 > Aug 16 15:36:35 debian kernel: [1289131.676899] CIFS VFS: cifs_mount > failed w/return code = -5 > Aug 16 15:36:46 debian kernel: [1289142.653770] Status code returned > 0xc0d0 NT_STATUS_REQUEST_NOT_ACCEPTED > Aug 16 15:36:46 debian kernel: [1289142.653775] CIFS VFS: Send error > in SessSetup = -5 > Aug 16 15:36:46 debian kernel: [1289142.653799] CIFS VFS: cifs_mount > failed w/return code = -5 > Aug 16 15:37:01 debian kernel: [1289158.491697] Status code returned > 0xc0d0 NT_STATUS_REQUEST_NOT_ACCEPTED > Aug 16 15:37:01 debian kernel: [1289158.491703] CIFS VFS: Send error > in SessSetup = -5 > Aug 16 15:37:01 debian kernel: [1289158.491727] CIFS VFS: cifs_mount > failed w/return code = -5 > > Does anyone have any suggestions? Can somebody explain what return > code -5 means? > > I have tried replacing "server" with its fixed IP address > (192.168.0.32), but this does not help. I have even moved all the > files to another location on the Windows box and recreated the share, > but it still occurs. (cc'ing linux-cifs ml) -5 is -EIO which is the generic error that we map stuff to when there's not a better mapping. We don't have a standard mapping for NT_STATUS_REQUEST_NOT_ACCEPTED, so that's why you get -EIO back. The bigger question is why your server is returning that error. You may need to check the logs on the server side to see why it's not accepting these requests. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 5.6 is ready for download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Time for another cifs-utils release!
Highlights:
* binaries are now built by default with PIE and RELRO support for
better protection against exploits
* better debugging and warnings for cifs.upcall and cifscreds
* better integration with systemd by having mount.cifs use
systemd-ask-password if it's appropriate and available
webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils
tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git:git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
Detailed list of changes since 5.5:
commit df561d40947e0b520deb48e1a4749afe9787949a
Author: Jeff Layton
Date: Fri Jun 1 13:56:21 2012 -0400
autoconf: set version to 5.5.1 for interim builds
Signed-off-by: Jeff Layton
commit 74edf24d9780900f3ce15d2403c6e331b031d454
Author: Jeff Layton
Date: Thu Jun 14 10:59:18 2012 -0400
automake: revert -Werror by default
I think in hindsight, that adding -Werror by default was a mistake.
cifs-utils is built in a wide range of environments and tools, and it's
very difficult to eliminate all of the possible warnings.
Let's go ahead and remove it and reduce the steady trickle of patches
that are simply to silence obscure warnings.
Cc: Suresh Jayaraman
Signed-off-by: Jeff Layton
commit 0eb3daa4b17ee64b464594f1a5d413ecb364957c
Author: Jeff Layton
Date: Thu Jun 14 10:59:18 2012 -0400
mount.cifs: set rc to 0 in libcap toggle_dac_capability
Thus spake Jochen:
The mount.cifs program from the cifs-utils package 5.5 did not work on
my Linux system. It just exited without an error message and did not
mount anything.
[...]
I think, when this variable rc is now used in this function, it has also
to be properly initialized there.
Reported-by: Jochen Roderburg
Signed-off-by: Jeff Layton
commit b7bea5254443cb121b0cf03a64b123b85d7f9fbb
Author: Jeff Layton
Date: Thu Jun 14 11:05:43 2012 -0400
cifs.upcall: more debug logging for krb5 upcalls
While helping to track down a configuration problem, I found this
little bit of extra debug logging to be helpful. Might as well
make it part of the stock binary.
Signed-off-by: Jeff Layton
commit a8611e25d44211cd57a91dce4fe7d7a7ad7534d4
Author: Jeff Layton
Date: Fri Jul 6 11:48:18 2012 -0400
replace: remove bzero() redefinition from replace.h
I borrowed replace.h from samba when I split off the package, and we
have a ton of definitions in there that we don't really need. This is
one of them and it causes a warning when we build on RHEL5.
Reported-by: Andreas Schneider
Signed-off-by: Jeff Layton
commit 233e17db8ef7edba1fea660e076a03a56b0117d2
Author: Jeff Layton
Date: Mon Jul 9 14:12:33 2012 -0400
autoconf: add --enable-pie and --enable-relro
-pie and -fpie enable the building of position-independent executables,
and -Wl,-z,relro turns on read-only relocation support in gcc. These
options are important for security purposes to guard against possible
buffer overflows that lead to exploits.
Follow the example of samba here and enable these by default, but add
configure options that allow people to turn them off at build-time if
necessary.
We may also want to eventually add checks to ensure that the compiler
and linker understand these options, but I'll wait until we have some
evidence that it's needed before I expend the effort.
Reported-by: Andreas Schneider
Signed-off-by: Jeff Layton
commit ced19dedc0fa7b36087b8eaeef6a6a9dc76aa55e
Author: Andreas Schneider
Date: Mon Jul 9 22:21:04 2012 -0400
autoconf: Fix building with autoconf version older than 2.60.
AC_PROG_SED is only avaliable in recent autoconf versions.
Use AC_CHECK_PROG instead if AC_PROG_SED is not present.
Signed-off-by: Andreas Schneider
commit 4e264031d0da7d3f2a287337e86b623e814f5c56
Author: Ankit Jain
Date: Wed Jul 18 06:47:07 2012 -0400
mount.cifs: Use systemd's mechanism for getting password, if present.
If systemd is running and /bin/systemd-ask-password if available,
then use that else fallback on getpass(..).
And add a --enable-systemd configure option, which defaults to yes.
Signed-off-by: Ankit Jain
commit 877701f3cc23df3cb2a293c060bdbf05a87bff6a
Author: Luk Claes
Date: Thu Jul 19 09:27:01 2012 -0400
mount.cifs: Use errno instead of having unknown error
When access() fails, use errno for a sensible error message.
Signed-off-by: Luk Claes
commit c44d290f3b5f221e7617bdb409bb8e44ceafef3e
Author: Jeff Layton
Date: Fri Jul 20 10:30:50 2012 -0400
cifscreds: add a check and warnings for session keyring problems
Many distros do not call int
[Samba] ANNOUNCE: cifs-utils release 5.5 is ready for download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nothing terribly earth-shattering in this release. We had a number of
reports of build-breaking problems in version 5.4, mostly due to the
fact that we now turn on -Werror by default, and a number of patches to
fix them.
I'm starting to have doubts as to whether it's a good idea to keep
- -Werror in the default CFLAGS. This is built in a large range of
environments and with a large range of different tool versions.
Catching all of the warnings can be difficult.
I've left that flag in place for now, but if it's causing significant
pain for anyone then please speak up, and we might remove it in a later
release.
Highlights:
* a bunch of fixes for compile time warnings and build breaks
* some fixes in the libcap capabilities dropping code
* remove unneeded mount.smb2 multicall code and other prep work for
smb2 support
* manpage updates for kernel-level behavior changes
webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils
tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git:git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
Detailed list of changes since 5.4:
commit 676f0386df51b36df42d8b6b815b7d9d8b6934dc
Author: Jeff Layton
Date: Thu Apr 19 07:29:33 2012 -0400
autoconf: set version to 5.4.1 for interim builds
Signed-off-by: Jeff Layton
commit 8c6268cbbd4202631e5c4b30297adc0088a1d568
Author: Jeff Layton
Date: Thu Apr 19 07:29:46 2012 -0400
mount.cifs: fix up some -D_FORTIFY_SOURCE=2 warnings
...and add -D_FORTIFY_SOURCE=2 to the default $CFLAGS.
Acked-by: Acked-by: Suresh Jayaraman
Signed-off-by: Jeff Layton
commit be5b954e35858c09dfaeee33bf06bb0dc76a86f9
Author: Lars Mueller
Date: Fri Apr 20 07:58:54 2012 -0400
mount.cifs: uninitialized variables in mount.cifs
older gcc versions (4.3 in the case of SUSE Linux Enterprise 11 SP 1 and
SP 2) complain about uninitialized variables in the recent 5.4 release.
The attached patch makes the build process a bit quieter.
Acked-by: Suresh Jayaraman
Signed-off-by: Lars Mueller
commit e5f124c10fa8e582c5df61017d6f6c2b10c397dc
Author: Lars Mueller
Date: Fri Apr 20 07:59:06 2012 -0400
cifs.upcall: missing prototype for krb5_auth_con_set_req_cksumtype in MIT
krb5 < 1.7
products coming with MIT krb5 < 1.7 (like SUSE Linux Enterprise 11 SP 1
or SP 2) suffer from the same issue as described by
https://bugzilla.samba.org/show_bug.cgi?id=6918
The declaration of krb5_auth_con_set_req_cksumtype is missing.
Inspiration: https://bugzilla.samba.org/show_bug.cgi?id=6918
Acked-by: Suresh Jayaraman
Signed-off-by: Lars Mueller
commit 0aa12de5c1565d56a240d7b0dd814316f4ea81f3
Author: Lars Mueller
Date: Fri Apr 20 07:59:15 2012 -0400
mount.cifs: toggle_dac_capability() stores return code
the build process of the cifs-utils for Mandriva 2011 made me notice of
the unused variable rc in toggle_dac_capability() of mount.cifs.c.
A bit up in the code we store the return value and do not make use of it
while calling return.
The attached patch intends to fix this.
The failing build result is still visible at
https://build.opensuse.org/package/live_build_log?arch=x86_64&package=cifs-utils&project=network%3Asamba%3ASTABLE&repository=Mandriva_2011
Acked-by: Suresh Jayaraman
Signed-off-by: Lars Mueller
commit a91fb0671273e4ef9079ee7860574c460aa94a51
Author: Jeff Layton
Date: Fri Apr 20 07:59:17 2012 -0400
mount.cifs: remove unnecessary getuid() check in libcap version of
toggle_dac_capability
I'm not sure what I was thinking when I added that check in, but it's
been there since the inception. We shouldn't care at all what the
real uid is when we call toggle_dac_capability and indeed we don't
care with the libcap-ng version. Remove that check.
Signed-off-by: Jeff Layton
commit bab572a89bd0d989bd761e8cea926dfcf48b938d
Author: Jeff Layton
Date: Wed May 2 14:25:28 2012 -0400
mount.cifs: don't pass credentials= option to the kernel
We handle this option in userspace, so there's little value in also
passing it to the kernel.
Also fix minor double-comma nit in the options string.
Reported-by: Ronald
Signed-off-by: Jeff Layton
commit 9410c776a3bd69a8434e5f01174bc59f08e7e62a
Author: Jeff Layton
Date: Mon May 14 06:41:29 2012 -0400
doc: update mailing list
Signed-off-by: Luk Claes
commit 9e3c3c4b4ae4c3e9eb2eb6297c31c50337b2fd07
Author: Jeff Layton
Date: Thu May 17 06:46:38 2012 -0400
mount.cifs: don't send a mandatory ver= option to the kernel
Traditionally, this ver= option was used to specify the "options
version" that we
Re: [Samba] mount.cifs Is it possible to have a file owned by the user who creates the file?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 17 May 2012 14:37:00 +0200 steve wrote: > On 05/17/2012 02:34 AM, Jeff Layton wrote: > > On Wed, 16 May 2012 17:30:23 +0200 > > steve wrote: > > > >> On 05/16/2012 02:56 PM, steve wrote: > >>> Hi > >>> e.g. > >>> mount.cifs //192.168.1.6/reports /mnt -o rw,setuids,nodev,user=steve2 > >>> > >>> Any file created in the share is always owned by steve2 (or the person > >>> who mounted the share). > >>> > >>> According to man cifs(8), the setuids overrides this but doesn't seem > >>> to work for us. We'd like it to be the same behavior as nfs if that's > >>> possible. > >>> > >>> Version 4.0.0alpha21-GIT-46a41d0 with s3fs > >>> > >>> Cheers, > >>> Steve > >>> > >>> > >> CORRECTION: > >> It _looks_ as though it's owned by the person specified as user _when in > >> the share_ but the actual file (the unmounted file) is always owned by > >> root. > >> Steve > > Sadly, permissions enforcement and handling in cifs.ko are badly > > broken by default. > > > > The only way to do this properly is to switch to using multiuser > > mounts. Have a look at the multiuser option in mount.cifs(8) and > > cifscreds(1). > > > > Cheers, > Hi Jeff > Thanks for the confirmation. Strangely, I found by accident that using > the .gvfs smb:// mount in Nautilus does actually create user owned > files. I'm sure that there must be a catch there somewhere though: > AFAIK, the .gvfs stuff uses a libsmbclient fuse-based fs. Apples and oranges here... > kinit Administrator > mount.cifs -o rw,uid=308,sec=krb5 //server/share /somewhere > Calling mount.cifs directly isn't recommended. It's a mount helper that's intended to only be called from /bin/mount. > produces uid 308 files no matter who accesses the share. Leaving off > the uid= creates files as uid=root. Maybe the .gvfs is doing what you > described on a who-ever-is-logged-in-and-access's-it basis? > That's correct behavior. If you've specified uid= which tells the client to forcibly override all of the uids in the inodes with the value you provided. It can't do that on the server however. All the server sees is a call to create a file that came from the client by "Administrator". That probably doesn't match up to uid 308 on the server, which is why you see the mismatch. What you may want to do is to instead use "-o sec=krb5,multiuser", which will make cifs.ko switch to multiuser mode. In that mode, each uid on the client that accesses the mount will do so using their own credentials and (most importantly) the client won't try to enforce permissions locally. It does mean that every user who accesses the mount will need a krb5 ticket however instead of every user sharing the same set of credentials. - -- Jeff Layton -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.18 (GNU/Linux) iQIcBAEBAgAGBQJPvhjQAAoJEAAOaEEZVoIVyq4P/j7te66su6d4RkZJ6DOPELae v89mjwfn79ro4JBRnrdj8M2Qo7vO3a4Y/F7x0VhO2mVmU5P8JPmzunCuS/z31G+k 7hHUCTbl1sME2tePHk18SybW/zbrKINPJjK+pzkyoDfWLRZjDF0yeJv2rSFjI2ET tAd71oZ2gyOtPJemZwAkeGrqDIEENS0D5m1U0HNKkOyqd7VJxxvu+C6Z8bD2jYKR ByO63Fe6D7YM+ldGPCR+XLgGj7aBTzeWTdrvzPXWPMEl09btG7Yy6kktlLanae3T a6LZ2p2r66/18OfFgZpR9Mifgd4diZx/bNTKaM59joh1DUyrPOT8o7xs7Pdi2XW6 E+NUCbDoZZ4zo7mfdZDRHYTVDw6Z6LhXE6O+gvpzBvMeDVWx4ciW+64c2ml6GdIv NS1wX74joA7Hwb9Mnnr5mhUUjnZXpviSDFFY6DESEI4okJFY7bxGv6+rllnPrbji GKqW4xhR0Bl9/TzXnKY4yvJMcL94wbuLo+c1TGKcC6Q+ObNEHrcny3LMe+wYb2fo rCwPrZ3essw6J8j6/u42eol0pC4BjWgfMr1ex/HTyHiMycCTKd+rVL2cO94751at spGZ15HZ9hMJZow0S9A41/JG+5enHSz+PX4DfnFAIKd+rpIbqX2N1bkZsyyIup/s Yc32hr1g5iphc5g9hueH =R+2L -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trouble with mount.cifs while smbclient works (Ubuntu 12.04)
On Tue, 22 May 2012 15:24:56 +0200 Michael Wood wrote: > On 21 May 2012 17:44, Jeff Layton wrote: > > On Mon, 21 May 2012 09:59:44 -0500 > > wrote: > > > >> Early responses are not encouraging. It sounds like this was not an > >> accidently happening, but they *intend* to obscure the root level of the > >> share. > >> > >> Might it work to try to downgrade my Samba installation to a version prior > >> to the introduction of this bug? If so, do you know which version would > >> be the latest to still work? > >> > > > > No, it was not intentional, just not simple to fix. > > I think you misinterpreted Scott's message :) > > I read it to mean that the people who set up his NAS intended for the > root of the share to be "obscured". Not that the cifsfs developers > intended to break things. > Yes, he mailed that to me privately later. He also asked whether downgrading the client's kernel might help here. It might, but you'll need to go pretty far back -- pre-3.0 or so... -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trouble with mount.cifs while smbclient works (Ubuntu 12.04)
On Mon, 21 May 2012 09:59:44 -0500 wrote: > Early responses are not encouraging. It sounds like this was not an > accidently happening, but they *intend* to obscure the root level of the > share. > > Might it work to try to downgrade my Samba installation to a version prior to > the introduction of this bug? If so, do you know which version would be the > latest to still work? > No, it was not intentional, just not simple to fix. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Edit security/permissions of Windows share from Linux client?
On Thu, 17 May 2012 04:54:14 -0700 Jack Bates wrote: > Is there a way to edit the security/permissions of a Windows share from > a Linux client? > > The Windows share belongs to a Windows Server 2008 server. From a > Windows client I can go to the "Security" tab of the "Properties" dialog > and edit the permissions. I want to do effectively the same thing, but > from my Linux client > > Is there any way? Recent cifs-utils versions contain the getcifsacl and setcifsacl programs that allow you to query and set ACLs directly. That does require a relatively recent kernel (2.6.37 or so). -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trouble with mount.cifs while smbclient works (Ubuntu 12.04)
On Fri, 18 May 2012 16:32:29 -0500 wrote: > Yes, I think that has been the normal behavior since our data was moved to > this device. I assumed it was due to filesystem permissions -- that I don't > have read access to the root level of the share, but do have r/w access to > the /training/ directory below it. > > Using smbclient, get "NT_STATUS_ACCESS_DENIED" when I try: > > ls > ls training > ls /training > ls /training/ > > but if I cd to training, I can list its contents. > > BTW, > > I've tried appending the path in my mount command as well and mount.cifs > still doesn't handle it: > > Known problem since the superblock sharing patches went in. cifs.ko needs to establish a dentry and inode for the root of the share and then walks down to the "prefixpath" for the mount. Unfortunately if you don't have access to any point along that path, the mount will fail. There have been a couple of proposals to fix it, but they've had their own problems. What probably needs to happen is to do something like what NFS does in its superblock sharing model. Allow several trees of dentries within a superblock and only connect them later if we happen to stumble across the right entry. See commit 54ceac45159 for an explanation of the model NFS uses for this. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs Is it possible to have a file owned by the user who creates the file?
On Wed, 16 May 2012 17:30:23 +0200 steve wrote: > On 05/16/2012 02:56 PM, steve wrote: > > Hi > > e.g. > > mount.cifs //192.168.1.6/reports /mnt -o rw,setuids,nodev,user=steve2 > > > > Any file created in the share is always owned by steve2 (or the person > > who mounted the share). > > > > According to man cifs(8), the setuids overrides this but doesn't seem > > to work for us. We'd like it to be the same behavior as nfs if that's > > possible. > > > > Version 4.0.0alpha21-GIT-46a41d0 with s3fs > > > > Cheers, > > Steve > > > > > CORRECTION: > It _looks_ as though it's owned by the person specified as user _when in > the share_ but the actual file (the unmounted file) is always owned by root. > Steve Sadly, permissions enforcement and handling in cifs.ko are badly broken by default. The only way to do this properly is to switch to using multiuser mounts. Have a look at the multiuser option in mount.cifs(8) and cifscreds(1). Cheers, -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SMBD not running
All, I cloned a machine running AIX 5.3 (TL11) and it had Samba 3.0.29 on it. Everything is working fine with the exception of Samba. When I start Samba, nmbd starts, but smbd does not. I checked under /var/log/samba and there is no log file there. All looks correct in the inetd.conf file, and as far as I can tell, the services file is correct. I have several ports that I have been checking, but I am not sure which one is key. My records show these as being ports that are used: TCP port 445 UDP 137, 138 TCP 137, 139 TCP 901 I even tried upgrading to the latest Samba (3.6) hoping that it was just one of the files being corrupted, but still the same thing. In inetd.conf, I have the following lines: netbios-ssn stream tcp nowait root /opt/pware/sbin/smbd smbd netbios-ns dgram upd wait root /opt/pware/sbin/nmbd nmbd What could it be? Please email me directly, as I am not currently not joined on the list. Any help you can offer would be greatly appreciated. Thanks, Jeff jeff.zeilm...@clientservices.com<mailto:jeff.zeilm...@clientservices.com> This message, and any attachment(s), contains CONFIDENTIAL information. This transmission is intended to be for the sole use of the individual(s) or entity(ies) named on the e-mail transmission message. If you are not the intended recipient, you are hereby advised that any review, disclosure, copying, distribution or use of the information, contents and/or attachments of this e-mail message is prohibited. If you have received this transmission in error, please immediately delete this message and notify us of this error by telephone at (800) 521-3867. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SMBD not running
All, I cloned a P5 machine running AIX 5.3 TL7 and it had Samba 3.0.29 on it. The machine I cloned it to is a P7 running AIX 5.3 TL11. Everything is working fine with the exception of Samba. When I start Samba, nmbd starts, but smbd does not. I checked under /var/log/samba and there is no log file there. All looks correct in the inetd.conf file, and as far as I can tell, the services file is correct. I am using my original smb.conf file, and there is no active directory integration. I have several ports that I have been checking, but I am not sure which one is key. My records show these as being ports that are used: TCP port 445 UDP 137, 138 TCP 137, 139 TCP 901 I even tried upgrading to the latest Samba (3.6) hoping that it was just one of the files being corrupted, but still the same thing. In inetd.conf, I have the following lines: netbios-ssn stream tcp nowait root /opt/pware/sbin/smbd smbd netbios-ns dgram upd wait root /opt/pware/sbin/nmbd nmbd What could it be? Any help you can offer would be greatly appreciated. Thanks, Joe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 5.4 is ready for download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Since we now have a fix of sorts for CVE-2012-1586, it seems like as
good a time as any to do a new release. Go forth, download and build
cifs-utils-5.4.
Highlights:
* the "rootsbindir" can now be specified at configure time
* mount.cifs now supports the -s option by passing "sloppy" to the
kernel in the options string
* cifs.upcall now properly respects the domain_realm section in
krb5.conf
* unprivileged users can no longer mount onto dirs into which they
can't chdir (fixes CVE-2012-1586)
webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils
tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git:git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
Detailed list of changes since 5.3:
commit 9d74366169305bd3ea3c4bac036bfc982aa15648
Author: Jeff Layton
Date: Sun Feb 12 07:32:27 2012 -0500
autoconf: set release to 5.3.1 for interim builds
Signed-off-by: Jeff Layton
commit f9524f772c62bbfd7c190b8249ed66990ed3227a
Author: Jeff Layton
Date: Sun Feb 12 07:33:01 2012 -0500
autoconf: set release to 5.3.1 for interim builds
Signed-off-by: Jeff Layton
commit c753cfe5491cfb1f1f74ca41444706383ab9f0e3
Author: Jeff Layton
Date: Sun Feb 12 07:33:05 2012 -0500
cifs-utils: allow specifying rootsbindir at configure time
...via the $ROOTSBINDIR environment variable, and AC_ARG_VAR macro.
The default is to use /sbin for this value, which only currently
affects the installation location of mount.cifs.
Signed-off-by: Jeff Layton
commit 1c2f85a6aecffa7260709e5a44d77335bcade13f
Author: Jeff Layton
Date: Mon Feb 20 09:02:54 2012 -0500
manpage: update wsize= entry to account for change in default wsize
Signed-off-by: Jeff Layton
commit f6384b4fe1ffdeebee3e9d73dd533a4fbf83b6d8
Author: Jeff Layton
Date: Thu Feb 23 10:42:09 2012 -0500
mount.cifs: fix tests for strtoul success
The current test just looks to see if errno was 0 after the conversion
but we need to do a bit more. According to the strtoul manpage:
If there were no digits at all, strtoul() stores the original value
of nptr in *endptr (and returns 0).
So, if you pass in a string of letters, strtoul will return 0, but
won't actually have converted anything. Luckily, in most cases, /bin/mount
papers over this bug by doing uid/gid conversions itself before calling
mount.cifs.
Fix this by also checking to ensure that strtoul() converted the entire
string in addition to checking that it didn't set errno. While we're at
it, fix the test in backupuid/backupgid options as well which don't
currently check whether errno got set.
Reported-by: Kyle Squizzato
Signed-off-by: Jeff Layton
commit b0bc3861bfc7b258045d1d456cf2ef4a43ea9562
Author: Jeff Layton
Date: Tue Mar 6 10:54:28 2012 -0500
mount.cifs: add support for -s option
autofs generally calls mount helpers with '-s'. Handle that the same
way we do for NFS -- append ",sloppy" option to the mount options.
The kernel can look for that option to decide whether to ignore
unknown mount options, warn, or error out.
Signed-off-by: Jeff Layton
commit c5dcf26c0d87d9e8342d2c946e039066de29d30a
Author: Jeff Layton
Date: Thu Mar 29 09:11:29 2012 -0400
cifs.upcall: use krb5_sname_to_principal to construct principal name
Currently, we build the string by hand then then construct the
principal name with krb5_parse_name. That bypasses the domain_realm
section in krb5.conf however.
Switch the code to use krb5_sname_to_principal instead which is more
suited to this task. In order for that to work, we change a couple of
calling functions to pass down a hostname instead of a principal
name, and then pass in "cifs" as the service name.
Reported-and-Tested-by: Nirupama Karandikar
Signed-off-by: Jeff Layton
commit fd31a7c0ba7f1282d2d81193d4d100fdc926b99b
Author: Jeff Layton
Date: Mon Apr 2 15:28:56 2012 -0400
mount.cifs: don't allow unprivileged users to mount onto dirs to which they
can't chdir
If mount.cifs is installed as a setuid root program, then a user can
use it to gather information about files and directories to which he
does not have access.
One of the first things that mount.cifs does is to chdir() into the
mountpoint and then proceeds to perform the mount onto ".". A malicious
user could exploit this fact to determine information about directories
to which he does not have access. Specifically, whether the dentry in
question is a file or directory and whether it exists at all.
This patch fixes this by making the program switch the fsuid to the
real uid for un
Re: [Samba] Transfer speed
On Tue, 10 Apr 2012 16:36:56 +0200 Volker Lendecke wrote: > On Tue, Apr 10, 2012 at 08:55:14AM -0500, Chris Weiss wrote: > > On Tue, Apr 10, 2012 at 8:53 AM, Volker Lendecke > > wrote: > > > On Tue, Apr 10, 2012 at 08:26:48AM -0500, Chris Weiss wrote: > > >> that's dramatic! what needs done (from a user POV) to get this > > >> backported into Stable distro kernels? suggestions? > > > > > > Wait until the next major releases pick it up. > > > > that's a really crappy option. in certain cases that > > could be 4 years from now. > > Well, if you are an important enough RH customer you might > be able to apply pressure. But that's a LOT of money > probably. Same for SuSE. Debian will likely be very > resistant against that kind of bribery^Wincentive. > The patches involved here are pretty invasive. Backporting them is not for the faint-of-heart. Async write support went into RHEL 6.2. So far, no one has piped up to request async read support in RHEL6 yet, but we may backport it there at some point if someone requests it. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Transfer speed
On Tue, 10 Apr 2012 15:43:53 +0200 Emmanuel Florac wrote: > Le Tue, 10 Apr 2012 08:26:48 -0500 > Chris Weiss écrivait: > > > that's dramatic! what needs done (from a user POV) to get this > > backported into Stable distro kernels? suggestions? > > Most distros have recent kernels available in their repositories AFAIK. > I personnally prefer to compile my own kernels from vanilla unpatched > source. > > BTW I've tested with 3.1.10 too, and it falls in between 2.6.35 and > 3.2 : writes fast at 100 MB/s like 3.2 but reads slowly at 35 MB/s > like 2.6.35. > That's because async write support went in first (3.0?) and then async read support went into 3.2 or 3.3. 3.4 will get async write support for "strictcache" writes (when the client doesn't have an oplock and is writing around the cache). I'm currently working on a set of patches to do async reads around the cache as well when we don't have an oplock, and at that point I'll propose to make "strictcache" the default (as the protocol mandates). -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] system freeze with message CIFS VFS: Unexpected lookup error -88
On Thu, 23 Feb 2012 15:31:40 +0100 Denis Cardon wrote: > Hi everyone, > > I have had a few system freezes in the recent months (debian squeeze > with vmlinuz-2.6.32-5-686-bigmem), with the following message in dmesg : > > CIFS VFS: Unexpected lookup error -88 > CIFS VFS: Send error in SessSetup = -88 > > It is the same symptoms as in the redhat bugzilla : > > https://bugzilla.redhat.com/show_bug.cgi?id=711400 > > It it mentionned that it is patched in redhat kernel > kernel-2.6.32-170.el6, but I have not found any information if that > patch was sent upstream, and if yes, in which cifs module version. > > If anyone has information on this one, I'd be glad to hear. > > Cheers, > > Denis Cardon It's upstream commit 7fdbaa1b. Cheers, -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Does Samba affect leap second?
On Wed, Feb 22, 2012 at 6:23 PM, ITPFS oota wrote: > At 2012-06-30, leap second will be introduced. > > ftp://hpiers.obspm.fr/iers/bul/bulc/bulletinc.dat > > Does Samba affect leap second? > I pretty sure this would be taken care of by ntp. > -- > --- Oota Toshiya --- t-oota at dh.jp.nec.com > NEC Systems Software Operations Unit Shiba,Minato,Tokyo > IT Platform Solutions Division Japan,Earth,Solar system > (samba-jp/ldap-jp Staff,mutt-j/samba-jp postmaster) > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs gives error 13 after changing servers -- hidden cache??
On Wed, 15 Feb 2012 13:23:06 -0600 Digit Ijit wrote: > A sysadmin moved a share from one Windows server to another. I am now > getting error 13 when trying to mount the share from the new server. > > The following worked before the server was replaced: > > mount.cifs //ipaddress1/share1$ /mnt/share1 -o > credientials/home/whatever/.smbcredentials,rw > mount.cifs //ipaddress2/share2$ /mnt/share2 -o > credientials/home/whatever/.smbcredentials,ro > > Change: server ipaddress2 was replaced with server ipaddress3 and share2$ > was created on that server. > > mount.cifs //ipaddress1/share1$ /mnt/share1 -o > credientials/home/whatever/.smbcredentials,rw > Still works! > mount.cifs //ipaddress3/share2$ /mnt/share2 -o > credientials/home/whatever/.smbcredentials,ro > FAILS with mount error(13): Permission denied > > However, I can browse to //ipaddress3/share2$ using nautilus, and it is > also accessible from any Windows box on the network! This problem looks > similar to > lists.samba.org/archive/samba/2011-June/162704.html. Clearly, mount.cifs > seems to cache information somewhere. I have looked through /etc, /lib, > /var and /proc for any evidence that ipaddress2 was cached, but cannot find > anything. Any tips on how to solve this problem? > > Thanks! No, mount.cifs doesn't cache anything. It's more likely that the server is just rejecting the authentication for some reason. mount.cifs generally just passes the username and password to the kernel, so the problem is likely there... What kernel are you using on the client here, and what version of cifs-utils do you have? -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 5.3 is ready for download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
With the overhaul of the cifscreds utility, I figured this would be a
good time to do a new release.
Highlights:
* admins can now tell cifs.upcall to use an alternate krb5.conf file
* on remount, mount.cifs no longer adds a duplicate mtab entry
* the cifscreds utility has seen a major overhaul to allow for
multiuser mounts without krb5 auth
webpage:https://wiki.samba.org/index.php/LinuxCIFS_utils
tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git:git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
Detailed list of changes since 5.1:
commit c3fff275e873fd9b9639124e993dd4ad737614db
Author: Jeff Layton
Date: Fri Dec 9 21:36:00 2011 -0500
autoconf: bump release to 5.2.1 for interim builds
Signed-off-by: Jeff Layton
commit 2a9738cefaf8a9496ff0683e18357b3548da0b28
Author: Jeff Layton
Date: Sat Dec 10 06:49:33 2011 -0500
contrib: add a set of sample /etc/request-key.d files
Add a contrib directory, a set of sample /etc/request-key.d files and
a README that explains what they're for. This version sets the path
to the upcall programs based on the configure options.
Signed-off-by: Jeff Layton
commit cee919c2f3fb7b96518b800680664a15a6551d93
Author: Jeff Layton
Date: Tue Jan 10 18:30:56 2012 -0500
get/setcifsacl: don't link in -lkeyutils
These binaries don't use keys API at all. There's no need to link in
the keys library.
Reported-by: Frédéric L. W. Meunier
Signed-off-by: Jeff Layton
Acked-by: Shirish Pargaonkar
commit 80682b216fed9ea52e1498890eb248567aba2a06
Author: Jeff Layton
Date: Tue Jan 10 18:34:43 2012 -0500
cifs.upcall: allow admins to specify an alternate krb5.conf file
This was actually requested by the Red Hat QA group, who sometimes work
with multiple krb5.conf files when testing.
Requested-by: Marko Myllynen
Signed-off-by: Jeff Layton
commit f46dd7661cfb87257c95081fc2071c934bfbbb16
Author: Carlos Maiolino
Date: Mon Jan 16 12:29:49 2012 -0500
mount.cifs: Properly update mtab during remount
During a remount of a cifs filesystem, the mtab file is not properly
updated, which leads to a doubled entry of the same filesystem in the
/etc/mtab file. This patch adds a new function del_mtab() which is
called before the add_mtab() in case the fs is being remounted.
The del_mtab() function will delete from the mtab, the old entry from
the filesystem which is being remounted, and then, calls add_mtab() to
add an updated entry to the mtab file.
Signed-off-by: Carlos Maiolino
commit 92be8b6775958814d39fb19247ff85947a2e4f9e
Author: Jeff Layton
Date: Mon Jan 16 13:22:28 2012 -0500
mount.cifs: handle errors from rename() in del_mtab
The new del_mtab code ignored errors from rename(). Make it handle that
error as well like it does other errors.
Cc: Carlos Maiolino
Signed-off-by: Jeff Layton
commit 9da16c91477293e7b367127b0bdec92d9613440f
Author: Jeff Layton
Date: Tue Jan 17 14:43:23 2012 -0500
util: move getusername to util.c
Signed-off-by: Jeff Layton
commit 0c84231d1a735c10cad94b47a4a5e5eb560d1cdb
Author: Jeff Layton
Date: Tue Jan 17 14:43:23 2012 -0500
cifscreds: add unused attribute to argv parm in cifscreds_clearall
...to eliminate this warning:
cifscreds.c: In function ‘cifscreds_clearall’:
cifscreds.c:422:47: warning: unused parameter ‘argv’
Signed-off-by: Jeff Layton
commit 57881972fa03c3624ea06f3245e1ba6c84cc2d68
Author: Jeff Layton
Date: Tue Jan 17 14:43:23 2012 -0500
cifscreds: eliminate domain parm from most functions
Eventually we'll add this back in a different way. The domain and
address should be exclusive of one another. IOW, we want the kernel to
be able to find credentials for a specific address or for the domain of
which the server is a member.
Signed-off-by: Jeff Layton
commit d8b906abc655726079aaff753b3dfa7517b19067
Author: Jeff Layton
Date: Tue Jan 17 14:43:24 2012 -0500
cifscreds: remove user parameter from create_description
The username should be part of the key payload and not part of
the description. Also, prefix the address with an "a:" in the
description. Eventually we'll also need a "domain" key variant.
Signed-off-by: Jeff Layton
commit 1578af7afadf0c9cb132ea9224c877dced1f0114
Author: Jeff Layton
Date: Tue Jan 17 14:43:24 2012 -0500
cifscreds: make username part of value instead of description
Change the payload to be "username:password". Since usernames can't
contain ':', this is suitable delimiter. Also, create_description
is just a sprintf now, so eliminate it.
Signed-off-by: Jeff Layton
commit c0
[Samba] unable to access swat with password on Unix server running AIX
I get this error and the only way around it is to use option "-a" [2011/12/21 15:25:55, 0] auth/pampass.c:smb_pam_passcheck(810) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User root ! All the information I found out about this issue is for linux. AIX is not setup on this server to use pam and it does not have a /etc/pam.d file I downloaded three versions of samba from pware. The newest for 32 and 64 bit and an older version with the same problem with all three. Everything works except accessing swat using a password. I think it has something to do with AIX 6.1 because I am running samba on another server that is running AIX 5.3 without this issue I am still researching but if anyone has seen this before I would like to hear from you Thanks This electronic mail and any attached documents is intended solely for the named addressee(s) and contains confidential information. If you are not an addressee, or responsible for delivering this email to an addressee, you have received this email in error and are notified that reading, copying, or disclosing this email is prohibited. If you received this email in error, immediately reply to the sender and delete the message completely from your computer system. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 5.2 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Things have been relatively quiet lately. Time for a release! Highlights: * A lot of manpage updates, additions and corrections * cifs.idmap can now map uid/gid to SID in addition to the other way around * getcifsacl/setcifsacl are now installed by default in /usr/bin instead of /usr/sbin. The manpages are now in section 1. * cifs.upcall has a new scheme for picking the SPN on krb5 mounts. The hostname is now always lowercased. If we fail to get a ticket using an unqualified name, it now attempts to guess the domain name. webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed list of changes since 5.1: commit 62a1005814793dd7fa5e819d6619065ae8edf240 Author: Jeff Layton Date: Fri Sep 23 14:00:14 2011 -0400 autoconf: bump version to 5.1.1 for interim builds Signed-off-by: Jeff Layton commit f9df5f8e629176db7a1812f7914a45e2977c3e4c Author: Jeff Layton Date: Sat Sep 24 08:01:16 2011 -0400 acltools: install them in $bindir, not $sbindir Move the manpages to section 1 since getcifsacl and setcifsacl are user, not sysadmin tools. Get rid of the useless sed calls on the manpages. They don't have any explicit paths in them that need replacing. Also get rid of the "4.0" in the footers of all the manpages. Signed-off-by: Jeff Layton commit 814a5e1868e8a557cbff8181a480fb84b45abae7 Author: Jeff Layton Date: Tue Oct 18 07:35:21 2011 -0400 manpage: move SEE ALSO section in setcifsacl.1 nearer to bottom The convention is to have that close to the bottom of the manpage. In this case, we want it after the EXAMPLES section. Signed-off-by: Jeff Layton commit ca20bbff426d3b84c23df1df71d7a227206e Author: Suresh Jayaraman Date: Tue Oct 18 08:01:21 2011 -0400 cifs-utils: mention the kernel version that introduced setcifsacl Reviewed-by: Shirish Pargaonkar Signed-off-by: Suresh Jayaraman commit d9c1bf93015e6939d16a319411566de1563a93ca Author: Suresh Jayaraman Date: Tue Oct 18 08:01:26 2011 -0400 cifs-utils: manpage: mention the kernel version that introduced getcifsacl Reviewed-by: Shirish Pargaonkar Signed-off-by: Suresh Jayaraman commit a31ff1481f4dc633d2f32d1e0772d1da9b5dee46 Author: Suresh Jayaraman Date: Tue Oct 18 08:01:30 2011 -0400 cifs-utils: manpage: mention the required kernel version to make cifs.idmap work Cc: Shirish Pargaonkar Signed-off-by: Suresh Jayaraman commit c55ad41d1a11e897b4db166f800d4abd71d86652 Author: Shirish Pargaonkar Date: Wed Oct 19 14:18:07 2011 -0400 mount.cifs: Add mount options for backup intent and their manpages (try #8) Add mount options backupuid and backugid and their manpage contents. Check for either a valid uid/gid or valid user/group name. Signed-off-by: Shirish Pargaonkar commit e92709981e5d3e927a0ba823d7c94d7cf0940897 Author: Jeff Layton Date: Wed Oct 19 14:18:12 2011 -0400 manpage: cleanups to new backupuid/gid sections Minor cleanups and consistency fixes... Cc: Shirish Pargaonkar Signed-off-by: Jeff Layton commit 71c358b25c9bcd9b030a8f6844eecd42488e6724 Author: Shirish Pargaonkar Date: Wed Oct 19 14:18:12 2011 -0400 cifs.idmap: Add uid/gid to SID mapping functions (try #3) Add functions to map a uid and gid to a SID. These functions are similar to SID to uid and gid mapping functions. A SID is what is returned to the cifs module. Signed-off-by: Shirish Pargaonkar commit b6eb2f2f9f5ce0c64c57e2f59ef2ce80932decca Author: Jeff Layton Date: Wed Oct 19 14:25:31 2011 -0400 manpage: document new rsize= behavior With the addition of async readpages in 3.2 kernels, the behavior of the rsize= option has changed. Signed-off-by: Jeff Layton commit fa488d9fd2a0d722cfcccea6c84599366b58b0de Author: Jeff Layton Date: Sat Nov 12 09:58:02 2011 -0500 cifs.upcall: silence unused parameter warning cifs.upcall.c: In function ‘cifs_krb5_principal_get_realm’: cifs.upcall.c:80:57: warning: unused parameter ‘context’ [-Wunused-parameter] Signed-off-by: Jeff Layton commit d540fe20e3943293f493a80529da012d00782ebe Author: Jeff Layton Date: Sat Dec 3 05:57:11 2011 -0500 resolve_host: silence compiler warning about discarding const qualifier ...don't use "ipaddr" here since it's a const pointer. Signed-off-by: Jeff Layton Reviewed-by: Steve French commit 7976a38aa27acdc2057e3314b87cfce3893a04e8 Author: Jeff Layton Date: Sat Dec 3 05:57:14 2011 -0500 cifs.upcall: move to an on-stack princ buffer ...and check to see if provided hostname will exceed it.
[Samba] passing ip address to pdf printing script?
I have a samba printer entry that goes to script as follows [pdf_printer] comment = Print to create PDF printing = LPRNG path = /tmp/ printable = yes print command = /usr/local/bin/printpdf "%s" "%u" "%H" "%J" guest ok = yes I was looking at the documentation and all I see are - *%s, %f* the path to the spool file name. - *%p* the appropriate printer name. - *%J* the job name as transmitted by the client. - *%c* the number of printed pages of the spooled job (if known). - *%z* the size of the spooled print job (in bytes). as options. I want to know if there is a way to pass the ip of the computer sending the print job to my script? I'd like to have my script place the pdf back on their machines. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 5.1 available for download
We've had a number of changes since the last release, and we have some other upcoming kernel changes that might require corresponding cifs-utils changes. So it's probably as good a time as any for a new release. Highlights: + fix for a minor security issue that can corrupt the mtab + new getcifsacl/setcifsacl tools that allow you to fetch and set raw Windows ACLs via an xattr. + a lot of manpage patches webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed list of changes since 5.0: commit 2c9e666011c352605a019ee82f39eefb53cc6ad8 Author: Jeff Layton Date: Fri Jul 8 09:59:26 2011 -0400 autoconf: bump release number to 5.0.1 for interim builds Signed-off-by: Jeff Layton commit 775610358cb4cff8a6f322d0e8d5fade078f6f54 Author: Jeff Layton Date: Tue Jul 12 07:30:57 2011 -0400 manpage: add some missing options to mount.cifs.8 Clarify servernetbiosname parameter name, add mention of ignorecase, and add a section on noposixpaths. Signed-off-by: Jeff Layton commit f6eae44a3d05b6515a59651e6bed8b6dde689aec Author: Jeff Layton Date: Tue Jul 12 08:19:33 2011 -0400 mtab: handle ENOSPC/EFBIG condition properly when altering mtab It's possible that when mount.cifs goes to append the mtab that there won't be enough space to do so, and the mntent won't be appended to the file in its entirety. Add a my_endmntent routine that will fflush and then fsync the FILE if that succeeds. If either fails then it will truncate the file back to its provided size. It will then call endmntent unconditionally. Have add_mtab call fstat on the opened mtab file in order to get the size of the file before it has been appended. Assuming that that succeeds, use my_endmntent to ensure that the file is not corrupted before closing it. It's possible that we'll have a small race window where the mtab is incorrect, but it should be quickly corrected. This was reported some time ago as CVE-2011-1678: http://openwall.com/lists/oss-security/2011/03/04/9 ...and it seems to fix the reproducer that I was able to come up with. Signed-off-by: Jeff Layton Reviewed-by: Suresh Jayaraman commit aa442e80e754f2952b0d90dbdbf2cb2807816ed2 Author: Shirish Pargaonkar Date: Mon Jul 18 12:06:03 2011 -0400 manpages: add contents for mount option cifsacl (try #3) Manpage contents for cifs mount option cifsacl Signed-off-by: Shirish Pargaonkar commit d791892d901adde0dfb9e8d1099488f078704c73 Author: Jeff Layton Date: Tue Jul 19 08:12:13 2011 -0400 manpage: corrections and cleanups to the cifsacl option sections ..also update the part that describes what kernel version this manpage is accurate against. Signed-off-by: Jeff Layton commit 861824f588a870da7c110b6f199eb5ce7d4dc476 Author: Jeff Layton Date: Tue Jul 19 14:53:47 2011 -0400 cifs-utils: add a note about inclusion of keys.dns_resolver program in keyutils As of version 1.5, the keyutils package is shipping a generic dns_resolver upcall. Add a note to the cifs.upcall manpage that mentions this and recommends the use of that program over cifs.upcall. Eventually, we may want to be able to conditionally compile out the dns_resolver part of the upcall, but it's already pretty small and wouldn't save us very much. Signed-off-by: Jeff Layton commit 1e7a32924b22d1f786b6f490ce8590656f578f91 Author: Jeff Layton Date: Fri Jul 29 07:12:48 2011 -0400 mount.cifs: check_newline returns EX_USAGE on error, not -1 Reported-by: Jan Lieskovsky Signed-off-by: Jeff Layton commit e0bb4418f79cb8670d06170fcd33c286839d258e Author: Jeff Layton Date: Tue Aug 23 09:02:11 2011 -0400 autoconf: fix help message for --enable-cifsidmap It currently says "no" is the default, but it should be "yes". Reported-by: Elias Pipping Signed-off-by: Jeff Layton commit 86ec330e309af06459f8e64aad7899fd3fb7a9bf Author: Shirish Pargaonkar Date: Thu Aug 25 14:16:23 2011 -0400 cifsacl: Add file cifsacl.h (try #2) Add defines and structures related to security descriptor, ACL, ACE, various fields within an ACE, and SID. Also define various file permissions and acess types. Signed-off-by: Shirish Pargaonkar commit 7b090a36a06efec017ebf12a733136ea3968a637 Author: Shirish Pargaonkar Date: Thu Aug 25 14:16:23 2011 -0400 cifsacl: Add file getcifsacl.c (try #2) Parse the blob that contains a security descriptor obtained by calling getxattr API using attribute system.cifs_acl . Start parsing and printing security descriptor inclu
Re: [Samba] Clearcase, Samba, and mnode values
On Thu, 8 Sep 2011 10:14:47 -0700 Kathy wrote: > That's possible and yesterday I was looking at possibly using Valgrind > to see if I could dig further into that idea. I've never used it > before, though, so not sure if there is an easier method to detect > kernel memory leaks. > > And about static things in swap, I agree. I have noticed on our old > Clearcase/Samba server, that it consumes all the memory down to about > 150M plus 72k of swap and just sits there like that. Seems to be fine > and can run for 2 months or longer like that. That server, though, > has only 4 gigs of memory and so I was assuming that it did that > because it didn't have a lot of memory. However, this new Clearcase > server, which has 32 GB of memory appears to perhaps want to do the > same thing. So I began to wonder if that is just normal behavior -- > i.e., it caches all its memory. But I think it's a problem because > people started to report Clearcase running really really slow when it > got down to almost nothing left and it just seems odd that it would > consume all 32 GB of memory in less than 12 hours. > That's normal. Linux will use up as much free RAM as it can to cache file data, based on the principle that free RAM is wasted RAM. What really matters is not free RAM, so much as *reclaimable* RAM. If the memory is clean (meaning that it doesn't have data that needs to be written back out), then the kernel can just free it on a least-recently-used basis when the need arises. If not, then the kernel will require more active participation to free up memory, which is comparatively slow. I think you'll probably need to step back and determine what the application is doing when it becomes slow. It may very well be that there is a problem with memory allocation at that time that's causing the slowdown. But, you can't really assume that or you might end up down a rabbit hole that has nothing to do with the real problem. Determining that will probably require help from IBM as only they have real insight into clearcase -- it's a closed source program, after all. Either way, it's highly doubtful that this has anything to do with samba. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs -> Unisys MCP Mainframe -- Linux touch command "setting times of `testfile.txt': Permission denied"
On Wed, 31 Aug 2011 17:35:39 -0400 Tim Lank wrote: > On Wed, Aug 31, 2011 at 3:41 PM, Jeff Layton wrote: > > > On Wed, 31 Aug 2011 14:55:26 -0400 > > Tim Lank wrote: > > > > > the mount.cifs is from (cifs-utils-4.8.1-2.el6.x86_64) > > > > > > > > > On Tue, Aug 30, 2011 at 8:05 PM, Tim Lank wrote: > > > > > > > I've got a share from a Unisys MCP Mainframe mounted with mount.cifs > > from > > > > RHEL 6.1 (samba-common-3.5.6-86.el6.x86_64). > > > > > > > > when I try to touch a file, it creates the file, but reports an error - > > > > "setting times of `testfile.txt': Permission denied" > > > > > > > > strace on the touch command shows that it is erroring out on the > > > > utimensat() call > > > > > > > > utimensat(0, NULL, NULL, 0) = -1 EACCES (Permission denied) > > > > > > > > Documentation from the Unisys Mainframe can be found here > > > > > > > > > > http://public.support.unisys.com/aseries/docs/clearpath-mcp-12.0/pdf/70118328-103.pdf > > > > Pages: C-2 and C3 show what POSIX functions are/not supported > > > > utime() and utimensat() are not among the supported functions listed > > there. > > > > > > > > > > > > Is there any combination of parameters to mount.cifs that can be used > > that > > > > would prevent touch from reporting this error? > > > > > > > > > > > > > > > > (cc'ing linux-cifs ml) > > > > Most likely, this is a local (unix) permissions issue. CIFS has a rather > > unintuitive permissions model. It attempts to enforce permissions > > locally, but doesn't really have enough information to do so properly. > > This leads to these sorts of problems. > > > > When you create files as a particular user, then they end up being > > owned by the "default" file owner on the mount rather than the user > > that just created the file. Then when you go to set the time, the > > kernel tries to enforce the permissions on the file and denies you > > access to do so. This varies somewhat depending on whether CIFS posix > > extensions are in force, but it's a common problem. > > > > The best scheme is to switch the mount to being multiuser, but that > > requires a kerberized setup at the moment. > > > > Another workaround is to mount with '-o noperm' which disables local > > permissions checking entirely. This will however allow any process on > > the box to read and write to the server using the mount credentials. > > > > Another idea is to get creative with the uid=,gid=,file_mode=, and > > dir_mode= options. See the mount.cifs manpage. If you're careful, you > > can craft a set of options that will allow the users you want to have > > proper access without opening everything up. > > > > My SambaXP talk from last year covers a lot of this in detail if you're > > interested > > > >http://sambaxp.org/index.php?id=38 > > > > Good luck! > > -- > > Jeff Layton > > > > Jeff, > > Thanks for all the info. > > A wireshark analysis shows that the Mainframe here is returning a frame that > shows that the file is created and granted exclusive open for writing. The > file actually gets created on the Mainframe (presumably because of the > combination of my uid=,gid=,file_mode=, and > dir_mode= options) and I can modify it from all users on the mount.cifs > box. The next request is from the mount.cifs box to modify "Created, Last > Access, Last Write, and Change" timestamp attributes for the (already) > opened file. The response frame from the Mainframe is a basic "Access > Denied" message which I suppose the touch command turns into a "setting > times of" ... Permission Denied message being returned. > In that case, none of what I said above applies :) This sounds like a server implementation issue. If the server doesn't support this call, then there's not much you can do other than report it to them as a bug and plan to ignore it. > I'd like to try and get a kerberized setup going with mount.cifs. I see the > sec=krb5 option, but is there a series of other config steps that I need to > perform (modifying /etc/krb5.conf for example). Supposedly the Mainframe > already has kerberos mapping setup for all the users on our mount.cifs > system. > > Any references (besides the mount.cifs manpage) that you can provide that > walk through the kerberized setup would be appreciated. > There isn't much, mostly you need to set up krb5 on the client, and then set up cifs.upcall to be called when the kernel requests a key (see the cifs.upcall manpage for details on that). After that it should "just work". That said, it's not likely to help this specific problem... -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs -> Unisys MCP Mainframe -- Linux touch command "setting times of `testfile.txt': Permission denied"
On Wed, 31 Aug 2011 14:55:26 -0400 Tim Lank wrote: > the mount.cifs is from (cifs-utils-4.8.1-2.el6.x86_64) > > > On Tue, Aug 30, 2011 at 8:05 PM, Tim Lank wrote: > > > I've got a share from a Unisys MCP Mainframe mounted with mount.cifs from > > RHEL 6.1 (samba-common-3.5.6-86.el6.x86_64). > > > > when I try to touch a file, it creates the file, but reports an error - > > "setting times of `testfile.txt': Permission denied" > > > > strace on the touch command shows that it is erroring out on the > > utimensat() call > > > > utimensat(0, NULL, NULL, 0) = -1 EACCES (Permission denied) > > > > Documentation from the Unisys Mainframe can be found here > > > > http://public.support.unisys.com/aseries/docs/clearpath-mcp-12.0/pdf/70118328-103.pdf > > Pages: C-2 and C3 show what POSIX functions are/not supported > > utime() and utimensat() are not among the supported functions listed there. > > > > > > Is there any combination of parameters to mount.cifs that can be used that > > would prevent touch from reporting this error? > > > > > > (cc'ing linux-cifs ml) Most likely, this is a local (unix) permissions issue. CIFS has a rather unintuitive permissions model. It attempts to enforce permissions locally, but doesn't really have enough information to do so properly. This leads to these sorts of problems. When you create files as a particular user, then they end up being owned by the "default" file owner on the mount rather than the user that just created the file. Then when you go to set the time, the kernel tries to enforce the permissions on the file and denies you access to do so. This varies somewhat depending on whether CIFS posix extensions are in force, but it's a common problem. The best scheme is to switch the mount to being multiuser, but that requires a kerberized setup at the moment. Another workaround is to mount with '-o noperm' which disables local permissions checking entirely. This will however allow any process on the box to read and write to the server using the mount credentials. Another idea is to get creative with the uid=,gid=,file_mode=, and dir_mode= options. See the mount.cifs manpage. If you're careful, you can craft a set of options that will allow the users you want to have proper access without opening everything up. My SambaXP talk from last year covers a lot of this in detail if you're interested http://sambaxp.org/index.php?id=38 Good luck! -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] win98se logon
Hi all, hope someone can help me out with this. out of the blue all of my win98 machines (4 of them) cant access my domain. I know they should be upgraded to a XP, but the app that we use on them only runs on 98. the error i get on logon is: the domain password you supplied is not correct, or access to your logon server has been denied. at first i was thinking that it was the win98 machine, only one of them was having a problem, but they all now have the problem. this problem first started on monday. i finally got the machine to logon on after i dleted all of the network info and reinstalled. but the next day the same problem, and the reinstall didnt work. does any one have any ideas smb.conf [global] workgroup = COZY netbios name = COZY_SRV server string = Cozy Samba Server passdb backend = tdbsam security = user client ntlmv2 auth = yes wins support = Yes wins proxy = No lanman auth = yes ntlm auth = Yes add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null -g machines %u # The following specifies the default logon script # Per user logon scripts can be specified in the user # account using pdbedit logon script = logon.bat # This sets the default profile path. # Set per user paths with pdbedit logon drive = H: logon script = logon.bat domain logons = Yes os level = 35 preferred master = Yes domain master = Yes logon path = logon home = [homes] comment = Home Directories valid users = %S read only = No [netlogon] comment = Network Logon Service path = /data/scripts # path = /var/lib/samba/netlogons/scripts browseable = No read only = No # For profiles to work, create a user directory under the # path shown. # mkdir -p /var/lib/samba/profiles/john [Profiles] comment = Roaming Profile Share path = /home read only = No browseable = No guest ok = Yes create mask = 0600 drectory mask = 0700 writable = yes profile acls = Yes [data] path = /data writeable = yes browseable = yes guest ok = yes directory mask = 0777 create mask = 0777 valid users = @sambausers [vol1] path = /data/vol1 writeable = yes browseable = yes guest ok = yes directory mask = 0777 create mask = 0777 valid users = @sambausers [vol2] path = /data/vol2 writeable = yes browseable = yes force group = sambausers guest ok = yes read only = no directory mask = 0777 create mask = 0777 valid users = @sambausers [software] path = /data/software writeable = yes browseable = yes guest ok = yes directory mask = 0777 create mask = 0777 valid users = @sambausers [quick_p] path = /data/embroidery/Quick_P_Outputs writeable = yes browseable = yes guest ok = yes directory mask = 0777 create mask = 0777 valid users = @sambausers [ethos] path = /data/embroidery/ethos writeable = yes browseable = yes guest ok = yes directory mask = 0777 create mask = 0777 valid users = @sambausers [temp] path = /data/embroidery/DST/TEMP writeable = yes browseable = yes guest ok = yes directory mask = 0775 directory mask = 0777 create mask = 0777 valid users = @sambausers [dst] path = /data/embroidery/DST writeable = yes browseable = yes guest ok = yes directory mask = 0777 create mask = 0777 valid users = @sambausers [chenille] path = /data/embroidery/Chenille writeable = yes browseable = yes guest ok = yes directory mask = 0777 create mask = 0777 valid users = @sambausers [embroidery] path = /data/embroidery writeable = yes browseable = yes guest ok = yes directory mask = 0777 create mask = 0777 valid users = @sambausers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 5.0 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It's been a while since our last release and Shirish's new cifs.idmap utility has now been merged. The last release was 4.9, so I've been a bit torn -- should I call this one 4.10 or 5.0? Then I figured...when in doubt, copy Linus. Since he just bumped the major version number of the kernel, this is now version 5.0. The main changes: - - mount.cifs always uses the original device string to ensure that umounts by unprivileged users are not problematic - - there is a new cifs.idmap program for handling idmapping upcalls - - a lot of manpage patches webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed changelog since 4.9: commit 201e3fcc8fd2437990d061b29283de256a7f37fd Author: Jeff Layton Date: Tue Mar 15 13:30:37 2011 -0400 autoconf: bump version to 4.9.1 for interim builds Signed-off-by: Jeff Layton commit bc2bb65950525081457575a833251355c61b6599 Author: Pavel Shilovsky Date: Tue Mar 15 13:30:44 2011 -0400 manpage: add entry for strictcache option Signed-off-by: Pavel Shilovsky commit ffac601c45b167a1af1d35561f1c01ab0813cc14 Author: Luk Claes Date: Fri Apr 8 14:13:35 2011 -0400 mount.cifs: Use original device string all the way Don't construct a device name, but use the original device string to mount so the device name in /proc/mounts matches the one in /etc/fstab. Signed-off-by: Luk Claes commit 00e7fcbe9f519a8251707321eadd34cf156447e5 Author: Jeff Layton Date: Fri Apr 15 07:49:51 2011 -0400 mount.cifs: fix test for strtoul failure in mount.cifs It currently test to see if errno == -EINVAL and whether the endptr is '\0'. That's not correct however. What we really want it to do is check to see if any error occurred by setting errno to 0 before the conversion. If one did, then try to treat the value as a name. Also fix a bogus compiler warning about cruid being uninitialized. Reported-by: Jian Li Signed-off-by: Jeff Layton commit a6c23f4421ae02de9f01bb6264a03ede9970cb19 Author: Pavel Shilovsky Date: Fri May 20 07:36:33 2011 -0400 manpage: make serverino and noserverino option descriptions clear Signed-off-by: Pavel Shilovsky commit f699e959d2afadffc6a4db96b57f873f7dd5e9d9 Author: Shirish Pargaonkar Date: Tue May 24 14:49:56 2011 -0400 cifs-utils: Create new binary cifs.idmap for sid to uid/gid mapping (try #4) Handle cifs.idmap type of key. Extract a SID string from the description and map it to either an uid or gid using winbind APIs. If that fails (e.g. because winbind is not installed/running or winbind returns an error), kernel assigns uid and gid (from mount superblock). Enable including winbind header files and idmapping code conditional to winbind devel rpms (header and library). An entry such as this create cifs.idmap * * /usr/sbin/cifs.idmap %k is needed in the file /etc/request-key.conf. [Note: Modified to not build new tool by default, and to fix up some whitespace munging] Modified-by: Jeff Layton Signed-off-by: Shirish Pargaonkar commit 0a32d6990e67c48753435e986c7073876cafe7f3 Author: Jeff Layton Date: Tue May 24 14:49:58 2011 -0400 cifs.idmap: remove 2 unused variables cifs.idmap.c: In function ‘cifs_idmap’: cifs.idmap.c:85:16: warning: unused variable ‘gr’ [-Wunused-variable] cifs.idmap.c:84:17: warning: unused variable ‘pw’ [-Wunused-variable] Signed-off-by: Jeff Layton commit fd6405b059d3d066ecdff90a4b0024d28795948e Author: Jeff Layton Date: Tue May 24 14:50:00 2011 -0400 cifs.upcall: don't syslog usage message Signed-off-by: Jeff Layton commit 3a2a7fc40d98389766c82435a5b5332ab2272838 Author: Jeff Layton Date: Thu May 26 14:56:37 2011 -0400 manpage: update the description of the wsize= option ...to account for the changes in the async write patchset. Signed-off-by: Jeff Layton commit a669fb3bb4411e4f4d95de1a1a2ec9cccfe14873 Author: Pavel Shilovsky Date: Mon May 30 20:02:19 2011 -0400 manpage: add decription about matching superblock to wsize= option ...according to shared superblock capability merged into cifs-2.6 git tree recently. Signed-off-by: Pavel Shilovsky commit 9954c780b8b5db38ea9dfd920ff5bba0f683a9be Author: Pavel Shilovsky Date: Mon May 30 20:02:27 2011 -0400 manpage: add entry for rwpidforward option Signed-off-by: Pavel Shilovsky commit bb95a848469d6912b5f0d06068006cc824c590f6 Author: Jeff Layton Date: Mon May 30 20:05:01 2011 -0400 manpage: change mention of kernel 2.6.40 to 3.0.0
Re: [Samba] Cant get authenticated readwrite and guest readonly configured properly
On 11-05-05 5:15 AM, Jeff W wrote:
> I should add, I've been going through The Samba Checklist,
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html
> to try and figure out what's wrong, but so far all it's helped me figure
> out is that there is a problem, the checklist suggests no fixes for the
> error messsage that I'm seeing, which is this;
>
> shmee:~# smbclient //SHMEE/porn -Uchris
> Enter chris's password:
> Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.2.5]
> Server not using user level security and no password supplied.
> Server requested LANMAN password (share-level security) but 'client
> lanman auth' is disabled
> tree connect failed: SUCCESS - 0
>
> I've googled for what these error messages mean but the only pages that
> come up are concerning bugs from back around 2003 and Ubuntu pages which
> are painfully unhelpful ("I have this problem", and the next post is
> "Nevermind, fixed it" with no explenation of how or why it failed). Any
> insight into why it's failing?
> The username and password used are both valid on the unix system, I can
> ssh in with them.
> Thanks for any suggestions in advance.
>
I ended up figuring it out with the help of this page, for anyone who
ran into the same problems that I did.
https://wiki.samba.org/index.php/Frequently_Asked_Questions#guest_access
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cant get authenticated readwrite and guest readonly configured properly
I should add, I've been going through The Samba Checklist,
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html
to try and figure out what's wrong, but so far all it's helped me figure
out is that there is a problem, the checklist suggests no fixes for the
error messsage that I'm seeing, which is this;
shmee:~# smbclient //SHMEE/porn -Uchris
Enter chris's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.2.5]
Server not using user level security and no password supplied.
Server requested LANMAN password (share-level security) but 'client
lanman auth' is disabled
tree connect failed: SUCCESS - 0
I've googled for what these error messages mean but the only pages that
come up are concerning bugs from back around 2003 and Ubuntu pages which
are painfully unhelpful ("I have this problem", and the next post is
"Nevermind, fixed it" with no explenation of how or why it failed). Any
insight into why it's failing?
The username and password used are both valid on the unix system, I can
ssh in with them.
Thanks for any suggestions in advance.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cant get authenticated readwrite and guest readonly configured properly
Hi, I've spent the past 4 and a half hours trying to figure out how to configure Samba the way I want, and I'm starting to wonder if what I want to do is impossible. I've read the man page for smb.conf trying to figure out what magic combination of options will work, and have scoured as much Samba documentation as I can find looking for the right recipe, but I'm having no luck. I'm hoping someone here can help enlighten me. What I want is pretty simple, or so I thought. Share 1 - media read only as guest read write if authenticated Share 2 - porn read write if authenticated no guest access In my tweaking of the settings it seems like I keep going back and forth not able to find the right balance. At one point I was able to read and write, but wasn't able to get in without a password, and at other times I've managed to configure it for guest access but it won't let me authenticate successfully. My present situation, is that I have guest access, but it will not authenticate my username and password. I have run smbpasswd for the samba user. I'm running Samba Version 3.2.5 on Debian. Here is my smb.conf file, with the comments stripped. Any help is appreciated :) Thanks. [global] workgroup = WORKGROUP server string = Fileserver on %h ; wins support = yes ; wins server = w.x.y.z dns proxy = yes ; name resolve order = lmhosts host wins bcast ; interfaces = 127.0.0.0/8 eth0 ; bind interfaces only = yes log file = /var/log/samba/log.%m max log size = 1000 syslog only = no syslog = 1 log level = 2 panic action = /usr/share/samba/panic-action %d security = share encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes ; domain logons = yes ; logon path = \\%N\profiles\%U ; logon drive = H: ; logon script = logon.cmd ; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u ; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u ; add group script = /usr/sbin/addgroup --force-badname %g ; printing = bsd ; printcap name = /etc/printcap ; printing = cups ; printcap name = cups ; include = /home/samba/etc/smb.conf.%m ; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' & ; idmap uid = 1-2 ; idmap gid = 1-2 ; template shell = /bin/bash ; winbind enum groups = yes ; winbind enum users = yes ; usershare max shares = 100 [media] comment = Movies and shows and stuffs path = /mnt2/media browseable = yes guest ok = yes read only = no users = chris [porn] comment= Does not contain pictures of puppies path = /mnt5/porn browseable = yes guest ok = no read only = no users = chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] windows 7 logon problem
hi, i am able to join my domain with windows 7. when i reboot i get a "Unkown error has occurred". when i check my event log i see that there is a netlogon 3210 error: This computer could not authenticate with , a Windows domain controller for domain , and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator. i am able to logon on to the domain from windows xp proffesional so i would assume a its a windows 7 problem, but no windows forums are of any use. my samba version is 3.5.4 i have made the changes to registry: HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 1 DWORD RequireStrongKey = 1 DWORD DisablePasswordChange = 1 any ideas how to fix this? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 7 logon problem
That did it thanks -- Sent from my Verizon Wireless mobile phone --Original Message-- From: John Drescher To: "Jeff Savastano" Cc: Date: Thu, Apr 14, 10:42 AM -0400 Subject: Re: [Samba] windows 7 logon problem On Thu, Apr 14, 2011 at 10:29 AM, Jeff Savastano wrote: > hi, > > > i am able to join my domain with windows 7. when i reboot i get a "Unkown > error > has occurred". when i check my event log i see that there is a netlogon 3210 > error: > > This computer could not authenticate with , a Windows domain > controller for domain , and therefore this computer might deny > logon requests. This inability to authenticate might be caused by another > computer on the same network using the same name or the password for this > computer account is not recognized. If this message appears again, contact > your > system administrator. > > i am able to logon on to the domain from windows xp proffesional so i would > assume a its a windows 7 problem, but no windows forums are of any use. > > my samba version is 3.5.4 > > i have made the changes to registry: > > HKLM\System\CCS\Services\Netlogon\Parameters > DWORD RequireSignOrSeal = 1 > DWORD RequireStrongKey = 1 > DWORD DisablePasswordChange = 1 > > any ideas how to fix this? This is what I have: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters] "DNSNameResolutionRequired"=dword: "DomainCompatibilityMode"=dword:0001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon\Parameters] "Update"="no" "DisablePasswordChange"=dword:0001 "MaximumPasswordAge"=dword:0010 "RequireSignOrSeal"=dword:0001 "RequireStrongKey"=dword:0001 "SealSecureChannel"=dword:0001 "SignSecureChannel"=dword:0001 John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] windows 7 logon problem
hi, i am able to join my domain with windows 7. when i reboot i get a "Unkown error has occurred". when i check my event log i see that there is a netlogon 3210 error: This computer could not authenticate with , a Windows domain controller for domain , and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator. i am able to logon on to the domain from windows xp proffesional so i would assume a its a windows 7 problem, but no windows forums are of any use. my samba version is 3.5.4 i have made the changes to registry: HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 1 DWORD RequireStrongKey = 1 DWORD DisablePasswordChange = 1 any ideas how to fix this? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS mount with non-ascii (UTF8) password is not working
On Fri, 25 Mar 2011 10:44:42 + Moray Henderson wrote: > Katariya Rahul wrote: > > I have French CIFS server. > > > > If I try to map a share from any windows machine with non-ascii (UTF-8, > > french characters are part of password) password, it is successful. > > > > But If I try from linux machine, it fails. > > > > mount -t cifs //MACHINE/DatasetFIGS_ùÉÀÊÚÎÏŒÄÑ£₣€ /tmp/rahul -o > > user=ùù,password=ùù,domain=eKKDr > > mount error 13 = Permission denied > > Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) > > > > > > Does CIFS supports non-ascii password? > > On the Linux machine, what output does the "locale" command give you? > > If you type the password at the Linux prompt where you can see it, do you get > the right characters? If the keyboard isn't set right in Linux, it won't > work. To see exactly how the password is being encoded, use "echo > | xxd" (although obviously don't post the output for a real password here). > > Was the password set from Windows or from Linux? If from Windows, then I > would expect the encoding to be in either UTF-16 or the Windows locale 8-bit > encoding, not UTF-8. For example, "Latin Small Letter E With Acute" is > encoded as 0xE9 in the Windows Western encoding, 0xE900 in UTF-16, and 0xC3A9 > in UTF-8. > > Does it work any better if you use Samba's own mount.cifs program directly > rather than going through mount? > > I do not know what (if any) character encoding translation the cifs module > does. Check whether the locale and "testparm -vs | grep char" on your CIFS > server match the settings on the Linux machine you are doing the mapping from. > > Linux CIFS generally treats passwords as an opaque series of bytes. It does no translation of that piece. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.9 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The last release (4.8.1) was back in January. Things have been pretty quiet but we've had a few bugs fixed since then, so it's probably time for another release. Not a lot of major changes with this one -- mostly just bugfixes. The main changes since 4.8.1 are: * Some distros (namely Fedora) are moving to having /etc/mtab be a symlink to /proc/mounts. We automatically skip trying to alter the mtab if it's a symlink. * fix for a bug that could prevent root from mounting onto a directory to which he did not have explicit execute permission. * fix for a bug that caused the mount helper to pass in a corrupt address when someone specified an IPv6 address with a scopeid. * mount.cifs bugfix for an uninitialized variable that could cause a segfault webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed changelog: commit 51e3999b5fcd76502e05325174f34e0428c4742e Author: Jeff Layton Date: Mon Jan 31 11:54:44 2011 -0500 autoconf: bump release to 4.8.2 for interim builds Signed-off-by: Jeff Layton commit fba28cfe2f13dd8bdae3cec76178f42b001a40ca Author: Jeff Layton Date: Mon Jan 31 15:04:35 2011 -0500 mount.cifs: don't try to alter mtab if it's a symlink Some distros replace /etc/mtab with a symlink to /proc/mounts. In that situation, mount.cifs will hang for a while trying to lock the mtab. /bin/mount checks to see if the mtab is a symlink. If it is or if a stat() call on it fails, it doesn't try to to update the mtab. Have mount.cifs do the same. Signed-off-by: Jeff Layton commit 24093bef78e1e4ea5d541716ebba63e8d4e15c58 Author: Jeff Layton Date: Tue Feb 1 14:24:30 2011 -0500 mount.cifs: fix possible use of uninitialized variable It's possible to "goto return_i" in this function at several points before line_buf is set. At that point, the NULL pointer check won't work correctly and we can end up with a SIGSEGV. Signed-off-by: Jeff Layton commit b6d2d91df012f965f29ba26489aca009712a230c Author: Jeff Layton Date: Tue Feb 8 15:33:09 2011 -0500 mount.cifs: reacquire CAP_DAC_READ_SEARCH before calling mount(2) It's possible that the user is trying to mount onto a directory to which he doesn't have execute perms. If that's the case then the mount will currently fail. Fix this by reenabling CAP_DAC_READ_SEARCH before calling mount(2). That will ensure that the kernel's permissions check for this is bypassed. Reported-by: Erik Logtenberg Signed-off-by: Jeff Layton Reviewed-by: Steve French commit 38eaab88a08a66adb535d0e5cdcaea9859131c5b Author: Jeff Layton Date: Tue Feb 15 13:30:47 2011 -0500 mount.cifs: fix handling of scopeid in resolve_host We get a pointer to the end of the address string (ipaddr), but the call snprintf and pass in tmpbuf which is a pointer to the beginning of the address string. If someone passes in an address with a scopeid then we end up overwriting the entire address string. Reported-by: Björn JACKE Signed-off-by: Jeff Layton commit cf7d6d481a84fdfc8272e38a6eb49c8a52fa201f Author: Jeff Layton Date: Fri Mar 4 14:54:18 2011 -0500 autoconf: bump release to 4.9 Signed-off-by: Jeff Layton - -- Jeff Layton -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAk1xSmcACgkQyP0gxQMdzIBRfwCeOuyPL9QXOAbxHJdt+KIZ+jzR fkMAn1/lD47v9CwYsOZ+GLilIfpcgJ8q =RlVa -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Running and testing SMB2 under RHEL 5 and RHEL 6
On Sat, 19 Feb 2011 19:04:35 -0500 Nico Kadel-Garcia wrote: > Does RHEL 5 or RHEL 6, or the current versions of cifs-utils available > for either, actually support SMB2? I don't see a "mount.smb2" binary > in the packages, though I see it mentioned in the docs, and I'd like > to really hammer the SMB2 server for performance comparisons. But it's > meaningless if if it's not actually mounting as SMB2. smb2fs is still under development upstream and neither RHEL5 or 6 include client-side support in the kernel. I'm not clear on whether server-side support is being shipped in either though (the folks that maintain that piece would need to comment). -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] User submitted job
On 02/18/11 14:14, Christ Schlacta wrote: On 2/18/2011 05:49, Robert Moskowitz wrote: Is there a way for a user to run a job on the server? In particular, I want to implement a 'one click' backup using rsync. An icon on the desktop would do something (in a batch script maybe or some canned program) that would run a job under their ID that would rsync their home directory to a backup directory. magic files. In my experience, if you leave backups to users you're in big trouble because it doesn't matter how easy you make the backup it isn't going to get done. DeltaCopy is what you are after: http://www.aboutmyip.com/AboutMyXApp/DeltaCopy.jsp -- Jeff Ross Wyoming Children's Action Alliance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.8.1 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It turns out that the 4.8 release had some mis-generated autoconf files. In particular, the aclocal files for libcap-ng were not properly included. This would lead to mount.cifs not being built with support for dropping capabilities via libcap-ng. This minor release fixes that and only that. People who install mount.cifs as a setuid root program should consider upgrading (unless they did an autoreconf or similar at build time). webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed changelog: commit eb0f1cad7ed85e9d98fef4f8dfbecdac67477e76 Author: Jeff Layton Date: Wed Jan 19 21:04:14 2011 -0500 autoconf: bump release to 4.8.1 The 4.8 release had mis-generated autoconf files (they didn't include the libcap-ng autoconf goop). 4.8.1 will have that fixed. Signed-off-by: Jeff Layton - -- Jeff Layton -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAk05210ACgkQyP0gxQMdzIBtQwCeLWGJYotDqXgUw0awG2/Bd84Z rloAn0Kk2MIFLfKGwJsTAStxriKZK9r5 =HZ7F -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.8 available for download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The last release (4.7) was back in October. We've had a number of good
fixes committed in the last few weeks, so it's a good time to cut a new
release.
Also, note that I've transplanted the cifs-utils manpage to the Samba
Wiki. The old URL still works and redirects browsers to the new page.
o hardcoded paths in the cifs.upcall manpage are rewritten at build time
o a cifs.upcall pathset from Stefan Metzmacher to add GSSAPI checksums to
the SPNEGO blob. This is necessary for interoperability with certain
krb5 implementations (EMC's specifically)
o cifs.upcall can now use the system-default keytab for automatic mounts
o mount.cifs handles the cruid= option in a similar fashion to the uid=
mount option. The kernel will gain support for this in 2.6.38 and in
earlier stable releases.
...plus the usual assortment of bugfixes and manpage updates.
webpage:http://linux-cifs.samba.org/cifs-utils/
tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git:git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
Detailed changelog:
commit 4154422a9e58c2fe7009312f45543fedc20d1ffd
Author: Jeff Layton
Date: Thu Dec 9 09:30:03 2010 -0500
cifs-utils: bump version number to 4.7.1 for interim builds
Signed-off-by: Jeff Layton
commit 0f588214bc07682b522ac14814b4d97a9b6455d4
Author: Suresh Jayaraman
Date: Thu Dec 9 09:37:52 2010 -0500
mount.cifs: manpage: add entry for "actimeo" option
Signed-off-by: Suresh Jayaraman
Signed-off-by: Jeff Layton
commit 68691e68937ab9dc7f2d570da7e38659f25d41c1
Author: Jeff Layton
Date: Thu Dec 9 09:37:52 2010 -0500
cifs-utils: rewrite hardcoded paths in manpages
Currently the manpages (particularly cifs.upcall.8) have hardcoded
paths in them that need to be manually adjusted. Replace those
paths with @sbindir@ and add a makefile target that will use sed
to replace those paths with the ones set by autoconf.
Signed-off-by: Jeff Layton
commit 3e15450d879a42598a2596f2f1f535e95d423057
Author: Jeff Layton
Date: Tue Dec 14 12:05:04 2010 -0500
cifs-utils: fixes for manpage pathname replacement scheme
Fix up some small problems with pathname replacement:
1) replace the bare 'sed' with $(SED)
2) '\@' is apparently not portable, so we need to use a different scheme
in case we end up using a non-typical sed binary.
3) do the sed conversion to a new file and then move it into place. If
sed falls down halfway through the conversion we could end up with
a half-baked manpage.
4) use the $@ construct for brevity and maintainability
5) add a comment so that the rationale behind this is explained
Many thanks to several folks inside Red Hat who pointed out these
issues.
Signed-off-by: Jeff Layton
commit e3c9b40fbe124bda174753785772e56344c68968
Author: Stefan Metzmacher
Date: Tue Dec 28 14:21:26 2010 -0500
cifs.upcall: fix memory and call krb5_auth_con_free()
Signed-off-by: Stefan Metzmacher
commit 1d8859b4111a363d30bd3256660e77a216e82a83
Author: Stefan Metzmacher
Date: Tue Dec 28 14:21:31 2010 -0500
cifs.upcall: use krb5_auth_con_init() to create an explicit auth_context
Signed-off-by: Stefan Metzmacher
commit 99dfd04655aab3a8e6ea03184a32e360f23df9ad
Author: Stefan Metzmacher
Date: Tue Dec 28 14:21:34 2010 -0500
cifs.upcall: use krb5_auth_con_set_req_cksumtype() and pass a GSSAPI
checksum (bug #7890)
Some closed source SMB servers doesn't support all checksum types,
so we should try to match windows clients.
This is almost the same logic which is used by Samba.
Signed-off-by: Stefan Metzmacher
commit f240ebe98b881f3daadf229bb24501829d3731ac
Author: Pavel Shilovsky
Date: Wed Jan 5 07:23:37 2011 -0500
manpage: change port option description
Provide changes according to new ip/port connection logic in CIFS.
Signed-off-by: Pavel Shilovsky
commit 7075a466159e59a46575739cc89b8d8a8c3ea3bc
Author: Jeff Layton
Date: Wed Jan 5 10:52:19 2011 -0500
cifs.upcall: add 'l' to getopt_long string
Reported-by: Stefan Walter
Signed-off-by: Jeff Layton
Reviewed-by: Shirish Pargaonkar
commit 5979d6dfe7fde7ab05f6bc02e771b4c05d994213
Author: Jeff Layton
Date: Wed Jan 5 10:52:19 2011 -0500
cifs.upcall: fix crash when trying to free uninitialized var
If cifs.upcall is passed an invalid argument then it will "goto out".
The decoded_args struct however is uninitialized at that point so it
will usually segfault when trying to free fields in it. Move the
initialization up in the function.
Signed-off-by: Jeff Layton
commit 0b4bcc203d6c6934eedb8db756bb768457097142
Author: Jeff Layton
Date: Thu
Re: [Samba] Samba 3.5.6 with Win7 failure (XP works)
Figured it out. server signing = auto I can get things to work if I disable Communications Signing on the win7 box. This is not acceptable to our corporate information security folks though. That at least pinpoints the problem. Now I just need to get Samba to accept communications signing from the client. I don't see that I am doing anything wrong. client signing = mandatory ^ doesn't help a Windows 7 box with mandatory signing connect to this Samba server :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] log level = 20 not showing auth, etc...
It was worth a try, but I've just changed it to 10 and restarted the service. Same thing. I get the initial daemon startup messages and then nothing additional while I try the shares from Windows boxes, use them, etc. I even tried one of the examples from the man page: log level = 3 passdb:5 auth:10 winbind:2 On 1/4/2011 5:30 PM, Hoover, Tony wrote: I believe that the max log level is 10 (e.g. you are setting an invalid value). Someone will correct me if I'm wrong, I'm sure. -- Tony Hoover, Network Administrator KSU - Salina, College of Technology and Aviation (785) 826-2660 "Don't Blend in..." -- -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Jeff Blaine Sent: Tuesday, January 04, 2011 4:04 PM To: samba@lists.samba.org Subject: [Samba] log level = 20 not showing auth, etc... Samba 3.5.6 I must be really misunderstanding 'log level' somehow. I have tried all of the following and cannot get my logs to show anything related to authentication or share accesses at all: log level = 20 log level = all:20 log lovel = 3 auth:20 If I access one of the server's shares successfully, not a single thing shows up in the log. Yes, I am looking at the right log, and yes other things do get written to the log from smbd :) Any help would be very welcome. Jeff Blaine -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] log level = 20 not showing auth, etc...
Samba 3.5.6 I must be really misunderstanding 'log level' somehow. I have tried all of the following and cannot get my logs to show anything related to authentication or share accesses at all: log level = 20 log level = all:20 log lovel = 3 auth:20 If I access one of the server's shares successfully, not a single thing shows up in the log. Yes, I am looking at the right log, and yes other things do get written to the log from smbd :) Any help would be very welcome. Jeff Blaine -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.6 with Win7 failure (XP works)
On 1/4/2011 4:35 PM, Gaiseric Vandal wrote: this may be of help http://wiki.samba.org/index.php/Windows7 Thanks Gaiseric. FWIW, I *did* look at the wiki first, but completely ignored the "Developer" section where this is linked from. IMO, it is not in the right section :) At any rate, my problem isn't related to joining a Win7 box to a Samba-served domain, as far as I can tell. I am having trouble accessing a Samba share from Windows 7. I tried the recommended registry modifications from the wiki and rebooted. No luck. However ... I can get things to work if I disable Communications Signing on the win7 box. This is not acceptable to our corporate information security folks though. That at least pinpoints the problem. Now I just need to get Samba to accept communications signing from the client. I don't see that I am doing anything wrong. client signing = mandatory On 01/04/2011 04:32 PM, Jeff Blaine wrote: Hi all, We're testing 3.5.6 as an upgrade to our old 3.0.x instance. Our XP boxes can see our Samba 3.5.6 shares fine. Our Win7 boxes cannot. "The specified network name is no longer available." Relevant config portion is as follows: log level = 20 workgroup = OURCOMP security = ads encrypt passwords = yes realm = OURCOMP.ORG password server = DC1.OURCOMP.ORG client signing = mandatory I've also tried "client signing = auto" to no avail. Thanks for ANY advice! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5.6 with Win7 failure (XP works)
Hi all, We're testing 3.5.6 as an upgrade to our old 3.0.x instance. Our XP boxes can see our Samba 3.5.6 shares fine. Our Win7 boxes cannot. "The specified network name is no longer available." Relevant config portion is as follows: log level = 20 workgroup = OURCOMP security = ads encrypt passwords = yes realm = OURCOMP.ORG password server = DC1.OURCOMP.ORG client signing = mandatory I've also tried "client signing = auto" to no avail. Thanks for ANY advice! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] What PAM service is used when compiled --with-pam ?
What PAM 'service' is used when using --with-pam? For example, sshd with PAM support uses the 'sshd' PAM service/configuration in /etc/ pam.d/sshd (Linux). I can't find mention of it anywhere. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] cifs and Netapp DFS-shares problems
On Fri, 10 Dec 2010 11:25:46 +0100 Marcus wrote: > Hi, > > Am Donnerstag, den 09.12.2010, 01:37 +0100 schrieb Marcus: > > > > are there any known issues with cifs and DFS-shares on Netapp file > > servers? We have a Netapp file sever with DFS on the user's home shares. > > The home shares can successfully mounted with > > > > mount -t cifs //sever/home/username /mnt/ -o user=username,domain=AD > > > > but the connection hangs in the moment a directory listing is started. > > The strange thing is that only shares with activated DFS show this > > problem. I'm not maintaining the Netapp file server therefore a can't > > post more information about that system. On client side I'm using Ubuntu > > LTS 10.04.1. > > This error only comes up, if DFS is activated on a share on the NetApp > Server. Here is a kernel log: > > Dec 10 11:10:37 lebowski kernel: [ 3586.471662] Bad SMB: : dump of 48 > bytes of data at 0xe44e5c00 > Dec 10 11:10:37 lebowski kernel: [ 3586.471675] 009a 424d53ff > 0032 80018800 . . . . ÿ S M B 2 . . . . . . . > Dec 10 11:10:37 lebowski kernel: [ 3586.471688] > 26420040 . . . . . . . . . . . . @ . B & > Dec 10 11:10:37 lebowski kernel: [ 3586.471701] 001a0800 720a > 0200 3800 . . . . . . . p . . . . . 8 . . > Dec 10 11:11:03 lebowski kernel: [ 3612.832108] CIFS VFS: server not > responding > Dec 10 11:11:03 lebowski kernel: [ 3612.832125] CIFS VFS: No response > for cmd 50 mid 26 > Dec 10 11:11:05 lebowski kernel: [ 3614.656937] CIFS VFS: RFC1001 size > 154 bigger than SMB for Mid=30 > Dec 10 11:11:05 lebowski kernel: [ 3614.656953] Bad SMB: : dump of 48 > bytes of data at 0xe44e5c00 > Dec 10 11:11:05 lebowski kernel: [ 3614.656967] 009a 424d53ff > 0032 80018800 . . . . ÿ S M B 2 . . . . . . . > Dec 10 11:11:05 lebowski kernel: [ 3614.656979] > 26420040 . . . . . . . . . . . . @ . B & > Dec 10 11:11:05 lebowski kernel: [ 3614.656994] 001e0800 720a > 0200 3800 . . . . . . . p . . . . . 8 . . > Dec 10 11:11:33 lebowski kernel: [ 3642.832284] CIFS VFS: server not > responding > Dec 10 11:11:33 lebowski kernel: [ 3642.832299] CIFS VFS: No response > for cmd 50 mid 30 > Dec 10 11:11:40 lebowski kernel: [ 3649.895000] CIFS VFS: RFC1001 size > 154 bigger than SMB for Mid=34 > Dec 10 11:11:40 lebowski kernel: [ 3649.895017] Bad SMB: : dump of 48 > bytes of data at 0xe44e5c00 > Dec 10 11:11:40 lebowski kernel: [ 3649.895030] 009a 424d53ff > 0032 80018800 . . . . ÿ S M B 2 . . . . . . . > Dec 10 11:11:40 lebowski kernel: [ 3649.895043] > 26420040 . . . . . . . . . . . . @ . B & > Dec 10 11:11:40 lebowski kernel: [ 3649.895056] 00220800 720a > 0200 3800 . . " . . . . p . . . . . 8 . . > -- > > umounting is impossible and gives the following error: > > -- > unmount error 16 = Device or resource busy > Refer to the umount.cifs(8) manual page (man 8 umount.cifs) > unmount error 16 = Device or resource busy > Refer to the umount.cifs(8) manual page (man 8 umount.cifs) > -- > > Any ideas? Seems to be an error of the NetApp Fileserver acting not RFC > conform. > > Is this the right list to discuss or should I post on linux-cifs-client > list? > (cc'ing linux-cifs mailing list) Probably because the ls is hung and is holding references to the mount... I've successfully tested against netapp's CIFS implementation in the past, but there are significant bugs in it. The errors you're seeing look like an alignment problem of some sort -- i.e. the server is sending packets that have incorrect length fields in them. This isn't the first such problem I've seen with OnTap. You're welcome to open a bug at bugzilla.samba.org, cc me, and I'll take a look when I have time. Gathering wire captures during one of these events and attaching them to the bug would help to track down the problem. It's likely to be Netapp's bug however... -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs and Umlaut in share name
On Tue, 23 Nov 2010 08:39:56 -0500 Jeff Layton wrote: > On Tue, 23 Nov 2010 10:33:31 +0100 > Andreas Heinlein wrote: > > > Hello, > > > > I need to mount a CIFS share (in the end via fstab, for now manually > > from terminal) which has both a space and a german umlaut in its name. I > > cannot get mount.cifs to mount it, it always complains it cannot find it. > > > > I managed to get around the space problem in fstab with the \040 trick, > > but I cannot find a way to correctly encode the umlaut. When looking at > > the output of "mount.cifs --verbose '//server/Täst Freigabe' /mnt", it > > looks like it is accessing the correct share, but it does not work. > > > > I also got a hint here > > (https://bugs.launchpad.net/ubuntu/+source/gnome-vfs/+bug/414865) to > > pipe the share name through iconv, but "mount.cifs $(echo //server/Täst > > Freigabe | iconv -t850) /mnt" also does not work. > > > > What can I do? Changing the share name is currently not an option, there > > are just too many users with links/bookmarks to it. > > > > Thanks, > > Andreas > > Seems like something we ought to be able to fix. Could you open a bug > at bugzilla.samba.org, cc me on it, and then post the output of > "mount.cifs --verbose '//server/Täst Freigabe' /mnt" to it? > > Thanks, Following up here in case others see this problem... Andreas opened bug 7822: https://bugzilla.samba.org/show_bug.cgi?id=7822 The problem seems to be related to the default NLS codepage setting in Ubuntu's kernel. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] mount.cifs and Umlaut in share name
On Tue, 23 Nov 2010 10:33:31 +0100 Andreas Heinlein wrote: > Hello, > > I need to mount a CIFS share (in the end via fstab, for now manually > from terminal) which has both a space and a german umlaut in its name. I > cannot get mount.cifs to mount it, it always complains it cannot find it. > > I managed to get around the space problem in fstab with the \040 trick, > but I cannot find a way to correctly encode the umlaut. When looking at > the output of "mount.cifs --verbose '//server/Täst Freigabe' /mnt", it > looks like it is accessing the correct share, but it does not work. > > I also got a hint here > (https://bugs.launchpad.net/ubuntu/+source/gnome-vfs/+bug/414865) to > pipe the share name through iconv, but "mount.cifs $(echo //server/Täst > Freigabe | iconv -t850) /mnt" also does not work. > > What can I do? Changing the share name is currently not an option, there > are just too many users with links/bookmarks to it. > > Thanks, > Andreas Seems like something we ought to be able to fix. Could you open a bug at bugzilla.samba.org, cc me on it, and then post the output of "mount.cifs --verbose '//server/Täst Freigabe' /mnt" to it? Thanks, -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.7 available for download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The last cifs-utils release (4.6) was on July 30th, so it's probably a
good time to go ahead and release a new one with kernel 2.6.36 shipping
soon. Major highlights:
- - new cifscreds program has been added. This will eventually allow for
stashing of username/password in the kernel's keyring for use by
cifs. Kernel code for this is not in place yet, and the program is
not yet built by default. Configuring with --enable-cifscreds=yes
will enable it.
- - timeouts for things like mtab locking now use monotonic time and
should no longer have problems if the clock jumps
...plus the usual assortment of minor bugfixes and manpage updates.
webpage:http://linux-cifs.samba.org/cifs-utils/
tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git:git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
Detailed changelog:
commit 6739b667677b28740b87ede94e53dfc500718acb
Author: Jeff Layton
Date: Tue Oct 19 14:59:49 2010 -0400
autoconf: bump release to 4.7
Signed-off-by: Jeff Layton
commit 202f4b43209da32afc7ce5445a8f561c354c8f82
Author: Jeff Layton
Date: Fri Oct 8 15:11:58 2010 -0400
manpage: add mount.cifs manpage entry for "multiuser" option
Signed-off-by: Jeff Layton
commit d90691a283d0f2ed928476fc96970b1ef2a28662
Author: Jeff Layton
Date: Fri Oct 8 15:11:57 2010 -0400
mount.cifs: reinstate ip= as an override for address resolution
The manpage says:
ip=arg
sets the destination IP address. This option is set automatically
if the server name portion of the requested UNC name can be
resolved so rarely needs to be specified by the user.
...but recent changes have made it not work anymore as an override if
someone specifies an ip= option as part of the mount options. Reinstate
that behavior by copying the ip= option verbatim into the addrlist of
the parsed options struct and then skipping the name resolution. That
should allow the ip= option to pass unadulterated to the kernel.
Signed-off-by: Jeff Layton
commit f2daa2a08bf8706f90e1154272c5bfe6279895cd
Author: Björn Jacke
Date: Tue Aug 24 13:30:05 2010 -0400
mount.cifs: use monotonic time for timeouts
this is especially important during the boot process, where the clock is
often
being set initially and clock jumps are more common.
commit 79774488814b0f5267644628e31c07c7ac380a65
Author: Björn Jacke
Date: Tue Aug 24 13:29:59 2010 -0400
autoconf: add checks for clock_gettime
commit 909c1bac5eb3b1fc677ef0d4de011cb68e999d15
Author: Igor Druzhinin
Date: Fri Aug 20 14:53:38 2010 -0400
cifs-utils: infrastructure for stashing passwords in keyring
It is a userspace part of a new infrastructure for stashing passwords
in kernel keyring per user basis. The patch adds the "cifscreds"
utility for management keys with credentials. Assembling of the utility
from the distribution is possible with --enable-cifscreds=yes option of
configure script.
Signed-off-by: Igor Druzhinin
commit c546d8d786f70204968fbc78d276bc2c8d2eb670
Author: Igor Druzhinin
Date: Fri Aug 20 14:53:05 2010 -0400
cifs-utils: moving resolve_host into separate file
The resolve_host routine from mount.cifs is carried out in
separate file and appropriate corrections are made.
Signed-off-by: Igor Druzhinin
commit 2b2ce5830fec4317e0c264115cf93e64344b1417
Author: Suresh Jayaraman
Date: Wed Aug 4 07:55:54 2010 -0400
mount.cifs: remove redundant error assignment
Avoid setting error code twice by moving error handling out of add_mtab_exit
block. We already set error code and report error in other places.
Signed-off-by: Suresh Jayaraman
commit 796c714569f5a2d1563f284d94333f2971217417
Author: Jeff Layton
Date: Wed Aug 4 06:35:24 2010 -0400
autoconf: bump version number to 4.6.1 for non-release builds
Signed-off-by: Jeff Layton
- --
Jeff Layton
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.16 (GNU/Linux)
iEYEARECAAYFAky98dYACgkQyP0gxQMdzIDiFQCfclgv5NgozZUEYsdKHFSTUNZI
wm0AoKsqHk1FT1Wzz32KqSxr3Psr9ZEq
=Q3yq
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] question about CIFS client glitches
On Fri, 17 Sep 2010 19:38:21 -0400 starli...@binnacle.cx wrote: > At 05:50 PM 9/16/2010 -0500, Steve French wrote: > >On Thu, Sep 16, 2010 at 4:39 PM, wrote: > >> Trying out a CIFS mount of a W2K8 x64 file system from CentOS > >> 5.5 and running into problems, and trying to figure out how to > >> proceed. > ... > > > >This is quite old kernel, but perhaps it was updated to include more > >recent fixes - can you view the version information on the file, ie > >the cifs.ko module (you can do this by running modinfo on cifs.ko) > > > Tried the RHEL6 beta 2 and it behaves the same as RHEL 5.5. > 'modinfo' output for both attached. 'cifs.ko' versions are > 1.60RH and 1.63. > > In both versions it seems like hard-links work and symbolic > links fail with > >ln: creating symbolic link `': Operation not supported > That's expected. The core cifs protocol as implemented in windows doesn't support symlinks. You need unix extensions for that, or you may want to play with the "mfsymlinks" patches that Metze proposed recently. > And it appears that a 'pax -r' extraction followed by 'rm' for > selected files has some difficulty with CIFS 1.6x rendered > hard link in the mix. > > I'm probably giving up on the idea for now, but thanks > for your help. What sort of difficulty is it having? -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] question about CIFS client glitches
On Thu, 16 Sep 2010 20:00:14 -0400 starli...@binnacle.cx wrote: > At 05:50 PM 9/16/2010 -0500, Steve French wrote: > >On Thu, Sep 16, 2010 at 4:39 PM, wrote: > >> Trying out a CIFS mount of a W2K8 x64 file system from CentOS > >> 5.5 and running into problems, and trying to figure out how to > >> proceed. > ... > > > >This is quite old kernel, but perhaps it was updated to include more > >recent fixes - can you view the version information on the file, ie > >the cifs.ko module (you can do this by running modinfo on > >cifs.ko) > > > > Thank you for the follow-up. Per my last message this was my > being a clueless in regards to the lack of hard/soft link > support in the old version. 'modinfo' pegs it as 1.60RH. > > Hopefully RHEL6 will include CIFS file links as it might work > better to compile on Linux from a Windows share rather than > vice-versa. 'makedepend' runs painfully slow from Windows over > a Samba share unless IPoIB is used for transport. > > Perhaps I'll try it under Fedora, though in general I find > wrestling with the constant change of the moving-target distro > too much. > > It is quite encouraging to see CIFS work in general. Last time > I tried three or four years ago the system crashed shortly after > issuing the mount command. > RHEL6 is fairly current with mainline code (at least as of this past spring or so). If it works OK on Fedora, it should be OK in RHEL6. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] question about CIFS client glitches
On Thu, 16 Sep 2010 18:49:49 -0400 starli...@binnacle.cx wrote: > At 05:39 PM 9/16/2010 -0400, starli...@binnacle.cx wrote: > >Trying out a CIFS mount of a W2K8 x64 file system from CentOS > >5.5 and running into problems, and trying to figure out how to > >proceed. > > Oops. I see the problem is that CIFS, at least in the older > stable versions, does not support hard links. The extracted > archives have a few of these and so the resulting tree is not a > synchronized copy of the original. > > Oh well, so much for that. > Ok, good to know. There were patches that went to mainline to make CIFS support server inode numbers correctly, which is sort of a requirement for proper hardlink support. Those were really too invasive for a minor RHEL release however. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.6 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It has been a while since I've cut a new release for cifs-utils. This one has more visible changes than were in the last few releases. Major highlights: - - documentation additions for the fsc option - - mount.cifs deals with _netdev, mand and nomand options correctly now - - a change in how mount.cifs handles the MS_MANDLOCK flag. It used to set it by default and you had to specify "nolock" or "nobrl" to turn it off. Now, it's off by default and you need to specify the "mand" option to turn it on. This is more in line with how other filesystems deal with mandatory locking. In practice, we hardly ever want the kernel to enforce mandatory locking -- the server deals with that. - - cifs.upcall will now preferentially use the creduid= upcall option rather than uid=. This makes mounting with krb5 work more as expected. The credcache is now always expected to be owned by the real uid of the mount process, rather than the value in the uid= option. A command-line option is provided for those who need legacy behavior. webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed changelog: commit 0540777249f7673499c6d53b59b56815b0df2935 Author: Jeff Layton Date: Fri Jul 30 08:17:01 2010 -0400 autoconf: bump version to 4.6 Signed-off-by: Jeff Layton commit cbf27473d6e8e45fb9525aea61f6391d7cdc93e8 Author: Jeff Layton Date: Tue Jul 27 15:24:04 2010 -0400 data_blob: change for loop indices to a unsigned int To silence these warnings: data_blob.c: In function ‘data_blob_hex_string_lower’: data_blob.c:155:16: warning: comparison between signed and unsigned integer expressions data_blob.c: In function ‘data_blob_hex_string_upper’: data_blob.c:172:16: warning: comparison between signed and unsigned integer expressions Signed-off-by: Jeff Layton commit 986923d1317faf82253996079ddab5d43ae44d29 Author: Jeff Layton Date: Tue Jul 27 15:20:44 2010 -0400 cifs.upcall: swap c99 initializers for memset calls gcc says: cifs.upcall.c: In function ‘cifs_krb5_get_req’: cifs.upcall.c:261:2: warning: missing initializer cifs.upcall.c:261:2: warning: (near initialization for ‘in_creds.client’) cifs.upcall.c: In function ‘main’: cifs.upcall.c:622:9: warning: missing initializer cifs.upcall.c:622:9: warning: (near initialization for ‘arg.ver’) ...this is probably just gcc being balky, but we can silence the warning. It may also be a micro optimization in an error condition if we delay zeroing out the struct until it's needed. Signed-off-by: Jeff Layton commit fb5d150aec004111a838a015bdc1309a6e539925 Author: Jeff Layton Date: Tue Jul 27 15:09:27 2010 -0400 mtab: add __attribute__((unused)) to unused variables ...to silence -Wextra warnings. Signed-off-by: Jeff Layton commit 62369ecb38316bb285c5cc2f5af25aaa11cea15c Author: Jeff Layton Date: Tue Jul 27 15:09:23 2010 -0400 automake: add -Wextra to CFLAGS ...for extra warning goodness. Signed-off-by: Jeff Layton commit 20a845ba996f709a87dd879d55e1b662dd316144 Author: Suresh Jayaraman Date: Tue Jul 27 13:35:59 2010 -0400 mount.cifs: document the 'fsc' mount option Changes since last post: - added the information about the kernel CONFIG option - also added the information that caching is currently enabled for files opened as read-only Document the newly added local caching feature using FS-Cache. This patch could be queued and considered once the local caching patches gets merged upstream. Signed-off-by: Suresh Jayaraman commit 434a5945e607084a6f8f6ea1ed41ca4559eb0df8 Author: Suresh Jayaraman Date: Tue Jul 27 12:52:44 2010 -0400 mount.cifs: clarify 'fsc' mount option Changes since last post: - added the information about the kernel CONFIG option - also added the information that caching is currently enabled for files opened as read-only Document the newly added local caching feature using FS-Cache. This patch could be queued and considered once the local caching patches gets merged upstream. Signed-off-by: Suresh Jayaraman commit cdbb6556d8394618bdb81cf2c0eaaebd58e9f1cd Author: Jeff Layton Date: Tue Jul 27 12:33:33 2010 -0400 autoconf: bump version to 4.5.2 Signed-off-by: Jeff Layton commit 87a8a4491cc27bc8e99b4de85c3e0a2abbd4 Author: Suresh Jayaraman Date: Tue Jul 27 11:11:43 2010 -0400 mount.cifs: add 'fsc' mount option to the usage help text Add 'fsc' mount option to the 'Less commonly used options'
Re: [Samba] Encryption
On Fri, 25 Jun 2010 12:20:41 -0700 Jeremy Allison wrote: > On Fri, Jun 25, 2010 at 06:54:08PM +, Dan Lenski wrote: > > On Sun, 18 Apr 2010 10:29:38 -0400, simo wrote: > > > > > On Sun, 2010-04-18 at 10:05 -0400, Nico Kadel-Garcia wrote: > > >> > > >> Reviewing the docs, this tool requires Samba 3.2 or later on both the > > >> client and server sides. I'm therefore assuming that it's not > > >> compatible with a contemporary Windows fileserver: can you confirm > > >> this? Does anyone know if NetApp supports such encryption? > > > > > > It is an extension created by the Samba Team as part of unix extensions, > > > and at the moment the only client that implements it is smbclient. Not > > > even the in kernel cifs driver implements it. And we have no knowledge > > > of any other implementer adopting it yet. > > > > Does anyone know a time-frame for inclusion of transport encryption in > > the kernel CIFS driver? I'm really looking forward to this feature! > > Steve, Jeff ping ? :-) > Sadly, there are enough bugs in this area that it may be a bit before we get around to adding new features. I know Shirish was poking around in here a while back, but I think he's working on other stuff now. I think before we can reasonably add that we really need to move all of the cifs crypto to use the kernel's standard crypto libs rather than the homegrown routines they use now. There are some definite problems wrt to unicode in there (not directly related to crypto, but it needs fixing). NTLMSSP auth is also busted which is a rather important item. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ARGH... once again samba causes "permission" errors. SOLVED
Ok, I was able to fix both of my problems and they are both related to SELinux problems First: I am assuming that you are like me and that you have an excellent background in systems administration (I teach it at a university for a living.) So you've configured chmod permissions and chown user and group ownerships on directories and files to correctly allow the desired access. You have configured samba to force a reasonable user or group or you have logged in with reasonable user credentials. But you're still not able to create file/folder or maybe you can't map certain paths. You've probably been frustrated by the endless posts and suggestions telling you to fix the fundamental things described in the previous paragraph. If you have taken care of the fundamental permission items but\ you are seeing either of the following: A) You can map a share but whenever you try to create a new folder or file windows pops up an error dialog (Try again). B) You can map certain paths but now others (particularly a path equivalent to a mount point (XFS/Raid5 filesystem in my case. Well, I'm running CentOS 5.5 and it has SELinux enabled by default but the context on the share path is probably not allowing samba. you can check the context of the path with the -Z switch ls: [r...@nas samba]# ls -ldZ /mnt drwxr-xr-x root root system_u:object_r:mnt_t /mnt In this case the context is "mnt_t", you need to change the context to samba_share_t [r...@nas samba]# chcon -t samba_share_t /mnt/nas [r...@nas samba]# ls -adZ /mnt/nas drwxr-x--- nas nas system_u:object_r:samba_share_t /mnt/nas Now your share should both mount and allow the creation/deletion of folders/files. Warning: I am old, I learned system administration and practiced it for a decade in industry before SELinux was even invented. I do not pretend to begin to understand this [possibly overly] complicated security system. - Jeff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ARGH... once again samba causes "permission" errors.
I've been doing unix sys. admin for nearly 20 years and yet EVERY single time I have to setup samba I have configuration problems. Before we start let's clear up some common misunderstandings: I have googled for the answer. I have spent the last six hours doing so and trying various "suggestions". Most of these suggestions point to solutions involving chown or chmod. These are not the problems (or I will be very surprised). # cat /etc/samba/smb.conf [global] workgroup = CYTE.COM server string = CyteNAS netbios name = NAS hosts allow = 127., 10.0.10. [nas] comment = NAS path = /mnt/nas force user = nas force group = nas read only = No # cat /etc/samba/smbpasswd nas:500:75891A0CAAF2F9828AE88C0FE87091EF:E8C4E8E10FEE888764D18AD4A0AC61F5:[U ]:LCT-4C00625E: # grep nas /etc/passwd nas:x:500:500::/mnt/nas:/bin/bash # grep nas /etc/group nas:x:500: # ls -al /mnt/nas total 16 drwxrwxrwx 2 nas nas 4096 May 28 17:01 . drwxrwxrwx 3 root root 4096 May 28 15:04 .. So before you tell me about "permission" problems please note the following 1) The permissions on all the files is 777... EVERYBODY can do anything. 2) samba IS configured to force the user and group to the owner of the share path anyways. 3) The group and user exist and they have their passwords configured correctly. I can map the share on my Windows 7 workstation. But any attempt to create anything yields a pop-up window that says: "You need permission to perform this action" nas(\\NAS) Space free: 89.7 GB Total size: 97.0 GB Why am I getting ANY permission problems??? Frankly. I don't think it is a permission problem. (I set log level to 10; the output is long so I won't include it because I looked through it and didn't see any errors reported or any mention of permission denied.) GRRR! It gets worse. a 90GB NAS storage is pretty useless. The NAS is actually a 6TB Raid5 array with an XFS filesystem. But if I actually mount it # /etc/init.d/smb stop # mount /mnt/nas # ls -al /mnt/nas total 8 drwxrwxrwx 2 nas nas 6 May 28 18:11 . drwxrwxrwx 3 root root 4096 May 28 15:04 .. see... no difference in permissions or ownership but now it is a mount point. Now I can't even map the samba share at all. All I get is a window that says: "Attemping to connect to \\NAS\nas" (Cancel) And it never seems to go away. and yes, under both cases I can simply login as the user nas via ssh and touch/mkdir or do anything I want and the files get created just fine. Frankly I think this is another case of Windows presenting the user with a misleading diagnostic "Permission" problem when something much more fundamental is going wrong with Samba. Please help. - Jeff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.5 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The rate of incoming patches has been pretty low lately, so it's probably a good time to do a new stable release and get what's queued up into people's hands... This release consists of a couple of bugfixes and some (hopefully) non-user-visible cleanups to the mount.cifs code. webpage:http://linux-cifs.samba.org/cifs-utils/ tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ git:git://git.samba.org/cifs-utils.git gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary Detailed changelog: commit a90771d63e85b514bc5d2101eb8a52587eca1195 Author: Jeff Layton Date: Fri May 21 16:04:14 2010 -0400 cifs-utils: bump version number to 4.5 Signed-off-by: Jeff Layton commit 3439ca0527f103ad79e840092d06a461a36e9d72 Author: Scott Lovenberg Date: Fri May 14 19:34:26 2010 -0400 mount.cifs: cosmetic alignment patch Align CRED_ macro values to keep style consistent with last patch. Signed-off-by: Scott Lovenberg commit 268079992cf85bfb9954b6fd4abb3eebf911a9d3 Author: Scott Lovenberg Date: Fri May 14 19:32:05 2010 -0400 mount.cifs: clean up option parsing Moved option string parsing to function parse_opt_token(char*). Main loop in parse_options(const char*, struct parsed_mount_info*) transplanted to a switch block. The parsing function folds common options to a single macro: 1.) 'unc','target', and 'path' -> 'OPT_UNC' 2.) 'dom*' and 'workg*' -> 'OPT_DOM' 3.) 'nobrl' and 'nolock' -> 'OPT_NO_LOCK' Kept 'fmask' and 'dmask' (OPT_FMASK, OPT_DMASK), which fall through to 'file_mode' and 'dir_mode' in the main loop. Signed-off-by: Scott Lovenberg commit 2fcf89a2077d3ddf203b73d72985aa68c6402693 Author: Steve French Date: Fri May 14 15:30:07 2010 -0400 mount.cifs: unitialized variable in cred parsing error path Signed-off-by: Steve French Signed-off-by: Jeff Layton commit 3f794556e3ec633dc6250ce12f76d6ba79c192a9 Author: Steve French Date: Tue May 11 09:32:34 2010 -0400 mount.cifs: turn into a multicall binary for smb2 mount.smb2 has different help (many fewer mount options) and different fsname, but otherwise can reuse all of the good work Jeff did on mount.cifs. This patch allow mount.cifs to detect if run as mount.smb2 (to display different help and fsname). Signed-off-by: Steve French commit 400ebcb3bea6f21678b9e656d930a14bbd71fe7a Author: Scott Lovenberg Date: Tue May 11 09:32:34 2010 -0400 mount.cifs: removed magic number for max username in parse_options Replaced max username in parse_options with the sum of its potential parts for "domain/user%password" formatted values. Note that forward slashes still expand to a double back slash in the parse_username function, though. Signed-off-by: Scott Lovenberg commit e5d3ceb9958437ef50510a578b0274615a37bcf7 Author: Jeff Layton Date: Sun May 2 06:32:34 2010 -0400 mount.cifs: strip leading delimiter off of prefixpath option ...the kernel doesn't expect to see it and it causes a regression when mounting some UNCs. Reported-by: Ales Zelinka Signed-off-by: Jeff Layton commit 373146ceda319fb7585439d74f216b8a94b9525b Author: Jeff Layton Date: Sun May 2 06:32:30 2010 -0400 cifs-utils: bump version number to 4.4.1 for interim builds Signed-off-by: Jeff Layton - -- Jeff Layton -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAkv26UUACgkQyP0gxQMdzIA5awCfb0nFV4qb5sOtx3KvO6xrgIFZ SOwAoJZsCPmyTTQU/LleFWtqAvUCOf/n =YZyG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Printer Admin Difficulties
On 04/01/2010 05:39 PM, Jeff Hardy wrote: I have been trying to setup a new print server on Fedora 12 based around samba-3.4.7-58.fc12.x86_64 and cups-1.4.2-28.fc12.x86_64. All looks good except for the ability for printer administrators to manage printers. Whether I specify users in a system group using the deprecated printer admin option, or specifically using net rpc rights and the SePrinterOperatorPrivilege, it does not matter. This is against an NT4 domain on samba-3.4.2. After a tdb wipe, I ended up with no users who can manage printers. This at least made the behavior consistently broken. I ended up trying samba 3.3 and 3.2 seeking some way to manage printers. Only by going back to samba-3.2.15 built from a Fedora 10 source RPM was I able to restore functionality by way of the printer admin option. The SePrinterOperatorPrivilege did not seem to work in any version no matter what I did. Surely other folks are managing printers with sambas later than 3.2.x I would think. Anyone have any experience like this? -Jeff -- Jeffrey M Hardy Systems Analyst hard...@potsdam.edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbclient -k works; mount -t cifs does not
On Mon, 03 May 2010 23:25:13 -0400 Mike Leone wrote: > I am confused (nothing new there ...). I have 2 Ubuntu 9.10 Samba > servers. I am trying to mount a share from the other (i.e., "workhorse" > is trying to mount a share on "dual-booter"). If I specify a smbmount > command with a -k option, I can mount the share: > > tur...@workhorse:~$ klist > Ticket cache: FILE:/tmp/krb5cc_1000 > Default principal: tur...@dacrib.local > > Valid starting ExpiresService principal > 05/03/10 18:55:31 05/04/10 04:55:31 krbtgt/dacrib.lo...@dacrib.local > renew until 05/09/10 22:56:03 > 05/03/10 23:07:07 05/04/10 04:55:31 > cifs/dual-booter.dacrib.lo...@dacrib.local > renew until 05/09/10 22:56:03 > > > tur...@workhorse:~$ smbclient //dual-booter/TestShare /mnt -k > Domain=[DACRIB] OS=[Unix] Server=[Samba 3.4.0] > smb: \> ls > . D0 Sat May 1 19:27:48 2010 > .. D0 Mon May 3 19:58:00 2010 > TestFile0 Sat May 1 19:27:48 2010 > > 37555 blocks of size 524288. 22379 blocks available > > However, I can't seem to mount it using mount -t cifs: > > $ sudo mount -t cifs //dual-booter/TestShare /mnt -o username=DACRIB+turgon > [sudo] password for turgon: > Password: > mount error(13): Permission denied > Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) > > What I'd like to do is to set this in /etc/fstab. But there seems to be > no way to use Kerberos to authenticate the mounting, and it's only > Kerberos (and smbmount) that seems to work. And using the "-o sec=krb5" > options on mount doesn't seem to work, either. > > $ sudo mount -t cifs //dual-booter/TestShare /mnt -o sec=krb5 > mount error(2): No such file or directory > Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) > Try using the FQDN of the server in the UNC. For instance: //dual-booter.dacrib.local/TestShare > Anyone? I really don't want to have to make a script that uses smbmount > -k, running on login, rather than in /etc/fstab. > > Thanks -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot mount Windows 7 share with CIFS Error 112 Host is down
On Fri, 30 Apr 2010 15:33:23 + (UTC) iancs...@comcast.net wrote: > Hi. I just got a new Windows 7 Home Edition computer and am unable to mount > its shares on my Linux system. > I'm running Fedora 11, samba 3.4.7 > I have no trouble mounting shares from XP systems on the network using the > mount command below. > I can access the Windows 7 share with no problems using smbclient on Linux. > The Windows 7 share is accessible from the XP systems. > Here is the mount command: > > mount.cifs //pirin/c /mnt -o > user=yanko,uid=500,gid=100,file_mode=0666,dir_mode=0777,noperm,iocharset=utf8,directio,ip=192.168.1.12 > > Password: > mount error(112): Host is down > Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) > > The dmesg log has: > > CIFS VFS: No response for cmd 114 mid 1 > CIFS VFS: cifs_mount failed w/return code = -112 > Your client sent an SMB_COM_NEGOTIATE request and the server never responded. > I have not found any errors logged in Windows 7 but perhaps I don't know > where to look. > I can access the Windows 7 share with no problems using smbclient on Linux. > Any ideas will be very much appreciated. Probably a client kernel bug. Might want to post some info about what you're using. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.4 available for download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This release is primarily bugfixes in mount.cifs:
- - acquire capabilities before a couple of operations
- - fix a segfault that could occur when parsing the address list
- - autoconf/automake problem that could cause compilation to fail
- - cleanup/overhaul of credential file parsing and help ensure that
passwords aren't left in memory
webpage:http://linux-cifs.samba.org/cifs-utils/
tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git:git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
Detailed changelog:
commit b046d4196855294d57bf57a5b31fbfab41125d4b
Author: Jeff Layton
Date: Wed Apr 28 07:13:17 2010 -0400
mount.cifs: fix parsing of password in parse_username
Signed-off-by: Jeff Layton
commit 6c917ebf360b3dbbc4c7ad9af3e106170528aa3c
Author: Scott Lovenberg
Date: Sun Apr 25 09:35:13 2010 -0400
mount.cifs: continued cleanup of open_cred_file and zero out buffer
The parsing for values has been moved to its own function and is a bit
cleaner. Temporary buffers are zeroed out before being freed to ensure
passwords/credentials aren't left in released memory.
Signed-off-by: Scott Lovenberg
Signed-off-by: Jeff Layton
commit 605412558bc4b368ee656e75f80bc41d3966e1e5
Author: Scott Lovenberg
Date: Fri Apr 23 06:50:34 2010 -0400
mount.cifs: clean up credential file parsing
Remove magic numbers, redundant code and extra variables from
open_cred_file().
Remove check for domain length since strlcpy is safe from buffer overflows.
Signed-off-by: Scott Lovenberg
commit 72dd35b2ed2fd17e8ce2b03607c9ac942d96ff5d
Author: Jeff Layton
Date: Sat Apr 17 06:21:02 2010 -0400
mount.cifs: remove unneeded newline in verbose output
Signed-off-by: Jeff Layton
commit 1876123958c3afd44becce0427755257ddf87db9
Author: Jeff Layton
Date: Wed Apr 14 14:11:37 2010 -0400
mount.cifs: check for NULL pointer before calling strchr()
mount.cifs calls strchr on currentaddress, which may be a NULL pointer.
Signed-off-by: Jeff Layton
commit 9eb040343a5917c08c80d43ef3123d796f88bf6e
Author: Jeff Layton
Date: Tue Apr 13 10:18:13 2010 -0400
automake: don't use @foo@ constructs in Makefile.am
...use $(foo) instead. That doesn't rely on an explicit AC_SUBST().
Reported-by: Lars Müller
Signed-off-by: Jeff Layton
commit 310ae910b548e232cc86b34896bd7010c3b1cad2
Author: Jeff Layton
Date: Mon Apr 12 06:55:24 2010 -0400
cifs: enable CAP_DAC_READ_SEARCH before chdir() and realpath() calls
It's possible that root won't have privileges to chdir or evaluate the
paths without that capability.
Signed-off-by: Jeff Layton
- --
Jeff Layton
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAkvYHpoACgkQyP0gxQMdzICiRgCfcQrHQ0k3DToY/EUvYn11FOGn
ogAAnA31wMKshao9ttY7AMAlbwf8BgW6
=LzEl
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to stop mount.cifs remembering password
On Thu, 1 Apr 2010 09:44:04 +0200 "Andy Gibbs" wrote: > Dear all, > > I'm fairly new to Samba and CIFS and, for that matter, Linux in general. > I'm having a problem with "mount.cifs" as provided with Debian 5. I'm > afraid I cannot say what version of mount.cifs I have since doing > "mount.cifs -V" does not (contrary to the message it shows when I do this) > actually show the version, but rather how to use the program. > > The problem I have is that having successfully logged into a Windows shared > folder, I can subsequently log in *without* the correct password. > > So... > > mount.cifs \\192.168.1.0\folder /mnt -o user=joebloggs,pass=correct > umount /mnt > mount.cifs \\192.168.1.0\folder /mnt -o user=joebloggs,pass=incorrect > > At this point it has remounted and given me full access, even though I've > got my password wrong the second time (and each subsequent time). I can > even do "-o user=user,guest". If I change user, then I must get the > password right at least once, but then once I have got it right, I then no > longer need to get it right. The problem is that anyone using the computer > after someone has accessed the Windows share, can also then access it > without knowing the password. > > As far as I can see, and I'm no expert, this is not a Windows problem since > in Windows, connecting to the folder requires the correct password every > time. > > Is there any way I can force mount.cifs to forget the correct password so > that it requires it to be correct each time? > > I'm sorry if I have not provided the correct information: I will happily do > so if told what to provide! I have tried the Samba website and Google for > answers, but haven't found the right search phrase. If I've missed > something, I'll happily just receive a link to the right page. > > Thanks for any help! > > Andy > The Linux cifs client aggressively shares connections to the server, and isn't very careful about making sure that the mount options for new mounts are considered when matching existing connections to the server. This is a kernel bug, but not one that's trivial to fix. It's also another good reason why it's not prudent to allow unprivileged users to mount shares not listed in /etc/fstab. You'll probably get more response from these sorts of questions on the linux-cifs-cli...@samba.org mailing list. Fixing this will likely mean significant design changes in how CIFS deals with connections to the server. Cheers, -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.3 available for download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This release is primarily to fix a few bugs that were introduced with
the mount.cifs overhaul in the last release. Most of the problems were
issues with the handling of capabilities that prevented credential files
from being accessed when mount.cifs was run by root.
There are a few other changes:
- - credential files accept parameter names consistent with mount options
- - some problems with linking are fixed
- - libcap-ng is used if it's available -- in the future, I may remove
the older libcap code as it's far more difficult to work with. Distros
should consider making their cifs-utils packages depend on libcap-ng
and building against that.
- - the capability bounding set is zeroed out for greater security
- - CAP_DAC_OVERRIDE is only enabled when updating the mtab
webpage:http://linux-cifs.samba.org/cifs-utils/
tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git:git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
Detailed changelog:
commit e4593787a6488573fbec99e5ee604a2e25bc1e5c
Author: Jeff Layton
Date: Fri Apr 9 09:08:08 2010 -0400
cifs-utils: bump version number to 4.3
Signed-off-by: Jeff Layton
commit 8d08f2b352e3521674465c21bbbd2a2a991781bd
Author: Jeff Layton
Date: Fri Apr 9 08:47:11 2010 -0400
autoconf: remove explicit check for prctl
...it's already checked in AC_LIBCAP
Signed-off-by: Jeff Layton
commit c3fb3cb1376065734f1b238843d9614d1b9631f0
Author: Jeff Layton
Date: Tue Apr 6 15:45:00 2010 -0400
autotools: add --with-libcap autoconf option
...it's rather confusing since we can compile against libcap or libcap-ng
but this is helpful for testing.
Signed-off-by: Jeff Layton
commit cad70a330c0f8db02af112d42be0b645b0ceaba2
Author: Jeff Layton
Date: Tue Apr 6 15:22:05 2010 -0400
mount.cifs: fix capability issues when libcap isn't present
...some #defines are missing in that case. This fixes the build for
all possible libcap/libcap-ng availability scenarios.
Signed-off-by: Jeff Layton
commit aeba78abbe4f25ae77328e4ca6a67360dd4ea344
Author: Scott Lovenberg
Date: Tue Apr 6 14:52:07 2010 -0400
mount.cifs: make credentials file parameters consistent with mount options
This patch makes the mount.cifs credentials file parameters consistent with
the command line parameters to remove ambiguity between the command line
parameter format and the credentials file format. That is, it parses for
both short and long form of the 'username', 'password', and 'domain'
parameters. This patch is against the current cifs-utils-4.2.
I'm also thinking of adding a second patch that allows for parsing a
"domain/user", "domain%user" and "domain/user%password" formats as allowed
from the command line.
Signed-off-by: Scott Lovenberg
commit 2a78385bbf879c16c538b0c78ff4e939724fafd4
Author: Jeff Layton
Date: Mon Apr 5 11:23:37 2010 -0400
mount.cifs: restrict capabilities further
Only the parent process will ever need CAP_DAC_OVERRIDE. The child can
get by with CAP_DAC_READ_SEARCH.
Signed-off-by: Jeff Layton
commit da77c1b3ae934e29025d05b50eebecdbf569bfa4
Author: Jeff Layton
Date: Mon Apr 5 11:23:32 2010 -0400
mount.cifs: properly prune the capabilities bounding set
...libcap-ng does this in a much easier fashion. If that's not
available, then we have to do it manually.
Signed-off-by: Jeff Layton
commit 4b52d2fdea00107f3c23388891467bbb7f2711eb
Author: Jeff Layton
Date: Sun Apr 4 10:09:38 2010 -0400
mount.cifs: use libcap-ng to manage capabilities
...in preference to libcap if it's available.
Signed-off-by: Jeff Layton
commit 0c287aa5ce5def56d901716e58943f3e9825e3a3
Author: Jeff Layton
Date: Sun Apr 4 09:51:31 2010 -0400
autotools: don't link mount.cifs against krb5 library
mount.cifs is being linked against the krb5 library. Fix it so that
that doesn't happen.
Signed-off-by: Jeff Layton
commit 16c29a1920e48e7480595edd0ae96094d6e220c8
Author: Jeff Layton
Date: Sat Apr 3 07:12:06 2010 -0400
mount.cifs: fix toggle_cap_dac_override
...it clears the capability set completely, which it shouldn't do. It
also doesn't call cap_set_proc to make the new capability set active.
Signed-off-by: Jeff Layton
commit 55c00c67ced28102209e640fd50bcab9d0332a7f
Author: Jeff Layton
Date: Sat Apr 3 06:49:43 2010 -0400
mount.cifs: only enable CAP_DAC_OVERRIDE when needed
When dropping capabilities, drop CAP_DAC_OVERRIDE from the effective set
but not the permitted. When we need to open credential or password
files, make it effective again and dr
Re: [Samba] how to mount shares as a user without mount.cifs setuid
On Thu, 08 Apr 2010 00:37:30 -0400 Gary Dale wrote: > Jeff Layton wrote: > > On Wed, 07 Apr 2010 16:44:47 -0400 > > Gary Dale wrote: > > > > > >> I'm running Debian/Squeeze on an AMD64 system. For some reason they have > >> recently stopped shipping mount.cifs with the setuid bit set. > >> > > > > That would be because it was horribly unsecure. > > > > > >> Now it > >> appears that they have changed the internal settings to prevent it from > >> running setuid. This means that I can't define the share in fstab with > >> "user" and connect from my Linux user account. Mounting smb/cifs shares > >> seems to be blocked except for root. > >> > >> > > > > Yes, we added a patch a while back to make it such that mount.cifs > > would not allow itself to run as a setuid root program unless it that > > check was compiled out. > > > > This was done due to a rather constant stream of "security issues" that > > were brought about when people installed mount.cifs setuid root. Since > > it had never been vetted for security, we really had no other choice to > > communicate that installing it setuid root was unsafe. > > > > > >> Presumably this has been done for security reasons. However, I can't > >> currently do much with my network shares unless I'm root because the > >> shares and all the files are owned by root:root. This is despite the > >> fstab setting username= and I get prompted for > >> the password. That only seems to be used for connecting to the share, > >> not for the permissions. > >> > >> My Debian box hasn't joined a domain - I'm just using local accounts. I > >> mainly have the domain for some Windows boxes used by my family. > >> > >> How do I mount an smb/cifs share as a normal user without running > >> mount.cifs? Or if I have to mount the share as root, how can I get > >> reasonable access to the shares? > >> > >> > > > > You need to set the uid=/gid= options when mounting. When it's run by a > > non-root user, /bin/mount adds these options automatically. > > > Except that when I run mount as a non-root user, I get the error about > mount.cifs not being setuid. This is generated from the user option in > fstab. If I remove the user option, I am told that only root can mount > the share. Thus my problem that normal users cannot mount smbfs/cifs > shares. This appears to be reserved now only for root. > Sorry, I should have been more clear. The uid=/gid= options will just fix the ownership issues if you do the mount as root. It won't allow the mount to be performed by a non-privileged user. > > It's also worthwhile to note that I've recently re-enabled the ability > > to run mount.cifs as a setuid root program in the latest cifs-utils > > release: > > > > http://linux-cifs.samba.org/cifs-utils/ > > > > ...you may want to switch to using that instead if you need the ability > > to use mount.cifs in this way. > > > I would except that Debian/Squeeze has its own repositories that I'd > prefer to stick with. Hopefully they'll catch up shortly. > > While the ability to run mount.cifs setuid again is appreciated, how > does that fit in with the "horribly unsecure" reasoning that led to it > being removed? The code has been substantially reworked and should be far safer than it was previously. It does privilege separation now such that the bulk of the mount process is performed as an unprivileged user, and if linked against the right libs, with capabilities pruned to the minimum. At this point, I'd say it's safe enough that we no longer need to restrict it from being installed setuid root. As always, you should weigh carefully whether to do so in your own environment and packages. FWIW, I have no plans to make the Fedora cifs-utils package install mount.cifs setuid root. Part of the reason for that is that no one has requested it. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to mount shares as a user without mount.cifs setuid
On Thu, 8 Apr 2010 00:45:20 -0400 Chris Smith wrote: > On Wed, Apr 7, 2010 at 9:39 PM, Jeff Layton wrote: > > Yes, we added a patch a while back to make it such that mount.cifs > > would not allow itself to run as a setuid root program unless it that > > check was compiled out. > > > > This was done due to a rather constant stream of "security issues" that > > were brought about when people installed mount.cifs setuid root. Since > > it had never been vetted for security, we really had no other choice to > > communicate that installing it setuid root was unsafe. > > Not the place for it so the inquiry is only rhetorical. > How can you equate adding a patch preventing a sysadmin from using an > app as designed to communicating? Communication is one thing, > handcuffs are another. > Our hand was forced. After repeatedly telling people who were installing it setuid root "don't do that", we continued to get CVE's reported from people who continued to use it that way and expected us to treat the problem as a security issue. Our fix was somewhat heavy-handed, but we absolutely had to make it clear that it wasn't safe to install mount.cifs in that fashion. The patch to remove that check was trivial (simply change one #define in the code), but required the person building the program to consciously override our warnings. The Debian package maintainer wisely chose not to do so. In any case, the point is somewhat moot now. The current mount.cifs that ships in cifs-utils no longer prevents installation as a setuid root program. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] how to mount shares as a user without mount.cifs setuid
On Wed, 07 Apr 2010 16:44:47 -0400 Gary Dale wrote: > I'm running Debian/Squeeze on an AMD64 system. For some reason they have > recently stopped shipping mount.cifs with the setuid bit set. That would be because it was horribly unsecure. > Now it > appears that they have changed the internal settings to prevent it from > running setuid. This means that I can't define the share in fstab with > "user" and connect from my Linux user account. Mounting smb/cifs shares > seems to be blocked except for root. > Yes, we added a patch a while back to make it such that mount.cifs would not allow itself to run as a setuid root program unless it that check was compiled out. This was done due to a rather constant stream of "security issues" that were brought about when people installed mount.cifs setuid root. Since it had never been vetted for security, we really had no other choice to communicate that installing it setuid root was unsafe. > Presumably this has been done for security reasons. However, I can't > currently do much with my network shares unless I'm root because the > shares and all the files are owned by root:root. This is despite the > fstab setting username= and I get prompted for > the password. That only seems to be used for connecting to the share, > not for the permissions. > > My Debian box hasn't joined a domain - I'm just using local accounts. I > mainly have the domain for some Windows boxes used by my family. > > How do I mount an smb/cifs share as a normal user without running > mount.cifs? Or if I have to mount the share as root, how can I get > reasonable access to the shares? > You need to set the uid=/gid= options when mounting. When it's run by a non-root user, /bin/mount adds these options automatically. It's also worthwhile to note that I've recently re-enabled the ability to run mount.cifs as a setuid root program in the latest cifs-utils release: http://linux-cifs.samba.org/cifs-utils/ ...you may want to switch to using that instead if you need the ability to use mount.cifs in this way. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CIFS VFS: Send error in read
On Tue, 6 Apr 2010 19:28:32 +0530 Kaushal Shriyan wrote: > Hi, > > I get while installing windows XP on a I ball Laptop using unattended > (http://unattended.sourceforge.net/) > > *** Trying mount.cifs \\ntinstall\install /z -o username=guest,ro,nocase > CIFS VFS: No response to cmd 46 mid 13 No response to a SMB_COM_READ_ANDX request. > CIFS VFS: Send error in read = -11 -11 is -EAGAIN. Usually means that sending a request timed out. > > CIFS VFS: No response to cmd 162 mid 17 > CIFS VFS: No response to cmd 162 mid 21 > CIFS VFS: No response to cmd 162 mid 25 > CIFS VFS: No response to cmd 162 mid 29 > CIFS VFS: No response to cmd 162 mid 33 > CIFS VFS: No response to cmd 162 mid 37 > CIFS VFS: No response to cmd 162 mid 41 > CIFS VFS: No response to cmd 162 mid 45 > CIFS VFS: No response to cmd 162 mid 49 > CIFS VFS: No response to cmd 162 mid 53 > CIFS VFS: No response to cmd 162 mid 57 > CIFS VFS: No response to cmd 162 mid 61 > CIFS VFS: No response to cmd 162 mid 65 > CIFS VFS: No response to cmd 162 mid 69 > No response to a SMB_COM_NT_CREATE_ANDX request (an open call). Looks like you have either a network connectivity or server problem. What kernel is this? -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ANNOUNCE: cifs-utils release 4.2 available for download
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This release contains a significant overhaul of mount.cifs that is
intended to make it safer to install setuid root. With this release,
setuid capability is no longer disabled by default. Among the changes
are:
- - mount.cifs now does privilege separation. It forks very early and the
child drops privileges. Most of the mount option processing is handled
by the child. The parent simply waits for the child to exit and
proceeds with the mount and mtab update based on the child's exit
status.
- - mount.cifs uses libcap if it is available to prune its capability set
- - mount.cifs is more careful about signal handling during mtab updates
This should not however be construed as a recommendation to install
mount.cifs setuid root. As always, distributions and administrators
should weigh carefully whether they should install it that way in their
own packages and environments.
There are also a couple of patches in this release that should make
cifs.upcall work with the heimdal kerberos implementation. The git tag
for this release is also annotated and signed.
Note that the webpage URL below has changed:
webpage:http://linux-cifs.samba.org/cifs-utils/
tarball:ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/
git:git://git.samba.org/cifs-utils.git
gitweb: http://git.samba.org/?p=cifs-utils.git;a=summary
Detailed changelog:
commit 9e2c2536f5a49ff7385ff17f0866ef1489bed671
Author: Jeff Layton
Date: Fri Apr 2 06:42:20 2010 -0400
cifs-utils: bump version to 4.2
- fix URL's and email addresses
- update copyright notices
Signed-off-by: Jeff Layton
commit d52478ee762d88aa23db476639cdcb5379dddfa4
Author: Jeff Layton
Date: Thu Apr 1 22:05:47 2010 -0400
cifs.upcall: run it through Lindent
...coding style cleanup.
Signed-off-by: Jeff Layton
commit d946beecf6e9cc7cf6897368bed8f43b0ec61ed1
Author: Torsten Kurbad
Date: Thu Apr 1 21:47:25 2010 -0400
cifs-upcall: krb5.h inclusion quick fix
...eventually it might be better to make autoconf set -I/usr/include/krb5
or whatever and get rid of the #ifdef's here. It's a little tricky to
figure out the include dir however, so this will do for now.
Signed-off-by: Torsten Kurbad
commit f5b79b44f25cdf4ba4363c7c05892af2865ce890
Author: Torsten Kurbad
Date: Thu Apr 1 21:47:18 2010 -0400
cifs-upcall: heimdal fixes
Signed-off-by: Torsten Kurbad
commit 20a5ec8bd8ea3edb943adb517f378938e31f1c41
Author: Jeff Layton
Date: Thu Apr 1 15:29:59 2010 -0400
mount.cifs: re-enable setuid usage
Now that mount.cifs is safe(r) we don't need to disable setuid
capability by default.
Signed-off-by: Jeff Layton
commit da54228cd9e6fe144efcb2d6da87e3cbb5db5b4c
Author: Jeff Layton
Date: Thu Apr 1 15:28:57 2010 -0400
mount.cifs: drop capabilities if libcap is available
Might as well be as safe as possible. Have child drop all capabilities,
and have the parent drop all but CAP_SYS_ADMIN (needed for mounting) and
CAP_DAC_OVERRIDE (needed in case mtab isn't writable by root). We might
even eventually consider being clever and dropping CAP_DAC_OVERRIDE when
root has access to the mtab.
Signed-off-by: Jeff Layton
commit 810f7e4e0f2dbcbee0294d9b371071cb08268200
Author: Jeff Layton
Date: Thu Apr 1 15:28:54 2010 -0400
mount.cifs: guard against signals by unprivileged users
If mount.cifs is setuid root, then the unprivileged user who runs the
program can send the mount.cifs process a signal and kill it. This is
not a huge problem unless we happen to be updating the mtab at the
time, in which case the mtab lockfiles might not get cleaned up.
To remedy this, have the privileged mount.cifs process set its real
uid to the effective uid (usually, root). This prevents unprivileged
users from being able to signal the process.
While we're at it, also mask off signals while we're updating the
mtab. This leaves a SIGKILL by root as the only way to interrupt the
mtab update, but there's really nothing we can do about that.
Signed-off-by: Jeff Layton
commit 294215ef969ce3ecb91063fbbb8a8c075272cc8d
Author: Jeff Layton
Date: Thu Apr 1 15:19:17 2010 -0400
mount.cifs: introduce privilege separation
Much of the mount option parsing and other activities can be done by an
unprivileged process. Allocate the parsed_mount_info struct as an
anonymous mmap() segment and then fork to do the actual mount option
parsing. The child can then drop root privileges before populating the
parsed_mount_info struct. The parent waits for the child to exit and
then continues the mount process based on the child's exit status.
Signed-off-by: Jeff Layton
commit e87a203fbaf059831292f2cb9a0692ef7a78a267
Author: Jeff Layton
Date: Thu Apr
[Samba] Printer Admin Difficulties
FF 54 00 00 .T.. [2010/03/31 13:44:33, 4] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [] 00 00 00 00 02 00 00 00 00 00 00 00 B3 4B 01 8A .K.. [0010] FF 54 00 00 .T.. [2010/03/31 13:44:33, 4] rpc_server/srv_spoolss_nt.c:377(get_printer_snum) short name:ZZZ [2010/03/31 13:44:33, 3] lib/access.c:362(only_ipaddrs_in_list) only_ipaddrs_in_list: list has non-ip address (127.) [2010/03/31 13:44:33, 3] lib/access.c:396(check_access) check_access: hostnames in host allow/deny list. [2010/03/31 13:44:33, 2] lib/access.c:406(check_access) Allowed connection from 127.0.0.1 (127.0.0.1) [2010/03/31 13:44:33, 10] smbd/share_access.c:234(user_ok_token) user_ok_token: share ZZZ is ok for unix user denieduser [2010/03/31 13:44:33, 10] lib/util_seaccess.c:58(se_map_generic) se_map_generic(): mapped mask 0x20020008 to 0x00020008 [2010/03/31 13:44:33, 10] lib/util_seaccess.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2010/03/31 13:44:33, 10] lib/util_seaccess.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2010/03/31 13:44:33, 10] lib/util_seaccess.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2010/03/31 13:44:33, 10] lib/util_seaccess.c:58(se_map_generic) se_map_generic(): mapped mask 0x100f000c to 0x000f000c [2010/03/31 13:44:33, 4] printing/nt_printing.c:5733(print_access_check) access check was FAILURE [2010/03/31 13:44:33, 3] rpc_server/srv_spoolss_nt.c:1707(_spoolss_OpenPrinterEx) access DENIED for printer open [2010/03/31 13:44:33, 4] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [] 00 00 00 00 02 00 00 00 00 00 00 00 B3 4B 01 8A .K.. [0010] FF 54 00 00 .T.. [2010/03/31 13:44:33, 4] rpc_server/srv_lsa_hnd.c:180(find_policy_by_hnd_internal) Found policy hnd[0] [] 00 00 00 00 02 00 00 00 00 00 00 00 B3 4B 01 8A .K.. [0010] FF 54 00 00 .T.. [2010/03/31 13:44:33, 3] rpc_server/srv_lsa_hnd.c:218(close_policy_hnd) Closed policy [2010/03/31 13:44:33, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x (0) uuid : ---- result : WERR_ACCESS_DENIED The only discernible difference to my eye is that for the denieduser, se_map_generic() is called before ultimately denying the user. Finally, here is testparm output: [global] workgroup = POTSDAM server string = Printing Server security = DOMAIN password server = MEGA restrict anonymous = 2 log level = 1 log file = /var/log/samba/%m.log max log size = 1 time server = Yes unix extensions = No deadtime = 5 printcap name = cups wins server = 192.168.0.1 printer admin = @printeradmins hosts allow = 127., 192.168. cups options = raw veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No browsable = No [print$] comment = Printer Drivers for Windows path = /usr/share/samba/print write list = @printeradmins [drivers] comment = Vendor Printer Driver Paks path = /usr/share/samba/drivers write list = @printeradmins create mask = 0775 directory mask = 0775 If anyone could shed light on this issue, it would be much appreciated. Thank you. -Jeff -- Jeffrey M Hardy Systems Analyst hard...@potsdam.edu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [linux-cifs-client] ANNOUNCE: cifs-utils release 4.1 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 24 Mar 2010 20:26:37 -0400 Jeff Layton wrote: > On Wed, 24 Mar 2010 20:24:17 -0400 > Jeff Layton wrote: > > > On Wed, 24 Mar 2010 07:55:09 -0400 > > Jeff Layton wrote: > > > > > On Tue, 23 Mar 2010 23:11:17 -0700 > > > Steve Langasek wrote: > > > > > > > Hi Jeff, > > > > > > > > On Tue, Mar 23, 2010 at 10:10:44AM -0400, Jeff Layton wrote: > > > > > This release is primarily a number of small bugfixes and cleanups. I > > > > > wanted to do a release with those prior to the coming overhaul of > > > > > mount.cifs to allow it to more safely be installed setuid root. > > > > > > > > Could you please provide detached GPG signatures for cifs-utils on the > > > > download site, so we have some cryptographic assurance of the integrity > > > > of > > > > the tarballs as we do for the samba tarballs? > > > > > > > > Cheers, > > > > > > Good point. I'm working now on getting a "cifs-utils" mail alias set up > > > that I can stuff into the key. Once I do so, I'll go back and sign all > > > of the tarballs and make sure they're signed on release in the future. > > > > > > Thanks, > > > > Done. A new cifs-utils signing key has been generated and the existing > > tarballs are now signed with it. The public key and signatures are > > available at the ftp location. > > > > ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ > > > > I'll update the webpage with that info soon. > > ...and in hindsight I should have probably signed that email. > Apologies for the spam, this one should be signed :) - -- Jeff Layton -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAkuqr+IACgkQyP0gxQMdzICKOACgj77famnypt2J7F2/zhCg8VUO kGoAn0D7EFDvZW9xKcZabdygM55P5D7H =F9SW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [linux-cifs-client] ANNOUNCE: cifs-utils release 4.1 available for download
On Wed, 24 Mar 2010 20:24:17 -0400 Jeff Layton wrote: > On Wed, 24 Mar 2010 07:55:09 -0400 > Jeff Layton wrote: > > > On Tue, 23 Mar 2010 23:11:17 -0700 > > Steve Langasek wrote: > > > > > Hi Jeff, > > > > > > On Tue, Mar 23, 2010 at 10:10:44AM -0400, Jeff Layton wrote: > > > > This release is primarily a number of small bugfixes and cleanups. I > > > > wanted to do a release with those prior to the coming overhaul of > > > > mount.cifs to allow it to more safely be installed setuid root. > > > > > > Could you please provide detached GPG signatures for cifs-utils on the > > > download site, so we have some cryptographic assurance of the integrity of > > > the tarballs as we do for the samba tarballs? > > > > > > Cheers, > > > > Good point. I'm working now on getting a "cifs-utils" mail alias set up > > that I can stuff into the key. Once I do so, I'll go back and sign all > > of the tarballs and make sure they're signed on release in the future. > > > > Thanks, > > Done. A new cifs-utils signing key has been generated and the existing > tarballs are now signed with it. The public key and signatures are > available at the ftp location. > > ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ > > I'll update the webpage with that info soon. ...and in hindsight I should have probably signed that email. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [linux-cifs-client] ANNOUNCE: cifs-utils release 4.1 available for download
On Wed, 24 Mar 2010 07:55:09 -0400 Jeff Layton wrote: > On Tue, 23 Mar 2010 23:11:17 -0700 > Steve Langasek wrote: > > > Hi Jeff, > > > > On Tue, Mar 23, 2010 at 10:10:44AM -0400, Jeff Layton wrote: > > > This release is primarily a number of small bugfixes and cleanups. I > > > wanted to do a release with those prior to the coming overhaul of > > > mount.cifs to allow it to more safely be installed setuid root. > > > > Could you please provide detached GPG signatures for cifs-utils on the > > download site, so we have some cryptographic assurance of the integrity of > > the tarballs as we do for the samba tarballs? > > > > Cheers, > > Good point. I'm working now on getting a "cifs-utils" mail alias set up > that I can stuff into the key. Once I do so, I'll go back and sign all > of the tarballs and make sure they're signed on release in the future. > > Thanks, Done. A new cifs-utils signing key has been generated and the existing tarballs are now signed with it. The public key and signatures are available at the ftp location. ftp://ftp.samba.org/pub/linux-cifs/cifs-utils/ I'll update the webpage with that info soon. -- Jeff Layton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ANNOUNCE: cifs-utils release 4.1 available for download
On Tue, 23 Mar 2010 23:11:17 -0700 Steve Langasek wrote: > Hi Jeff, > > On Tue, Mar 23, 2010 at 10:10:44AM -0400, Jeff Layton wrote: > > This release is primarily a number of small bugfixes and cleanups. I > > wanted to do a release with those prior to the coming overhaul of > > mount.cifs to allow it to more safely be installed setuid root. > > Could you please provide detached GPG signatures for cifs-utils on the > download site, so we have some cryptographic assurance of the integrity of > the tarballs as we do for the samba tarballs? > > Cheers, Good point. I'm working now on getting a "cifs-utils" mail alias set up that I can stuff into the key. Once I do so, I'll go back and sign all of the tarballs and make sure they're signed on release in the future. Thanks, -- Jeff Layton signature.asc Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
