Re: FW: encrypt passwords=no, security=yes, samba 2.2.8, W2K useraut h fails
That's highly undesirable, as it breaks single-signon (unless you're an NT-cenric organization, which Sun isn't (:-)) --dave |Hi Tony, |Another workaround would be to populate an smbpasswd file with all the names | |from your /etc/passwd file. |But I realize this can be onerous. Samba has a script to help with this, |mksmbpasswd.sh |since you won't be needing passwords from this smbpasswd file, this would do |it for you, I think if your distribution doesn't install this script, |it |can be found in the source at /usr/local/samba/source/script/mksmbpasswd.sh | |useage: | |cat /etc/passwd|./mksmbpasswd.sh >/usr/local/samba/var/private/smbpasswd | |Hope this helps |Don
Re: Patch for Bad Password Attempt Lockout, samba3.0a22.
ssword $ ntPassword $ pwdLastSet $ logonTime $ + MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ badPwAttempt $ logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ description $ userWorkstations $ primaryGroupID $ domain )) ------------ --- samba-3.0alpha22-orig/source/include/smb.h Thu Feb 27 22:21:08 2003 +++ samba-3.0alpha22-orig/source/include/smb.h.fix Thu Mar 27 12:40:10 2003 @@ -611,6 +611,7 @@ PDB_UNKNOWN3, PDB_UNKNOWN5, PDB_UNKNOWN6, + PDB_BADPWATTEMPT, PDB_LMPASSWD, PDB_NTPASSWD, @@ -684,6 +685,7 @@ uint32 unknown_5; /* 0x0002 */ uint32 unknown_6; /* 0x 04ec */ + uint32 bad_pw_attempt; /* count of bad password attempt */ } private; /* Lets see if the remaining code can get the hint that you -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: BUG (samba 2.2.8): smbd -l does not work under solaris
The routine really should emit a message of the form "sorry, you have to pass me a directory"... I'll check head this evening and try for a patch. --dave tony shepherd wrote: Oh, that is just so annoying This must have changed from 2.0.x to 2.2.x. It was logfile in 2.0.10 (what I am upgrading from)... Well, I feel like a goose now.That works so much better. Thanks for the help tony --On Tuesday, March 25, 2003 09:46:16 PM -0500 Brian Poole <[EMAIL PROTECTED]> wrote: Reread the man page, -l is log , not log . Caught me on first try as well. -b Quoting tony shepherd ([EMAIL PROTECTED]) from 26 March 2003: Folks ** I am not on this alias. Could all relevent replies please be CC'ed to me as well ** I have configured and compiled samba 2.2.8 with gcc 2.95.3 on Solaris 9 using the options --with-automount. When I try to use the command: smbd -D -l /var/log/log.smbd The log file is not created. Neither is the default log file which is in /usr/local/samba/var/. # /usr/local/samba/bin/smbd -D -l /var/log/log.smbd # ls -ald /var/log/log.smbd /var/log/log.smbd: No such file or directory The "log file" option in smb.conf works fine, but does not give you the granularity to have different log files for nmbd and smbd. tony -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: discussion on implementation of "bad attempt locakout" policy
This has some downsides, you understand: you can lock someone else out of their account by making a bunch of attempts to log in as them. Don't want root tracking your breakin attempts? Lock him out first! If you do go down this path, consider a) doing it in a PAM module so the same policy applies to Samba as to all other logins b) set a short delay (say, 10 minutes) when someone tries to log in, not a unilateral lockout, and notify root by email. --dave Jianliang Lu wrote: Hi, I'm looking at "bad attempt locakout" on samba3.0 a22. My opinion is to introduce a new variable "uint32 bad_pw_counts" in the struct user_data of SAM_ACCOUNT. so in the auth.c, routine check_ntlm_password(), I can check the bad password attemped against the AP_BAD_ATTEMPT_LOCKOUT, if it were more than that, I will lock the user. I'd like to have your sugestions on this issue, specially to know where I can put the count of the bad_pw_counts. Jianliang Lu TieSse s.p.a. Via Jervis, 60 10015 Ivrea (To)ITALY [EMAIL PROTECTED] [EMAIL PROTECTED] -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: [SECURITY] Samba 2.2.8 available for download
Green, Paul wrote: However, on a chip that does distinguish areas of virtual memory that are code, and areas that are data, and further disallows execution of data (absent a specific operating system call to change the access mode of that region of virtual memory), it seems to me that it would be almost impossible for even a highly skilled attacker to inject binary specific code. I consider myself highly skilled on the Stratus VOS operating system and I can't for the life of my see how I could get the HP PA-RISC microprocessor to execute code that came down the wire as data. I'm inclined to think you're right: if I set stack and data spaces non-executable on my machine (a SPARC), it makes it distincltly harder to build an stack-overflow exploit. The writer can't insert a return address in the code he's added, but instead has to run something that already exists in the address space. In addition, if the code space is protected, it's hard for the attacker to put exploit code there. Intel and Samba experts, can you expand on this? --dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: Browsing across subnets without WINS
Thank you, kind sir! --dave Christopher R. Hertel wrote: On Tue, Mar 18, 2003 at 07:34:45AM -0500, David Collier-Brown -- Customer Engineering wrote: Guys, is this an expected behavior? Unless you have WINS up (which causes issues with multihomed machines), one seemingly cannot synchronize browse lists across subnets. Samba's WINS does a good job of handling multi-homed systems. Microsoft's design for multi-homed WINS entries is ugly...but it should work. More... --dave Pedro Guedes wrote: Browsing across subnets is well documented on the 2 main books about Samba (the o´reilly one and the John D. Blair older one - the first of all). I usually do not use WINS, even on W2K because it does not work correctly on multihomed servers. I have heard many reports (and seen a few traces) of bugs in W2K's WINS implementation. It binds on only one interface (the primary one if one can state correctly which one it is - on 99% of the cases the one on the lowest PCI slot). Samba's WINS can be set to bind to which ever interfaces you like. One can read a couple of white papers from microsoft stating just that, I think this is due to the NetBIOS name coupled to the machine in contrast to the name coupled to the IP interface, even in the NeBT world. NetBIOS names are assigned to services or applications. Not to interfaces or devices. That's the way NetBIOS works. So that's right in the sense that the NetBIOS name is never bound to the interface. What I tried to do is make samba win browse master elections (in subnets away from the subnet where the PDC resides - it always wins and without any local NT4 Backup Domain Controlller or W2K Domain controller) based on the idea of the Unix server being always on-line should always take the role despite the presence of W98 & W2K Professional always coming and going. Yes, but having Samba become the *local* master browser doesn't help much. The idea is to change browse lists with the domain master browser (the PDC or FSMO on W2K) so that browsing accross subnets works for everybody. ...but the DMB can't be contacted unless you can find the name via WINS. In fact Samba becomes the master browser on the LAN due to higher values on election based on the setting "os level". It wins over W2K Professional (the highest Windows on the LAN). Right. But Despite settings of "remote announce" ,"remote browse sync", entries like 192.168.5.20ISLA#1B in lmhosts to talk to the PDC/FSMO (I known it says it only works with other samba server) what the Domain Master Browser receives is only the samba server itself, no neighbours listed at all. Remote Announce sends the Samba server's announcement directly to the DMB, so the DMB will know about the Samba server. That's what you are seeing. Remote Browse Sync only works between Samba servers. I have, since the early samba releases, noted this behaviour. So, what I do is make W2K Professional force and win browse master election when it boots. (look at HKLM\System\CurrentControlSet\Services\Browser\ for the values MaintainServerList - yes IsDomaiMasterBrowser - yes This way browse lists always propagate correctly to the Domain Master Browser. This samba behaviour (or lack of it) is quite unfortunate Samba's browsing behavior is a *superset* of Windows behavior. since the W2K Professionals are always coming and going making subnets browsing quite unstable. It is strange that the samba servers have such poor behaviour despite their phenomenal growth in the integration Unix/Windows arena. A little bit more could be written about this. If you have any sugestions they would be welcome. This matter truly deserves an article somewhere. In O´reilly web pages, on Linux/Windows Magazines. Maybe a better writer than me could write a paper on it. I am currently finishing the Browsing section of my book. See: http://ubiqx.org/cifs/Browsing.html I'll be finishing as much as I can in the next week or so. See also: ftp://ftp.microsoft.com/developr/drg/CIFS/cifsbrow.txt ...and also read the discussions of browsing parameters in the smb.conf manual pages. Basically, though Samba does a good job with browsing. Better than many Windows implementations. The key thing is that synchronising complete browse lists with a DMB will *not* work unless the LMBs know where to find the DMB. WINS is typically the way that is done. I don't know whether adding a #1B entry to the lmhosts file will signal Samba that it needs to browse sync with the given entry. If Samba is not aware of a WINS server it *may* not try to sync with any DMBs. *This is pure supposition on my part.* I don't know that part of the code as well as I should (yet). In any case, make sure you have lmhosts name resulotion enabled. I *have* seen a problem with browsing between Samba and Windows systems. I was not able to resolv
Browsing across subnets without WINS
Guys, is this an expected behavior? Unless you have WINS up (which causes issues with multihomed machines), one seemingly cannot synchronize browse lists across subnets. --dave Pedro Guedes wrote: > Browsing across subnets is well documented on the 2 main books > about Samba (the o´reilly one and the John D. Blair older > one - the first of all). > > I usually do not use WINS, even on W2K because > it does not work correctly on multihomed servers. > It binds on only one interface (the primary one if one can state > correctly which one it is - on 99% of the cases the one on the > lowest PCI slot). > One can read a couple of white papers from microsoft stating > just that, I think this is due to the NetBIOS name coupled > to the machine in contrast to the name coupled to the IP > interface, even in the NeBT world. > > What I tried to do is make samba win browse master elections > (in subnets away from the subnet where the PDC resides - it > always wins and without any local NT4 Backup Domain Controlller > or W2K Domain controller) based on the idea of the Unix server > being always on-line should always take the role despite the > presence of W98 & W2K Professional always coming and going. > The idea is to change browse lists with the domain master > browser (the PDC or FSMO on W2K) so that browsing accross > subnets works for everybody. > > In fact Samba becomes the master browser on the LAN due to > higher values on election based on the setting "os level". > It wins over W2K Professional (the highest Windows on the LAN). > > But > Despite settings of "remote announce" ,"remote browse sync", > entries like 192.168.5.20ISLA#1B in lmhosts > to talk to the PDC/FSMO (I known it says it only works with > other samba server) what the Domain Master Browser receives > is only the samba server itself, no neighbours listed at all. > > I have, since the early samba releases, noted this behaviour. > > So, what I do is make W2K Professional force and win browse > master election when it boots. > (look at HKLM\System\CurrentControlSet\Services\Browser\ for > the values > MaintainServerList - yes > IsDomaiMasterBrowser - yes > This way browse lists always propagate correctly to the > Domain Master Browser. > > This samba behaviour (or lack of it) is quite unfortunate > since the W2K Professionals are always coming and going making > subnets browsing quite unstable. > > It is strange that the samba servers have such poor behaviour > despite their phenomenal growth in the integration > Unix/Windows arena. > > A little bit more could be written about this. > If you have any sugestions they would be welcome. > This matter truly deserves an article somewhere. In O´reilly > web pages, on Linux/Windows Magazines. > Maybe a better writer than me could write a paper on it. > > > Pedro Guedes > > PORTUGAL > > [EMAIL PROTECTED] -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Sidebar to Testing framework
If you're considering performance tests as well, I can help on metrics and analysis. I often use Samba as the guinea-pig in my work work. --dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
RE: Samba Performance on Solaris 7/8 (oplocks)
Could someone add a one-liner to the FAQs about the .mdb/.dbf/.shp spcial case? --dave John wrote: | I did. The ESRI MapObjects part of our application, | however, doesn't like being denied an exclusive lock on | those .shp files -- despite the fact that it only needs | to open them for read access. | Fake oplocks more/less a workaround for MapObjects. | It's just unfortunate that you have to apply fake | oplocks to the entire service and not just the | .shp extension. -Original Message----- From: David Collier-Brown -- Customer Engineering [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 2:37 PM To: Nastasi, John Cc: '[EMAIL PROTECTED]' Subject: Re: FW: Samba Performance on Solaris 7/8 Possibly dumb question: didn't you say you tried veto oplock files = /.mdb/.dbf/.shp/ --dave (whose short-term memory is starting to go (;-)) c-b Nastasi, John wrote: > David, > > Just as a follow-up, I wanted to pass along that by adding... > > Oplocks = False > Fake Oplocks = True > > ...to the service, it appears to have fixed the problem. Since none of the > .MDB, .DBF, or .SHP files should ever be written to (by our app -- in > theory) I'm anxious to see if any data corruption issues result. > > If Samba had a way to fake oplocks for just a certain file type (mainly > .SHP) it seems like that would be the ideal way to go. That would allow > MapObjects to "believe" it had an exclusive on .SHP files -- which it really > doesn't require -- and other file types including .MDB and .DBF to be > excluded from oplocking altogether. > > John Nastasi > > > -Original Message- > From: David Collier-Brown -- Customer Engineering > [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 11, 2003 9:00 AM > To: Nastasi, John > Cc: '[EMAIL PROTECTED]' > Subject: Re: Samba Performance on Solaris 7/8 > > Nastasi, John wrote: > >>Do you know if there are any issues with Samba running on Solaris that >>would cause the application to run "very, very" slow with oplocks turned >>off? > > > No, and that's the kind of problem we should > raise with the Samba team: I'm cc'ing this > to them. > > > >>Specifically, with oplocks turned on I get acceptable performance >>trying to open an MS-Access (Jet) database. The operation completes in >>no more than a minute or so. Turning "off" oplocks (as suggested >>repeatedly by many folks for multiple users accessing an MDB on a Samba >>share) completely hoses the same operation - 9 minutes to complete. > > > We need to see what Samba's doing differently > between the two cases. There are three places to > look: > 1) Samba logs, at log level = 3 or more > 2) truss reports > 3) packet dumps. > > I recommend them in roughly that order: I'm > good at reading truss, and the team is real good > at logs. > > >>I've tried the configuration on a Solaris 7 (Ent 4500) running Samba >>2.0.10 and also on a Solaris 8 (V100) running Samba 2.2.7a - same >>result. I'm about to try the latest kernel patch to see if it could be >>an fcntl related issue, but was curious if you knew of anything else >>that could be causing the problem. >> >>Based upon what I've read - oplocks being turned off should "help" >>multi-user, MDB access performance. What I'm seeing, however, is just >>the opposite. > > > Yes, specifically by avoiding transferring the > whole file to the client and then transferring it back. > Turning of oplocks **in principle should** cause > the db to read only the records it wants to change, > then writing them back. > > The times imply it's still transferring the whole > file, which is utterly evil (;-)) Of course, using > smb file locking as the mechanism to do database locking > is brain-dead in the first place. Being able to do > so is just a way of letting you try out a DBMS, get > used to it and eventually buy the back-end DBMS and > a server to put it on. > > > --dave > -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
RE: Samba Performance on Solaris 7/8
"Nastasi, John" <[EMAIL PROTECTED]> writes:
---
I almost thought I had the problem licked yesterday by leaving oplocks on,
and utilizing the veto oplock option to selectively exclude certain file
types.
Going this route, I was able to exclude both .MDB and .DBF file types with
no degradation in performance (single-user). The minute I tried to
exclude
.SHP file types, however, the problem re-appeared. Using smbstatus, I
came
to the conclusion that our app is attempting to gain an exclusive lock
on a
specific .SHP file and, upon failing, continues to re-try at 30 second
intervals -- finally moving on after 9 minutes (20 attempts I presume).
Checking with our developers unveiled that our app is programmed in Visual
Basic and makes use of Map Objects from ESRI for GIS activities.
Apparently
Map Objects is where the .DBF and .SHP (shape) files are coming into play,
and the source of the file locking problem.
Because the problem (appears) to emanate from Map Objects, I'm not sure
there's going to be a way to work around it. I'm just disappointed
that it
works on an NT/2000 based share and not Samba. The client that I'm
working
on this for is a large Sun user, and apparently has no real desire to
drop a
Windows box into the mix.
Thanks again for your help, and if you can think of anything that may work
in this situation -- I'd be very interested in your thoughts.
Although I've
not yet had the opportunity to run a TRUSS or packet capture, I can
certainly get in and learn how to do it real quick if you think that would
help in any way.
Have a good one...
John Nastasi
-Original Message-
From: David Collier-Brown -- Customer Engineering
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 11, 2003 9:00 AM
To: Nastasi, John
Cc: '[EMAIL PROTECTED]'
Subject: Re: Samba Performance on Solaris 7/8
Nastasi, John wrote:
> Do you know if there are any issues with Samba running on Solaris that
> would cause the application to run "very, very" slow with oplocks
turned
> off?
No, and that's the kind of problem we should
raise with the Samba team: I'm cc'ing this
to them.
> Specifically, with oplocks turned on I get acceptable performance
> trying to open an MS-Access (Jet) database. The operation
completes in
> no more than a minute or so. Turning "off" oplocks (as suggested
> repeatedly by many folks for multiple users accessing an MDB on a
Samba
> share) completely hoses the same operation - 9 minutes to complete.
We need to see what Samba's doing differently
between the two cases. There are three places to
look:
1) Samba logs, at log level = 3 or more
2) truss reports
3) packet dumps.
I recommend them in roughly that order: I'm
good at reading truss, and the team is real good
at logs.
> I've tried the configuration on a Solaris 7 (Ent 4500) running Samba
> 2.0.10 and also on a Solaris 8 (V100) running Samba 2.2.7a - same
> result. I'm about to try the latest kernel patch to see if it
could be
> an fcntl related issue, but was curious if you knew of anything else
> that could be causing the problem.
>
> Based upon what I've read - oplocks being turned off should "help"
> multi-user, MDB access performance. What I'm seeing, however, is just
> the opposite.
Yes, specifically by avoiding transferring the
whole file to the client and then transferring it back.
Turning of oplocks **in principle should** cause
the db to read only the records it wants to change,
then writing them back.
The times imply it's still transferring the whole
file, which is utterly evil (;-)) Of course, using
smb file locking as the mechanism to do database locking
is brain-dead in the first place. Being able to do
so is just a way of letting you try out a DBMS, get
used to it and eventually buy the back-end DBMS and
a server to put it on.
--dave
--
David Collier-Brown, | Always do right. This will gratify
Sun Microsystems DCMO | some people and astonish the rest.
Toronto, Ontario |
(905) 415-2849 or x52849 | [EMAIL PROTECTED]
--
David Collier-Brown, | Always do right. This will gratify
Sun Microsystems DCMO | some people and astonish the rest.
Toronto, Ontario |
(905) 415-2849 or x52849 | [EMAIL PROTECTED]
Missing configure script after cvs download
I wrote earlier about cvs because source/configure disappeared after I did a cvs download... trying to diagnose it left me debugging cvs (;-)) Anyoen know if cvs ... co -r HEAD samba should cause source/configure to not be downloaded? --dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: Samba non-oplock performance on Solaris 7/8
Nastasi, John wrote: > Do you know if there are any issues with Samba running on > Solaris that would cause the application to run "very, very" > slow with oplocks turned off? No, and that's the kind of problem we should raise with the Samba team: I'm cc'ing this to them. > Specifically, with oplocks turned on I get acceptable performance > trying to open an MS-Access (Jet) database. The operation completes in > no more than a minute or so. Turning "off" oplocks (as suggested > repeatedly by many folks for multiple users accessing an MDB on a Samba > share) completely hoses the same operation - 9 minutes to complete. We need to see what Samba's doing differently between the two cases. There are three places to look: 1) Samba logs, at log level = 3 or more 2) truss reports 3) packet dumps. I recommend them in roughly that order: I'm good at reading truss, and the team is real good at logs. > I've tried the configuration on a Solaris 7 (Ent 4500) running Samba > 2.0.10 and also on a Solaris 8 (V100) running Samba 2.2.7a - same > result. I'm about to try the latest kernel patch to see if it could be > an fcntl related issue, but was curious if you knew of anything else > that could be causing the problem. > > Based upon what I've read - oplocks being turned off should "help" > multi-user, MDB access performance. What I'm seeing, however, is just > the opposite. Yes, specifically by avoiding transferring the whole file to the client and then transferring it back. Turning of oplocks **in principle should** cause the db to read only the records it wants to change, then writing them back. The times imply it's still transferring the whole file, which is utterly evil (;-)) Of course, using smb file locking as the mechanism to do database locking is brain-dead in the first place. Being able to do so is just a way of letting you try out a DBMS, get used to it and eventually buy the back-end DBMS and a server to put it on. --dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED] -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: Urgent: Cvs download has changed unexpectedly
I deleted the whole tree, changed the makefile to the new syntax, and it fails with the identical messages. The good news is that we documented pserver.samba.org in the second edition... the bad news is that I can't get it to work (;-)) --dave Tim Potter wrote: On Sun, Mar 09, 2003 at 02:13:17PM -0500, Dave Collier-Brown wrote: For that last few years, I've been using a makefile to download and build samba, based on the instructions in http://us1.samba.org/samba/cvs.html These are the same instructions that we put in "Using Samba", and are unchanged in the second edition. The cvs.html file has probably changed since then, specifically it has been modified to split the anonymous cvs repository to pserver.samba.org and the writable cvs repository staying at cvs.samba.org. According to the CVS logs this split was done in October 2000. Alas, they now only cause diagnostics, at least three of which are bogus! 1) If I run "cvs update -d :pserver:[EMAIL PROTECTED]:/cvsroot -P" it returns "No CVSROOT specified! Please use the `-d' option", which, you understand, I did (;-)) There are instructions for "reparenting" a cvs repository using some simple unix commands on the new cvs.html page. I'm sorry the new version of your book has the old information in it - that's a real bummer. )-: Tim. -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: Urgent: Cvs download has changed unexpectedly
Dave Collier-Brown wrote: 1) If I run "cvs update -d :pserver:[EMAIL PROTECTED]:/cvsroot -P" it returns "No CVSROOT specified! Please use the `-d' option", which, you understand, I did (;-)) This also applies if I change the host from [EMAIL PROTECTED] to [EMAIL PROTECTED] --dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: [patch] Allow chown of directories from W2k domain clients
Andrew Furey wrote: Because I couldn't find it :( The closest I could come was #21 (listed in asm/errno.h), but I couldn't confirm it - whenever I tried to access the errno variable (by logging it) smbd would segfault :( My C is a bit (OK, a lot) rusty... I think you may have missed a #include which defines it specially. On Solaris, for example, errno is actually (*(___errno())), a function. --dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: password quality script aka --with-cracklib replacement
Andrew Bartlett wrote: > or else your users change from password1 > to password2 to password3 then back to password1. They sure do! I hate that... I spoke to my colleague, and he refreshed my memory about that part: we variously used crypt or an MD4 hash to encrypt passwords and stored the encrypted form in a lookup table of N elements per user. If someone changed their password, we encrypted it and looked to se if it was already there, and if not replaced the oldest stored copy. To avoid collisions with other people's passwords causing false positives, we generated a salt from the userid, and applied it as part of the encryption, but did not store the salt in the lookup table so you couldn't see it was salted deterninistically from just looking at the file. --dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: password quality script aka --with-cracklib replacement
Martin Pool wrote: > The PAM module might store previous passwords in a database (e.g. tdb) > that it maintains. Every time a password is set, it gets put in > there, with any other appropriate information (date?). When a new > password-setting attempt is made, it checks against the history, plus > other strength checks. Do we even need to save the decrypted password? A colleague once saved old encrypted passwords to allow the "do they really know the old one" test to be done via challange-response. --dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: Winbindd limited by select
Ken Cross wrote:
> > #define FD_SETSIZE 2048 /* Max # of winbindd connections */
> >
> > must occur before the first invocation of .
> >
> > This could be a build option, but it might be much simpler to hard-code
> > it in local.h, which is what I did to fix it.
> >
> > Can somebody check the implications of this on Solaris, HPUX, etc.?
On Solaris, compiled as a 32-bit app, the limit
applies. Compiled as a 64-bit app, you can have
as many FDs as you want.
However, there is currently no good reason to build
Samba as a 64-bit app: it doesn't need a bigger
address space.
--dave
--
David Collier-Brown, | Always do right. This will gratify
Sun Microsystems DCMO | some people and astonish the rest.
Toronto, Ontario |
(905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: Solaris fcntl CPU/Lock update
"Christopher R. Hertel" wrote: indirectly to you from pbelanger: > Please let know jra that libnspr4.so and libnss3.so ARE linked > to libpthread and libthread under Solaris I assume libnspr4.so and libnss3.so are special libraries provided as part of open LDAP: the Solaris nss libraries are nss_compat.so.1 nss_files.so.1nss_nis.so.1 nss_user.so.1 nss_dns.so.1 nss_ldap.so.1 nss_nisplus.so.1 nss_xfn.so.1 with nothing resembling libnss3, while there are no nspr libraries at all. I did a quick check, and there are no solaris libraries which make calls into libposix... --dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: Solaris fcntl CPU/Lock update
On Mon, Feb 03, 2003 at 07:38:31AM -0800, Jeff Mandel wrote: > > Reading symbols from /usr/lib/libpthread.so.1...done. > > Loaded symbols for /usr/lib/libpthread.so.1 jra wrote:> > This is a much more interesting backtrace than the > other. Why is smbd linking in pthread libraries ? > smbd is *NOT* a threaded program. The library lsit on my Solaris 8 workstation is much shorter: $ pvs smbd libsocket.so.1 (SISCD_2.3); libnsl.so.1 (SUNW_0.7, SUNWprivate_1.1); libdl.so.1 (SISCD_2.3); libc.so.1 (SUNW_1.1); No pthread at all! --dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: Patch for solaris 2.x to provide nsswitch wins resolution
It probably belongs in autoconf, as Dan noted, with an #ifdef THIS_OR_THAT tha twill be set to true on both Solaris and HPUX. Hey! Is it working on HPUX too??? That would be cool. --dave Steven Tamm wrote: > > The configure.in script defines SUNOS5 if the host_os is solaris. I wasn't > questioning whether or not the predefine was correct, I was questioning > whether it was appropriate, considering that in the configure.in > winbind_nss_solaris is included on HPUX. So the wins.c solaris portion > probably also needs to include HPUX. > > I don't know how the samba team is organized; but my assumption was that > whoever was dealing with winbind and nsswitch would know what to do with the > #ifdef, whether that would be place that code in a separate file called > "wins_solaris.c" or create another AC_DEFINE like "NSSWITCH_CONSTR_STYLE" or > something like that. > > -Steven > > > > > The predefined macros fron a Sun SC-series compilers are > >__sun > >__unix > >__SUNPRO_C=0x500 > >__sparc (SPARC) > >__sparcv9 (SPARC with -xarch=v9|v9a) > >__i386 (x86) > >__SVR4 > > Not that those are double leading underscores. From memory > > and a quick check on linux, GCC defines a partially overlapping > > set including __linux and __sun. > > To get a full list of possibly-predefined symbols on > a particular installation of gcc, you can do something > like > tr ' ' '\012' < /usr/lib/gcc-lib/i386-redhat-linux/3.2/specs | grep D > | sed 's/.*-D//' | sort -u > > but it's better to do autoconf-style feature tests than > #if operatingsystem > style tests, isn't it? > > - Dan -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: Patch for solaris 2.x to provide nsswitch wins resolution
Steven Tamm wrote: > > Sorry if this is not the right forum, but the documents on the website kind > of implied I should send this to the list. > > I needed to get wins resolution added on Solaris to nsswitch specifically > for gethostbyname. The problem was that libnss_wins.so didn't include the > solaris wrapper and that libnss_winbind.so didn't include gethostbyname. > Here is a patch off of 2.2.7a that solves both issues (I'm not sure about > the #if SUN). The predefined macros fron a Sun SC-series compilers are __sun __unix __SUNPRO_C=0x500 __sparc (SPARC) __sparcv9 (SPARC with -xarch=v9|v9a) __i386 (x86) __SVR4 Not that those are double leading underscores. From memory and a quick check on linux, GCC defines a partially overlapping set including __linux and __sun. --dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: smbwrapper/smbsh on Linux/glibc
[EMAIL PROTECTED] wrote: > So my questions are: > > 1. Are there LFS requirements for SMB/CIFS or can I just drop the high-order >portion of 64-bit file offsets? There was a previous dicussion of the LFS/glibc issues, including some Samba ones, at http://www.scyld.com/products/beowulf/software/lfs-5.html#ss5.1 --dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: smbwrapper/smbsh
[EMAIL PROTECTED] wrote: > It appears I've nearly got it solved (unless another big problem turns up > after I fix this one). Aside from my initialization routine not be called > early enough, thus providing some null function pointers, Hmmn, In a different discussion group I once wrote: --- The plugin uses a set of NULL pointers and a check in each interceptor to do initialization, as Linux lacks #pragma init(name-of-init-function). This is inefficient (and inelegant). Today, a free software program called valgrind was released as a linux LD_PRELOAD program, and it uses the following assembler option to declare vgPlain_startup to be the init function for the program, just as Sun' compiler option does: .section .init call vgPlain_startup This is used with the gnu linker option -z initfirst, and ensures that the .init section is run first. Therefor we now know how to simulate #pragma init for Linux, and can drop the null pointers. This increases efficiency (by one instruction time, big deal), and ensures that initialization occurs before the user programs does **anything**. The latter may make wget work on all machines, as in the cases where it failed, it appeared to be starting too late, after one of the critical application system calls. --- Does this help? --dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: Cannot get net ads join to work under Solaris 8
Andrew Bartlett wrote:
> Actually, we got confused - the function that Samba replaced, which I
> suspected could be a problem is 'timegm'.
>
> Either way, there is a but in there somewhere, as it doesn't work for a
> non-GMT timezone.
Ok, timegm is obsoleted in the standard, but it's
still supported on lots of systems, specifically
including anything with the Gnu libc, but
not in Solaris or the Apple BSD.
It's the inverse of gmtime, defined as
time_t timegm(struct tm *tm);
and is perfectly useful in some specific
cases, where one wants to turn a struct tm
back into a time_t.
The usual inverse is
time_t mktime(struct tm *timeptr);
(see http://www.opengroup.org/onlinepubs/007908799/xsh/mktime.html)
and it looks like there is enough functionality
to implement timegm. Older man pages disagree, but
standards folks don't get to frivolously remove things we
still need. If they were to try, my Evil Twin, David
J. Brown, would spank them (:-))
---
The POSIX man page says:
The original values of the tm_wday and tm_yday components of the
structure are ignored, and the original values of the other components
are not restricted to the ranges described in the entry.
A positive or 0 value for tm_isdst causes mktime() to presume
initially
that Daylight Savings Time, respectively, is or is not in effect for
the specified time. A negative value for tm_isdst causes mktime() to
attempt to determine whether Daylight Saving Time is in effect for
the specified time.
Local timezone information is set as though mktime() called tzset().
---
and the older man pages say:
The functions mktime() and timegm() convert the broken-down time in
the
structure pointed to by tm into a time value with the same encoding as
that of the values returned by the time(3) function (that is, seconds
from the Epoch, UTC). mktime() interprets the input structure
according
to the current timezone setting (see tzset(3)). timegm() interprets
the
input structure as representing Universal Coordinated Time (UTC).
---
The workaround is to set the time zone, as you did, but
I suspect there's a better one: probably something
like
if ((x = mktime(timeptr) != -1))
x -= altzone;
I'll ask My Smarter Colleagues[tm].
--dave
--
David Collier-Brown, | Always do right. This will gratify
Sun Microsystems DCMO | some people and astonish the rest.
Toronto, Ontario |
(905) 415-2849 or x52849 | [EMAIL PROTECTED]
WinXP_PlainPassword.reg
I know folks dislike the plain password hack, but Unix sites who don't trust their authentication to and NT server still use these, deficiencies and all. So: here's an XP .reg file, same as the w2k reg file, to go in the docs/Registry directory, as created by regedit. Can you check it out and publish it, please? --dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED] WinXP_PlainPassword.reg Description: Binary data
Re: Cannot get net ads join to work under Solaris 8
Andrew Bartlett wrote: > Well, it just means that we need to find a real replacement for > gmtime(). Any chance you could have a look at that function, and see if > you can figure out why the current replacement doesn't work? Huh? My Solaris box has gmtime and gmtime_r, the reentrant variant. In principle, gmtime creates a struct tm, in Coordinated Universal Time (UTC), just as if you called localtime when machine was set to GMT. --dave -- David Collier-Brown, | Always do right. This will gratify Sun Microsystems DCMO | some people and astonish the rest. Toronto, Ontario | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: [Samba] Re: How Samba let us down
Steve Langasek wrote: > If oplock support is disabled, yes, you can expect two Samba > installations to play nicely with locks on the same set of files. If > oplocking is enabled, it might also be possible to make them behave, > though this would at least require some symlink magic. There are also some sharable filesystems that could result in two sambae sharing the same files: supposedy my employer sells one (:-)) --dave -- David Collier-Brown, | Always do right. This will gratify DMCO's MTEC team in Toronto| some people and astonish the rest. Formerly Opcom, ACE and SIS. | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Windows Session timeouts -- when Samba is slow
While discussing unexpected timeouts on a slow (auto-restored from tape) filesystem, or on a slow network, a colleague referred me to the attached snippit of an MS manual: Has anyone tried this, and if so, was it usefull? --dave --- Error 3013, "The redirector has timed out to SERVERNAME" usually means that the Server that you are attempting to connect to is: Either busy and cannot respond before the rdr timeout The network could be busy Bottleneck in the network As to troubleshooting this problem, you may want to exhaust all means before deciding to increase the amount of time before the redirector stops (SESSTIMEOUT). The SESSTIMEOUT parm can be set in the following registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters Some things you can try are to obtain a trace of the packets on the network. You want to zoom in on the amount of time it takes for the Server to respond back to the workstation. Another idea is to perform what ever operations that was done backwards. If you were connecting to ServerA from ServerB, try connecting to ServerB from ServerA. Also have another client attempt to connect to the same server to see if both redirectors have the same problem connecting to the same server. You may also want to check the following items: Check to see that the latest network driver is installed. Check to determine whether the network adapter has a configuration utility that allows tuning parameters. If so, try maximizing the network performance. MORE INFORMATION Valid values for the SessTimeout registry key are: SessTimeout REG_DWORD Range: 10 - 65535 seconds Default: 45 Additional query words: event id Keywords : kbnetwork ntnetserv Version : :; winnt:3.5,3.51,4.0 Platform : winnt Issue type: kbinfo -- David Collier-Brown, | Always do right. This will gratify DMCO's MTEC team in Toronto| some people and astonish the rest. Formerly Opcom, ACE and SIS. | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: Patch: convenience feature for non-domain clients
"Jon. Hallett" wrote:
> This is particularly useful for sites converting from "security = server"
> to "security = domain" who don't want to go around their clients adding
> domain parts to all the usernames with which they map shares.
That sounds like a good way to make the beginning of a
migration easy...
--dave
--
David Collier-Brown, | Always do right. This will gratify
DMCO's MTEC team in Toronto| some people and astonish the rest.
Formerly Opcom, ACE and SIS. |
(905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: Solaris fcntl bug 4700402
Neil Hoggarth wrote: > Does anyone know if there have been any further developments on the > Solaris fcntl() issue? I haven't heard anything: customers tend to hear before I do, though. --dave -- David Collier-Brown, | Always do right. This will gratify DMCO's MTEC team in Toronto| some people and astonish the rest. Formerly Opcom, ACE and SIS. | (905) 415-2849 or x52849 | [EMAIL PROTECTED]
Re: The need for a special SMB receive system call
Andrew Bartlett wrote:
> Why can't we do a non-blocking read on the socket, into a (large)
> buffer?
>
> We would then process the commands one-by one, until we reached one that
> had a length beyond the end of the buffer. Then we memmove it to the
> start, read to it's end, process and start the game again.
I use a similar trick in an old readline library
(which I need to find again): do a non-blocking read
into a large buffer, structurally identical to a
stdio buffer, then call individual
read-record or read-line functions that use it.
The gotcha is that the caller of the read-record
function MUST check the pointer returned for null, and
if it's null, check to see if its EOF or just
not ready, and in the latter case do something that
blocks. If not, and you use it in a loop, you'll
busy-wait on the fd and eat a CPU (;-))
I should have used select/poll, I suspect, but
I didn't have that on CP/M-80 (I sead it was
a long time ago (:-))
--dave
--
David Collier-Brown, | Always do right. This will gratify
Performance & Engineering | some people and astonish the rest.
Opcom/ACE/SIS in Toronto | -- Mark Twain
(905) 415-2849 | [EMAIL PROTECTED]
Re: Solaris fcntl bug 4700402 at the University of Queensland
[EMAIL PROTECTED] wrote: > Oh thank goodness for that, I was worried when I saw the > other message about the fix being --with-spinlocks as > that's not a good solution. > > We can't hold back 2.2.6 for this unfortunately, we'll > have to put something in the release notes about it - > any chance of getting the patchid pre-allocated so we > know what it will be ? I don't know if that's doable, but I'll try: with your permission I'll quote your last paragraph in the request. --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: Solaris fcntl bug 4700402 at the University of Queensland
Andy Thomas wwrote: > I just checked the SunSolve site. For bug report 4700402, they say it > is closed, and say the work around is to compile with --with-spinlocks. That's odd, I can't find it at sunsolve.Sun.COM... In any case should also have noted that a solution is being prepared... The spinlock workaround is just that, a temporary workaround. --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: Solaris fcntl bug 4700402 at the University of Queensland
[EMAIL PROTECTED] wrote: > Are you sure this is the same bug ? The history of the bug > I'm referring to was reported by Volker on one of his German > Samba accounts (contact him directly for the name of the > customer) and escalated into the Solaris kernel team by > tridge via a personal contact Yes it was: the two bug reports were proceeding in parallel until the kernel team noticed, and combined them into one. Incidentally, thats why I didn't know until recently that this bug also affected TDBs. I'm waiting for a patch number to come out so we can pick it up from sunsolve. --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Solaris fcntl bug 4700402 at the University of Queensland
The first responses to the fcntl problem we've been working on will be to the University of Queensland, who reported the bug and escalated it. I don't happen to know the expected schedule: I do know we're doing quality control and scheduling it for inclusion in Solaris (but you could have guessed that). Sites with service contracts should ask for the fix for 4700402. I'm on the email list for it and will keep an ear open here in ACE. UQ, have you heard anything I havent? --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: PR #s 25271, 25273, 25445 security=domain does not work onSolaris
Tim Allen wrote: > I have posted to this group in the past and been told that the behavior > I'm seeing is not correct. My main file server (Samba/Linux) does not > behave this way (similar smb.conf). And the symptom was: | I have posted to the user groups and think I have found a bug. Our | RHL6.2 box running samba 2.0.6 is a member of our NT domain. An NT user | (say jbloggs) cannot browse the unix/samba box unless there is a | corresponding unix user (jbloggs) on the unix box; this is the expected | (and correct??!) behavior. We have added samba 2.2.2 to one of our Sun | boxes (Solaris 8) and now we appear to have to add users to the | "smbusers" file in addition to (or instead of) just having a | corresponding unix user. I will supply further information (smb.conf, | log files, whatever) as requested. You normally need a Unix user, but if you wish to use the NT form of encrypted passwords, you also have to have an entry for the user in the smbpasswd file. As security=domain requires encrypted passwords, I'm afraid you're stuck with it! I run inside a firewall, and so don't use domains. --dave (security = user) c-b -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: System documentation of Samba
Volker Lendecke wrote: > Sorry, David, but that description is not completely correct. The Solaris fcntl > scaling problem does *not* happen on files that are shared to users, it happens > on the internal Samba .tdb-files. Thanks, I didn't realize that both of these were aspects of the same problem. I was only following the one. --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: System documentation of Samba
Jeff Mandel wrote: > Could you provide some details the bug in Solaris? 2.2.2 used to work > fine for me, but recently it has fallen apart. 2.2.5 behaves the same. I > can think of a recent jumbo patch cluster installation that might be to > blame, but I'd like to know if it's possible to track it down a back it > out for now. Sure: it's a performance problem with locks which shows up when locking the index file of a dbm-style database (which have two files, an index and a data file), and which is being shared via Samba with PC clients. At least one site, and probably two, have the problem. I'm following it with considerable interest (I work for Sun, you see, although not on Samba (:-)) It doesn't affect the performance of Samba on Solaris in general, and oddly enough it doesn't seem to hit MS Access... >> open_mode_check: exlusive oplock left by process 23227 after >> break For file profile/.../office.file.doc, It's not related to the problem you see, with ordinary oplocked .doc files. One wouldn't oplock dbm files! --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: WINS proxy
Alex Torkhov wrote: > I see 2 ways to resolv my problem: > 1. Add new feature to Samba (something like WINS registration proxy) > 2. Use lmhosts in WINS server. > 3 [...] small script (like findsmb) runs every 5 minutes Alas, the lmhosts file would have to be on the client machines, so you'd still ahve to convince them to help you help themselves. Pleas not that even if they have NT servers, they still have to put the wins host name/address into a box in the cntroll panel. Only if they get their IP addresses from a windows- compatable DHCP server can they get wins server adresses automatically. --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: Another showstopper in 2.2.5
[EMAIL PROTECTED] wrote: > > On Tue, Aug 20, 2002 at 12:24:51PM -0400, David Collier-Brown wrote: > > Fredrik Ohrn wrote: > > > Sooner or later the smbd dies on a SIGPIPE when trying to send a > > > keepalive. The SIGPIPE isn't catched, thus it leaves stale sharemodes. > > > > Thank you, Oh Kind Person! > > (I was wondering how this could possibly happen, you see) > The problem is this shouldn't happen - we block all SIGPIPE > signals in smbd startup. I saw that code, and wondered how we could be getting sigpipe, and also how we ever get a keepalive as the code seems to avoid getting them with great enthusiasm (;-)) --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: Another showstopper in 2.2.5
Fredrik Ohrn wrote: > Sooner or later the smbd dies on a SIGPIPE when trying to send a > keepalive. The SIGPIPE isn't catched, thus it leaves stale sharemodes. Thank you, Oh Kind Person! (I was wondering how this could possibly happen, you see) > Program received signal SIGPIPE, Broken pipe. > 0x4015e332 in send () from /lib/libc.so.6 > (gdb) bt > #0 0x4015e332 in send () from /lib/libc.so.6 > #1 0x0812f81d in sys_send () > #2 0x0813e90b in write_socket_data () > #3 0x0813e70b in send_keepalive () > #4 0x080a2348 in timeout_processing () > #5 0x080a264e in smbd_process () > #6 0x08069959 in main () > #7 0x4008a280 in __libc_start_main () from /lib/libc.so.6 > (gdb) cont > Continuing. > > Program terminated with signal SIGPIPE, Broken pipe. > The program no longer exists. > (gdb) > > Things to note is that the client is alive and have had no (obvious) > reason to drop the connection or otherwise stop responding. I have tried > this over and over and it's allways in send_keepalive that the SIGPIPE of > death happens. --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: Fcntl hangs in 2.2.5 on Solaris
[EMAIL PROTECTED] wrote:
>
> On Mon, Aug 12, 2002 at 03:01:14PM -0400, David Collier-Brown wrote:
> > Ok, I've been looking at portable locking mechanisms and fcntl.
> >
> > A Smarter Colleague (Mark) pointed out that there are
> > scalability issues with fcntl locks on both Solaris
> > and Linux, but quite different ones.
>
> We haven't yet hit any scalability problems with fcntl
> locks on Linux. We use them in Samba a *lot* with the tdb's.
>
> Sorry Dave, as far as I can see this (at least the Samba fcntl
> issue) is a Solaris only problem :-) :-).
Yes, it indeed only occurs with Solaris: Samba
deosn't erally do anything non-scalable, it's
actually the mapping of application locks to
samba to fcntl locks on Solaris that isn't scaling.
> The tdb spinlock code is really unsafe to use in a production
> environment due to the potential to lock up the entire db
> on abend. Now I know you can make no consistency guarentees
> on abend even with fcntl locks, but when a process abends with
> an fcntl lock the lock is at least released to allow others to
> attempt a cleanup.
Posix locks, with the EOWNERDEAD hook have the same
cleanup guarantees as fcntl locks. The real disadvantage
is that they are not file-related locks, and even
though they have some advantages, do not protect
against a Unix process and a client using SMB from
whacking a file. Whacking as in "The Sopranos" (;-))
That's why they're a workaround.
>
> Please just fix the Solaris fcntl lock problem :-) :-).
I may need to drag you into the detailed discussion
to help expose what exactly is needed by Samba,
so we can see why our algorithm doesn't provide it...
--dave
--
David Collier-Brown, | Always do right. This will gratify
Performance & Engineering | some people and astonish the rest.
Americas Customer Engineering, | -- Mark Twain
(905) 415-2849 | [EMAIL PROTECTED]
Re: Fcntl hangs in 2.2.5 on Solaris
Ok, I've been looking at portable locking mechanisms and fcntl. A Smarter Colleague (Mark) pointed out that there are scalability issues with fcntl locks on both Solaris and Linux, but quite different ones. Instead, we've been working with the posix locks, to make them as robust as possible. In particular, I'm using pthread_mutex_lock() in my code at work, to do locking on Linux and Solaris, and have been reasonably happy with it: I'm planning to shift another program over from realtime semaphores to pthread_mutex_locks to make avoiding priority inversions easier. This would be a better mechnaism to use for the "spinlocks" case, removing the sparc-only ldstub calls, and the gcc-only assembler, in favor of a lock that doesn't spin, and does have good behavior under evil stresses. In particular, for anyone who supports EOWNERDEAD, we can put in under #ifdef EOWNERDEAD a call to a guaranteed cleanup routine, (pthread_mutex_consistent_np) which will recover the state, after which it can be straightened out, released or recreated. It also doesn't spin (;-)) So: while it's actually in the workaround code, there is a robust and low-cost lock we can use. I'd like to work with someone who groks the spinlock code to see if we can do this. --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: Another showstopper in 2.2.5
Mike Gerdts wrote: > On the surface, it appears as though a panic action program that does > lock scrubbing would be useful. I'm also discussing a posix add-on than supports returning EWNERDEAD, with one of My Smarter Colleages[tm]... --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: Another showstopper in 2.2.5
Fredrik Ohrn wrote: > OK, I'll try 30 instead of the default 300. But I don't expect it to help, > in this case it seems that it's the smbd process that blows up, not the > client. Ok, I was afraid of that! Blown SMBDs are Bad Things (:-)) --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: Another showstopper in 2.2.5
Fredrik Ohrn wrote: > Look mom! A new smbd process is now serving this user. > > There is no trace what so ever in the logfile on why the smbd died. Hmmn: could you set keepalive = 30, and see if samba cleans up and releases the locks held? I'm almost about to reccomend keepalive = 3600 as a default... It's an option to clean up after clients which exploded, blue-screened or just started to flake. Alas, it tends to hide PC problems by working around them. --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Fcntl hangs in 2.2.5 on Solaris
Adrian LEE wrote:
> we have a ever increasing use of this very
> large central fileserver and we've now reached the threshold
> we're this Solaris vs. Samba problem exposes itself enough to
> make for unhappy customers.
Ok, I have some info and a question about the
workaround.
The application is an ISAM-like one, using
fcntl locks on IBM, VMS and Unix. These
are taken on the whole file at open time
and used to ensure consistency in the index file.
With 50 files open and 2000 users, smbd slows to a crawl.
On IBM, 2300 users are handles easily. Without this
problem, the Sun will handle 6000 users.
Sun has this open as bug number 4700402, and is
discussing stuff that's currently way over my head...
In the meantime, we're trying building an smbd with
spinlocks. Jeremy has cautioned us that This May Be Bad (;-))
So, let me ask some spinlock question:
1) I know that if one process goes down holding a
spinlock, the lock will be non-removable. Will it be
removed if all smbds go down, and specifically if
they go down on a system crash, or are they persistent?
2) if they are persistent (they appear to be part of the tdb
data structure ???) can the system be brought down and then
recover/delete them?
3) will they be cleaned up if a client machine goes
down and the smbd discovers this via a keepalive?
If we can find a workaround with acceptable behavior,
I'll recommend isolating this set of databases on a
single samba, dedicated to that task and using spinlocks.
This is still a workaround, but the production system
is at risk both ways...
--dave
--
David Collier-Brown, | Always do right. This will gratify
Performance & Engineering | some people and astonish the rest.
Americas Customer Engineering, | -- Mark Twain
(905) 415-2849 | [EMAIL PROTECTED]
Re: Netbench results on a linux 4-way system
Andrew Theurer wrote: > One other thing, P4 by default sends all ints to CPU0. This _was_ a > problem for 4 physical/8 logical processors. A single physical > processor is enough to handle all the ints from these network cards at > the throughput we are seeing. However, when you split the physical CPUS > into 2 logical CPUS, (hyperthreading) "1/2" of a CPU is not enough to > support processing all the ints. I used a new irq balancing feature to > spread the ints to multiple processors to avoid this. Cool! Thanks, all the best in getting Linux to fly. --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: Missing files as seen by Explorer on a client (was Need helpon this) **********FIXED******************
Javid Abdul-AJAVID1 wrote: > > I really appreciate all your responses on this. > > I might not have fixed it by looking at samba logs but i noticed there was > directory in user unix directory with wildcard * as folder name Thank you, kind sir! Now, I'll do a quick test on my system to see that is_in_path doesn't return "no name list" ... Alas, it does: the behavior is as follows, doing a smbclient "cd projects" follwoed by "dir" on my projects directory: ... 2002/08/01 13:33:22, 3] smbd/process.c:switch_message(665) switch message SMBchkpth (pid 10931) [2002/08/01 13:33:22, 4] smbd/uid.c:change_to_user(118) change_to_user: Skipping user change - already user [2002/08/01 13:33:22, 5] smbd/filename.c:unix_convert(145) unix_convert called on file "\projects" [2002/08/01 13:33:22, 3] lib/util.c:unix_clean_name(391) unix_clean_name [/projects] [2002/08/01 13:33:22, 5] smbd/mangle.c:is_8_3(337) Checking projects for 8.3 [2002/08/01 13:33:22, 5] smbd/statcache.c:stat_cache_add(132) stat_cache_add: Added entry PROJECTS -> projects [2002/08/01 13:33:22, 5] smbd/filename.c:unix_convert(215) conversion finished projects -> projects [2002/08/01 13:33:22, 8] lib/util.c:is_in_path(1108) is_in_path: projects [2002/08/01 13:33:22, 8] lib/util.c:is_in_path(1113) is_in_path: no name list. There's one, in normal (correct?) processing [2002/08/01 13:33:22, 3] lib/util.c:unix_clean_name(391) unix_clean_name [projects] [2002/08/01 13:33:22, 3] smbd/reply.c:reply_chkpth(1144) chkpth projects mode=11 [2002/08/01 13:33:22, 5] lib/util.c:show_msg(272) size=35 ... [2002/08/01 13:33:24, 3] smbd/process.c:switch_message(665) switch message SMBtrans2 (pid 10931) [2002/08/01 13:33:24, 4] smbd/uid.c:change_to_user(118) change_to_user: Skipping user change - already user [2002/08/01 13:33:24, 3] smbd/trans2.c:call_trans2findfirst(665) call_trans2findfirst: dirtype = 22, maxentries = 512, close_after_first=0, c! [2002/08/01 13:33:24, 5] smbd/trans2.c:call_trans2findfirst(689) path=\projects\* [2002/08/01 13:33:24, 5] smbd/filename.c:unix_convert(145) unix_convert called on file "\projects\*" [2002/08/01 13:33:24, 3] lib/util.c:unix_clean_name(391) unix_clean_name [/projects/*] [2002/08/01 13:33:24, 5] smbd/mangle.c:is_8_3(337) Checking * for 8.3 [2002/08/01 13:33:24, 5] smbd/filename.c:unix_convert(220) unix_convert begin: name = projects/*, dirpath = projects, start = * [2002/08/01 13:33:24, 5] smbd/filename.c:unix_convert(350) New file * [2002/08/01 13:33:24, 8] lib/util.c:is_in_path(1108) is_in_path: projects/* [2002/08/01 13:33:24, 8] lib/util.c:is_in_path(1113) is_in_path: no name list. and there's another. ... [2002/08/01 13:33:31, 5] smbd/mangle.c:name_map_mangle(988) name_map_mangle( jsm.tar.Z, need83 = True, cache83 = True, 14 ) is_in_path: . [2002/08/01 13:33:24, 8] lib/util.c:is_in_path(1113) is_in_path: no name list. [2002/08/01 13:33:24, 8] lib/util.c:is_in_path(1108) is_in_path: .. [2002/08/01 13:33:24, 8] lib/util.c:is_in_path(1113) is_in_path: no name list. [2002/08/01 13:33:24, 8] lib/util.c:is_in_path(1108) is_in_path: CCRA [2002/08/01 13:33:24, 8] lib/util.c:is_in_path(1113) is_in_path: no name list. [2002/08/01 13:33:24, 8] lib/util.c:is_in_path(1108) is_in_path: pry [2002/08/01 13:33:24, 8] lib/util.c:is_in_path(1113) is_in_path: no name list. [2002/08/01 13:33:24, 8] lib/util.c:is_in_path(1108) is_in_path: gifs [2002/08/01 13:33:24, 8] lib/util.c:is_in_path(1113) is_in_path: no name list. [2002/08/01 13:33:24, 8] lib/util.c:is_in_path(1108) is_in_path: people ... This is from a directory containing ... > echo * > CCRA Index Offerings PACP Permedia Plugin RCS SLAMS career dbench deferred done >examples explorer fbasic gifs httpget index.html ktools misc-papers overture people >perf personal pkg pry ptools publications sis visa volunteers website wget xx And is in reference to: > Whoops, I was wrong in the previous message: > it looks like a samba-side problem! > > /*** > Utility function used to decide if the last component > of a path matches a (possibly wildcarded) entry in a namelist. > / > BOOL is_in_path(char *name, name_compare_entry *namelist) > > The functiont looks for name in namelist, and > almost every other list passed in is empty! > > This caused it to return false, and probably > not return the name to Windows. > > This look sorta un-good... Abdul, what version > samb are you running? Folks, has anyone fixed a > bug on this lately? > > --dave > -- >
Missing files as seen by Explorer on a client (was Need help on this)
Abdul Javid {AJAVID1} wrote:
>
> I am trying to find why some files and directories are not visible
> from W2K windows explorers though they exist on unix home directory
> permissions are fine ( 755 )on unix side
>
> following is the portion of log ( level 10 )
>
> [2002/07/31 16:16:05, 8] lib/util.c:is_in_path(1143)
> is_in_path: public_html
> [2002/07/31 16:16:05, 8] lib/util.c:is_in_path(1148)
> is_in_path: no name list.
> [2002/07/31 16:16:05, 8] lib/util.c:is_in_path(1143)
> is_in_path: weekly_report
> [2002/07/31 16:16:05, 8] lib/util.c:is_in_path(1148)
> is_in_path: no name list.
>
> *public_html is not visilbe
>
> [2002/07/31 16:16:05, 8] lib/util.c:is_in_path(1143)
> is_in_path: bin
> [2002/07/31 16:16:05, 8] lib/util.c:is_in_path(1148)
> is_in_path: no name list.
> [2002/07/31 16:16:05, 8] lib/util.c:is_in_path(1143)
> is_in_path: .Xauthority
> [2002/07/31 16:16:05, 8] lib/util.c:is_in_path(1148)
> is_in_path: no name list.
>
> **bin and .Xauthority is visible
>
> my question is how do find errors with opening directories
> to me both looks same
>
> any body can tell me what is_in_path does and what "no name list"
> means
>
Whoops, I was wrong in the previous message:
it looks like a samba-side problem!
/***
Utility function used to decide if the last component
of a path matches a (possibly wildcarded) entry in a namelist.
/
BOOL is_in_path(char *name, name_compare_entry *namelist)
The functiont looks for name in namelist, and
almost every other list passed in is empty!
This caused it to return false, and probably
not return the name to Windows.
This look sorta un-good... Abdul, what version
samb are you running? Folks, has anyone fixed a
bug on this lately?
--dave
--
David Collier-Brown, | Always do right. This will gratify
Performance & Engineering | some people and astonish the rest.
Americas Customer Engineering, | -- Mark Twain
(905) 415-2849 | [EMAIL PROTECTED]
Re: Netbench results on a linux 4-way system
Andrew Theurer wrote: > Hyperthreading. With 2 physical processors, I can get 25% better results!!! > with 4 physical processors, I only get 2% better. I may be running into > other bottlenecks on the 4 physical/8 logical CPU case, so I hope there is > room for improvement. However there are probably a lot more 2-way P4 systems > out there than 4-way, so I bet this could really benefit a lot of people out > there. Hmmn: can you tell if you're hitting a network limitation or if your disks are saturated? It would be cool to know if it's an external or a kernel bottleneck. I'll opine that it's not Samba itself, as a colleague has run many many sambae on a largish Sun multiprocessor (;-)) --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: Netbench results on a linux 4-way system
Andrew Theurer wrote: > Some other things I think may be worth investigating: > gettimeofday(). Samba calls this a lot, one for every reply I think, to check > for connection timeout. This means we go into kernel mode every single time > we call this, something I'd like to avoid. And I also don't think we need > the resolution of gettimeofday for this. How about some sort of timer in > samba with a 1 second granularity? I admit I have not thought about how to > do this, but there's gotta be a way. On Solaris, gettimeofday is a bit heavier-weight than I'd like, so it's my second favorite time-getter. Again, on Solaris I tend to use gethrtime, which I know is really fast (it does a load instruction and returns without actually going all the way into kernel state). In Linux, is gettimeofday this kind of light-weight function, or is there a fully-supported fast fucntion that could yeild a properly comparable value? --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: wierd samba problems - NEED COMMENTS
Javid Abdul-AJAVID1 wrote: > > Hi > Am attaching the log here, i reaaly appreciate your time on this. > > just as an example couple of folder that are not seen by explorer for this > user: > public_html, G15_PSOs > > files: w17_test_status.pdf Ok, the server is returning all of public_html, G15_PSOs and w17_test_status.pdf... this sounds like a client-side problem. I wonder what would make a client or explrre ignore files out of the midddle of the following list: [2002/07/31 10:52:07, 8] lib/util.c:is_in_path(1143) is_in_path: cron.tab [2002/07/31 10:52:07, 8] lib/util.c:is_in_path(1148) is_in_path: no name list. [2002/07/31 10:52:07, 8] lib/util.c:is_in_path(1143) is_in_path: PMO_Test_Reports_Template.xls [2002/07/31 10:52:07, 8] lib/util.c:is_in_path(1148) is_in_path: no name list. [2002/07/31 10:52:07, 8] lib/util.c:is_in_path(1143) is_in_path: w17_test_status.pdf [2002/07/31 10:52:07, 8] lib/util.c:is_in_path(1148) is_in_path: no name list. Team, I note that every other is_in_path is not being passed a name list... is this an issue, or something MS-ish? --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: wierd samba problems - NEED COMMENTS
Javid Abdul-AJAVID1 wrote:
>
> am exhausted for solving this.
> using samba2.0.7 and 2.2.5 in 5000 nis/nis+ and win2k domain environment
> samba member server in domain giving access to nfs home directories
> everything working smooth since last 3 years
> lately couple of users unix home directory are not completely listed when
> seen from windows explorer via samba.
> permission on unix home direcotry are 755 ( i changed to 777 to test ) but
> could not see all the folders and files that exist on unix side
>
> ur coments will appreciated
> thanks in advance
Sure: use smbclient to see if this problem is
with Windows clients or with the Samba server.
If it occurs with smbclient too, it's on the server.
If so, turn logging up to 10 and look for errors:
you may want to offer a log for download. Similarly,
you might need to do a packt capyure when you're
reproducing the problem.
If the problem is on the client, a packet capture
would be good, with timestamps so we can see if something
is taking way too long: pc clients, windows explorer and
huge unix directories can be so slow as to cause timeouts
on the PC end...
--dave
--
David Collier-Brown, | Always do right. This will gratify
Performance & Engineering | some people and astonish the rest.
Americas Customer Engineering, | -- Mark Twain
(905) 415-2849 | [EMAIL PROTECTED]
Re: [Samba] Parameter "hide unwritable"
Alexander Oswald wrote: > But it would be a nice-to-have for me, to implement a (strange) kind > of privacy protection for our users against each other, additional to > avoid overwhelming them with stuff, they can't change anyway (although the > world has read-access via apache). But if you have a brilliant idea for > me, let me know :) A non-brilliant one only: create a vfs which makes this check in the routine which implements readdir. Sounds like just a few lines of code, although you have to work through compiling and installing a vfs (virtual file sysetm). --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: net local functionality
Simo Sorce wrote:
>
> Please if even we pass functionality to net make it so it does not need
> a running samba to work for local management as current utilities do.
Might I restate that as
1) "there should be one way to do the adiminstrative
operations", and
2) "the mechanism should have at least one interface
that can be used without a daemon in operation".
The first enables the second, which ensures that
you can acheive the same end: I'll ignore the
debate about single-command vs seperation of
function (;-))
--dave
--
David Collier-Brown, | Always do right. This will gratify
Performance & Engineering | some people and astonish the rest.
Americas Customer Engineering, | -- Mark Twain
(905) 415-2849 | [EMAIL PROTECTED]
Re: Two diffs to add paramater self-checking
Gerald Carter wrote: > > On Sun, 21 Jul 2002, Andrew Bartlett wrote: > > > To restate: "unix password sync = yes" and "encrypt passwords = no" is > > a valid combination. > > OK. I'll bite. This might for for NT clients, but it won't for win9x > right. Since we have upper cased passwords, there's no way of knowing > what the user intended the password to be (for the old and new passwords). > You could brute force the old password against the local hash in > /etc/passwd but this seems like such a waste. How about wording such as: Warning: NT client machines will be able to update both Unix and Windows passwords, but Windows 95/98/ME machines will not be able to keep the two in sync unless they have the "EnablePlainTextPassword" flag set in their registry. Or does the uppercasing behavior make it even eviler? (;-)) --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: Two diffs to add paramater self-checking
Andrew Bartlett wrote:
>
> David Collier-Brown wrote:
> >
> > These are for param/loadparm.c and utils/testparm.c, respectively,
> > to put in the self-checking that's been languishing...
>
> My comments apply to HEAD, btw - which branch was the patch intended
> for?
I developed it at home, so it was something like
2_2_STABLE. Before submitting, I applied my changes
to 2.2.5 production and send diff -u output from
that.
If this is too different, I can set up CVS from
home for whatever branncg you prefer.
>
> > + /* Security = (server or domain) requires password server to be set. */
> > + if ((Globals.szPasswordServer == NULL || Globals.szPasswordServer[0] == '\0'
> > +)
> > + && (Globals.security == SEC_SERVER || Globals.security ==
> > +SEC_DOMAIN)) {
> > + DEBUG(0,("ERROR: security = server and security = domain "
> > + "both require a password server.\n"));
> > + bRetval = False;
> > + }
>
> No - when security = domain, it will try to find a DC if password server
> is not set.
Thanks, I didn't know that it could do that!
>
> > + /* Password server should be a netbios name. */
> > + if (Globals.szPasswordServer != NULL
> > + && (strchr(Globals.szPasswordServer,'.') != NULL
> > + || strlen(Globals.szPasswordServer) >= 15)) {
> > + DEBUG(0,("ERROR: password server \"%s\" is not a legal "
> > +"NetBIOS name, logons will fail.\n",
> > +Globals.szPasswordServer));
> > + bRetval = False;
> > + }
>
> No, we accept IP addresses too.
Ok, will allow both.
>
> > + /* Check unix password sync prerequisites. */
> > + if (Globals.bUnixPasswdSync) {
> > + if (Globals.security != SEC_USER) {
> > + DEBUG(0,("WARNING: unix password sync = yes requires "
> > + "security = user.\n"));
> > + }
>
> No - we can have local accounts when secuirty=domain, and we should be
> able to sync on those accounts.
Ok, will allow both...
>
> > + if (Globals.bEncryptPasswords == False) {
> > +DEBUG(0,("WARNING: unix password sync = yes requires "
> > + "encrypt passwords = yes.\n"));
> > + }
> > + }
>
> No - if encrypt passwords = no, then without this no password change at
> all is done.
Er, that's what I was warning about...
> > + else if ((buf.st_mode & S_IFDIR) != S_IFDIR) {
> > + DEBUG(0,("ERROR: Path %s in service [%s] isn't a directory.\n",
> > + s->szPath, s->szService));
> > + }
> > + }
>
> Watch out that people use a pile of % macro substituions here - which
> could make this a false alarm...
Yes, it could require being fully expanded before the
check is made. Thanks!
> > + if (s->bBrowseable == False && Globals.bBrowseList == True
> > + && strwicmp(s->szService,HOMES_NAME) != 0) {
> > + DEBUG(0,( "NOTICE: Service [%s] is unbrowsable, but browse "
> > + "lists are being served.\n", s->szService));
> > + }
>
> Isn't this a quite standard setting for the [homes] share?
Yes: it's special-cased above: I was generating
bogis messages on my own system until I did that.
>
> > + if (lp_wins_support() && *lp_wins_server()) {
> > + printf("ERROR: both 'wins support = true' and 'wins server =
>' \
> > +cannot be set in the smb.conf file. nmbd will abort with this setting.\n");
> > + ret = 1;
> > + }
>
> Probably valid, but we might want to consider wins replication here.
> Also, in HEAD tridge allows muliple wins server groups - where this
> would be quite valid.
Good: I do expect that some of these checks will
get taken out as the program becomes more general.
--dave
--
David Collier-Brown, | Always do right. This will gratify
Performance & Engineering | some people and astonish the rest.
Americas Customer Engineering, | -- Mark Twain
(905) 415-2849 | [EMAIL PROTECTED]
Two diffs to add paramater self-checking
These are for param/loadparm.c and utils/testparm.c, respectively,
to put in the self-checking that's been languishing...
After these go in, I'll start tracking smb.conf changes
again, so I can support them, any you can delete
samba-patches 298 (Self-check patches for 2.2.0 alpha 3,
11 Apr 2001)
--dave
--
David Collier-Brown, | Always do right. This will gratify
Performance & Engineering | some people and astonish the rest.
Americas Customer Engineering, | -- Mark Twain
(905) 415-2849 | [EMAIL PROTECTED]
--- loadparm.c 2002/07/11 00:46:17 1.1
+++ loadparm.c 2002/07/11 23:54:35
@@ -557,6 +557,9 @@
static BOOL handle_vfs_object(char *pszParmValue, char **ptr);
static BOOL handle_source_env(char *pszParmValue, char **ptr);
static BOOL handle_netbios_name(char *pszParmValue, char **ptr);
+static BOOL handle_netbios_aliases(char *pszParmValue,char **ptr);
+static BOOL handle_password_server(char *pszParmValue, char **ptr);
+static BOOL validate_netbios_name(char *pszParmValue);
static BOOL handle_winbind_uid(char *pszParmValue, char **ptr);
static BOOL handle_winbind_gid(char *pszParmValue, char **ptr);
static BOOL handle_wins_server_list(char *pszParmValue, char **ptr);
@@ -1813,6 +1816,7 @@
service * pserviceDest);
static void copy_service(service * pserviceDest,
service * pserviceSource, BOOL *pcopymapDest);
+static BOOL globals_ok(void);
static BOOL service_ok(int iService);
static BOOL do_parameter(char *pszParmName, char *pszParmValue);
static BOOL do_section(char *pszSectionName);
@@ -2182,52 +2186,245 @@
}
}
+
+
/***
-Check a service for consistency. Return False if the service is in any way
-incomplete or faulty, else True.
-***/
-static BOOL service_ok(int iService)
-{
- BOOL bRetval;
+Check globals for consistency. Return False if something fatal will happen.
+The messages use ERROR WARNING and NOTICE the same way service_ok does.
+This replaces do_global_checks in utils/testparm.c, and should be called at
+least once, and possibly each time the smb.conf file is reread.
+***/
+static BOOL globals_ok(void)
+{
+ BOOL bRetval = True;
+ SMB_STRUCT_STAT st;
+ char *wins;
+ static BOOL filesChecked = False;
+
+ /* Look for inconstancies in roughly decreasing order of severity, */
+
+ /* Check for both wins server and wins support, make sure server wins. */
+ /* DCB: The data structure changes in 2.0.7, requiring this check. */
+ wins = Globals.szWINSserver;
+ if (Globals.bWINSsupport == True && wins != NULL
+ && ! (wins[0] == '\0' || strwicmp(wins, "127.0.0.1") == 0)) {
+ DEBUG(0,( "ERROR: both wins server = yes and wins support == yes, "
+ "using wins server \"%s\".\n", wins));
+ Globals.bWINSsupport = False;
+ }
+
+ /* Make sure we have a lock directory, but only once. */
+ if (filesChecked == False) {
+ if (!directory_exist(Globals.szLockDir, &st)) {
+ DEBUG(0,("ERROR: lock directory \"%s\" does not exist\n",
+ Globals.szLockDir));
+ bRetval = False;
+ }
+ else if ((st.st_mode & 0777) != 0755) {
+ DEBUG(0,("WARNING: lock directory \"%s\" should have "
+ "permissions 0755 for browsing and locks to work\n",
+ Globals.szLockDir));
+ }
+ filesChecked = True;
+ }
+
+ /* Security = (server or domain) requires password server to be set. */
+ if ((Globals.szPasswordServer == NULL || Globals.szPasswordServer[0] == '\0'
+)
+ && (Globals.security == SEC_SERVER || Globals.security ==
+SEC_DOMAIN)) {
+ DEBUG(0,("ERROR: security = server and security = domain "
+ "both require a password server.\n"));
+ bRetval = False;
+ }
+
+ /* Password server should be a netbios name. */
+ if (Globals.szPasswordServer != NULL
+ && (strchr(Globals.szPasswordServer,'.') != NULL
+ || strlen(Globals.szPasswordServer) >= 15)) {
+ DEBUG(0,("ERROR: password server \"%s\" is not a legal "
+"NetBIOS name, logons will fail.\n",
+Globals.szPasswordServer));
+ bRetval = False;
+ }
+
+ /* Check unix password sync prerequisites. */
+ if (Globals.bUnixPasswdSync) {
+ if (Globals.security != SEC_USER) {
+ DEBUG(0,("WARNING: unix password sync = yes requires "
+ "security = user.\n"));
+ }
+ if (Globals.bEncryptPasswords == False) {
+DEBUG(0,("WARNING: unix password sync = y
Re: ERROR: in 'security=domain' mode the 'encrypt passwords' parameter must also be set to 'true'
Steve Langasek wrote: > Playing with my smb.conf on a new server (2.2.5), I noticed that the > 'security=domain' and 'encrypt passwords=yes' parameters are somewhat > redundant. I owe the team a set of self-check code for options that can contradict each other... I just finished some book stuff last week, so maybe Real Soon Now (;-)) --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: [Samba] RE: FW: samba woes
And I'm strongly biased in favor of ldap... (I just wish I had some spare time to work on previous comittments...) --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: Draft of branch maintainence and release plans....
On Wed, 3 Jul 2002, Andrew Bartlett wrote:
>
> > > * Full Windows NT 4.0 PDC support
> > > - Trust relationships
> > > - SAM replication
> >
[And someone said]
> > I don't see this being in 3.0. Maybe a later release, but there is more
> > work 'todo' in this area that you might expect. Natrually, Samba->Samba
> > replication will be fully supported.
Gerald Carter wrote:
> This is where you and i disagree on what's important. I'm not
> saying you have to do it, but I do have a problem of keep us
> as developers promising something and never delivering.
> **If** we can deliver this, then we have a smooth road for migrating
> from NT 4.0 PDC's to Samba DC's. This may also buy us time
> in the requests for a Samba Win2K compatible DC.
Am I misunderstanding, or was Andrew suggesting
that PDC improvement should be put on hold while
the team works on AD functionality?
I'm of the opinion that a good, workmanlike
kerberos implementation able to work with AD
is the most desirable single item for 3.0, and
that there is a community of folks, like myself,
that would like to jump from a security=user,
unix-centric configuration straight to a security=kerberos
unix-centric configuration (;-))
--dave
--
David Collier-Brown, | Always do right. This will gratify
Performance & Engineering | some people and astonish the rest.
Americas Customer Engineering, | -- Mark Twain
(905) 415-2849 | [EMAIL PROTECTED]
Re: [Samba] RE: FW: samba woes
Steve Langasek wrote: > Top of the thread: > http://marc.theaimsgroup.com/?l=samba-technical&m=101683637902994&w=2 > > It'd be great to see smbsh come back to Linux for 3.0. I can send a working interceptor example to steal ideas from, on request... It's unencumbered, but it's at home! I just did another one the other day using near-identcal code and it works on both Samba and Solaris. --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: smbsh/smbwrapper/winbind linux help
"Stieglitz, Eric J. (DCSA)" wrote:
> Thanks for your offer of assistance.
> Basically, smbsh fails with error EINVAL after it tries to exec
> my shell using the shared library functions in smbwrapper.so. The
> details to this can be found in a previous message here:
>
> http://lists.samba.org/pipermail/samba-technical/2002-June/037344.html
> > http://lists.samba.org/pipermail/samba-technical/2002-June/037683.html
Two-part discussion: fcntl64 and library linking.
Let's do fcntl first.
>
> I've also noticed that the file include/includes.h may define all
> instances of "fcntl" as "fcntl64". Despite this, an strace while running
> smbsh shows that sometimes fcntl is executed as "fcntl" and othertimes
> it executes as "fcntl64". Neither of us are experienced systems programmers,
> so we're not sure if this is normal behavior or not. The defines in the
> include file are:
>
> #ifdef GLIBC_HACK_FCNTL64
> /* this is a gross hack. 64 bit locking is completely screwed up on
>i386 Linux in glibc 2.1.95 (which ships with RedHat 7.0). This hack
>"fixes" the problem with the current 2.4.0test kernels
> */
> #define fcntl fcntl64
> #undef F_SETLKW
> #undef F_SETLK
> #define F_SETLK 13
> #define F_SETLKW 14
> #endif
That's a likely culprit: if you have both fcntl; and fcntl64
showing up in strace, you may need to check this is turned
on in each of the smbwrapper files.
>
> According to Redhat,
>
> " It's the back door symbols _open, _read, _write which allows smbsh to wrap around
>the normal file calls, possibly redirect them to smb, and then call the actual C
>library function using the
> underscore functions.
> The GNU C library maintainers have decided to remove support for these symbols in
>glibc 2.1and forward."
This is a different issue: it should not affect
you unless you call dlsym on them, which is not
how smbwrapper works.
>
> At this point, we're basically trying to figure out whether or not it's actually
> possible to get smbsh to work reliably on Linux the same way it does on Solaris.
> Chris and I have pretty much hit the limits of what we know how to do and debug
> on this (in fact, I can say that I've certainly learned more about the internals
> of samba while trying to read the code :-) and would appreciate any assistance
> from somebody more knowledgable about smbsh and the OS.
Lets see if we can get fcntl64 to show up
everywhere in smbsh's strace,
then look at the code in lockit to see
why the operations on fd 8191 fail...
it is open at that point, isn't it???
--dave
>
> /EJS
>
> -Original Message-
> From: David Collier-Brown [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 26, 2002 9:43 AM
> To: Johnston, Christopher (DCSA)
> Cc: '[EMAIL PROTECTED]'
> Subject: Re: smbsh/smbwrapper/winbind linux help
>
> > "Johnston, Christopher (DCSA)" wrote:
> > Was curious.. does smbsh work in Linux.. I am having all sort of
> > compilation issues with file locking.. I understand there was a bug in
> > glibc 2.1 which caused havok with 64 bit locking.. I assume that has
> > been fixed by now since I am running the latest and greatest glibc..
> >
> > Redhat 7.3
> > Glibc 2.2.5
> > Samba 2.2.5
>
> It did run once, but subsequently had problems
> with the glibc folks: at one point they actually
> seemed to think smbsh was a bad idea (;-))
>
> In principle, there is nothing in Linux that
> should stop smbsh: I use exactly the same calls
> in my Linux as my Solaris interceptors[1].
> And I'd love to see smbsh universally available[2]!
>
> What's the symptoms? How can we help?
>
> --dave
> [1. I'm a former member of the ABI team at Sun, write lots
>of interceptors, and have given Linux talks on the
>technology
> 2. I think HP may have had a related problem, but I haven't
> looked lately: anyone tried it???]
> --
> David Collier-Brown, | Always do right. This will gratify
> Performance & Engineering | some people and astonish the rest.
> Americas Customer Engineering, | -- Mark Twain
> (905) 415-2849 | [EMAIL PROTECTED]
--
David Collier-Brown, | Always do right. This will gratify
Performance & Engineering | some people and astonish the rest.
Americas Customer Engineering, | -- Mark Twain
(905) 415-2849 | [EMAIL PROTECTED]
Re: smbsh/smbwrapper/winbind linux help
> "Johnston, Christopher (DCSA)" wrote:
> Was curious.. does smbsh work in Linux.. I am having all sort of
> compilation issues with file locking.. I understand there was a bug
> in glibc 2.1 which caused havok with 64 bit locking.. I assume that
> has been fixed by now since I am running the latest and greatest
> glibc..
>
> Redhat 7.3
> Glibc 2.2.5
> Samba 2.2.5
It did run once, but subsequently had problems
with the glibc folks: at one point they actually
seemed to think smbsh was a bad idea (;-))
In principle, there is nothing in Linux that
should stop smbsh: I use exactly the same calls
in my Linux as my Solaris interceptors[1].
And I'd love to see smbsh universally available[2]!
What's the symptoms? How can we help?
--dave
[1. I'm a former member of the ABI team at Sun, write lots
of interceptors, and have given Linux talks on the
technology
2. I think HP may have had a related problem, but I haven't
looked lately: anyone tried it???]
--
David Collier-Brown, | Always do right. This will gratify
Performance & Engineering | some people and astonish the rest.
Americas Customer Engineering, | -- Mark Twain
(905) 415-2849 | [EMAIL PROTECTED]
Rant re mutation [Was libsmbclient functionality addition]
Richard Sharpe wrote: > The problem I have here is that we do not seem to have asked our user base > what they want. > > I can appreciate the need for changes, as I need them myself, but > maintaining backward compatibility may be something that is important, > given that libsmbclient is being shipped with a number of Linux distros > now. [Time for my standard Multics rant again, suitably bowdlerized...] I recommend shipping a "filter" library implementing the existing libsmbclient calls without the handles, but implemented in terms of calls to the new ones, with a hidden handle. Call this libsmbclient.so.1, and the one with the new calls libsmbclient.so.2 Ensure both are built and installed by default, and warn people that .so.1 will be dropped from maintenance after .2 stabilizes. Anyone needing backwards compatibility will get it, but will also get to accept the cost of maintaining the filter library themselves. --dave [On Multics, if you changed an interface, you had to change the version number and write functions to update and downdate from the immediately previous versions. They used this to change stuff on the fly, without buggering up users or rebooting] -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: Netbench and Samba 2.2.1a
On Thu, 13 Jun 2002, Don DeVitt wrote:
> > My problem was caused by the fact that NT mapped drives are not
> > accessible in exactly the same way by an application launched by
> > a Remote Shell Daemon as they are from applications that
> > are launched by the user from the desktop. The authentication is
> > some how different enough to make the drive inaccessible without
> > using the "security = share" smb.conf file setting.
Cool: thanks Don!
--dave
--
David Collier-Brown, | Always do right. This will gratify
Performance & Engineering | some people and astonish the rest.
Americas Customer Engineering, | -- Mark Twain
(905) 415-2849 | [EMAIL PROTECTED]
Netbench and Samba 2.2.1a
A colleague who runs a benchmarking group noticed something bizarre lately: while working with Netbench 7.0.2 running against Samba version 2.2.1a on RH Linux 7.2 on a 2xPIII 1400Ghz machine... | I can "net use f: \\lab39\files1" OK to the Samba shares. I | can use WordPad to read and write files into the directory on | the Samba share. I just can't get Netbench to initialize and | use the share. It errors out saying "SetCurrentDirectory to | f:/alters. Failed" The workaround is to use security = share, rather than domain, but the implication is that something is incompatible in 2.2.x with Netbench. As this is a popular benchmark (however flawed), it may come back to bite us! Has anyone on the team a netbench setup they can try, to see if this is reproducible with the newest Samba? --dave c-b -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: VFS Programming Docs.
Rainer Link wrote:
>
> "Jason C. Leach" schrieb:
> >
> > hi,
> >
> > I'm in need of some VFS programming dos. I'd like to program a VFS modules that
>will
> > retrieve an archive (tar.gz) and decompres it when somone tries to access a
>specific file type. Or something similar. Once I see how complicated, I'll decide.
>
> The only documentation I'm aware of is
> http://www.geocities.com/orville_torpid/papers/vfs_tutorial.html
>
> But it's somewhat out-of-date IIRC. Just do a RTFS :) in examples/VFS of
> the Samba sources.
This paper needs updating, but it is an ok overview:
use me for a resource, and I'll update it.
--dave (orville's a nickname) c-b
--
David Collier-Brown, | Always do right. This will gratify
Performance & Engineering | some people and astonish the rest.
Americas Customer Engineering, | -- Mark Twain
(905) 415-2849 | [EMAIL PROTECTED]
Who's working with Mac OS X?
I noticed very little about it on the list, except as a sidebar to the GPL: is anyone on the team working on Apple's OS X? I want to discuss it breifly for documentation purposes... --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: Sun finally ships Samba as standard on Solaris 9
Jeremy Allison wrote: > So I guess that means we made it onto the OS CD (finally :-) :-). > Dave CB - want to comment ? My thanks go out to the unsung team who built the software companion CDs, and walked the long road to the standard distribution, fame and fortune (;-)) --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: SMB Keep-alive.
"Christopher R. Hertel" wrote:
> Samba sends NBTSS Keep-Alive's every 6 minutes. Last night, just to
> test things out, I mapped a share between two Windows boxes. The server
> is a W/95 box, and the client is running W/98. Unless my sister-in-law
> rebooted the W/98 box (possible) it seems that W/95 does *not* send the
> keep-alives. I need to check the setup to be sure, but
> I caught no packets in the capture.
Thta's my understanding as well: NT 3.5 servers
apparently did, as they cleaned up from
a roomfull of lost clients during
power-flicker day (:-))
--dave
--
David Collier-Brown, | Always do right. This will gratify
Performance & Engineering | some people and astonish the rest.
Americas Customer Engineering, | -- Mark Twain
(905) 415-2849 | [EMAIL PROTECTED]
Re: SMB Keep-alive.
"Christopher R. Hertel" wrote: > > I have not seen SMB Keep-Alive used except in a few odd instances in > which it is used to trick Windows into behaving properly. > > Does anyone know if SMB Keep-Alive is actually used in practice? Samba optionally sends it to see if the client has crashed, and can clean up if so. --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: Bug found in smbclient
Jay Ts wrote: > Just in case I'm the first to have noticed this: > > $ smbclient //server/share -c "ls" -Tc > added interface ip=172.16.1.3 bcast=172.16.1.255 nmask=255.255.255.0 > Segmentation fault > > This happened when out of curiosity, I wondered if > it was possible to execute some smbclient commands, > such as a cd to a subdirectory, before running the > -Tc tar backup of it. > > The "server" and "share" strings in the above command > can be anything, and the command with -c can also be > a "cd dir" command. Just a plain "cd" with no arguments > resulted in odd behavior (the cd command ran, then > smbclient hung, without doing a tar backup). I haven't > tried any other smbclient commands with -c. I just tried it with a Solaris system, and got exactly the same result. truss -f -v uname said: 3267: so_socket(2, 1, 0, "", 1) = 3 3267: ioctl(3, 0xC0086914, 0xFFBED478)= 0 3267: ioctl(3, 0xC020690D, 0xFFBEB498)= 0 3267: ioctl(3, 0xC0206911, 0xFFBEB498)= 0 3267: ioctl(3, 0xC0206919, 0xFFBEB498)= 0 3267: ioctl(3, 0xC020690D, 0xFFBEB478)= 0 3267: ioctl(3, 0xC0206911, 0xFFBEB478)= 0 3267: ioctl(3, 0xC0206919, 0xFFBEB478)= 0 3267: close(3)= 0 3267: write(1, " a d d e d i n t e r f".., 72) = 72 3267: umask(0)= 02 3267: umask(02) = 0 3267: uname(0xFFBED908) = 1 3267: sys=SunOS nod=elsbeth rel=5.8 ver=Generic_108528-09 mch=sun4u 3267: Incurred fault #6, FLTBOUNDS %pc = 0x000393DC 3267: siginfo: SIGSEGV SEGV_MAPERR addr=0x0D60 3267: Received signal #11, SIGSEGV [default] 3267: siginfo: SIGSEGV SEGV_MAPERR addr=0x0D60 3267: *** process killed *** --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: FCNTL on Solaris
David Collier-Brown wrote:
> tdb_trylock(), which does an fcntl(tdb->fd,F_SETLK, &fl)
Make that:
tdb_trylock(stuff...) {
if (fcntl(tdb->fd,F_SETLK, &fl) == -1) {
/* The lock is in use */
return ITS_LOCKED_ALREADY_GO_AWAY;
}
else {
return OK_WE_HAVE_THE_LOCK;
}
}
I'm making logic errors all over the place: could
someone check that's a valid trylock algorithm
using fcntl?
--dave
--
David Collier-Brown, | Always do right. This will gratify
Performance & Engineering | some people and astonish the rest.
Americas Customer Engineering, | -- Mark Twain
(905) 415-2849 | [EMAIL PROTECTED]
Re: FCNTL on Solaris
Jeremy Allison wrote:
> E. I don't understand this email. What "case 3"
> are you talking about here ?
Sorry, not enough coffie (;-))
I actually was referring to case three in the
development of a lock-free check, which I had
just whiteboarded and found **horrible**.
Pretend I didn't even suggest it!
> > I haven't looked at the code, but if it uses F_SETLKW
> > you might want to do a trylock first, implemented via
> > F_GETLK or F_SETLK, as this would allow subsequent
> > processes to continue, knowing that someone's fixing
> > the tdb, and that they can access it later using the
> > normal locking regime.
In tdb/tdb.c, at line 1459 in tdb_open_ex, the code
says
/* ensure there is only one process initialising at once */
if (tdb_brlock(tdb, GLOBAL_LOCK, F_WRLCK, F_SETLKW, 0) == -1) {
TDB_LOG((tdb, 0, "tdb_open_ex: failed to get global
lock on %s: %s\n",
name, strerror(errno)));
goto fail; /* errno set by tdb_brlock */
This is an example of safe serialization code, the kind
of thing that may be in use in this particular case
(I'm don't think this is the one: it just looks similar)
I'm of the opinion that the right code for this type
of test (not necessarily this exact one!) would be a
tdb_trylock(), which does an fcntl(tdb->fd,F_SETLK, &fl)
the way tdb_brlock does, but then checks the lock type
which will be set to F_UNLCK if the lock is, at that moment,
unlocked. If unlocked, it would try to take a lock,
as quick as possible to keep the contention window small,
and if not it would return "it's locked".
If it returned "it's locked", then there would be no need
to do the iteration, as someone else would have been
in the data structure, and it wouldn't necessarily need
cleaning up. This is the case that would allow you to
complete in bounded time.
If it returned "it was unlocked, here's the lock" you'd know
it is ok to do the iteration to clean up, but not if
someone had just done it already for you. And you'd have to take
a lock, and possibly block until another process finished,
as there is a window of opportunity for two processes to
wait for the lock.
Not optimal, but provably bounded in most cases, bounded
some large and fixed percentage of time in all other cases.
A true fcntl trylock would be demonstrably optimal.
--dave
--
David Collier-Brown, | Always do right. This will gratify
Performance & Engineering | some people and astonish the rest.
Americas Customer Engineering, | -- Mark Twain
(905) 415-2849 | [EMAIL PROTECTED]
Re: FCNTL on Solaris
David Collier-Brown wrote: > I haven't looked at the code, but if it uses F_SETLKW > you might want to do a trylock first, implemented via > F_GETLK or F_SETLK, as this would allow subsequent > processes to continue, knowing that someone's fixing > the tdb, and that they can access it later using the > normal locking regime. A disclaimer: that isn't the way to do case 3, it's the way to NOT do case three and be able to execute in bounded time, instead. I reccomend it over case 3 **rather strongly**, as 3 goes nonlinear, and can be proved to fail (I just drew the dfa and it was evil!!!) The stock approach is also nonlinear, with a higher overhead, so I guess it's doubly evil. That other OSs don't bottleneck on it says good things about their kernel programmers. --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: Samba 2.2.3a on Solaris 8
David Lee wrote: > In other words, perverse though it may at first seem, might Solaris sites > be seeing this problem because Solaris is a _good_ OS, capable of being > pushed to such limits? (Have other OSes stumbled on the lower slopes of > the load mountain?) Formally, this is a bottleneck problem, caused by the slow parts of the system not being up to the standards of the rest. Depending on hat worn, you can make it a compliment (most of the system is fast) or and insult (part of the system is slow). I'll leave that to the interested paries As an engineer, I'd prefer it not happen at all if I can't fix it, and for it to be a Sun bug if I can. My initial thought is it's partially die to a locking bottleneck and partly due to the algorithm using the lock being unbounded-time. --dave For RTTL background, see http://www.cs.yorku.ca/~jonathan/publications.htm and Ostroff, J.S. "Temporal Logic for Real-Time Systems". -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: FCNTL on Solaris
> Tridge found the (already noted) related bug on our system and conceded it > was a design flaw. Apparently each new smbd process that starts, does a > quick traversal of the tdb databases to clean out any stale entries, and on > Solaris, these are taking too long. I've found a bunch of fixed bugs on fcntl performance, implying it's been even slower in the past (:-)) >Ok - discussed this with Andrew last night. It seems that this is only >a problem on Solaris. Solaris seems to have *serious* issues with fcntl >locks with multiple processes contending for locks. No other system we >run on seems to have this problem (they have their own problems :-). At the expense of not addressing the Sun side of the problem, might I suggest that validation operations shouldn't lock? Throwing my mind into a past life with safety-critical real-time, I opine that the check without locks will 1) succeed in bounded time dependent on the number of structures traversed & checked 2) fail because the structures are invalid (in this case stale) in bounded time, at which point one chooses to take a lock and remove them. 3) fail in bounded time because the structures were changed by a program using locking, and the non-locked program is seeing changing data. In this case we elect to try to take a lock, fail because it's already held, wait interminably for it to complete, get the lock, and a) find it's done and exit b) find it still needs to be done and do it. The third is interesting because the other threads or processes are delaying us some amount before we get to do any work. This, you might imagine, is a problem when you try to demonstrate correctness within lime limits (;-)) I haven't looked at the code, but if it uses F_SETLKW you might want to do a trylock first, implemented via F_GETLK or F_SETLK, as this would allow subsequent processes to continue, knowing that someone's fixing the tdb, and that they can access it later using the normal locking regime. > > > >Dave CB - can you investigate this within Sun please. This is a *critical* > >part of Samba, we may have to look into a solaris-specific workaround and > >this would be bad. Bad is an understatement... --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: Very bad performance when copying large files from windows to samba-share
"Christopher R. Hertel" wrote: e 'rabbit pellet' transfer we dug into a while back? > If so, using security=server should also be avoided to avoid the > problem. > > The problem in this case (for the rest of our viewers) is that Windows > Explorer (the GUI) detects subtle timing delays and will slow itself > down. It sends the file using small packets, sends a flush after each > packet, and requires an ACK after each write and each flush. Just out of curiosity, what did security=server contribute: added latency in some obscure part of the process??? --dave (scratching head) c-b -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: [광고입니다.]이메일 홍보데이터
Hmmn, methinks we need a better spam filter... --dave
