Re: Users able to execute windows .exe though execute bit not set
On Tue, 1 Apr 2003, Ronan Waide wrote: On April 1, [EMAIL PROTECTED] said: I'm looking for some assistance regarding file permissions and the inability to stop the execution of a file even though the execute permission has not been set. Execute bits are a Unix concept. Windows will execute any file it can read that it understands the extension of and has a handler for. Hmmm, I did some testing a week or so ago, and found that removing the execute permission from ACLs on the file (esp inherited ones) prevents Win2K from executing the file, although it does open the file for read first. Since we have just added proper eXecute permission support to our (almost) NT ACLs in the file system, let me check this today to see what the deal is. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Users able to execute windows .exe though execute bit not set
On Tue, 1 Apr 2003, Jim McDonough wrote: Hmmm, I did some testing a week or so ago, and found that removing the execute permission from ACLs on the file (esp inherited ones) prevents Win2K from executing the file, although it does open the file for read first. Doesn't happen for me. It lets me execute a file for which I only have read access... Right, but I was testing Win2K against NT. I know that we will fail this test, as discussed on IRC because the POSIX open call does not allow you to specify O_EXEC ... so I will need to do other checks here. However, since our NFS code needs to check for X access, I can probably piggy back on this with an IOCTL. UGLY. We should probably have a torture test for this. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: use sendfile problems with Windows 95
On Thu, 27 Mar 2003, Pierre Belanger wrote: Hi, I turned on use sendfile, not too long after (on the next logon) someone called me. His Windows 95 was having trouble opening files on the server. He can explore the shared volume but when trying to open a file, his computer hangs and needs to reboot. I've been using sendfile myself with Samba under Solaris 8 with NT 2000 XP since a long time with no trouble at all. I tested with another Windows 95 box -- same problem. Even after ~ 5 min. the box is still hanged. I'm wondering if Windows 98/ME are also affected by this? I don't have access to Windows ME boxes but I might find a Windows 98 box... I'll post when I am able to test. I generated a level 10 log file, it's 155KB (gzip -9). Someone wants to look at it? (I did not want to post this hughe file here). Can you get us a sniff? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: generating core dumps in winbindd and smbd
On Fri, 28 Mar 2003, Tim Potter wrote: I was poking around in the segv signal handling code today as I'm in a situation where an actual core dump would be handy to have. The intent of the current code looks like core dumps are to be made in $LOGDIR/corefiles but the dump_core() function is never executed as the argument to fault_setup() is never used. Do we want to keep the existing behaviour or shall I fix it to do what was intended? I would say do what was intended. I often need core files :-( Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Error joining Samba domain with Windows 2000 Pro
On Wed, 26 Mar 2003, John Brown wrote: I am getting the following message when I try to add my Windows 2000 Pro SP3 machine to the Samba domain. The following error occurred validating the name x This condition may be caused by a DNS lookup problem... The specified domain either does not exist or could not be contacted. I can see and access the server from the workgroup. I have seen this when nmbd is not running. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Support for Multiple Data Streams?
On Thu, 20 Mar 2003, Ken Cross wrote: Samba-folk: Samba apparently does not support Alternate Data Streams/Multiple Data Streams. ADS/MDS are the hidden files associated with the Summary tab on a 2K/XP/.Net version of Windows. A file on a SAMBA_3_0 server does not even display the Summary tab on the Properties page. Hmmm, are you sure of this? Alternate Data Streams are named $DATA attributes of a file in NTFS, and if I create one such thing via: echo Some Data somefile.txt:ADS That works and I can look at the data with type, but the Summary tab of the properties dialog box for the file does not show me that attribute? It should be noted that normal file data is associated with the unnamed $DATA attribute. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Support for Multiple Data Streams?
On Thu, 20 Mar 2003, Ken Cross wrote: Samba-folk: Samba apparently does not support Alternate Data Streams/Multiple Data Streams. ADS/MDS are the hidden files associated with the Summary tab on a 2K/XP/.Net version of Windows. A file on a SAMBA_3_0 server does not even display the Summary tab on the Properties page. So, why are you seeing a need to support these? :-) Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Support for Multiple Data Streams?
On Thu, 20 Mar 2003, Christopher R. Hertel wrote: Ken, How would you store that information on a Unix filesystem? How do you prevent users or other services from messing things up? There are solutions, but it's a much bigger problem than it seems on the surface. There are some interesting issues here. Alternate Data Streams can be accessed via CIFS, but there is no special support built into the protocol. They are simply accessed syntactically. An ADS has a name like file-name:ADS-name, and NTFS maps that to the named $DATA attribute called ADS-name. Other implementations are free to do it any way they want. Since UNIX allows : in names, the files will appear with funny names, but searches will be screwed up. The bigger issue is how to back up the file and all its attributes, and as far as I can see, Windows NT4/5/... requires that you use BackupRead and BackupWrite where you can get access to all the attributes of a file as byte streams. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Some more info on permissions and opening files ...
Hi, I have done some further analysis of what permissions are needed to access files under Windows. Yesterday I was under the mistaken impression that to open a file for writing you need FILE_WRITE_DATA, FILE_WRITE_ATTRIBUTES, and FILE_WRITE_EA. However, this is only if you are using the POSIX open call. If you use the Win32 CreateFile and WriteFile calls, you can open a file for writing and write to it with just FILE_WRITE_DATA, even over CIFS. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Support for Multiple Data Streams?
On Fri, 21 Mar 2003, Tim Potter wrote: On Thu, Mar 20, 2003 at 03:46:59PM -0500, Ken Cross wrote: Yes, to support it properly, the underlying filesystem should include all streams when you cp/mv/rm/... And a portable backup/restore could be interesting! However, I'm having trouble getting Samba to return goofy names like filename:ADS. It keeps mangling them (even with mangling disabled). What's wrong with extended attributes? They satisfy the portability requirements (modulo some autoconf stuff that is probably required to create a uniform system call interface) and are backed up and restored by dump. Right, XATTRs would be one way to do it on Linux. Of course, Samba needs some mods, and Tridge was looking at putting that into his NTVFS layer (where it belongs). Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: very interesting!
On Fri, 21 Mar 2003, Martin Pool wrote: I just noticed this in the libc manual. http://www.gnu.org/manual/glibc-2.2.5/html_node/Backtraces.html It could be pretty cool to have this built in to smb_panic(). But is it portable? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: libsmbclient again :|
On Fri, 21 Mar 2003, dzvine wrote: Hello samba-technical, i wrote a simple app using this lib and noticed huge memory leaks. My code is just simple sequence like: smbc_init() while() { smbc_opendir() ; smbc_getdents() ; smbc_closedir(); } but library leaks a lot of memory, i noticed the hugest leaks are because of ?? uninitialized ?? client/server connections? also 12-20 bytes leaks in pstrings ? after scanning a network of about 200 computers it eats up to 30-40MB of ram( depending on file/share amount) closedir should be freeing the resources, but looks like it is not. I can try to look at it over the weekend. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: rd /s, can't find the file specified (internal reference b1996)
On Wed, 19 Mar 2003, Nir Soffer wrote: I can't reproduce this at all on a recent (CVS) build of SAMBA_3_0. Can you give me more details on *exactly* how you reproduce it please ? What I did was simply do, on the unix side: mkdir b1996 cd b1996 touch nirtest123456 touch nirtest12345 and on the W2K side use a command line prompt, map the drive using net use, and try to rd /s b1996 OK, that explains the insistence on using short names. Did you use command or cmd? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: rd /s, can't find the file specified (internal reference b1996)
On Wed, 19 Mar 2003, Nir Soffer wrote: On Wed, 19 Mar 2003, Nir Soffer wrote: I can't reproduce this at all on a recent (CVS) build of SAMBA_3_0. Can you give me more details on *exactly* how you reproduce it please ? What I did was simply do, on the unix side: mkdir b1996 cd b1996 touch nirtest123456 touch nirtest12345 and on the W2K side use a command line prompt, map the drive using net use, and try to rd /s b1996 OK, that explains the insistence on using short names. Did you use command or cmd? I used cmd. I specified I was using the command line on the beginning, and that everything worked perfectly alright from the explorer and the GUIs. Right, but there is command and cmd, and cmd uses 8.3 names, and it looks like the good trace was taken with a client that only understands short names. I also thought that the rd /s in the subject was a big hint ;) Is it reproducable on your end too, or is something in my configuration screwy? I have not tried it yet, and I am predominantly using a 2.2.x base, but will try soonish ... Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: rd /s, can't find the file specified (internal reference b1996)
On Wed, 19 Mar 2003, Nir Soffer wrote: On Wed, 19 Mar 2003, Nir Soffer wrote: I can't reproduce this at all on a recent (CVS) build of SAMBA_3_0. Can you give me more details on *exactly* how you reproduce it please ? What I did was simply do, on the unix side: mkdir b1996 cd b1996 touch nirtest123456 touch nirtest12345 and on the W2K side use a command line prompt, map the drive using net use, and try to rd /s b1996 OK, that explains the insistence on using short names. Did you use command or cmd? Okay. I was being stupid. Very very stupid, and I apologize. Turns out mangled filenames was disabled. But is this the expected error when manged filenames are disabled? I would hope not. I think that if mangled file names are disabled, we should perhaps return nothing in the short name field in a FindFirst/FindNext ... However, I don't know what clients will do. I have been planning to try it, but have not had a chance. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: samba: group sid user sid
On Wed, 19 Mar 2003, David Gaston wrote: Mr. Sharpe, That's Richard to most folks ... Our university computer science department systems groups has recently used samba-3.0alpha22 to aid in merging our unix windows NT environments. Older accounts created before the merge grab the old sid when being logged into. We've downloaded your profiles program, and I had a question about it's usage. On the first page of http://www.richardsharpe.com/samba-stuff.html, you mention: You might be able to do the following to fix the SIDs: profiles -c S-1-5-21-x-y-z-oldrid -n S-1-5-21-a-b-c-newrid /path/to/profile You will have to do that twice, once for the owner SID and once for the group SID. Why is it necessary to change both of these? Because if you don't, the group SID on the entries in the profile will all have the wrong DOMAIN portion of their SID. However, this just might not be an issue. With a user having an owner SID of 1-5-32-544, the correct syntax to change this would be: profiles -c S-1-5-32-544-x-y-z-oldrid -n S-1-5-32-544-a-b-c-newrid \ /path/to/profile Hmmm, I am not familiar with that S-1-5-32-544. That seems like a well-known SID. Ahhh, I see, S-1-5-32 is for the Built-in domain, and 544 looks like the Domain Admins built-in group RID (0x220). So, in that case, you don't need to change that SID, I believe, and the syntax above is wrong, also. It would be: profiles -c S-1-5-32-544 -n S-1-5-21-x-y-z-somerid If you wanted to change the Domain Admins group to some specific person, but I don't think you really want to do that. If you list the ACLs on the entries in the profiles, you should seem more SIDs that the one above. You should see SIDs like S-1-5-21-x-y-z-RID, and those are the ones you want to change. To find the RID of an existing user, try wbinfo, as it has flags that allow you to translate a name into a SID. I guess I will have to update my page to help people further. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: What to do when Windows client asks you to set permissions thatyou can't?
On Wed, 19 Mar 2003, Christopher R. Hertel wrote: On Wed, Mar 19, 2003 at 01:59:52PM -0800, Richard Sharpe wrote: Hi, A question I have relating to ACLs is the following: What should you do (In Samba etc) if you get an ACE in an ACL where the ACE contains permission bits that you do not implement? You could: 1. Deny the request, leaving the user not knowing which bits were good and which not. 2. Ignore the bits you don't process, leaving the user in a state of confusion about which bits you support and which you don't. That is, leaving them not trusting the file system. Are there any other choices (assuming that implementing all the NT bits is out of the question). We have the same problem with DOS Attributes vs. Unix Attributes. They don't map very well. The best you can do is try to find a way to approximate (your best guess) of the user's intention. Right, which means that you have to document these things properly. Now, let's say that you do do some level of NT ACL, should you try to do all the permission bits. Here, you no longer have the excuse that the underlying ACLs are POSIX ACLs and that is the best you can do. Now, you implement lots more of the NT ACLs semantics, say ALLOW and DENY, along with a number of the bits (READ_DATA, WRITE_DATA, WRITE_OWNER, WRITE_ACL, APPEND_DATA), won't the user get even more confused, because you have given them something that is close to NT ACLs, but not quite? Of couse, the question is, is the distinction between WRITE_DATA, WRITE_ATTRIBUTES, and WRITE_EXTENDED_ATTRIBUTES useful? All my testing under Win2K seems to indicate that you need all three of them just to write to a file, at least in some circumstances. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
What permissions do you need to read a fike on Win2K?
Hi, After doing some testing of Win2K permission bits, I find that you need READ_DATA and READ_EXTENDED_ATTRIBUTES to be able to read a file under Win2K. Can anyone confirm that? Similarly, you need WRITE_DATA, WRITE_ATTRIBUTES and WRITE_EXTENDED_ATTRIBUTES to be able to write a file. Bizaro, unless you know that Windows implements file data as the unnamed $DATA attribute (except where you have created alternate data streams, in which case they are named). Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: rd /s, can't find the file specified (internal reference b1996)
On Mon, 17 Mar 2003, Nir Soffer wrote: Enjoy. OK, now that I have looked at both traces in more detail, here is what is happening: The bad trace, perhaps the one from UNIX, is returning exactly the same short name for each of those files, 0123456789AB. The client tries to use the short name, and the server obviouly gets confused. In the second case, the short names are all correct looking names, or the form 012345~1, 012345~2 etc. Have you modified Samba's name mangling code to do silly things? From a very very fast look, it looks like something with file mangling, but IANA Samba Expert. baddosdel.cap is against Samba-CVS (From yesterday) gooddosdel.cap is against my personal W2K workstation. -- Nir Soffer -=- Exanet Inc. -=- http://www.evilpuppy.org Father, why are all the children weeping? / They are merely crying son O, are they merely crying, father? / Yes, true weeping is yet to come -- Nick Cave and the Bad Seeds, The Weeping Song -Original Message- From: Richard Sharpe [mailto:[EMAIL PROTECTED] Sent: Monday, March 17, 2003 9:23 AM To: Nir Soffer Cc: [EMAIL PROTECTED] Subject: RE: rd /s, can't find the file specified (internal reference b1996) On Sun, 16 Mar 2003, Nir Soffer wrote: Following up to myself, reproducing this is apparently even simpler than I thought - simply do a: touch nir test test and try to delete it from a DOS command line. It will fail. nirtest123456 fails as well, but nirtest12345 so it seems to filename size related. 13 characters won't work and 12 will. Perhaps it's because something is geared towards 8 characters, a dot, and 3 characters somewhere along the line? Needless to say, it works fine on w2k shares... Can you get us a sniff? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com -- Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com baddosdel.cap Description: baddosdel.cap gooddosdel.cap Description: gooddosdel.cap
Re: Showstopper! Samba 2.2.8 can't read TDB files from previousversions.
On Sun, 16 Mar 2003, Fredrik Ohrn wrote: To salvage the domain SID I copied smbpasswd.c from 2.2.8 into a 2.2.7a source tree and compiled it, then I could use the new -X and -W options to extract the SID from the old secrets.tdb and write it into a fresh TDB from 2.2.8. I am glad to be of help :-) Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: Question - Latest security alery of samba
On Sun, 16 Mar 2003, Nir Livni wrote: I've read the announcement carefully. The announcement does not point a specific threat in the samba code. It mentions that This version of Samba adds explicit overrun and overflow checks on fragment re-assembly of SMB/CIFS packets to ensure that only valid re-assembly is performed by smbd. It also mentions that samba is highly vulnerable to attacks from an external network, And that 1. host based protection 2. interface protection 3. Using a firewall 4. Using a IPC$ share deny May reduce vulnerability to such attacks. There is no access to my samba servers from the internet, but I would like to know more about this security issue - specially, which source codes are involved. (SMB client code is currently no issue for me) Any list of affected source files would be appreciated. How can we be sure that you are not a script-kiddie? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: rd /s, can't find the file specified (internal reference b1996)
On Sun, 16 Mar 2003, Nir Soffer wrote: Following up to myself, reproducing this is apparently even simpler than I thought - simply do a: touch nir test test and try to delete it from a DOS command line. It will fail. nirtest123456 fails as well, but nirtest12345 so it seems to filename size related. 13 characters won't work and 12 will. Perhaps it's because something is geared towards 8 characters, a dot, and 3 characters somewhere along the line? Needless to say, it works fine on w2k shares... Can you get us a sniff? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: FW: encrypt passwords = no, security=user, samba 3.0a22
On Tue, 11 Mar 2003, Nir Soffer wrote: FWIW turning off unicode with unicode=no helps somewhat, and both ethereal and Samba parse the session request correctly: Hmmm, I fixed a problem in Ethereal around Unicode handling last week at Connectathon. I would be very interested in a trace that shows the problem. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Error messages generated by passdb/pdb_smbpasswd.c are (almost)useless
Hi, Someone asked me what some messages like getsmbfilepwent: malformed password entry (uid not number) meant when using the smbpasswd command. Not knowing, I went searching the source code to find: if (!isdigit(*p)) { DEBUG(0, (getsmbfilepwent: malformed password entry (uid not number)\n)); continue; This is very little help in pinpointing the problems, as it does not tell us what the routine was looking at that caused the problem. Perhaps including the string it was processing would have been more useful! Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
tcon torture test
Hi, Herb and I looked at the TCON torture test a bit today. In our testing we found that Windows NT4, Win2K and most Samba versions fail it, so we both wonder which server ever passed this test. We tested NT4 SP3 and NT4 SP6, as well as Win2K server and Win2K workstation. I have also tested NT4 SP1. To refresh your memory, the TCON tests connects to a share and opens a file. It then writes to the file, and then connects to the same share again, and writes to the file that was originally opened and expects the second write to fail. Herb found an interesting case, though. It seems that Pillar Data's CIFS implementation, which is based on Samba 2.2.x, passes this test. This is surprising, because it suggests that Pillar has changed their version to pass this test, when so few other servers pass the test. Does anyone know of any servers pass the test, and why it is there? It is interesting to note that it is in the torture code in Samba 2.2.x as well, so it might be left over from a very early version of NT4. I wonder if it was only Win9X where this test succeeds? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Restrict Anonymous
On Thu, 6 Mar 2003, Marc Kaplan wrote: Hello list, Has anybody coded some sort of workaround for joining domains with RestrictAnonymous set? The typical behavior I see is for NT4 domains we're able to look up sequence, but never enumerate users and groups. For ADS domains, it seems that even looking up sequence from the domain fails. Are you referring to domain joining or having winbindd function. If the latter, winbindd in head and Samba 3.0.0 allows you to specify a username and password that winbindd can use to perform functions that it used to be able to do. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Detecting Windows OS Version through Samba
On Wed, 5 Mar 2003, Agis Andreou wrote: Thanks, could you please mail it to me, their server http://www.apostols.org/projectz/queso/ seems to be down at the moment. Will it distinguish windows flavours? Hmmm, doesn't nmap do a better job? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
tcontest in Samba-head's torture code
Hi, Herb came across an oddity at Connectathon. He was running the head torture tests against a WinNT 4 sp3 box and a WinNT4 sp6 box. The tcontest fails against that platform. In looking at the code and a trace, it connects to a share, opens a file, and writes to that file. It then connects with a tconX to the same share and then writes to the already opened file, expecting the write to fail. However, it succeeds! Does anyone know what this test is supposed to be testing? The comments are very poor, but the intent seems clear. Just don't know why? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
smbtorture does not seem to want to fallback to *SMBSERVER
Hi, In running some tests at connectathon, I see two issues: 1. smbtorture does not fall back to using *SMBSERVER when setting up a NetBIOS session. I think this would be worth adding. 2. smbtorture does not allow you to specify the port to connect on. I have added code to support this. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Connecting to Win2K via port 445 and etc
Hi, based on a change that Jeremy made today relating to Win2K via 445, I wonder if the following code in cli_send_tconX (head) is perhaps still a bit wrong if (cli-port == 445) { slprintf(fullshare, sizeof(fullshare)-1, %s, share); } else { slprintf(fullshare, sizeof(fullshare)-1, %s\\%s, cli-desthost, share); } What this is doing is for port 139 consructing \\server\share, while for port 445, simply using the share name. All the code that calls cli_send_tconX should pass just the share name. There is also the additional issue that if the server was specified by a name other than its NetBIOS name, and we are talking to a Win9x system, it will want the actual NetBIOS name there perhaps. However, I wonder also if the code should do exactly the same for port 445 and 139? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: number of groups of NT account causes authentication problems
On Tue, 4 Mar 2003, Gopal Bhat wrote: Hi, I did more experiments with this problem and found that 'SMBD' fails to authenticate when the Number of Groups an NT user belongs grows more than 14 (i.e. 15 or more). Thanks, Gopal I can't have a look until tomorrow, but I wonder, is it possible that Solaris 9 has a restriction that the user cannot be in more that 14 groups? I would think not, but will find it difficult to test tonight. Besides, I can probably only test on Solaris 8. If that is not the problem, then I would have to look at the code that does setgroups and test on our platform. Gopal Bhat wrote: I am facing a strange problem related to authentication of NT users accessing the SAMBA server. Here are the details: Server: Solaris 9, SUN Ultra 60, SAMBA 2.2.7a with PAM and WINBIND Client: Windows XP, NT4.0, 2000 Symptoms: Created a share \\server\test (UNIX: /export/SMB/test) with access to group 'TestGoup' where 'TestUser' is a member. 'TestUser' is a member of 14 more groups along with 'TestGroup' (Total number of TestUser's group = 15) With the above settings 'TestUser' can't access the share '\\server\test', and the following message shows up in the Client.log: [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(244) Unable to initgroups. Error was Not owner [2003/03/04 13:31:52, 0] smbd/sec_ctx.c:initialise_groups(247) This is probably a problem with the account domain\testuser [2003/03/04 13:31:52, 0] smbd/service.c:make_connection(599) client (10.81.105.121) Can't change directory to /export/SMB/test (Permission denied) If I change the number of groups the user 'TestUser' belongs from 15 to 8 ('TestGroup' + 7 other groups), the user can access the share '\\server\test' without any problems. It looks like there is some limitation on number of NT group memberships 'smbd' can handle. Note: 'wbinfo' returns all the right groups of the user without any problems. Is there anyone out there who is aware of this problem and knows a workaround/solution to this? I really appreciate any help from the prestigious SAMBA Team. Thanks, Gopal -- Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: file descriptors consumed by printing
On Mon, 3 Mar 2003, Tim Potter wrote: On Sun, Mar 02, 2003 at 06:54:37AM -0800, Richard Sharpe wrote: On Sat, 1 Mar 2003, Vance Lankhaar wrote: What about adding a value to the printing param? - printing = disabled This seems like a good way to do it. Does anyone have any objections if I do so? Why do we need it? Just call lp_default_server_announce() and check if the SV_TYPE_PRINTQ_SERVER bit is set. If no print shares are exported then don't call nt_printing_backend_init(). That seems like a good idea. Seems like you printer-type guys know your way around that code :-) I don't think we need yet another parameter when the information is already available. I agree. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Samba-2.2.8pre2 compiler warnings
On Sun, 2 Mar 2003, Brian Poole wrote: Quoting Nicholas Brealey ([EMAIL PROTECTED]) from 1 March 2003: CLITAR == client/clitar.c, line 688: warning: argument #4 is incompatible with prototype: prototype: pointer to uint : include/proto.h, line 303 argument : pointer to ullong A 64 bit integer being used where a 32 bit integer is expected? smbtar make not work on bigendian machines? smbtar may not work for files over 2GB on little endian machines? Hmm.. I don't know what to say here. cli_getattrE does expect an int.. but if its being provided with the filesize an int isn't going to suffice.. Thanks for bringing this up again ... so much work to do ... smbtar still has at least two issues that could cause problems with large files to my knowledge. I'll repost the list to keep it alive and in developers' minds. This has been given to rsharpe herb previously. I wouldn't be terribly suprised if there are more large file problems hiding in the tar code as it doesn't seem like it gets much use and/or attention from the developers. 1) clitar.c::get_file() static int get_file(file_info2 finfo) { int fnum = -1, pos = 0, dsize = 0, rsize = 0, bpos = 0; .. rsize = finfo.size; /* This is how much to write */ rsize would overflow here. 2) clitar.c::get_longfilename() static char * get_longfilename(file_info2 finfo) int namesize = finfo.size + strlen(cur_dir) + 2; char *longname = malloc(namesize); This must not be frequently used code. This would [attempt] to malloc a 1GB chunk of memory (if that was the size of the current file.) This should be using strlen(finfo.name) or something. At least a couple debugs still bogus in clitar.c 2_2 code as well.. I believe one of these got fixed in HEAD but not 2_2. DEBUG(5, (get_file: file: %s, size %i\n, finfo.name, (int)finfo.size)); (can't cast finfo.size to a int) DEBUG(0, (restore tar file %s of size %d bytes\n, finfo.name, (int)finfo.size)); (can't cast finfo.size to a int) I've attached a patch for the issues I know of (but not the cli_getattrE issue that you brought up.) I'm not really sure what to say about that. The patch is against the 2_2 tree but should mostly apply to HEAD as well. This patch was tested only for compilation and should be treated as such. -b Index: clitar.c === RCS file: /cvsroot/samba/source/client/clitar.c,v retrieving revision 1.74.4.10 diff -u -r1.74.4.10 clitar.c --- clitar.c 6 Jan 2003 19:53:11 - 1.74.4.10 +++ clitar.c 2 Mar 2003 23:41:47 - @@ -1000,9 +1000,10 @@ static int get_file(file_info2 finfo) { - int fnum = -1, pos = 0, dsize = 0, rsize = 0, bpos = 0; + int fnum = -1, pos = 0, dsize = 0, bpos = 0; + SMB_BIG_INT rsize = 0; - DEBUG(5, (get_file: file: %s, size %i\n, finfo.name, (int)finfo.size)); + DEBUG(5, (get_file: file: %s, size %.0f\n, finfo.name, (double)finfo.size)); if (ensurepath(finfo.name) (fnum=cli_open(cli, finfo.name, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE)) == -1) { @@ -1093,7 +1094,7 @@ ntarf++; - DEBUG(0, (restore tar file %s of size %d bytes\n, finfo.name, (int)finfo.size)); + DEBUG(0, (restore tar file %s of size %.0f bytes\n, finfo.name, (double)finfo.size)); return(True); } @@ -1123,18 +1124,17 @@ */ static char * get_longfilename(file_info2 finfo) { - int namesize = finfo.size + strlen(cur_dir) + 2; + int namesize = strlen(finfo.name) + strlen(cur_dir) + 2; char *longname = malloc(namesize); - int offset = 0, left = finfo.size; + SMB_BIG_INT offset = 0, left = finfo.size; BOOL first = True; DEBUG(5, (Restoring a long file name: %s\n, finfo.name)); - DEBUG(5, (Len = %d\n, (int)finfo.size)); + DEBUG(5, (Len = %.0f\n, (double)finfo.size)); if (longname == NULL) { - DEBUG(0, (could not allocate buffer of size %d for longname\n, - (int)(finfo.size + strlen(cur_dir) + 2))); + namesize)); return(NULL); } -- Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Samba-2.2.8pre2 compiler warnings
On Sun, 2 Mar 2003, Brian Poole wrote: Quoting Nicholas Brealey ([EMAIL PROTECTED]) from 1 March 2003: CLITAR == client/clitar.c, line 688: warning: argument #4 is incompatible with prototype: prototype: pointer to uint : include/proto.h, line 303 argument : pointer to ullong A 64 bit integer being used where a 32 bit integer is expected? smbtar make not work on bigendian machines? smbtar may not work for files over 2GB on little endian machines? Groan. I need to look at the CIFS def for the size of that field and how it is handled if large offsets are in use :-( Hmm.. I don't know what to say here. cli_getattrE does expect an int.. but if its being provided with the filesize an int isn't going to suffice.. smbtar still has at least two issues that could cause problems with large files to my knowledge. I'll repost the list to keep it alive and in developers' minds. This has been given to rsharpe herb previously. I wouldn't be terribly suprised if there are more large file problems hiding in the tar code as it doesn't seem like it gets much use and/or attention from the developers. 1) clitar.c::get_file() static int get_file(file_info2 finfo) { int fnum = -1, pos = 0, dsize = 0, rsize = 0, bpos = 0; .. rsize = finfo.size; /* This is how much to write */ rsize would overflow here. 2) clitar.c::get_longfilename() static char * get_longfilename(file_info2 finfo) int namesize = finfo.size + strlen(cur_dir) + 2; char *longname = malloc(namesize); This must not be frequently used code. This would [attempt] to malloc a 1GB chunk of memory (if that was the size of the current file.) This should be using strlen(finfo.name) or something. At least a couple debugs still bogus in clitar.c 2_2 code as well.. I believe one of these got fixed in HEAD but not 2_2. DEBUG(5, (get_file: file: %s, size %i\n, finfo.name, (int)finfo.size)); (can't cast finfo.size to a int) DEBUG(0, (restore tar file %s of size %d bytes\n, finfo.name, (int)finfo.size)); (can't cast finfo.size to a int) I've attached a patch for the issues I know of (but not the cli_getattrE issue that you brought up.) I'm not really sure what to say about that. The patch is against the 2_2 tree but should mostly apply to HEAD as well. This patch was tested only for compilation and should be treated as such. -b Index: clitar.c === RCS file: /cvsroot/samba/source/client/clitar.c,v retrieving revision 1.74.4.10 diff -u -r1.74.4.10 clitar.c --- clitar.c 6 Jan 2003 19:53:11 - 1.74.4.10 +++ clitar.c 2 Mar 2003 23:41:47 - @@ -1000,9 +1000,10 @@ static int get_file(file_info2 finfo) { - int fnum = -1, pos = 0, dsize = 0, rsize = 0, bpos = 0; + int fnum = -1, pos = 0, dsize = 0, bpos = 0; + SMB_BIG_INT rsize = 0; Got that one ... - DEBUG(5, (get_file: file: %s, size %i\n, finfo.name, (int)finfo.size)); + DEBUG(5, (get_file: file: %s, size %.0f\n, finfo.name, (double)finfo.size)); Hmmm, this should be llu if sizeof(off_t) is 8, and lu if sizeof(off_t) is 4, but maybe casting to a float is OK. if (ensurepath(finfo.name) (fnum=cli_open(cli, finfo.name, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE)) == -1) { @@ -1093,7 +1094,7 @@ ntarf++; - DEBUG(0, (restore tar file %s of size %d bytes\n, finfo.name, (int)finfo.size)); + DEBUG(0, (restore tar file %s of size %.0f bytes\n, finfo.name, (double)finfo.size)); return(True); } @@ -1123,18 +1124,17 @@ */ static char * get_longfilename(file_info2 finfo) { - int namesize = finfo.size + strlen(cur_dir) + 2; + int namesize = strlen(finfo.name) + strlen(cur_dir) + 2; char *longname = malloc(namesize); - int offset = 0, left = finfo.size; + SMB_BIG_INT offset = 0, left = finfo.size; BOOL first = True; DEBUG(5, (Restoring a long file name: %s\n, finfo.name)); - DEBUG(5, (Len = %d\n, (int)finfo.size)); + DEBUG(5, (Len = %.0f\n, (double)finfo.size)); if (longname == NULL) { - DEBUG(0, (could not allocate buffer of size %d for longname\n, - (int)(finfo.size + strlen(cur_dir) + 2))); + namesize)); return(NULL); } OK, I got all those, thanks ... Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: file descriptors consumed by printing
On Mon, 3 Mar 2003, Tim Potter wrote: On Sun, Mar 02, 2003 at 06:54:37AM -0800, Richard Sharpe wrote: On Sat, 1 Mar 2003, Vance Lankhaar wrote: What about adding a value to the printing param? - printing = disabled This seems like a good way to do it. Does anyone have any objections if I do so? Why do we need it? Just call lp_default_server_announce() and check if the SV_TYPE_PRINTQ_SERVER bit is set. If no print shares are exported then don't call nt_printing_backend_init(). Hmmm, Samba 2.2.x sets SV_TYPE_PRINTQ_SERVER unconditionaly. I don't think we need yet another parameter when the information is already available. Tim. -- Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: file descriptors consumed by printing
On Mon, 3 Mar 2003, Tim Potter wrote: On Sun, Mar 02, 2003 at 10:10:53PM -0800, Richard Sharpe wrote: This seems like a good way to do it. Does anyone have any objections if I do so? Why do we need it? Just call lp_default_server_announce() and check if the SV_TYPE_PRINTQ_SERVER bit is set. If no print shares are exported then don't call nt_printing_backend_init(). Hmmm, Samba 2.2.x sets SV_TYPE_PRINTQ_SERVER unconditionaly. It's fixed in HEAD. Yeah, well someone forgot their janitorial duties :-) Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: client: browse doesn't work with only win98 in workgroup
On Sat, 1 Mar 2003 [EMAIL PROTECTED] wrote: Christopher R. Hertel [EMAIL PROTECTED] writes: I'm working on providing a tree-style view of the network in a fashion similar to what Windows Explorer does. The top level of an SMB/CIFS network is something like Microsoft Windows Network. The next level down is the list of workgroups/domains within the network; then the hosts within each workgroup; then the shares within each share, etc. I don't know what version of Windows will be the master browser, and I don't want to force it by using Samba as the master browser. Therefore I have to be able to enumerate the hosts within a workgroup regardless of what versions of Windows happen to be on the network. Hmmm, are you using libsmbclient? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: client: browse doesn't work with only win98 in workgroup
On Sat, 1 Mar 2003, Christopher R. Hertel wrote: Okay, I understand the problem now. The problem is that W/9x boxes do not recognize the generic *SMBSERVER name in the NBT Session Setup Request. Also, W/9x boxes will send back an error if the called name is not correct in the NBT Session Setup Request. You should get a NEGATIVE SESSION RESPONSE (0x83) message with an error code of: 0x82: Called Name Not Present Since W/9x systems do not support the generic *SMBSERVER name, this error message is correct. Basically, it's the NBT equivalent of That port isn't listening for a connection. The solution is to find the Server Service name on the remote machine. This is typically done by sending a Node Status query and looking for a name with a suffix byte value of 0x20. There is code in libsmbclient to deal with this problem ... Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
smbd load of large numbers of client
Hi, Is anyone running larges numbers of clients against Samba servers? Here I am thinking of 1000+ clients, and wanting to get a feel for the load of 1000+ smbds. I already know that at least with the 2.2.x base, smbd maintains 29 open file descriptors before it opens any files for users, but am wondering about the memory load (which should not be too bad with copy-on-write on modern UNIXen) and context switch load? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: [PATCH] Mutual authentication, keytabs, and SMB session keys
On Mon, 24 Feb 2003, Luke Howard wrote: Hi Andrew, Doesn't the kerberos deal with the byte order? Or shouldn't we create a asn1_write function to do this? The token ID is not ASN.1. Read RFC 1964. Wow, I recall saying this twice before :-( Can we have a name for this magic number? A define in asn_1.h or similar? Again, see RFC 1964. Actually, they probably shouldn't be little- endian shorts; my bad (but they certainly weren't ASN.1 booleans! :-)) Better to do: #define TOK_ID_KRB_AP_REQ \x01\x00 #define TOK_ID_KRB_AP_REP \x02\x00 There are a couple of other token IDs we might want as well. I'll knock up another patch later today... cheers, -- Luke -- Luke Howard | PADL Software Pty Ltd | www.padl.com -- Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: Can't enumerate user list from WinXP -- samba-3.0alpha21
On Mon, 24 Feb 2003, Vich wrote: Hi Richard, Thanks for your reply. I have captured the packets you need. This is my network environment. WinXP (vich-xp 192.168.101.174/255.255.0.0) Win2k (vich-dev 192.168.101.247/255.255.0.0) FreeBSD (vich-test 192.168.100.251/255.255.0.0) I captured the packets and saved them to FreeBSD.cap when I used WinXP to connect to FreeBSD, right-click a shred service to get ACL information, click Add button to try to add a new entry, and click Search now button to get all entries that I could add. I did the same steps when I used WinXP to connect Win2k box and saved them to Win2k.cap. I have looked at these, and can see that there are differences in the set of SAMR calls that WinXP sends to Win2K vs Samba/FreeBSD. In particular, with Win2K, WinXP does a QueryDispInfo after an OpenDomain S-1-5-21-x-y-z, while against Samba/FreeBSD, WinXP does not do that. I will have to try it myself from a WinXP client to Samba. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com packets.zip Description: Zip compressed data
Re: Can't enumerate user list from WinXP -- samba-3.0alpha21
On Sat, 22 Feb 2003, Vich wrote: Hi all, Sorry to ask the question again. But I am really very interesting about the topic. I am tracing CIFS packets many days and doesn't have any idea. Could someone give me a hint, then I can continue to trace the problem. Grab a trace of the packets that occur when you try to add a new ACL. That way, we can see what RPCs the WinXP system is sending that are not sent by Win2K. Send the trace to me. I have installed Samba 3.0 alpha 21 on my FreeBSD for a long time. I enable ACL and it works fine when I connect from Win2k client. I can add and delete acl entry. Recently, I use WinXP to connect to my server. When I try to add new ACL entry, I get a popup message to ask username/password pair. After I type it, I get nothing. No server user and group list on text box, only those default entries. I use Ethereal to get some packets and find that WinXP doesn't send any samr request to my server. Why? This is my configuration. Do I make any mistake? [global] workgroup=WORKGROUP guest account=nobody map to guest=Bad User security=user Best regards, Vic Hsu [EMAIL PROTECTED] 886-2-25521814 ext. 827 Synology Inc. -- Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Samba on 2 domains?
On Fri, 21 Feb 2003, Keith Hamilton wrote: Hey, Is it possible to configure Samba to run as a PDC on 2 domains? If you run two separate copies of Samba :-) Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Accessing Linux workstation from Linux server using samba ..pl
On Thu, 20 Feb 2003, raj rajesh kalagarla wrote: Hi, I am having another doubt that can we access linux workstation from linux server or windows machines in the network using samba? I know what you mean. Sometimes I find myself doubting that gcc can do what it does, but after a little testing, I find that it's true. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Problems with the lack of a real RO bit with Samba ...
Hi, I am currently engaged in a debate about the desirability of implementing a real RO bit in our file system (we already have HIDDEN, SYSTEM, and ARCHIVE bits). The problem with RO is that it requires some real semantics, and you have to worry about UNIX semantics when files are shared between Windows and UNIX. The current proposal is to do something like what Samba does, synthesize the RO bit with ACLs on the file/object. Now, Windows has a RO bit and ACLS, and you can have ACLs on the file that give everyone WRITE access, while the RO bit gives no one WRITE access. My question is, is anyone aware of any real application that would be confused if the RO bit were synthesized by setting an appropriate ACL on the file? I am aware that this could mean that if an inappropriate ACL were added to the file, perhaps by mistake (when setting ACLs on all files in a tree), the RO bit could disappear. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: Problems with the lack of a real RO bit with Samba ...
On Wed, 19 Feb 2003, Ken Cross wrote: Richard: Please define an appropriate ACL on the file. That I am not sure of yet :-) Yes, it could have significant impact. Is there are problem with the current way it's set (RO == owner r mode)? In our file system, UNIX permission bits are synthesized from ACLs on the file objects :-) Can you give me an idea of the 'significant impact'? I am trying to convince our file system guys that we need a separate RO attribute to accompany the other attributes (like Hidden, System, etc). Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Problems with the lack of a real RO bit with Samba ...
On Wed, 19 Feb 2003, John E. Malmberg wrote: Richard Sharpe wrote: On Wed, 19 Feb 2003, Ken Cross wrote: Yes, it could have significant impact. Is there are problem with the current way it's set (RO == owner r mode)? That does not match the way it works on an NT server. And there is a significant difference. Indeed ... In our file system, UNIX permission bits are synthesized from ACLs on the file objects :-) Can you give me an idea of the 'significant impact'? I am trying to convince our file system guys that we need a separate RO attribute to accompany the other attributes (like Hidden, System, etc). RO is special. On Windows NT, It has precedence over all other attributes. Even Administrator access can not override RO. So for the filesystem to work correctly with SAMBA as PC users would expect, not only do you need a RO permision, you need logic to make sure that it overrides all other ACLs that would otherwise grant write access. It is probably sufficient to leave that root can override readonly, but nothing else should be able to, or it will not function as PC users expect. Actually, we squash root as well. The test for RO has to be done before any access permisions are checked. I am assuming that this is a LINUX filesystem that you are designing? Nope. I am not designing it, but we are doing a file system that supports Windows and UNIX access, along with high-bandwidth IO. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Patches for winbindd over TCP and a failover port option
On Tue, 18 Feb 2003, Guenther Deschner wrote: hi, On Tue, Feb 18, 2003 at 05:57:55PM +0200, Nir Soffer wrote: Our product uses Samba as a component. In our product we were forced to modify certain parts of Samba, namely: Winbindd running over TCP (to a remote host) This, of course, can be dangerous unless your internal network is totally separate from the outside world. I would imagine that it is in the configuration that you guys are using. Looks like Exanet is about ready to release a product :-) this sounds very interesting. Smbd listening to an additional failover port. Allow listening on non-broadcast interfaces. All these changes are very minimal. In order to comply with the GPL and provide the community with what little code we've modified, attached is the patch file between this version and Samba 3.0a20. you have forgotten to add that patchfile :) thanks, guenther -- Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: SMB_QUERY_FILE_ALL_INFO not correct in SNIA spec?
On Tue, 18 Feb 2003, Joey Collins wrote: The SNIA definition of the data required for SMB_QUERY_FILE_ALL_INFO does not appear to be correct. Furthermore, Ethereal's interpretation does not seem right, either. That is quite possible. We often rely on the SNIA doc, and then change things if they don't look quite right. I recall messing with one of the QUERY_FILE info levels because the attributes displayed were clearly wrong. Here's what SNIA says: TIME CreationTime; TIME LastAccessTime; TIME LastWriteTime; TIME ChangeTime; ULONG Attributes; // SNIA says USHORT; Ethereal says ULONG LARGE_INTEGER AllocationSize; LARGE_INTEGER EndOfFile; ULONG NumberOfLinks; UCHAR DeletePending; UCHAR Directory; LARGE_INTEGER IndexNumber; ULONG EaSize; ULONG AccessFlags; LARGE_INTEGER IndexNumber1; // mistake in SNIA spec? LARGE_INTEGER CurrentByteOffset; ULONG Mode; ULONG AlignmentRequirement; ULONG FileNameLength; STRING FileName[]; After poking around with a sniffer, here is what I think it looks like: TIMECreationTime; TIMELastAccessTime; TIMELastWriteTime; TIMEChangeTime; ULONG Attributes; ULONG Pad1; // assumed LARGE_INTEGER AllocationSize; LARGE_INTEGER EndOfFile; ULONG NumberOfLinks; UCHAR DeletePending; UCHAR Directory; USHORT Pad2; // assumed ULONG EaSize; ULONG FileNameLength; STRING FileName[]; One wonders why they needed a ULONG Pad in there. Perhaps it is just something we don't understand as yet. This is simply the concatenation of Basic Info, Standard Info (plus padding, Pad2, which is not in the SNIA spec), EA Info, and File Name Info. There is no sign of the rest of the information (internal file system index numbers, open-file information) being present. In my test I used a Win 2000 client, a Win 2000 server, and used SMB_COM_QUERY_FILE_INFORMATION (by fid, not by path). My questions: 1) Can anyone else confirm my interpretation? If you can send us a capture, we can look at it to see if we agree with your interpretation, and perhaps modify Ethereal as well. 2) Are there server-dependent variations on the format? There should not be any server-dependent variations that cannot be determined by looking at WordCount or Protocol Dialect. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Detecting true64
On Mon, 17 Feb 2003 [EMAIL PROTECTED] wrote: Does anyone know how to detect a truu64 system in configure.in ? I'm going through my patchlist and there is a big optimisation that can be done on systems where the getgrnam() call works (True64 is listed as the only broken system) and I'd like to add this to all branches by adding a BROKEN_GETGRNAM define for True64. You figure out whether or not the OS is confused about what it is: Tru64 (formerly known as Digital UNIX, formerly known as DEC OSF/1 ...) Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Doxygen janitor?
On Tue, 18 Feb 2003, Martin Pool wrote: Is there any kind of consensus (he says, hopefully) that Doxygen is a good idea? If I'm looking at code is it OK to cleanup comments into standard form? Yes, please do ... Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
getdirentries rather than readdir in the Samba VFS layer
Hi, Given the performance improvements in using getdents/getdirentries on those systems that have them, it seems to me to be better to have getdirentries in the VFS rather than readdir. For those systems that do not have getdents and getdirentries, we would simply fall back to readdir in the VFS layer. Does anyone have any comments? (Apart from the amount of work involved in doing it :-) Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Well, the large file offset stuff in smbclient seems to work
Hi, Just reporting that the large file offset code in smbclient and libsmb now seems to work. I have been chasing a weird problem with 20+ second delays in completing writes at times, and have got to 130 GB in a file. Heading towards 350GB and later 1TB. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Well, the large file offset stuff in smbclient seems to work
On Sat, 15 Feb 2003, Christopher R. Hertel wrote: Richard, Any chance you can do some jCIFS testing for us? I might be able to. Send me the code or a pointer ... At least I have GigE between the test machine and the server ... Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Well, the large file offset stuff in smbclient seems to work
On Sat, 15 Feb 2003, Michael B. Allen wrote: On Sat, 15 Feb 2003 21:26:16 -0500 John E. Malmberg [EMAIL PROTECTED] wrote: Michael B. Allen wrote: Richard Sharpe [EMAIL PROTECTED] wrote: Just reporting that the large file offset code in smbclient and libsmb now seems to work. I have been chasing a weird problem with 20+ second delays in completing writes at times, and have got to 130 GB in a file. Heading towards 350GB and later 1TB. Wouldn't anything after 4GB be redundant? No. Strange effects can happen at many different file sizes. If you do not test it, you do not know that it works. Can you give me a specific example? I've written a client and I never tested it past 5-6GB. You have me worried now :-/ Well, I would expect problems at 64GB, etc, and 1TB or so. In my case, until I have access to a multi-shelf setup, I won't be able to test much beyond 1TB. But the testing has already paid dividends in turning up these weird delays for some writes. However, that is a file system issue. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Libsmbclient question
On Sat, 15 Feb 2003, Michael Grube wrote: This is kind of a trivial question for a technical mailing list, but with libsmbclient, how do you connect to a computer by IP address, rather than by smb/nmb name? Well, reading the code would pay a healthy dividend, but in anycase: Try smb://a.b.c.d/share/... Now to see if someone's spam filter trips up on a word or two :-) Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Question about smbtorture
On Fri, 14 Feb 2003, Srikanta Shivanna wrote: When I run OPLOCK2 smbtorture test against a CIFS server, I don't see smbtorture responding to oplock break request from CIFS server, any idea about this problem? So, are you observing this on the wire? Which version of smbtorture are you using? The one in Samba head has code to ack oplocks if they are enabled, and also allows smbtorture to install its own oplock handler when it needs to. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Error in libsmb/clispnego.c
Hi, In libsmb/clispnego.c, in spnego_gen_krb5_wrap, there is the following piece of code: asn1_push_tag(data, ASN1_APPLICATION(0)); asn1_write_OID(data, OID_KERBEROS5); asn1_write_BOOLEAN(data, 0); asn1_write(data, ticket.data, ticket.length); asn1_pop_tag(data); The asn1_write_BOOLEAN is wrong. According to RFC1964, the two-byte field that the asn1_write_BOOLEAN writes is actually a token-id, which can have the values: #define KRB_TOKEN_AP_REQ0x0001 #define KRB_TOKEN_AP_REP0x0002 #define KRB_TOKEN_AP_ERR0x0003 #define KRB_TOKEN_GETMIC0x0101 #define KRB_TOKEN_WRAP 0x0102 #define KRB_TOKEN_DELETE_SEC_CONTEXT0x0201 A similar mistake is made in the spnego_parse_krb5_wrap. We should fix it, but that involves returning error codes from parse if it is not what we expect, and handing an extra parameter to the gen routine. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Thanks for everything.
On Thu, 13 Feb 2003, Abhijeet Paturkar wrote: Hi Richard, This mail is to appreciate and thank the team doing samba work and specially team looking after libsmbclient. We have been using this lib in our project and its been a great help to us. So in a way we are associated with you people for a year a now. Although we faced certain problems but none the less we got very prompt and timely responses from the samba and specially from you. If you come to Mumbai (India) some time feel free to get in touch and if I can be of any help to you. I am glad you managed to make use of the package. If you have any patches you would like to contribute they will be gratefully accepted. I must also point out that Tom Jansen has done some very useful work on libsmbclient as well, and deserves some credit. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: password quality script aka --with-cracklib replacement
On Fri, 14 Feb 2003, Andrew Bartlett wrote: On Fri, 2003-02-14 at 02:09, David Collier-Brown -- Customer Engineering wrote: Martin Pool wrote: The PAM module might store previous passwords in a database (e.g. tdb) that it maintains. Every time a password is set, it gets put in there, with any other appropriate information (date?). When a new password-setting attempt is made, it checks against the history, plus other strength checks. Do we even need to save the decrypted password? A colleague once saved old encrypted passwords to allow the do they really know the old one test to be done via challange-response. Anybody doing this 'must change password every x days' thing has to store the decrypted password, or else your users change from password1 to password2 to password3 then back to password1. Hmmm, I am not sure of that. What is wrong with storing the history of password hashes back to some number. Sure, there can be collisions, but they should be infrequent, and it will prevent them from re-using the same passwd within the horizon of the hashes kept. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Pushing Samba functions into the kernel
Hi, I wanted to start a discussion on the following: Implementing some SMB functions in the Kernel, within a Samba base, or, Bending and twisting Samba out of shape. There are a number of reasons for wanting to use the Samba code base, but at the same time, extend it to allow more functions to be pushed into the kernel. Some of the things I want to do are: 1. I would like to take advantage of the header splitting capabilities offered by the raft of current and future Theory of Everything chips, as well as allow zero copy and page flipping code to be useful, and to implement recvfile (the analog of sendfile). Each of these seems to require a slightly different approach to receiving SMBs to the current approach. One that I am thinking of is to have a syscall that receives an SMB or generates a time out or return a socket error in the event of an error. The return from the syscall would be a complete SMB, possibly with the NetBIOS header in a separate buffer, and maybe more. 2. The current sendfile code is great, and is implemented in a better way that I originally implemented it where I currently work. However, I believe that there are more cases where I can use sendfile than what Samba currently knows about. It would be useful to have some infrastructure in Samba for doing this. 3. I would like to move down a path of moving simple functions into the kernel, and this is, in some ways, an extension of point 1 above. It would be useful if the system call that gets an SMB can also implement some subset of SMB in the kernel (although I will want some way to indicate that some FIDs not have this treatment, for example those associated with RPCs). In essence, what I want to raise a discussion on is ways to have Samba enable these things. It would be good if it were easy to splice our changes into the code base, and any fixes we develop for the GPLd code can be easily extracted and returned to the code base. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Pushing Samba functions into the kernel
On Thu, 13 Feb 2003 [EMAIL PROTECTED] wrote: Ok, my feelings on Samba in the kernel are the following. 1). We need to be able to de-multiplex incoming SMB's at the kernel level to get over the W2K Terminal Server problem. OK, I am not familiar with this problem. Can you say more please. 2). A utf8 case-insensitive filesystem (massive performance win). Yes. I agree. We are looking at this issue. 3). Implement SMBreadX/SMBwriteX in the kernel once a channel has been set up. Right. I think the open code would be best left to Userland, at least initially. However, some FIDs we would not want the kernel to handle, I suspect, eg RPC FIDs. So we need a mechanism to communicate things between Samba and the kernel. 4). Allow NT SD's stored in EA's to be interpreted by security code living in the kernel for open decisions. Indeed. We already have a mechanism in our File System that does this. It is not what I really want, because it should be in the kernel, but for the moment it is in the file system and works. With the privilege code coming into Samba, we also need privileges in the kernel as well, and in Linux, you might be able to map this onto capabilities, or perhaps do something orthogonal to capabilities with LSM. An additional area of concern here equivalence between NFS users and CIFS users. It seems (at least to me) that you can use one of two approaches: 1. Name equivalence, where you look up the name associated with a UID/GID and then check if an in incoming SID has the same name. 2. Administrative equivalence. Where you provide somewhere in a database the equivalence between SIDs and UIDs/GIDs. However, these become issues that Samba does not have to worry about these issues if they are done in the kernel. Everything else (IMHO) is better done in user space. I only want to move what makes sense ... Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Pushing Samba functions into the kernel
On Thu, 13 Feb 2003, Steven French wrote: jra wrote Ok, my feelings on Samba in the kernel are the following. 1). We need to be able to de-multiplex incoming SMB's at the kernel level to get over the W2K Terminal Server problem. 2). A utf8 case-insensitive filesystem (massive performance win). 3). Implement SMBreadX/SMBwriteX in the kernel once a channel has been set up. 4). Allow NT SD's stored in EA's to be interpreted by security code living in the kernel for open decisions. Everything else (IMHO) is better done in user space. That is reasonably sensible, although the dirlookup may not be required to be in kernel to take advantage of the particular issue of case-insensitive file compares - if you are willing to live with case preserving/case insensitive behavior for local apps too for a particular partition - jfs allows formatting partitions case-insensitive (and it is probably doable in others with more work). Optimizing the Unicode string comparisons/conversions would be a huge performance win and worth looking at inkernel findfirst/findnext. OK, we don't care about local apps at all, being a NAS, and I suspect that a lot of others who are interested in this discussion don't care either. However, we do care about NFS clients and CIFS clients sharing the same storage space, and even though there is often little actual shared file access going on, we still want to serve both sets of clients from the one underlying file system. Have a look at Tridge's presentation on this issue. The new kernel nanosecond timestamps can probably be accessed in userspace without requiring in kernel - but that feature was a nice recent addition to the kernel. Well, the API for accessing 64-bit time stamps on files is not clear :-) Hooking in the kernel socket layer more sensibly for scatter/gather like operations for SMB read/write to take advantage of TOEs will be a big win. There is plenty of precedent for doing a subset of SMB ops in kernels, and throwing the rest to user space. The addition of LSM makes some very interesting authorization behaviors possible but is a distinct in-kernel piece.The addition of the well known xattr name for the 32 bit quantity system.dosattributes (in addition to the two existing well defined xattrs system.defaultacl etc.) would be helpful - probably something I should submit to the lkml - the xattr is transparent to everyone but cifs, smbfs and ntfs (only a few apps like backup apps and Samba would care) OK, so some of us are thinking of similar things. What I would like to progress to is some discussion around the sort of changes that would be needed to allow this to be easily done. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: query
On Mon, 10 Feb 2003, ankit bhatnagar wrote: i m doing a project to develop a NAS appliance for which i need to cutomize and compress the kernel size as much as i can and then integrate samba with that can anyone help me do that and how to go about it. Ha ha ha. Great troll. :-) Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: query
On Mon, 10 Feb 2003, Christopher R. Hertel wrote: On Mon, Feb 10, 2003 at 08:14:12AM -0800, Richard Sharpe wrote: On Mon, 10 Feb 2003, ankit bhatnagar wrote: i m doing a project to develop a NAS appliance for which i need to cutomize and compress the kernel size as much as i can and then integrate samba with that can anyone help me do that and how to go about it. Ha ha ha. Great troll. :-) To expand on that very appropriate comment just a bit (for the benefit of those who might still be clueless)... There are certainly folks who are willing to be hired for a reasonable fee to work on tuning Samba for a specific commercial application. If you want to hire an expert, please say so. If you want free help for a commercial product, you probably won't get it here. We simply do not have the time. Take another approach: If you have specific technical questions, the answers to which might benefit the list members as a whole, then ask. People like answering good questions. Well said :-) Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: msdfs referrals at share-level
On Fri, 7 Feb 2003, Guenther Deschner wrote: now that the msdfs-proxy is in cvs (thanks again for taking a deeper look on that) i still have a small fix for the dfsenum-pipe that just prints the first dfsroot and then stops. with that fix it'll show you all dfsenum-infolevels. attached you'll find a backport of the msdfs-proxy for 2_2, maybe you could have a quick look and comment on that one too. Hmmm, how is this any different from having a normal MSDFS share set up in Samba, say to \\server1\share1, and doing: ln -s msdfs:server1\share2,server2\share3,... /path/to/share1/share1 Just what does this msdfs-proxy stuff do that you can't do with the existing code? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com --- source/param/loadparm.c 20 Dec 2002 20:23:05 - 1.472 +++ source/param/loadparm.c 29 Dec 2002 23:29:07 - 1.473 @@ -343,6 +343,7 @@ char *fstype; char *szVfsObjectFile; char *szVfsOptions; + char *szMSDfsProxy; int iMinPrintSpace; int iMaxPrintJobs; int iWriteCacheSize; @@ -468,6 +469,7 @@ NULL, /* fstype */ NULL, /* vfs object */ NULL, /* vfs options */ + NULL, /* szMSDfsProxy */ 0, /* iMinPrintSpace */ 1000, /* iMaxPrintJobs */ 0, /* iWriteCacheSize */ @@ -1105,6 +1107,7 @@ {msdfs root, P_BOOL, P_LOCAL, sDefault.bMSDfsRoot, NULL, NULL, FLAG_SHARE}, {host msdfs, P_BOOL, P_GLOBAL, Globals.bHostMSDfs, NULL, NULL, 0}, + {msdfs proxy, P_STRING, P_LOCAL, sDefault.szMSDfsProxy, NULL, NULL, +FLAG_SHARE}, #endif {Winbind options, P_SEP, P_SEPARATOR}, @@ -1745,6 +1748,7 @@ FN_LOCAL_STRING(lp_fstype, fstype) FN_LOCAL_STRING(lp_vfsobj, szVfsObjectFile) FN_LOCAL_STRING(lp_vfs_options, szVfsOptions) +FN_LOCAL_STRING(lp_msdfs_proxy, szMSDfsProxy) static FN_LOCAL_STRING(lp_volume, volume) FN_LOCAL_STRING(lp_mangled_map, szMangledMap) FN_LOCAL_STRING(lp_veto_files, szVetoFiles) --- docs/docbook/manpages/smb.conf.5.sgml 27 Nov 2002 02:47:55 - 1.68 +++ docs/docbook/manpages/smb.conf.5.sgml 29 Dec 2002 23:29:08 - 1.69 @@ -869,6 +869,7 @@ listitemparalink linkend=MAXCONNECTIONSparametermax connections/parameter/link/para/listitem listitemparalink linkend=MAXPRINTJOBSparametermax print jobs/parameter/link/para/listitem listitemparalink linkend=MINPRINTSPACEparametermin print space/parameter/link/para/listitem + listitemparalink linkend=MSDFSPROXYparametermsdfs +proxy/parameter/link/para/listitem listitemparalink linkend=MSDFSROOTparametermsdfs root/parameter/link/para/listitem listitemparalink linkend=NTACLSUPPORTparameternt acl support/parameter/link/para/listitem listitemparalink linkend=ONLYGUESTparameteronly guest/parameter/link/para/listitem @@ -4847,6 +4848,23 @@ /varlistentry + varlistentry + termanchor id=MSDFSPROXYmsdfs proxy (S)/term + listitemparaThis parameter indicates that the share is a + stand-in for another CIFS share whose location is specified by + the value of the parameter. When clients attempt to connect to + this share, they are redirected to the proxied share using + the SMB-Dfs protocol./para + paraOnly Dfs roots can act as proxy shares. Take a look at the + link linkend=MSDFSROOTparametermsdfs root/parameter/link + and + link linkend=HOSTMSDFSparameterhost msdfs/parameter/link + options to find out how to set up a Dfs root share./para + paraExample: commandmsdfs proxy = +\otherserver\someshare/command/para + /listitem + /varlistentry + + varlistentry @@ -4857,8 +4875,8 @@ Samba treats the share as a Dfs root and allows clients to browse the distributed file system tree rooted at the share directory. Dfs links are specified in the share directory by symbolic - links of the form filenamemsdfs:serverA\shareA,serverB\shareB - /filename and so on. For more information on setting up a Dfs tree + links of the form +filenamemsdfs:serverA\shareA,serverB\shareB/filename + and so on. For more information on setting up a Dfs tree on Samba, refer to ulink url=msdfs_setup.htmlmsdfs_setup.html /ulink./para --- docs/manpages/smb.conf.52003-02-01 18:43:47.0 +0100 +++ docs/manpages/smb.conf.52003-02-07 10:29
Re: LSA Privileges
On Sun, 9 Feb 2003 [EMAIL PROTECTED] wrote: This also affects the decision of indexing by name or number. There are currently 19 privileges that I know of defined by Win2000. If we Can you list them? Also, I will probably push them into the kernel, as we need this sort of thing in our filesystem :-) So, it would be appreciated if there was a clean interface like the VFS. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Dir with 900+ files look Empty - 2nd post
On Fri, 7 Feb 2003, Greg Norris wrote: WARNING: I had to reformat the mail message to make it reasonable. Each para was one long line. I am running Samba on Linux RedHat 7.3. It is OK most of the time. We use it for our ViewCvs viewer. Problem is when there are files called cmd (god knows who created that one) and others with dot prefix the directory does silly things. With the cmd file it displayed duplicate versions. First I though it was ViewCvs but then when I checked the directory in the samba link there they were.. Wella fter removing the cmd file all was well - until lately when now we get an empty directory - only trouble is that I know I have 922 files in it. is there a magic number that stops samba from displaying files? Well, on a 2.2.3-based appliance, I just created 10,000 files and they all showed up in Win2K. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: Dir with 900+ files look Empty - 2nd post
On Fri, 7 Feb 2003, Greg Norris wrote: I still had to reformat your mail. Please fix your mail client. I failed to mention that I have 10 directories of which 9 are ok. It's just the one directory playing up. As I mentioned, I discovered that a file called 'cmd' or with a leading period will cause erratic behaviour but that is not the case here. OK, can you be a little more precise about the circumstances under which the problems occur? Does it occur once you have more than a certain number of dicectories, or more than a certain number of files in each of them? Also, what does your smb.conf file look like? Do you have things like hide unreadable set? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: machine names same as usernames - problems... -- here's arealworld NetBIOS clusterfsck ...
On Thu, 6 Feb 2003, Bryan J. Smith wrote: Quoting Andrew Bartlett [EMAIL PROTECTED]: Why can't it work? I've seen this discussed a number of times, but never really been told why it doesn't work. That $ is there for exactly that reason you know - to make them different. Er, not exactly. If I remember correctly, the $ in the passwd file just a Samba-specific nomenclature, correct? Plus CIFS has all sorts of trailing characters after NetBIOS names that are _not_ part of the unique NetBIOS name itself. No, not really. The \$ in the name of the trust account is an MS thing. Samba requires a machine account be backed up on the server with an account of that name. However, as far as I can see, we could remove that restriction, as we could keep all the needed info in the secrets file or another tdb. However, the issue likely boils down to NetBIOS names being registered when the user tries to log on. When a workstation boots, it registers its workstation name as a NetBIOS name. Indeed, it registers several types of NetBIOS names, including a 00 name, a 03 name and, if you have enabled sharing, a 20 name. When a user tries to log on, the workstation also tries to register that user's name as a NetBIOS name, with types of 00 and 03. However, they clash with the already registered machine names. SOL. I imagine that this is not a problem with XP based on some comments from Chris Hertel. Of course, this might not be the ultimate problem, either. Understand CIFS itself _requires_ NetBIOS names _must_ be _unique_, otherwise a service or resource may be attempting to connect to the address of a NetBIOS user (impossible) instead of the address of a NetBIOS system. You know what, I suspect Andrew knows this. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: machine names same as usernames - problems...
On Thu, 6 Feb 2003, Bradley W. Langhorst wrote: On Thu, 2003-02-06 at 15:39, Andrew Bartlett wrote: adil (users) and adil$ (machine) cannot work. Why can't it work? I've seen this discussed a number of times, but never really been told why it doesn't work. That $ is there for exactly that reason you know - to make them different. [...] Can you describe the failure please? I thought this was well known... The machine simply fails to join the domain. With a message about bad password or invalid machine account. Under what circumstances can't/doesn't this work? Does it not work only in the case that adil and adil$ both exist in the passwd database of the Samba server? If that is the case, then the code that allows the machine to log onto the trust account is probably checking for the 'adil' account and refusing to let it happen. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: machine names same as usernames - problems... -- here's arealworld NetBIOS clusterfsck ...
On Thu, 6 Feb 2003, Richard Sharpe wrote: On Thu, 6 Feb 2003, Bryan J. Smith wrote: Quoting Andrew Bartlett [EMAIL PROTECTED]: Why can't it work? I've seen this discussed a number of times, but never really been told why it doesn't work. That $ is there for exactly that reason you know - to make them different. Er, not exactly. If I remember correctly, the $ in the passwd file just a Samba-specific nomenclature, correct? Plus CIFS has all sorts of trailing characters after NetBIOS names that are _not_ part of the unique NetBIOS name itself. No, not really. The \$ in the name of the trust account is an MS thing. Samba requires a machine account be backed up on the server with an account of that name. However, as far as I can see, we could remove that restriction, as we could keep all the needed info in the secrets file or another tdb. OK, I withdraw the last sentence, since when we are operating as a PDC, we should use the same account mechanisms for trust accounts and ordinary user accounts. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: machine names same as usernames - problems...
On Thu, 6 Feb 2003, Andrew Bartlett wrote: On Thu, Feb 06, 2003 at 02:47:47PM -0800, Richard Sharpe wrote: On Thu, 6 Feb 2003, Bradley W. Langhorst wrote: On Thu, 2003-02-06 at 15:39, Andrew Bartlett wrote: adil (users) and adil$ (machine) cannot work. Why can't it work? I've seen this discussed a number of times, but never really been told why it doesn't work. That $ is there for exactly that reason you know - to make them different. [...] Can you describe the failure please? I thought this was well known... The machine simply fails to join the domain. With a message about bad password or invalid machine account. Under what circumstances can't/doesn't this work? Does it not work only in the case that adil and adil$ both exist in the passwd database of the Samba server? If that is the case, then the code that allows the machine to log onto the trust account is probably checking for the 'adil' account and refusing to let it happen. No such code exists. Hmmm, that is interesting. Maybe I need to try this myself to see what the issues are. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Using shared libraries?
On Wed, 5 Feb 2003, Jelmer Vernooij wrote: On Wed, Feb 05, 2003 at 06:54:27AM -0500, Ken Cross wrote about 'Using shared libraries?': Maybe a dumb question, but... libsmbclient.so is being built in bin, but nothing seems to be linking to it. I tried make installclientlib, which installed it, but no change. Is there some trick to get it to be used? (NetBSD with SAMBA_3_0) libsmbclient is a library that can be used by 3rd party GPL'ed software, samba doesn't use it internally. Well, yes, but ... libsmbclient contains so much also needed by Samba, that you can link against libsmbclient.so and save lots of space. The question remains, how to do it on NetBSD? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: called name not present
On Wed, 5 Feb 2003, David Bear wrote: I've encountered a strange error. I have samba 2.2.7 installed on freebsd 4.7. I've run testparm on the smb.conf and don't see any errors. I can connect to a service from a windows 2k machine using standard net use commands. HOWEVER, when I try to use smbclient from another machine to view my bsd samba, I get the following error: bash-2.05a$ smbclient -L //npcenter added interface ip=129.219.120.183 bcast=129.219.120.191 nmask=255.255.255.192 session request to NPCENTER failed (Called name not present) Password: Anonymous login successful Domain=[CUI] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] tree connect failed: NT_STATUS_DUPLICATE_NAME == Hmmm, I am not aware of any version of Samba claiming to be Windows 5.0 or Windows 2000 LAN Manager. Are you sure that you are connecting to a Samba server, and not, say, a Win2K server by some accident? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: Using shared libraries?
On Wed, 5 Feb 2003, Ken Cross wrote: Pretty standard: -l smbclient You may need -L libdir if not standard OK, so I am confused right now. Weren't you the one that asked about this in the first place? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
RE: Using shared libraries?
On Wed, 5 Feb 2003, Ken Cross wrote: Sure, but my original question (which was answered) was whether Samba used it. Apparently not. Herb Huston committed some patches last week to at least head I think to link Samba with libsmbclient, because someone else asked about this. Herb observed quite a saving in image size. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Win9x, samba 3, user list
On Tue, 4 Feb 2003, Dmitry Melekhov wrote: hello! Sorry for late reply :-( Here it is. OK, I wasn't precise enough. I was actually looking for a packet trace of the problem. You can obtain such with: tcpdump -i eth0 -s 1500 -w somefile.cap started before you try to retrieve the userlist. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com log.dm-win98.gz Description: GNU Zip compressed data
Re: Moving a domain
On Mon, 3 Feb 2003, Tom Alsberg wrote: When smbd starts (and this includes at least 2.2.3, I believe, and beyond to 3.0.x), it checks to see if there is a SID in the secrets file with the key SECRET/SID/UCNBNAME where UCNBNAME is the uppercase NetBIOS name. You mean - the uppercase NetBIOS name of the server (where smbd runs) - right? Yup If one does not exist, it will create a new random SID, set the machine SID to that, and then set the domain SID to that! If the SID changes, even if you have preserved the trust accounts and their current passwords, Windows will complain that the SID is inconsistent with what it had when it joined. OK. But if I copy the SID file[s]? If you copy the secrets file, you still need to make sure smbd runs with the same NetBIOS name. The SID for the old machine name is still in the secrets file, and you can use tdbdump to find the keys, and thus the old machine name if you need to. What do you mean by 'old machine name'? I most probably know the name of the machines which was previously acting as the server. Yup. This is relevant to your questions below. The question is - if any of you had experience, or theoretical facts and ideas of - would this work? For users who only use it as a file and print server, it most probably would. But as a domain controller - the clients remember a few things, and the server remembers a few things. The SID and secrets files should probably be copied... But then, should clients who are already in the domain be able to continue using it, without leaving and re-joining it? You probably only really need the secrets file and the smbpasswd or whatever passwd database you are using for Windows accounts. OK... That's not a problem to preserve, I assume... Correct. If the NetBIOS name changes, you have a couple of choices, as outlined at www.richardsharpe.com. Well, I took a look at some of the information there... Useful advice... But anyway, I was speaking of the NetBIOS name not changing (nmbd will run with the -n flag to have the same NetBIOS name, no matter on what machine it is running). That is good. As soon as Samba 2.2.8 ships you will retrieve the old SID and re-establish that as the machine SID for your Samba server and the domain SID. You can already do that with the net command for Samba 3.0.x. I didn't know Samba 3 had a net command... I'll look after it. Anyway, so now, after all - could you say - would it work? If I kill Samba on one machine, start it on another machine, with nmbd getting the same -n flag, and about the same configuration, and I copy the secret files - will log-ons to the domain (from machines that have already joined in the past) work without re-joining it? Would there be any other problem? I expect you will be fine. However, I have not tried that. As I understand from your message, there should not be any problem. Is this right? I think you will be OK. Let us know :-) Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Win9x, samba 3, user list
On Fri, 31 Jan 2003, Dmitry Melekhov wrote: Hello! I can't get users list on win 98 with current CVS, it says something like- try later. And I see this in log 2003/01/31 13:41:05, 1] smbd/ipc.c:api_fd_reply(284) api_fd_reply: INVALID PIPE HANDLE: 0 Certanly, I can provide log with level 10 :-) Would probably be helpful if you provided a trace as well. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: large file support
On Fri, 31 Jan 2003, Mourad MESSAOUDI wrote: Hi everybody, I'm trying to create a file on a smb share and it stops at 2 Gb. samba release 2.2.7a with this patch --- libsmb/clireadwrite.c 19 Dec 2002 16:12:41 - 1.2.4.9 +++ libsmb/clireadwrite.c 30 Dec 2002 04:04:37 - kernel is 2.4.20 with acl patch. I've checked, the creation of files larger than Gb: it's ok. I have this messages in /var/log/messages of the client machine when I reach the 2Gb : kernel: smb_get_length: recv error = 5 kernel: smb_request: result -5, setting invalid kernel: smb_retry: successful, new pid=18489, generation=2 There have been some changes to support file sizes larger than 2-4GB. They should appear in 2.2.8. Please pull the latest CVS and try. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: large file support and clitar.c etc
On Fri, 31 Jan 2003, Brian Poole wrote: Quoting Richard Sharpe ([EMAIL PROTECTED]) from 31 January 2003: There have been some changes to support file sizes larger than 2-4GB. They should appear in 2.2.8. Have any luck with the list I sent you ? I saw the tar reply which I appreciate being answered. Hi, Now that we have fixed some problems to do with large file transfer, there remains an issue with clitar.c and its handling of files larger than about 2GB. I am told that some variants write USTAR headers that only use 11 or 12 of the 13 possible OCTAL digits in the length field. To support larger files in the tar archive, we would need to write headers in a portable fashion. This, I believe, means that we would need to cut the file up into chunks, and then write each chunk, one after the other, with two headers. One indicating the file name etc, and the second indicating that the chunk is a continuation of the previous chunk and perhaps an offset. This way, at least the rest of the archive can be processed by archivers that do not understand large files. Does anyone see any problems with this, and does anyone have any time to support this effort? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Adding a couple of simple functions to smbpasswd for Samba 2.2.8
Hi, If a user changes the NetBIOS name of their Samba PDC, or the DNS name, when they have not set a NetBIOS name, their SID will change, and workstations that have joined the domain will not be able to log on. This is because Samba uses the NetBIOS/DNS name to determine if it should generate a SID. There is a small discussion of this up on www.richardsharpe.com. Between Volker Lendeke and I, we have added support to Samba Head and 3.0.0 that allows you to retrieve the old SID, which is still in the secrets.tdb file, and place the SID into the correct entry in the secrets.tdb if you ever get into that problem. Now, I was thinking of doing something similar for Samba 2.2.8. This will involve modifying smbpasswd. For reasons of code simplicity, I have abandoned my earlier thoughs of using 'smbpasswd -L -S dom' to retrieve the old SID and something similar to set the SID. Instead, I propose: smbpasswd -X dom to eXtract the old SID and msbpasswd -W S-1-5-21-x-y-z to Write the new SID as the domain SID for the current domain into the secrets.tdb file. These are not a lot of coding, should not destabalize any existing code, and will save at least some people some pain. Are there any comments? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: 2.0.7-XP compability ?
On Thu, 30 Jan 2003, Ulf Bertilsson wrote: Can we have a trace? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: transfer large amount of data from unix to nt
On Thu, 30 Jan 2003, Keith Ives wrote: We are looking for a good solution to move gigs of data from unix to nt. We currently use samba. Unfortunately the file systems are the organization's shares that have many different folders, owners, file types, ACLs, etc. Probably our biggest challenge is keeping the integrity of the ownership and permissions... which is also our biggest road block. Can you be more specific. What problems do you forsee? We have been experimenting with different methods. We are trying to keep this from becoming a month long project. What problems have you seen? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Sign Seal vs. MAC signing.
On Thu, 30 Jan 2003, Christopher R. Hertel wrote: The SNIA doc provides information on Message Authentication Codes (MACs). These are signatures contained in the SMB header. Are these the same as Sign and Seal or are we talking about two different basilisks altogether? TDB. Sign and seal, AFAIK, relates to the DCE-RPC headers, while MAC signing is, as you say, in the SMB header. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: compiler warning in libsmb/clireadwrite.c
On Wed, 29 Jan 2003, Tim Potter wrote: Er, should I be worried about this warning? libsmb/clireadwrite.c: In function `cli_issue_read': libsmb/clireadwrite.c:54: warning: right shift count = width of type libsmb/clireadwrite.c: In function `cli_issue_write': libsmb/clireadwrite.c:301: warning: right shift count = width of type It's presumably complaining about the size of offset being 32 bits. static BOOL cli_issue_read(struct cli_state *cli, int fnum, off_t offset, size_t size, int i) { [...] if (bigoffset) SIVAL(cli-outbuf,smb_vwv10,(offset32) 0x); Is there a portable way to isolate the upper 32 bits? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Winbind on HPUX11, Totally Stuck, Please Help
On Mon, 27 Jan 2003, Miles Roper wrote: Let me first say that I am no expert on HP-UX, maybe Tim Potter can help, now that he works for them. I can do a wbinfo -u and get the user names, and a wbinfo -g returns the groups. I had to specify the password to use first with wbinfo -A user%password I also joined the domain sucessfully with OK, this looks like winbindd is sort of works ... /etc/nsswitch.conf to hosts: dns [NOTFOUND=continue UNAVAIL=continue TRYAGAIN=continue] files [ passwd: files ldap group: files ldap notice it is ldap, rather than winbind. The reason for this is, if you set it to winbind you get a error about not being a supported type, ie must be nis, ldap or files. I think this is where your problem is. ldap is not winbindd. It looks like PAM on your version of HP-UX does not handle arbritrary NSS shared library stuff. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Limitations of Samba-2.2.x as a domain member talking to an ADdomain controller
On Sat, 25 Jan 2003, Tim Potter wrote: On Fri, Jan 24, 2003 at 09:02:41AM -0500, Damian, G. C. (Gerald) wrote: [...] Is the any way for our pre 3.0 Samba servers to participate in AD and how do you set it up? Tridge has written a HOWTO which should be up to date with the latest Samba code. Look at the file ADS-HOWTO.txt in the Samba distribution. Hmmm, that is not how I interpreted that question. For me, the phrase 'pre 3.0 Samba' suggested Samba 2.2.x. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: linking smbclient commands with libsmb?
On Thu, 23 Jan 2003, Herb Lewis wrote: I did a quick check on the SAMBA_2_2 tree and got the following size differences when they were linked against libsmbclient instead of the normal linking. I've attached the patch to Makefile.in I used. Before running any of the commands you need to make sure you copy libsmbclient.so to your library path and create a link to libsmbclient.so.0 While there are size reductions, in my view, this is not the cleanest way to do this. We should think carefully about this. What is happening is the libsmbclient.so is pulling in many of the things that are needed by all these other commands, so linking against it ignores the libsmbclient entry points, but it does save space etc. A cleaner approach would be to create a smaller base library, and then link that dynamically to both libsmbclient and to other things in Samba. filesize w/ libsmborig size% orig size make_printerdef23,404 546,980 4.3 make_smbcodepage 23,060 546,592 4.2 make_unicodemap22,844 546,376 4.2 nmbd 219,824 982,588 22.4 nmblookup 23,240 802,388 2.9 rpcclient 716,9641,479,716 48.5 smbcacls 686,6121,445,176 47.5 smbclient 117,848 880,508 13.4 smbcontrol 66,644 589,980 11.3 smbd1,698,2162,411,664 70.4 smbfilter 22,648 797,856 2.8 smbpasswd 644,5521,403,212 45.9 smbsh 23,164 546,636 4.2 smbspool 22,648 801,996 2.8 smbstatus 70,736 594,068 11.9 smbtorture114,560 877,160 13.1 swat 671,8921,434,552 46.8 testparm 22,644 546,224 4.1 testprns 42,460 565,828 7.3 wbinfo 68,040 591,360 11.5 winbindd1,057,9681,564,856 67.6 -- Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com Index: Makefile.in === RCS file: /data/cvs/samba/source/Makefile.in,v retrieving revision 1.227.2.151 diff -u -r1.227.2.151 Makefile.in --- Makefile.in 6 Jan 2003 17:59:55 - 1.227.2.151 +++ Makefile.in 23 Jan 2003 16:36:35 - @@ -209,9 +209,9 @@ MSDFS_OBJ = msdfs/msdfs.o -SMBD_OBJ = $(SMBD_OBJ1) $(MSDFS_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \ +SMBD_OBJ = $(SMBD_OBJ1) $(MSDFS_OBJ) \ $(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) $(RPC_CLIENT_OBJ) \ - $(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) \ + $(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) \ $(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) $(NOTIFY_OBJ) @@ -228,45 +228,33 @@ nmbd/nmbd_subnetdb.o nmbd/nmbd_winsproxy.o nmbd/nmbd_winsserver.o \ nmbd/nmbd_workgroupdb.o nmbd/nmbd_synclists.o -NMBD_OBJ = $(NMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \ - $(PROFILE_OBJ) $(LIB_OBJ) +NMBD_OBJ = $(NMBD_OBJ1) $(PROFILE_OBJ) SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ - web/swat.o $(PRINTING_OBJ) $(LIBSMB_OBJ) $(LOCKING_OBJ) \ - $(PARAM_OBJ) $(PASSDB_OBJ) $(RPC_PARSE_OBJ) \ - $(UBIQX_OBJ) $(LIB_OBJ) + web/swat.o $(PRINTING_OBJ) $(LOCKING_OBJ) \ + $(PASSDB_OBJ) $(RPC_PARSE_OBJ) -SMBSH_OBJ = smbwrapper/smbsh.o smbwrapper/shared.o \ -$(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) +SMBSH_OBJ = smbwrapper/smbsh.o smbwrapper/shared.o -MAKE_SMBCODEPAGE_OBJ = utils/make_smbcodepage.o $(PARAM_OBJ) \ - $(UBIQX_OBJ) $(LIB_OBJ) +MAKE_SMBCODEPAGE_OBJ = utils/make_smbcodepage.o -MAKE_UNICODEMAP_OBJ = utils/make_unicodemap.o $(PARAM_OBJ) \ - $(UBIQX_OBJ) $(LIB_OBJ) +MAKE_UNICODEMAP_OBJ = utils/make_unicodemap.o -MAKE_PRINTERDEF_OBJ = utils/make_printerdef.o $(PARAM_OBJ) \ - $(UBIQX_OBJ) $(LIB_OBJ) +MAKE_PRINTERDEF_OBJ = utils/make_printerdef.o -STATUS_OBJ = utils/status.o $(LOCKING_OBJ) $(PARAM_OBJ) \ - $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) +STATUS_OBJ = utils/status.o $(LOCKING_OBJ) $(PROFILE_OBJ) -SMBCONTROL_OBJ = utils/smbcontrol.o $(LOCKING_OBJ) $(PARAM_OBJ) \ - $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) +SMBCONTROL_OBJ = utils/smbcontrol.o $(LOCKING_OBJ) $(PROFILE_OBJ) -TESTPARM_OBJ = utils/testparm.o \ - $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) +TESTPARM_OBJ = utils/testparm.o -TESTPRNS_OBJ = utils/testprns.o $(PARAM_OBJ) $(PRINTING_OBJ) $(UBIQX_OBJ
Limitations of Samba-2.2.x as a domain member talking to an AD domaincontroller
Hi, Can anyone point me at documentation on the limitations of a downlevel server being a member server in an AD network? The specific case I am thinking of is a Samba-2.2.x-based server. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Consequences of refusing to mangle names
Hi, Has anyone tried this or does anyone have any opinions on what would happen if we refuse to provide mangled names in the responses to a find-first or find-next? It seems that if we set the Short File Name Len to 0 in responses, that might work. I wonder which apps will break in that case? The reason for wanting to do this is performance related :-) Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: [PATCH] wildcard usage in automount map
On Tue, 21 Jan 2003, Andrew Bird (Sphere Systems) wrote: Hi all I have been following samba-technical for a couple of years now. I have seen in the past, intense debate over whether patches should / or not be included. I am quite surprised that my first code patch to the list has been met with indifference. I provoke neither approval nor disapproval. Guess you're all too busy coding. Sigh. Sometimes things get dropped. Can you resend it. Was it against Samba 2.2.x? That branch is now not receiving any attention. If it was against 2.2.x, could you port the patch to the Head branch? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: 3.0alpha21 performance degraded comparing to 2.2.5
On Wed, 15 Jan 2003, Chere Zhou wrote: I tested using the same hardware for windows client and the server, same setup and configuration. Network bandwidth was gigabits. I built both 2.2.5 and 3.0alpha21 from source. Here are my numbers for a single windows 2000 client, single samba server test. For reads, 2.2.5 gets 120 Mbps, while 3.0a21 gets only 80Mbps, which is a 33% decrease. Writing to samba, 3.0a21 gets a 15% decrease over 2.2.5. Samba performance is very important to us here. So please help me to make it better. Anybody know tricks to make samba 3.0alpha21 faster? Hmmm, I think we are going to need a little more info. 1. What were you using to test? 2. Is the problem a server-only problem, or is it in the combination? That is, if you use smbclient to push or pull files to/from Samba servers of the same versions as above, do you get the same results? 3. It might be good to see some network traces. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: libsmbclient example compilation problems
On Mon, 13 Jan 2003, Tuomas Niinimäki wrote: Hello, I'm experiencing problems with compiling the libsmbclient examples (as well as my own libsmbclient test programs). It seems like there are some problems with the include files, as I get following errors: gcc -I../../source/include -c -o testsmbc.o testsmbc.c In file included from testsmbc.c:30: ../../source/include/libsmbclient.h:199: field `cli' has incomplete type ../../source/include/libsmbclient.h:201: parse error before `BOOL' (and about 500 lines more :) Which version of Samba are you using? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: libsmbclient example compilation problems
On Mon, 13 Jan 2003, Tuomas Niinimäki wrote: On Mon, 2003-01-13 at 21:01, Richard Sharpe wrote: Which version of Samba are you using? Hmm, version seems to be samba-2.999+3.0.alpha21, actually this is source package from unstable debian. Perhaps I should try something earlier and more stable :) OK, so it is the Samba 3.0 stuff that Vorlon got into Debian. I thought that we fixed that. Let me look into it some more. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: libsmbclient example compilation problems
On Mon, 13 Jan 2003, Tuomas Niinimäki wrote: On Mon, 2003-01-13 at 21:01, Richard Sharpe wrote: Which version of Samba are you using? Hmm, version seems to be samba-2.999+3.0.alpha21, actually this is source package from unstable debian. Perhaps I should try something earlier and more stable :) OK, I see the problems. Samba 3.0.x is not in sync with Samba head. Try pulling samba-head, and in the mean time, I will do my janitorial duties. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: fixing redundant network opens on Linux file creation
On Mon, 6 Jan 2003, Steven French wrote: The creat() system call results (for the Linux kernel) in calls to create (via vfs_create) then later a call to open (via dentry_open) both of which eventually end up (for the cifs vfs) doing a network open of the file from the perspective of the CIFS protocol which degrades performance (because every creat does one additional open close than ideal).In the cifs protocol file creation is handled as a flag on the open request so create has a sideeffect of opening the file. Unfortunately since mknod can call vfs_create (presumably without immediately afterwards calling open), it seems like a vfs can't assume that all creates are necessarily going to be immediately followed by a file open (server file handle leaks would be possible if such an assumption were made).smbfs in effect ignores the subsequent open and the nfs vfs doesn't have this problem because it doesn't send a remote open request in nfs_open (since v2 and v3 nfs doesn't really need an open file handle for file based operations like smb/cifs does). To improve creat() performance for cifs (without changing namei.c itself) it seems like there are only two obvious alternatives: Isn't creat() a legacy call? I have never used it, and use open(..., O_CREAT,...) instead. Isn't this just a cost of using legacy calls? Why complicate things overly for a call that might not be used all that much? 1) Have the cifs vfs ignore subsequent opens of the same file (never have more than one open per inode - ala smbfs) - which has the disadvantage of making the open flags (and pid) incorrect for subsequent opens and would cause server problems with handling byte range locks and potentially causes problems with other clients accessing a file that was just created via mknod and therefore should not be considered open anymore. 2) Have the cifs vfs do lazy close of files - perhaps using the original opbatch distributing caching mechanism in the smb/cifs protocol (which cached opens for optimal performance running batch files on network drives) for distributed cache management (so the client will not cause sharing violations if other clients try to access the same file). I prefer the latter but am working on proving that it works now. Any other approaches? Steve French Senior Software Engineer Linux Technology Center - IBM Austin phone: 512-838-2294 email: [EMAIL PROTECTED] -- Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: fixing redundant network opens on Linux file creation
On Mon, 6 Jan 2003, Steven French wrote: On Mon, Jan 06, 2003 at 10:14:10AM -0800, Richard Sharpe wrote: Isn't creat() a legacy call? I have never used it, and use open(..., O_CREAT,...) instead. Isn't this just a cost of using legacy calls? Why complicate things overly for a call that might not be used all that much? As Jan indicated, it looks like creat(filename,mode) and open(filename, O_CREAT | O_TRUNC, mode) follow similar paths in the Linux kernel and both have the potential redundant network file open problem. In addition the Connectathon nfs (posix file API compliance) tests do issue the creat() call (a lot) so it is hard to avoid whether even if some considered it legacy baggage.Although it would make sense intuitively that passing O_CREAT on the open system call would (only) invoke the vfs open call (with the O_CREAT) flag - it first seems to call the vfs create call (and then invoke open later with the O_CREAT flag set) and the obvious idea of simply having some network filesystems simply not exporting a create vfs entry point would result in EACCES being returned (rather than the vfs invoking the filesystem's open routine specifying the O_CREAT flag as one might expect). Uggh. I too am intrigued about the idea of a lookup intent change and better optimizing the namei.c/open.c file creation code path for this common case but I didn't see a quick, low risk (for 2.5 kernel) change that would help network filesystems so am toying with opbatch/lazy close ideas. FreeBSD has an intent 'flag' on the name cache routines, and I think this intent is passed to the VOP (VFS VNODE) calls as well, so that a network file system can do the right things ... I will have to look. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: fixing redundant network opens on Linux file creation
On Mon, 6 Jan 2003, Steven French wrote: On Mon, Jan 06, 2003 at 10:14:10AM -0800, Richard Sharpe wrote: Isn't creat() a legacy call? I have never used it, and use open(..., O_CREAT,...) instead. Isn't this just a cost of using legacy calls? Why complicate things overly for a call that might not be used all that much? As Jan indicated, it looks like creat(filename,mode) and open(filename, O_CREAT | O_TRUNC, mode) follow similar paths in the Linux kernel and both have the potential redundant network file open problem. In addition the Connectathon nfs (posix file API compliance) tests do issue the creat() call (a lot) so it is hard to avoid whether even if some considered it legacy baggage.Although it would make sense intuitively that passing O_CREAT on the open system call would (only) invoke the vfs open call (with the O_CREAT) flag - it first seems to call the vfs create call (and then invoke open later with the O_CREAT flag set) and the obvious idea of simply having some network filesystems simply not exporting a create vfs entry point would result in EACCES being returned (rather than the vfs invoking the filesystem's open routine specifying the O_CREAT flag as one might expect). Uggh. While the connectathon one does that, SPECsfs does not, and we look like doing something similar to the SPECsfs stuff for CIFS. Secondly, someone might do a create just to create a file and not access it. You can't cache that info across syscalls. Also, that is kinda what andXs are for. You could turn the CREAT into an OpenAndX with an immediate close :-) At least it saves you one round trip, but of course, you might already be doing that. The place where an intent flag can save you is with an open that passes O_CREAT. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com