-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, 20 December 2002 4:00 AM
To: [EMAIL PROTECTED]
Subject: samba-technical digest, Vol 1 #2208 - 6 msgs
Send samba-technical mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.samba.org/mailman/listinfo/samba-technical
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of samba-technical digest..."
Today's Topics:
1. Another Bug and Temporary Fix (LDAP Trust Account) (Matt Roberts)
2. Unable to lookup names to display / .NET client problem (Myo M Thein)
3. RE: Kerberized SMB client? User level SMB client? (Urban Widmark)
4. Samba-3.0.0aplha builds on SuSE Linux (John H Terpstra)
5. Re: Prevent winbind idmap corruption (Michael Steffens)
6. RE: Samba CPU Usage with large directories ... (Green, Paul)
--__--__--
Message: 1
Date: Wed, 18 Dec 2002 11:05:31 -0600 (CST)
From: Matt Roberts <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Another Bug and Temporary Fix (LDAP Trust Account)
Developers,
I hope I am not giving you another item that is already resolved in CVS
somewhere (my CVS skills are rusty), but here is what I have found with
respect to a trust relationship using an LDAP backend with 3.0a21.
I have this:
1. NT Domain: NTDOMAIN
2. Samba Domain: SMBDOMAIN
I want my NT domain to trust my SAMBA domain. So I create the user account
(posixAccount objectClass only) for my NT domain in the LDAP directory:
dn: uid=NTDOMAIN$, dc=example, dc=org
objectclass: top
objectclass: posixAccount
uid: NTDOMAIN$
uidNumber: ...
gidNumber: ...
and so on. I tell Samba to setup this as a new trust:
net rpc trustdom add COMMUNICATION -U Administrator
Which succeeds and updates the above LDIF with the usual sambaAccount
attributes, including this one:
acctFlags: [I ]
I tell Samba to set the initial password for this account:
$ smbpasswd NTDOMAIN$
New Password: ...
Which also succeeds. Then I go to my NT domain controller, fire up User
Manager, and tell it to trust my SMBDOMAIN system, which appears to succeed
but gives me a warning about verification of the trust failing.
But the trust doesn't work just yet. If I look at my LDIF again at this
point, I see that 'acctFlags' has been changed to:
acctFlags: [U ]
So I go in with my favorite tool and change it back to:
acctFlags: [I ]
And now my trust works. But I had to make that last manual change to the
LDAP entry for NTDOMAIN$ to make the trust actually function.
Did I do something wrong in my setup, or should the 'smbd' that received the
trust request from my NT PDC have not changed that flag from 'I' to 'U'?
Thanks again,
Matt
--__--__--
Message: 2
Date: Wed, 18 Dec 2002 14:17:26 -0500 (EST)
From: Myo M Thein <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Unable to lookup names to display / .NET client problem
Hi,
I am running samba 2.2.7 on FreeBSD 4.7 as PDC with LDAP database backend.
I have serveral Windows XP Pro client. Eveything fine about joining the
domain ( after change the reg key ), logging in. But when I run, .NET
application on the client, it says user need to be in Debugger User Group
on local machine. Is there any way to make it work ?? My workaround is
trying to change permission on some folders, assuming that if i add Domain
User as full permission, it might solve. But when I add the permission,
it give me the error "Unable to lookup user names for display" and I
cann't add the group. But I still can add individual user. I need to add
the group since i have thousand of users and I cannot add all.
I searched around the mailing list and the unable to lookup names problem
is said to be fixed in ver 2.2.3. But why am i haveing problem ?? Am I
doing something wrong ??
Here is my snipplet from my smb.conf file.
ldap admin dn = "cn=root,dc=cs,dc=mydomain,dc=com"
ldap server = directory.cs.mydomain.com
ldap suffix = "ou=People,dc=cs,dc=mydomain,dc=com"
ldap port = 389
ldap ssl = start tls
##
## Passwords & Authentication
##
security = user
encrypt passwords = yes
domain logons = yes
domain admin group = @smbadmin
domain guest group = @smbguest
wins support = yes
Pls help !!!!
Thanks in advance.
Myo
--__--__--
Message: 3
Date: Wed, 18 Dec 2002 21:58:23 +0100 (CET)
From: Urban Widmark <[EMAIL PROTECTED]>
To: Naomaru Itoi <[EMAIL PROTECTED]>
Cc: 'Steve Langasek' <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>
Subject: RE: Kerberized SMB client? User level SMB client?
On Mon, 16 Dec 2002, Naomaru Itoi wrote:
> Thanks, Steve,
>
> I was actually asking about SMB/CIFS client *filesystem*. Excuse me for
> being unclear ...
smbfs (not userspace) works just fine (*) with kerberos.
All kerberos work is done by smbmount (userspace) and that code is the
same as the one used by smbclient. The filesystem parts doesn't care about
kerberos when it is only used for authentication.
smbfs signals back to smbmount if it wants it to reconnect. But perhaps
you wanted more than authentication.
/Urban
* - Well, it needs some changes to use ntstatus error codes, but that has
nothing to do with kerberos.
--__--__--
Message: 4
Date: Wed, 18 Dec 2002 22:11:53 +0000 (GMT)
From: John H Terpstra <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Samba-3.0.0aplha builds on SuSE Linux
Hi,
Would anyone who is building samba-3.0.0alphas on SuSE 8.1 please drop me
a line on <[EMAIL PROTECTED]>.
I'd like to know what options you are passing to configure.
Thanks.
- John T.
--
John H Terpstra
Email: [EMAIL PROTECTED]
--__--__--
Message: 5
Date: Thu, 19 Dec 2002 13:37:23 +0100
From: Michael Steffens <[EMAIL PROTECTED]>
To: Michael Steffens <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: Prevent winbind idmap corruption
This is a multi-part message in MIME format.
--------------020906010107000205070507
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Ooops, bug in patch: Duplicate deletion of mapping on
rollback. Corrected version is attached. Sorry!
Michael
--------------020906010107000205070507
Content-Type: text/plain;
name="winbindd_idmap.c-patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="winbindd_idmap.c-patch"
Index: nsswitch/winbindd_idmap.c
===================================================================
RCS file: /cvsroot/samba/source/nsswitch/winbindd_idmap.c,v
retrieving revision 1.3.4.13
diff -u -r1.3.4.13 winbindd_idmap.c
--- nsswitch/winbindd_idmap.c 27 Apr 2002 03:04:08 -0000 1.3.4.13
+++ nsswitch/winbindd_idmap.c 19 Dec 2002 12:32:25 -0000
@@ -44,6 +44,8 @@
if ((hwm = tdb_fetch_int32(idmap_tdb,
isgroup ? HWM_GROUP : HWM_USER)) == -1) {
+ DEBUG(0, ("Failed to fetch %s : %s\n", isgroup ? HWM_GROUP :
HWM_USER,
+ tdb_errorstr(idmap_tdb)));
return False;
}
@@ -63,7 +65,45 @@
/* Store new high water mark */
- tdb_store_int32(idmap_tdb, isgroup ? HWM_GROUP : HWM_USER, hwm);
+ if (tdb_store_int32(idmap_tdb, isgroup ? HWM_GROUP : HWM_USER, hwm)) {
+ DEBUG(0, ("Failed to store %s %d : %s\n", isgroup ? HWM_GROUP :
HWM_USER,
+ hwm, tdb_errorstr(idmap_tdb)));
+ return False;
+ }
+
+ return True;
+}
+
+/* Deallocate either a user or group id, used for failure rollback */
+
+static BOOL deallocate_id(uid_t id, BOOL isgroup)
+{
+ int hwm;
+
+ /* Get current high water mark */
+
+ if ((hwm = tdb_fetch_int32(idmap_tdb,
+ isgroup ? HWM_GROUP : HWM_USER)) == -1) {
+ DEBUG(0, ("Failed to fetch %s : %s\n", isgroup ? HWM_GROUP :
HWM_USER,
+ tdb_errorstr(idmap_tdb)));
+ return False;
+ }
+
+ if (hwm != id + 1) {
+ /* Should actually never happen, internal redundancy... */
+ DEBUG(0, ("winbind %s mismatch on deallocation!\n", isgroup ?
HWM_GROUP : HWM_USER));
+ return False;
+ }
+
+ hwm--;
+
+ /* Store new high water mark */
+
+ if (tdb_store_int32(idmap_tdb, isgroup ? HWM_GROUP : HWM_USER, hwm)) {
+ DEBUG(0, ("Failed to store %s %d : %s\n", isgroup ? HWM_GROUP :
HWM_USER,
+ hwm, tdb_errorstr(idmap_tdb)));
+ return False;
+ }
return True;
}
@@ -109,16 +149,36 @@
fstring keystr2;
/* Store new id */
-
+
slprintf(keystr2, sizeof(keystr2), "%s %d", isgroup ? "GID" :
"UID", *id);
data.dptr = keystr2;
data.dsize = strlen(keystr2) + 1;
- tdb_store(idmap_tdb, key, data, TDB_REPLACE);
- tdb_store(idmap_tdb, data, key, TDB_REPLACE);
+ /* If any of the following actions fails try to
+ revert modifications successfully made so far. */
result = True;
+
+ if (result && tdb_store(idmap_tdb, key, data, TDB_REPLACE)) {
+ DEBUG(0, ("Failed to store id mapping %s:%s : %s\n",
+ key.dptr, data.dptr, tdb_errorstr(idmap_tdb)));
+
+ if (!deallocate_id(*id, isgroup))
+ DEBUG(0, ("Failed to rollback id mapping\n"));
+
+ result = False;
+ }
+
+ if (result && tdb_store(idmap_tdb, data, key, TDB_REPLACE)) {
+ DEBUG(0, ("Failed to store reverse id mapping %s:%s :
%s\n",
+ data.dptr, key.dptr, tdb_errorstr(idmap_tdb)));
+
+ if (!deallocate_id(*id, isgroup) || tdb_delete(idmap_tdb,
key))
+ DEBUG(0, ("Failed to rollback id mapping\n"));
+
+ result = False;
+ }
}
}
--------------020906010107000205070507--
--__--__--
Message: 6
From: "Green, Paul" <[EMAIL PROTECTED]>
To: "'Scott Taylor'" <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
Subject: RE: Samba CPU Usage with large directories ...
Date: Thu, 19 Dec 2002 10:03:16 -0500
Scott Taylor [mailto:[EMAIL PROTECTED]] wrote:
> We have a samba server running version 2.2.5 on kernel 2.4.18 with the SGI
XFS patch.
> The shared volume consists of an XFS partition on a 3-ware raid5
controller. The
> network connection is via a 4 port bonded pipe to the switch.
> We notice that the samba CPU usage during write operations increases
dramatically
> once a directory contains more than a certian number of files - thought to
be
> somewhere around the 1500 to 2000 mark.
> We have tried allowing samba more memory, which did not seem to help - and
have
> had little or no success finding any information on the web, hence this
post.
My guess (and that's all it is) is that this is an operating system issue. I
presume you are using Linux 2.4.18 although you didn't say. Try writing a
small C benchmark program that just does straight fopen/fread/frwrite/fclose
operations, and time them, and see how you fare. I'll bet you find that the
system calls (esp. the open call) take a lot longer on the big directories.
Make sure your benchmark program uses the same file naming conventions as
your real code, in case the problem has something to do with the efficiency
of hashing or searching the specific names.
PG
--
Paul Green, Senior Technical Consultant, Stratus Technologies.
Day: +1 978-461-7557; FAX: +1 978-461-3610
Speaking from Stratus not for Stratus
--__--__--
_______________________________________________
samba-technical mailing list
[EMAIL PROTECTED]
http://lists.samba.org/mailman/listinfo/samba-technical
End of samba-technical Digest
