[Samba] 3.0.22 becomes non-responsive
We have a samba 3.0.22 server which acts as file storage for our mail system (Mercury/32 & Pegasus Mail), serving about 600 users, with a typical load of 150 concurrent users. We have been seeing an increase in stability problems such as: 1. shared win32 executable files become "locked" to the point where the win2k client reports the file is corrupt, or access is denied. Clients have read-only access to the share where the files reside 2. a client cannot browse shares on the server from a win2k client, or the browsing is extremely slow 3. in one instance today, while browsing a share, the client was presented with the contents of a *different* share. Investigating cases #2 and #3 usually shows that clients having connection problems have excessive numbers of smbd processes running for them, up to 10. In some cases, killing processes for the affected stations will resolve the problems, and even free up the "broken" executables in #1. However, once a week or so, we have to resort to restarting the samba processes entirely, as the problem processes don't respond to a kill. When things are running smoothly, the server sees about 20-30% CPU usage by the smbd processes (total), and a load average of 0.5 to 1 System has 512Mb RAM, and doesn't appear to be running out - swap is not used significantly. Redhat 8.0XFS installer version, kernel 2.4.18-18 from SGI. I am seeing some 'kernel: lease timed out' messages, but they don't seem to coincide with the problems we are seeing - two of them yesterday in the log, but we've have far more than two issues with samba in the past 24 hours. Below is the smb.conf Thanks for any assistance. ps: This machine is slated for replacement, with a new server already running, but we have no time to do the swap right now, so hope to stabilize samba for a few more weeks. [global] smb ports = 139 winbind separator =+ winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes template shell = /bin/false create mask = 0700 directory mask = 0700 workgroup = SHAWNIGAN server string = PMAIL Server hosts allow = 10. 127. 72.2.0. security = domain password server = * socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=16384 SO_SNDBUF=16384 write raw = yes read raw = yes max xmit = 65535 dead time = 15 getwd cache = yes dns proxy = no unix password sync = no encrypt passwords = yes map to guest = never password level = 0 null passwords = no allow hosts = 10. 72.2.0. os level = 0 preferred master = no domain master = no wins support = no wins server = 72.2.0.5 dead time = 0 debug level = 1 log level = 1 [sysroot] comment = sysroot valid users = @"shawnigan+domain admins" admin users = @"shawnigan+domain admins" writeable = yes path = / hosts allow =10.4. 72.2.0. inherit permissions = yes ea support = yes inherit acls = yes [home] comment = Student Homes browseable = yes writable = yes available = yes public = no path=/home valid users = @"shawnigan+domain admins" admin users = @"shawnigan+domain admins" inherit permissions = yes ea support = yes inherit acls = yes inherit owner = yes [data] comment = Data Volume browseable = yes writable = yes available = yes public = no path=/data admin users = @"shawnigan+domain admins" inherit permissions = yes ea support = yes inherit acls = yes [pmail] comment = Mail Storage browseable = yes writable = yes available = yes public = no path=/pmail admin users = @"shawnigan+domain admins" inherit permissions = yes ea support = yes inherit acls = yes oplocks = no level2 oplocks = no [pmailapp] comment = Pegasus Mail browseable = yes writable = no available = yes public = no path=/pmail/app admin users = @"shawnigan+domain admins" [pubapps] comment = Public Applications browseable = yes writable = yes available = yes public = no path=/data/pubapps admin users = @"shawnigan+domain admins" inherit permissions = yes ea support = yes inherit acls = yes hosts allow = 10.1. 10.2.210. 10.3. 10.4. oplocks = no level2 oplocks = no [tftpboot] comment = tftpboot browseable = no writable = yes available = yes public = no path=/home/tftpboot valid users = @"shawnigan+domain admins","shawnigan+apache-internal" admin users = @"shawnigan+domain admins" inherit permissions = yes ea support = yes inherit acls = yes -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Permissions not recursive on win2K?
On 20 Sep 2005 at 16:15, Shawn Wright wrote: > On 20 Sep 2005 at 17:02, Larry McElderry wrote: > > > There are probably other (better) methods, but one is: > > > > Pick a file on the file system in question and try the command > > attr -g aa FileName > > > > If EA's are support you'll get a message saying "No data found" (unless you > > actually have an attribute named aa), otherwise it will > > report "Operation not supported". > > > > You could also try xfsdump. For further reading: man -k xattr > > > > For samba to use them I believe you also have to have "ea support = Yes" in > > your smb.conf. > > I have confirmed EA support in the FS, and presumably the kernel, since I > get this when setting and getting an attr: > > [EMAIL PROTECTED] console]# attr -s test -V blah samba-3.0.14a.tar.gz > Attribute "test" set to a 4 byte value for samba-3.0.14a.tar.gz: > blah > [EMAIL PROTECTED] console]# attr -g test samba-3.0.14a.tar.gz > Attribute "test" had a 4 byte value for samba-3.0.14a.tar.gz: > blah > > I have added 'ea support=yes' to smb.conf, restarted samba, but still no > luck on either a Redhat SGI/XFS 7.2 system, or a Mandrake 10.1 XFS > system. The samba docs refer to a 'user_xattr' mount option, which > doesn't exist for XFS, but EAs are working with 'attr'. > > Can I narrow down the smb log searching with a specific debug class? I believe this problem has been tracked down to my using "inherit permissions" and "inherit ACLS" in a global setting, rather than a share setting where they are intended to be. After moving them to a share setting, things seem to be working as expected. Thanks. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Name mangling problem
We have a few applications which are still 16bit (running on Win2k clients), and since moving some user data from NT4 to Samba, users have encountered the unpredictable filename mangling issue, where "New Folder" appears as " NUJRHW~7". Users use 8.3 filenames when working in these programs, but often have folders with long filenames that are now unrecognizable. Is there any workaround for this, aside from renaming all the folders? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Permissions not recursive on win2K?
On 20 Sep 2005 at 16:15, Shawn Wright wrote: > On 20 Sep 2005 at 17:02, Larry McElderry wrote: > > > There are probably other (better) methods, but one is: > > > > Pick a file on the file system in question and try the command > > attr -g aa FileName > > > > If EA's are support you'll get a message saying "No data found" (unless you > > actually have an attribute named aa), otherwise it will > > report "Operation not supported". > > > > You could also try xfsdump. For further reading: man -k xattr > > > > For samba to use them I believe you also have to have "ea support = Yes" in > > your smb.conf. > > I have confirmed EA support in the FS, and presumably the kernel, since I > get this when setting and getting an attr: > > [EMAIL PROTECTED] console]# attr -s test -V blah samba-3.0.14a.tar.gz > Attribute "test" set to a 4 byte value for samba-3.0.14a.tar.gz: > blah > [EMAIL PROTECTED] console]# attr -g test samba-3.0.14a.tar.gz > Attribute "test" had a 4 byte value for samba-3.0.14a.tar.gz: > blah > > I have added 'ea support=yes' to smb.conf, restarted samba, but still no > luck on either a Redhat SGI/XFS 7.2 system, or a Mandrake 10.1 XFS > system. The samba docs refer to a 'user_xattr' mount option, which > doesn't exist for XFS, but EAs are working with 'attr'. > > Can I narrow down the smb log searching with a specific debug class? I have done some testing with an offline server with log level = 10 and cannot see anything related to EAs or ACLs in the log. Any hints as to what I should be watching for? Thanks. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Permissions not recursive on win2K?
On 20 Sep 2005 at 17:02, Larry McElderry wrote: > There are probably other (better) methods, but one is: > > Pick a file on the file system in question and try the command > attr -g aa FileName > > If EA's are support you'll get a message saying "No data found" (unless you > actually have an attribute named aa), otherwise it will > report "Operation not supported". > > You could also try xfsdump. For further reading: man -k xattr > > For samba to use them I believe you also have to have "ea support = Yes" in > your smb.conf. I have confirmed EA support in the FS, and presumably the kernel, since I get this when setting and getting an attr: [EMAIL PROTECTED] console]# attr -s test -V blah samba-3.0.14a.tar.gz Attribute "test" set to a 4 byte value for samba-3.0.14a.tar.gz: blah [EMAIL PROTECTED] console]# attr -g test samba-3.0.14a.tar.gz Attribute "test" had a 4 byte value for samba-3.0.14a.tar.gz: blah I have added 'ea support=yes' to smb.conf, restarted samba, but still no luck on either a Redhat SGI/XFS 7.2 system, or a Mandrake 10.1 XFS system. The samba docs refer to a 'user_xattr' mount option, which doesn't exist for XFS, but EAs are working with 'attr'. Can I narrow down the smb log searching with a specific debug class? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permissions not recursive on win2K?
On 19 Sep 2005 at 12:02, Jeremy Allison wrote: > On Mon, Sep 19, 2005 at 11:32:22AM -0700, Shawn Wright wrote: > > Sorry for the report, but I got exactly zero replies, so I will try again: > > > > I am now running 3.0.14a, but the permissions recursion problem still > > exists. Each time I apply permissions to a tree using the Win2K GUI, the > > addition or removal of an> > n other words, if the tree is 4 levels deep, > > it will take 3 passes of the > > operation before the ACL change appears in the 4th level. This long > > standing problem is seriously limiting our migration to samba. Can > > someone please tell me if this has been fixed in 3.0.20? > > > > I have offered configs, debug, etc. and the offer still stands. I just want > > to > > see this problem fixed, and can't believe it is not affecting more users. > > > > For the record, here is the environment: > > Mandrake 10.1 with ACL support on XFS > > The share used for testing the issue is the "home" share. > > PDC is running NT4 SP6a > > Client used for setting ACLs running Win2K SP4, tested using GUI, cacls, > > and xcacls. > > Do you know if it's allowing EA's to be set on the filesystem ? > The inheritance code uses EA's. Ok, I've tried to find more info on this, but cannot find any specific resources for determing if I am supporting EAs correctly. Is there something specific I can look for in samba error logs at a certain debug level? I have this issue on two production servers running Mandrake 10.1 with XFS, so if I had an idea what to look for in the logs, it would be helpful. Thanks. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permissions not recursive on win2K?
On 19 Sep 2005 at 12:02, Jeremy Allison wrote: > On Mon, Sep 19, 2005 at 11:32:22AM -0700, Shawn Wright wrote: > > Sorry for the report, but I got exactly zero replies, so I will try again: > > > > I am now running 3.0.14a, but the permissions recursion problem still > > exists. Each time I apply permissions to a tree using the Win2K GUI, the > > addition or removal of an> > n other words, if the tree is 4 levels deep, > > it will take 3 passes of the > > operation before the ACL change appears in the 4th level. This long > > standing problem is seriously limiting our migration to samba. Can > > someone please tell me if this has been fixed in 3.0.20? > > > > I have offered configs, debug, etc. and the offer still stands. I just want > > to > > see this problem fixed, and can't believe it is not affecting more users. > > > > For the record, here is the environment: > > Mandrake 10.1 with ACL support on XFS > > The share used for testing the issue is the "home" share. > > PDC is running NT4 SP6a > > Client used for setting ACLs running Win2K SP4, tested using GUI, cacls, > > and xcacls. > > Do you know if it's allowing EA's to be set on the filesystem ? > The inheritance code uses EA's. Sorry for my ignorance, but how would I check this? Thanks. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Permissions not recursive on win2K?
Sorry for the report, but I got exactly zero replies, so I will try again:
Way back on Mar 10 2004, I wrote this:
>
> ==
> Perhaps this is a known problem, and if so, hopefully it is fixed
> in 3.x:
>
> Win2K SP4 clients, Samba 2.2.8a servers on Linux using ACL
> support with
> XFS filesystem (Redhat SGI-XFS build, and Mandrake 9.2).
>
> Adding/editing an ACL for an NT domain group (or user) to a
> folder on samba, and
> attempting to apply permissions to all subdirs and files only
> goes one
> level deep when using the win2k standard gui tool. ie: Only
> ACLS for the
> selected folder and files in top level are touched. Problem does
> not occur
> when using an NT4 client. Interestingly, using the NT4 security
> dialog on
> win2k (by way of the RSHXMENU powertoy for NT) works fine
> on win2K.
>
> Is this a known issue? I can provide conf and debug output if
> necessary,
> but I assumed someone else must have seen this already (and
> fixed it? :-)
> ==
>
> Then, I got this reply:
>
> >On 24 Mar 2004 at 9:13, Gerald (Jerry) Carter wrote:
> >
> > Yup. It is fixed in 3.0 what what I remember. Jeremy worked
> on it.
>
> Eventually I got around to upgrading the affected servers to
> 3.0.11, but the problem persists, and I didn't have time to dig
> into it. Now I need to replace two samba servers, and would
> like to resolve this issue. I've now read the release notes from
> 3.0.12 to 3.0.20RC2 and couldn't find mention of a fix.
I am now running 3.0.14a, but the permissions recursion problem still exists.
Each time I apply permissions to a tree using the Win2K GUI, the addition or
removal of an ACL will move exactly one level deeper than before. I
n other words, if the tree is 4 levels deep, it will take 3 passes of the
operation before the ACL change appears in the 4th level. This long
standing problem is seriously limiting our migration to samba. Can
someone please tell me if this has been fixed in 3.0.20?
I have offered configs, debug, etc. and the offer still stands. I just want to
see this problem fixed, and can't believe it is not affecting more users.
For the record, here is the environment:
Mandrake 10.1 with ACL support on XFS
The share used for testing the issue is the "home" share.
PDC is running NT4 SP6a
Client used for setting ACLs running Win2K SP4, tested using GUI, cacls,
and xcacls.
Build options:
./configure --with-winbind --with-acl-support --with-quotas --
sbindir=/usr/sbin --bindir=/usr/bin --localstatedir=/var/log/samba --with-
swatdir=/usr/share/swat --with-lockdir=/var/cache/samba --with-
configdir=/etc/samba --with-piddir=/var/run
conf file:
[global]
workgroup = SHAWNIGAN
netbios name = ADMIN3
server string = ADMIN3 Server
winbind uid = 1-2
winbind enum users = yes
winbind gid = 1-2
winbind separator = +
winbind enum groups = yes
disable spoolss = yes
unix password sync = no
max xmit = 65535
hosts allow = 10. 72.2.0.
dns proxy = no
oplocks = yes
inherit permissions = yes
debug level = 1
security = domain
getwd cache = yes
log level = 3
read raw = yes
write raw = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY
SO_RCVBUF=16384 SO_SNDBUF=16384
wins server = 72.2.0.5 72.2.0.4
create mask = 0700
domain master = no
map to guest = never
null passwords = no
encrypt passwords = yes
template shell = /bin/false
dead time = 0
password level = 0
password server = *
directory mask = 0700
preferred master = no
[homes]
comment = Staff Home Directories
browseable = no
writable = yes
available = yes
public = no
create mask = 2700
inherit permissions = yes
nt acl support = no
force group = "shawnigan+domain users"
force security mode = 0777
path = /home/staff/%U
[home]
comment = Homes
browseable = yes
writable = yes
available = yes
public = no
only user = no
path=/home
valid users = @"shawnigan+domain admins"
admin users = @"shawnigan+domain admins"
[sysroot]
comment = sysroot
valid users = @"shawnigan+domain admins"
admin users = @"shawnigan+domain admins"
writeable = yes
path = /
hosts allow =10.4. 72.2.0.
[staffhome]
comment = Staff Homes - Web Access
browseable = yes
writable = yes
available = yes
public = no
only user = no
path=/home/staff
valid users = @"shawnigan+domain admins","shawnigan+Apache-
Internal"
admin users = @"shawnigan
Re: [Samba] Permissions not recursive on win2K?
On 11 Aug 2005 at 14:40, samba@lists.samba.org wrote: > Way back on Mar 10 2004, I wrote this: > > == > Perhaps this is a known problem, and if so, hopefully it is fixed > in 3.x: > > Win2K SP4 clients, Samba 2.2.8a servers on Linux using ACL > support with > XFS filesystem (Redhat SGI-XFS build, and Mandrake 9.2). > > Adding/editing an ACL for an NT domain group (or user) to a > folder on samba, and > attempting to apply permissions to all subdirs and files only > goes one > level deep when using the win2k standard gui tool. ie: Only > ACLS for the > selected folder and files in top level are touched. Problem does > not occur > when using an NT4 client. Interestingly, using the NT4 security > dialog on > win2k (by way of the RSHXMENU powertoy for NT) works fine > on win2K. > > Is this a known issue? I can provide conf and debug output if > necessary, > but I assumed someone else must have seen this already (and > fixed it? :-) > == > > Then, I got this reply: > > >On 24 Mar 2004 at 9:13, Gerald (Jerry) Carter wrote: > > > > Yup. It is fixed in 3.0 what what I remember. Jeremy worked > on it. > > Eventually I got around to upgrading the affected servers to > 3.0.11, but the problem persists, and I didn't have time to dig > into it. Now I need to replace two samba servers, and would > like to resolve this issue. I've now read the release notes from > 3.0.12 to 3.0.20RC2 and couldn't find mention of a fix. I am now running 3.0.14a, but the permissions recursion problem still exists. Each time I apply permissions to a tree using the Win2K GUI, the addition or removal of an ACL will move exactly one level deeper than before. I n other words, if the tree is 4 levels deep, it will take 3 passes of the operation before the ACL change appears in the 4th level. This long standing problem is seriously limiting our migration to samba. Can someone please tell me if this has been fixed in 3.0.20? I have offered configs, debug, etc. and the offer still stands. I just want to see this problem fixed, and can't believe it is not affecting more users. For the record, here is the environment: Mandrake 10.1 with ACL support on XFS The share used for testing the issue is the "home" share. PDC is running NT4 SP6a Client used for setting ACLs running Win2K SP4, tested using GUI, cacls, and xcacls. Build options: ./configure --with-winbind --with-acl-support --with-quotas -- sbindir=/usr/sbin --bindir=/usr/bin --localstatedir=/var/log/samba --with- swatdir=/usr/share/swat --with-lockdir=/var/cache/samba --with- configdir=/etc/samba --with-piddir=/var/run conf file: [global] workgroup = SHAWNIGAN netbios name = ADMIN3 server string = ADMIN3 Server winbind uid = 1-2 winbind enum users = yes winbind gid = 1-2 winbind separator = + winbind enum groups = yes disable spoolss = yes unix password sync = no max xmit = 65535 hosts allow = 10. 72.2.0. dns proxy = no oplocks = yes inherit permissions = yes debug level = 1 security = domain getwd cache = yes log level = 3 read raw = yes write raw = yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=16384 SO_SNDBUF=16384 wins server = 72.2.0.5 72.2.0.4 create mask = 0700 domain master = no map to guest = never null passwords = no encrypt passwords = yes template shell = /bin/false dead time = 0 password level = 0 password server = * directory mask = 0700 preferred master = no [homes] comment = Staff Home Directories browseable = no writable = yes available = yes public = no create mask = 2700 inherit permissions = yes nt acl support = no force group = "shawnigan+domain users" force security mode = 0777 path = /home/staff/%U [home] comment = Homes browseable = yes writable = yes available = yes public = no only user = no path=/home valid users = @"shawnigan+domain admins" admin users = @"shawnigan+domain admins" [sysroot] comment = sysroot valid users = @"shawnigan+domain admins" admin users = @"shawnigan+domain admins" writeable = yes path = / hosts allow =10.4. 72.2.0. [staffhome] comment = Staff Homes - Web Access browseable = yes writable = yes available = yes public = no only user = no path=/home/staff valid users = @"shawnigan+domain admins","shawnigan+Apache- Internal" admin users = @"shawnigan+domain admins&
[Samba] Hide printers share?
I'm sure there is a simple solution to this one... how do I make the printers share go away? I have no printers, and no [printers] section. I tried adding one, and making it browseable=no, but it still appears. This is on v 3.0.11 and 3.0.14a -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Missing 'HAVE_SYS_ACL_H'
You got it - I needed both libacl1-devel and libattr1-devel packages, which strangely were not included with "development" packages on 10.2 but were on 9.2 Mandrake. I'm pleased to also report that my ACL recursion issue from 3.0.13 appears to be fixed in 3.0.14a, at least in initial testing. Thanks! On 15 Aug 2005 at 21:08, Shawn Wright wrote: > On 15 Aug 2005 at 20:51, Doug VanLeuven wrote: > > > Shawn Wright wrote: > > > I have the libacl and acl rpms installed, which has been enough for > > > previous installs on Mandrake 9.2... > > > > Check for libacl-devel > > > > Need that for the include files. > > Thanks, Doug. That's it. Something must have changed in the package options > for 10.2 from 9.2. I'll add that and try again. Maybe I can resolve my ACL > recursion problem now... > > -- > Shawn Wright > I.T. Manager > Shawnigan Lake School > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Missing 'HAVE_SYS_ACL_H'
On 15 Aug 2005 at 20:51, Doug VanLeuven wrote: > Shawn Wright wrote: > > I have the libacl and acl rpms installed, which has been enough for > > previous installs on Mandrake 9.2... > > Check for libacl-devel > > Need that for the include files. Thanks, Doug. That's it. Something must have changed in the package options for 10.2 from 9.2. I'll add that and try again. Maybe I can resolve my ACL recursion problem now... -- Shawn Wright I.T. Manager Shawnigan Lake School -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Missing 'HAVE_SYS_ACL_H'
I have the libacl and acl rpms installed, which has been enough for previous installs on Mandrake 9.2... On 16 Aug 2005 at 0:38, Maxim > Second point : > Are acl libs/headers installed on your system ? > > http://acl.bestbits.at/ > > Max > > Shawn Wright a écrit : > > >I'm building 3.0.14a on Mandrake 10.2, trying to use the same > >config as my other servers (3.0.11), but ACLs are not working. > >In checking the outout of smbd -b, I see this line is missing: > > > >System Headers: > >HAVE_SYS_ACL_H > >. > > > >But I am specifying ./configure --with-acl-support ... > > > >Adding an acl using 'setfacl -m 'NTDOMAIN+NTUSER' file > >does successfully add an ACL for the NT domain user at the > >CLI, but Samba won't show it. > > > >Clearly I'm missing a vital piece somewhere, but I'm not sure > >where. This is the first machine with 2.6 kernel (stock kernel so > >far)... could that be the issue? > > > > > > > > > >-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > >Shawn Wright, I.T. Manager > >Shawnigan Lake School > >http://www.sls.bc.ca > >[EMAIL PROTECTED] > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Missing 'HAVE_SYS_ACL_H'
I thought of that, but the stock kernel config has this: CONFIG_XFS_FS=m CONFIG_XFS_QUOTA=y CONFIG_XFS_POSIX_ACL=y Just in case, I'm building a new kernel now... On 16 Aug 2005 at 0:34, Maxime Woznicki wrote: > Hello ! > > Check your kernel config : are ext2/ext3 acl/extended attributes checked > in fs options ? > > Max > > Shawn Wright a écrit : > > >I'm building 3.0.14a on Mandrake 10.2, trying to use the same > >config as my other servers (3.0.11), but ACLs are not working. > >In checking the outout of smbd -b, I see this line is missing: > > > >System Headers: > >HAVE_SYS_ACL_H > >. > > > >But I am specifying ./configure --with-acl-support ... > > > >Adding an acl using 'setfacl -m 'NTDOMAIN+NTUSER' file > >does successfully add an ACL for the NT domain user at the > >CLI, but Samba won't show it. > > > >Clearly I'm missing a vital piece somewhere, but I'm not sure > >where. This is the first machine with 2.6 kernel (stock kernel so > >far)... could that be the issue? > > > > > > > > > >-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > >Shawn Wright, I.T. Manager > >Shawnigan Lake School > >http://www.sls.bc.ca > >[EMAIL PROTECTED] > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Missing 'HAVE_SYS_ACL_H'
I'm building 3.0.14a on Mandrake 10.2, trying to use the same config as my other servers (3.0.11), but ACLs are not working. In checking the outout of smbd -b, I see this line is missing: System Headers: HAVE_SYS_ACL_H But I am specifying ./configure --with-acl-support ... Adding an acl using 'setfacl -m 'NTDOMAIN+NTUSER' file does successfully add an ACL for the NT domain user at the CLI, but Samba won't show it. Clearly I'm missing a vital piece somewhere, but I'm not sure where. This is the first machine with 2.6 kernel (stock kernel so far)... could that be the issue? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permissions not recursive on win2K?
Way back on Mar 10 2004, I wrote this: == Perhaps this is a known problem, and if so, hopefully it is fixed in 3.x: Win2K SP4 clients, Samba 2.2.8a servers on Linux using ACL support with XFS filesystem (Redhat SGI-XFS build, and Mandrake 9.2). Adding/editing an ACL for an NT domain group (or user) to a folder on samba, and attempting to apply permissions to all subdirs and files only goes one level deep when using the win2k standard gui tool. ie: Only ACLS for the selected folder and files in top level are touched. Problem does not occur when using an NT4 client. Interestingly, using the NT4 security dialog on win2k (by way of the RSHXMENU powertoy for NT) works fine on win2K. Is this a known issue? I can provide conf and debug output if necessary, but I assumed someone else must have seen this already (and fixed it? :-) == Then, I got this reply: >On 24 Mar 2004 at 9:13, Gerald (Jerry) Carter wrote: > > Yup. It is fixed in 3.0 what what I remember. Jeremy worked on it. Eventually I got around to upgrading the affected servers to 3.0.11, but the problem persists, and I didn't have time to dig into it. Now I need to replace two samba servers, and would like to resolve this issue. I've now read the release notes from 3.0.12 to 3.0.20RC2 and couldn't find mention of a fix. Any ideas? Shawn Wright, I.T. Manager Shawnigan Lake School [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with ACLs after upgrade to 3.02
I'm trying to work out an upgrade path for upgrading our 2.2.8a servers to 3.x, and have run into the following problem. (surely someone has documented this?!) Freshly loaded Mandrake 9.2 server using XFS with ACL support. Samba 3.0.2a compiled with: --with-winbind --with-acl-support --with-quotas The stock 2.2.8a Mandrake RPMS were installed and tested first. Then the binaries from 3.0.2a were copied over. After adjusting for different conf and var locations, 3.0.2a starts successfully, and testparm shows the smb.conf to be ok. Re- joining the domain using net join worked fine. Can connect as domain admin to a share to which domain admins are designated "admin user". I can successfully edit existing permissions for user,group,other from Win2K. But any operations (from win2k client) which attempt to add an ACL for a domain user or group to a file fail with 'access denied'. In addition, attempting to add permissions for a local unix user or group show an empty list - just "everyone". The above operations work on 2.2.8a using the same config, with the exception of the recursive permissions problem I reported earlier (to which nobody responded, making me wonder if anyone else actually uses ACLs for domain accounts on samba...). Here's the conf file: [global] hosts allow = 10. 139.142.66. 127. winbind uid = 1-2 max xmit = 65535 allow hosts = 139.142.66. 10. dns proxy = no netbios name = PROXY4 oplocks = yes inherit permissions = yes workgroup = SHAWNIGAN debug level = 3 security = domain getwd cache = yes winbind separator = + log level = 10 read raw = yes write raw = yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=16384 SO_SNDBUF=16384 wins server = 139.142.66.1 create mask = 0700 domain master = no map to guest = never null passwords = no encrypt passwords = yes template shell = /bin/false dead time = 0 password level = 0 server string = Proxy Server password server = * winbind enum users = yes winbind gid = 1-2 unix password sync = no winbind enum groups = yes directory mask = 0700 preferred master = no [home] comment = Homes browseable = yes writable = yes available = yes public = no only user = no path=/home valid users = @"shawnigan+domain admins" admin users = @"shawnigan+domain admins" [sysroot] comment = sysroot valid users = @"shawnigan+domain admins" admin users = @"shawnigan+domain admins" writeable = yes path = / allow hosts = 139.142.66. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Permissions not recursive on win2K?
Perhaps this is a known problem, and if so, hopefully it is fixed in 3.x: Win2K SP4 clients, Samba 2.2.8a servers on Linux using ACL support with XFS filesystem (Redhat SGI-XFS build, and Mandrake 9.2). Adding/editing an ACL for an NT domain group to a folder on samba, and attempting to apply permissions to all subdirs and files only goes one level deep when using the win2k standard gui tool. ie: Only ACLS for the selected folder and files in top level are touched. Problem does not occur when using an NT4 client. Interestingly, using the NT4 security dialog on win2k (by way of the RSHXMENU powertoy for NT) works fine on win2K. Is this a known issue? I can provide conf and debug output if necessary, but I assumed someone else must have seen this already (and fixed it? :-) Thanks.-- Shawn Wright http://Zuiko.sls.bc.ca/swright ~This message sent by Pegasus Mail, the safe E-Mail alternative~ "Friends don't let friends use Outlook" -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba tuning for Linux?
We encountered a stability issue last week on one of 2.2.8 servers running on RedHat 7.1 (2.4.19-13 kernel with SGI XFS patches). It appears we exceeded the max files and kernel setting, which resulted in having more than 300 zombie smbd processes that we could not kill without a reboot. Increasing the value of 'file-max' in /proc/sys/fs from the default of 8192 to 32768 seems to have cured the problem for now. But I'd like to know if there are some guidelines for tuning samba and linux for stability and performance. I've applied most of the tips for Samba I think, but am not certain about the linux config. How many of you are running Samba 2.2.8 on Linux with 300+ concurrent users? What kinds of changes have you made to improve stability? Thanks. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Some final notes: Backup Exec & Samba shares
Interesting... Sorry if I missed the previous thread, but had you considered using the free BE agent for *nix? We've been using it for several years on 3 production samba boxes and BE8.6 running on an NT server. Speed is much slower than the Veritas agents on NT, and a bit slower than non-agent backups from NT, bit it works. We are currently backing up ~50Gb from Samba using the agent. btw - I agree with your assessment of Veritas - after 6+ years with BE, I suspect our next upgrade will be to another vendor. We bought 9.x last summer, and wasted 2 weeks trying to get it working, and finally gave up and went back to 8.6. All the while, Veritas support was hopeless. I don't think they even tested v9 on an NT server, as 3 of our servers were clean OS installs and they wouldn't even install BE9! When 8.6 no longer supports our hardware (the only reason we went from v6 to v8), then we'll look elsewhere, unless Veritas changes their MS-centric focus. Their requirement for IE on the server just to run BE9.x was the last straw! On 1 Dec 2003 at 6:45, Bruce Lane <[EMAIL PROTECTED]> wrote: > Good day, gang, > > Chris McKeever was kind enough to write back to me over the weekend regarding > the problems I'd experienced in using Backup Exec 8.x and 9.x to connect to > Samba shares on a NetBSD system. Between his comments and my direct experience, > I've only found ONE combination that will work, and that is: NetBSD 1.6, Samba > 2.2.8a, and Backup Exec 8.6. If you take NetBSD up to 1.6.1, everything stops > working and you can no longer browse the Samba shares. > > I suspect you could change Backup Exec to 9.x, and Samba to 3.x, since I had > the same symptoms in either condition, but I did not try it (ran out of time). > > With that said: I have discovered that CA's ARCServe package (formerly made by > Cheyenne Software) couldn't care less if a network share is sourced by a > Windows or *nix type system running Samba. It browses and backs up either one > with ease. > > Chris already posted the same thing he mailed to me to the list. Essentially, > Veritas won't do a thing about it, and it does appear to be a design flaw in > their software (considering that ARCserve doesn't have a problem with it). > > Sad, really. Backup Exec used to be a pretty good product. Sounds like Veritas > has turned into the Microsoft of the backup software world, just like Adaptec > turned into the Microsoft of the SCSI world, and... oh, frell, you get the > idea. > > Later... > > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Bruce Lane, Owner & Head Hardware Heavy, > Blue Feather Technologies -- http://www.bluefeathertech.com > ARS KC7GR (Formerly WD6EOS) since 12-77 -- [EMAIL PROTECTED] > "Quando Omni Flunkus Moritati" (Red Green, aka Steve Smith) > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- Shawn Wright http://Zuiko.sls.bc.ca/swright '88 Westy 375k '85 Jetta D 263k '85 Jetta TD 482k (retired) ~This message sent by Pegasus Mail, the safe E-Mail alternative~ "Friends don't let friends use Outlook" -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Which Linux best suits Samba3?
On 24 Nov 2003 at 16:31, Greg Folkert <[EMAIL PROTECTED]> wrote: > Personally I use Debian. Debian always just works for me. I use Stable > for my Critical servers, I use unstable backports for things like Samba > 3. > > Debian has many different systems platforms available as well (11 last I > checked, almost 12 soon). > > For Machine I really need newer support for, I use the Sid(Unstable) > (unstable does NOT mean the stability of the machine, just that the > packaging and packages change quite radically sometimes). > > I also, use Sid with Experimental pinned @ 1000 (actually this machine I > am on my default is experimental). Sure with experimental I grieve > sometimes, but there are thing worth enduring. > > If you are going to compile, I'd use Debian Still as you can have the > packaging system make sure the dependencies are proper for your setup. > > apt-get build-dep samba > > will install all the needed libraries to build samba. > > Then you can D/L the source for Samba3 from debian's source archive and > build the package and fix a few differences from Woody to Sid. It really > is a trivial process to do it. I plan to look into Debian soon, even though my first attempt nuked a win2k boot sector. I won't hold this against it though, since I know how fragile win2K can be. What would you suggest if I need ACL and quota support along with Samba 3? I tried using the Debian XFS boot iso, but it suggested that I can do a net install from it, which appears to be wrong. (it wanted CDs, and I haven't pulled them down yet). Currently we're running production boxes on various versions of RH 6/7/8 and Samba 2.2.8, most of them using XFS for ACL and quota support. I've had much better luck getting these things going with XFS than with EXT3, and it has proven to be rock solid for ~ 2 years now. So is Debian on XFS with ACL/quota support something anyone has going yet? -- Shawn Wright http://Zuiko.sls.bc.ca/swright '88 Westy 375k '85 Jetta D 263k '85 Jetta TD 482k (retired) ~This message sent by Pegasus Mail, the safe E-Mail alternative~ "Friends don't let friends use Outlook" -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrading 2.2.8 -> 3.0 howto, pitfalls?
We have two production servers running Samba 2.2.8 on Redhat 7.x using XFS filesystem with ACL and quota support. Although it has been working ok for nearly two years, we still see strange ACL behaviours, and occasionally what appears to be winbindd idmap corruption. PDC is NT4, and samba servers are domain members only. We're also seeing lackluster performance at times, possibly due to the number of concurrent users, typically 100, but peaks of >300. I'm hopeful that 3.x might address some of these issues, but am concerned with transition problems on heavily used servers. Specifically, where can I find answers for: 1. Is the winbindd idmap unix-domain mapping table migrated smoothly? 2. Are the memory requirements similar to 2.2.8? (we're running 512Mb, which seems to be just barely enough for 2.2.8). 3. If things go wrong, can I just restore the idmap and 2.2.8 files and go back? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Full wNT/w2K ACL conformance
On 18 Jun 2003 at 15:39, Dragan Krnic wrote: > >>The show-stopper right now is this: we need to be > >>able to assign "real" Full Control permissions: a > >>user who has "Full control" on a directory should > >>be able to Read, Write, eXecute ( of course) [ this > >>can be easily achieved with ACLs ] *plus* being > >>able to give away Full Control to other users too > >>[being able to override inherited ACLs would be a > >>plus, too]. Is this feasible (remember smbd runs as > >>root... )? Has somebody thought about implementing > >>this ? > > If you have Full Control over a directory (e.g. as > root, or own it or have rwx on it), you can give FC > (rwx) to others. Is it perhaps the other way around, > that you want to stop this delegation, unless an FC > EA explicitely allows it? I'm not sure if it can be > a show-stopper or if it really makes a difference. In our case, the only users who require "Full Control" access are admins, so we use "admin users = @domain/domain admins". Not ideal, but it gives us the NT equivalence we require, and has allowed us to migrate a large portion of our file storage to Samba. We find the option "nt acl support = no" to be a nice feature that is not available on NT. It prevents our students from messing with ACLs (for their own files) which had been a problem on NT. We provide a second admin access only share which provides ACL support for admins. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] "Friends don't let friends use Outlook." -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd problems
On 2 Apr 2003 at 11:33, Gavin Hamill wrote: > Hi there :) > > I've recently been playing with winbindd and squid and have achieved > success thanks to hints from the kind folks on the squid mailing list. > > I have now gone to transfer this new knowledge to another system, but > have come up against a small problem... > > I'm using Samba 2.2.7a on Debian woody, > > cjhiggins:~# wbinfo -p > 'ping' to winbindd succeeded > cjhiggins:~# wbinfo -t > Secret is good > cjhiggins:~# wbinfo -u > 0xc022 > cjhiggins:~# wbinfo -g > 0xc022 > > yet... > > cjhiggins:~# wbinfo -a gdh%blahblah > plaintext password authentication succeeded > challenge/response password authentication succeeded > > The goal here is to bring back a list of groups, because I need to > attach different levels of internet access to members of different NT > groups. > > My /etc/nsswitch.conf contains: > > passwd: compat winbind > group: compat winbind > > at the top, and 'getent passwd' doesn't show anything except > the contents of /etc/passwd. > > >>From googling, I have found that 0xc022 means > NT_STATUS_ACCESS_DENIED, but I'm not sure how or why, given that the > Linux machine is listed in the Active Directory Users and Computers > control panel, and the smbpasswd commandline to join the domain returned > successfully. > > The only thing I can think of is the 'testbed' I used was a Win2000 > machine that I converted to use Active Directory, and made sure to > select the 'compatibility with NT4 servers' option. However, > on this customer site, there are only Win2000 clients, so I'm guessing > the server was set to 'Win2000 only mode' with the apparent enhanced > security that provides. > > I've googled and read helpfiles, but have not been able to find a > solution to this. > > Does anyone have any ideas? Gavin, I have seen similar results when the libnss_winbind.so is either missing, the incorrect version, or the symlink from libnss_winbind.so.2 is missing. (Incorrect version resulted in corrupted domain user listing, while missing link or file results in the no domain user/group listing at all). I have even made notes about this for myself, but still manage to forget to check it on occasion... Shawn Wright, I.T. Manager Shawnigan Lake School [EMAIL PROTECTED] http://Zuiko.sls.bc.ca/swright http://www.sls.bc.ca -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with xcopy /d & samba
A problem has arisen with the way samba handles file creation dates compared to NT/win2k, which prevents xcopy /d from working correctly. On NT/Win2k, files copied from another NT machine using xcopy end up with the modified dates equal to the original modified date of the file, and the created and accessed dates become the date of the xcopy operation. On Samba, files copied from an NT machine using xcopy end up with created & modified dates equal to the original modified date of the file, and the accessed date becomes the date of the xcopy operation. Dates are as reported from a windows NT client in both cases. The problem is that xcopy /d will NOT work as expected when attempting to use it to only copy newer files from NT to samba. Instead XCOPY /D will copy *all* files. This is a problem as we hope to migrate a large # of files from NT to samba and minimize downtime by using xcopy /d to refresh any modified files. In this case we will use a tape backup/restore to handle the modified files, but it would be nice to know if xcopy can be made to work with samba in this way? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, Systems Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Winbind broken after 2.2.8 upgrade
On 27 Mar 2003 at 7:21, Andrew Bartlett wrote: > On Thu, Mar 27, 2003 at 01:27:26AM +, Andrew Bartlett wrote: > > On Wed, Mar 26, 2003 at 04:11:13PM -0800, Shawn Wright wrote: > > > Ok, stupid me. Somehow I missed updating /lib/libnss_winbind.so on both > > > these machines. Presumably this would have also caused corruption of the > > > winbind idmap? > > > > I doubt it, actually. > > > > > Since winbind is now installed with a "make install", would it not be a good > > > idea to also install libnss_winbind.so also? Or at least provide some version > > > checking in winbind so that it will fail to start and report an error if it > > > encounters the wrong version of libnss_winbind.so? > > > > Winbind doens't *require* libnss_winbind - there are actually situations where > > it is used without it. That said, I've implemented some extensive version > > checks from the client side - we certainly won't connect to a winbind with > > a different protocol version any more. > > (In Samba 3.0 and Samba HEAD) > > In Samba 2.2 we have a more basic check, but it should still cause the client to > bail if contacting the wrong version. Sorry for my ignorance, but I'm not sure what you mean by client here, but assume winbind is a client to nss? I do know that winbind from 2.2.8 *did* run with libnss_winbind.so v2.2.5 in place, resulting in broken getent passwd output, where only domain user ids were shown. Putting the libnss_winbind.so from v2.2.8 was all that was required to fix the problem... -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, Systems Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Winbind broken after 2.2.8 upgrade
Ok, stupid me. Somehow I missed updating /lib/libnss_winbind.so on both these machines. Presumably this would have also caused corruption of the winbind idmap? Since winbind is now installed with a "make install", would it not be a good idea to also install libnss_winbind.so also? Or at least provide some version checking in winbind so that it will fail to start and report an error if it encounters the wrong version of libnss_winbind.so? It seems that the idmap file is a very weak link in samba right now, so every effort should be made to prevent corruption during upgrades, etc. In our case, I was able to re-apply acls for 400 users, but quota information for a large shared file volume was lost, as I could not re-map the ids, and had to reset file ownerships to avoid users having incorrect quota assignments. On 25 Mar 2003 at 10:32, [EMAIL PROTECTED] wrote: > I have just upgraded two of our samba boxes to 2.2.8 and ended up with > partially broken winbind after the upgrade. The machines are slightly > different, and so are the symptoms, so here goes: > > System 1: Was at 2.2.3 compiled from source Feb4/02, using options: > "./configure --with-winbind --with-acl-support --with-quotas". Running on > RedHat 7.2, installed from SGI's XFS installer to enable ACLs and quotas > with samba on XFS filesystems. System running fine in production for ~500 > NT domain users for the past 8 months. All users are on NT domain, using > winbind from user lookups. > After upgrade to 2.2.8, I see the following: > > getent passwd shows only local users, no domain users > wbinfo -u and -g report domain users & groups normally > users connecting to smb shares appear as "root" in smbstatus (!) > a nobody share appears browsing the system from an NT box. > As this is a production system, I've had to revert to 2.2.3 so further testing > may be difficult at this time. > > System #2 is a fresh install of RedHat 8 using the SGI XFS installer v1.2, > and had the stock samba 2.2.5 rpm installed, over which I compiled and > installed 2.2.8. Config is essentially the same as system #1 otherwise. > (smb.conf shown at end of message) > > This time, wbinfo -t, -u, -g all work as expected. > getent passwd shows local users, then a list of domain user IDs in the > format: (where 106xx is the id) > > ::0:10646:':: > ::0:10647:':: > ::0:10648:':: > > getent group shows a corrupted group listing as follows, "webalizer" is the > last entry in /etc/group, and the correct domain name is "SHAWNIGAN - > notice it is mangled in various places: > > webalizer:x:67: > hHAWNIGAN+AP French:aminx:1280532334:À« > ::1852728681:WNIGAN+abehennah,SHAWNIGAN+adeane,SHAWNIGAN+ > dew,SHAWNIGAN+gperry,SH > AWNIGAN+jrc,SHAWNIGAN+rfilgate,SHAWNIGAN+jcs > > > Here is what the above should look like (and does on the other box running > 2.2.3): > > SHAWNIGAN+AP French:x:10023: > SHAWNIGAN+Dept- > English:x:10024:SHAWNIGAN+abehennah,SHAWNIGAN+adeane,SHAWN > IGAN+dew,SH > AWNIGAN+gperry,SHAWNIGAN+jrc,SHAWNIGAN+rfilgate,SHAWNIGAN+j > cs > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, Systems Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Help! winbind idmap corrupt!
Our problems with the attempted upgrade to 2.2.8 continue. On a production machine running 2.2.3, I backed out of the 2.2.8 upgrade due to winbind strangeness reported in earlier post. Things *appeared* normal, until this morning, when I noticed that an 'ls -l' no longer shows domain usernames, and a 'chacl -l' also no longer shows names, only winbind ids. Furthermore, comparing these ids to the output of 'getent passwd' or 'getent group', it appears the idmap is totally messed up. I have searched but not found any posts telling how to rebuild this file -surely there must be a way? There are 400 domain users involved, so rebuilding by hand is not an option... -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, Systems Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind broken after 2.2.8 upgrade
I have just upgraded two of our samba boxes to 2.2.8 and ended up with partially broken winbind after the upgrade. The machines are slightly different, and so are the symptoms, so here goes: System 1: Was at 2.2.3 compiled from source Feb4/02, using options: "./configure --with-winbind --with-acl-support --with-quotas". Running on RedHat 7.2, installed from SGI's XFS installer to enable ACLs and quotas with samba on XFS filesystems. System running fine in production for ~500 NT domain users for the past 8 months. All users are on NT domain, using winbind from user lookups. After upgrade to 2.2.8, I see the following: getent passwd shows only local users, no domain users wbinfo -u and -g report domain users & groups normally users connecting to smb shares appear as "root" in smbstatus (!) a nobody share appears browsing the system from an NT box. As this is a production system, I've had to revert to 2.2.3 so further testing may be difficult at this time. System #2 is a fresh install of RedHat 8 using the SGI XFS installer v1.2, and had the stock samba 2.2.5 rpm installed, over which I compiled and installed 2.2.8. Config is essentially the same as system #1 otherwise. (smb.conf shown at end of message) This time, wbinfo -t, -u, -g all work as expected. getent passwd shows local users, then a list of domain user IDs in the format: (where 106xx is the id) ::0:10646:':: ::0:10647:':: ::0:10648:':: getent group shows a corrupted group listing as follows, "webalizer" is the last entry in /etc/group, and the correct domain name is "SHAWNIGAN - notice it is mangled in various places: webalizer:x:67: hHAWNIGAN+AP French:aminx:1280532334:À« ::1852728681:WNIGAN+abehennah,SHAWNIGAN+adeane,SHAWNIGAN+ dew,SHAWNIGAN+gperry,SH AWNIGAN+jrc,SHAWNIGAN+rfilgate,SHAWNIGAN+jcs Here is what the above should look like (and does on the other box running 2.2.3): SHAWNIGAN+AP French:x:10023: SHAWNIGAN+Dept- English:x:10024:SHAWNIGAN+abehennah,SHAWNIGAN+adeane,SHAWN IGAN+dew,SH AWNIGAN+gperry,SHAWNIGAN+jrc,SHAWNIGAN+rfilgate,SHAWNIGAN+j cs Any ideas? Below is a copy of the smb.conf, essentially the same on both boxes: smb.conf: === [global] winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes template homedir = /home/student/%U template shell = /bin/false create mask = 0700 directory mask = 0700 #force group = 1 inherit permissions = yes domain admin group = @root workgroup = SHAWNIGAN server string = Student Home Server hosts allow = 10. 139.142.66. 127. security = domain password server =admin2 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=16384 SO_SNDBUF=16384 write raw = yes read raw = yes oplocks = yes max xmit = 65535 dead time = 15 getwd cache = yes dns proxy = no unix password sync = no encrypt passwords = yes map to guest = never password level = 0 null passwords = no allow hosts = 139.142.66. 10. #deny hosts = os level = 0 preferred master = no domain master = no wins support = no wins server = 139.142.66.2 dead time = 0 debug level = 0 log level = 1 [homes] comment = Home Directories browseable = no writable = yes available = yes public = no #only user = yes nt acl support = no force group = 1 #force security mode = 0777 #path=/home/student/%U [home] comment = Student Homes browseable = yes writable = yes available = yes public = no only user = no path=/home -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, Systems Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: FW: [Samba] backupexec
Yes, we have been using the Linux agent for some time now on 3 of our Samba servers with BackupExec 8.5 on NT. It works well, once you figure out how to adjust the backup scheme to take into account the lack of an archive bit, which limits the types of backups that can be done. On 19 Mar 2003 at 14:48, Ken Innes wrote: > True for Novell, but not for Linux. The Linux agent is free at > support.veritas.com > > -Ken > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of > > Lawrence Walton > > Sent: Wednesday, March 19, 2003 2:18 PM > > To: Michael Pellegrino > > Cc: [EMAIL PROTECTED] > > Subject: Re: [Samba] backupexec > > > > > > Michael Pellegrino [EMAIL PROTECTED] wrote: > > > I may be mistaken, but I believe with the way recent version of > > Backup Exec > > > are licensed, you need to purchase a license and have the remote agent > > > running on each server you wish to backup. > > > > > Thats true for version 9 for novell. > > -- > > *--* Mail: [EMAIL PROTECTED] > > *--* Voice: 425.739.4247 > > *--* Fax: 425.827.9577 > > *--* HTTP://the-penguin.otak.com/~lawrence/ > > -- > > - - - - - - O t a k i n c . - - - - - > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > Shawn Wright, I.T. Manager Shawnigan Lake School [EMAIL PROTECTED] http://Zuiko.sls.bc.ca/swright http://www.sls.bc.ca -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Duplicate winbind uid/gid
We've encountered the following problem on our Redhat 7.2/XFS box running samba 2.2.3 with winbind and acl support. This week, some local accounts were created on the samba box for the installation of djb's dnscache. In addition, some NT domain accounts were also created on the NT4 PDC. The samba box is configured to use the NT4 domain for authentication; none of the local accounts are used for samba. In checking, I can see that one of the local accounts I created was assigned the same uid as that assigned by winbind for one of the new domain accounts! I have the following in smb.conf, which I thought was meant to avoid such collisions, but it appears that adduser used what it thought was the next available uid, as did winbindd... [global] winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes Adding local accounts is not something done very often, but I would like to prevent this occurrence in the future, and fix the collision I now have. Here is the acct in /etc/passwd: Gdnscache:x:11079:11079::/etc/dnscache:/bin/nologin Here's the account from winbindd, using getent passwd: SHAWNIGAN+MCHAUDHU:x:11079:10001:(S -Gr.10) Mallika Chaudhuri:/home/student/mchaudhu:/bin/false Also, what I expect is an unrelated issue, I am seeing the occasional message like this in the winbindd logs, for a domain user that *does* exist: user 'glinn' does not exist [2003/02/11 15:00:11, 1] nsswitch/winbindd_user.c:winbindd_getpwnam_from_user(142) Any ideas what could cause this? Shawn Wright, I.T. Manager Shawnigan Lake School [EMAIL PROTECTED] http://Zuiko.sls.bc.ca/swright http://www.sls.bc.ca -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Logon time restrictions; change ownership via samba
Are there plans to support logon time restrictions in Samba, or is it somehow supported already? We are using an NT4 PDC, and would like the samba servers to disconnect users outside of their logon times. Also, is there any way to allow one to change file ownership via samba? I have not found any way to do this. We would like domain admins to have this ability so that we can maintain file ownership & permissions from NT boxes to allow quotas to be correctly managed on the samba boxes. Currently files copied/moved to a user share on the samba box keep the ownership of the user performing the move. Domain admins need the ability to change ownership/permissions to that of a specific user. I'm using samba 2.2.5 on Redhat 7.3 with SGI XFS 1.1 partitions. Shawn Wright, I.T. Manager Shawnigan Lake School [EMAIL PROTECTED] http://Zuiko.sls.bc.ca/swright http://www.sls.bc.ca -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Which filesystem to increase Samba performances ?
I have been gradually moving our user storage from NT servers to RH Linux servers over the past two years, and have found the following based on our very specific needs: SGI's XFS filesystem on RedHat 7.x has been a stable platform since going into production on a machine serving 400 students last year. It is running fairly modest hardware (P3/500, non-raid UW-SCSI disks) but is able to keep up with much faster NT machines quite well, even when dealing with over 100 concurrent users. Last summer, when it came time for another server migration, I looked into EXT3 as an alternative to XFS and encountered the following: Performance with EXT3 was below that of XFS 1.1 in nearly every case, often by more than 15%. Tests were by no means scientific, but consisting of repeated cycles of file reading & writing to/from NT clients. Times were measured multiple iterations with file sizes of 8K, 50K, 1Mb and 10Mb. If EXT3 had other redeeming qualities, I could have overlooked the performance issues, but it didn't: -quotas: this is something we *need* and they work nicely in XFS, but I had no success getting them to work with EXT3 on Redhat 7.3 -ACLs: this is another thing we *need*, and the situation was very similar to quotas - I had no luck getting them going. I ended up leaving the new machine with the XFS 1.1 installer version of Redhat, since I could not afford the time to get quotas and ACLs going on EXT3. Keep in mind, all the above is very specific to our environment, where flexible security (ACLs), quotas, performance, and stability are all critically important factors. On 13 Jan 2003 at 22:16, Jean-Charles Preaux wrote: > hello, > i'm a new suscriber of this mailing-list, hoping i'll be able to help u. > But before i've a question. > I've to mount a huge file server using Samba. > We bought a new server, using raid 5 technology. > My question is, now i've to install on it my favorite operating system :) > and i ask me which filesystem type i've to use to increase Samba performances on it, some people said me "xfs", others "ext3"... > Which one do u recommend me and why ? > hoping i've been clear with my question. > thanks. > > > -- > Jean-Charles Preaux > > (o_ > //\ > V_/_ Debian GNU/Linux user. > > E-mail : [EMAIL PROTECTED] > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > Shawn Wright, I.T. Manager Shawnigan Lake School [EMAIL PROTECTED] http://Zuiko.sls.bc.ca/swright http://www.sls.bc.ca -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
