Re: [Samba] Samba performance

[Volker Lendecke]

On Wed, Jun 01, 2011 at 06:46:51PM -0700, Juan Pablo wrote:
 Hi Volker,
 
 I've removed the SO_RCVBUF=65536 SO_SNDBUF=65536 and the 3 other setting, 
 reloaded samba and repeated the tests but still getting the same results for 
 the 
 local tests and also from Windows.
 
 I am getting the following results in MBytes/s:
 
 Test typeLocal (dd) Local (smbclient) Window 7
 Case1161  101 
  
63
 Case2122  119 
   
 68
 
 Case1: Read 1000 files 8 MByte each
 Case2: 4 processes each reading 1000 files of 8 MByte each
 
 Any idea how can I debug where the bottleneck is or why I get so low numbers 
 when reading from Windows?

strace the smbd process with strace -ttT. Network trace.
Look at netstat -nt while the test is running. Send/Recv
queues full? Run top, is the CPU fully busy? There's no
silver bullet for performance tuning unfortunately, sorry.

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Single sign on nivana

[Dermot]

Given that I have currently have 6 member servers, I think that amount
of ldap replication would be over-kill. I was considering one ldap
slave. I will consult the Docs that Louis pointed me to and look at
the winbind config.

Thanks,
Dp.


On 1 June 2011 19:04, Dale Schroeder d...@briannassaladdressing.com wrote:
 Dermot,

 What Louis describes does indeed allow for single sign on.  The non-PDC
 systems are no longer member servers in the truest sense, but rather, all
 become BDC's (security = user).

 If you do not wish to install ldap on all systems, then the options are to
 use winbind, or to use nss-ldap and pam-ldap instead.  Either will allow for
 single sign on as true member servers (security = DOMAIN) to authenticate
 against the PDC.  The former is well documented; the latter is much harder
 to find.

 Dale


 On 06/01/2011 10:21 AM, Dermot wrote:

 Thanks but I am not sure that I have made myself clear.

 I want to remove Windows NT from my production environment. I would
 like to use Samba as the PDC with ldap backend and some replication.
 So far in tests this all works EG, Window7 and WinXP can authenticate.

 I have one more thing I would like to achieve. I want files on the
 Samba member server to be owned by the domain user without having to
 add each domain user locally to the member server's /etc/passwd file.

 I don't think the articles you have suggested address how to do that.
 Dp.




 On 1 June 2011 12:37, L.P.H. van Bellebe...@bazuin.nl  wrote:

 Wel setup ldap with replication.
 I have this setup and i use syncrepl for ldap replication.
 This is working for 5 years now.
 I manage my users and groups with the NT4 user manager.


 Look here.
 http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html
 I use this setup : PDC -  LDAP master server, BDC -  LDAP slave server.
 My ldap slave is readonly.

 I use debian OS.
 look here for a nice example
 http://www.server-world.info/en/note?os=Debian_6.0p=sambaf=6
 and look hier

 http://fr33co.wordpress.com/2009/02/19/replicacion-ldap-con-syncrepl-en-debian-lenny/
 if you need other language put it in a translator ;-)

 Good luck.

 Louis


 -Oorspronkelijk bericht-
 Van: paik...@googlemail.com
 [mailto:samba-boun...@lists.samba.org] Namens Dermot
 Verzonden: 2011-06-01 13:04
 Aan: samba@lists.samba.org
 Onderwerp: [Samba] Single sign on nivana

 Hi,

 I have Samba 3.5.6 that is running as a PDC for testing purposes. In
 my production environment I still use a NT4 domain and all the samba
 member server use domain security. One of the irritations I have with
 the Samba members set-up is that I have to add the users to the local
 server so that files created by a domain user are owned by them and
 not the guest account. Ideally I would like to add the users to the
 PDC alone and then if a domain user creates a file on a member server,
 when I viewed those file, either from a windows machine or from a
 shell on the member server, I could see who they belong to. I'm sure
 that there is a means of doing this, but I get gleam it from the docs.
 Can anyone advise me on the configuration I would need?

 Thank you,
 Dermot.
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba


 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/options/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Single sign on nivana

[John Drescher]

 Given that I have currently have 6 member servers, I think that amount
 of ldap replication would be over-kill. I was considering one ldap
 slave. I will consult the Docs that Louis pointed me to and look at
 the winbind config.

You do not have to make every server an ldap server.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba serving sshfs shares: can't delete files

[TLoD,Snake]

On 06/02/2011 03:58 AM, Jeremy Allison wrote:
 On Wed, Jun 01, 2011 at 02:02:03PM +0400, TLoD,Snake wrote:
 On 05/31/2011 10:26 PM, Jeremy Allison wrote:
 On Tue, May 31, 2011 at 07:43:16PM +0400, TLoD,Snake wrote:
 Hello!
 
 I have samba share on my sshfs-mounted folder. All works just 
 fine except I can't delete files from sshfs unless they are in 
 0777 chmodded directory. Even if that files were putted trough 
 smbclient. I can read files, write files (regardless their 
 directory permissions) but not delete them.
 
 Here is my share config:
 
 [myshare] comment = shre over sshfs path = 
 /home/kli/work/remotes/dev valid users = kli public = no 
 writable = yes printable = no delete readonly = yes read only
 = no force group = kli force user = kli
 
 Post a debug level 10 log snippet of smbclient attempting to 
 delete files.
 
 [2011/06/01 13:57:16,  3] param/loadparm.c:9039(lp_load_ex) 
 lp_load_ex: refreshing parameters
 
 Sorry, this is the client log - I meant a debug level 10 log snipped 
 from smbd when you're trying to delete files using smbclient.
 
 Jeremy.

I hope this is right part of logfile cause it's quite large.

[2011/06/02 14:08:00, 10] smbd/posix_acls.c:838(print_canon_ace_list)

  print_canon_ace_list: canonicalise_acl: ace entries after arrange

  canon_ace index 0. Type = allow SID = S-1-22-1-65534 uid 65534
(nobody) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
  canon_ace index 1. Type = allow SID = S-1-22-2-65534 gid 65534
(nobody) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r--
  canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x0 perms r--
[2011/06/02 14:08:00, 10] smbd/posix_acls.c:1116(map_canon_ace_perms)

  map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1e01ff

[2011/06/02 14:08:00, 10] smbd/posix_acls.c:1116(map_canon_ace_perms)

  map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089

[2011/06/02 14:08:00, 10] smbd/posix_acls.c:1116(map_canon_ace_perms)

  map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089

[2011/06/02 14:08:00, 10] smbd/open.c:113(check_open_rights)

  check_open_rights: file examplelk.ru/aaa requesting 0x1 returning
0x1 (NT_STATUS_ACCESS_DENIED)
[2011/06/02 14:08:00, 10] smbd/posix_acls.c:3372(posix_get_nt_acl)

  posix_get_nt_acl: called for file examplelk.ru

[2011/06/02 14:08:00, 10] smbd/posix_acls.c:2522(canonicalise_acl)

  canonicalise_acl: Access ace entries before arrange :

[2011/06/02 14:08:00, 10] smbd/posix_acls.c:2535(canonicalise_acl)

  canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x0 perms r-x
[2011/06/02 14:08:00, 10] smbd/posix_acls.c:2535(canonicalise_acl)

  canon_ace index 1. Type = allow SID = S-1-22-2-65534 gid 65534
(nobody) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x
[2011/06/02 14:08:00, 10] smbd/posix_acls.c:2535(canonicalise_acl)

  canon_ace index 2. Type = allow SID = S-1-22-1-65534 uid 65534
(nobody) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
[2011/06/02 14:08:00, 10] smbd/posix_acls.c:838(print_canon_ace_list)

  print_canon_ace_list: canonicalise_acl: ace entries after arrange

  canon_ace index 0. Type = allow SID = S-1-22-1-65534 uid 65534
(nobody) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
  canon_ace index 1. Type = allow SID = S-1-22-2-65534 gid 65534
(nobody) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x
  canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
ace_flags = 0x0 perms r-x
[2011/06/02 14:08:00, 10] smbd/posix_acls.c:1116(map_canon_ace_perms)

  map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff

[2011/06/02 14:08:00, 10] smbd/posix_acls.c:1116(map_canon_ace_perms)

  map_canon_ace_perms: Mapped (UNIX) 140 to (NT) 1200a9

[2011/06/02 14:08:00, 10] smbd/posix_acls.c:1116(map_canon_ace_perms)

  map_canon_ace_perms: Mapped (UNIX) 140 to (NT) 1200a9

[2011/06/02 14:08:00, 10] smbd/open.c:496(open_file)

  open_file: Access denied on file examplelk.ru/aaa

[2011/06/02 14:08:00, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr)

  Unlocking key 0E005C70

[2011/06/02 14:08:00,  5] smbd/files.c:474(file_free)

  freed files structure 4932 (0 used)

[2011/06/02 14:08:00, 10] smbd/open.c:3186(create_file_unixpath)

  create_file_unixpath: NT_STATUS_ACCESS_DENIED

[2011/06/02 14:08:00, 10] smbd/open.c:3465(create_file_default)

  create_file: NT_STATUS_ACCESS_DENIED

[2011/06/02 14:08:00, 10] smbd/reply.c:2402(do_unlink)

  SMB_VFS_CREATEFILE failed: NT_STATUS_ACCESS_DENIED

[2011/06/02 14:08:00,  3] smbd/error.c:60(error_packet_set)

  error packet at smbd/reply.c(2637) cmd=6 (SMBunlink)
NT_STATUS_ACCESS_DENIED
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba serving sshfs shares: can't delete files

[TLoD,Snake]

On 06/02/2011 02:23 PM, TLoD,Snake wrote:
 On 06/02/2011 03:58 AM, Jeremy Allison wrote:
 On Wed, Jun 01, 2011 at 02:02:03PM +0400, TLoD,Snake wrote:
 On 05/31/2011 10:26 PM, Jeremy Allison wrote:
 On Tue, May 31, 2011 at 07:43:16PM +0400, TLoD,Snake wrote:
 Hello!

 I have samba share on my sshfs-mounted folder. All works just 
 fine except I can't delete files from sshfs unless they are in 
 0777 chmodded directory. Even if that files were putted trough 
 smbclient. I can read files, write files (regardless their 
 directory permissions) but not delete them.

 Here is my share config:

 [myshare] comment = shre over sshfs path = 
 /home/kli/work/remotes/dev valid users = kli public = no 
 writable = yes printable = no delete readonly = yes read only
 = no force group = kli force user = kli

 Post a debug level 10 log snippet of smbclient attempting to 
 delete files.

 [2011/06/01 13:57:16,  3] param/loadparm.c:9039(lp_load_ex) 
 lp_load_ex: refreshing parameters

 Sorry, this is the client log - I meant a debug level 10 log snipped 
 from smbd when you're trying to delete files using smbclient.

 Jeremy.
 
 I hope this is right part of logfile cause it's quite large.
 
 [2011/06/02 14:08:00, 10] smbd/posix_acls.c:838(print_canon_ace_list)
 
   print_canon_ace_list: canonicalise_acl: ace entries after arrange
 
   canon_ace index 0. Type = allow SID = S-1-22-1-65534 uid 65534
 (nobody) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
   canon_ace index 1. Type = allow SID = S-1-22-2-65534 gid 65534
 (nobody) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r--
   canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
 ace_flags = 0x0 perms r--
 [2011/06/02 14:08:00, 10] smbd/posix_acls.c:1116(map_canon_ace_perms)
 
   map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1e01ff
 
 [2011/06/02 14:08:00, 10] smbd/posix_acls.c:1116(map_canon_ace_perms)
 
   map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089
 
 [2011/06/02 14:08:00, 10] smbd/posix_acls.c:1116(map_canon_ace_perms)
 
   map_canon_ace_perms: Mapped (UNIX) 100 to (NT) 120089
 
 [2011/06/02 14:08:00, 10] smbd/open.c:113(check_open_rights)
 
   check_open_rights: file examplelk.ru/aaa requesting 0x1 returning
 0x1 (NT_STATUS_ACCESS_DENIED)
 [2011/06/02 14:08:00, 10] smbd/posix_acls.c:3372(posix_get_nt_acl)
 
   posix_get_nt_acl: called for file examplelk.ru
 
 [2011/06/02 14:08:00, 10] smbd/posix_acls.c:2522(canonicalise_acl)
 
   canonicalise_acl: Access ace entries before arrange :
 
 [2011/06/02 14:08:00, 10] smbd/posix_acls.c:2535(canonicalise_acl)
 
   canon_ace index 0. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
 ace_flags = 0x0 perms r-x
 [2011/06/02 14:08:00, 10] smbd/posix_acls.c:2535(canonicalise_acl)
 
   canon_ace index 1. Type = allow SID = S-1-22-2-65534 gid 65534
 (nobody) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x
 [2011/06/02 14:08:00, 10] smbd/posix_acls.c:2535(canonicalise_acl)
 
   canon_ace index 2. Type = allow SID = S-1-22-1-65534 uid 65534
 (nobody) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
 [2011/06/02 14:08:00, 10] smbd/posix_acls.c:838(print_canon_ace_list)
 
   print_canon_ace_list: canonicalise_acl: ace entries after arrange
 
   canon_ace index 0. Type = allow SID = S-1-22-1-65534 uid 65534
 (nobody) SMB_ACL_USER_OBJ ace_flags = 0x0 perms rwx
   canon_ace index 1. Type = allow SID = S-1-22-2-65534 gid 65534
 (nobody) SMB_ACL_GROUP_OBJ ace_flags = 0x0 perms r-x
   canon_ace index 2. Type = allow SID = S-1-1-0 other SMB_ACL_OTHER
 ace_flags = 0x0 perms r-x
 [2011/06/02 14:08:00, 10] smbd/posix_acls.c:1116(map_canon_ace_perms)
 
   map_canon_ace_perms: Mapped (UNIX) 1c0 to (NT) 1f01ff
 
 [2011/06/02 14:08:00, 10] smbd/posix_acls.c:1116(map_canon_ace_perms)
 
   map_canon_ace_perms: Mapped (UNIX) 140 to (NT) 1200a9
 
 [2011/06/02 14:08:00, 10] smbd/posix_acls.c:1116(map_canon_ace_perms)
 
   map_canon_ace_perms: Mapped (UNIX) 140 to (NT) 1200a9
 
 [2011/06/02 14:08:00, 10] smbd/open.c:496(open_file)
 
   open_file: Access denied on file examplelk.ru/aaa
 
 [2011/06/02 14:08:00, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr)
 
   Unlocking key 0E005C70
 
 [2011/06/02 14:08:00,  5] smbd/files.c:474(file_free)
 
   freed files structure 4932 (0 used)
 
 [2011/06/02 14:08:00, 10] smbd/open.c:3186(create_file_unixpath)
 
   create_file_unixpath: NT_STATUS_ACCESS_DENIED
 
 [2011/06/02 14:08:00, 10] smbd/open.c:3465(create_file_default)
 
   create_file: NT_STATUS_ACCESS_DENIED
 
 [2011/06/02 14:08:00, 10] smbd/reply.c:2402(do_unlink)
 
   SMB_VFS_CREATEFILE failed: NT_STATUS_ACCESS_DENIED
 
 [2011/06/02 14:08:00,  3] smbd/error.c:60(error_packet_set)
 
   error packet at smbd/reply.c(2637) cmd=6 (SMBunlink)
 NT_STATUS_ACCESS_DENIED

Also I think I have to say that all files on remote server are owned by
remote server's 'nobody'. As I saw in logfile samba tries to locate such
a nobody locally which is wrong cause sshfs will handle translation
local user (any local user due to 'allow_other' option) to remote 

Re: [Samba] Unable to change owner of the file through smbcacls

[Katariya Rahul]

I am able to change owner from User1 to Administrator at Domain 
Controller/active-directory machine.

And after that from linux box, using smbcacls -C DOMAIN\\User1 .. command I 
am able to change owner from Administrator --gt; User1. 

But changing owner from User1 to Administrator using smbcacls is not working.
nbsp;
User1 is in Domain admins, Administrators , backup operators groupnbsp; in 
active directory. 

~rahul

On Wed, 23 Mar 2011 15:11:13 ,  Katariya Rahul  
lt;rahulrahu...@rediffmail.comgt; wrote
Hi ,



I am unable to change owner to Administrator of the file through smbcacls 
command. 



CIFS share is in french domain.



SMBACLS for the file are: 

==

amp;nbsp;smbcacls -n //10.10.18.19/Rahulk\ test /test.txt -U 
es1kr\\èçæreg;ôû%èçæreg;ôû

REVISION:1

OWNER:ES1KR+èçæreg;ôû

GROUP:ES1KR+Utilisa. du domaine

ACL:+Tout le monde:DENIED/0/0x000d0116

ACL:ES1KR+èçæreg;ôû:ALLOWED/0/FULL







amp;nbsp;smbcaclsamp;nbsp; -n //10.10.18.19/Rahulk\ test /test.txt -U 
es1kr\\Administrateur%Qy

Failed to open \test.txt: NT_STATUS_ACCESS_DENIED



amp;nbsp;smbcaclsamp;nbsp; -C es1kr\Administrateur\%Qy 
//10.10.180.169/Rahulk\ test /test.txt -U es1kr\\Administrateur%Qy

Failed to open \test.txt: NT_STATUS_ACCESS_DENIED





===



Although Administrator is not user, it can take ownership at any time. But this 
is not happening.





-- 

To unsubscribe from this list go to the following URL and read the

instructions: nbsp;https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba performance

[Stan Hoeppner]

On 5/25/2011 10:02 PM, Juan Pablo wrote:

 OS access: 
 Simultaneous read (4 processes): 118 MByte/s average

 Samba local access:
 Simultaneous read (4 processes): 102 MByte/s average

 Samba server from Windows 7:
 Simultaneous read (4 terminals):  70 MByte/s average

The first two results above demonstrate a slow disk subsystem not
suitable for streaming multiple files to multiple concurrent clients at
high data rates.  Your spindles are too slow and/or you don't have
enough to satisfy your test methodology.  Four concurrent dd copies
yields 118 MB/s per process, only ~15% disk headroom above wire speed
GbE.  Your smbd+smbclient local process disk bandwidth overhead appears
to be roughly 13 percent.  I don't know what the optimal percent here
should be but 13% above a dd copy process seems reasonable given the
additional data movement through smbd and smbclient buffers.

It is clear that you don't have enough head seek performance for 4 or
more client streams of 1000 x 8MB files.  This doesn't necessarily
address the 30% drop in over the wire to Win7 client performance, but
we'll get to that later.  To confirm the disk deficiency issue, I
recommend the following test:

Make a 2GB tmpfs ramdisk on the server and run your tests against it,
albeit with 200 instead of 1000 8MB files.  Instructions:
http://prefetch.net/blog/index.php/2006/11/30/creating-a-ramdisk-with-linux/

This will tell you if your server block storage subsystem is part of the
problem, and will give you a maximum throughput per Samba process
baseline.  You should get something like 5GB/s+ local smbclient
throughput from a tmpfs ramdisk on that Xeon platform with its raw
25GB/s memory bandwidth.

Run a single Win7 workstation SMB test copy to a freshly booted machine
so most of the memory is free for buffering the inbound files.  This
will mostly eliminate the slow local disk as a bottleneck.

Now run your 4 concurrent Win7 client test and compare to the single
client test results.  This should tell you if you have a bonding problem
or not, either in the server NICs or the switch.

You didn't mention jumbo frames.  Enable jumbo if not already.  It may help.

Something else to consider is that the kernel shipped with CentOS 5.6,
2.6.18, the Pirate kernel, is now 4.5 years old, released in Sept of
2006 (http://kerneltrap.org/node/7144).  There have been just a few
performance enhancements between 2.6.18 and 3.0, specifically to the
network stack. ;)  The CentOS packages are older than dirt as well.  If
you're not wed to CentOS you should look at more recent distros.

-- 
Stan


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba performance

[Juan Pablo]

Thanks a lot for the advice. It will run these tests and try to find 
meaningfull 
information from them. I will post back results.

Thanks

Juan Pablo





From: Volker Lendecke volker.lende...@sernet.de
To: Juan Pablo jhur...@yahoo.com
Cc: Jeremy Allison j...@samba.org; samba@lists.samba.org
Sent: Thu, June 2, 2011 3:49:17 AM
Subject: Re: [Samba] Samba performance

On Wed, Jun 01, 2011 at 06:46:51PM -0700, Juan Pablo wrote:
 Hi Volker,
 
 I've removed the SO_RCVBUF=65536 SO_SNDBUF=65536 and the 3 other setting, 
 reloaded samba and repeated the tests but still getting the same results for 
the 

 local tests and also from Windows.
 
 I am getting the following results in MBytes/s:
 
 Test typeLocal (dd) Local (smbclient) Window 7
 Case1161  101 
  

63
 Case2122  119 
  

 68
 
 Case1: Read 1000 files 8 MByte each
 Case2: 4 processes each reading 1000 files of 8 MByte each
 
 Any idea how can I debug where the bottleneck is or why I get so low numbers 
 when reading from Windows?

strace the smbd process with strace -ttT. Network trace.
Look at netstat -nt while the test is running. Send/Recv
queues full? Run top, is the CPU fully busy? There's no
silver bullet for performance tuning unfortunately, sorry.

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-37-0, fax: +49-551-37-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] winbind issue with Windows 2008 R2 - domain trusts

[Robert Freeman-Day]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 06/01/2011 04:24 PM, Terry wrote:
 On Wed, Jun 1, 2011 at 3:21 PM, Terry td3...@gmail.com wrote:
 Hello,

 I have a problem that just propped up after our windows admin did some
 work. �He introduced some new domain controllers and upgraded the
 domain to 2008 R2. �The primary domain that our linux boxes are in
 seems to work, it's trusted domains. �Here's an example domain:

 FOO.BAR.LOCAL

 The boxes are in the FOO domain and I can getent passwd and see
 accounts in there fine. �I used to be able see accounts in BAR as well
 but now can't.

 I am using samba-3.0.33-3.29.el5_5.1 on RHEL5.2.

 Here's an error I see in the logs. �Not sure

 Jun �1 15:16:01 omadvdss01a winbindd[10772]: [2011/06/01 15:16:01, 0]
 rpc_client/cli_pipe.c:rpc_api_pipe(790)
 Jun �1 15:16:01 omadvdss01a winbindd[10772]: � rpc_api_pipe: Remote
 machine foodc03.foo.bar.local pipe \NETLOGON fnum 0x3returned critical
 error. Error was NT_STATUS_PIPE_DISCONNECTED

 That domain controller referenced in the logs is a new DC he added.
 All windows operations appear to be normal.

 Thoughts?
 Thanks!

 
 Sorry for replying to my own post so early here.  I removed that
 domain controller from my smb.conf and that appears to have fixed
 things.  Anyone have an idea on what the issue could be?
Terry,

The version of samba is quite old and unsupported upstream by the samba
team.  There were many issues with that version and 2008 AD controllers.

RHEL 5.5 on up uses a more up to date version of samba and you can
migrate to that.  Red Hat's release notes detail it a bit more.

There still may be ntlmv2 issues, but as long as there is kerberos
access, things should be okay.
- -- 


Robert Freeman-Day

https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=getsearch=0xBA9DF9ED3E4C7D36
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk3nk9IACgkQup357T5MfTawZwCfedWvHYQC1SPwqHmw8QPB9n+h
a6oAoLnslQNyG24ipnFxfoiefI+g2gX+
=1au8
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba vs Linux file permissions

[John Maher]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello,

I cannot find anything in the documentation or mailing list that
addresses this oddity.

I've installed Samba Version 3.4.7 on Ubuntu Server 10.04, and I'm
utterly confused by samba's behavior regarding permissions.

Users on the server have home directories in /home/chemgroup/username.
(chemgroup is actually a symlink to another volume mounted at
/labs/chemgroup.) Permissions on /lab/chemgroup are:

   drwxrwx---username chemgroup   /labs/chemgroup

Permissions on /lab/group/username are:

   drwxr-x---username chemgroup   /labs/chemgroup/username

Clearly, username has rights to write to /home/chemgroup/username, and
can do so just fine via ssh.

The Samba share is configured as follows:

   [chemgroup]
  comment = Chemistry Group Share
  path = /home/chemgroup
  valid users = @chemgroup
  public = no
  browseable = no
  writeable = yes
  printable = no
  force group = chemgroup
  create mask = 0660
  directory mask = 0770

Note, username is a member of chemgroup.

username can connect to \\server\chemgroup and can create new files and
directories there.  And username can navigate to the username folder
within chemgroup.  BUT, here's where it gets weird . . . username can
create a new file within the chemgroup\username folder, but they cannot
even change the name of the file they just created.  And they can't
delete the file they just created (and couldn't rename).

This same behavior is even presented with Home directories, with the
homes section looking like this:

   [homes]
  comment = Home Directories
  browseable = no
  read only = no
  create mask = 0640
  directory mask = 0750
  valid users = %S

Thank you for any help or guidance.

John

- -- 
* - - - - * - - - - * - - - - * - - - - * - - - - * - - - - * - - - - *
John Maher
Senior Systems and Network Administrator
Department of Biochemistry  Molecular Biology and
Department of Chemistry
University of Massachusetts - Amherst
voice: 413-577-3120  fax: 413-545-4490
OpenPGP Key ID: 0x2970A144


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk3nn9kACgkQG+X1pClwoUQ4MwCaA0LA6XGt9mkOtkHwUfOrkrud
184AoKf+YL0oNNB3caqtEyvbLFe07i/H
=Q2wx
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba serving sshfs shares: can't delete files

[Jeremy Allison]

On Thu, Jun 02, 2011 at 02:33:21PM +0400, TLoD,Snake wrote:
error packet at smbd/reply.c(2637) cmd=6 (SMBunlink)
  NT_STATUS_ACCESS_DENIED
 
 Also I think I have to say that all files on remote server are owned by
 remote server's 'nobody'. As I saw in logfile samba tries to locate such
 a nobody locally which is wrong cause sshfs will handle translation
 local user (any local user due to 'allow_other' option) to remote nobody
 (as it's mounted with remote nobody rights) itself.

smbd has to check at open time to see if an unlink would
succeed (it's just the way Windows does it :-( ). If all
files are owned by 'nobody' and that user doesn't have
write access into the directory that might explain your
problem.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba performance

[Juan Pablo]

Hi Stan,

Thanks for your feedback and suggestions!


The disk subsystem is composed by:

- 8 WD2002FAEX SATA 2TB hard drives (7200 RPM, 64MB cache, 4.2 ms avg latency)
- 1 Intel RAID controller RS2BL080 with 512 MB configured with 1 virtual  drive 
12.7 TB (hardware RAID 5 with 1 MB stripe size, caches enabled,  read-ahead 
enabled)

In your experience, should I expect higher performance from this hardware?

Will try the ramdisk test you are suggesting and post back the results. Thanks 
for the suggestion!

I have jumbo frames enabled in the switches but windows drivers for the Intel 
network cards don't have the option to enable jumbo frames. I also tried 
raising 
the MTU in the linux server but performance was even worse (I thought this was 
related to the windows NIC driver not supporting MTUs larger than 1500).

I also modified windows registry to manually enable smb2 protocol because it 
was 
not negotiating smb2. Do you think of any other optimization that can be done 
on 
the windows terminals?

Thanks

Juan Pablo




From: Stan Hoeppner s...@hardwarefreak.com
To: Juan Pablo jhur...@yahoo.com
Cc: samba@lists.samba.org
Sent: Thu, June 2, 2011 8:50:21 AM
Subject: Re: [Samba] Samba performance

On 5/25/2011 10:02 PM, Juan Pablo wrote:

 OS access: 
 Simultaneous read (4 processes): 118 MByte/s average

 Samba local access:
 Simultaneous read (4 processes): 102 MByte/s average

 Samba server from Windows 7:
 Simultaneous read (4 terminals):  70 MByte/s average

The first two results above demonstrate a slow disk subsystem not
suitable for streaming multiple files to multiple concurrent clients at
high data rates.  Your spindles are too slow and/or you don't have
enough to satisfy your test methodology.  Four concurrent dd copies
yields 118 MB/s per process, only ~15% disk headroom above wire speed
GbE.  Your smbd+smbclient local process disk bandwidth overhead appears
to be roughly 13 percent.  I don't know what the optimal percent here
should be but 13% above a dd copy process seems reasonable given the
additional data movement through smbd and smbclient buffers.

It is clear that you don't have enough head seek performance for 4 or
more client streams of 1000 x 8MB files.  This doesn't necessarily
address the 30% drop in over the wire to Win7 client performance, but
we'll get to that later.  To confirm the disk deficiency issue, I
recommend the following test:

Make a 2GB tmpfs ramdisk on the server and run your tests against it,
albeit with 200 instead of 1000 8MB files.  Instructions:
http://prefetch.net/blog/index.php/2006/11/30/creating-a-ramdisk-with-linux/

This will tell you if your server block storage subsystem is part of the
problem, and will give you a maximum throughput per Samba process
baseline.  You should get something like 5GB/s+ local smbclient
throughput from a tmpfs ramdisk on that Xeon platform with its raw
25GB/s memory bandwidth.

Run a single Win7 workstation SMB test copy to a freshly booted machine
so most of the memory is free for buffering the inbound files.  This
will mostly eliminate the slow local disk as a bottleneck.

Now run your 4 concurrent Win7 client test and compare to the single
client test results.  This should tell you if you have a bonding problem
or not, either in the server NICs or the switch.

You didn't mention jumbo frames.  Enable jumbo if not already.  It may help.

Something else to consider is that the kernel shipped with CentOS 5.6,
2.6.18, the Pirate kernel, is now 4.5 years old, released in Sept of
2006 (http://kerneltrap.org/node/7144).  There have been just a few
performance enhancements between 2.6.18 and 3.0, specifically to the
network stack. ;)  The CentOS packages are older than dirt as well.  If
you're not wed to CentOS you should look at more recent distros.

-- 
Stan
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba performance

[Stan Hoeppner]

On 6/2/2011 2:24 PM, Juan Pablo wrote:
 Hi Stan,
 
 Thanks for your feedback and suggestions!

You're welcome.  Let's hope they're beneficial.

 The disk subsystem is composed by:
 
 - 8 WD2002FAEX SATA 2TB hard drives (7200 RPM, 64MB cache, 4.2 ms avg latency)
 - 1 Intel RAID controller RS2BL080 with 512 MB configured with 1 virtual  
 drive 
 12.7 TB (hardware RAID 5 with 1 MB stripe size, caches enabled,  read-ahead 
 enabled)
 
 In your experience, should I expect higher performance from this hardware?

That depends on your target workload(s).  You're currently achieving
single stream read performance of 780 MB/s, over 110MB/s per drive.
That's a really good streaming read, close to peak drive read performance.

The problem I see is when you have 4 readers (Win7 clients) reading
4,000 files each.  If these are 16,000 unique files, not each Win7
machine reading the same 4,000 files, i.e. no cache benefit, then I
don't think your disk heads are going be able to seek fast enough to
service all the read requests and hit wire speed SMB.  If your
production load will be significantly less than this artificial test
load, you may be fine.

 Will try the ramdisk test you are suggesting and post back the results. 
 Thanks 
 for the suggestion!

The results should be informative, one way or the other.

 I have jumbo frames enabled in the switches but windows drivers for the Intel 
 network cards don't have the option to enable jumbo frames. I also tried 
 raising 
 the MTU in the linux server but performance was even worse (I thought this 
 was 
 related to the windows NIC driver not supporting MTUs larger than 1500).

Lack of jumbo frames is probably hurting your wire performance due to
increased interrupt processing and other factors.  I'm surprised some
Intel NICs don't support jumbo frames.  Must be desktop adapters.  Can
you post the model# of the NICs in the Win7 PCs and those in the server
so I can do some research?

 I also modified windows registry to manually enable smb2 protocol because it 
 was 
 not negotiating smb2. Do you think of any other optimization that can be done 
 on 
 the windows terminals?

I have no experience yet with SMB2 or Win7 so I can't really say.  You
should be able to tune that server and the clients to hit near wire
speed with regular SMB.  I suggest solving that problem first, then
worry about SMB2.

-- 
Stan
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba vs Linux file permissions

[Christian PERRIER]

Quoting John Maher (j...@chem.umass.edu):
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Hello,
 
 I cannot find anything in the documentation or mailing list that
 addresses this oddity.
 
 I've installed Samba Version 3.4.7 on Ubuntu Server 10.04, and I'm
 utterly confused by samba's behavior regarding permissions.
 
 Users on the server have home directories in /home/chemgroup/username.
 (chemgroup is actually a symlink to another volume mounted at
 /labs/chemgroup.) Permissions on /lab/chemgroup are:


How about looking in logfiles (first with log level to 3)?


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[SCM] Samba Shared Repository - branch master updated

[Rusty Russell]

The branch, master has been updated
   via  43ab5aa lib/tdb/python/tests/simple.py: don't assume TDB ordering.
   via  2f67fae samba3sam.py: don't assume order of ldb results.
  from  e98fb2f Remove another PATH_MAX.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 43ab5aa390769ee9b57918cf5b57aa4a22586805
Author: Rusty Russell ru...@rustcorp.com.au
Date:   Thu Jun 2 14:19:38 2011 +0930

lib/tdb/python/tests/simple.py: don't assume TDB ordering.

TDB2 can break this assumption.

Signed-off-by: Rusty Russell ru...@rustcorp.com.au

Autobuild-User: Rusty Russell ru...@rustcorp.com.au
Autobuild-Date: Thu Jun  2 12:07:40 CEST 2011 on sn-devel-104

commit 2f67fae18be13f4bfce009e8639bab74383844cb
Author: Rusty Russell ru...@rustcorp.com.au
Date:   Thu Jun 2 10:22:06 2011 +0930

samba3sam.py: don't assume order of ldb results.

Switching to tdb2 breaks this test horribly, because it relied on the
order of TDB1 traversal.  Fix it to sort te results (by db), then
check them.

Signed-off-by: Rusty Russell ru...@rustcorp.com.au

---

Summary of changes:
 lib/tdb/python/tests/simple.py|4 +-
 source4/scripting/python/samba/tests/samba3sam.py |  306 +++--
 2 files changed, 167 insertions(+), 143 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/tdb/python/tests/simple.py b/lib/tdb/python/tests/simple.py
index f5484a0..99f31d2 100644
--- a/lib/tdb/python/tests/simple.py
+++ b/lib/tdb/python/tests/simple.py
@@ -105,7 +105,9 @@ class SimpleTdbTests(TestCase):
 def test_iterator(self):
 self.tdb[bla] = 1
 self.tdb[brainslug] = 2
-self.assertEquals([bla, brainslug], list(self.tdb))
+l = list(self.tdb)
+l.sort()
+self.assertEquals([bla, brainslug], l)
 
 def test_transaction_cancel(self):
 self.tdb[bloe] = 2
diff --git a/source4/scripting/python/samba/tests/samba3sam.py 
b/source4/scripting/python/samba/tests/samba3sam.py
index a34f0f6..99b9c06 100644
--- a/source4/scripting/python/samba/tests/samba3sam.py
+++ b/source4/scripting/python/samba/tests/samba3sam.py
@@ -30,6 +30,7 @@ from samba.tests import TestCaseInTempDir, env_loadparm
 import samba.dcerpc.security
 import samba.ndr
 from samba.auth import system_session
+from operator import attrgetter
 
 
 def read_datafile(filename):
@@ -439,34 +440,37 @@ objectSid: S-1-5-21-4231626423-2410014848-2360679739-552
 res = self.ldb.search(expression=(revision=x), scope=SCOPE_DEFAULT, 
 attrs=[dnsHostName, lastLogon])
 self.assertEquals(len(res), 2)
-self.assertEquals(str(res[0].dn), self.samba4.dn(cn=Y))
-self.assertEquals(str(res[0][dnsHostName]), y)
-self.assertEquals(str(res[0][lastLogon]), y)
-self.assertEquals(str(res[1].dn), self.samba4.dn(cn=X))
-self.assertEquals(str(res[1][dnsHostName]), x)
-self.assertEquals(str(res[1][lastLogon]), x)
+res = sorted(res, key=attrgetter('dn'))
+self.assertEquals(str(res[0].dn), self.samba4.dn(cn=X))
+self.assertEquals(str(res[0][dnsHostName]), x)
+self.assertEquals(str(res[0][lastLogon]), x)
+self.assertEquals(str(res[1].dn), self.samba4.dn(cn=Y))
+self.assertEquals(str(res[1][dnsHostName]), y)
+self.assertEquals(str(res[1][lastLogon]), y)
 
 # Search by kept attribute
 res = self.ldb.search(expression=(description=y), 
 scope=SCOPE_DEFAULT, attrs=[dnsHostName, lastLogon])
 self.assertEquals(len(res), 2)
-self.assertEquals(str(res[0].dn), self.samba4.dn(cn=Z))
-self.assertEquals(str(res[0][dnsHostName]), z)
+res = sorted(res, key=attrgetter('dn'))
+self.assertEquals(str(res[0].dn), self.samba4.dn(cn=C))
+self.assertTrue(not dnsHostName in res[0])
 self.assertEquals(str(res[0][lastLogon]), z)
-self.assertEquals(str(res[1].dn), self.samba4.dn(cn=C))
-self.assertTrue(not dnsHostName in res[1])
+self.assertEquals(str(res[1].dn), self.samba4.dn(cn=Z))
+self.assertEquals(str(res[1][dnsHostName]), z)
 self.assertEquals(str(res[1][lastLogon]), z)
 
 # Search by renamed attribute
 res = self.ldb.search(expression=(badPwdCount=x), 
scope=SCOPE_DEFAULT,
   attrs=[dnsHostName, lastLogon])
 self.assertEquals(len(res), 2)
-self.assertEquals(str(res[0].dn), self.samba4.dn(cn=B))
+res = sorted(res, key=attrgetter('dn'))
+self.assertEquals(str(res[0].dn), self.samba4.dn(cn=A))
 self.assertTrue(not dnsHostName in res[0])
-self.assertEquals(str(res[0][lastLogon]), y)
-self.assertEquals(str(res[1].dn), self.samba4.dn(cn=A))
+

[SCM] Samba Shared Repository - branch v3-6-test updated

[Karolin Seeger]

The branch, v3-6-test has been updated
   via  d6b991a s3-docs: Fix version.
  from  c5b7912 s3-winbind: BUG 8166 - Don't lockout users when offline.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -
commit d6b991a6dc4ea572d6c1d7678a4649e932cec772
Author: Karolin Seeger ksee...@samba.org
Date:   Thu Jun 2 20:31:22 2011 +0200

s3-docs: Fix version.

s/4.0/3.6/g

Karolin

---

Summary of changes:
 docs-xml/manpages-3/ldbadd.1.xml|2 +-
 docs-xml/manpages-3/ldbdel.1.xml|2 +-
 docs-xml/manpages-3/ldbedit.1.xml   |2 +-
 docs-xml/manpages-3/ldbmodify.1.xml |2 +-
 docs-xml/manpages-3/ldbrename.1.xml |2 +-
 docs-xml/manpages-3/ldbsearch.1.xml |2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages-3/ldbadd.1.xml b/docs-xml/manpages-3/ldbadd.1.xml
index 9d682b1..44f79c9 100644
--- a/docs-xml/manpages-3/ldbadd.1.xml
+++ b/docs-xml/manpages-3/ldbadd.1.xml
@@ -78,7 +78,7 @@
 refsect1
titleVERSION/title
 
-   paraThis man page is correct for version 4.0 of the Samba 
suite./para
+   paraThis man page is correct for version 3.6 of the Samba 
suite./para
 /refsect1
 
 refsect1
diff --git a/docs-xml/manpages-3/ldbdel.1.xml b/docs-xml/manpages-3/ldbdel.1.xml
index 00b8551..4af6b06 100644
--- a/docs-xml/manpages-3/ldbdel.1.xml
+++ b/docs-xml/manpages-3/ldbdel.1.xml
@@ -76,7 +76,7 @@
 refsect1
titleVERSION/title
 
-   paraThis man page is correct for version 4.0 of the Samba 
suite./para
+   paraThis man page is correct for version 3.6 of the Samba 
suite./para
 /refsect1
 
 refsect1
diff --git a/docs-xml/manpages-3/ldbedit.1.xml 
b/docs-xml/manpages-3/ldbedit.1.xml
index bbca0d2..9679c17 100644
--- a/docs-xml/manpages-3/ldbedit.1.xml
+++ b/docs-xml/manpages-3/ldbedit.1.xml
@@ -169,7 +169,7 @@
 refsect1
titleVERSION/title

-   paraThis man page is correct for version 4.0 of the Samba 
suite./para
+   paraThis man page is correct for version 3.6 of the Samba 
suite./para
 /refsect1
 
 refsect1
diff --git a/docs-xml/manpages-3/ldbmodify.1.xml 
b/docs-xml/manpages-3/ldbmodify.1.xml
index 65caa80..ddf6988 100644
--- a/docs-xml/manpages-3/ldbmodify.1.xml
+++ b/docs-xml/manpages-3/ldbmodify.1.xml
@@ -66,7 +66,7 @@
 refsect1
titleVERSION/title
 
-   paraThis man page is correct for version 4.0 of the Samba 
suite./para
+   paraThis man page is correct for version 3.6 of the Samba 
suite./para
 /refsect1
 
 refsect1
diff --git a/docs-xml/manpages-3/ldbrename.1.xml 
b/docs-xml/manpages-3/ldbrename.1.xml
index 6a134f4..9de8492 100644
--- a/docs-xml/manpages-3/ldbrename.1.xml
+++ b/docs-xml/manpages-3/ldbrename.1.xml
@@ -80,7 +80,7 @@
 refsect1
titleVERSION/title
 
-   paraThis man page is correct for version 4.0 of the Samba 
suite./para
+   paraThis man page is correct for version 3.6 of the Samba 
suite./para
 /refsect1
 
 refsect1
diff --git a/docs-xml/manpages-3/ldbsearch.1.xml 
b/docs-xml/manpages-3/ldbsearch.1.xml
index a6eedee..1a5a7bf 100644
--- a/docs-xml/manpages-3/ldbsearch.1.xml
+++ b/docs-xml/manpages-3/ldbsearch.1.xml
@@ -92,7 +92,7 @@
 refsect1
titleVERSION/title
 
-   paraThis man page is correct for version 4.0 of the Samba 
suite./para
+   paraThis man page is correct for version 3.6 of the Samba 
suite./para
 /refsect1
 
 refsect1


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-6-test updated

[Karolin Seeger]

The branch, v3-6-test has been updated
   via  06a02e2 Split the ACE flag mapping between nfs4 and Windows into 
two separate functions rather than trying to do it inline. Allows us to 
carefully control what flags are mapped to what in one place. Modification to 
bug #8191 - vfs_gpfs dosn't honor ACE_FLAG_INHERITED_ACE
   via  009ceea nfs4_acls: pass ACE_FLAG_INHERITED_ACE down from the client
   via  ab1fd07 nfs4_acls: pass ACE_FLAG_INHERITED_ACE up to the client
  from  d6b991a s3-docs: Fix version.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -
commit 06a02e2f698076bcb8164efa15cc7b79ac19c927
Author: Jeremy Allison j...@samba.org
Date:   Tue May 31 15:37:30 2011 -0700

Split the ACE flag mapping between nfs4 and Windows into two separate 
functions rather than trying to do it inline. Allows us to carefully control 
what flags are mapped to what in one place. Modification to bug #8191 - 
vfs_gpfs dosn't honor ACE_FLAG_INHERITED_ACE

commit 009ceeaad12d5b799c0a4249ce473da97a0e3fec
Author: Gregor Beck gb...@sernet.de
Date:   Mon May 23 14:45:57 2011 +0200

nfs4_acls: pass ACE_FLAG_INHERITED_ACE down from the client

Signed-off-by: Michael Adam ob...@samba.org
(cherry picked from commit 817c64f5de65c6ba7cc535446279f769d6552618)

Fix bug #8191

commit ab1fd07266075acb78276ed0e6347c6db11759c2
Author: Gregor Beck gb...@sernet.de
Date:   Mon May 23 14:27:11 2011 +0200

nfs4_acls: pass ACE_FLAG_INHERITED_ACE up to the client

Signed-off-by: Michael Adam ob...@samba.org
(cherry picked from commit b0471303ba50caab7da5f50e6f7d8c4b1c664238)

Fix bug #8191

---

Summary of changes:
 source3/modules/nfs4_acls.c |   67 +-
 source3/modules/nfs4_acls.h |3 +-
 2 files changed, 61 insertions(+), 9 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 91e98f6..be8a505 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -52,6 +52,57 @@ typedef struct _SMB_ACL4_INT_T
SMB_ACE4_INT_T  *last;
 } SMB_ACL4_INT_T;
 
+/
+ Split the ACE flag mapping between nfs4 and Windows
+ into two separate functions rather than trying to do
+ it inline. Allows us to carefully control what flags
+ are mapped to what in one place.
+/
+
+static uint32_t map_nfs4_ace_flags_to_windows_ace_flags(uint32_t 
nfs4_ace_flags)
+{
+   uint32_t win_ace_flags = 0;
+
+   /* The nfs4 flags = 0xf map perfectly. */
+   win_ace_flags = nfs4_ace_flags  (SEC_ACE_FLAG_OBJECT_INHERIT|
+ SEC_ACE_FLAG_CONTAINER_INHERIT|
+ SEC_ACE_FLAG_NO_PROPAGATE_INHERIT|
+ SEC_ACE_FLAG_INHERIT_ONLY);
+
+   /* flags greater than 0xf have diverged :-(. */
+   /* See the nfs4 ace flag definitions here:
+  http://www.ietf.org/rfc/rfc3530.txt.
+  And the Windows ace flag definitions here:
+  librpc/idl/security.idl. */
+   if (nfs4_ace_flags  SMB_ACE4_INHERITED_ACE) {
+   win_ace_flags |= SEC_ACE_FLAG_INHERITED_ACE;
+   }
+
+   return win_ace_flags;
+}
+
+static uint32_t map_windows_ace_flags_to_nfs4_ace_flags(uint32_t win_ace_flags)
+{
+   uint32_t nfs4_ace_flags = 0;
+
+   /* The windows flags = 0xf map perfectly. */
+   nfs4_ace_flags = win_ace_flags  (SMB_ACE4_FILE_INHERIT_ACE|
+ SMB_ACE4_DIRECTORY_INHERIT_ACE|
+ SMB_ACE4_NO_PROPAGATE_INHERIT_ACE|
+ SMB_ACE4_INHERIT_ONLY_ACE);
+
+   /* flags greater than 0xf have diverged :-(. */
+   /* See the nfs4 ace flag definitions here:
+  http://www.ietf.org/rfc/rfc3530.txt.
+  And the Windows ace flag definitions here:
+  librpc/idl/security.idl. */
+   if (win_ace_flags  SEC_ACE_FLAG_INHERITED_ACE) {
+   nfs4_ace_flags |= SMB_ACE4_INHERITED_ACE;
+   }
+
+   return nfs4_ace_flags;
+}
+
 static SMB_ACL4_INT_T *get_validated_aclint(SMB4ACL_T *theacl)
 {
SMB_ACL4_INT_T *aclint = (SMB_ACL4_INT_T *)theacl;
@@ -234,7 +285,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T 
*theacl, /* in */
uint32_t mask;
struct dom_sid sid;
SMB_ACE4PROP_T  *ace = aceint-prop;
-   uint32_t mapped_ace_flags;
+   uint32_t win_ace_flags;
 
DEBUG(10, (magic: 0x%x, type: %d, iflags: %x, flags: %x, mask: 
%x, 
who: %d\n, aceint-magic, ace-aceType, ace-flags,
@@ -271,25 +322,25 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, 

[SCM] Samba Shared Repository - branch v3-6-test updated

[Karolin Seeger]

The branch, v3-6-test has been updated
   via  6aeb139 struct make struct shadow_copy_data its own talloc 
context (cherry picked from commit d77854fbb22bc9237cea14aae1179bbfe3bd0998)
   via  0b78d42 s3: Remove SHADOW_COPY_DATA typedef (cherry picked from 
commit 0ec9a90c29b86435f32c1d47d89df85fa51742f2)
   via  82187ec s3: Support shadow copy display over SMB2
  from  06a02e2 Split the ACE flag mapping between nfs4 and Windows into 
two separate functions rather than trying to do it inline. Allows us to 
carefully control what flags are mapped to what in one place. Modification to 
bug #8191 - vfs_gpfs dosn't honor ACE_FLAG_INHERITED_ACE

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -
commit 6aeb13996b2a7c1529a9083ad1a41c724ae1a35c
Author: Volker Lendecke v...@samba.org
Date:   Mon May 30 12:11:53 2011 +0200

struct make struct shadow_copy_data its own talloc context (cherry picked 
from commit d77854fbb22bc9237cea14aae1179bbfe3bd0998)

The last 3 patches address bug #8189 (Snapshot display not supported over 
SMB2).

commit 0b78d42187ea7da6c14e26dc56b02447aa42eb49
Author: Volker Lendecke v...@samba.org
Date:   Mon May 30 12:06:31 2011 +0200

s3: Remove SHADOW_COPY_DATA typedef (cherry picked from commit 
0ec9a90c29b86435f32c1d47d89df85fa51742f2)

commit 82187ece14c7162baec43a31970ef4ba2561f67b
Author: Volker Lendecke v...@samba.org
Date:   Mon May 30 17:14:56 2011 +0200

s3: Support shadow copy display over SMB2

Autobuild-User: Volker Lendecke vlen...@samba.org
Autobuild-Date: Tue May 31 12:53:10 CEST 2011 on sn-devel-104
(cherry picked from commit 0fcafbf69b345b703dc759518afc8620a7d6f2e8)

---

Summary of changes:
 source3/include/ntioctl.h  |5 +-
 source3/modules/vfs_default.c  |5 +-
 source3/modules/vfs_full_audit.c   |3 +-
 source3/modules/vfs_shadow_copy.c  |7 ++-
 source3/modules/vfs_shadow_copy2.c |6 +-
 source3/modules/vfs_time_audit.c   |2 +-
 source3/smbd/nttrans.c |   24 ++-
 source3/smbd/smb2_ioctl.c  |  121 
 source3/smbd/vfs.c |2 +-
 9 files changed, 146 insertions(+), 29 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/include/ntioctl.h b/source3/include/ntioctl.h
index 41b1dce..18707c5 100644
--- a/source3/include/ntioctl.h
+++ b/source3/include/ntioctl.h
@@ -77,13 +77,12 @@
 /* For FSCTL_GET_SHADOW_COPY_DATA ...*/
 typedef char SHADOW_COPY_LABEL[25];
 
-typedef struct shadow_copy_data {
-   TALLOC_CTX *mem_ctx;
+struct shadow_copy_data {
/* Total number of shadow volumes currently mounted */
uint32 num_volumes;
/* Concatenated list of labels */
SHADOW_COPY_LABEL *labels;
-} SHADOW_COPY_DATA;
+};
 
 
 #endif /* _NTIOCTL_H */
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 5d6b512..4d06a10 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -84,7 +84,10 @@ static int vfswrap_set_quota(struct vfs_handle_struct 
*handle,  enum SMB_QUOTA_T
 #endif
 }
 
-static int vfswrap_get_shadow_copy_data(struct vfs_handle_struct *handle, 
struct files_struct *fsp, SHADOW_COPY_DATA *shadow_copy_data, bool labels)
+static int vfswrap_get_shadow_copy_data(struct vfs_handle_struct *handle,
+   struct files_struct *fsp,
+   struct shadow_copy_data 
*shadow_copy_data,
+   bool labels)
 {
errno = ENOSYS;
return -1;  /* Not implemented. */
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index a723a0c..17713f0 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -695,7 +695,8 @@ static int smb_full_audit_set_quota(struct 
vfs_handle_struct *handle,
 
 static int smb_full_audit_get_shadow_copy_data(struct vfs_handle_struct 
*handle,
struct files_struct *fsp,
-   SHADOW_COPY_DATA *shadow_copy_data, bool labels)
+   struct shadow_copy_data *shadow_copy_data,
+   bool labels)
 {
int result;
 
diff --git a/source3/modules/vfs_shadow_copy.c 
b/source3/modules/vfs_shadow_copy.c
index b93f98d..1db47d2 100644
--- a/source3/modules/vfs_shadow_copy.c
+++ b/source3/modules/vfs_shadow_copy.c
@@ -216,7 +216,10 @@ static int shadow_copy_closedir(vfs_handle_struct *handle, 
SMB_STRUCT_DIR *_dirp
return 0;   
 }
 
-static int shadow_copy_get_shadow_copy_data(vfs_handle_struct *handle, 
files_struct *fsp, SHADOW_COPY_DATA *shadow_copy_data, bool labels)
+static int shadow_copy_get_shadow_copy_data(vfs_handle_struct *handle,
+