Re: [Samba] How to check the password complexity in samba
>Who changed users' password? >"check password script" affects only for normal user. I run smbldap-passwd as root dn and gui (srvtools) as domain admins 2011/9/12 TAKAHASHI Motonobu > From: Alex Domoradov > Date: Mon, 12 Sep 2011 17:09:29 +0300 > > > Hi all, can someone give a working example for checking the password > > complexity in samba? > > (snip) > > > 4. Add the following line to the smb.conf and restart samba > > > > check password script = /usr/bin/crackcheck -d > /usr/share/cracklib/pw_dict > > > > But when I change user password from command line (smbldap-passwd) or via > > gui (srvtools), there is no warning. Even if I set 123 as password. > > > > Am I missing something? > > Who changed users' password? > "check password script" affects only for normal user. > > --- > TAKAHASHI Motonobu > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] passdb backend issue: setting other than 'smbpasswd' does not work
I'm currently running the samba3x packages on Centos 5.6. I recently switched to them from the SERnet Samba 3.3 packages to Centos Samba3x packages (smbd now reports Version 3.5.4-0.70.el5_6.1). At the same time, I switched to ldapsam as a backend. Everything seemed to be working fine until I tried to change a user's password with smbpasswd (as root). smbpasswd did not report any errors, and pdbedit shows the "last update" for that password to match when I ran smbpasswd. However, the updated password does not work to log in with smbclient. I then switched to tdbsam, assuming that I had screwed up part of the ldap setup. I saw the same issues. Switching to the smbpasswd backend has everything working, but I'd rather hoped to switch everything over to LDAP so I can integrate some of our other systems in one directory. I can pull logs, but I'm not sure which logs and debugging levels are most useful—there were no error messages even with the loglevel set to 5 during the smbpasswd run, and the access rejection comes up as NT_STATUS_WRONG_PASSWORD. It *seems* like smbd is reading from smbpasswd regardless of the passdb backend setting and that the smbpasswd utility is updating the correct backend based on the smb.conf setting. I did run a "service smbd reload" each time I changed the config file. Any suggestions? Kevin T. Broderick IT & Communications Coordinator KILLINGTON MOUNTAIN SCHOOL E: kbroder...@killingtonmountainschool.org P: 802-422-5671 F: 802-422-5678 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can't turn on wide links in homedir
On 12. 9. 2011 19:21, Jeremy Allison wrote: > We needed to make it impossible to configure Samba insecurely. > At the time this was proposed, it was posted to the list and > no dissenting voices were heard. > > Since then there have been a couple of people with the desire > to configure Samba in a completely insecure mode like yourself, > and there is a proposed patch to allow Samba to be run with > this known security hole. As you may imagine, I'm not too keen > on this but we may decide to add it in for people who desire > insecure setups. > > Jeremy. Well, I'm not too sure about the real security implications of this thing. I could restrict the flag to homedirs only - and since homedirs are private to the person accessing them, unless the user symlinks / into his public_html dir it shouldn't be that bad... but I can understand that someone wishing to lock down a system would want to minimize risks (although then why does he give out local ssh accounts). For my personal use I dug through the sources a bit and disabled the stuff in widelinks_warning() and lp_widelinks(), so there's no particular time pressure from my side :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can't turn on wide links in homedir
On Mon, Sep 12, 2011 at 02:21:12PM +0200, umage wrote: > Hi, I discovered that it's not possible to run 'wide links' and > 'unix entensions' at the same time - there are source-level blockers > in place that will disable wide links and write a log entry. I > traced this to https://bugzilla.samba.org/show_bug.cgi?id=7104 and > http://www.samba.org/samba/news/symlink_attack.html ... > > However, I run a private home LAN server that already exposes / > (root) as a share to all authenticated (and unauthenticated) > clients. Therefore this issue is irrelevant to me. Furthermore, I > want to organize some per-user directories (~/public_html for www, > ~/storage for large files, and so on) in a separate location, and I > can't do this without wide links. The restriction kills off my usage > scenario. Sorry about that. > When the abovementioned 'security' fixes were done, why weren't the > developers content with just changing the defaults, and maybe > printing a warning on startup? Why did they add this restriction > without a way to turn it off? Should I file a bugreport to have > these blockers removed? We needed to make it impossible to configure Samba insecurely. At the time this was proposed, it was posted to the list and no dissenting voices were heard. Since then there have been a couple of people with the desire to configure Samba in a completely insecure mode like yourself, and there is a proposed patch to allow Samba to be run with this known security hole. As you may imagine, I'm not too keen on this but we may decide to add it in for people who desire insecure setups. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can't add users to well known groups...
François Legal wrote: Not sure if this is relevant, but if (first case shown down here) "Domain Admins" is not so much a group but a map to unix group, I'm not surprised that you can't add users to this using sambe. I would rather use /etc/group or whatever to add users to the unix group mapped Good point, 2 things: 1) My userid/login 'should' already be listed in the group, (as it IS in /etc/group), but wins doesn't return the members that SHOULD be listed in the group). 2) It is has scripts to modify users, groups and machines... (add & delete), in a most primitive form, it could delete group/ re-add group w/new member list. --- It just occurred to me, that maybe it's confusing itself -- in that, currently, Samba mangles the casename of groups/users to lower case and hosts/domains to upper case. Current versions of windows don't do this -- they ignore but preserve case (unless there is some pre-existing copy of the name already in some other 'case', in which case it will convert your typed input into the 'pre-existing copy'. But unix/linux not only doesn't change case, it doesn't ignore them either, so if it took something like Domain Admins, and changed it to 'domain admins', it wouldn't match the group name when it tried to look it up. Nevertheless, the lookup problem, was definitely caused by code that in the patched files files that tells it not to deal with 'well known groups' -- regardless if they are mappings or not... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba: Domain "Skolelinux" not available if IP beyond 10.0.2.239
Hi On 8 September 2011 15:10, RalfGesellensetter wrote: > Dear list, > > our Debian Edu system used to be stable like a rock. > After holidays, I encountered an issue as follows: > > The last 8 of 20 clients in our cabinet cannot log in to samba, > their message is "domain not available". > > I checked cables and switches - and IPs (from 2nd boot > partition running Debian Edu without problem), nothing > that differs from other machines. > > It stroke me that all clients concerned were in an IP range > of 10.0.2.240 upwards (static190). > > Then, I changed dhcpd.conf, giving those clients lower IPs > (there was a gap in static62..70). > > And, indeed: Now those clients were also able to login! > All butt the last one (that got no free IP in dhcpd). > > There were no other changes AFAIK, can anybody explain > this behaviour, i.e. rejection of clients with specific IPs? > > Thank you very much, > I like to sort out the origin of this issue ASAP, because > I need to report tickets to our support compony (without > giving them the chance to blame Skolelinux) > > Bye > Ralf > > P.S.: Maybe there is a connection to this changes: > - I added a course of 85 students, now we got >> 1000 users) > - I added a corresponding share > - another share (restricted access) is not available anymore > recently, while testparm reports no issues, and any other > share is working. Check that the server can ping the clients and vice versa. Also check the netmask on the server and clients to make sure it is correct (probably 255.255.255.0). Have a look at the hosts allow/hosts deny parameters in smb.conf to make sure that they are not restricting access to some of the machines. -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to check the password complexity in samba
From: Alex Domoradov Date: Mon, 12 Sep 2011 17:09:29 +0300 > Hi all, can someone give a working example for checking the password > complexity in samba? (snip) > 4. Add the following line to the smb.conf and restart samba > > check password script = /usr/bin/crackcheck -d /usr/share/cracklib/pw_dict > > But when I change user password from command line (smbldap-passwd) or via > gui (srvtools), there is no warning. Even if I set 123 as password. > > Am I missing something? Who changed users' password? "check password script" affects only for normal user. --- TAKAHASHI Motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How to check the password complexity in samba
Hi all, can someone give a working example for checking the password complexity in samba? I have tried the next one 1. Download and extract samba-3.4.15.tar.zg. Go to samba-3.4.15/examples/auth/crackcheck and compile crackcheck 2. Copy crackcheck binary to the /usr/bin/ 3. Check that the program working correctly # /usr/bin/crackcheck -d /usr/share/cracklib/pw_dict 123 ERR - it is too short # /usr/bin/crackcheck -d /usr/share/cracklib/pw_dict AV7OaV2BRr Looks good. 4. Add the following line to the smb.conf and restart samba check password script = /usr/bin/crackcheck -d /usr/share/cracklib/pw_dict But when I change user password from command line (smbldap-passwd) or via gui (srvtools), there is no warning. Even if I set 123 as password. Am I missing something? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fwd: Re: Can't add users to well known groups...
Forgot to CC the list. Original Message SUBJECT: Re: [Samba] Can't add users to well known groups... DATE: Mon, 12 Sep 2011 15:51:31 +0200 FROM: François Legal TO: Linda Walsh Not sure if this is relevant, but if (first case shown down here) "Domain Admins" is not so much a group but a map to unix group, I'm not surprised that you can't add users to this using sambe. I would rather use /etc/group or whatever to add users to the unix group mapped. François On Sat, 10 Sep 2011 12:08:32 -0700, Linda Walsh wrote: > Harry Jede wrote: > >> On 15:48:09 wrote Linda Walsh: >> >>> I created the well known group Domain Admins pointing to a local group, but I am not able to add users to the group -- it claims I can only add users to local or global groups... But I only see local, domain ,well-known, builtin. There are no global groups unless one would include all groups that are not local (i.e. domain, well-known, and builtin) So why doesn't it want to let me add to my domain admins group when it is defined as a well known group (which it is, according to MS)... >> Nobody may be able to answer your questions, if you dont give us some background information! something like: which samba version which sam, ldapsam or tdbsam do you use winbind your global section of samba conf the commands you have used which well knwon groups you have cureently --- > > Sorry... > running with latest 3.5.x: 3.5.11 as of this writing. > Using Tdb & winbind. > Since I as having problems with Domain Admins, tried deleting > it and recreating it as a domain group (so it doesn't show, below, as a > 'well known group, but a domain group (even though it should be both)). > -- > >> sudo net -l groupmap list > > Domain Users > SID : S-1-5-21-3-7-3-513 > Unix gid : 513 > Unix group: Domain Users > Group type: Well-known Group > Comment : Wellknown Unix group > man > SID : S-1-5-21-3-7-3-1028 > Unix gid : 62 > Unix group: man > Group type: Domain Group > Comment : Unix Group man > Domain Controllers > SID : S-1-5-21-3-7-3-516 > Unix gid : 516 > Unix group: Domain Controllers > Group type: Well-known Group > Comment : Wellknown Unix group > Backup Operators > SID : S-1-5-32-551 > Unix gid : 551 > Unix group: Backup Operators > Group type: Well-known Group > Comment : Wellknown Unix group > Power Users > SID : S-1-5-32-547 > Unix gid : 547 > Unix group: Power Users > Group type: Well-known Group > Comment : Wellknown Unix group > Cert Publishers > SID : S-1-5-21-3-7-3-517 > Unix gid : 517 > Unix group: Cert Publishers > Group type: Well-known Group > Comment : Wellknown Unix group > Replicators > SID : S-1-5-32-552 > Unix gid : 552 > Unix group: Replicators > Group type: Well-known Group > Comment : Wellknown Unix group > Domain Admins > SID : S-1-5-21-3-7-3-544 > Unix gid : 512 > Unix group: Domain Admins > Group type: Domain Group > Comment : Domain Unix group > Juno > SID : S-1-5-21-3-7-3-1005 > Unix gid : 231 > Unix group: Juno > Group type: Domain Group > Comment : Juno Printer Group > media > SID : S-1-5-21-3-7-3-1017 > Unix gid : 20001 > Unix group: media > Group type: Domain Group > Comment : Unix Group media > Administrators > SID : S-1-5-32-544 > Unix gid : 544 > Unix group: Administrators > Group type: Well-known Group > Comment : Wellknown Unix group > Domain Guests > SID : S-1-5-21-3-7-3-514 > Unix gid : 514 > Unix group: Domain Guests > Group type: Well-known Group > Comment : Wellknown Unix group > Trusted Local Net Users > SID : S-1-5-21-3-7-3-50002 > Unix gid : 50002 > Unix group: trusted_local_net_users > Group type: Domain Group > Comment : Trusted Local Net Users > Account Operators > SID : S-1-5-32-548 > Unix gid : 548 > Unix group: Account Operators > Group type: Well-known Group > Comment : Wellknown Unix group > Schema Admins > SID : S-1-5-21-3-7-3-518 > Unix gid : 518 > Unix group: Schema Admins > Group type: Well-known Group > Comment : Wellknown Unix group > RAS Servers > SID : S-1-5-32-553 > Unix gid : 10123 > Unix group: BUILTINras servers > Group type: Local Group > Comment : > scan > SID : S-1-5-21-3-7-3-1006 > Unix gid : 232 > Unix group: scan > Group type: Local Group > Comment : Local Unix group > Users > SID : S-1-5-32-545 > Unix gid : 1 > Unix group: BUILTINusers > Group type: Local Group > Comment : > Domain Computers > SID : S-1-5-21-3-7-3-515 > Unix gid : 515 > Unix group: Domain Computers > Group type: Well-known Group > Comment : Wellknown Unix group > Domain Administrator > SID : S-1-5-21-3-7-3-500 > Unix gid : 500 > Unix group: Domain Administrator > Group type: Well-known Group > Comment : Wellknown Unix group > Print Operators > SID : S-1-5-32-550 > Unix gid : 550
[Samba] UNIX group updates with Samba 3.0.28
Hi, I am using Samba on Nexenta 3.1.1 which is why the version is pretty old. I am seeing that Samba daemons do not see group membership changes until I do a samba restart or kill the PIDs specific for the shares I need updated. When I tried doing the same on an Ubuntu machine, I remember that Samba was able to see the changes as they happened (was using Samba 3.5+). I've read somewhere in an old forum post that Samba daemons refresh the contents of /etc/group on load. I'm guessing that might have been changed at some time. I couldn't find any configuration differences that might explain the different behavior. My question is whether there's anything I can do with the version I have (3.0.28) to get Samba to refresh /etc/group which does not involve killing processes and disrupting access. Using reload (SIGHUP) does not help. Thanks, Leeor. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] can't turn on wide links in homedir
Hi, I discovered that it's not possible to run 'wide links' and 'unix entensions' at the same time - there are source-level blockers in place that will disable wide links and write a log entry. I traced this to https://bugzilla.samba.org/show_bug.cgi?id=7104 and http://www.samba.org/samba/news/symlink_attack.html ... However, I run a private home LAN server that already exposes / (root) as a share to all authenticated (and unauthenticated) clients. Therefore this issue is irrelevant to me. Furthermore, I want to organize some per-user directories (~/public_html for www, ~/storage for large files, and so on) in a separate location, and I can't do this without wide links. The restriction kills off my usage scenario. When the abovementioned 'security' fixes were done, why weren't the developers content with just changing the defaults, and maybe printing a warning on startup? Why did they add this restriction without a way to turn it off? Should I file a bugreport to have these blockers removed? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fwd: After a few time lost access to the Samba server (server samba - a member of the AD Win2k3)
Who would have thought The problem was the presence of CNAME-record for the current server in DNS. Sorry for my English ... Kramarenko A. Maksim писал(а) в своём письме Fri, 09 Sep 2011 22:49:25 +0400: A small addition: When lost access to the server by name - when accessing the server by IP address, for example, \\10.0.0.11\ - access is granted. Kramarenko A. Maksim писал(а) в своём письме Fri, 09 Sep 2011 15:51:21 +0400: Hello! For a long time struggling with the problem with SAMBA, is I would appreciate your help! Problem: After some time working with files on the file server unexpectedly lost access to that server. When you try to access the server using windows explorer - a window of login / password. When you enter a correct username / password - again the same window with the introduction of a login / password. This problem can occur in some domain users that work for specific computers. Other users - are working "round the clock" without fail. For example, one computer work 2nd shift users. At the same time a single user problem occurs, the second - no. Accordingly, the falling off network printing and file access. After rebooting, or just logout / login the user computer - access is restored. Configuration: Samba is authenticated in the domain via winbind. Clients - most of WinXP. Distributors and samba version: ===bash== files ~ # cat /etc/debian_version 6.0.2 files ~ # uname -a Linux files 2.6.32-5-686 #1 SMP Mon Jun 13 04:13:06 UTC 2011 i686 GNU/Linux files ~ # dpkg -l | grep samba ii samba 2:3.5.6~dfsg-3squeeze4 SMB/CIFS file, print, and login server for Unix ii samba-common 2:3.5.6~dfsg-3squeeze4 common files used by both the Samba server and client ii samba-common-bin 2:3.5.6~dfsg-3squeeze4 common files used by both the Samba server and client files ~ # dpkg -l | grep winbi ii libwbclient0 2:3.5.6~dfsg-3squeeze4 Samba winbind client library ii winbind2:3.5.6~dfsg-3squeeze4 Samba nameservice integration server ===bash== config samba and network: ===bash== files ~ # testparm -s Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section "[printers]" Processing section "[print$]" Processing section "[homes]" Processing section "[backup$]" Processing section "[install$]" .. Loaded services file OK. WARNING: You have some share names that are longer than 12 characters. These may not be accessible to some older clients. (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.) Server role: ROLE_DOMAIN_MEMBER [global] workgroup = SAG realm = SAG.LOCAL server string = Файловый сервер security = ADS auth methods = winbind obey pam restrictions = Yes password server = dc.sag.local dc2.sag.local username map = /etc/samba/userssmb log file = /var/log/samba/log.%m smb ports = 139 lpq cache time = 5 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 usershare path = panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 template homedir = /backup/SAG/%U winbind separator = ^ winbind cache time = 600 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = Yes winbind offline logon = Yes cups options = raw veto files = /autorun.inf/AUTORUN.INF/.*/Thumbs.db/ hide files = /$RECYCLE.BIN/desktop.ini/lost+found/Thumbs.db/ [printers] comment = Очередь печати SMB path = /var/spool/samba printable = Yes browseable = No [print$] comment = Драйверы принтера path = /var/lib/samba/printers [homes] comment = Личная папка пользователя %U read only = No browseable = No [backup$] comment = Инсталяхи path = /shares/backup read only = No [install$] comment = Инсталяхи path = /shares/install read only = No veto files = files ~ # cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat winbind group: compat winbind shadow: compat winbind hosts: files dns wins netw
[Samba] samba 3.6.0 compile error --enable-external-libtdb=yes (works for samba-3.5.11)
Hello I'm trying to compile samba-3.6.0 on a RHEL6 server (relevant options below): --with-libtalloc=no \ --enable-external-libtalloc=yes \ --with-libtdb=no --enable-external-libtdb=yes This does not work, I get an error "Unable to find libtdb". However: libtdb-devel-1.2.1-3.el6.i686 libtdb-1.2.1-3.el6.i686 have been installed. This works fine when I try to build samba-3.5.11 on the same machine. What's has changed? I could find that in Fedora Rawhide they have disabled this option in the spec file but without specifying a reason: http://permalink.gmane.org/gmane.network.samba.internals/55452 Kind regards Werner -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Increasing max stat cache
Okay... I read about 'stat cache size' on this page - http://www.samba.org/samba/docs/using_samba/ch11.html which says that it is the number of entries. But the man page ( http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html) states that 'max stat cache size' is the number specified into kilobytes of space provided for 'stat cache'. So now my question is, how many kilobytes would it take to say store something like 100,000 stat entries. And what is the default and maximum TTL for these entries? Regards, Indivar Nair On Mon, Sep 12, 2011 at 12:31 PM, Indivar Nair wrote: > Hi ..., > > We have a Lustre Storage with large directories. Many of these directories > contain thousands of files and we have hundreds of such directories. > Directory Listing on Lustre is very slow, due to the nature of most > Parallel File Systems design. It takes around 4 Secs (during non-peak hours) > to list a 2000 file directory. And during heavy load times, this goes upto > 10-11 Secs. > > Since all the users access the storage through a Samba gateway, we were > thinking whether Samba could help us solve this problem. > > Here are my queries - > 1. What is the finite upper limit of 'max_stat_cache' value? Not the > unlimited '0' option. > 2. How much cache space does storing a typical stat consume? In other words > I would like to know how much memory will we require to cache obscene > amounts of Stat information? > 3. Can we increase the max_stat_cache TTL? Since the files once created, > never ever change, I would like to set this to a very High value. > 4. Is there anything else that I should look for, on increasing the > 'max_stat_cache' value? > > Regards, > > > Indivar Nair > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 alpha17 GIT raise domain functional level
On 11/09/11 19:21, Matthias Dieter Wallnöfer wrote: Fix has been checked in, the parameters "domain" and "forest" have been renamed into "domain-level" and "forest-level" for further clarification. Matthias Matthias Dieter Wallnöfer wrote: There has been a porting error from the old to the new implementation of this "samba-tool" command. Since I am the original author of this code I will try to figure out how to re-add the "domain" option. Matthias Matthieu Patou wrote: On 06/09/2011 13:53, a.key wrote: Hi. We are using samba4 as our production AD for a while in a mixed (XP, win2k3, win7, win2k8) environment. This post: http://lists.samba.org/archive/samba-technical/2011-February/076525.html mentions that to raise the functional level one should use this command: samba-tool domainlevel raise --domain=2008 --forest=2008 but in our current git version this command doesn't work due to the fact that there is no --domain switch as shown below: # samba-tool domain level --help Usage: samba-tool domain level (show | raise ) Options: -h, --help show this help message and exit -H URL, --URL=URL LDB URL for database or target server --quiet Be quiet --forest=FOREST The forest function level (2003 | 2008 | 2008_R2) Samba Common Options: -s FILE, --configfile=FILE Configuration file -d DEBUGLEVEL, --debuglevel=DEBUGLEVEL debug level --option=OPTION set smb.conf option from command line --realm=REALM set the realm name Credentials Options: --simple-bind-dn=DN DN to use for a simple bind --password=PASSWORD Password -U USERNAME, --username=USERNAME Username -W WORKGROUP, --workgroup=WORKGROUP Workgroup -N, --no-pass Don't ask for a password -k KERBEROS, --kerberos=KERBEROS Use Kerberos --ipaddress=IPADDRESS IP address of server Version Options: --version Display version number and when I'm trying to raise the forest level the tools says that the domain functional level needs to be raised first. What's the proper way of raising the functional level in recent git is ? Looks like a regression, you should file a bug in https://bugzilla.samba.org. Matthieu. Thanks ! I'll update our git and will test later. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Increasing max stat cache
Hi ..., We have a Lustre Storage with large directories. Many of these directories contain thousands of files and we have hundreds of such directories. Directory Listing on Lustre is very slow, due to the nature of most Parallel File Systems design. It takes around 4 Secs (during non-peak hours) to list a 2000 file directory. And during heavy load times, this goes upto 10-11 Secs. Since all the users access the storage through a Samba gateway, we were thinking whether Samba could help us solve this problem. Here are my queries - 1. What is the finite upper limit of 'max_stat_cache' value? Not the unlimited '0' option. 2. How much cache space does storing a typical stat consume? In other words I would like to know how much memory will we require to cache obscene amounts of Stat information? 3. Can we increase the max_stat_cache TTL? Since the files once created, never ever change, I would like to set this to a very High value. 4. Is there anything else that I should look for, on increasing the 'max_stat_cache' value? Regards, Indivar Nair -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba