Re: [Samba] ZFS on Linux + ACLs
Thanks, I will try it. - Original Message - From: Maximilian Mehnert To: Adrian Berlin Subject: Re: [Samba] ZFS on Linux + ACLs Date: Wed, 15 May 2013 06:25:00 +0200 Adrian Berlin writes: Hello, Does anyone test ZFS on Linux and ACLs? I can't setup POSIX ACLs and any extended even using acl_xattr or acl_tdb. Is any way to use ACLs with ZFS on Linux (Samba 3 or 4)? Best regards /Adrian Berlin In the meantime, I edited the samba source to disregard posix ACLs and modified all shares to only use acl_xattr. Probably that is a solution for you... diff --git a/debian/patches/eat-posix-acls.patch b/debian/patches/eat-posix-acls.patch new file mode 100644 index 000..ea32642 --- /dev/null +++ b/debian/patches/eat-posix-acls.patch @@ -0,0 +1,13 @@ +diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c +index 34747d3..016c4d1 100644 +--- a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c +@@ -2930,7 +2930,7 @@ static bool convert_canon_ace_to_posix_perms( files_struct *fsp, canon_ace *file + DEBUG(3,(convert_canon_ace_to_posix_perms: Too many ACE + entries for file %s to convert to posix perms.\n, + fsp_str_dbg(fsp))); +- return False; ++ //return False; + } + + for (ace_p = file_ace_list; ace_p; ace_p = ace_p-next) \{ diff --git a/debian/patches/series b/debian/patches/series index fcf2d10..c042703 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -21,3 +21,4 @@ smbtorture-manpage.patch libutil_drop_AI_ADDRCONFIG.patch shadow_copy2_backport.patch only_export_public_symbols.patch +eat-posix-acls.patch -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ZFS on Linux + ACLs
Hello, Does anyone test ZFS on Linux and ACLs? I can't setup POSIX ACLs and any extended even using acl_xattr or acl_tdb. Is any way to use ACLs with ZFS on Linux (Samba 3 or 4)? Best regards /Adrian Berlin -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ZFS on Linux + ACLs
Yep, i read it before. Maybe is any other way? - Original Message - From: Edward Ashley To: Adrian Berlin Cc: samba@lists.samba.org Subject: Re: [Samba] ZFS on Linux + ACLs Date: Mon, 13 May 2013 12:31:54 +0100 https://github.com/zfsonlinux/zfs/issues/170 On 13 May 2013 12:12, Adrian Berlin g...@rock.com wrote: Hello, Does anyone test ZFS on Linux and ACLs? I can't setup POSIX ACLs and any extended even using acl_xattr or acl_tdb. Is any way to use ACLs with ZFS on Linux (Samba 3 or 4)? Best regards /Adrian Berlin -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Edward Ashley = Developer - e. n...@redmonkeysoftware.com u. www.redmonkeysoftware.com t. 0845 867 3849 f. 0845 867 4127 Red Monkey Software | Superior Software Solutions Red Monkey Software Ltd, 24 The Layne, Elmer Sands, Bognor Regis, West Sussex. PO22 6JL Registered in England and Wales no 5923420 Registered Office: 20 Springfield Road, Crawley, West Sussex, RH11 8AD -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS ACL with SMB2
Hi! Thanks for reply. Debug file with level 10 attached. Best regards /Adrian Berlin - Original Message - From: Jeremy Allison To: Adrian Berlin Cc: samba@lists.samba.org Subject: Re: [Samba] VFS ACL with SMB2 Date: Tue, 20 Nov 2012 10:50:43 -0800 On Tue, Nov 20, 2012 at 10:47:19AM +0100, Adrian Berlin wrote: Hi! Do you have any feedback? Best regards/Adrian Berlin At this point you need to log a bug and attach a debug level 10 log showing the problem. Hope this helps, Jeremy. -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS ACL with SMB2
Hi! Thanks for reply. Debug file with level 10 attached. Best regards /Adrian Berlin - Original Message - From: Jeremy Allison To: Adrian Berlin Cc: samba@lists.samba.org Subject: Re: [Samba] VFS ACL with SMB2 Date: Tue, 20 Nov 2012 10:50:43 -0800 On Tue, Nov 20, 2012 at 10:47:19AM +0100, Adrian Berlin wrote: Hi! Do you have any feedback? Best regards/Adrian Berlin At this point you need to log a bug and attach a debug level 10 log showing the problem. Hope this helps, Jeremy. -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS ACL with SMB2
Hi! Do you have any feedback? Best regards/Adrian Berlin - Original Message - From: Adrian Berlin To: Jeremy Allison Cc: samba@lists.samba.org Subject: Re: [Samba] VFS ACL with SMB2 Date: Tue, 6 Nov 2012 08:57:49 +0100 Hi! The problem was described some time ago: https://lists.samba.org/archive/samba/2012-October/169455.html But no one replied :/ So I want to use VFS ACL against POSIX ACL. I have Linux Debian + SAMBA 3.6.7 + XFS And my question is does VFS ACLs working properly with SMB2? Best regards /Adrian Berlin - Original Message - From: Jeremy Allison To: Adrian Berlin Cc: samba@lists.samba.org Subject: Re: [Samba] VFS ACL with SMB2 Date: Mon, 5 Nov 2012 11:18:20 -0800 On Mon, Nov 05, 2012 at 04:50:30PM +0100, Adrian Berlin wrote: Hello, I have a question because POSIX ACL with SMB2 max protocol does not work properly.Did you test VFS xattr acls with SMB2 max protocol? Is it working corectly? Samba version number and exact explaination of the problem please ! Jeremy. -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] VFS ACL with SMB2
Hello, I have a question because POSIX ACL with SMB2 max protocol does not work properly.Did you test VFS xattr acls with SMB2 max protocol? Is it working corectly? Best regards/Adrian Berlin -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS ACL with SMB2
Hi! The problem was described some time ago: https://lists.samba.org/archive/samba/2012-October/169455.html But no one replied :/ So I want to use VFS ACL against POSIX ACL. I have Linux Debian + SAMBA 3.6.7 + XFS And my question is does VFS ACLs working properly with SMB2? Best regards /Adrian Berlin - Original Message - From: Jeremy Allison To: Adrian Berlin Cc: samba@lists.samba.org Subject: Re: [Samba] VFS ACL with SMB2 Date: Mon, 5 Nov 2012 11:18:20 -0800 On Mon, Nov 05, 2012 at 04:50:30PM +0100, Adrian Berlin wrote: Hello, I have a question because POSIX ACL with SMB2 max protocol does not work properly.Did you test VFS xattr acls with SMB2 max protocol? Is it working corectly? Samba version number and exact explaination of the problem please ! Jeremy. -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with POSIX ACL when using SMB2 protocol
local master = No domain master = No dns proxy = No ldap admin dn = cn=admin,dc=server,dc=local ldap suffix = dc=server,dc=local ldap ssl = no lock directory = /usr/local/samba/var/locks pid directory = /tmp usershare path = /usr/local/samba/var/locks/usershares template homedir = /home/winnt/%D/%U template shell = /bin/bash winbind separator = + winbind enum users = Yes winbind enum groups = Yes idmap config * : backend = tdb invalid users = root, whell create mask = 0777 directory mask = 0777 force unknown acl user = Yes inherit permissions = Yes inherit acls = Yes map acl inherit = Yes smb encrypt = No veto files = /:2eFBCLockFolder/.FBCLockFolder/:2eFBCIndex/.FBCIndex/:2eDS_Store/.DS_Store/TheVolumeSettingsFolder/TheFindByContentFolder/Temporary Items/Network Trash Folder/.AppleDB/:2eVolumeIcon.icns/.VolumeIcon.icns/Icon\077/.AppleDouble/.AppleDesktop/desktop.ini/RECYCLER/ map archive = No store dos attributes = Yes dos filemode = Yes [share1] path = /mnt/share1 valid users = user1 read only = No case sensitive = No Best Regards Adrian Berlin -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS ACL modules - question to developers
Hi Jeremy, I'm going to check your patchs on Wednesday. So I understand that ACL TDB are also limited by filesystem? Cheers /Adrian Berlin Dnia 3 grudnia 2011 2:12 Jeremy Allison j...@samba.org napisał(a): On Thu, Dec 01, 2011 at 09:55:48AM +0100, adrian.berlin wrote: That's a really interesting document. I'd like to work on that with you to make Samba behave exactly how you expect. This is a very good idea :) How can I help you? Keep reporting bugs and testing my patches for them :-). I have a jumbo patch for 3.6.x which should fix the issues you're having with READ_ATTRIBUTES/WRITE_ATTRIBUTES. Where I can get this patch to test it? It's attached to this bug: https://bugzilla.samba.org/show_bug.cgi?id=8556 as a 40-patchset attachment. There are no limits in the acl_tdb code that would cause it to behave as you describe. What you may be seeing are limits in mapping the incoming ACL down onto the underlying file system. Do you have debug level 10 logs of this ? Unfortunately not, but I will check it again today with level 10 log and EXT4 and XFS filesystem. What is your underlying file system ? XFS The limit you're running into is on the ACLs within XFS, not within Samba. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS ACL modules - question to developers
That's a really interesting document. I'd like to work on that with you to make Samba behave exactly how you expect. This is a very good idea :) How can I help you? I have a jumbo patch for 3.6.x which should fix the issues you're having with READ_ATTRIBUTES/WRITE_ATTRIBUTES. Where I can get this patch to test it? There are no limits in the acl_tdb code that would cause it to behave as you describe. What you may be seeing are limits in mapping the incoming ACL down onto the underlying file system. Do you have debug level 10 logs of this ? Unfortunately not, but I will check it again today with level 10 log and EXT4 and XFS filesystem. What is your underlying file system ? XFS Cheers /Adrian Berlin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS ACL modules - question to developers
Hi! Do you have any update? Best regards /Adrian Berlin Dnia 24 listopada 2011 12:43 adrian.berlin adrian.ber...@o2.pl napisał(a): Hi! 1. To check acl_tdb limits I used this script (on Windows): @echo off for /l %%i in (1,1,10) do ( icacls.exe \\IP_address\smb_share\folder /grant user%%i:F I could write only 22 entries. 2. Please see document on scribd http://www.scribd.com/doc/73654474/vfs-acls Cheers /Adrian Berlin Dnia 23 listopada 2011 21:39 Jeremy Allison j...@samba.org napisał(a): On Wed, Nov 23, 2011 at 01:15:46PM +0100, adrian.berlin wrote: Hi! I have few question to developers of VFS ACL modules (acl_tdb and acl_xattr): 1. Do you plan to extend quantity of entries in acl_tdb (now I can write 22 user ACLs plus CREATOR OWNER, CREATOR GROUP, domain users and everyone) I don't see any limits in acl_tdb. Where are you getting this limit from ? 2. Do you plan to fix few ACLs eg. Traverse folder / Execute file (to traverse I need to enable additional permission List folder / read data to traverse through folder), Read attributes seems to be always enabled, Read Extended Attributes seems to be always disabled, the same behaviour is with Write Attributes and Write Extended Attributes, Delete subfolder and files permission works only on files - I cannot remove subfolder. Can you expand on this more ? I need to know what specific bugs you're seeing here. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS ACL modules - question to developers
Hi! 1. To check acl_tdb limits I used this script (on Windows): @echo off for /l %%i in (1,1,10) do ( icacls.exe \\IP_address\smb_share\folder /grant user%%i:F I could write only 22 entries. 2. Please see document on scribd http://www.scribd.com/doc/73654474/vfs-acls Cheers /Adrian Berlin Dnia 23 listopada 2011 21:39 Jeremy Allison j...@samba.org napisał(a): On Wed, Nov 23, 2011 at 01:15:46PM +0100, adrian.berlin wrote: Hi! I have few question to developers of VFS ACL modules (acl_tdb and acl_xattr): 1. Do you plan to extend quantity of entries in acl_tdb (now I can write 22 user ACLs plus CREATOR OWNER, CREATOR GROUP, domain users and everyone) I don't see any limits in acl_tdb. Where are you getting this limit from ? 2. Do you plan to fix few ACLs eg. Traverse folder / Execute file (to traverse I need to enable additional permission List folder / read data to traverse through folder), Read attributes seems to be always enabled, Read Extended Attributes seems to be always disabled, the same behaviour is with Write Attributes and Write Extended Attributes, Delete subfolder and files permission works only on files - I cannot remove subfolder. Can you expand on this more ? I need to know what specific bugs you're seeing here. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] VFS ACL modules - question to developers
Hi! I have few question to developers of VFS ACL modules (acl_tdb and acl_xattr): 1. Do you plan to extend quantity of entries in acl_tdb (now I can write 22 user ACLs plus CREATOR OWNER, CREATOR GROUP, domain users and everyone) 2. Do you plan to fix few ACLs eg. Traverse folder / Execute file (to traverse I need to enable additional permission List folder / read data to traverse through folder), Read attributes seems to be always enabled, Read Extended Attributes seems to be always disabled, the same behaviour is with Write Attributes and Write Extended Attributes, Delete subfolder and files permission works only on files - I cannot remove subfolder. I'm looking forward to hearing from you. Cheers /Adrian Berlin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS objects - how to migrate/move file_ntacls.tdb
Hi! Many thanks for help. Regarding to how many ACLs can be stored in acl_tdb and acl_xattr, I can save on XFS only 22 entries plus CREATOR GROUP, CREATOR OWNER and EVERYONE. Seems it is about 25 entries for one directory/file. Is it correct or I missed something? Cheers! /Adrian Berlin Dnia 16 listopada 2011 0:08 Jonathan Buzzard jonat...@buzzard.me.uk napisał(a): Jeremy Allison wrote: On Mon, Nov 14, 2011 at 02:12:35PM +0100, adrian.berlin wrote: Hi! Does anyone know how to move/migrate ACLs from file_ntacls.tdb to another machine? I tried manually copy file_ntacls.tdb and restart samba but it doesn't work. Also I tried to dump and restore tdb file using tdbdump and tdbrestore without success. That's not going to work as the ACL data is indexed by dev/ino pairs in the tdb, and on the new machine they will be different. You'll need to use a backup tool that copies the ACLs as you copy the data. Once you are into using ACL' best method to transfer the files from one server to another is to take a Windows machine map the drive on both servers and use robocopy or similar tool that will preserve permissions while doing a file synchronization. Robocopy from Vista or Win7 is better as you can use ROBOCOPY source target /MIR /SEC /SECFIX The last option fixes the security on existing files in the target, and appeared in Vista. I would note that files_ntacls.tdb is not really suitable for a production file server, unless you are going to back it up from a client machine that is. The reason being a restore is going to leave you without your ACL's and no way to ever recover it because the inodes of the files will almost certainly be different. Much more sensible to store it in xattr's if you ask me, at least that way you have a fighting chance of getting the ACL's back. You can also fiddle with the files server side without messing up your file_ntacls.tdb database. Better yet use a file system that does NFSv4 ACL's and a suitable VFS module :-) JAB. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] VFS objects - how to migrate/move file_ntacls.tdb
Hi! Does anyone know how to move/migrate ACLs from file_ntacls.tdb to another machine? I tried manually copy file_ntacls.tdb and restart samba but it doesn't work. Also I tried to dump and restore tdb file using tdbdump and tdbrestore without success. Can anyone help? Cheers! Adrian Berlin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS objects - how to migrate/move file_ntacls.tdb
Many thanks for response. Do you recommend any good tool to backup ACLs? I have another question about how many ACLs can be stored in acl_xattr and acl_tdb for one directory/file? Cheers! Adrian Berlin Dnia 14 listopada 2011 20:17 Jeremy Allison j...@samba.org napisał(a): On Mon, Nov 14, 2011 at 02:12:35PM +0100, adrian.berlin wrote: Hi! Does anyone know how to move/migrate ACLs from file_ntacls.tdb to another machine? I tried manually copy file_ntacls.tdb and restart samba but it doesn't work. Also I tried to dump and restore tdb file using tdbdump and tdbrestore without success. That's not going to work as the ACL data is indexed by dev/ino pairs in the tdb, and on the new machine they will be different. You'll need to use a backup tool that copies the ACLs as you copy the data. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with IDMAP+LDAP+WINBIND
Hello, I have problem with idmap configuration. I would like to use LDAP as backend for idmap in Samba+ADS environment, but i have following errors in log.winbindd-idmap: [2011/06/08 16:57:54.805575, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) idmap_alloc module ldap already registered! [2011/06/08 16:57:54.805618, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) idmap_alloc module tdb already registered! [2011/06/08 16:57:54.805645, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module passdb already registered! [2011/06/08 16:57:54.805671, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module nss already registered! [2011/06/08 16:57:54.806552, 1] winbindd/idmap_ldap.c:193(verify_idpool) Unable to verify the idpool, cannot continue initialization! [2011/06/08 16:57:54.806642, 0] winbindd/idmap.c:589(idmap_alloc_init) ERROR: Initialization failed for alloc backend, deferred! [2011/06/08 16:57:54.844163, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) idmap_alloc module ldap already registered! [2011/06/08 16:57:54.844226, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) idmap_alloc module tdb already registered! [2011/06/08 16:57:54.844254, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module passdb already registered! [2011/06/08 16:57:54.844280, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module nss already registered! [2011/06/08 16:57:54.845341, 1] winbindd/idmap_ldap.c:193(verify_idpool) Unable to verify the idpool, cannot continue initialization! [2011/06/08 16:57:54.845380, 0] winbindd/idmap.c:589(idmap_alloc_init) ERROR: Initialization failed for alloc backend, deferred! [2011/06/08 16:57:54.846287, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) idmap_alloc module ldap already registered! [2011/06/08 16:57:54.846326, 0] winbindd/idmap.c:201(smb_register_idmap_alloc) idmap_alloc module tdb already registered! [2011/06/08 16:57:54.846353, 0] winbindd/idmap.c:149(smb_register_idmap) Idmap module passdb already registered!
[Samba] BUG: SAMBA 3.5.x and IBM TSM
With SAMBA 3.5.x I got error from IBM TSM: required NT privilege is not held. I mount SAMBA share as user merc and user merc is added to superusers. with SAMBA 3.2.15 there isn't any problem Best regards /Adrian Berlin - Original Message - From: Volker Lendecke To: Adrian Berlin Cc: samba@lists.samba.org Subject: Re: [Samba] BUG: SAMBA 3.5.x and IBM TSM Date: Thu, 17 Feb 2011 16:18:17 +0100 On Thu, Feb 17, 2011 at 03:55:43PM +0100, Adrian Berlin wrote: I am using SAMBA 3.5.x and it doesn't work with IBM TSM. IBM TSM works properly with SAMBA 3.2.15. Is there any chance to solve this issue in future SAMBA versions? What exactly does not work? Volker -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 2GB of Storage! http://connections.rock.com/user/displayUserRegisterPage.kickAction?as=116748STATUS=MAIN -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] BUG: SAMBA 3.5.x and IBM TSM
Hi! I am using SAMBA 3.5.x and it doesn't work with IBM TSM. IBM TSM works properly with SAMBA 3.2.15. Is there any chance to solve this issue in future SAMBA versions? Best regards /Adrian Berlin -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 2GB of Storage! http://connections.rock.com/user/displayUserRegisterPage.kickAction?as=116748STATUS=MAIN -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.2 getent passwd does not work
Yes and additional symlink libnss_wins.so.2 This issue is when I am joining to Windows 2008 R2 with trusted domain but in samba config trusted domains are disabled. Best regards Dnia 22 czerwca 2010 19:50 Chris Smith smb...@chrissmith.org napisał(a): On Mon, Jun 21, 2010 at 3:33 AM, adrian.berlin adrian.ber...@o2.pl wrote: Yes, nsswitch is updated. Any ideas? Is libnss_wins.so installed? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.2 getent passwd does not work
Yes, nsswitch is updated. Any ideas? Dnia 21 czerwca 2010 4:00 Gaiseric Vandal gaiseric.van...@gmail.com napisał(a): Did you update /etc/nsswitch.conf with files: winbind groups: winbind -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Piotr Sikora Sent: Friday, June 18, 2010 6:24 AM To: samba@lists.samba.org Subject: [Samba] Samba 3.5.2 getent passwd does not work Hi! I installed 3.5.2 and encountered the following. Compile worked all right but getent group would not give back any results, though getent passwd did list those AD users. The server runs as AD member and winbind seems to work normally. As AD Server I am using Windows 2008 R2. wbinfo -u and wbinfo -g are working properly. On Samba 3.2.15 with the same smb.conf getent passwd is working. Best regards Adrian Berlin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.5.2 getent passwd does not work
Hi! I installed 3.5.2 and encountered the following. Compile worked all right but getent group would not give back any results, though getent passwd did list those AD users. The server runs as AD member and winbind seems to work normally. As AD Server I am using Windows 2008 R2. wbinfo -u and wbinfo -g are working properly. On Samba 3.2.15 with the same smb.conf getent passwd is working. Best regards Adrian Berlin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] acl_xattr via rsync
Hi! From some time I am testing extended ACLs (acl_xattr and acl_tdb). Could someone tell me why when I am syncing files over rsync the extended acls are not moved? Best regards /Adrian Berlin -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 250MB of Storage! http://webmail.rock.com/signup/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr vs acl_tdb
Thanks everyone for answers! 21 - 26 ACLs in XFS filesystem is just for POSIX ACL or extended too? Best regards /Adrian Berlin - Original Message - From: Miguel Medalha miguelmeda...@sapo.pt To: Harry Jede walk2...@arcor.de Cc: samba@lists.samba.org Subject: Re: [Samba] acl_xattr vs acl_tdb Date: Sun, 28 Mar 2010 21:24:21 +0100 A small test gives me total other numbers :-( . xfs can store 21 to 26 ACEs. It depends on the size of gidnumber. ext3 may store 503 to 513 ACEs, also depending on the size of gidnumber. The test bed: fresh created /home partitions with: mkfs.xfs -f /dev/hda6 for xfs, and mkfs.ext3 /dev/hda6 for ext3. only one directory: rmdir /home/dir/ ;mkdir /home/dir/ and a small shell script, which add ACEs: /root/acl-test.sh: #!/bin/sh -ex G=22 #G=10 while : do G=$(( $G + 1 )) setfacl -m g:$G:rwx /home/dir done OS is Debian Lenny: debian:/# cat /etc/debian_version 5.0.4 debian:/# uname -r 2.6.26-2-amd64 getfacl setfacl has version: 2.2.47 Other extended attributes may reduce the number of avaiable ACEs. Conclusion: ext3 is a better choice then xfs, at least for Debian Lenny. I have not tested any special tuning options for ext3 or xfs. Thank you very much for that information! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 250MB of Storage! http://webmail.rock.com/signup/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr via rsync
I had in mind acl_xattr :) Hi! From some time I am testing extended ACLs (acl_xattr and acl_tdb). Could someone tell me why when I am syncing files over rsync the extended acls are not moved? Best regards /Adrian Berlin -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 250MB of Storage! http://webmail.rock.com/signup/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 250MB of Storage! http://webmail.rock.com/signup/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] acl_xattr via rsync
Thanks :) I will try it. Best regards /Adrian Berlin - Original Message - From: Miguel Medalha miguelmeda...@sapo.pt To: Adrian Berlin g...@rock.com Cc: samba@lists.samba.org Subject: Re: [Samba] acl_xattr via rsync Date: Mon, 29 Mar 2010 13:22:37 +0100 From some time I am testing extended ACLs (acl_xattr and acl_tdb). Could someone tell me why when I am syncing files over rsync the extended acls are not moved Are you using the appropriate rsync switch to copy Extended Attributes? From rsync man page: -X, --xattrs This option causes rsync to update the remote extended attributes to be the same as the local ones.This will work only if the remote machine’srsync supports this option also. This is a non-standardoption. -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 250MB of Storage! http://webmail.rock.com/signup/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] call trace when using acl_tdb module
Hi! Thanks for your reply! Patch seems to be working but there are still problem with some acls. I will be testing it and I will send feedback. Best regards /Adrian Berlin - Original Message - From: Jeremy Allison j...@samba.org To: Jeremy Allison j...@samba.org Cc: Adrian Berlin g...@rock.com, samba@lists.samba.org Subject: Re: [Samba] call trace when using acl_tdb module Date: Wed, 24 Mar 2010 09:53:31 -0700 On Wed, Mar 24, 2010 at 09:46:55AM -0700, Jeremy Allison wrote: On Wed, Mar 24, 2010 at 01:58:45PM +0100, Adrian Berlin wrote: Hello, When I am using module acl_tdb and I am trying to get access to directory I am getting call trace in log.ip Known bug : https://bugzilla.samba.org/show_bug.cgi?id=7283 I'm testing my patch for this as we email Works. Here is the fix: Jeremy. -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 250MB of Storage! http://webmail.rock.com/signup/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] acl_xattr vs acl_tdb
Hi! Does anyone know how many ACLs can be stored on file system (xfs) using acl_xattr module and in file file_ntacls.tdb? Best regards /Adrian Berlin -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 250MB of Storage! http://webmail.rock.com/signup/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ADS member server to 2008 R2
Did You try the newest samba 3.5.1 ? I am using it with Windows 2008 Server R2 and it is working :) Best regards /Adrian Berlin - Original Message - From: Alex Ferrara a...@receptiveit.com.au To: samba@lists.samba.org Subject: [Samba] ADS member server to 2008 R2 Date: Fri, 26 Mar 2010 10:56:02 +1100 Hi all, I have a strange problem, and I can't seem to solve it. I have set up a Ubuntu 9.10 server with samba+kerberos to be an ADS member server. The PDC was a 2003 SBS server, and all was well. Recently I added a 2008 R2 server standard to the mix, and promoted it as a domain controller. Ever since I did this, the samba server stops working daily. I have updated to 3.4.7 out of the lucid tree, but it still has the same behaviour. After a few days of this happening, I have found that to get it working again, I have to perform a net ads join, and it will magically start working. I don't even need to restart samba or winbind. Does this seems to indicate that the kerberos side is ok? Ideas? Alex Ferrara Director Receptive IT Solutions -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 250MB of Storage! http://webmail.rock.com/signup/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.5.1 net ads join Centos 3
Hi! Did you copy libnss_winbind.so to /lib directory? Best regards /Adrian Berlin - Original Message - From: Mike Rambo mra...@lsd.k12.mi.us To: Samba List samba@lists.samba.org Subject: [Samba] Samba 3.5.1 net ads join Centos 3 Date: Thu, 25 Mar 2010 15:06:40 -0400 I have installed Samba 3.5.1 on Centos 3 which appears to be ok except I cannot join an AD domain. net ads join fails with: [2010/03/25 14:42:37.977044, 0] libads/sasl.c:820(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: No credentials found with supported encryption types Failed to join domain: failed to connect to AD: No credentials found with supported encryption types A little goggling has found that krb5 being older than at least v1.3.1 may be the cause of the problem. (http://lists.samba.org/archive/samba/2005-February/100484.html) Centos3 has krb5-1.2.7. I have been unable to find newer Centos3/RHEL3 krb5 rpms. I also have been unable to build newer krb5 rpms from el4 source rpms, or compile krb5 from source tarballs due to e2fsprogs being too old (requires v1.33 - have 1.32). Tried installing latest e2fsprogs but that just resulted in missing libuuid.so.1 and I gave up at that point and reverted e2fsprogs back to where it started. Does anyone know how to get Centos3 to the point where net ads join will succeed? Thanks. -- Mike Rambo NOTE: In order to control energy costs the light at the end of the tunnel has been shut off until further notice... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 250MB of Storage! http://webmail.rock.com/signup/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ham,Re: Fix bugs with the full Windows ACL support
Hi! :) Thank You for your answer. testparm -sv | grep inherit inherit permissions = Yes inherit acls = Yes inherit owner = No map acl inherit = Yes Best regards! On 03/23/2010 3:52 AM, Adrian Berlin wrote: Sounds good :-) Ok, I think there is a bug in inheritance. If I create directory with two users (first with full acls, second user with reading privileges only) and I turn on inheritance in first subdirectory everything is working but in next subdirectory2 (/directory/subdirectory1/subdirectory2) each user have full access. I think that subdirectory2 should inherit privileges from upper dir. Could you help me? :-) Best regards /Adrian Berlin Have you looked into the inherit permissions/inherit acls parameters? testparm -sv | grep inherit Dale -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 250MB of Storage! http://webmail.rock.com/signup/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] call trace when using acl_tdb module
Hello, When I am using module acl_tdb and I am trying to get access to directory I am getting call trace in log.ip Best regards! /Adrian Berlin === [2010/03/24 13:54:05.295901, 0] lib/fault.c:47(fault_report) INTERNAL ERROR: Signal 11 in pid 15556 (3.5.1) Please read the Trouble-Shooting section of the Samba3-HOWTO [2010/03/24 13:54:05.295940, 0] lib/fault.c:49(fault_report) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2010/03/24 13:54:05.295978, 0] lib/fault.c:50(fault_report) === [2010/03/24 13:54:05.296013, 0] lib/util.c:1465(smb_panic) PANIC (pid 15556): internal error [2010/03/24 13:54:05.297321, 0] lib/util.c:1569(log_stack_trace) BACKTRACE: 25 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x2d) [0xf72133a0] #1 /usr/sbin/smbd(smb_panic+0x78) [0xf72134cc] #2 /usr/sbin/smbd [0xf7202bcc] #3 [0xe400] #4 /usr/local/samba/lib/vfs/acl_tdb.so [0xf67cdc4d] #5 /usr/local/samba/lib/vfs/acl_tdb.so [0xf67cf085] #6 /usr/local/samba/lib/vfs/acl_tdb.so [0xf67cf801] #7 /usr/sbin/smbd(smb_vfs_call_opendir+0x39) [0xf6fc1ef5] #8 /usr/sbin/smbd(OpenDir+0xce) [0xf6f69fb5] #9 /usr/sbin/smbd(dptr_create+0x14b) [0xf6f6bd03] #10 /usr/sbin/smbd [0xf6faa2ed] #11 /usr/sbin/smbd [0xf6fadbe6] #12 /usr/sbin/smbd(reply_trans2+0x683) [0xf6fafa72] #13 /usr/sbin/smbd [0xf6fd3e32] #14 /usr/sbin/smbd [0xf6fd6c4e] #15 /usr/sbin/smbd [0xf6fd7501] #16 /usr/sbin/smbd(run_events+0x16f) [0xf722302a] #17 /usr/sbin/smbd(smbd_process+0xa01) [0xf6fd64c3] #18 /usr/sbin/smbd [0xf759dbcb] #19 /usr/sbin/smbd(run_events+0x16f) [0xf722302a] #20 /usr/sbin/smbd [0xf72232b8] #21 /usr/sbin/smbd(_tevent_loop_once+0x9b) [0xf7223808] #22 /usr/sbin/smbd(main+0x114a) [0xf759d8d2] #23 /lib/tls/libc.so.6(__libc_start_main+0xc8) [0xf6c1aea8] #24 /usr/sbin/smbd [0xf6f545f1] [2010/03/24 13:54:05.297596, 0] lib/fault.c:326(dump_core) dumping core in /usr/local/samba/var/cores/smbd [2010/03/24 13:54:05.325161, 1] smbd/service.c:1069(make_connection_snum) 192.168.248.171 (192.168.248.171) connect to service ceneo initially as user RESEARCH2+user1 (uid=104, gid=112) (pid 15557) [2010/03/24 13:54:07.045131, 1] smbd/service.c:1069(make_connection_snum) 192.168.248.171 (192.168.248.171) connect to service ceneo2 initially as user RESEARCH2+user1 (uid=104, gid=112) (pid 15557) [2010/03/24 13:54:22.667651, 1] smbd/service.c:1250(close_cnum) 192.168.248.171 (192.168.248.171) closed connection to service ceneo2 bash-3.1# -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 250MB of Storage! http://webmail.rock.com/signup/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fix bugs with the full Windows ACL support
Sounds good :-) Ok, I think there is a bug in inheritance. If I create directory with two users (first with full acls, second user with reading privileges only) and I turn on inheritance in first subdirectory everything is working but in next subdirectory2 (/directory/subdirectory1/subdirectory2) each user have full access. I think that subdirectory2 should inherit privileges from upper dir. Could you help me? :-) Best regards /Adrian Berlin On Mon, Mar 22, 2010 at 12:43:19PM +0100, Adrian Berlin wrote: Hi! I have another question. Can I store ACLs using acl_xattr module in LDAP database (not in tdb file)? No, but if you send me a patch, I'll add an acl_ldap module for you :-). Jeremy. -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 250MB of Storage! http://webmail.rock.com/signup/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Fix bugs with the full Windows ACL support
Hi!I have another question. Can I store ACLs using acl_xattr module in LDAP database (not in tdb file)?Best regards/Adrian Berlin - Original Message - From: Jeremy Allison To: Adrian Berlin Cc: samba@lists.samba.org Subject: Re: [Samba] Fix bugs with the full Windows ACL support Date: Fri, 19 Mar 2010 08:13:59 -0700 On Fri, Mar 19, 2010 at 03:12:28PM +0100, Adrian Berlin wrote: Hi! Could you explain what does mean 'Fix bugs with the full Windows ACL support' in samba 3.5.0pre2 release notes. I am asking because I know that samba 3 does not support full Windows ACL (Samba 4 will be supporting in user space). I missed the release window to update the notes. Samba 3.5.0 does support full Windows ACLs in user space, using the vfs_acl_xattr or vfs_acl_tdb VFS modules. Jeremy -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 250MB of Storage! http://webmail.rock.com/signup/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Fix bugs with the full Windows ACL support
Hi! Could you explain what does mean 'Fix bugs with the full Windows ACL support' in samba 3.5.0pre2 release notes. I am asking because I know that samba 3 does not support full Windows ACL (Samba 4 will be supporting in user space). Best regards /Aleksey Konradov -- You Rock! Your E-Mail Should Too! Signup Now at Rock.com and get 250MB of Storage! http://webmail.rock.com/signup/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba