Disk full error message with certain apps

[Mark Branigan]

Hi all,

First off,  Samba --  great bit of software, goes like a rocket.
Now I have done a bit of creeping, on to the problem.

The problem is solid, repeatable and reproducible.

My gut feeling is it is something to do with the way Samba and certain 
Microsoft file creation/modification/extending APIs interact.


The problem ***

When trying to save files into a directory which is on a Samba server 
via an NT4 workstation I get variations on the theme that the disk is 
full. Word 97 reports  The save failed due to out of memory or disk 
space and then after retrying I get The disk is full. Free some space 
yadda blah blah etc ...

Other apps report Disk Full. These include a package called PenServer 
and Eudora  Photoshop have also been reported to me.

Some apps are ok. For example Mozilla and Excel.

The fun bit is that
The disk is nowwhere near full.  49GB share with 45GB available
I can save a 50MB file into the same directory via NT explorer.
I can save the word document in the parent directory.
I can save the word document in some of the sibling directories but not 
all of them.

We're using Samba 2.2.4 precompiled binary from samba.org on Solaris 2.8 
SPARC hardware.
The clients are NT4 workstations with SP6a.

Samba logs have nothing related to the problem.
I have checked available inodes and only 1% are used.
The disk space free stats are all ok.
The oplock and other locking settings appear to have very little effect.
Snoop-ing the network traffic reveals very little apart from client and 
server happily talking to each other.
Truss doesn't show any odd behaviour or unusual error messages.
Debug level 5 doesn't show any unusual messages, just slows down samba.

Problem end 


I posted this to the samba list but had very little response apart from 
a number of people e-mailing privately saying they also have a problem, 
can't find a fix and to let them know what the fix is.

I have raised it as a bug (PR#24286) but I am not sure how long it takes 
to wiggle it's way through the system.  Hopefully somebody here can help 
or let me know where else I can get help with this problem. Apologies if 
this list isn't the right place.

Anyhelp greatly appreciated.

Thanks,
Mark

Re: Microsoft's Dfs

[Urban Widmark]

On Thu, 30 May 2002, Richard Sharpe wrote:

 Hmmm, I don't think that any do yet. 
 
 I expect to be looking at smbclient and will try to put the code into 
 libsmb, but that is still an issue for things like smbfs, I believe 
 because of the amount of junk that might get dragged in.

Regarding smbfs support (I have just browsed the SNIA(?) docs on that
and don't know anything beyond they few lines I have read ...)

On some operations trying to access a directory which is really on a
different server (or share?) an error code is returned, right?.

What smbfs could do then is simply to mount that other directory on itself
(would work sort of like autofs or maybe even with the help of autofs).

To connect to the other server smbfs would call on smbmount and the
amount of junk needed in kernel space would be kept to a minimum. But
maybe there is more to dfs than that.


I have however no immediate plans to do this. Also, if cifsfs when
released is better than smbfs (faster, more stable, with dfs support, etc)
it should replace it and work on smbfs features would be a waste of time.

There was some comment on this list that the source for the cifsfs module
would be made available on the samba ftp. Is it now?

/Urban

RE: Disk full error message with certain apps

[MCCALL,DON (HP-USA,ex1)]

Hi Mark,
This may not be your problem, but I had a person that was getting the same
symptoms with certain ms office 97 apps (specifically ones that had links to
other docs in them).
Setting strict allocate = yes took care of the problem for them...
Hope this helps,
Don 

-Original Message-
From: Mark Branigan [mailto:[EMAIL PROTECTED]]
Sent: Thursday, May 30, 2002 5:00
To: [EMAIL PROTECTED]
Subject: Disk full error message with certain apps


Hi all,

First off,  Samba --  great bit of software, goes like a rocket.
Now I have done a bit of creeping, on to the problem.

The problem is solid, repeatable and reproducible.

My gut feeling is it is something to do with the way Samba and certain 
Microsoft file creation/modification/extending APIs interact.


The problem ***

When trying to save files into a directory which is on a Samba server 
via an NT4 workstation I get variations on the theme that the disk is 
full. Word 97 reports  The save failed due to out of memory or disk 
space and then after retrying I get The disk is full. Free some space 
yadda blah blah etc ...

Other apps report Disk Full. These include a package called PenServer 
and Eudora  Photoshop have also been reported to me.

Some apps are ok. For example Mozilla and Excel.

The fun bit is that
The disk is nowwhere near full.  49GB share with 45GB available
I can save a 50MB file into the same directory via NT explorer.
I can save the word document in the parent directory.
I can save the word document in some of the sibling directories but not 
all of them.

We're using Samba 2.2.4 precompiled binary from samba.org on Solaris 2.8 
SPARC hardware.
The clients are NT4 workstations with SP6a.

Samba logs have nothing related to the problem.
I have checked available inodes and only 1% are used.
The disk space free stats are all ok.
The oplock and other locking settings appear to have very little effect.
Snoop-ing the network traffic reveals very little apart from client and 
server happily talking to each other.
Truss doesn't show any odd behaviour or unusual error messages.
Debug level 5 doesn't show any unusual messages, just slows down samba.

Problem end 


I posted this to the samba list but had very little response apart from 
a number of people e-mailing privately saying they also have a problem, 
can't find a fix and to let them know what the fix is.

I have raised it as a bug (PR#24286) but I am not sure how long it takes 
to wiggle it's way through the system.  Hopefully somebody here can help 
or let me know where else I can get help with this problem. Apologies if 
this list isn't the right place.

Anyhelp greatly appreciated.

Thanks,
Mark

Disable spoolss

[Lapers Stefan]

Title: Disable spoolss 






Due to quite some problems with the RPC printing code in samba (landscape, paper size), I would like to disable the spoolss functionality and use the old code. 

However I will probably need Active Directory support in the near future, so reverting to samba 2.0 is no option.
Happy me, there is the disable spoolss option in the smb.conf file.
I'm using 2.2.4 compiled on Intel RH 7.3, but samba seems to ignore the disable spoolss = yes option for Win2K and WinXP clients. NT 4 seems to be ok.

Anyone has a solution, quite desperate over here.



Greets,


Stefan Lapers

known BUG multi-byte character set in usernames

[Guenther Deschner]

hello,

smb.conf-manpage of 2.2.5pre and HEAD states the bug of multi-byte character
sets in usernames:

-8--snip--8--
BUG: There is currently a bug  in  the  implementation  of
   security = domain with respect to multi-byte character set
   usernames. The communication with a Domain Controller must
   be  done  in  UNICODE  and  Samba currently does not widen
   multi-byte user names to UNICODE correctly, thus a  multi-
   byte  username  will  not  be  recognized correctly at the
   Domain Controller. This  issue  will  be  addressed  in  a
   future release.
-8--snap--8--

will this bug be solved in the near future? in 2.2.5 or HEAD?

the main problem with this is that you get crippled wellknown
domain-groups with winbind (on suse linux 8, kernel 2.4.18, samba-2_2) 
and german NT-servers where rid200 (Domain Admins) is Domänen-Admins, 
and rid202 is Domänen-Gäste.

now wbinfo -g cuts out the UTF8 chars and will show you e.g.
DOMAIN+Domnen-Admins, DOMAIN+Domnen-Gste, etc.

now you cannot set XFS-ACLs properly since neither DOMAIN+Domnen-Admins
nor DOMAIN+Domänen-Admins does resolve back ...

a simple (and ugly) workaround is to create the three domain-groups in
question in /etc/group. with that you still have to keep an eye on the
correct winbind-gid mapping and rid200 appears crippled in security tab.

is there any other workaround for this?


thanks,
guenther 

-- 
Guenther Deschner  [EMAIL PROTECTED]
SuSE Linux AGGnuPG: 8EE11688
Berliner Str. 27  phone:  +49 (0) 30 / 430944778
D-13507 Berlin   fax:  +49 (0) 30 / 43732804



msg01094/pgp0.pgp
Description: PGP signature

Re: known BUG multi-byte character set in usernames

[Juergen Hasch]

Hi Guenther,

Am Donnerstag, 30. Mai 2002 16:17 schrieb Guenther Deschner:
 hello,

 smb.conf-manpage of 2.2.5pre and HEAD states the bug of multi-byte
 character sets in usernames:

 -8--snip--8--
 BUG: There is currently a bug  in  the  implementation  of
security = domain with respect to multi-byte character set
usernames. The communication with a Domain Controller must
be  done  in  UNICODE  and  Samba currently does not widen
multi-byte user names to UNICODE correctly, thus a  multi-
byte  username  will  not  be  recognized correctly at the
Domain Controller. This  issue  will  be  addressed  in  a
future release.
 -8--snap--8--

 will this bug be solved in the near future? in 2.2.5 or HEAD?

 the main problem with this is that you get crippled wellknown
 domain-groups with winbind (on suse linux 8, kernel 2.4.18, samba-2_2)
 and german NT-servers where rid200 (Domain Admins) is Domänen-Admins,
 and rid202 is Domänen-Gäste.

 now wbinfo -g cuts out the UTF8 chars and will show you e.g.
 DOMAIN+Domnen-Admins, DOMAIN+Domnen-Gste, etc.

 now you cannot set XFS-ACLs properly since neither DOMAIN+Domnen-Admins
 nor DOMAIN+Domänen-Admins does resolve back ...

 a simple (and ugly) workaround is to create the three domain-groups in
 question in /etc/group. with that you still have to keep an eye on the
 correct winbind-gid mapping and rid200 appears crippled in security tab.

 is there any other workaround for this?

I believe this is a different problem. There is just no conversion of group 
and user names to the desired character set.
With the patch below applied I get:
hasch@tower:~ getent group
...
DOMAIN\Domänen-Admins:x:10003:DOMAIN\Administrator,DOMAIN\testadmin
DOMAIN\Domänen-Gäste:x:10004:DOMAIN\Gast 
DOMAIN\Domänencomputer:x:10005:
DOMAIN\Domänencontroller:x:10006:
...

Now the correct usernames and groups are shown. I only added a few 
conversions, the correct approach would be to check all
unistr2_to_ascii calls and add dos_to_unix where neccessary.

I will generate a complete patch if the Samba team thinks it's worth
considering and I am not completely on the wrong track :-)

...Juergen


--- nsswitch/winbindd_rpc.c.orig	Thu May 30 16:25:50 2002
+++ nsswitch/winbindd_rpc.c	Sat May 25 23:49:43 2002
 -63,7 +63,7 
 		uint32 count = 0, start=i;
 		int j;
 		TALLOC_CTX *ctx2;
-
+		pstring t;
 		ctr.sam.info1 = info1;
 
 		ctx2 = talloc_init_named(winbindd dispinfo);
 -92,8 +92,14 
 		}
 
 		for (j=0;jcount;i++, j++) {
-			(*info)[i].acct_name = unistr2_tdup(mem_ctx, info1.str[j].uni_acct_name);
-			(*info)[i].full_name = unistr2_tdup(mem_ctx, info1.str[j].uni_full_name);
+			unistr2_to_ascii(t, info1.str[j].uni_acct_name, sizeof(pstring));
+			dos_to_unix(t);
+			(*info)[i].acct_name = talloc_strdup(mem_ctx, t);
+			
+			unistr2_to_ascii(t, info1.str[j].uni_full_name, sizeof(pstring));
+			dos_to_unix(t);
+			(*info)[i].full_name = talloc_strdup(mem_ctx, t);
+			
 			(*info)[i].user_rid = info1.sam[j].rid_user;
 			/* For the moment we set the primary group for
 			   every user to be the Domain Users group.
 -267,6 +273,7 
 	POLICY_HND dom_pol, user_pol;
 	BOOL got_dom_pol = False, got_user_pol = False;
 	SAM_USERINFO_CTR *ctr;
+	pstring t;
 
 	/* Get sam handle */
 	if (!(hnd = cm_get_sam_handle(domain-name)))
 -300,10 +307,20 
 	got_user_pol = False;
 
 	user_info-group_rid = ctr-info.id21-group_rid;
-	user_info-acct_name = unistr2_tdup(mem_ctx, 
-	ctr-info.id21-uni_user_name);
-	user_info-full_name = unistr2_tdup(mem_ctx, 
-	ctr-info.id21-uni_full_name);
+	
+	unistr2_to_ascii(t, ctr-info.id21-uni_user_name, sizeof(pstring));
+	dos_to_unix(t);
+	user_info-acct_name = talloc_strdup(mem_ctx, t);
+	
+	unistr2_to_ascii(t, ctr-info.id21-uni_full_name, sizeof(pstring));
+	dos_to_unix(t);
+	user_info-full_name = talloc_strdup(mem_ctx, t);
+
 
  done:
 	/* Clean up policy handles */
--- libsmb/cli_samr.c.orig	Thu May 30 16:30:33 2002
+++ libsmb/cli_samr.c	Sat May 25 23:30:51 2002
 -569,6 +569,7 
 			unistr2_to_ascii((*dom_groups)[i].acct_name,
 	 r.uni_grp_name[name_idx],
 	 sizeof(fstring) - 1);
+			dos_to_unix((*dom_groups)[i].acct_name);
 			name_idx++;
 		}
 
 -647,6 +648,7 
 			unistr2_to_ascii((*dom_groups)[i].acct_name,
 	 r.uni_grp_name[name_idx],
 	 sizeof(fstring) - 1);
+			dos_to_unix((*dom_groups)[i].acct_name);
 			name_idx++;
 		}
 
 -938,6 +940,7 
 		fstring tmp;
 
 		unistr2_to_ascii(tmp, r.uni_name[i], sizeof(tmp) - 1);
+		dos_to_unix(tmp);
 		(*names)[i] = talloc_strdup(mem_ctx, tmp);
 		(*name_types)[i] = r.type[i];
 	}
--- rpcclient/cmd_samr.c.orig	Sun Apr  7 10:10:35 2002
+++ rpcclient/cmd_samr.c	Thu May 30 16:38:36 2002
 -35,9 +35,11 
 	fstring temp;
 
 	unistr2_to_ascii(temp, usr-uni_user_name, sizeof(temp)-1);
+	dos_to_unix(temp);
 	printf(\tUser Name   :\t%s\n, temp);
 	
 	unistr2_to_ascii(temp, 

Re: Microsoft DFS and the CIFS VFS

[Richard Sharpe]

On Thu, 30 May 2002, David W. Chapman Jr. wrote:

 The FreeBSD kernel wouldn't be distributed with this module.  It would be in
 the ports system and compiled/added at a later time.

Yes, but someone who was distributing the package with their kernel and 
propietary product would have to release any kernel sources they had :-)

Regards
-
Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], 
[EMAIL PROTECTED]

Re: Microsoft's Dfs - GPL LICENSE ISSUE

[Wes Peters]

David W. Chapman Jr. wrote:
 
It is GPL code. I don't think it can be used in the FreeBSD kernel
(correct me if I'm wrong Steve).
  
   I don't think this will be a problem.  We currently have a GPL math
   emulator in our kernel, just not enabled by default
  
   options GPL_MATH_EMULATE#Support for x87 emulation via
   #new math emulator
  
   If it can be loaded as a kernel module it will be even less of a
   problem, but I don't know the specifics about the program in question.
 
  Uhmm that's not entirely true.
  There is a problem. When you distribute a kernel in which that module
  has been linked (statically or dynamically) you have to release the
  whole kernel under the GPL terms if you distribute it in binary form
 
 Even if it has been dynamically linked after the fact and the kernel
 was not originally distributed with this module?

That depends on how you distribute it.  If dynamically linking is up to
the user, an optional feature, then no.  If the module is required for
the device to perform it's most basic function, then it is a necessary
part of the device as a whole.

The GPL has a lot words crafted around this concept, but since the authors
of the GPL did not write what they mean in clear language, virtually any
legal interpretation is possible.  It is not likely that a court will
draw any legal distinctions between the technicalities of static vs.
dynamic linking, but rather on whether the code is a required or optional
part of the device functionality.  Or said legal counsel for my last
employer, which produced an embedded software platform based on OpenBSD.
I have seen the same opinion from other legal sources who have studied
the GPL with respect to embedded systems.

  (you must distribute the source of the whole kernel or offer a written
  offer to give the source at no cost but that of the medium).
  not doing so or offering only the GPL code part as source would be a
  copyright violation of the owners of the code of the module.
 
 How does this gpl program differ from the gpl math emulator we
 distribute with our kernel?

It's completely optional, and not needed for the device, i.e. a web
server, to function.  Also, FreeBSD is the product itself, not the
system.

-- 
Where am I, and what am I doing in this handbasket?

Wes Peters Softweyr LLC
[EMAIL PROTECTED]   http://softweyr.com/

Re: Microsoft DFS and the CIFS VFS

[Urban Widmark]

On Thu, 30 May 2002, David W. Chapman Jr. wrote:

 That makes sense.  Currently we ship with something under GPL in our kernel
 so I think this has already been taken care of.  We do not charge for our
 sources and they are all readily available.  smbfs is distributed with
 FreeBSD and I believe that is under GPL.  I think this module would be in
 the ports system though and not distributed with freebsd in a release.

There is a smbfs implementation in BSD, but I believe it does not have any
connection to the GPL'ed Linux version, other than for some comments where
they have obviously compared what the code does (but that is allowed).

I think it was made for one BSD variant first and that it has been copied
to the others. Maybe that is why it is in 'ports'.

/Urban

Re: Microsoft DFS and the CIFS VFS

[David W. Chapman Jr.]

 There is a smbfs implementation in BSD, but I believe it does not have any
 connection to the GPL'ed Linux version, other than for some comments where
 they have obviously compared what the code does (but that is allowed).
 
 I think it was made for one BSD variant first and that it has been copied
 to the others. Maybe that is why it is in 'ports'.

Its in the base src for 5.0, but what you said above makes sense.  In 
any case we have a lot of gnu stuff in the base src so I don't think 
it will be a problem as I don't think we're breaking anything in the 
GPL license when we distribute.

-- 
David W. Chapman Jr.
[EMAIL PROTECTED]   Raintree Network Services, Inc. www.inethouston.net
[EMAIL PROTECTED]   FreeBSD Committer www.FreeBSD.org

Re: Microsoft DFS and the CIFS VFS

[Richard Sharpe]

On Thu, 30 May 2002, Urban Widmark wrote:

 On Thu, 30 May 2002, David W. Chapman Jr. wrote:
 
  That makes sense.  Currently we ship with something under GPL in our kernel
  so I think this has already been taken care of.  We do not charge for our
  sources and they are all readily available.  smbfs is distributed with
  FreeBSD and I believe that is under GPL.  I think this module would be in
  the ports system though and not distributed with freebsd in a release.
 
 There is a smbfs implementation in BSD, but I believe it does not have any
 connection to the GPL'ed Linux version, other than for some comments where
 they have obviously compared what the code does (but that is allowed).
 
 I think it was made for one BSD variant first and that it has been copied
 to the others. Maybe that is why it is in 'ports'.

Yes, I have been modifying it a bit, but will probably switch to Steve 
French's package when it becomes available.

Regards
-
Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], 
[EMAIL PROTECTED]

Re: Microsoft DFS and the CIFS VFS

[Simo Sorce]

On Thu, 2002-05-30 at 18:35, David W. Chapman Jr. wrote:
  There is a smbfs implementation in BSD, but I believe it does not have any
  connection to the GPL'ed Linux version, other than for some comments where
  they have obviously compared what the code does (but that is allowed).
  
  I think it was made for one BSD variant first and that it has been copied
  to the others. Maybe that is why it is in 'ports'.
 
 Its in the base src for 5.0, but what you said above makes sense.  In 
 any case we have a lot of gnu stuff in the base src so I don't think 
 it will be a problem as I don't think we're breaking anything in the 
 GPL license when we distribute.

Do not confuse programs and modules.
A GPL program can run on any system
A GPL program cannot be linked to any other program but only to any
GPL-compatible program and the whole work have to be distributed under
the GPL terms when doing so.
In the case of the module, it is part of the freebsd kernel, not a
program that uses the freebsd kernel.

So any distributor that distribute a product based on freebsd AND a GPL
module must distribute the whole program under the GPL terms (of course
that means no GPL-incompatible modules can be linked in that kernel).

Simo.

-- 
Simo Sorce
--
Una scelta di liberta': Software Libero.
A choice of freedom: Free Software.
http://www.softwarelibero.it

Re: Changing domain passwords

[James Willard]

Andrew,

Thank you so much for your help. The net ads password command works
beautifully in changing a users' AD password as an administrative user.
However, there were a few gotcha's that weren't mentioned in the
ADS-HOWTO.txt.

The first problem I ran into was that the RPM of OpenLDAP that came with
RedHat 6 (version 1.2.9) doesn't pass the necessary ./configure tests to set
HAVE_LDAP in include/config.h. That wasn't a big deal. I went to
ftp.openldap.org, downloaded and compiled 2.0.23, and that problem was taken
care of.

The second problem took a little bit longer to figure out. When running net
ads password, I would receive a prompt for the new password, but as soon as
I pressed 'enter' it would dump core. I traced it down to a krb5 library
call. I was using the krb5 library that came with RedHat 6 (version 1.1.1).
When I downloaded and compiled the latest version from MIT, version 1.2.5,
things started working beautifully.

Anyway, I just wanted to say thanks to the Samba team for such an incredible
product, thanks to Andrew Bartlett for replying so quickly to my question,
and hopefully offer a little help for those who might experience a similar
problem in the future.

By the way, is SWAT broken in the HEAD branch or is it just my
configuration? Whenever I try to run it, it traps a SIGABRT and dies. The
backtrace is as follows:

#0  0x808e0d5 in lp_save_defaults ()
#1  0x808e468 in lp_load ()
#2  0x805ef4b in load_config ()

Thanks,

James Willard
[EMAIL PROTECTED]

- Original Message -
From: Andrew Bartlett [EMAIL PROTECTED]
To: James Willard [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, May 28, 2002 6:37 PM
Subject: Re: Changing domain passwords


  James Willard wrote:
 
  Hello all,
 
  I'm trying to use smbpasswd to change the password for a user who's a
  member
  of an Active Directory domain (running in NT domain compatibility
  mode).

  The problem is that I need to be able to change a users' password AS
  another user with administrator rights. Users have the ability to
  change their own password disabled so that they must use the web
  interface. With rpcclient from samba-tng, I could connect to IPC$ as
  administrator and then use ntpass user to change their password.
  Is there an alternative method in the newer AD-aware versions of
  Samba? Its rpcclient no longer has the 'ntpass' command and smbpasswd
  doesn't support connecting as another user, from what I can tell.

 Look at the 'net ads password' command in HEAD.  This works against AD
 nativly - doing the password change over kerberos protocols.

 Sorry, the doco is a bit lacking at this stage.

 Andrew Bartlett

 --
 Andrew Bartlett [EMAIL PROTECTED]
 Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
 Student Network Administrator, Hawker College   [EMAIL PROTECTED]
 http://samba.org http://build.samba.org http://hawkerc.net

Re: Stablising the winbind interface for squid's NTLM code

[Steve Langasek]

On Thu, May 30, 2002 at 07:38:00AM +1000, Andrew Bartlett wrote:

  An oft-requested feature for FreeTDS (an LGPL client library for MS SQL
  and Sybase servers) is domain login support.  It would be nice to be
  able to leverage the Samba team's work in the NTLMSSP department, rather
  than reimplementing it from the ground-up.  Is there any chance that
  this (or a) standalone binary might be useful for the client side of
  NTLMSSP authentication?

 I'm not currently proposing the creation of a client-side, but doing it
 in samba would not pose a particular problem.  Of course it is one thing
 to propose, quite another to actually implement...  But I do think that
 this work (particularly the server end, but also the client) should live
 in the samba tree.

I can think of plenty of areas where this would be useful on the client
side as well as on the server side -- Unix web /browsers/ being yet
another example.  I'll probably wait until you've got something cooking
in CVS for the server side, and then try to look at a client-side
implementation.

Steve Langasek
postmodern programmer



msg01106/pgp0.pgp
Description: PGP signature

Re: Microsoft's Dfs - GPL LICENSE ISSUE

[Giorgos Keramidas]

On 2002-05-30 07:27 -0500, David W. Chapman Jr. wrote:
It is GPL code. I don't think it can be used in the FreeBSD kernel
(correct me if I'm wrong Steve).
  
   I don't think this will be a problem.  We currently have a GPL math
   emulator in our kernel, just not enabled by default
  
   options GPL_MATH_EMULATE#Support for x87 emulation via
   #new math emulator
  
   If it can be loaded as a kernel module it will be even less of a
   problem, but I don't know the specifics about the program in question.
 
  Uhmm that's not entirely true.
  There is a problem. When you distribute a kernel in which that module
  has been linked (statically or dynamically) you have to release the
  whole kernel under the GPL terms if you distribute it in binary form

 Even if it has been dynamically linked after the fact and the kernel
 was not originally distributed with this module?

Pardon my somewhat flamebait-like style, but bullfeathers.

Greg Lehey has researched this exact topic a bit more, and his views,
backed up with some statements by Richard Stallman, can be found in an
old article of daemonnews.  It makes things pretty clear, and you can
find it at:

http://ezine.daemonnews.org/200202/dadvocate.html

- Giorgos

Re: Thanks for fixing oplock.c for Linux 2.0 in 2_2 CVS

[Jeremy Allison]

On Thu, May 30, 2002 at 09:35:38AM +0200, Volker Lendecke wrote:
 On Wed, May 29, 2002 at 04:55:20PM -0700, Jeremy Allison wrote:
  On Wed, May 29, 2002 at 04:48:27PM -0700, [EMAIL PROTECTED] wrote:
   
   And are you saying that Win2k will never 'idle' a client connection?  I'm
   sure I've seen smbfs being 'idled' by NT before...
  
  I don't think it ever drops the TCP connection on purpose.
 
 I'm quite positive it does. I have seen sites with 'security = server' fail
 miserably after having changed to W2k on the DC due to disconnects from the DC.

No, I mean that the Win2k server service won't drop a client
connection on purpose if there's no traffic on it (it doesn't
idle connections).

Jeremy.

Warning in trans2.c under AIX

[Juergen Hasch]

When compiling Samba 2_2 CVS under AIX 4.3.3 using gcc or xlc_r, I get the following 
warnings:

smbd/trans2.c: In function `get_lanman2_dir_entry':
smbd/trans2.c:759: warning: right shift count = width of type
smbd/trans2.c:759: warning: right shift count = width of type
smbd/trans2.c:759: warning: right shift count = width of type
smbd/trans2.c:759: warning: right shift count = width of type
smbd/trans2.c: In function `call_trans2qfilepathinfo':
smbd/trans2.c:2025: warning: right shift count = width of type
smbd/trans2.c:2025: warning: right shift count = width of type
smbd/trans2.c:2025: warning: right shift count = width of type
smbd/trans2.c:2025: warning: right shift count = width of type

The first offending line in smbd/trans2.c is:
SOFF_T(p,0,sbuf.st_blocks*STAT_ST_BLOCKSIZE); /* Number of bytes used on disk 
- 64 Bit */

sbuf.st_blocks is of type blksize_t which is defined as int with only 32 bits and 
STAT_ST_BLOCKSIZE=512.

The SOFF_T macro is defined as:
#define SOFF_T(p, ofs, v) (SIVAL(p,ofs,(v)0x), SIVAL(p,(ofs)+4,(v)32))

The value passed to SOFF_T needs to be a 64 bit value, attached is a patch I use to 
silence the compiler.

...Juergen



--- smbd/trans2.c.orig	Thu May 30 23:16:44 2002
+++ smbd/trans2.c	Thu May 30 23:16:59 2002
 -756,7 +756,7 
 			p+= 8;
 
 #if defined(HAVE_STAT_ST_BLOCKS)  defined(STAT_ST_BLOCKSIZE)
-			SOFF_T(p,0,sbuf.st_blocks*STAT_ST_BLOCKSIZE); /* Number of bytes used on disk - 64 Bit */
+			SOFF_T(p,0,((long long)sbuf.st_blocks)*STAT_ST_BLOCKSIZE); /* Number of bytes used on disk - 64 Bit */
 #else
 			/* Can't get the value - fake it using size. */
 			SOFF_T(p,0,sbuf.st_size); /* Number of bytes used on disk - 64 Bit */
 -2022,7 +2022,7 
 		pdata += 8;
 
 #if defined(HAVE_STAT_ST_BLOCKS)  defined(STAT_ST_BLOCKSIZE)
-		SOFF_T(pdata,0,sbuf.st_blocks*STAT_ST_BLOCKSIZE); /* Number of bytes used on disk - 64 Bit */
+		SOFF_T(pdata,0,(long long)sbuf.st_blocks*STAT_ST_BLOCKSIZE); /* Number of bytes used on disk - 64 Bit */
 #else
 		/* Can't get the value - fake it using size. */
 		SOFF_T(pdata,0,sbuf.st_size); /* Number of bytes used on disk - 64 Bit */

taking back the 'restrict anonymous' parameter

[Tim Potter]

I'm thinking about taking back the restrict anonymous parameter and
using it to do Good Things.  Previously in HEAD and currently in 2.2 it
stops people connecting to shares anonymously but I think Mr Bartlett 
removed it because it was either buggy or didn't do anything useful.

I propose that this parameter act like the RestrictAnonymous registry
setting, i.e it prevents anonymous access to the SAMR pipe and anonymous
access to the NetShareEnum RPC when set to 1.  When set to 2, it
disallows anonymous access to all RPC pipes.

Any objections?  There's still some more testing and coding to be done.
This may be a good opportunity to implement security descriptors on
pipes.


Tim.

Re: Thanks for fixing oplock.c for Linux 2.0 in 2_2 CVS

[Richard Bollinger]

Please see:  http://support.microsoft.com/default.aspx?scid=kb;en-us;Q297684

Which says in part...
SYMPTOMS
When you perform drive mapping from a Windows 2000-based client computer to either a 
Microsoft
Windows NT or Windows 2000 network share, the drive mapping may be disconnected after 
15 minutes
of inactivity and Windows Explorer may display a red X on the icon of the mapped 
drive.
However, if you attempt to access or browse the mapped drive, it reconnects quickly.



CAUSE
This behavior can occur because both Windows NT Server version 4.0 and Windows 2000 
Server can
drop idle connections after a specified time-out period, which by default is 15 
minutes, so that
server resources are not wasted on unused sessions. The connection can be 
re-established very
quickly at a later time, if required.



RESOLUTION
To resolve this behavior, use a command to change the default time-out period on the 
Windows NT
Server 4.0 or Windows 2000 Server: At a command prompt, type: net config server
/autodisconnect:30 .

The valid value range to configure this setting from a command line is from -1 through 
65,535
minutes. To disable Autodisconnect, set it to -1 .


Rich Bollinger

- Original Message -
From: Jeremy Allison [EMAIL PROTECTED]
To: Volker Lendecke [EMAIL PROTECTED]
Cc: Jeremy Allison [EMAIL PROTECTED]; [EMAIL PROTECTED]; Andrew Bartlett
[EMAIL PROTECTED]; Richard Bollinger [EMAIL PROTECTED]; Samba Technical
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, May 30, 2002 5:32 PM
Subject: Re: Thanks for fixing oplock.c for Linux 2.0 in 2_2 CVS


On Thu, May 30, 2002 at 09:35:38AM +0200, Volker Lendecke wrote:
 On Wed, May 29, 2002 at 04:55:20PM -0700, Jeremy Allison wrote:
  On Wed, May 29, 2002 at 04:48:27PM -0700, [EMAIL PROTECTED] wrote:
  
   And are you saying that Win2k will never 'idle' a client connection?  I'm
   sure I've seen smbfs being 'idled' by NT before...
 
  I don't think it ever drops the TCP connection on purpose.

 I'm quite positive it does. I have seen sites with 'security = server' fail
 miserably after having changed to W2k on the DC due to disconnects from the DC.

No, I mean that the Win2k server service won't drop a client
connection on purpose if there's no traffic on it (it doesn't
idle connections).

Jeremy.

oplock error

[Dennis Lattka]

I'm getting file corruption due to oplock errors. Running Linux RH 7.2, 
samba-2.2.4 and Win2k SP2 clients. Have tried turning oplocks off but 
that was a disaster. Mainly MSoffice 2k  and DB files get corrupted. 
This is creating serious problems.
Error message :

[2002/05/30 14:30:10, 0] smbd/oplock.c:oplock_break(761)
  oplock_break: receive_smb timed out after 30 seconds.
  oplock_break failed for file user/dnitzahn/Expense reports/More May 
travel 3.xls (dev = 7441, inode = 18166407, file_id = 64).
[2002/05/30 14:30:10, 0] smbd/oplock.c:oplock_break(833)
  oplock_break: client failure in oplock break in file 
user/dnitzahn/Expense reports/More May travel 3.xls
  reply_lockingX: Error : oplock break from client for fnum = 13268 and 
no oplock granted on this file (user/dnitzahn/Expense reports/More May 
travel 3.xls).

Re: taking back the 'restrict anonymous' parameter

[Tim Potter]

On Thu, May 30, 2002 at 04:37:59PM -0700, Jeremy Allison wrote:

  I propose that this parameter act like the RestrictAnonymous registry
  setting, i.e it prevents anonymous access to the SAMR pipe and anonymous
  access to the NetShareEnum RPC when set to 1.  When set to 2, it
  disallows anonymous access to all RPC pipes.
  
  Any objections?  There's still some more testing and coding to be done.
  This may be a good opportunity to implement security descriptors on
  pipes.
 
 Hurrah for Tim ! Good idea :-).

Great!  

Any feedback on the _res.{retry,retrans} idea for minimising DNS
timeouts?


Tim.

Re: Thanks for fixing oplock.c for Linux 2.0 in 2_2 CVS

[Richard Bollinger]

Wouldn't it be neat if we could do _better_ than MS at their own game and somehow 
prevent the
win9x client bug from getting triggered in case of timeout disconnections?

Rich Bollinger
- Original Message -
From: Jeremy Allison [EMAIL PROTECTED]
To: Richard Bollinger [EMAIL PROTECTED]
Cc: Volker Lendecke [EMAIL PROTECTED]; Jeremy Allison [EMAIL PROTECTED];
[EMAIL PROTECTED]; Andrew Bartlett [EMAIL PROTECTED]; Samba Technical
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, May 30, 2002 8:30 PM
Subject: Re: Thanks for fixing oplock.c for Linux 2.0 in 2_2 CVS


On Thu, May 30, 2002 at 07:36:21PM -0400, Richard Bollinger wrote:
 Please see:  http://support.microsoft.com/default.aspx?scid=kb;en-us;Q297684

Ah - this is very interesting, thanks for pointing this out.

Using the registry setting here :

\System\CurrentControlSet\Services\LanmanServer\Parameters

autodisconnect

and setting it to 1 (meaning 1 minute) I have perfectly
reproduced this client problem with Win98 client, W2K
server.

I thought they might have some heuristics to avoid running
into this bug themselves when talking to a Win98 client
but no - it's just that their timeout on autodisconnect
is much longer..

This means we're completely the same as a W2K server in
this respect - we probably need to add a big warning message
to the timeout parameter on the man page, but I don't think
any code changes would help.

Jeremy.