Disk full error message with certain apps
Hi all, First off, Samba -- great bit of software, goes like a rocket. Now I have done a bit of creeping, on to the problem. The problem is solid, repeatable and reproducible. My gut feeling is it is something to do with the way Samba and certain Microsoft file creation/modification/extending APIs interact. The problem *** When trying to save files into a directory which is on a Samba server via an NT4 workstation I get variations on the theme that the disk is full. Word 97 reports The save failed due to out of memory or disk space and then after retrying I get The disk is full. Free some space yadda blah blah etc ... Other apps report Disk Full. These include a package called PenServer and Eudora Photoshop have also been reported to me. Some apps are ok. For example Mozilla and Excel. The fun bit is that The disk is nowwhere near full. 49GB share with 45GB available I can save a 50MB file into the same directory via NT explorer. I can save the word document in the parent directory. I can save the word document in some of the sibling directories but not all of them. We're using Samba 2.2.4 precompiled binary from samba.org on Solaris 2.8 SPARC hardware. The clients are NT4 workstations with SP6a. Samba logs have nothing related to the problem. I have checked available inodes and only 1% are used. The disk space free stats are all ok. The oplock and other locking settings appear to have very little effect. Snoop-ing the network traffic reveals very little apart from client and server happily talking to each other. Truss doesn't show any odd behaviour or unusual error messages. Debug level 5 doesn't show any unusual messages, just slows down samba. Problem end I posted this to the samba list but had very little response apart from a number of people e-mailing privately saying they also have a problem, can't find a fix and to let them know what the fix is. I have raised it as a bug (PR#24286) but I am not sure how long it takes to wiggle it's way through the system. Hopefully somebody here can help or let me know where else I can get help with this problem. Apologies if this list isn't the right place. Anyhelp greatly appreciated. Thanks, Mark
Re: Microsoft's Dfs
On Thu, 30 May 2002, Richard Sharpe wrote: Hmmm, I don't think that any do yet. I expect to be looking at smbclient and will try to put the code into libsmb, but that is still an issue for things like smbfs, I believe because of the amount of junk that might get dragged in. Regarding smbfs support (I have just browsed the SNIA(?) docs on that and don't know anything beyond they few lines I have read ...) On some operations trying to access a directory which is really on a different server (or share?) an error code is returned, right?. What smbfs could do then is simply to mount that other directory on itself (would work sort of like autofs or maybe even with the help of autofs). To connect to the other server smbfs would call on smbmount and the amount of junk needed in kernel space would be kept to a minimum. But maybe there is more to dfs than that. I have however no immediate plans to do this. Also, if cifsfs when released is better than smbfs (faster, more stable, with dfs support, etc) it should replace it and work on smbfs features would be a waste of time. There was some comment on this list that the source for the cifsfs module would be made available on the samba ftp. Is it now? /Urban
RE: Disk full error message with certain apps
Hi Mark, This may not be your problem, but I had a person that was getting the same symptoms with certain ms office 97 apps (specifically ones that had links to other docs in them). Setting strict allocate = yes took care of the problem for them... Hope this helps, Don -Original Message- From: Mark Branigan [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 30, 2002 5:00 To: [EMAIL PROTECTED] Subject: Disk full error message with certain apps Hi all, First off, Samba -- great bit of software, goes like a rocket. Now I have done a bit of creeping, on to the problem. The problem is solid, repeatable and reproducible. My gut feeling is it is something to do with the way Samba and certain Microsoft file creation/modification/extending APIs interact. The problem *** When trying to save files into a directory which is on a Samba server via an NT4 workstation I get variations on the theme that the disk is full. Word 97 reports The save failed due to out of memory or disk space and then after retrying I get The disk is full. Free some space yadda blah blah etc ... Other apps report Disk Full. These include a package called PenServer and Eudora Photoshop have also been reported to me. Some apps are ok. For example Mozilla and Excel. The fun bit is that The disk is nowwhere near full. 49GB share with 45GB available I can save a 50MB file into the same directory via NT explorer. I can save the word document in the parent directory. I can save the word document in some of the sibling directories but not all of them. We're using Samba 2.2.4 precompiled binary from samba.org on Solaris 2.8 SPARC hardware. The clients are NT4 workstations with SP6a. Samba logs have nothing related to the problem. I have checked available inodes and only 1% are used. The disk space free stats are all ok. The oplock and other locking settings appear to have very little effect. Snoop-ing the network traffic reveals very little apart from client and server happily talking to each other. Truss doesn't show any odd behaviour or unusual error messages. Debug level 5 doesn't show any unusual messages, just slows down samba. Problem end I posted this to the samba list but had very little response apart from a number of people e-mailing privately saying they also have a problem, can't find a fix and to let them know what the fix is. I have raised it as a bug (PR#24286) but I am not sure how long it takes to wiggle it's way through the system. Hopefully somebody here can help or let me know where else I can get help with this problem. Apologies if this list isn't the right place. Anyhelp greatly appreciated. Thanks, Mark
Disable spoolss
Title: Disable spoolss Due to quite some problems with the RPC printing code in samba (landscape, paper size), I would like to disable the spoolss functionality and use the old code. However I will probably need Active Directory support in the near future, so reverting to samba 2.0 is no option. Happy me, there is the disable spoolss option in the smb.conf file. I'm using 2.2.4 compiled on Intel RH 7.3, but samba seems to ignore the disable spoolss = yes option for Win2K and WinXP clients. NT 4 seems to be ok. Anyone has a solution, quite desperate over here. Greets, Stefan Lapers
known BUG multi-byte character set in usernames
hello, smb.conf-manpage of 2.2.5pre and HEAD states the bug of multi-byte character sets in usernames: -8--snip--8-- BUG: There is currently a bug in the implementation of security = domain with respect to multi-byte character set usernames. The communication with a Domain Controller must be done in UNICODE and Samba currently does not widen multi-byte user names to UNICODE correctly, thus a multi- byte username will not be recognized correctly at the Domain Controller. This issue will be addressed in a future release. -8--snap--8-- will this bug be solved in the near future? in 2.2.5 or HEAD? the main problem with this is that you get crippled wellknown domain-groups with winbind (on suse linux 8, kernel 2.4.18, samba-2_2) and german NT-servers where rid200 (Domain Admins) is Domänen-Admins, and rid202 is Domänen-Gäste. now wbinfo -g cuts out the UTF8 chars and will show you e.g. DOMAIN+Domnen-Admins, DOMAIN+Domnen-Gste, etc. now you cannot set XFS-ACLs properly since neither DOMAIN+Domnen-Admins nor DOMAIN+Domänen-Admins does resolve back ... a simple (and ugly) workaround is to create the three domain-groups in question in /etc/group. with that you still have to keep an eye on the correct winbind-gid mapping and rid200 appears crippled in security tab. is there any other workaround for this? thanks, guenther -- Guenther Deschner [EMAIL PROTECTED] SuSE Linux AGGnuPG: 8EE11688 Berliner Str. 27 phone: +49 (0) 30 / 430944778 D-13507 Berlin fax: +49 (0) 30 / 43732804 msg01094/pgp0.pgp Description: PGP signature
Re: known BUG multi-byte character set in usernames
Hi Guenther, Am Donnerstag, 30. Mai 2002 16:17 schrieb Guenther Deschner: hello, smb.conf-manpage of 2.2.5pre and HEAD states the bug of multi-byte character sets in usernames: -8--snip--8-- BUG: There is currently a bug in the implementation of security = domain with respect to multi-byte character set usernames. The communication with a Domain Controller must be done in UNICODE and Samba currently does not widen multi-byte user names to UNICODE correctly, thus a multi- byte username will not be recognized correctly at the Domain Controller. This issue will be addressed in a future release. -8--snap--8-- will this bug be solved in the near future? in 2.2.5 or HEAD? the main problem with this is that you get crippled wellknown domain-groups with winbind (on suse linux 8, kernel 2.4.18, samba-2_2) and german NT-servers where rid200 (Domain Admins) is Domänen-Admins, and rid202 is Domänen-Gäste. now wbinfo -g cuts out the UTF8 chars and will show you e.g. DOMAIN+Domnen-Admins, DOMAIN+Domnen-Gste, etc. now you cannot set XFS-ACLs properly since neither DOMAIN+Domnen-Admins nor DOMAIN+Domänen-Admins does resolve back ... a simple (and ugly) workaround is to create the three domain-groups in question in /etc/group. with that you still have to keep an eye on the correct winbind-gid mapping and rid200 appears crippled in security tab. is there any other workaround for this? I believe this is a different problem. There is just no conversion of group and user names to the desired character set. With the patch below applied I get: hasch@tower:~ getent group ... DOMAIN\Domänen-Admins:x:10003:DOMAIN\Administrator,DOMAIN\testadmin DOMAIN\Domänen-Gäste:x:10004:DOMAIN\Gast DOMAIN\Domänencomputer:x:10005: DOMAIN\Domänencontroller:x:10006: ... Now the correct usernames and groups are shown. I only added a few conversions, the correct approach would be to check all unistr2_to_ascii calls and add dos_to_unix where neccessary. I will generate a complete patch if the Samba team thinks it's worth considering and I am not completely on the wrong track :-) ...Juergen --- nsswitch/winbindd_rpc.c.orig Thu May 30 16:25:50 2002 +++ nsswitch/winbindd_rpc.c Sat May 25 23:49:43 2002 -63,7 +63,7 uint32 count = 0, start=i; int j; TALLOC_CTX *ctx2; - + pstring t; ctr.sam.info1 = info1; ctx2 = talloc_init_named(winbindd dispinfo); -92,8 +92,14 } for (j=0;jcount;i++, j++) { - (*info)[i].acct_name = unistr2_tdup(mem_ctx, info1.str[j].uni_acct_name); - (*info)[i].full_name = unistr2_tdup(mem_ctx, info1.str[j].uni_full_name); + unistr2_to_ascii(t, info1.str[j].uni_acct_name, sizeof(pstring)); + dos_to_unix(t); + (*info)[i].acct_name = talloc_strdup(mem_ctx, t); + + unistr2_to_ascii(t, info1.str[j].uni_full_name, sizeof(pstring)); + dos_to_unix(t); + (*info)[i].full_name = talloc_strdup(mem_ctx, t); + (*info)[i].user_rid = info1.sam[j].rid_user; /* For the moment we set the primary group for every user to be the Domain Users group. -267,6 +273,7 POLICY_HND dom_pol, user_pol; BOOL got_dom_pol = False, got_user_pol = False; SAM_USERINFO_CTR *ctr; + pstring t; /* Get sam handle */ if (!(hnd = cm_get_sam_handle(domain-name))) -300,10 +307,20 got_user_pol = False; user_info-group_rid = ctr-info.id21-group_rid; - user_info-acct_name = unistr2_tdup(mem_ctx, - ctr-info.id21-uni_user_name); - user_info-full_name = unistr2_tdup(mem_ctx, - ctr-info.id21-uni_full_name); + + unistr2_to_ascii(t, ctr-info.id21-uni_user_name, sizeof(pstring)); + dos_to_unix(t); + user_info-acct_name = talloc_strdup(mem_ctx, t); + + unistr2_to_ascii(t, ctr-info.id21-uni_full_name, sizeof(pstring)); + dos_to_unix(t); + user_info-full_name = talloc_strdup(mem_ctx, t); + done: /* Clean up policy handles */ --- libsmb/cli_samr.c.orig Thu May 30 16:30:33 2002 +++ libsmb/cli_samr.c Sat May 25 23:30:51 2002 -569,6 +569,7 unistr2_to_ascii((*dom_groups)[i].acct_name, r.uni_grp_name[name_idx], sizeof(fstring) - 1); + dos_to_unix((*dom_groups)[i].acct_name); name_idx++; } -647,6 +648,7 unistr2_to_ascii((*dom_groups)[i].acct_name, r.uni_grp_name[name_idx], sizeof(fstring) - 1); + dos_to_unix((*dom_groups)[i].acct_name); name_idx++; } -938,6 +940,7 fstring tmp; unistr2_to_ascii(tmp, r.uni_name[i], sizeof(tmp) - 1); + dos_to_unix(tmp); (*names)[i] = talloc_strdup(mem_ctx, tmp); (*name_types)[i] = r.type[i]; } --- rpcclient/cmd_samr.c.orig Sun Apr 7 10:10:35 2002 +++ rpcclient/cmd_samr.c Thu May 30 16:38:36 2002 -35,9 +35,11 fstring temp; unistr2_to_ascii(temp, usr-uni_user_name, sizeof(temp)-1); + dos_to_unix(temp); printf(\tUser Name :\t%s\n, temp); unistr2_to_ascii(temp,
Re: Microsoft DFS and the CIFS VFS
On Thu, 30 May 2002, David W. Chapman Jr. wrote: The FreeBSD kernel wouldn't be distributed with this module. It would be in the ports system and compiled/added at a later time. Yes, but someone who was distributing the package with their kernel and propietary product would have to release any kernel sources they had :-) Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Re: Microsoft's Dfs - GPL LICENSE ISSUE
David W. Chapman Jr. wrote: It is GPL code. I don't think it can be used in the FreeBSD kernel (correct me if I'm wrong Steve). I don't think this will be a problem. We currently have a GPL math emulator in our kernel, just not enabled by default options GPL_MATH_EMULATE#Support for x87 emulation via #new math emulator If it can be loaded as a kernel module it will be even less of a problem, but I don't know the specifics about the program in question. Uhmm that's not entirely true. There is a problem. When you distribute a kernel in which that module has been linked (statically or dynamically) you have to release the whole kernel under the GPL terms if you distribute it in binary form Even if it has been dynamically linked after the fact and the kernel was not originally distributed with this module? That depends on how you distribute it. If dynamically linking is up to the user, an optional feature, then no. If the module is required for the device to perform it's most basic function, then it is a necessary part of the device as a whole. The GPL has a lot words crafted around this concept, but since the authors of the GPL did not write what they mean in clear language, virtually any legal interpretation is possible. It is not likely that a court will draw any legal distinctions between the technicalities of static vs. dynamic linking, but rather on whether the code is a required or optional part of the device functionality. Or said legal counsel for my last employer, which produced an embedded software platform based on OpenBSD. I have seen the same opinion from other legal sources who have studied the GPL with respect to embedded systems. (you must distribute the source of the whole kernel or offer a written offer to give the source at no cost but that of the medium). not doing so or offering only the GPL code part as source would be a copyright violation of the owners of the code of the module. How does this gpl program differ from the gpl math emulator we distribute with our kernel? It's completely optional, and not needed for the device, i.e. a web server, to function. Also, FreeBSD is the product itself, not the system. -- Where am I, and what am I doing in this handbasket? Wes Peters Softweyr LLC [EMAIL PROTECTED] http://softweyr.com/
Re: Microsoft DFS and the CIFS VFS
On Thu, 30 May 2002, David W. Chapman Jr. wrote: That makes sense. Currently we ship with something under GPL in our kernel so I think this has already been taken care of. We do not charge for our sources and they are all readily available. smbfs is distributed with FreeBSD and I believe that is under GPL. I think this module would be in the ports system though and not distributed with freebsd in a release. There is a smbfs implementation in BSD, but I believe it does not have any connection to the GPL'ed Linux version, other than for some comments where they have obviously compared what the code does (but that is allowed). I think it was made for one BSD variant first and that it has been copied to the others. Maybe that is why it is in 'ports'. /Urban
Re: Microsoft DFS and the CIFS VFS
There is a smbfs implementation in BSD, but I believe it does not have any connection to the GPL'ed Linux version, other than for some comments where they have obviously compared what the code does (but that is allowed). I think it was made for one BSD variant first and that it has been copied to the others. Maybe that is why it is in 'ports'. Its in the base src for 5.0, but what you said above makes sense. In any case we have a lot of gnu stuff in the base src so I don't think it will be a problem as I don't think we're breaking anything in the GPL license when we distribute. -- David W. Chapman Jr. [EMAIL PROTECTED] Raintree Network Services, Inc. www.inethouston.net [EMAIL PROTECTED] FreeBSD Committer www.FreeBSD.org
Re: Microsoft DFS and the CIFS VFS
On Thu, 30 May 2002, Urban Widmark wrote: On Thu, 30 May 2002, David W. Chapman Jr. wrote: That makes sense. Currently we ship with something under GPL in our kernel so I think this has already been taken care of. We do not charge for our sources and they are all readily available. smbfs is distributed with FreeBSD and I believe that is under GPL. I think this module would be in the ports system though and not distributed with freebsd in a release. There is a smbfs implementation in BSD, but I believe it does not have any connection to the GPL'ed Linux version, other than for some comments where they have obviously compared what the code does (but that is allowed). I think it was made for one BSD variant first and that it has been copied to the others. Maybe that is why it is in 'ports'. Yes, I have been modifying it a bit, but will probably switch to Steve French's package when it becomes available. Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Re: Microsoft DFS and the CIFS VFS
On Thu, 2002-05-30 at 18:35, David W. Chapman Jr. wrote: There is a smbfs implementation in BSD, but I believe it does not have any connection to the GPL'ed Linux version, other than for some comments where they have obviously compared what the code does (but that is allowed). I think it was made for one BSD variant first and that it has been copied to the others. Maybe that is why it is in 'ports'. Its in the base src for 5.0, but what you said above makes sense. In any case we have a lot of gnu stuff in the base src so I don't think it will be a problem as I don't think we're breaking anything in the GPL license when we distribute. Do not confuse programs and modules. A GPL program can run on any system A GPL program cannot be linked to any other program but only to any GPL-compatible program and the whole work have to be distributed under the GPL terms when doing so. In the case of the module, it is part of the freebsd kernel, not a program that uses the freebsd kernel. So any distributor that distribute a product based on freebsd AND a GPL module must distribute the whole program under the GPL terms (of course that means no GPL-incompatible modules can be linked in that kernel). Simo. -- Simo Sorce -- Una scelta di liberta': Software Libero. A choice of freedom: Free Software. http://www.softwarelibero.it
Re: Changing domain passwords
Andrew, Thank you so much for your help. The net ads password command works beautifully in changing a users' AD password as an administrative user. However, there were a few gotcha's that weren't mentioned in the ADS-HOWTO.txt. The first problem I ran into was that the RPM of OpenLDAP that came with RedHat 6 (version 1.2.9) doesn't pass the necessary ./configure tests to set HAVE_LDAP in include/config.h. That wasn't a big deal. I went to ftp.openldap.org, downloaded and compiled 2.0.23, and that problem was taken care of. The second problem took a little bit longer to figure out. When running net ads password, I would receive a prompt for the new password, but as soon as I pressed 'enter' it would dump core. I traced it down to a krb5 library call. I was using the krb5 library that came with RedHat 6 (version 1.1.1). When I downloaded and compiled the latest version from MIT, version 1.2.5, things started working beautifully. Anyway, I just wanted to say thanks to the Samba team for such an incredible product, thanks to Andrew Bartlett for replying so quickly to my question, and hopefully offer a little help for those who might experience a similar problem in the future. By the way, is SWAT broken in the HEAD branch or is it just my configuration? Whenever I try to run it, it traps a SIGABRT and dies. The backtrace is as follows: #0 0x808e0d5 in lp_save_defaults () #1 0x808e468 in lp_load () #2 0x805ef4b in load_config () Thanks, James Willard [EMAIL PROTECTED] - Original Message - From: Andrew Bartlett [EMAIL PROTECTED] To: James Willard [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, May 28, 2002 6:37 PM Subject: Re: Changing domain passwords James Willard wrote: Hello all, I'm trying to use smbpasswd to change the password for a user who's a member of an Active Directory domain (running in NT domain compatibility mode). The problem is that I need to be able to change a users' password AS another user with administrator rights. Users have the ability to change their own password disabled so that they must use the web interface. With rpcclient from samba-tng, I could connect to IPC$ as administrator and then use ntpass user to change their password. Is there an alternative method in the newer AD-aware versions of Samba? Its rpcclient no longer has the 'ntpass' command and smbpasswd doesn't support connecting as another user, from what I can tell. Look at the 'net ads password' command in HEAD. This works against AD nativly - doing the password change over kerberos protocols. Sorry, the doco is a bit lacking at this stage. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: Stablising the winbind interface for squid's NTLM code
On Thu, May 30, 2002 at 07:38:00AM +1000, Andrew Bartlett wrote: An oft-requested feature for FreeTDS (an LGPL client library for MS SQL and Sybase servers) is domain login support. It would be nice to be able to leverage the Samba team's work in the NTLMSSP department, rather than reimplementing it from the ground-up. Is there any chance that this (or a) standalone binary might be useful for the client side of NTLMSSP authentication? I'm not currently proposing the creation of a client-side, but doing it in samba would not pose a particular problem. Of course it is one thing to propose, quite another to actually implement... But I do think that this work (particularly the server end, but also the client) should live in the samba tree. I can think of plenty of areas where this would be useful on the client side as well as on the server side -- Unix web /browsers/ being yet another example. I'll probably wait until you've got something cooking in CVS for the server side, and then try to look at a client-side implementation. Steve Langasek postmodern programmer msg01106/pgp0.pgp Description: PGP signature
Re: Microsoft's Dfs - GPL LICENSE ISSUE
On 2002-05-30 07:27 -0500, David W. Chapman Jr. wrote: It is GPL code. I don't think it can be used in the FreeBSD kernel (correct me if I'm wrong Steve). I don't think this will be a problem. We currently have a GPL math emulator in our kernel, just not enabled by default options GPL_MATH_EMULATE#Support for x87 emulation via #new math emulator If it can be loaded as a kernel module it will be even less of a problem, but I don't know the specifics about the program in question. Uhmm that's not entirely true. There is a problem. When you distribute a kernel in which that module has been linked (statically or dynamically) you have to release the whole kernel under the GPL terms if you distribute it in binary form Even if it has been dynamically linked after the fact and the kernel was not originally distributed with this module? Pardon my somewhat flamebait-like style, but bullfeathers. Greg Lehey has researched this exact topic a bit more, and his views, backed up with some statements by Richard Stallman, can be found in an old article of daemonnews. It makes things pretty clear, and you can find it at: http://ezine.daemonnews.org/200202/dadvocate.html - Giorgos
Re: Thanks for fixing oplock.c for Linux 2.0 in 2_2 CVS
On Thu, May 30, 2002 at 09:35:38AM +0200, Volker Lendecke wrote: On Wed, May 29, 2002 at 04:55:20PM -0700, Jeremy Allison wrote: On Wed, May 29, 2002 at 04:48:27PM -0700, [EMAIL PROTECTED] wrote: And are you saying that Win2k will never 'idle' a client connection? I'm sure I've seen smbfs being 'idled' by NT before... I don't think it ever drops the TCP connection on purpose. I'm quite positive it does. I have seen sites with 'security = server' fail miserably after having changed to W2k on the DC due to disconnects from the DC. No, I mean that the Win2k server service won't drop a client connection on purpose if there's no traffic on it (it doesn't idle connections). Jeremy.
Warning in trans2.c under AIX
When compiling Samba 2_2 CVS under AIX 4.3.3 using gcc or xlc_r, I get the following warnings: smbd/trans2.c: In function `get_lanman2_dir_entry': smbd/trans2.c:759: warning: right shift count = width of type smbd/trans2.c:759: warning: right shift count = width of type smbd/trans2.c:759: warning: right shift count = width of type smbd/trans2.c:759: warning: right shift count = width of type smbd/trans2.c: In function `call_trans2qfilepathinfo': smbd/trans2.c:2025: warning: right shift count = width of type smbd/trans2.c:2025: warning: right shift count = width of type smbd/trans2.c:2025: warning: right shift count = width of type smbd/trans2.c:2025: warning: right shift count = width of type The first offending line in smbd/trans2.c is: SOFF_T(p,0,sbuf.st_blocks*STAT_ST_BLOCKSIZE); /* Number of bytes used on disk - 64 Bit */ sbuf.st_blocks is of type blksize_t which is defined as int with only 32 bits and STAT_ST_BLOCKSIZE=512. The SOFF_T macro is defined as: #define SOFF_T(p, ofs, v) (SIVAL(p,ofs,(v)0x), SIVAL(p,(ofs)+4,(v)32)) The value passed to SOFF_T needs to be a 64 bit value, attached is a patch I use to silence the compiler. ...Juergen --- smbd/trans2.c.orig Thu May 30 23:16:44 2002 +++ smbd/trans2.c Thu May 30 23:16:59 2002 -756,7 +756,7 p+= 8; #if defined(HAVE_STAT_ST_BLOCKS) defined(STAT_ST_BLOCKSIZE) - SOFF_T(p,0,sbuf.st_blocks*STAT_ST_BLOCKSIZE); /* Number of bytes used on disk - 64 Bit */ + SOFF_T(p,0,((long long)sbuf.st_blocks)*STAT_ST_BLOCKSIZE); /* Number of bytes used on disk - 64 Bit */ #else /* Can't get the value - fake it using size. */ SOFF_T(p,0,sbuf.st_size); /* Number of bytes used on disk - 64 Bit */ -2022,7 +2022,7 pdata += 8; #if defined(HAVE_STAT_ST_BLOCKS) defined(STAT_ST_BLOCKSIZE) - SOFF_T(pdata,0,sbuf.st_blocks*STAT_ST_BLOCKSIZE); /* Number of bytes used on disk - 64 Bit */ + SOFF_T(pdata,0,(long long)sbuf.st_blocks*STAT_ST_BLOCKSIZE); /* Number of bytes used on disk - 64 Bit */ #else /* Can't get the value - fake it using size. */ SOFF_T(pdata,0,sbuf.st_size); /* Number of bytes used on disk - 64 Bit */
taking back the 'restrict anonymous' parameter
I'm thinking about taking back the restrict anonymous parameter and using it to do Good Things. Previously in HEAD and currently in 2.2 it stops people connecting to shares anonymously but I think Mr Bartlett removed it because it was either buggy or didn't do anything useful. I propose that this parameter act like the RestrictAnonymous registry setting, i.e it prevents anonymous access to the SAMR pipe and anonymous access to the NetShareEnum RPC when set to 1. When set to 2, it disallows anonymous access to all RPC pipes. Any objections? There's still some more testing and coding to be done. This may be a good opportunity to implement security descriptors on pipes. Tim.
Re: Thanks for fixing oplock.c for Linux 2.0 in 2_2 CVS
Please see: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q297684 Which says in part... SYMPTOMS When you perform drive mapping from a Windows 2000-based client computer to either a Microsoft Windows NT or Windows 2000 network share, the drive mapping may be disconnected after 15 minutes of inactivity and Windows Explorer may display a red X on the icon of the mapped drive. However, if you attempt to access or browse the mapped drive, it reconnects quickly. CAUSE This behavior can occur because both Windows NT Server version 4.0 and Windows 2000 Server can drop idle connections after a specified time-out period, which by default is 15 minutes, so that server resources are not wasted on unused sessions. The connection can be re-established very quickly at a later time, if required. RESOLUTION To resolve this behavior, use a command to change the default time-out period on the Windows NT Server 4.0 or Windows 2000 Server: At a command prompt, type: net config server /autodisconnect:30 . The valid value range to configure this setting from a command line is from -1 through 65,535 minutes. To disable Autodisconnect, set it to -1 . Rich Bollinger - Original Message - From: Jeremy Allison [EMAIL PROTECTED] To: Volker Lendecke [EMAIL PROTECTED] Cc: Jeremy Allison [EMAIL PROTECTED]; [EMAIL PROTECTED]; Andrew Bartlett [EMAIL PROTECTED]; Richard Bollinger [EMAIL PROTECTED]; Samba Technical [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, May 30, 2002 5:32 PM Subject: Re: Thanks for fixing oplock.c for Linux 2.0 in 2_2 CVS On Thu, May 30, 2002 at 09:35:38AM +0200, Volker Lendecke wrote: On Wed, May 29, 2002 at 04:55:20PM -0700, Jeremy Allison wrote: On Wed, May 29, 2002 at 04:48:27PM -0700, [EMAIL PROTECTED] wrote: And are you saying that Win2k will never 'idle' a client connection? I'm sure I've seen smbfs being 'idled' by NT before... I don't think it ever drops the TCP connection on purpose. I'm quite positive it does. I have seen sites with 'security = server' fail miserably after having changed to W2k on the DC due to disconnects from the DC. No, I mean that the Win2k server service won't drop a client connection on purpose if there's no traffic on it (it doesn't idle connections). Jeremy.
oplock error
I'm getting file corruption due to oplock errors. Running Linux RH 7.2, samba-2.2.4 and Win2k SP2 clients. Have tried turning oplocks off but that was a disaster. Mainly MSoffice 2k and DB files get corrupted. This is creating serious problems. Error message : [2002/05/30 14:30:10, 0] smbd/oplock.c:oplock_break(761) oplock_break: receive_smb timed out after 30 seconds. oplock_break failed for file user/dnitzahn/Expense reports/More May travel 3.xls (dev = 7441, inode = 18166407, file_id = 64). [2002/05/30 14:30:10, 0] smbd/oplock.c:oplock_break(833) oplock_break: client failure in oplock break in file user/dnitzahn/Expense reports/More May travel 3.xls reply_lockingX: Error : oplock break from client for fnum = 13268 and no oplock granted on this file (user/dnitzahn/Expense reports/More May travel 3.xls).
Re: taking back the 'restrict anonymous' parameter
On Thu, May 30, 2002 at 04:37:59PM -0700, Jeremy Allison wrote: I propose that this parameter act like the RestrictAnonymous registry setting, i.e it prevents anonymous access to the SAMR pipe and anonymous access to the NetShareEnum RPC when set to 1. When set to 2, it disallows anonymous access to all RPC pipes. Any objections? There's still some more testing and coding to be done. This may be a good opportunity to implement security descriptors on pipes. Hurrah for Tim ! Good idea :-). Great! Any feedback on the _res.{retry,retrans} idea for minimising DNS timeouts? Tim.
Re: Thanks for fixing oplock.c for Linux 2.0 in 2_2 CVS
Wouldn't it be neat if we could do _better_ than MS at their own game and somehow prevent the win9x client bug from getting triggered in case of timeout disconnections? Rich Bollinger - Original Message - From: Jeremy Allison [EMAIL PROTECTED] To: Richard Bollinger [EMAIL PROTECTED] Cc: Volker Lendecke [EMAIL PROTECTED]; Jeremy Allison [EMAIL PROTECTED]; [EMAIL PROTECTED]; Andrew Bartlett [EMAIL PROTECTED]; Samba Technical [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, May 30, 2002 8:30 PM Subject: Re: Thanks for fixing oplock.c for Linux 2.0 in 2_2 CVS On Thu, May 30, 2002 at 07:36:21PM -0400, Richard Bollinger wrote: Please see: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q297684 Ah - this is very interesting, thanks for pointing this out. Using the registry setting here : \System\CurrentControlSet\Services\LanmanServer\Parameters autodisconnect and setting it to 1 (meaning 1 minute) I have perfectly reproduced this client problem with Win98 client, W2K server. I thought they might have some heuristics to avoid running into this bug themselves when talking to a Win98 client but no - it's just that their timeout on autodisconnect is much longer.. This means we're completely the same as a W2K server in this respect - we probably need to add a big warning message to the timeout parameter on the man page, but I don't think any code changes would help. Jeremy.