RE: Winbind problem or my problem:)
Title: RE: Winbind problem or my problem:)
I am
assumingO. T. is notusing ADS security.
O. T.
: Try rebooting the PDC. It's possible one of the services is not responding to
user info requests. The problem you are describing requires some very basic
parts of the code to fail, if it's on the Samba side. I have seen domain
controllers have this sort of problem before, usually with LSASS appearing to be
working, when in fact it is not replying to requests.
Samba Technical List:
After doing some guesswork, I
traced this into winbindd_rpc.c, query_user(279), and I can see that most of the
handles are being tested. The "ctr" handle is being used without testing the
return value from "cli_samr_query_userinfo", however. If that function fails, it
returns NT_STATUS_USUCCESSFUL. The value of "ctr" would be undefined, but it
gets used anyway.
Suggest the following fix:
Index:
winbindd_rpc.c===RCS
file: /cvsroot/samba/source/nsswitch/winbindd_rpc.c,vretrieving revision
1.22.2.7diff -u -c -r1.22.2.7 winbindd_rpc.ccvs server: conflicting
specifications of output style*** winbindd_rpc.c6 Jun 2002 21:12:47
-1.22.2.7--- winbindd_rpc.c20 Jun 2002 17:31:25
-** 315,320 --- 315,323
result = cli_samr_query_userinfo(hnd-cli, mem_ctx, user_pol,
0x15, ctr); +
if (!NT_STATUS_IS_OK(result))+ goto done;+
cli_samr_close(hnd-cli, mem_ctx, user_pol);
got_user_pol = False;
The real question is, why would the
followingcode in libsmb/cli_samr.c, cli_samr_user_query fail? It causes a
skip of the "ctr" setting.
if (!samr_io_q_query_userinfo("", q,
qbuf, 0) || !rpc_api_pipe_req(cli,
SAMR_QUERY_USERINFO, qbuf, rbuf)) {goto
done;}
/* Unmarshall response
*/
if (!samr_io_r_query_userinfo("", r,
rbuf, 0)) {goto
done;}
-Original Message-From: Osman Tufanogullari (Garanti
Teknoloji) [mailto:[EMAIL PROTECTED]]Sent: Thursday, June 20,
2002 10:51 AMTo: Esh, Andrew;
[EMAIL PROTECTED]Subject: RE: Winbind problem or my
problem:)
Hi
Andrew,
Redhat 7.3...
I
did what you said and here is output...
#0 0x420b4769 in wait4 () from /lib/i686/libc.so.6#1
0x4213030c in __DTOR_END__ () from /lib/i686/libc.so.6#2 0x42049f72
in system () from /lib/i686/libc.so.6#3 0x0808d895 in smb_panic
()#4 0x0807d960 in fault_report ()#5 0x0807d9ae in
sig_fault ()#6 signal handler called#7 0x0806d7c4
in query_user ()#8 0x08069b22 in query_user ()#9
0x0806494d in winbindd_getpwnam ()#10 0x080638b7 in process_request
()#11 0x08063b06 in process_packet ()#12 0x0806406e in process_loop
()#13 0x08064579 in main ()#14 0x42017499 in __libc_start_main () from
/lib/i686/libc.so.6
-Original Message-From: Esh, Andrew
[mailto:[EMAIL PROTECTED]]Sent: Thursday, June 20, 2002 5:29
PMTo: Osman Tufanogullari (Garanti Teknoloji);
[EMAIL PROTECTED]Subject: RE: Winbind problem or my
problem:)
What platform?
The "panic action" smb.conf parameter can be used to display
a debugger when the code panics. On Linux, I use this:
panic action = "gnome-terminal --command 'gdb /proc/%d/exe %d'"
This will open a new terminal window and display the gdb
debugger, positioned at the point of the panic. Doing a "bt" at that point
will show what code was running when it panicked.
We need that information in order to deal with this
problem.
-Original Message- From:
Osman Tufanogullari (Garanti Teknoloji) [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 20, 2002 5:02 AM To: [EMAIL PROTECTED] Subject:
Winbind problem or my problem:)
Hi all,
Did you have a problem with winbindd which got all the users
from the domains except its own domain!? and
when you reach a share on samba with its own domain
user, Signal 11 is received and kills itself... Winbindd can bind the PDC of its own domain like it does for the
trusted ones but it doesnt get the user or groups of only its
domain...
Thanks..
samba3.0 alpha and kerberos5 authentication
Hi. I have followed the ADS-HOWTO.txt in trying to get smbd behind kerberos authentication. The w2k kdc neatly distributes the ticket for the smbd and i have made the accounts for smbd and mirage-host in the w2k kdc. NT_STATUS_LOGON_FAILURE seems to be the core of the problem, meaning that the smbd or mirage useraccount cannot authenticate (?) I have included two different logs which i hope can give you the accurate details to solve this problem. PS. Yes, I tried to connect to the localhost smbd server, but it shouldn't affect the result because smbd krb5 authentication fails with w2k client also. Ville Lehtola email: [EMAIL PROTECTED] [root@mirage bin]# kinit smbtest Password for [EMAIL PROTECTED]: [root@mirage bin]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 06/20/02 16:09:25 06/21/02 02:09:25 [EMAIL PROTECTED] Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [root@mirage bin]# ./net ads join [2002/06/20 16:09:37, 0] libads/ldap.c:ads_join_realm(1061) Host account for mirage already exists - deleting old account Joined 'MIRAGE' to realm 'FUT.HUT.FI' [root@mirage bin]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 06/20/02 16:09:25 06/21/02 02:09:25 [EMAIL PROTECTED] 06/20/02 16:10:17 06/21/02 02:09:25 [EMAIL PROTECTED] 06/20/02 16:10:20 06/21/02 02:09:25 [EMAIL PROTECTED] Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [root@mirage bin]# ./smbclient //mirage/public -k added interface ip=193.167.1.133 bcast=193.167.1.255 nmask=255.255.254.0 Doing spnego session setup (blob length=98) Doing kerberos session setup krb5_get_credentials failed for [EMAIL PROTECTED] (KDC has no support for encryption type) session setup failed: NT_STATUS_LOGON_FAILURE [root@mirage bin]# ## [root@mirage bin]# ./smbclient //mirage/public -k -d bignumber added interface ip=193.167.1.133 bcast=193.167.1.255 nmask=255.255.254.0 Client started (version 3.0-alpha17). internal_resolve_name: looking up mirage#20 resolve_lmhosts: Attempting lmhosts lookup for name mirage0x20 startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error was No such file or directory resolve_wins: Attempting wins lookup for name mirage0x20 wins_srv_count: WINS status: 0 servers. resolve_wins: WINS server resolution selected and no WINS servers listed. resolve_hosts: Attempting host lookup for name mirage0x20 internal_resolve_name: returning 1 addresses: 127.0.0.1 Connecting to 127.0.0.1 at port 445 socket option SO_KEEPALIVE = 0 socket option SO_REUSEADDR = 0 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 1 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 16384 socket option SO_RCVBUF = 16384 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 session request ok write_socket(3,183) write_socket(3,183) wrote 183 got smb length of 167 size=167 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=18433 smb_tid=0 smb_pid=28118 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=7 (0x7) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=65280 (0xFF00) smb_vwv[4]=255 (0xFF) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=55040 (0xD700) smb_vwv[8]=109 (0x6D) smb_vwv[9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=128 (0x80) smb_vwv[12]=55372 (0xD84C) smb_vwv[13]=23009 (0x59E1) smb_vwv[14]=49688 (0xC218) smb_vwv[15]=19457 (0x4C01) smb_vwv[16]=25343 (0x62FF) smb_bcc=98 [000] 6D 69 72 61 67 65 00 00 00 00 00 00 00 00 00 00 mirage.. [010] 60 50 06 06 2B 06 01 05 05 02 A0 46 30 44 A0 24 `P..+... ...F0D.$ [020] 30 22 06 0A 2B 06 01 04 01 82 37 02 02 0A 06 09 0..+... ..7. [030] 2A 86 48 86 F7 12 01 02 02 06 09 2A 86 48 82 F7 *.H. ...*.H.. [040] 12 01 02 02 A3 1C 30 1A A0 18 1B 16 48 4F 53 54 ..0. HOST [050] 2F 6D 69 72 61 67 65 40 46 55 54 2E 48 55 54 2E /mirage@ FUT.HUT. [060] 46 49 FI size=167 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=18433 smb_tid=0 smb_pid=28118 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[0]=7 (0x7) smb_vwv[1]=12803 (0x3203) smb_vwv[2]=256 (0x100) smb_vwv[3]=65280 (0xFF00) smb_vwv[4]=255 (0xFF) smb_vwv[5]=0 (0x0) smb_vwv[6]=256 (0x100) smb_vwv[7]=55040 (0xD700) smb_vwv[8]=109 (0x6D) smb_vwv[9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=128 (0x80) smb_vwv[12]=55372 (0xD84C) smb_vwv[13]=23009 (0x59E1) smb_vwv[14]=49688 (0xC218) smb_vwv[15]=19457 (0x4C01) smb_vwv[16]=25343 (0x62FF) smb_bcc=98 [000] 6D 69 72 61 67 65 00 00 00 00 00 00 00 00 00 00 mirage.. [010] 60 50 06 06 2B 06 01 05 05 02 A0 46 30 44 A0 24 `P..+... ...F0D.$ [020] 30 22 06 0A 2B 06 01 04
Large file size issues with Samba client.
I'm trying to access a Windows 2000 server share that has files 2GB using the Samba client 2.2.3 that comes with Redhat 7.3. It lists the files as being many times larger than their actual size. I upgraded to the CVS version of Samba today and it still has the problem. Any ideas on how to work around this? Viewed from Linux as a mount point to the Win2K. -rwxr-xr-x1 root root 18446744071777017513 May 15 18:25 BOCC_20020515_450kbps_21480048.rm Viewed from Windows 2000. BOCC_20020515_450kbps_21480048.rm2,307,064KB RealMedia File 5/15/2002 6:25 PM Brett
RE: Large file size issues with Samba client.
Title: RE: Large file size issues with Samba client. An 18.4 Exabyte realmedia file? Must be one of Jeremy Allison's ACL discussions. That number is interesting. If you subtract it from 2^64, you get 1,932,534,103. If that number is added to the other reported file size (2,307,064*1024), the result is 343 bytes less than 2^32. The 343 bytes is explained by rounding in the bytes-to-kilobytes conversion being done in W2K. My guess is, somewhere, the actual 32-bit unsigned file size is being reported as a 32 bit signed number. That negative value is later represented as a 64-bit signed number, and is later represented an unsigned 64-bit number. That series of representation changes would convert the just-over 2GB file size into the just-under MAXINT64 size being shown in Linux. -Original Message- From: Brett Simpson [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 20, 2002 1:01 PM To: [EMAIL PROTECTED] Subject: Large file size issues with Samba client. I'm trying to access a Windows 2000 server share that has files 2GB using the Samba client 2.2.3 that comes with Redhat 7.3. It lists the files as being many times larger than their actual size. I upgraded to the CVS version of Samba today and it still has the problem. Any ideas on how to work around this? Viewed from Linux as a mount point to the Win2K. -rwxr-xr-x 1 root root 18446744071777017513 May 15 18:25 BOCC_20020515_450kbps_21480048.rm Viewed from Windows 2000. BOCC_20020515_450kbps_21480048.rm 2,307,064KB RealMedia File 5/15/2002 6:25 PM Brett
Re: --with-vfs and ACLs problem
On Thu, 20 Jun 2002, Nir L wrote: I am using samba 2.2.0 without winbind, using security = server. The samba server is NOT a PDC. I've set its password server to my PDC. I am writing an extention to samba, in order to let it get the ACL's of the shared files from an external security managment product. The security management product decides which DOMAIN users are authorized to which files. The users belong to my NT_DOMAIN. I replace the fget_nt_acl and get_nt_acl functions, in order to return the acl's according to the management product. The SID's that I return from these functions seem to be OK (I've checked them with several utilities)/ But somehow, when I choose file-properties-security, I can see the correct SID's , but the SID's are NOT TRANSLATED to the account names in my domain. They remain in their SID form (similar to an SID of a deleted user, if you've ever seen it...) This happen both on Win2K clients and WinNT 4.0 clients with the latest service packs. Can anyone help me ? I've seen this happen ... now, let me think, why was that. Are you sure they are domain sids and not local sids? Your samba server is a member of the domain? The client should ask the DC to translate the SIDs to names. I can't remember exactly why that was happening now, but I've seen it :-) Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Re: Large file size issues with Samba client.
On Thu, 20 Jun 2002, Brett Simpson wrote: I'm trying to access a Windows 2000 server share that has files 2GB using the Samba client 2.2.3 that comes with Redhat 7.3. It lists the files as being many times larger than their actual size. I upgraded to the CVS version of Samba today and it still has the problem. Any ideas on how to work around this? Apply the 2.4.18 kernel patches from: http://www.hojdpunkten.ac.se/054/samba/index.html 00 - 02 + the samba patch to make smbmount negotiate. smbfs did not implement LFS before. /Urban
Rant re mutation [Was libsmbclient functionality addition]
Richard Sharpe wrote: The problem I have here is that we do not seem to have asked our user base what they want. I can appreciate the need for changes, as I need them myself, but maintaining backward compatibility may be something that is important, given that libsmbclient is being shipped with a number of Linux distros now. [Time for my standard Multics rant again, suitably bowdlerized...] I recommend shipping a filter library implementing the existing libsmbclient calls without the handles, but implemented in terms of calls to the new ones, with a hidden handle. Call this libsmbclient.so.1, and the one with the new calls libsmbclient.so.2 Ensure both are built and installed by default, and warn people that .so.1 will be dropped from maintenance after .2 stabilizes. Anyone needing backwards compatibility will get it, but will also get to accept the cost of maintaining the filter library themselves. --dave [On Multics, if you changed an interface, you had to change the version number and write functions to update and downdate from the immediately previous versions. They used this to change stuff on the fly, without buggering up users or rebooting] -- David Collier-Brown, | Always do right. This will gratify Performance Engineering | some people and astonish the rest. Americas Customer Engineering, | -- Mark Twain (905) 415-2849 | [EMAIL PROTECTED]
Re: Winbind problem or my problem:)
On Thu, Jun 20, 2002 at 12:28:18PM -0500, Esh, Andrew wrote: Suggest the following fix: Index: winbindd_rpc.c === RCS file: /cvsroot/samba/source/nsswitch/winbindd_rpc.c,v retrieving revision 1.22.2.7 diff -u -c -r1.22.2.7 winbindd_rpc.c cvs server: conflicting specifications of output style *** winbindd_rpc.c 6 Jun 2002 21:12:47 - 1.22.2.7 --- winbindd_rpc.c 20 Jun 2002 17:31:25 - *** *** 315,320 --- 315,323 result = cli_samr_query_userinfo(hnd-cli, mem_ctx, user_pol, 0x15, ctr); + if (!NT_STATUS_IS_OK(result)) + goto done; + cli_samr_close(hnd-cli, mem_ctx, user_pol); got_user_pol = False; Applied - thanks ! Jeremy.
Re: Large file size issues with Samba client.
Thanks. I'll give that a try. Urban Widmark [EMAIL PROTECTED] 06/20/02 02:34PM On Thu, 20 Jun 2002, Brett Simpson wrote: I'm trying to access a Windows 2000 server share that has files 2GB using the Samba client 2.2.3 that comes with Redhat 7.3. It lists the files as being many times larger than their actual size. I upgraded to the CVS version of Samba today and it still has the problem. Any ideas on how to work around this? Apply the 2.4.18 kernel patches from: http://www.hojdpunkten.ac.se/054/samba/index.html 00 - 02 + the samba patch to make smbmount negotiate. smbfs did not implement LFS before. /Urban
Re: CIFS VFS posted
I didn't make a tar ball of this particular version. It is all in CVS though (minus some bug fixes for locking e.g. my lock lengths are one byte too short and I don't report the mandatory locking capable mode for files). I will make a tar ball of the source on Monday. I was holding off on making the announce on the kernel and fsdevel mailing lists until I run better on the big endian architectures (I just got access to an iSeries 64 bit, big endian machine for testing and I know already of a few places where the code isn't endian neutral). My tentative plan was to bump the version to 0.5 when the big endian stuff works ok and make a more general announce. Steve French Senior Software Engineer Linux Technology Center - IBM Austin phone: 512-838-2294 email: [EMAIL PROTECTED] Gerald Carter [EMAIL PROTECTED] on 06/19/2002 04:06:32 PM To:Steven French/Austin/IBM@IBMUS cc:[EMAIL PROTECTED] Subject:Re: CIFS VFS posted On Wed, 19 Jun 2002, Steven French wrote: FYI - The CIFS VFS for Linux source has been posted to cifsvfs directory on cvs.samba.org See http://us1.samba.org/samba/Linux_CIFS_client.html for more information. Steve, Do you have a release tarball? Or is it all in CVS right now? Oh...and I would announce this on the linux-kernel mailing list as well as the linux-fsdevel lists. cheers, jerry - Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org --http://www.plainjoe.org Sam's Teach Yourself Samba in 24 Hours 2ed. ISBN 0-672-32269-2 --I never saved anything for the swim back. Ethan Hawk in Gattaca--
Re: CIFS VFS posted
Good question - at some point I need to look at that. Clearly the structure is quite a bit different between the two. Most visibly the mount code is in kernel in mine (I have no mount helper yet as smbfs does - I was planning on adding some tcp name to ip address resolution code in the Samba utility net though so it could do a net use more gracefully). I noticed that smbfs is getting some activity - e.g. I saw that Unicode patches were added to smbfs so that is no longer a difference between the two.Another difference is that I have hardlink support - to be precise I added native Windows hardlink support in the cifs vfs and 1/2 implemented symbolic links (via windows style reparse points - the reparse points are detected but the follow link is not working).I don't implement the Unix extensions yet but will - I had focused on finding Windows equivalents for the Unix extensions which is harder than it sounds but important since Windows does not implement the Unix extensions. A few other differneces - the cifs vfs uses native ip addresses and either 445 or the RFC1001 port rather than netbios naming as smbfs's helper uses. smbfs is quite a bit more stable and has reasonable backlevel interoperability (which is not a goal of the cifs vfs). The cifs vfs is designed only for those compliant with the SNIA CIFS Technical Reference or later to simplify the testing and maximize the Linux-Samba and Linux-Windows2000/XP/.NetServer function.I had hoped that in some sense it could serve as a reference implementation for the SNIA specification. Over time function between the two will probably diverge quite a bit more.I wanted to be much more aggressive in adding function and in design risks in the cifs vfs (ie more aggressive than I guessed we would be able to do in the smbfs which people rely on today to be stable) e.g. in adding function such as access control and Kerberos integration. Steve French Senior Software Engineer Linux Technology Center - IBM Austin phone: 512-838-2294 email: [EMAIL PROTECTED]
Re: CIFS VFS posted
Steven French wrote: Good question - at some point I need to look at that. Clearly the structure is quite a bit different between the two. Most visibly the mount code is in kernel in mine (I have no mount helper yet as smbfs does - I was planning on adding some tcp name to ip address resolution code in the Samba utility net though so it could do a net use more gracefully). I noticed that smbfs is getting some activity - e.g. I saw that Unicode patches were added to smbfs so that is no longer a difference between the two.Another difference is that I have hardlink support - to be precise I added native Windows hardlink support in the cifs vfs and 1/2 implemented symbolic links (via windows style reparse points - the reparse points are detected but the follow link is not working).I don't implement the Unix extensions yet but will - I had focused on finding Windows equivalents for the Unix extensions which is harder than it sounds but important since Windows does not implement the Unix extensions. A few other differneces - the cifs vfs uses native ip addresses and either 445 or the RFC1001 port rather than netbios naming as smbfs's helper uses. smbfs is port-agnostic. smbmount just uses normal samba code for the tree connect, and as such already has support for both 139 and 445 semantics. smbfs is quite a bit more stable and has reasonable backlevel interoperability (which is not a goal of the cifs vfs). The cifs vfs is designed only for those compliant with the SNIA CIFS Technical Reference or later to simplify the testing and maximize the Linux-Samba and Linux-Windows2000/XP/.NetServer function.I had hoped that in some sense it could serve as a reference implementation for the SNIA specification. Over time function between the two will probably diverge quite a bit more.I wanted to be much more aggressive in adding function and in design risks in the cifs vfs (ie more aggressive than I guessed we would be able to do in the smbfs which people rely on today to be stable) e.g. in adding function such as access control and Kerberos integration. Apart from the 'sombody killed my conn' issue, the issue that prevents kerberos intergration in smbfs is NTSTATUS support - again, becouse it uses the samba mount-time helper. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: --with-vfs and ACLs problem
On Thu, 20 Jun 2002, Nir L wrote: The problem is, that my Client Workstations are displaying correct account names when looking for ACL's of files of all the NT servers in the DOMAIN. The Client has no problem with that. It has problem when trying to translate SID's of the DOMAIN that were created by Samba. So - My guess is that after all the problem is with the samba creating the SID's and not with the clients or the PDC. Maybe something on the ACL that is returned makes the client NOT requesting for more info from the PDC. But - I don't know what it is... Are you working in a domain trusts environment? Prior to 2.2.4, I think, Samba was doing silly things when constructing the token for a user just logging on. It was using its own DOMAIN SID and the RID from the incoming token, rather than the DOMAIN SID of the domain they authenticated in. This could create some silly problems. The other thing that might be happening, depending on your code, is that the user's local SID might be used, and if you are not using winbindd, this might not be being handled properly. What do the SIDs look like? Can you relate them to the machine SID for Samba or the DOMAIN SID for your domain? Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Re: root smbd process ?
On Thu, Jun 20, 2002 at 05:55:30PM +0200, Alain Defrance wrote: i wonder why i 've some process run by root and some by my users ? like this : 0001177 12078 218 2 17:46:33 ?0:11 -d2 smbd root 1373 218 0 13:53:20 ?0:49 -d2 smbd root 6301 218 0 15:41:37 ?0:47 -d2 smbd 0001242 5551 218 3 15:20:00 ?6:30 -d2 smbd 0001164 12524 218 1 17:50:10 ?0:00 -d2 smbd root 10719 218 0 17:13:55 ?0:57 -d2 smbd 0001343 9011 218 3 16:35:10 ?3:33 -d2 smbd 0001707 10574 218 0 17:01:34 ?0:05 -d2 smbd root 5622 218 0 15:28:19 ?2:19 -d2 smbd Samba is only used for sharing home directory from windows OS if somebody has an explanation he will'be welcome ! After a certain amount of idle time (30 seconds maybe?) a smbd running as a unix user will drop back to root. If some activity happens on that connection it will switch back to the unix user. I'm not sure why - apparently it's a performance related thing. Tim.
Re: CIFS VFS posted
On Thu, 20 Jun 2002, Steven French wrote: Good question - at some point I need to look at that. Clearly the structure is quite a bit different between the two. Most visibly the mount ... specification. Over time function between the two will probably diverge quite a bit more.I wanted to be much more aggressive in adding function and in design risks in the cifs vfs (ie more aggressive than I guessed we would be able to do in the smbfs which people rely on today to be stable) e.g. in adding function such as access control and Kerberos integration. smbfs does the ActiveDirectory kerberos thing already, even if I haven't let the patches out yet because of some silly mapping bug. It needs 32 bit error codes and a flag in smbmount (and possibly a connection to the kerberos tools/libs to refresh tickets for long-time mounts). I saw the mention of a future userspace helper, if you do that why not reuse samba code for other (non-performance critical) things such as connecting? smbmount is backwards, it should be mount that mounts smbfs and then smbfs calls back to smbmount (smbconnect). I have some rough patches for that too. Using net use to mount seems like a really bad idea to me, but maybe that was just for getting connections? smbfs used to have the connect code inside the kernel. I think someone was tired of copying work from samba and fitting it into the kernel when the current smbmount was done. That is a difference, but I'm not sure why it's an improvement over smbconnect. To me the structure of the code isn't all that different. Although there are some differences in what is supported, I find that to be more on the level of where work has been done than some fundamental design difference. Some examples: If you look at the current in-kernel smbfs code it is totally single threaded within one mountpoint (I think that dates back to when the kernel itself was single threaded), and that alone makes it a lot different. But if you have taken a look at the current work in progress you would see something that resembles the demultiplex_thread. The smbfs variant is called smbiod and is responsible for all network IO including oplock breaks, which is why it exists in the first place. This also brings alloc_request, which is similar to the allocations smb_init() does, and smb_rput which matches the buf_release() calls. That makes the locking requirement similar, and we have the ability to do multiple parallel smb requests. smbfs supports mmap and does all I/O through the page cache. This limits reads and writes to the page size (typ. 4k) but the readpage code allows it to plug into the kernel's readahead code (with an async version that's not been written yet). Readahead will allow merging requests into larger chunks. Unless I'm missing something cifs vfs does not support mmap or any caching, and does read/writes directly to the userspace buffer. But to support mmap you need to implement readpage and friends, which I believe will limit read/write to work on page size blocks. DFS support isn't available in smbfs. Although I haven't checked all the details of the cifs vfs support it seems to use one mount for each referral which is how I have thought about doing it in smbfs too. (Is dfs working in this version of cifs vfs?) cifs vfs stores fileid in the file struct, making each local open do one open on the server. smbfs stores the fileid in the inode and does one open to serve all it's local clients, instead counting the open/release calls. I believe this is also an old design decision in smbfs, but it's certainly not unreasonable to change and it is under consideration esp for the fcntl locking support. Having the server only see one file open may help when trying to make smbfs behave like some programs expect when more than one program accesses the same file locally and possibly with caching. It seems to complicate things in other cases such as when you do fcntl locks. ACLs, multi-user mounts, signing, quotas are all more or less unknowns to me so I can't comment on what those would require of smbfs. Maybe there are reasons why those would be a lot harder to support in smbfs than from the current cifs vfs base. In the 2.5 kernels you can temporarily break anything you want :), so disrupting current users aren't that much of a problem. The only cost of breaking things is all the questions it generates. /Urban
Re: Large file size issues with Samba client.
On Thu, 20 Jun 2002, Steven French wrote: FYI - The CIFS VFS handles large files and has been tested with RedHat 7.3 version of the kernel. It was a pain to test due to the lack of sparse file support on the Linux side (I had not seen an equivalent to the sparse flag on the Linux side - but it sure helps on the Windows side in creating test files). What lack of sparse file support? $ dd if=/dev/zero of=aa bs=512 count=1 seek=1024 1+0 records in 1+0 records out $ d aa -rw-rw-r--1 puw puw524800 Jun 21 03:26 aa $ du -h aa 8.0kaa There is no flag because it is always supported (given filesystem backing, and all unix-like filesystems support it). Just truncate it to the size you want it to be. /Urban
Re: CIFS VFS posted
Urban Widmark wrote: On Thu, 20 Jun 2002, Steven French wrote: Good question - at some point I need to look at that. Clearly the structure is quite a bit different between the two. Most visibly the mount ... specification. Over time function between the two will probably diverge quite a bit more.I wanted to be much more aggressive in adding function and in design risks in the cifs vfs (ie more aggressive than I guessed we would be able to do in the smbfs which people rely on today to be stable) e.g. in adding function such as access control and Kerberos integration. smbfs does the ActiveDirectory kerberos thing already, even if I haven't let the patches out yet because of some silly mapping bug. It needs 32 bit error codes and a flag in smbmount (and possibly a connection to the kerberos tools/libs to refresh tickets for long-time mounts). Silly mapping bug? NTSTATUS - dos stuff? As to smbmount, would you like the 'negotiate' patches put into Samba HEAD? I'm *very* interested in the kerberos stuff, particularly with Samba unix extenstions. I saw the mention of a future userspace helper, if you do that why not reuse samba code for other (non-performance critical) things such as connecting? Possibly becouse Samba client code is *ugly* :-). smbmount is backwards, it should be mount that mounts smbfs and then smbfs calls back to smbmount (smbconnect). I have some rough patches for that too. Using net use to mount seems like a really bad idea to me, but maybe that was just for getting connections? The idea there is just like smbmount - the syntax comes from a desire to be a bit like NT, and an attempt to get just one client utility - instead of a small gaggle of little, undocumented utilities. In the 2.5 kernels you can temporarily break anything you want :), so disrupting current users aren't that much of a problem. The only cost of breaking things is all the questions it generates. I look forward to lots of breakage/deveopment in both implementations - its good to see there is still some life it this area :-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: Rant re mutation [Was libsmbclient functionality addition]
David Collier-Brown wrote: Richard Sharpe wrote: The problem I have here is that we do not seem to have asked our user base what they want. I can appreciate the need for changes, as I need them myself, but maintaining backward compatibility may be something that is important, given that libsmbclient is being shipped with a number of Linux distros now. [Time for my standard Multics rant again, suitably bowdlerized...] I recommend shipping a filter library implementing the existing libsmbclient calls without the handles, but implemented in terms of calls to the new ones, with a hidden handle. Call this libsmbclient.so.1, and the one with the new calls libsmbclient.so.2 Ensure both are built and installed by default, and warn people that .so.1 will be dropped from maintenance after .2 stabilizes. Anyone needing backwards compatibility will get it, but will also get to accept the cost of maintaining the filter library themselves. We don't have it split into different library versions yet, but this is indeed what the design called for, and what (it appears) has been implemented. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: PATCH: context based libsmbclient
Tom Jansen wrote: Attached now :-) OK, I hope to look at it today ... Thanks ... Be sure to grab the latest version because I added a few fixes: o Makefile quirk (stupid me) o libsmbclient.h fixup so programs including libsmbclient.h can compile http://niihau.student.utwente.nl/~sketch/libsmbc2-1.diff I only gave it a quick glance, but it looks good to me. I'll try to give it a bit more review, perhaps when I've out of exams. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
