RE: Users able to execute windows .exe though execute bit not set
You should note that the ACL system and the Unix permission bits are two different things. What you are actually talking about is the translation between the two. If the ACL system has Execute permission set for the user, then that user should be able to execute the program on the client. That determination is made on the client end. If the Unix execute bit is set, then a Unix user should be able to run that executable on the Unix host. My personal opinion is that there is no meaningful translation between the two, unless we are talking about Perl scripts, or something else which runs on both systems. If there is an ACL system as part of the server, I don't see any need to bother with the Unix execute bits, for Windows-only executables. The problem is compounded by the possibility that those bits have been used within Samba to store other functionality such as the DOS System or Hidden bits. Jeremy Allison is the one who can state this case better than I can. He gave a presentation at the CIFS conference in Bellevue, in August 2001 on this very subject. He should make the final determination on this. -Original Message- From: Ronan Waide [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 11:23 AM To: Richard Sharpe Cc: [EMAIL PROTECTED]; Nick Drouet Subject: Re: Users able to execute windows .exe though execute bit not set On April 1, [EMAIL PROTECTED] said: Hmmm, I did some testing a week or so ago, and found that removing the execute permission from ACLs on the file (esp inherited ones) prevents Win2K from executing the file, although it does open the file for read first. Yep, turns out I opened my mouth without being completely sure of what I was saying :) Since we have just added proper eXecute permission support to our (almost) NT ACLs in the file system, let me check this today to see what the deal is. jmcd says it should work. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. for god's sake, give me some credit. i may be an egocentric jerk, but i'm not a COMPLETE asshole. - Meredith
RE: Users able to execute windows .exe though execute bit not set
What is Windows is using to determine that it needs to do the executability test? There is no executable bit in Windows. There is the ACL entry, but nothing at the DOS level. That is, unless they are testing the file extension. What Windows would need is a marker that enables a file for execution, and a network request from the client which notifies the server that the file is being read for execution. Windows could compare the two, and deny the read if the file is not enabled. In any case, it has to trust the client not to read the file for non-execution, and then execute it. Since Windows is also the client, such a trustworthiness can be relied upon. I would not be surprised to learn that Samba does not do the executable test on files being read, since there is no reasonable place to store a Windows execution flag. (Perhaps this can be added as an extended attribute setting.) If Windows is testing the file extension instead, then Samba should be extended to do the same thing. -Original Message- From: Jim McDonough [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 12:03 PM To: John H Terpstra Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Nick Drouet Subject: Re: Users able to execute windows .exe though execute bit not set Perhaps you can explain how you would achieve your goals if the server was running Windows 2000 Server. If you can demonstrate a pure Windows solution maybe we could match that with Samba. John, I've checked it out and this is a real difference between Samba and NT or 2k. NT/2k both check the X permission, and we don't, because we rely on open(), and you can't request X access on open()... Jim McDonough IBM Linux Technology Center Samba Team 6 Minuteman Drive Scarborough, ME 04074 USA [EMAIL PROTECTED] [EMAIL PROTECTED] Phone: (207) 885-5565 IBM tie-line: 776-9984
RE: Users able to execute windows .exe though execute bit not set
Perhaps you're thinking of the setuid/setgid/sticky bits. This is why I referred the question to Jeremy Allison. He (literally) wrote the book on this. I'd quote from his CIFS presentation, but I can't find it online, and I don't have my copy with me. There should also be some consideration of the security implications. If someone can use a Windows mount to push a file onto a Unix server, and get it's execute and setuid bits set, they could run the program as the Unix user who writes files on the share. It may not be much of a hole, but it is one. This is why I think there should be no mapping between Windows and Unix, and only an ACL which controls execute permission for Windows. The functionality would be there for both systems, but neither could easily affect the other. -Original Message- From: David Brodbeck [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 3:48 PM To: 'Jim McDonough'; Esh, Andrew Cc: John H Terpstra; [EMAIL PROTECTED]; Nick Drouet; [EMAIL PROTECTED] Subject: RE: Users able to execute windows .exe though execute bit not set -Original Message- From: Jim McDonough [mailto:[EMAIL PROTECTED] The unix x bit is a perfectly reasonable place to store this, and unix has the same problems windows does...if you can read it, you can copy it and change the bits in your own copy. Isn't the UNIX x bit already taken? I thought it was being used to map one of the other DOS mode bits.
RE: Compile error in server.c
Maybe use the -A option to cvs update, to clear any sticky tags that might
be applied to your files. Such tags would prevent the latest code from being
downloaded.
-Original Message-
From: James Willard [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 25, 2003 3:52 PM
To: 'Jelmer Vernooij'
Cc: [EMAIL PROTECTED]
Subject: RE: Compile error in server.c
I promise you, I did everything that I said I did, including running
make clean, make distclean, cvs update -d -P, autoconf, and ./configure.
Is there something you would like for me to look at? My include/config.h
does not have that #define, despite having rm'd include/config.h and
running ./configure again.
James
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Jelmer Vernooij
Sent: Tuesday, March 25, 2003 4:41 PM
To: James Willard
Cc: [EMAIL PROTECTED]
Subject: Re: Compile error in server.c
Importance: High
On Tue, Mar 25, 2003 at 04:29:01PM -0500, James Willard wrote about 'RE:
Compile error in server.c':
Yes I did that about an hour ago, but just to be absolutely sure I
went ahead and did the following again just about 2 minutes ago:
cvs update -d -P
cd source
make clean ./configure make
Then I received the error once again:
Compiling smbd/server.c
smbd/server.c: In function `main':
smbd/server.c:862: `static_init_rpc' undeclared (first use in this
function)
smbd/server.c:862: (Each undeclared identifier is reported only once
smbd/server.c:862: for each function it appears in.)
make: *** [smbd/server.o] Error 1
Are you really sure you've reran configure ? My include/config.h
contains:
/* Static init functions */
#define static_init_rpc { rpc_srv_init(); rpc_spoolss_init();}
Jelmer
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Jelmer Vernooij
Sent: Tuesday, March 25, 2003 4:23 PM
To: James Willard
Cc: [EMAIL PROTECTED]
Subject: Re: Compile error in server.c
Importance: High
On Tue, Mar 25, 2003 at 04:19:12PM -0500, James Willard wrote about
'RE: Compile error in server.c':
Well, that's what I was saying I did. I first did just a 'make
clean'
and rebuilt, but then I went further and did a 'make distclean',
followed by 'autoconf', './configure', and 'make'. Both ways result
in
the compile error.
Have you tried that again lately after doing a 'cvs update -dP .' ?
It really should work now...
Jelmer
-Original Message-
From: Jelmer Vernooij [mailto:[EMAIL PROTECTED] On Behalf
Of
Jelmer Vernooij
Sent: Tuesday, March 25, 2003 4:15 PM
To: James Willard
Cc: [EMAIL PROTECTED]
Subject: Re: Compile error in server.c
Importance: High
On Tue, Mar 25, 2003 at 04:12:04PM -0500, James Willard wrote about
'Compile error in server.c':
I'm getting an error when trying to compile the HEAD branch of
Samba.
I've been following it in CVS since, well, since it was created.
The
problem suddenly appeared about a week or two ago and I've been
updating daily ever since to see if it would go away. Despite a
'make
distclean', removing config.h, and rebuilding, the error still
exists:
Compiling smbd/server.c
smbd/server.c: In function `main':
smbd/server.c:862: `static_init_rpc' undeclared (first use in this
function)
smbd/server.c:862: (Each undeclared identifier is reported only
once
smbd/server.c:862: for each function it appears in.)
make: *** [smbd/server.o] Error 1
make clean ./configure make should fix this.
Jelmer
--
Jelmer Vernooij [EMAIL PROTECTED] - http://nl.linux.org/~jelmer/
22:13:59 up 8 days, 4:28, 24 users, load average: 0.14, 0.29, 0.25
--
Jelmer Vernooij
[EMAIL PROTECTED]
~/.plan:
poptify smbmount and others
smb_register_vfs()
--
Jelmer Vernooij [EMAIL PROTECTED]
~/.plan:
poptify smbmount and others
smb_register_vfs()
RE: Extended Attributes and Hidden, System, Archive attrs?
I did this in a May 17th cut of in 2.2.x, which was right around the 2.2.4
release. I didn't submit a patch, because I didn't think there were that
many people using a file system that has extended attributes.
NOTE: Need to define lp_store_dos_mode config option and pick a name for
DOSMODE_ATTR_NAME for this code to work.
This is how I did it in 2.2:
sambma/source/smbd/dosmode.c:
/***
*
change a unix mode to a dos mode
/
int dos_mode(connection_struct *conn,char *path,SMB_STRUCT_STAT *sbuf)
{
int result = 0;
DEBUG(8,(dos_mode: %s\n, path));
+ /* Load dos mode from EAs if enabled */
+ if (lp_store_dos_mode()) {
+
+ int size = sizeof(result);
+ if (conn-vfs_ops.get_ea(conn, path, DOSMODE_ATTR_NAME,
(char*)result, size) == -1) {
+
+ if (S_ISDIR(sbuf-st_mode)) {
+ result = FILE_ATTRIBUTE_DIRECTORY;
+ }
+ else {
+ result = FILE_ATTRIBUTE_ARCHIVE;
+ }
+ }
+ }
+
+ /* Otherwise perform the usual mapping */
+ else {
...
/***
chmod a file - but preserve some bits
/
int file_chmod(connection_struct *conn,char *fname,int
dosmode,SMB_STRUCT_STAT *st)
{
SMB_STRUCT_STAT st1;
int mask=0;
mode_t tmp;
mode_t unixmode;
int ret = -1;
if (!st) {
st = st1;
if (vfs_stat(conn,fname,st))
return(-1);
}
if (S_ISDIR(st-st_mode))
dosmode |= aDIR;
else
dosmode = ~aDIR;
+ /* Store dos mode in EAs if enabled */
+ if (lp_store_dos_mode()) {
+ return conn-vfs_ops.set_ea(conn, fname, DOSMODE_ATTR_NAME,
(char*)dosmode, sizeof(dosmode));
+ }
if (dos_mode(conn,fname,st) == dosmode)
return(0);
unixmode = unix_mode(conn,dosmode,fname);
/* preserve the s bits */
mask |= (S_ISUID | S_ISGID);
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, March 21, 2003 10:33 AM
To: Olaf Fr±czyk
Cc: [EMAIL PROTECTED]
Subject: Re: Extended Attributes and Hidden, System, Archive attrs?
On Fri, Mar 21, 2003 at 09:44:26AM +0100, Olaf Fr±czyk wrote:
Hi,
I remember some time ago several people were discussing about putting
the Hidden, System, Archive, Read-Only bits in EAs.
Has it been done in 3.0?
Will it be in 2.2.x serie?
Not done for 2.2., I'm thinking about it for 3.0.
Jeremy.
RE: Annoying Minor Bug In Winbind 2.2.x
It's probably a line count thing. The head of the patch contains a certain
range of lines that the patch should apply to. If you truncated the patch at
the bottom, the header could be telling patch it needs to add, for example,
30 lines, while the patch text only contains 28.
Go back to the email and copy/paste lines from the email into your patch
file at the bottom, down to but not including the two dashes above Martin's
signature, and see if that helps. That line of stars is part of the patch,
and maybe a few blank lines below it. Make the part of the patch at the
bottom, below the lines with the plus signs, match what is already in the
target file.
-Original Message-
From: Boyce, Nick [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 18, 2003 2:58 PM
To: [EMAIL PROTECTED]
Cc: 'Martin Pool'
Subject: RE: Annoying Minor Bug In Winbind 2.2.x
On 18 Feb 2003, Martin Pool wrote :
Jeremy already committed my patch to SAMBA_2_2 CVS.
Here's the patch.
Index: util_sock.c
===
RCS file: /data/cvs/samba/source/lib/util_sock.c,v
retrieving revision 1.16.4.36
retrieving revision 1.16.4.37
diff -u -u -p -r1.16.4.36 -r1.16.4.37
[snip]
I'm sorry - I'm probably doing something dumb, but I still
get failures even
with this patch - first, if I save the patch as it appeared
in my Outlook
window, then line 25 consists of a single left brace char,
which results in
:
MYBOX:/usr/local/src/samba-2.2.7a/source/lib# patch util_sock.c
patch-util_sock-20030218
patching file util_sock.c
patch: malformed patch at line 25: {
So assuming line-wrap did something Bad to that line, I
edited the patch
file to stick that line onto the end of line 24, resulting in :
MYBOX:/usr/local/src/samba-2.2.7a/source/lib# patch util_sock.c
patch-util_sock-20030218
patching file util_sock.c
Hunk #1 FAILED at 1021.
1 out of 1 hunk FAILED -- saving rejects to file util_sock.c.rej
and I don't know enough about what I'm looking at to figure it out.
In general the best thing to do now is leave the main diff
alone, and
only work on the rejected parts in the .rej file.
Basically you need
to work out why patch thinks the 2.2 source file doesn't
look like the
before version of the rejected patch.
OK - hang on ... right, it seems the real original 2.2.7a
util_sock.c really
*does* have the { on line 25 all by itself - but since that gave me
malformed patch, I assume the patch needs a rediff ???
Here goes :
MYBOX:/usr/local/src/samba-2.2.7a/source/lib# rediff
patch-util_sock-20030218.orig patch-util_sock-20030218
Index: util_sock.c
===
RCS file: /data/cvs/samba/source/lib/util_sock.c,v
retrieving revision 1.16.4.36
retrieving revision 1.16.4.37
diff -u -u -p -r1.16.4.36 -r1.16.4.37
rediff: Not supported: -{
OK - I give up for now ... hlp :(
[sorry .. for all this trouble over such a minor thing]
Nick Boyce
EDS Southwest Solution Centre, Bristol, UK
-Original Message-
From: 'Martin Pool' [mailto:[EMAIL PROTECTED]]
Sent: 17 February 2003 23:08
To: Boyce, Nick
Cc: [EMAIL PROTECTED]
Subject: Re: Annoying Minor Bug In Winbind 2.2.x
Oh, Jeremy already committed my patch to SAMBA_2_2 CVS. Here's the
patch.
Index: util_sock.c
===
RCS file: /data/cvs/samba/source/lib/util_sock.c,v
retrieving revision 1.16.4.36
retrieving revision 1.16.4.37
diff -u -u -p -r1.16.4.36 -r1.16.4.37
--- util_sock.c 26 Aug 2002 20:07:13 - 1.16.4.36
+++ util_sock.c 7 Feb 2003 22:04:37 - 1.16.4.37
@@ -1021,102 +1021,97 @@ char *get_socket_addr(int fd)
/***
Create protected unix domain socket.
- some unixen cannot set permissions on a ux-dom-sock, so we
+ Some unixes cannot set permissions on a ux-dom-sock, so we
have to make sure that the directory contains the protection
- permissions, instead.
+ permissions instead.
**/
+
int create_pipe_sock(const char *socket_dir,
- const char *socket_name,
- mode_t dir_perms)
+ const char *socket_name,
+ mode_t dir_perms)
{
-struct sockaddr_un sunaddr;
-struct stat st;
-int sock;
-mode_t old_umask;
-pstring path;
-
-/* Create the socket directory or reuse the existing one */
-
-if (lstat(socket_dir, st) == -1) {
-
-if (errno == ENOENT) {
-
-/* Create directory */
-
-
RE: Winbindd limited by select
Better yet: Have winbindd fork the same way smbd does, on a per-client basis. Someone should probably figure out what quality of the example network caused winbindd to consume so many sockets. Are there really that many requests being queued up at once? Shifting to a forking model would simply consume the same number and more processes. They are limited too. We also need to be sure all the requests are making progress. If one gets hung, the client program would probably repeat the request, expending another instance of everything. Are there really 2048 users actively trying to make winbindd requests at the same time? Perhaps this is the result of a very network-common failed NIS request, which falls through the passwd list in /etc/nsswitch.conf, and winds up asking winbindd about the same non-existent user. What is the content of the requests, and is there some way to fix the system so the users don't cause them to be issued at such a high rate? Should they even be forwarded to winbindd at all? Maybe winbindd is piling up requests as it searches for a domain controller at the head of its password server list which is no longer working, or is no longer in DNS. Reorder that list, and winbindd might begin to process requests fast enough to stay ahead of the influx rate. -Original Message- From: Martin Pool [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 12, 2003 5:56 PM To: Michael Steffens Cc: Ken Cross; 'Multiple recipients of list SAMBA-TECHNICAL' Subject: Re: Winbindd limited by select On 12 Feb 2003, Michael Steffens [EMAIL PROTECTED] wrote: It's 60 by default after installation, but is tunable (with reboot). Maybe hp should sell per-fd licences :-/ The solution (and this should also work on other platforms) was to have winbindd housekeep its client connections by shutting down idle connections, and have clients reconnect when required: http://lists.samba.org/pipermail/samba-technical/2003-February /042210.html The threshold was chosen to be 100 active connections, which keeps winbindd well below 300 FDs. Below 140, actually, including network sockets and open database and log files. I wonder how well it would work to have one winbindd process per n clients, in addition to shutting down idle clients... -- Martin
RE: Winbind on HPUX 11, some small progress
I thought I was told early on in this discussion that HP-UX doesn't like certain keywords in nsswitch.conf, and winbind is one of them. That being the case, isn't libnss_winbind.1 useless? Can another nsswitch keyword be faked into pointing at winbind? Maybe libnss_ldap.1 - libnss_winbind.so, and a passwd: ldap files ... in nsswitch.conf. Also, a truss (or strace) on getent might show or fail to show libnss_winbind.1 being loaded and called. What else is known about winbind? The nss library is just a translation shim that calls winbindd through a named pipe. Is the pipe file there while winbindd is up and running? Does fuser show that winbindd has /tmp/.winbindd/pipe open? How about netstat -ax | grep winbindd? Does wbinfo work? It uses the same communication. -Original Message- From: Miles Roper [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 06, 2003 3:07 PM To: 'MCCALL,DON (HP-USA,ex1)'; [EMAIL PROTECTED]; [EMAIL PROTECTED]; GILCHRIST,KIM (HP-NewZealand,ex1) Subject: RE: Winbind on HPUX 11, some small progress Hi Don, lrwxrwxrwx 1 root sys 17 Feb 7 09:59 libnss_winbind.1 - li bnss_winbind.so -r-xr-xr-x 1 binbin 28672 Jan 24 15:23 libnss_winbind.so Same problem, I was all excited there for a moment :o) Cheers Miles -Original Message- From: MCCALL,DON (HP-USA,ex1) [mailto:[EMAIL PROTECTED]] Sent: Friday, 7 February 2003 09:50 a.m. To: 'Miles Roper'; MCCALL,DON (HP-USA,ex1); [EMAIL PROTECTED]; '[EMAIL PROTECTED]'; 'Esh, Andrew'; 'Ronan Waide'; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard Sharpe'; 'John H Terpstra'; GILCHRIST,KIM (HP-NewZealand,ex1) Subject: RE: Winbind on HPUX 11, some small progress Hi Miles, reading further; change you link to the following: lrwxr-xr-x 1 root sys 46 Aug 27 11:16 /usr/lib/libnss_winbin d.1 - libnss_winbind.so We (HP-UX) don't know from .so files... So winbind in nsswitch.conf entries is going to trigger looking for a libnss_winbind.1 NOT a libnss_winbind.so.1 See if that doesn't help, Don -Original Message- From: Miles Roper [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 06, 2003 15:41 To: 'MCCALL,DON (HP-USA,ex1)'; [EMAIL PROTECTED]; '[EMAIL PROTECTED]'; 'Esh, Andrew'; 'Ronan Waide'; [EMAIL PROTECTED]; 'Richard Sharpe'; 'John H Terpstra'; GILCHRIST,KIM (HP-NewZealand,ex1) Subject: RE: Winbind on HPUX 11, some small progress had the same problem, I thought compiling it from scratch may fix it, although I've only just recently worked out how to get the extra debugging from pam, but symptoms were exactly the same. has taken me a long time to work out how to compile it on hpux with gcc, had to change a include file and the configure script, i've included it for you interest :o) in configure find if test $ac_cv_prog_cc_Ae = yes; then BLDSHARED=true SHLD=/usr/bin/ld LDSHFLAGS=-B symbolic -b -z PICFLAG=+z fi change to #if test $ac_cv_prog_cc_Ae = yes; then BLDSHARED=true SHLD=/usr/bin/ld LDSHFLAGS=-B symbolic -b -z # PICFLAG=+z #fi find /usr/local/lib/gcc-lib/hppa2.0n-hp-hpux11.00/3.1/include/stdio.h BEFORE extern int snprintf(char *, _hpux_size_t, char *,...); AFTER extern int snprintf(char *, _hpux_size_t, const char *,...); ps, that was quick :o) -Original Message- From: MCCALL,DON (HP-USA,ex1) [mailto:[EMAIL PROTECTED]] Sent: Friday, 7 February 2003 09:36 a.m. To: 'Miles Roper'; MCCALL,DON (HP-USA,ex1); [EMAIL PROTECTED]; '[EMAIL PROTECTED]'; 'Esh, Andrew'; 'Ronan Waide'; STEFFENS,MICHAEL (HP-Germany,ex1); 'Richard Sharpe'; 'John H Terpstra'; GILCHRIST,KIM (HP-NewZealand,ex1) Subject: RE: Winbind on HPUX 11, some small progress Hi Miles, any reason you are compiling it yourself, instead of pulling the depot from the samba ftp site? That is what I am using successfully. Don -Original Message- From: Miles Roper [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 06, 2003 15:31 To: 'MCCALL,DON (HP-USA,ex1)'; [EMAIL PROTECTED]; '[EMAIL PROTECTED]'; 'Esh, Andrew'; 'Ronan Waide'; [EMAIL PROTECTED]; 'Richard Sharpe'; 'John H Terpstra'; GILCHRIST,KIM (HP-NewZealand,ex1) Subject: RE: Winbind on HPUX 11, some small progress Hi Don, Michael Steffens a while back sent me a compiled version of getent which I couldn't get to work. I compiled your version and it doesn't seem to produce any result either, seems to return immeditaly without doing anything. ie coastdr: /mnt/1/samba/test ./getent passwd WESTCOASTDHB+mroper
RE: A Union of two directories
Nice description Simo. It caused me to think. I can see two cases for the use of such a union. The first is where the user wants to make a foreground overlay which they can edit, where files are made read-write by copying from the background to the foreground. This appears the same as a normal file system until the background share is unmounted. Then, the skeleton of the tree and the user's edited files are all that remains. Unless such a system is used under the control of a tool such as ClearCase, I don't see what utility it would have in the general market. (Consider the merges, or the fact that the changes would always be separate. Neither case is both common and simple.) Perhaps there are software engineering applications. It would take a software engineer to operate it. ;) The second case is where Simo's option background write_over is turned off. This effectively puts the background in the foreground, and prevents writing. The user's read-write underlay then occupies any file namespace not covered by the read-only overlay. This would be useful for system directories such as network storage areas that contain organization-wide applications. It would be mounted on the user's Program Files folder, for example. Mounting their personal applications folder in the same place would cause their own applications to appear to be installed side-by-side with the shared ones. Any conflict would cause the read-only system version of the file to show through. Writing a file into the combined folders would only be allowed if the file doesn't already exist, or if it only exists in the personal folder. This configuration would appeal to system administrators, who want to make sure the users have access to centrally maintained applications, without giving the users the ability to alter the applications. Opposite to the above, the user may want to be able to overlay their personal folder on the shared one. Going back to the Program Files example, this would allow one user to install an updated version of an application over an older version of the same application in the shared folder. This configuration would be useful in supporting a super-user who takes responsibility for maintaining their own applications, who wants to take advantage of the default installations. Given my assumption that dir1 and dir2 (dir3? dir4?) are keywords which can be used to determine the background-to-foreground order of the overlay, and the inclusion of the read-only read-write controls which are already available, the latter two configurations can be accomplished. Perhaps a better way would be to introduce a meta-share, which names a number of other shares, the order in which they should be overlaid, and their write status. Other normal share keywords controlling user access could also be applied. Here is an example of the second configuration described above: [accounting_apps] path=/storage/shared public = yes writable = no guest ok = yes [john_doe_personal_apps] path=/storage/home/john_doe/apps public = no writable = yes guest ok = no valid users = @CENTRAL+John Doe write list = @CENTRAL+John Doe [john_doe_apps] meta share = accounting_apps, john_doe_personal_apps write control = no, yes public = no valid users = @CENTRAL+John Doe write list = @CENTRAL+John Doe Note that shares named to the left in the meta share keyword are in the foreground. The write control keyword arguments refer by order to the shares named in the meta share keyword. By changing the order of the meta share and the write control arguments, this configuration becomes the super-user example. In my opinion, this would be useful. As was said earlier, this all belongs in a VFS layer. -Original Message- From: Simo Sorce [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 04, 2003 4:38 AM To: David Lee Cc: Stefan (metze) Metzmacher; '[EMAIL PROTECTED]' Subject: Re: A Union of two directories On Tue, 2003-02-04 at 11:03, David Lee wrote: On Tue, 4 Feb 2003, Stefan (metze) Metzmacher wrote: It would be fine to have config options for match witch files should be taken from with directory. something like this: dir1 path = /home/samba dir1 mode = readonly dir1 files = *.c,*.h,configure,Makefile dir1 exclude files = *.o dir2 path = /home/%m/samba dir2 mode = write dir2 files = *.o dir2 exclude files = *.c,*.h and something simular for directories I think the easiest thing is to have a background common read-only directory only few parameter needed: background path = /home/common background write_over = yes|no all the files present here will be seen as read-only by everyone. if you open the file read-write you may choose to either fail the open or copy over the file to the user directory and use that file instead. In this situation only files _not_
RE: A Union of two directories
For Arthur Barrett's purpose, it seems preferring the Read-Write user-specific directory over the common one would be best. If the user checks out a file and want to edit it, they should be able to. Until they check it back in, they should see the file which has their changes in their share. This is exactly what the mountable file system which is part of Rational Clearcase does. -Original Message- From: Pierre Belanger [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 9:15 AM To: Arthur Barrett Cc: '[EMAIL PROTECTED]' Subject: Re: A Union of two directories Arthur, If there is a collision (2 or more directories with the same name), what do you think would be the best thing to do? I understand the idea of merging 2 directories, I think I would use such a feature. I think the VFS module should actually support n directories. For the moment, can't you create a symbolic link? Pierre B. Arthur Barrett wrote: Hi All! I am new to Samba and this group and I have a question... My company wants to make a custom version of Samba which is capable of creating a share which is actually a union of two directories. ie: instead of the share \\samba\arthur being /home/arthur, we want the share \\samba\arthur to be the union of the two directories /home/common and /home/arthur Why? It's all to do with version control and limitations in other software. The idea is to create a reserved checkout in a single directory. ie: all the read only code is in /home/common and the checked out code is in /home/arthur, but the silly end product software wants all the files in 1 directory (\\samba\arthur). Oh woe is me! So my question is: which source code file is the one that actually opens files in the unix file system ? Additionally - is anyone else interested in the result ? Regards, Arthur Barrett
Ownership of CIFS?
The following article implies that Microsoft is selling licenses for CIFS, as if they control the ownership of that protocol: http://www.byteandswitch.com/document.asp?doc_id=27508 My understanding is that CIFS is an open protocol, and it is characterized as such by Microsoft on this page: http://www.microsoft.com/mind/1196/cifs.asp What do you folks think? Is this just a mix-up of terms? --- Andrew C. Eshmail:[EMAIL PROTECTED] Adaptec, Inc. 2905 Northwest Blvd., Suite 20763-557-9005 (main) Plymouth, MN 55441-2644 USA 763-551-6418 (direct)
RE: DOS mode bits missing from Folders
-Original Message- From: Jean Francois Micouleau [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 22, 2003 3:53 PM To: Pagani Jr, Ronald Cc: Gerald (Jerry) Carter; Esh, Andrew; '[EMAIL PROTECTED]' Subject: Re: DOS mode bits missing from Folders On Wed, 22 Jan 2003, Pagani Jr, Ronald wrote: Why not store DOS bit modes in an accompanying dot file? (The DOS modes then read by smbd if it (the dot file) exists) this idea has already been bitten to death. When you backup files, you have to backup the dot file. Renaming is more complex. What does happen if you delete the file from the unix side and create a new file with the same name ? A more elegant solution is to use EA. J.F. The reason it's better to use Extended Attributes (EAs) is that they are moved with the file whenever it is copied or backed up. Of course the file system and all the file tools have support this.
FW: [Ethereal-dev] New Features: SMB RTT statistics and TopTalkers
New feature added to Ethereal, available via their CVS. SMB Round Trip Time calculation. It will be in the next release after 0.9.9. (Screen shot attached. MUST SEE!) -Original Message- From: Ronnie Sahlberg [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 21, 2003 8:31 PM To: [EMAIL PROTECTED] Subject: [Ethereal-dev] New Features: SMB RTT statistics and TopTalkers Due to popular demand, I have checked in two new features: SMB RTT statistics similar to the ones already in ethereal for ONC-RPC Calculates Min/Max/Average response times for SMB packets with a breakout for Transaction2 and NT-Transaction subcommands Supported both for tethereal and ethereal try tethereal ... -z smb,rtt TopTalkers: IO-Users Calculates number of frames/bytes in each direction and total number of bytes/frames for all conversations and presents it as a list sorted by total number of frames. Supports Ethernet/IP/TokenRing Only implemented for tethereal right now. See manpage for tethereal or try tethereal ... -z io,users,ip ___ Ethereal-dev mailing list [EMAIL PROTECTED] http://www.ethereal.com/mailman/listinfo/ethereal-dev smbrtt.png Description: Binary data
RE: DOS mode bits missing from Folders
The e(X)exute bits are special on folders. For example, if you remove the archive (user 'x' bit) from a directory, you will not be able to change to that directory. The DOS mode bit stuff really needs a better solution. Yes, thanks. The problem is: The code change I am suggesting is in the interpretation of the bits after they have been read, and are about to be represented in a reply to Windows. Below the routine in question, there may be idiosyncrasies. There also may be a different storage method than utilizing the Unix mode bits. In my particular case, I've used a meta-info system that works like extended attributes. All the bits get read back fine, but this function strips off all but the Directory and the Read-Only bit. This is simply the wrong place to be handling implementation issues. If there is a need to strip bits, it should be pushed closer to the file system, so it can be avoided by VFS modules which reference a file system that doesn't have bit storage problems. Change it or don't, it's your code. My code is fixed. --- Andrew C. Eshmail:[EMAIL PROTECTED] Adaptec, Inc. 2905 Northwest Blvd., Suite 20763-557-9005 (main) Plymouth, MN 55441-2644 USA 763-551-6418 (direct)
DOS mode bits missing from Folders
Title: DOS mode bits missing from Folders I have a question about the following piece of code in HEAD smbd/dosmode.c, at line 139: if (S_ISDIR(sbuf-st_mode)) result = aDIR | (result aRONLY); This causes the DOS mode HSA Hidden, System, and Archive bits to be stripped off if a folder is being processed. This makes it impossible to store these bits on a Samba server. Windows allows them to be stored for folders, except for the S System bit. Why are these bits being stripped off folders? Shouldn't it be: if (S_ISDIR(sbuf-st_mode)) result |= aDIR; When I made that change, folders began to retain DOS bits like the ones stored on Windows do. --- Andrew C. Esh mail:[EMAIL PROTECTED] Adaptec, Inc. 2905 Northwest Blvd., Suite 20 763-557-9005 (main) Plymouth, MN 55441-2644 USA 763-551-6418 (direct)
RE: Samba, nmblookup, wrong bcast address?
Title: RE: Samba, nmblookup, wrong bcast address? Your net mask is wrong. You state that it's set to 255.255.255.xxx, but the debug output shows 255.255.-225-.xxx. nmblookup is broadcasting to the wrong network. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 5:10 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Samba, nmblookup, wrong bcast address? Help, name_query failed to find name ??? These are my correct settings for the machine kingkong: $ ifconfig eth0 Link encap:Ethernet HWaddr --omitted-- inet addr:xxx.xx.52.19 Bcast:xxx.xx.52.127 Mask:255.255.255.xxx This is what I get with a nmblookup command. $nmblookup -B xxx.xx.52.127 -d5 kingkong Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] doing parameter workgroup = --omitted-- doing parameter interfaces = xxx.xx.52.19/255.255.225.xxx --omitted pm_process() returned Yes added interface ip=xxx.xx.52.19 bcast=xxx.xx.62.127 nmask=255.255.225.xxx --note the different bcast address, 62 instead of 52-- bind succeeded on port 0 socket option SO_KEEPALIVE = 0 socket option SO_REUSEADDR = 1 socket option SO_BROADCAST = 1 Could not test socket option TCP_NODELAY. socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 65535 socket option SO_RCVBUF = 65535 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 Socket opened. querying kingkong on xxx.xx.52.127 Sending a packet of len 50 to (xxx.xx.52.127) on port 137 Sending a packet of len 50 to (xxx.xx.52.127) on port 137 Sending a packet of len 50 to (xxx.xx.52.127) on port 137 name_query failed to find name kingkong
RE: ntfs issue
Title: RE: ntfs issue Note that he didn't say he was mounting the NTFS disk remotely. He could be dual booting this host, and he may need to use the disk in both environments. -Original Message- From: Steve Williams [mailto:[EMAIL PROTECTED]] Sent: Sunday, December 15, 2002 9:54 PM To: AndyChu Cc: [EMAIL PROTECTED] Subject: Re: ntfs issue Why in the hell are you doing that??? Why aren't you accessing the 80 G of mpeg files directly from the W2K system instead of going through your Linux system? What are you trying to accomplish? Doesn't make sense to me why you are doing it that way! Cheers, Steve AndyChu wrote: Thx for reply. May be I have to tell the story in detail. I have about 80G's MPEG file in the hard disk with format of NTFS without any security setting. Yesterday, I tried to mount the hard disk in redhat 8.0 (kernel Version 2.4.18-14) with download install the suitable ntfs service pack(from linux-ntfs.sourceforge.net). I mount it on the /tmp/win directory. It success. I can see it at linux side. And then I launch the samba server and make the /tmp directoy be shared with name tmp. I checked by using smbclient utility indise the linux platform to connect the samba server. The MPEG files can be seen inside tmp/win without problem. After that, I use a win2000 workstation to connect that shared 'tmp' on samba server. Those file inside the tmp directory can be seen(that is the linux file) but the MPEG files inside directoy tmp/win cannot be shown. That's what I would like to say. Thanks - Original Message - From: Esh, Andrew To: 'Steve Langasek' ; AndyChu Cc: [EMAIL PROTECTED] Sent: Friday, December 13, 2002 3:41 AM Subject: RE: ntfs issue (I assume you're asking about serving an NTFS partition via Samba, which is being hosted on a non-Windows OS which is capable of mounting NTFS partitions.) You'd have to depend on the quality of the NTFS support on the OS of the host which is running Samba. It may not support features like Extended Attributes, which would prevent ACL storage and the NT Security System from working. There may also be some filename length and case mangling rules that aren't the same. Depends on the OS, depends on the NTFS mount support. Other than that, simple unsecured file service should work. -Original Message- From: Steve Langasek [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 9:46 AM To: AndyChu Cc: [EMAIL PROTECTED] Subject: Re: ntfs issue On Thu, Dec 12, 2002 at 04:06:55PM +0800, AndyChu wrote: Does samba support share those files in a ntfs partition ? This is meaningless. Samba does not support NTFS partitions, because Samba does not interface with partitions. If you are asking whether Samba can *serve* shares from NTFS partitions, that's a question of whether the host OS supports the filesystem. If you are asking whether Samba (smbclient) can *access* shares on NTFS partitions, then yes -- though NTFS has little to do with it. -- Steve Langasek postmodern programmer
RE: ntfs issue
Title: RE: ntfs issue (I assume you're asking about serving an NTFS partition via Samba, which is being hosted on a non-Windows OS which is capable of mounting NTFS partitions.) You'd have to depend on the quality of the NTFS support on the OS of the host which is running Samba. It may not support features like Extended Attributes, which would prevent ACL storage and the NT Security System from working. There may also be some filename length and case mangling rules that aren't the same. Depends on the OS, depends on the NTFS mount support. Other than that, simple unsecured file service should work. -Original Message- From: Steve Langasek [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 12, 2002 9:46 AM To: AndyChu Cc: [EMAIL PROTECTED] Subject: Re: ntfs issue On Thu, Dec 12, 2002 at 04:06:55PM +0800, AndyChu wrote: Does samba support share those files in a ntfs partition ? This is meaningless. Samba does not support NTFS partitions, because Samba does not interface with partitions. If you are asking whether Samba can *serve* shares from NTFS partitions, that's a question of whether the host OS supports the filesystem. If you are asking whether Samba (smbclient) can *access* shares on NTFS partitions, then yes -- though NTFS has little to do with it. -- Steve Langasek postmodern programmer
MSLinux!?!?!?
Title: MSLinux!?!?!? Microsoft to offer Linux software? In a major strategy shift, Microsoft Corp. will introduce software based on the Linux open source operating system in 2004 ... (Copyrighted article, or I'd post it. Here's a link: ) http://www.cnn.com/2002/TECH/biztech/12/10/meta.linux.reut/index.html --- Andrew C. Esh mail:[EMAIL PROTECTED] Adaptec, Inc. 2905 Northwest Blvd., Suite 20 763-557-9005 (main) Plymouth, MN 55441-2644 USA 763-551-6418 (direct)
RE: Samba connecting to NT PDC
(Please take this to [EMAIL PROTECTED], it's not a development issue.) Try defining the IP address for "CAT" in your /etc/lmhosts file. Your WINS server may not be supplying good information. Also, try to ping CAT at its IP address. It doesn't appear to be reachable from where the Samba server is. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Sent: Tuesday, December 10, 2002 8:50 AMTo: [EMAIL PROTECTED]Subject: Samba connecting to NT PDCHave a problem connecting Samba 2.2.7 on Redhat Linux 7.2 to a Win NT 4 PDC. I have set the following in the smb.conf file:- security = domain password server = CAT encrypt passwords = yes local master = no os level = 0 domain master = no preferred master = no domain logons = no wins server = 172.16.10.70 dns proxy = no I have entered the Samba server as a Machine in the Server Manager. When I use the command:- smbpasswd -j lister -r CAT I get the following error message:-modify_trust_password: unable to connect to SMB server on machine CAT. Error was : code 0. 2002/12/10 14:49:15 : change_trust_account_password: Failed to change password for domain LISTER. Unable to join domain LISTER. ThanksKevin ClarkeIT Support EngineerTel: 01453 541160 _This email and any attachments are confidential and are for the useof the addressee only. If you are not the addressee, you must not useor disclose the contents to any other person. Please immediatelynotify the sender and delete the email. Statements and opinions expressed here may not represent those of the company.This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Scanning Service. For further information visit http://www.star.net.uk/stats.asp or alternatively call Star Internet for details on the Virus Scanning Service.
RE: Comparing SAMBA_3_0 to HEAD
Title: RE: Comparing SAMBA_3_0 to HEAD Rather than use two trees, just check out HEAD and do a cvs diff -r SAMBA_3_0. That will show you everything which is different between your sandbox, and the revision specified with -r. The revision can be a tag, or a date. -Original Message- From: Stefan (metze) Metzmacher [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 29, 2002 11:54 PM To: [EMAIL PROTECTED] Subject: Re: Comparing SAMBA_3_0 to HEAD At 09:33 29.10.2002 -0500, you wrote: Thanks for doing this...can I ask how you did it? I'm not so good at cvs. I just have to tree's and run 'diff --brief HEAD 3_0' then I looked up each file in http://cvs.samba.org/cgi-bin/cvsweb/samba/source/ but I think I can write a little script that do this automaticly... (If I do this I tell you) Jim McDonough IBM Linux Technology Center Samba Team 6 Minuteman Drive Scarborough, ME 04074 USA [EMAIL PROTECTED] [EMAIL PROTECTED] Phone: (207) 885-5565 IBM tie-line: 776-9984 metze - Stefan metze Metzmacher [EMAIL PROTECTED]
RE: How Samba let us down
Title: RE: How Samba let us down One way to check this would be to download Ethereal (a packet capturing product endorsed and supported by many Samba users and developers), and capture some traffic on the network. Ethereal is free, easy to use, has Windows and Linux versions, and can be had from: http://www.ethereal.com Capture traffic from a Windows client that is slow to browse, and see how much of the network is being used by broadcasts. -Original Message- From: David Brodbeck [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 23, 2002 8:48 AM To: [EMAIL PROTECTED] Subject: How Samba let us down -Original Message- From: Jay Ts [mailto:[EMAIL PROTECTED]] It may be a pain to configure all those clients, but it's certainly worth it. Take a look at Microsoft's documentation (in their resource kits) on how various Windows versions do name resolution, and you'll see what I mean. I'll second this. WINS is the only way to go once you get above twenty or so machines on a subnet. It makes browsing bearable again. The college I used to go to had something like 400 machines, mostly windows boxes, on a dorm network. No WINS server. At some point they determined nearly half the network traffic was Windows name resolution broadcasts!
RE: [Samba] Re: How Samba let us down
Title: RE: [Samba] Re: How Samba let us down Here at Tricord, we run Samba through some pretty intense tests, as well. Since we are a file system producer, we focus on corruption bugs. We haven't found any in Samba, other than a rather famous Microsoft Word bug that also occurs on Windows servers. I'm not trying to chime in here, but if there was the kind of bug someone would notice within the first few hours of use, we'd have hit it hundreds of times already, just in our testing this week. We've been testing like this for more than two years. -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 23, 2002 1:04 PM To: Jay Ts Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Mathew McKernan; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Samba] Re: How Samba let us down Jay, For the record, I thouroughly test samba pre-releases before we ever ship. To the best of my knowledge, NOT ONE version of samba we have released ever CAUSED (or resulted in) file/data corruption. If I sound defensive - that's is exactly correct because file corruption is a DEATH issue! Please note: This does NOT include smbfs, which is not officially part of Samba. I can make NO assertions regarding the integrity of smbfs as I regard this as most undesirable technology. I do NOT test smbfs at all. Every reported case of file corruption I have looked at has been due to: 1. Bad or defective or low grade ethernet cards 2. Defective HUBs / Ether-Switches 3. Defective Hardware on the Server 4. Incorrect Protocol Stack configuration on the MS Windows client FHIW: My current testbed consists of: Tyan 2460 motherboard, 2 X MP1600+ CPUs 1 GB DDR2100 RAM 1 Gigabit Intel Enternet 2 x Intel EEpro100 1 x 3Ware 7540 IDE RAID - 3 WD 60 GB IDE HdD 2 x IBM 40GB IDE driver (native to system) Caldera OpenLinux 3.1.1 with 2.4.18 kernel with ACL patch applied. Test load on system with up to 60 sessions doing full load work. Peak IDE I/O bandwidth is 452 MBytes/sec. Peak network I/O is 117 MBytes/sec. Samba peak I/O depends on nature of operations. In other words, I beat the living daisies out of samba during test. Tests done with Samba with Win9X, WinME, Win2K (Pro + Adv Server), WinXPPro. I can vouch for the fact that not one file corruption problem has been detected during the 2.2.x series, nor on any prior series. Cheers, John T. On Wed, 23 Oct 2002, Jay Ts wrote: Jeremy Allison ([EMAIL PROTECTED]) wrote: Jay Ts wrote: The corruption might be related to oplocks. I'm doing Just to keep myself out of more trouble today, I'd like to point out that I didn't write the above. ;-) File corruption is treated as a drop everything - priority 1 bug in Samba. If this were a generic problem known with 2.2.6 we'd be issuing a patch *immediately*. I'm really lost at this point (too many replies to too many threads while having one of those days), but I think I/we suggested he _upgrade_ to 2.2.6, if he isn't already running a pretty recent release. I've seen problems in the early 2.2.x releases (when transferring large files) that could be perceived as (or called) file corruption, but the problem went away sometime before 2.2.4. Jay Ts -- John H Terpstra Email: [EMAIL PROTECTED]
RE: [Samba] Re: How Samba let us down
Title: RE: [Samba] Re: How Samba let us down We regularly do large file Copy-Paste tests with files between 30G and 60G. We have yet to see a problem. Tricord's market is Network Attached Storage, and our product is a file system. Samba is the main interface between our market and our file system. We spend a lot of time making sure the data that goes through Samba and into our file system comes back out in the same shape it went in. We have a whole department devoted to that purpose. Trust me, we'd notice if there was a problem. :) -Original Message- From: Jay Ts [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 23, 2002 2:25 PM To: Esh, Andrew Cc: 'John H Terpstra'; [EMAIL PROTECTED]; [EMAIL PROTECTED]; Mathew McKernan; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Samba] Re: How Samba let us down Esh, Andrew wrote: Here at Tricord, we run Samba through some pretty intense tests, as well. Since we are a file system producer, we focus on corruption bugs. We haven't found any in Samba, Since I've been curious about this anyway, I might go ahead and check: Do you (And J. Terpstra, and others) test sending really huge files, such as 700 MB ISO CD-ROM images or bigger, across the net, and then run a cmp on them, going in each direction. That is: 1. Start with a reference huge file on Windows, known to match an existing file on Unix, then copy it over through Samba and do a cmp on them? About how many times is this done in your tests? More than a few hundred? 2. Also run the test the other way, and compare the copies on the Windows side? I'm not trying to chime in here, but if there was the kind of bug someone would notice within the first few hours of use, we'd have hit it hundreds of times already, just in our testing this week. We've been testing like this for more than two years. That's what I thought, too. My take on it was that it was related to Samba, but not necessarily caused by it. In any case, it was all more than a year ago, and isn't an issue to me at all. Jay Ts
RE: Eliminating gettimeofday from construct_reply
Title: RE: Eliminating gettimeofday from construct_reply In the Samba profile results, the last column is the total time spent within the named routine, since profiling was started. Divide by the number of calls to get the average time per call. -Original Message- From: Green, Paul [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 01, 2002 10:44 AM To: 'Andrew Theurer'; Green, Paul; 'Andrew Bartlett'; Richard Sharpe Cc: [EMAIL PROTECTED] Subject: RE: Eliminating gettimeofday from construct_reply Andrew Theurer [mailto:[EMAIL PROTECTED]] wrote: Here is the latest profile: 8867 total 0.0044 700 default_idle 13.4615 689 __generic_copy_to_user 11.4833 419 generic_file_write 0.2272 291 do_softirq 1.4265 260 fget 3.8235 250 _text_lock_inode 1.1521 * 241 system_call 4.3036 * 237 qdisc_restart 0.6237 205 schedule 0.2330 153 d_lookup 0.5709 145 mod_timer 0.6144 134 skb_release_data 1.1552 134 ip_queue_xmit 0.1047 132 _text_lock_locks 0.6600 120 tcp_v4_rcv 0.0769 118 link_path_walk 0.0530 113 kfree 0.7847 107 tcp_recvmsg 0.0459 105 get_hash_table 0.6562 105 __kfree_skb 0.3409 * 99 do_gettimeofday 0.8250 * *these two are what I am focusing on. I expect both to be reduced significantly if we can reduce the number of calls to gettimeofday. I agree, we would need to see at least a few percent difference to make this worth while. I am obviously going to test a before/after in any case. Cool! Only I don't understand the columns; is the first column a count and the second column milliseconds per invocation? Counts aren't all that interesting, but calculating the percent of total run time spent by each function would be highly interesting... PG -- Paul Green, Senior Technical Consultant, Stratus Technologies. Day: +1 978-461-7557; FAX: +1 978-461-3610
RE: New sam system
Title: RE: New sam system They are not encrypted, they are simply signed. The problem is, it attaches them to the email as a separate attachment. Some email readers don't automatically display certain attachments, so the main body of the message is all that is displayed. Since there isn't one in this case, the message looks completely blank. I have to open the message, drag the PGP attachment to my desktop, and open it there with wordpad. Then I can see the PGP signed message as cleartext. -Original Message- From: Jelmer Vernooij [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 31, 2002 12:13 PM To: Richard Sharpe Cc: [EMAIL PROTECTED] Subject: Re: New sam system On Thu, Aug 01, 2002 at 02:54:06AM +0930, Richard Sharpe wrote about 'Re: New sam system': On Wed, 31 Jul 2002, Jelmer Vernooij wrote: [ Ok, I've switched off gpg signing for all samba lists... ] Weird that mutt generates encrypted files when I tell it to only sign it... :-( I'm working on the new sam system currently and was wondering whether the following patch should be applied to source/sam/SAM-Interface-handles.txt: Well, I would say you should, since that seems to be a design document. I was just wondering what the other authors of that design document thought about my suggestions :-) Jelmer -- Jelmer Vernooij [EMAIL PROTECTED] - http://nl.linux.org/~jelmer/ 19:06:03 up 1 day, 1:14, 11 users, load average: 1.22, 1.28, 1.36
RE: write list parameter in 2.2.5?
Title: RE: write list parameter in 2.2.5? How about setting valid users with the same list? -Original Message- From: Eddie Lania [mailto:[EMAIL PROTECTED]] Sent: Saturday, July 27, 2002 5:12 PM To: [EMAIL PROTECTED] Subject: write list parameter in 2.2.5? Sorry to drop this on this list. I would like to administrate the [users] share. I am stuck here: - [netlogon] comment = Network Logon Service path = /home/netlogon locking = No read only = Yes guest ok = Yes write list = joepie, @Administrators create mask = 0644 directory mask = 0755 [homes] path = /home/users/%U read only = No browseable = No create mask = 0600 directory mask = 0700 [users] comment = Users directories path = /home/users read only = No create mask = 0600 write list = joepie, @Administrators directory mask = 0700 - But when I log in as joepie, I am not able to read/write to the [users] share. I am using Samba 2.2.5 --with-ldapsam on RH 7.0 with openldap. Everything else works OK. In fact, the combo ldap and samba works great here. No errors in debug. messages or samba logs. /usr/local/samba/bin/testparm gives no errors. what am I doing wrong here? Is this a bug, or is it my own mistake? Hey, keep up the good work! Samba rules ;-) Eddie.
RE: rerun autoconf ?
Title: RE: rerun autoconf ? No, autoconf creates configure using configure.ac or configure.in as input. (Edit autoconf for more info, it's a script.) The configure script is included with the source code as a convenience. You want to run autoconf first, then ./configure, then make. -Original Message- From: Ulf Bertilsson [mailto:[EMAIL PROTECTED]] Sent: Monday, July 22, 2002 3:34 AM To: Samba-Technical (E-post) Subject: rerun autoconf ? Importance: Low ... creating ./config.status creating include/stamp-h creating Makefile creating script/findsmb creating include/config.h [root@box source]# make WARNING: you need to rerun autoconf -! Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper -I. -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I. ... So.. Correct would be to ./configure then autoconf, then make - install ? Please bear with my somewhat novice *nix experience :) (Source synced with CVS, basic RH 7.2) -- Ulf
RE: I/M Beta Test
Title: RE: I/M Beta Test Why does this smell like a hack troll? -Original Message- From: Matthew Frederico [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 16, 2002 6:00 PM To: [EMAIL PROTECTED] Subject: I/M Beta Test Sorry to post this here because it has NOTHING to do with samba (yet) but I didn't know where else to turn! If some of you get a chance please test out my flash instant messenger? http://matt.g33x.com -- Matt
RE: Draft of branch maintainence and release plans....
Title: RE: Draft of branch maintainence and release plans That's the same code I'm talking about. I have it running. -Original Message- From: Tim Potter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 09, 2002 10:10 AM To: Esh, Andrew Cc: Gerald Carter; [EMAIL PROTECTED] Subject: Re: Draft of branch maintainence and release plans On Tue, Jul 09, 2002 at 09:47:53AM -0500, Esh, Andrew wrote: I could work on the ext_attr patch, unless what you want out of it is drastically different that what I already have running. I am using the VFS module xfs_ea, which uses libattr from Bestbits and SGI. I can generify xfs_ea so it isn't XFS specific, and release it as a simple libattr interface. Sound good? There was a patch that did most of this already, as well as storing some nifty things like the dos mode bits and NT ACLs. It was fairly intrustive but did a lot of stuff. Tim.
RE: [Draft #2] Samba 3.0 roadmap...
Title: RE: [Draft #2] Samba 3.0 roadmap... About a year ago I suggested this and was told that something was being done about it. My impression was that there were some ideas about how to implement it, and work was in progress. It was suggested that I wait. I'd like to pick up the thread on this, and put some effort behind it. If there are suggested solutions out there, let me know about them. If it is acceptable, I will coordinate this feature. I'd implement my own solution for it, if I can be sure someone else doesn't have better plans. -Original Message- From: Gerald Carter [mailto:[EMAIL PROTECTED]] Sent: Monday, July 08, 2002 10:50 AM To: [EMAIL PROTECTED] Subject: [Draft #2] Samba 3.0 roadmap... Round #2. Roadmap to 3.0 -- The following features are planned for inclusion in 3.0. This list was compiled based on previous promises during 2.2 development and believed future directions of Samba [...] * Winbind idmap storage central idmap repository (for clusters, nfs, etc...) (owner?)
RE: [Samba] RE: FW: samba woes
Title: RE: [Samba] RE: FW: samba woes Why not make Samba LDAP aware, so that it can work with any LDAP server. Then, put an LDAP interface on Winbindd, so it can be queried by any client. Eventually, I think Winbindd would go away in favor of plain LDAP. BTW, this is the suggested solution for distributed Winbindd which I hear was in the works when I asked about this a year ago. I still like it. -Original Message- From: Johnston, Christopher (DCSA) [mailto:[EMAIL PROTECTED]] Sent: Monday, July 08, 2002 11:31 AM To: 'Gerald (Jerry) Carter'; Johnston, Christopher (DCSA) Cc: [EMAIL PROTECTED] Subject: RE: [Samba] RE: FW: samba woes Mind if I see it? Possibly test it? -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 02, 2002 12:54 PM To: Johnston, Christopher (DCSA) Cc: [EMAIL PROTECTED] Subject: RE: [Samba] RE: FW: samba woes On Wed, 26 Jun 2002, Johnston, Christopher (DCSA) wrote: Excellent.. however we are attempting to try and put together an LDAP solution here at ML to keep a centralized database of SID-UID mappings.. than letting the LDAP client make calls against the database for a UID.. what we would need is a backend script/program to make calls against winbind using wbinfo.. and than passing that info off to the LDAP server.. not sure if that would work.. but it is something management here has been talking about asking me to implement.. I've got some LDAP code I started on with. Looked like it would work technically. Don't know about performance cheers, jerry - Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org -- http://www.plainjoe.org Sam's Teach Yourself Samba in 24 Hours 2ed. ISBN 0-672-32269-2 --I never saved anything for the swim back. Ethan Hawk in Gattaca--
RE: sessionid.tdb missing after build and client read failutre
Title: RE: sessionid.tdb missing after build and client read failutre
I
think I see the problem. The code is reaching line 532 of smbd/service.c with
conn-user set to NULL. I was looking for reasons that this can occur, and I
noticed that conn_free is called whenever there is an error. Right after that,
the function returns immediately with a NULL result. This is not done in one
case:
smbd/service.c,
make_connection_snum(510)
} else
{conn_free(conn);*status =
NT_STATUS_NO_SUCH_GROUP;DEBUG(1,("Couldn't find group
%s\n",gname));}
conn-free will NULL the user pointer. I don't see
what would prevent the code from running from that point straight into
"initialise_groups", which needs conn-user to be set.
Don't
we need this instead?
Index:
service.c===RCS
file: /cvsroot/samba/source/smbd/service.c,vretrieving revision 1.93diff
-u -c -r1.93 service.ccvs server: conflicting specifications of output
style*** service.c2 Jul 2002 06:34:27 -1.93---
service.c3 Jul 2002 21:35:58 -** 511,516
--- 511,517 conn_free(conn);
*status = NT_STATUS_NO_SUCH_GROUP;
DEBUG(1,("Couldn't find group %s\n",gname));+
return NULL; }
} #endif /* HAVE_GETGRNAM */
-Original Message-From: David Shapiro
[mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 03, 2002
4:04 PMTo: 'Esh, Andrew'Subject: RE: sessionid.tdb
missing after build and client read failutre
I am
trying my best here Andrew (no knowledge of gdb). Now I went into frame
4 and printed timebuf there:
(gdb) bt#0 0xff1736dc in
strftime () from /usr/lib/libc.so.1#1 0x136ee4 in timestring
(hires=1) at lib/time.c:688#2 0x133170 in dbghdr (level=0,
file=0x1c18e0 "lib/fault.c", func=0x1c18f0 "fault_report", line=36) at
lib/debug.c:951#3 0x13324c in fault_report (sig=11) at
lib/fault.c:36#4 0x1333b8 in sig_fault (sig=11) at
lib/fault.c:61#5 signal handler called#6
0xff132e84 in strcmp () from /usr/lib/libc.so.1#7 0xff194efc in
process_cstr () from /usr/lib/libc.so.1#8 0xfefe20c0 in
_nss_files_do_all () from /usr/lib/nss_files.so.1#9 0xff149290 in
nss_search () from /usr/lib/libc.so.1#10 0xff194bf8 in _getgroupsbymember
() from /usr/lib/libc.so.1#11 0xff140c20 in initgroups () from
/usr/lib/libc.so.1#12 0x6b5f0 in initialise_groups (user=0x0, uid=0,
gid=0) at smbd/sec_ctx.c:187#13 0x75a68 in make_connection_snum (snum=2,
vuser=0x2cf398, password={ data = "0x40757365"
Address 0x40757365 out of bounds, length = 1920139264, free = 0x1ea400
pipe_names+376}, dev=0x0, status=0xffbeec04) at
smbd/service.c:532#14 0x76898 in make_connection (service_in=0xffbef430
"SAMBA_CONF", password={data = "0x25c5b8" "", length = 1,
free = 0x1422bc free_data_blob},
dev=0xffbef020 "A:", vuid=101, status=0xffbeec04) at smbd/service.c:826#15
0x4f184 in reply_tcon_and_X (conn=0x0, inbuf=0x26af68 "", outbuf=0x28b3b8 "",
length=94, bufsize=61440) at smbd/reply.c:257#16
0x7386c in switch_message (type=117, inbuf=0x26af68 "", outbuf=0x28b3b8 "",
size=94, bufsize=61440) at smbd/process.c:768#17
0x738f8 in construct_reply (inbuf=0x26af68 "", outbuf=0x28b3b8 "", size=94,
bufsize=61440) at smbd/process.c:797#18 0x73bd8 in process_smb
(inbuf=0x26af68 "", outbuf=0x28b3b8 "") at smbd/process.c:875#19 0x74644
in smbd_process () at smbd/process.c:1269#20 0x357c8 in main (argc=0,
argv=0xffbefbe4) at smbd/server.c:887(gdb) frame 4#4 0x1333b8 in
sig_fault (sig=11) at
lib/fault.c:6161
fault_report(sig);(gdb) #4 0x1333b8 in
sig_fault (sig=11) at
lib/fault.c:6161
fault_report(sig);(gdb) #4 0x1333b8 in sig_fault (sig=11) at
lib/fault.c:6161
fault_report(sig);(gdb) #4 0x1333b8 in sig_fault (sig=11) at
lib/fault.c:6161
fault_report(sig);(gdb) stepSingle stepping until exit from function
strftime, which has no line number information.timestring (hires=1) at
lib/time.c:689689
slprintf(TimeBuf+strlen(TimeBuf),(gdb) print TimeBuf$2 = "2002/07/03
16:47:53\000779974", '\000' repeats 229 times(gdb)
-Original Message-From: Esh, Andrew
[mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 03, 2002 4:56
PMTo: 'David Shapiro'Subject: RE: sessionid.tdb
missing after build and client read failutre
No, the setting of that parameter merely tells me what path the code
took. The "no" setting simply confirms my guess of which line of code caused
the problem.
-Original Message-From: David Shapiro
[mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 03,
2002 3:44 PMTo: 'Esh, Andrew'Subject: RE:
sessionid.tdb missing after build and client read
failutre
It is set to no. I copied an smbd from an
RE: sessionid.tdb missing after build and client read failutre
Title: RE: sessionid.tdb missing after build and client read failutre Don't step at that point. The process has already run the CPU into the wrong segment, or accessed memory using a bad pointer. Stepping will only destroy information. Do a 'bt' instead. That will dump the call stack, and show what path the code ran to get to this point. What I expect to see is somewhere above the strcmp routine, a Samba routine will call strcmp with a bad pointer, or a non-terminated string buffer. We need to know which routine did that. -Original Message- From: David Shapiro [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 02, 2002 9:17 AM To: 'Andrew Bartlett'; David Shapiro Cc: 'Richard Sharpe'; '[EMAIL PROTECTED]' Subject: RE: sessionid.tdb missing after build and client read failutre Trying to get better at this gdb here. I see a segmentation fault: which has no line number information. Program received signal SIGSEGV, Segmentation fault. 0xff132e84 in strcmp () from /usr/lib/libc.so.1 (gdb) step Single stepping until exit from function strcmp, which has no line number information. 0xff1544ec in _tzload () from /usr/lib/libc.so.1 (gdb) step Single stepping until exit from function _tzload, which has no line number information. 0xff152df8 in _ltzset_u () from /usr/lib/libc.so.1 (gdb) step Single stepping until exit from function _ltzset_u, which has no line number information. 0xff152994 in mktime () from /usr/lib/libc.so.1 (gdb) step Single stepping until exit from function mktime, which has no line number information. 0xff1736dc in strftime () from /usr/lib/libc.so.1 (gdb) step Single stepping until exit from function strftime, which has no line number information. 0x136db0 in timestring () (gdb) step Single stepping until exit from function timestring, -Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 02, 2002 9:01 AM To: David Shapiro Cc: 'Andrew Bartlett'; 'Richard Sharpe'; '[EMAIL PROTECTED]' Subject: Re: sessionid.tdb missing after build and client read failutre David Shapiro wrote: Thank you Andrew. I was looking at joining because it was mentioned that to get sessionid.tdb, you needed to join domain. I looked ing smbd.log and saw a connection from davidsha, and then in my workstation log and saw at the bottom: === [2002/07/02 08:40:53, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 8127 (3.0-alpha17) Please read the file BUGS.txt in the distribution [2002/07/02 08:40:53, 0] lib/fault.c:fault_report(39) === I also keep getting an xterm session pop up that says: xterm: Can't execvp /usr/local/bin/gdb I think this comes from the line in smb.conf: panic action = /usr/openwin/bin/xterm -display $DISPLAY -e /usr/local/bin/gbd -p %d gdb is in /usr/local/bin. What does it mean it can't execvp it? I dunno - but just make it a simple 'panic action = /bin/sleep 9000' and attach manually. Then lets look at it from there. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
RE: Samba and Netatalk
Title: RE: Samba and Netatalk Last time I looked at that code (two weeks ago?) in the 2.2 branch, it wasn't being called anywhere. -Original Message- From: Max Bidlingmaier [mailto:[EMAIL PROTECTED]] Sent: Monday, July 01, 2002 5:30 AM To: [EMAIL PROTECTED] Subject: Samba and Netatalk Hi! I've got a Problem with the interaction between Samba and Netatalk. I compiled Samba with the --with_netatalk option for configure. I thought it should create the correct files in .AppleDouble but it doesn't. Can anybody help me with this? greets max bidlingmaier
RE: CIFS Load Generator source available ...
Title: RE: CIFS Load Generator source available ... I ran into a compile problem on Linux Redhat 7.1. Here is a patch that fixes it. Index: include/config.h.in === RCS file: /cvsroot/cifs-load-gen/source/include/config.h.in,v retrieving revision 1.1 diff -u -r1.1 config.h.in --- include/config.h.in 27 Jun 2002 04:40:18 - 1.1 +++ include/config.h.in 27 Jun 2002 16:01:52 - @@ -19,13 +19,13 @@ #undef HAVE_SYS_WAIT_H /* Define if you have the sys/ipc.h header file. */ -#undef HAVE_SYS_IPC_H 1 +#undef HAVE_SYS_IPC_H /* Define if you have the sys/shm.h header file. */ -#undef HAVE_SYS_SHM_H 1 +#undef HAVE_SYS_SHM_H /* Define if you have the sys/socket.h header file. */ -#undef HAVE_SYS_SOCKET_H 1 +#undef HAVE_SYS_SOCKET_H /* Define to `int' if sys/types.h doesn't define. */ #undef mode_t and a cleanup: Index: Makefile.in === RCS file: /cvsroot/cifs-load-gen/source/Makefile.in,v retrieving revision 1.1 diff -u -r1.1 Makefile.in --- Makefile.in 27 Jun 2002 00:41:53 - 1.1 +++ Makefile.in 27 Jun 2002 16:00:54 - @@ -20,7 +20,6 @@ INSTALLCMD=/usr/bin/install -c srcdir=. -builddir=/usr10/home/rsharpe/snia_cifs_bm/source SHELL=/bin/sh # XXX: Perhaps this should be /bin/sh instead -- apparently autoconf -Original Message- From: Richard Sharpe [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 27, 2002 1:08 AM To: [EMAIL PROTECTED] Subject: CIFS Load Generator source available ... CIFS Load Generator Developed for SNIA CIFS Benchmarking Working Group Richard Sharpe Panasas, Inc Samba Team 11-Jun-2002 INTRO This is a short document on how to use the code and where it came from. BACKGROUND This code has been extracted from Samba's smbtorture utility. It is now up on the samba.org site in CVS and can be checked out with: cvs co cifs-load-gen RUNNING IT To run the code, simply execute ./bin/cifs_bm after having configured and made the code. ./bin/cifs_bm -Uuser%pass -Wworkgroup -c client-file [-N clients] \ [-Iip] [-b num] //server-or-ip/share NOTE. You need to know the max size of WriteX or ReadXs in the client file, as cifs_bm defaults to 256*1024. Use a flag of '-b num' for the block size you want. For example, '-b 1024' will give you a buffer of 1024*1024 bytes. THE CLIENT FILE The client file is essentially the same as smbtorture uses. There are a number of them in the clients directory. Each consists of a series of lines, each with either an operation to perform on the server, or one of a number of special keywords. The keywords are: BM_SETUP: Provides a series of setup operations. Currently, the driver does noting with this command, except set an internal variable called state to BM_SETUP. No measurements are taken during this phase. BM_WARMUP: Provides a series of warmup operations. Currently, the driver does nothing with this command, except set an internal variable called state to BM_WARMUP. No measurements are taken during this phase. BM_MEASURE: Provides a series of operations that will be measured. RECONNECT: Disconnect from the server and reconnect to it. SYNC n: Wait for up to n seconds for the master to say go. It waits for all the clients to SYNC. There are about 14 commands that are implemented. Look at the collection of .txt files to get an idea of what they are ... Some of the bit fields are important. For example, on an: NTCreateX file flag1 flag2 FID command, flag2 needs the 0x01 bit set if it is to ignore failures due to files already existing. An additional command is: Lock file etc ... Check the code for params for now. PROBLEMS There are still many problems. 1. It would be nice if the child/client processes would synchronise each phase with each other. A Sync command is now implemented. 2. FIND NEXT is not really implemented. This needs doing. 3. More operation types are needed. Lock is now implemented. However, see below. 4. Some way to generate a load file would be nice. 5. There is no way to specifiy a schedule of users and passwords to use to log onto the server. 6. NetBench specifies its driver file as a series of parts, each part containing a series of commands. It then randomizes the order of the parts. It would require a rewrite of cifs_bm to achieve this. 7. There is no way yet to spread the load over a series of interfaces. 8. There is no way to separate out connection to server, logging in and connection to the share. They are all one event. Thus we cannot measure the server's ability to handle logons (SessSetupX), connections (probing its ability to fork or create threads), and connecting to shares (TCON etc). This calls for commands like: Tcon share, Tdis share, etc. 9. The latency info needs to be kept in long longs, and the read and write throughput needs to be cleaned up. 10. It would be nice to have an embedded programming
RE: What happened to CIFS Technical Reference at SNIA?
Title: RE: What happened to CIFS Technical Reference at SNIA? It looks like this might be the equivalent (and future?) place for the file, but it doesn't appear to be there: http://www.snia.org/tech_activities/workgroups/nas/docs/ -Original Message- From: Christopher R. Hertel [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 26, 2002 5:43 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: What happened to CIFS Technical Reference at SNIA? They redid their web pages. They should have it cleaned up soon. Chris -)- Andy Tai wrote: Hi, I wonder anyone knows what happened to the CIFS Technical Reference at SNIA's website? It was available at http://www.snia.org/English/Collaterals/Work_Group_Docs/NAS/CIFS/ as a PDF file but now it is no longer found. Information on any mirrors is also appreciated. Thanks for any info. __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- Christopher R. Hertel -)- University of Minnesota [EMAIL PROTECTED] Networking and Telecommunications Services
RE: Winbind problem or my problem:)
Title: RE: Winbind problem or my problem:)
I am
assumingO. T. is notusing ADS security.
O. T.
: Try rebooting the PDC. It's possible one of the services is not responding to
user info requests. The problem you are describing requires some very basic
parts of the code to fail, if it's on the Samba side. I have seen domain
controllers have this sort of problem before, usually with LSASS appearing to be
working, when in fact it is not replying to requests.
Samba Technical List:
After doing some guesswork, I
traced this into winbindd_rpc.c, query_user(279), and I can see that most of the
handles are being tested. The "ctr" handle is being used without testing the
return value from "cli_samr_query_userinfo", however. If that function fails, it
returns NT_STATUS_USUCCESSFUL. The value of "ctr" would be undefined, but it
gets used anyway.
Suggest the following fix:
Index:
winbindd_rpc.c===RCS
file: /cvsroot/samba/source/nsswitch/winbindd_rpc.c,vretrieving revision
1.22.2.7diff -u -c -r1.22.2.7 winbindd_rpc.ccvs server: conflicting
specifications of output style*** winbindd_rpc.c6 Jun 2002 21:12:47
-1.22.2.7--- winbindd_rpc.c20 Jun 2002 17:31:25
-** 315,320 --- 315,323
result = cli_samr_query_userinfo(hnd-cli, mem_ctx, user_pol,
0x15, ctr); +
if (!NT_STATUS_IS_OK(result))+ goto done;+
cli_samr_close(hnd-cli, mem_ctx, user_pol);
got_user_pol = False;
The real question is, why would the
followingcode in libsmb/cli_samr.c, cli_samr_user_query fail? It causes a
skip of the "ctr" setting.
if (!samr_io_q_query_userinfo("", q,
qbuf, 0) || !rpc_api_pipe_req(cli,
SAMR_QUERY_USERINFO, qbuf, rbuf)) {goto
done;}
/* Unmarshall response
*/
if (!samr_io_r_query_userinfo("", r,
rbuf, 0)) {goto
done;}
-Original Message-From: Osman Tufanogullari (Garanti
Teknoloji) [mailto:[EMAIL PROTECTED]]Sent: Thursday, June 20,
2002 10:51 AMTo: Esh, Andrew;
[EMAIL PROTECTED]Subject: RE: Winbind problem or my
problem:)
Hi
Andrew,
Redhat 7.3...
I
did what you said and here is output...
#0 0x420b4769 in wait4 () from /lib/i686/libc.so.6#1
0x4213030c in __DTOR_END__ () from /lib/i686/libc.so.6#2 0x42049f72
in system () from /lib/i686/libc.so.6#3 0x0808d895 in smb_panic
()#4 0x0807d960 in fault_report ()#5 0x0807d9ae in
sig_fault ()#6 signal handler called#7 0x0806d7c4
in query_user ()#8 0x08069b22 in query_user ()#9
0x0806494d in winbindd_getpwnam ()#10 0x080638b7 in process_request
()#11 0x08063b06 in process_packet ()#12 0x0806406e in process_loop
()#13 0x08064579 in main ()#14 0x42017499 in __libc_start_main () from
/lib/i686/libc.so.6
-Original Message-From: Esh, Andrew
[mailto:[EMAIL PROTECTED]]Sent: Thursday, June 20, 2002 5:29
PMTo: Osman Tufanogullari (Garanti Teknoloji);
[EMAIL PROTECTED]Subject: RE: Winbind problem or my
problem:)
What platform?
The "panic action" smb.conf parameter can be used to display
a debugger when the code panics. On Linux, I use this:
panic action = "gnome-terminal --command 'gdb /proc/%d/exe %d'"
This will open a new terminal window and display the gdb
debugger, positioned at the point of the panic. Doing a "bt" at that point
will show what code was running when it panicked.
We need that information in order to deal with this
problem.
-Original Message- From:
Osman Tufanogullari (Garanti Teknoloji) [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 20, 2002 5:02 AM To: [EMAIL PROTECTED] Subject:
Winbind problem or my problem:)
Hi all,
Did you have a problem with winbindd which got all the users
from the domains except its own domain!? and
when you reach a share on samba with its own domain
user, Signal 11 is received and kills itself... Winbindd can bind the PDC of its own domain like it does for the
trusted ones but it doesnt get the user or groups of only its
domain...
Thanks..
RE: Large file size issues with Samba client.
Title: RE: Large file size issues with Samba client. An 18.4 Exabyte realmedia file? Must be one of Jeremy Allison's ACL discussions. That number is interesting. If you subtract it from 2^64, you get 1,932,534,103. If that number is added to the other reported file size (2,307,064*1024), the result is 343 bytes less than 2^32. The 343 bytes is explained by rounding in the bytes-to-kilobytes conversion being done in W2K. My guess is, somewhere, the actual 32-bit unsigned file size is being reported as a 32 bit signed number. That negative value is later represented as a 64-bit signed number, and is later represented an unsigned 64-bit number. That series of representation changes would convert the just-over 2GB file size into the just-under MAXINT64 size being shown in Linux. -Original Message- From: Brett Simpson [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 20, 2002 1:01 PM To: [EMAIL PROTECTED] Subject: Large file size issues with Samba client. I'm trying to access a Windows 2000 server share that has files 2GB using the Samba client 2.2.3 that comes with Redhat 7.3. It lists the files as being many times larger than their actual size. I upgraded to the CVS version of Samba today and it still has the problem. Any ideas on how to work around this? Viewed from Linux as a mount point to the Win2K. -rwxr-xr-x 1 root root 18446744071777017513 May 15 18:25 BOCC_20020515_450kbps_21480048.rm Viewed from Windows 2000. BOCC_20020515_450kbps_21480048.rm 2,307,064KB RealMedia File 5/15/2002 6:25 PM Brett
RE: wbinfo -t and Win2K DCs ...
Title: RE: wbinfo -t and Win2K DCs ... This doesn't match my results. I get good wbinfo replies when I have Samba 2.2.3a joined into a Win2K domain. In fact, we did a bunch of domain controller failure testing in such a domain, to make sure we had our solution right. We didn't see any difference between Win2K and our WinNT results, as far as authentication goes. (We noticed Microsoft removed the NET ACCOUNTS /SYNC command in Win2K, which made testing harder, but that's another story.) I am also certain that Win2K domain controllers advertise the #1c service. Here's a PDC I use for testing which runs Win2K (os version 5.0): [root@pluto source]# rpcclient //PDCNATIVE -W ENDURONATIVE -U Administrator -c srvinfo ... Domain=[ENDURONATIVE] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] cmd = srvinfo srvinfo PDCNATIVE Wk Sv PDC Tim NT LMB platform_id : 500 os version : 5.0 server type : 0x204102b And this shows that it registers the #1c service: [root@pluto source]# nmblookup -A 10.10.16.21 Looking up status of 10.10.16.21 PDCNATIVE 00 - M ACTIVE ENDURONATIVE 00 - GROUP M ACTIVE ENDURONATIVE 1c - GROUP M ACTIVE PDCNATIVE 20 - M ACTIVE ENDURONATIVE 1b - M ACTIVE ENDURONATIVE 1e - GROUP M ACTIVE PDCNATIVE 03 - M ACTIVE ENDURONATIVE 1d - M ACTIVE ..__MSBROWSE__. 01 - GROUP M ACTIVE INet~Services 1c - GROUP M ACTIVE IS~PDCNATIVE 00 - M ACTIVE Here's my advice: Do an nmblookup (as above) on your PDC. You can also use nbtstat on Windows the same way. Look for a listing of the #1c service, and make sure it's not marked with a Conflict or Deregistered flag. I have had two different domain controllers in different domains wind up with their Conflict flag set, which caused Samba authentication not to happen. If you have a conflict, try rebooting the PDC. If the #1c service is not listed, try rebooting. Also, log level 10 during a wbinfo -t may help you to understand why it's failing. -Original Message- From: Richard Sharpe [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 02, 2002 7:09 PM To: [EMAIL PROTECTED] Subject: wbinfo -t and Win2K DCs ... Hi, I have run into a spot of bother with wbinfo and Win2K. We run Samba as a member server from a Win2K DC. We join the DC correctly, but wbinfo -t does not work. This seems to be because the WINS server running on the Win2K DC will not answer queries looking for DOMAIN#1c. However, I know we have joined because wbinfo -u works. Has anyone seen this? Is there a solution on the DC, or do I have to hack winbindd to be able to look up the DC correctly? Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
RE: PATCH: VFS audit.c module
Title: RE: PATCH: VFS audit.c module
Wouldn't a better fix be to replace the NULLs in vfs.c with calls to a function like vfs_do_nothing, which always returns false or NULL? That way no one working on code outside of the vfs wrapper code has to remember to test the function pointers.
-Original Message-
From: Eric Lorimer [mailto:[EMAIL PROTECTED]]
Sent: Saturday, April 27, 2002 5:19 PM
To: [EMAIL PROTECTED]
Subject: PATCH: VFS audit.c module
Hello,
Not sure if anyone else has run across the same thing: after making and installing the stock audit.so module, trying to write a file to the share causes a segfault. The problem is these lines from smbd/vfs.c:
struct vfs_ops default_vfs_ops = {
...
#if defined(HAVE_NO_ACLS)
NULL,
NULL,
#else
vfswrap_chmod_acl,
vfswrap_fchmod_acl,
#endif
...
};
if HAVE_NO_ACLS is defined, the two pointers are null, and the audit.c module tries to follow the null pointers and causes the segfault. I would guess the problem is also present in skel.c as well. Though the fix is trivial, I've included a patch anyway.
- Eric Lorimer
--- audit.c Sat Apr 27 17:11:25 2002
+++ /tmp/audit.c.good Sat Apr 27 16:44:15 2002
@@ -287,7 +287,12 @@
int audit_chmod_acl(struct connection_struct *conn, const char *path, mode_t mode)
{
- int result = default_vfs_ops.chmod_acl(conn, path, mode);
+ int result;
+
+ if ( default_vfs_ops.chmod_acl == NULL )
+ return 0;
+
+ result = default_vfs_ops.chmod_acl(conn, path, mode);
syslog(SYSLOG_PRIORITY, chmod_acl %s mode 0x%x %s%s\n,
path, mode,
@@ -311,7 +316,12 @@
int audit_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode)
{
- int result = default_vfs_ops.fchmod_acl(fsp, fd, mode);
+ int result;
+
+ if ( default_vfs_ops.fchmod_acl == NULL )
+ return 0;
+
+ result = default_vfs_ops.fchmod_acl(fsp, fd, mode);
syslog(SYSLOG_PRIORITY, fchmod_acl %s mode 0x%x %s%s\n,
fsp-fsp_name, mode,
RE: Network connection braking after a while
Title: RE: Network connection braking after a while I'm not so sure it's the same. German-to-English(Netzwerkpfad wurde nicht gefunden.) == Network path not found. I get that all the time when Windows can't connect to Samba. I see it with authentication failures, and when the smbd associated with my client crashes, or is so busy it doesn't respond within the timeout period. Logs would help find the problem. The log named log.hostname, where hostname is the Windows client that displayed the Network path not found message is the one we need to see. -Original Message- From: Ulf Bertilsson [mailto:[EMAIL PROTECTED]] Sent: Monday, April 22, 2002 3:49 AM To: Carsten Fischer; [EMAIL PROTECTED] Subject: RE: Network connection braking after a while Could this be relevant ? http://support.microsoft.com/default.aspx?scid=kb;en-us;Q138365 -- Ulf -Original Message- From: Carsten Fischer [mailto:[EMAIL PROTECTED]] Sent: Sunday, April 21, 2002 9:15 PM To: [EMAIL PROTECTED] Subject: Network connection braking after a while Hello Users, sorry for my bad english... since a few month I'm trying to install Samba 2.2.0 on a Suse Linux 7.2 System. Everything is working fine but the stability of the connection. The Client (WinNT and Win2000) can see and use the shares but while usage the connection is reset. The log of Samba says Connection reset by peer. While copying some files the Win Explorer stops and says Network connection not reachable. I hope this description comes near to the German Netzwerkpfad wurde nicht gefunden. I've asked so many Newsgroups but none of them could help. I've changed the Network-Adapter and the Cable, did a complete new Installation tryed smb.conf examples and many other configuration. I don't know what I can do anymore. At last I tryed to update Samba but everything went wrong, so I reinstalled the 2.2.0 Version. The installation instructions for Suse-update said to copy the files of source/bin (after make) to usr/bin and nmbd,smbd and swat to usr/sbin. After doing this, nothing was working, so I copied a backup of 2.2.0 back to these folders. Can please anybody help me ?? Tnx, [EMAIL PROTECTED]
RE: Very bad performance when copying large files from windows to samba-share
Title: RE: Very bad performance when copying large files from windows to samba-share If this were me (and most of you are probably glad it is not), I'd synch the clocks, start Samba at log level 10 (unlimited log size), mount the share from Windows, and let it sit for a few minutes. This will allow Samba to sit with the user authenticated for a while, which makes a better log. I'd run Ethereal (www.ethereal.com) on the Windows side, unfiltered. Then I'd start the smaller (good) transfer, and note the time. Wait until the transfer ends, and record the time again. Save the capture file from Ethereal, and start a new capture. Repeat for the larger (bad) transfer. Save another capture. That that point, all the information needed to find the point in the code at which Samba is sitting while the pause is happening. Look for large gaps in the packet flow. Find out what Samba's log says during that time period. Determining where the gaps are occurring will help us understand why. Compare and contrast the good session with the bad session. Is there a timeout message at the same point in the bad session, that the good transfer instead began to send data? It was long sessions like this that found the exact recipe for Win98 rabbit pellets. (Unfortunately, we also found that there was nothing we could do to Samba to get Windows to run faster. :) I think the same thing will work here. -Original Message- From: Lars Heineken [mailto:[EMAIL PROTECTED]] Sent: Friday, April 12, 2002 3:22 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Very bad performance when copying large files from windows to samba-share On Fri, 12 Apr 2002 12:58:54 -0700 MCCALL,DON (HP-USA,ex1) [EMAIL PROTECTED] wrote: The fact that you have disk activity with no network activity on the samba server when you try to transfer, and the timeout issue, almost sounds like you have the 'strict allocate' flag for smb.conf set true - this would force samba to actually write bogus data to fill up a file on your disk of the size that you are about to transfer, and if it were really big, or disk writes really slow, could be causing you to time out... check testparm output for 'strict allocate' and see what the value is - it SHOULD default to no, or false, but maybe your distribution changed the default on you? Just a guess, Don The testparm showed that the setting is no. T be shure, I set it to no manually but the behavoir hasn't changed. This is a nasty one, your mail could have been the solution, as your description of the behaviour was quite what happens here. Maybe there's a way to check the network traffic if win98 initiates a transfer with a strict allocate ?
