Re: [OmniOS-discuss] [discuss] disable NetBIOS-Over-TCP for smb server

2014-01-06 Thread Gordon Ross
=21175550id_secret=21175550-eae52450 Powered by Listbox: http://www.listbox.com -- Gordon Ross g...@nexenta.com Nexenta Systems, Inc. www.nexenta.com Enterprise class storage for everyone ___ OmniOS-discuss mailing list OmniOS-discuss@lists.omniti.com

Re: [OmniOS-discuss] Python and Kerberos libraries

2016-06-09 Thread Gordon Ross
You could also tweak the krb5-config to support what this package wants. It's just a script... On Wed, Jun 8, 2016 at 10:45 PM, Paul B. Henson wrote: >> From: Dan McDonald >> Sent: Wednesday, June 08, 2016 9:45 AM >> >> > extra_link_args = check_krb5_config("--libs", "gssapi") >>

Re: [OmniOS-discuss] cifs connectivity to DC gets lost

2016-05-30 Thread Gordon Ross
On Tue, May 24, 2016 at 6:52 PM, Geoff Nordli wrote: > On 16-05-24 03:41 PM, Geoff Nordli wrote: >> >> I just upgraded a server from OI to OmniOS-r151018. >> >> I am having a few issues with the connectivity to AD. >> >> I was able to join the domain no problem, but then the

[OmniOS-discuss] Badlock -- illumos Native SMB server is not affected

2016-04-13 Thread Gordon Ross
Some of you may have heard about the vulnerability in SMB that affects Windows and Samba systems, disclosed on April 12 and named "BadLock" (www.badlock.org). The native SMB service in Illumos is not subject to the Badlock vulnerabilities. The main issues discovered by badlock.org relate to

Re: [OmniOS-discuss] SMB issues after r151014 -> r151018

2016-04-21 Thread Gordon Ross
I'm not sure how anyone ever gets access when your ACL has this ACE: everyone@:rwxpdDaARWcCos:fd-:deny Every long has the group "everyone" as a member, therefore that ACE will match every logon. The ace also lists every possible permission, so nothing should get through, no matter

Re: [OmniOS-discuss] SMB issues after r151014 -> r151018

2016-04-21 Thread Gordon Ross
On Thu, Apr 21, 2016 at 9:53 PM, Gordon Ross <gordon.w.r...@gmail.com> wrote: > I'm not sure how anyone ever gets access when your ACL has this ACE: > everyone@:rwxpdDaARWcCos:fd-:deny > > Every long has the group ... Hah! Spell checkers - Gr! That should

Re: [OmniOS-discuss] Dfs root with in-kernel SMB server?

2016-05-19 Thread Gordon Ross
DFS root support is there (it came out before the "lawnmower incident"). Should work the same as described in the S11 docs. On Tue, Apr 26, 2016 at 10:53 PM, Paul B. Henson wrote: > I was curious if it is possible to set up a share that acts as a Windows Dfs > root using the

Re: [OmniOS-discuss] AD integration problems

2016-05-19 Thread Gordon Ross
I haven't heard of anyone using autohome shares in a while, so it's possible that functionality regressed. As usual, I recommend grabbing a network trace (port 445) and dtrace outputs from both /usr/lib/smbsrv/dtrace/smbsrv.d and /usr/lib/smbsrv/dtrace/smbd-all.d -- all running while you

Re: [OmniOS-discuss] cifs anonymous troubles

2016-04-17 Thread Gordon Ross
Hi Dan, I can take a guess what this might be about. There were several bugs fixed as part of the "extended security" work: 1122 smbsrv should use SPNEGO (inbound authentication) One of those was that we used to give a client a "guest" logon if they tried to logon to SMB with _any_ unrecognized

Re: [OmniOS-discuss] Auditing CIFS shares

2016-08-11 Thread Gordon Ross
Auditing support for SMB/CIFS access is incomplete. The ZFS ACL support for Auditing entries appears to be complete, but we're missing the "hooks" that should be in the access control code paths (both success and failure cases), and some "plumbing" to get the audit events into the audit log in

Re: [OmniOS-discuss] LDAP external auth for CIFS service

2016-08-26 Thread Gordon Ross
2016 at 12:14 PM, Gordon Ross <gordon.w.r...@gmail.com> wrote: > Sorry for the delay -- been quite busy. I do look at this list, but > only occasionally. > > The way LDAP auth. works in SMB servers like Samba is that the server > allows SMB clients (i.e. Windows) to logon usin

Re: [OmniOS-discuss] LDAP external auth for CIFS service

2016-08-26 Thread Gordon Ross
Sorry for the delay -- been quite busy. I do look at this list, but only occasionally. The way LDAP auth. works in SMB servers like Samba is that the server allows SMB clients (i.e. Windows) to logon using accounts that work the same as "local" accounts (what Windows would call "local" accounts,

Re: [OmniOS-discuss] cifs smb 2.1 errors when using windows 10 backup tool

2016-10-12 Thread Gordon Ross
Interesting finding re. VHD support needing resiliency support in SMB 2.1. Thanks for the KB article: https://support.microsoft.com/en-us/kb/2920193 We have resiliency support in NexentaStor 5.0 (shameless plug:) https://nexenta.com/products/nexentastor We should work on upstreaming that code