[Samba] Re: Samba corrupting files
--- Parker, Robin [EMAIL PROTECTED] wrote: We're now getting corrupt files appearing in ClearCase. The files are in tact except for a number of lines added to the beggining of the file. I can't explain that type of corruption, but I can suggest you disable all oplocks. In your smb.conf global section, 'kernel oplocks = No', and on each share specify 'oplocks = No' and 'level2 oplocks = No'. I'm not a member of the Samba team but a Linux administrator whose primary responsibility is several Samba servers. We had corruption on several large flat database files. When we disabled all oplocks, our databases no longer corrupted. I've not been able to test which oplock setting of the three was causing this problem (or if it was all three) so I suggest you try disabling them all at once and then gradually re-enabling them one at a time. If that doesn't fix it, be sure to set them back, as oplocks are a performance boost. Good luck, /dev/idal __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba corrupting files
I'd heard of people having the same issues with Access but our problem was wit FoxPro db files. You should probably disable oplocks in Windows or in Samba for Access (or any large multi-user read-write) files due to weirdness in the SMB protocol. /dev/idal --- Brent Torrenga [EMAIL PROTECTED] wrote: Chris, I am about to implement a MS Access2000 database here on the samba server. Was it MS Access that you had the trouble with specifically? Chris de Vidal [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] --- Parker, Robin [EMAIL PROTECTED] wrote: We're now getting corrupt files appearing in ClearCase. The files are in tact except for a number of lines added to the beggining of the file. I can't explain that type of corruption, but I can suggest you disable all oplocks. In your smb.conf global section, 'kernel oplocks = No', and on each share specify 'oplocks = No' and 'level2 oplocks = No'. I'm not a member of the Samba team but a Linux administrator whose primary responsibility is several Samba servers. We had corruption on several large flat database files. When we disabled all oplocks, our databases no longer corrupted. I've not been able to test which oplock setting of the three was causing this problem (or if it was all three) so I suggest you try disabling them all at once and then gradually re-enabling them one at a time. If that doesn't fix it, be sure to set them back, as oplocks are a performance boost. Good luck, /dev/idal __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: New user seeking information
--- [EMAIL PROTECTED] wrote: I run an application on an HPUX 11.0 system that creates report files daily and I am wanting to have those files placed on a W2K server instead of the local drive during creation. Can I do this w/ Samba? Thanks for your time. I don't see why not. Install Samba, join your NT/AD domain (if you have one), put a mountpoint in /etc/fstab for your W2K server, mount it, modify your app to use the new mountpoint. Specifics of this can be found in man smbmount, /usr/share/doc/samba-X.X.X (might be different in HP UX), Samba.org in Documentation, on Google, or in good books (I like Using Samba 2.0 (O'Reilly) out this month or Teach Yourself Samba in 24 Hours (Sams). Also you can search this mailing list at marc.theaimsgroup.com. /dev/idal __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Multiple client access same file
Ohh, hmm. I'll try it at work if I get some time and see what happens. I have a Samba benchmark I can run against one of our unused servers, and I'll try to have 16 users access the same iso copied and mounted twice, just as you're doing. I might not get time to do this next week, so in the mean time, a good troubleshooting technique is to strip any as many smb.conf options as you can leaving a file with only a few options (the rest, when blank, will be defaults). Then gradually start adding them in again. I don't see why Samba should be crashing based on what you're telling me, and that's how I found our problem last time we had some really bad Samba corruption. A read-only filesystem from a large 650MB file mounted into another part of the same hard drive really shouldn't crash. Of course, I could be very wrong (: That's what I hope to find out with my benchmark. /dev/idal --- Shane Kennedy [EMAIL PROTECTED] wrote: That's what I have done. In the case of the 2 programs I know I have trouble with. I made 2 iso images of 1 CD. Proga.iso, and Progb.iso, mounted as /mnt/iso/Proga, and b. I soft link ed /mnt/Proga - iso/Proga. These are then shared by samba directory=/mnt/Proga so they can be mapped and accessed from Windoze as E: - \\server\Proga etc. Works fine with 2 clients accessing each share, but with total 8, accessing 2 shares (4/share), crashes occur.. Shane Chris de Vidal wrote: --- Shane Kennedy [EMAIL PROTECTED] wrote: Basically, the application freezes in patches, and eventually, app hangs. With 8 users accessing 2 identical shares (I duplicated the iso, mount both of them, and share both), at least 2 of them are likely to have hung within 5 minutes. I'm not sure this would even work well in Windows. CDs make poor multi-user drives. As I understand it, they work well in single-user applications where the head doesn't have to move around much. I recall someone telling me I'd burn out a CD drive in no time if I shared it on an FTP server, and Samba would be no different. Instead, Linux (and probably other *nixes) gives you the option to copy the contents of a CD to an iso and then mount that iso into a loopback device just like any other files in your system. In a nutshell, this is how it's done: Make sure your kernel has loop support: depmod -a modprobe -l | grep loop (Nothing? Try this: grep loop /proc/filesystems. If it's there, it's built into the kernel. If not, compile it in or as a module.) mkdir /samba/share/cdrom1 (or something like that) (insert CD) mount /mnt/cdrom cd /mnt/cdrom mkisofs -o /place/where/you/store/iso/files/cdrom1.iso . (man mkisofs or read the CD-writing HOWTO for details or other flags you might need) vi /etc/fstab (add a line like this:) /place/where/you/store/iso/files/cdrom1.iso /samba/share/cdrom1 iso9660 loop=/dev/loop1 (all on one line) mount /samba/share/cdrom1 Do the same for your other CDs, except you're using /samba/share/cdrom2 and /dev/loop2, and so on. Finally, write shares in /etc/samba/smb.conf: [cdrom1] path=/samba/share/cdrom1 [cdrom2] path=/samba/share/cdrom2 ... You can get fancy with fstab mount options like gid=sambausers and put everyone in this group for read-only. umask=227 will give r-xr-x--- perms to every file and directory for execution. The caveats are iso files (like CDs) are read-only. This may be to your benefit, as the user can't corrupt, delete, overwrite, modify, trojanize, etc. your programs. Also this takes up 650MB per image (naturally) but with hard drives costing about $1/GB this is hardly a problem. And you can store wayy more images in a server with a 100GB drive than with a bunch o' CD drives. Lastly, the loop module takes an argument to allow more than 8 loopback devices. modinfo loop or Google for details. You'll also need corresponding devices added for your extra loopback devices in /dev (/dev/loopXX), like so: mknod /dev/loop46 b 7 46 mknod /dev/loop47 b 7 47 mknod /dev/loop48 b 7 48 ... Hope this helps, /dev/idal __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: pam settings for winbind
--- Aaron Bennett [EMAIL PROTECTED] wrote: I'd also like to configure sshd to use this winbindd. However, this /etc/pam.d/sshd file doesn't work and I can't figure out why. I've put + signs to show the lines I added I added to the stock RHAT 8 sshd pam def. #%PAM-1.0 + auth sufficient /lib/security/pam_winbind.so + auth sufficient /lib/security/pam_unix.so use_first_pass auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so accountrequired /lib/security/pam_stack.so service=system-auth + accountsufficient /lib/security/pam_winbind.so password required /lib/security/pam_stack.so service=system-auth sessionrequired /lib/security/pam_stack.so service=system-auth sessionrequired /lib/security/pam_limits.so sessionoptional /lib/security/pam_console.so ideas, solutions, and pointers to a FAQ or some good pam documentation are all appreciated, as I'll be the first to admit that I don't know my ass from my elbow with regards to pam. LOL. I looked at the same document you probably looked at: http://us3.samba.org/samba/docs/Samba-HOWTO-Collection.html#AEN2358 and used the ftp example for any services I have, except I leave out the pam_listfile.so line at the top. In essense, you want auth sufficient pam_winbind.so before any other auth lines. Then you want account sufficient pam_winbind.so before any other account lines. This is different for login-type services like kde, gdm, and login. Follow the login example for these. Also, the pam_unix.so use_first_pass you added is only necessary for pam.d/login (I believe ssh reads that after reading pam.d/ssh). Remove this line. Following the pattern in the ftp example, account sufficient pam_winbind.so needs to go immediately before any account lines. Move it up one. Finally, the /lib/security is implied (at least it is in RedHat 7+... YMMV), so you can shorten it to just pam_winbind.so, which is slick. For reference, here is my pam.d/ssh file: ### #%PAM-1.0 auth sufficient pam_winbind.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so accountsufficient pam_winbind.so accountrequired /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth sessionrequired /lib/security/pam_stack.so service=system-auth sessionrequired /lib/security/pam_limits.so sessionoptional /lib/security/pam_console.so ### Use the pattern I explained above for any other services (NetAtalk, FTP, etc.). Use the login example for login-type services like kde, login, or gdm (as you have already done). SSH seems like it would be a login-type service, but it doesn't appear to act that way. Good luck, /dev/idal __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: pam settings for winbind
--- Aaron Bennett [EMAIL PROTECTED] wrote: Thank you. That did the trick. Great! Did you learn anything new? Or did you cut and paste? grin You can use the patterns I described to add winbind support for any pam-aware service (e.g. NetAtalk and Webmin), which is very groovy. /dev/idal __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] pam_unix.so likeauth? (Was: Help with Winbind)
--- Khanh Tran [EMAIL PROTECTED] wrote: auth sufficient /lib/security/pam_unix.so likeauth use_first_pass nullok snip The only difference from what I had been using was the addition of the likeauth and nullok options on the pam_unix.so library. Could you help my ignorance? What does likeauth do for you? I'm only using use_first_pass, and I don't want nullok. In /usr/share/doc/pam-0.75/txts/pam.txt: The likeauth argument makes the module return the same value when called as a credential setting module and an authentication module. This will help libpam take a sane path through the auth component of your configuration file. That wasn't very helpful. I Googled this option but didn't find anything useful. I didn't see an explanation of why you're using it in this thread, either, unless I just missed it. So could you explain, in human terms, how this helps your setup? (: Thanks for the education, /dev/idal __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: domain users in local groups with Winbind/Samba/Redhat
--- Matthias Rutzki [EMAIL PROTECTED] wrote: Unfortunately the group members still can not access the shares. I'm sorry, I'd tested this some time back and should have told you. Winbind doesn't appear to obey local group membership for domain users on the Samba box. We worked around this by creating an NT global group and added members to that. Then we chgrp all files and directories, then chmod g+rw on all files and directories, then chmod g+xs all directories like so: chgrp -R G_servername /path/to/share chmod -R g+rw /path/to/share find /path/to/share -type d -print0 | xargs -0 chgrp g+xs It is important NOT to set files g+xs. It is important to use s (set group id) so files created in the future in that share always have the same group. I have done it in this way: 1. stop smbd nmbd 2. add winbind use default domain = yes to the smb.conf 3. create a testgroup with groupadd test1 Instead, open User Manager for Domains and add an NT global group. I like to use something like G_servername so we A.) know it is a global group and B.) know that if a user can't access a server he just needs to be in that global group. 4. add my domain user (without the domain (domain+)) to this group with gpasswd -a rutzki.matthias test1 Instead, use User Manager to add users to this group. 5. create a share called testshare with valid users = @test1 in smb Use the NT global group here instead. 6. start smbd nmbd 7. logged in domain on a WIN98 System 8. try to access the testshare 9. System asks me for a password. Should be fine now. I tested it this morning with a user with a dot in his name and he could access the share. I don't know how a Samba PDC reacts to local groups. Also, if you apply ACLs, your group memberships can be more flexible and you won't need a global group for each server.. a file or directory can have multiple groups. I hope local group membership will be recognized in Samba 3.0. Perhaps it is an engineering impossibility and will never be recognized? Sorry to mislead you, but I hope you're on the right track now. /dev/idal __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Winbind: login cannot find name for group ID XXXXX ONLY RedHat 8
Super! Works here, too. Thanks, /dev/idal --- David Boynton [EMAIL PROTECTED] wrote: We were right. I posted the bug on Bugzilla and RedHat's solution was to upgrade glibc to the one distributed with rawhide. Version 2.3.1-46. This fixed the problem. Dave On Friday 14 February 2003 09:20 am, Chris de Vidal wrote: --- David Boynton [EMAIL PROTECTED] wrote: Short version: I think it's a problem with RedHat 8's glibc and not Samba. I've submitted a report to Bugzilla as I'm not tinkering with glibc on a server! :) And I don't know enough about glibc to tinker, either. I had a hunch it was a RedHat library problem but wasn't sure. Seems like there's alot of weird things in RH8. It's still usable, just weird little things like this all over. I'm hoping 8.1 is better. Thanks Dave, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Groups with Samba domain controler or domain member
--- [EMAIL PROTECTED] wrote: Are you using RedHat 8.0? It's also broken on my RedHat 8.0 workstation; I think it's because there are so many members of that group and some broken library in 8.0 can't handle long group memberships. It's working perfectly on all of my 7.3 servers. A _possible_ workaround is: getent group | grep 'Domain Users' (find out what the group id is. On my system, it's 1). chgrp 1 -R some_directory I can't test it, it's just a thought. I'm waiting anxiously for RedHat 8.1, but I'm also considering moving my workstation to Debian. Well it is Redhat 8.0. So may be it is specific Redhat problem, but not so important for me by now; however it is good if you know everithing works as it should work. Update: The bug has been fixed in RedHat Rawhide (8.1 beta). I downloaded glibc-2.3.1-46 and it worked for me, but it might not work for you, or worse, crash hard. Use at your own risk. /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Groups with Samba domain controler or domain member
--- Chris de Vidal [EMAIL PROTECTED] wrote: --- [EMAIL PROTECTED] wrote: Are you using RedHat 8.0? It's also broken on my RedHat 8.0 workstation; I think it's because there are so many members of that group and some broken library in 8.0 can't handle long group memberships. It's working perfectly on all of my 7.3 servers. A _possible_ workaround is: getent group | grep 'Domain Users' (find out what the group id is. On my system, it's 1). chgrp 1 -R some_directory I can't test it, it's just a thought. I'm waiting anxiously for RedHat 8.1, but I'm also considering moving my workstation to Debian. Well it is Redhat 8.0. So may be it is specific Redhat problem, but not so important for me by now; however it is good if you know everithing works as it should work. Update: The bug has been fixed in RedHat Rawhide (8.1 beta). I downloaded glibc-2.3.1-46 and it worked for me, but it might not work for you, or worse, crash hard. Use at your own risk. Update again: glibc-2.3.1-46 _did_ break alot of things. I downgraded back to the one that came on the RedHat 8.0 CD. You could downgrade to RedHat 7.3 (run up2date!) to fix this problem, or work around it as I described. I hadn't tested that workaround, so your only option could be going back to 7.3. Good luck, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Winbind: login cannot find name for group ID XXXXX ONLY RedHat 8
Downgrading back to glibc-2.2.93-5.. too many things were broken with 2.3.1-46. Perhaps I missed a dependancy? rpm didn't complain, and I didn't have to force install it. Thanks for the info though.. Debian looks better every day (: /dev/idal --- Chris de Vidal [EMAIL PROTECTED] wrote: Super! Works here, too. Thanks, /dev/idal --- David Boynton [EMAIL PROTECTED] wrote: We were right. I posted the bug on Bugzilla and RedHat's solution was to upgrade glibc to the one distributed with rawhide. Version 2.3.1-46. This fixed the problem. Dave On Friday 14 February 2003 09:20 am, Chris de Vidal wrote: --- David Boynton [EMAIL PROTECTED] wrote: Short version: I think it's a problem with RedHat 8's glibc and not Samba. I've submitted a report to Bugzilla as I'm not tinkering with glibc on a server! :) And I don't know enough about glibc to tinker, either. I had a hunch it was a RedHat library problem but wasn't sure. Seems like there's alot of weird things in RH8. It's still usable, just weird little things like this all over. I'm hoping 8.1 is better. Thanks Dave, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Winbind: login cannot find name for group ID XXXXX ONLY RedHat 8
--- David Boynton [EMAIL PROTECTED] wrote: Yeah, now I get segmentation faults in rpm and tripwire. I'm sure there's other surprises in store, too! And you can't uninstall it because RPM is pooched. You can copy the RPM binaries from another working RH8 box but I don't have one ): I'll just wait til Saturday for our InstallFest and put Debian on this guy. IBM just partnered with United Linux. :) I thot they were RedHat geeks? Perhaps I'll install UL on this guy instead (: /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Groups with Samba domain controler or domain member
--- [EMAIL PROTECTED] wrote: Does anybody know more about groups? I am considering switching from NT to Samba domain and have made some test. Unfortunately I need to make two additional groups, except Domain Admin (one of them is Domain Users). Is it possible to make that with the stable version of Samba? And another, but not so important (for now) question. Currently I have a Samba server, providing files and printers as a part of NT domain. It has winbind running, and I can list all NT rous and users in the samba box. However, manipulating group ownership on files works only with groups that don't have spaces in their names. Does anybody know how to overcome this? chgrp 'Domain Admins' some_file.txt Good luck, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: pam_winbind.so - How do I create it?
--- Scott Wrosch [EMAIL PROTECTED] wrote: When I did the other box, I did a binary distribution, so the file had apparently already existed. In following the instructions in the above link, this command doesn't seem to do anything: root# make nsswitch/pam_winbind.so Here's a quick quote from the manual: You will need a PAM module to use winbindd with these other services. This module will be compiled in the ../source/nsswitch directory by invoking the command root# make nsswitch/pam_winbind.so from the ../source directory. The pam_winbind.so file should be copied to the location of your other pam security modules. On Linux and Solaris systems, this is the /lib/security directory. As far as I can tell, I'm doing something wrong, but maybe not. Can anyone offer some advise? Oh, btw, this is a RedHat 7.3 box that I'm trying to get all this configured on. Same with the other successful one that I have running. You'd follow these instructions if you were compiling from source. Samba 2.2.7a can be installed on RedHat 7.3 using RPMs from Samba's FTP site. Once installed, make sure you have the library: [supcd@hjx-app-01 supcd]$ ls -l /lib/security/pam_winbind.so -rwxr-xr-x1 root root17148 01-27 17:26 /lib/security/pam_winbind.so Good luck, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: pam_winbind.so - How do I create it?
--- Scott Wrosch [EMAIL PROTECTED] wrote: That's what I'm trying to do though, is install from source. I know I wouldn't be having the problems if I was using the RPMs, but I figure I gotta learn somehow. So I decided to try source, and this is the only thing (so far) that I'm having troubles with. But, that's the file I'm looking for. Hm. Well if you need it, the RPMs are there, are current, and I can testify that they work (: Well, they work after you create the libnss_winbind.so.2 link: [supcd@hjx-app-01 supcd]$ ls -l /lib/libnss_winbind.so* -rwxr-xr-x1 root root16664 01-27 17:26 /lib/libnss_winbind.so lrwxrwxrwx1 root root 22 01-28 15:47 /lib/libnss_winbind.so.2 - /lib/libnss_winbind.so Back to your problem, someone else suggested you go into your samba-X.X.X/source directory, run make nsswitch/pam_winbind.so, and then manually copy nsswitch/pam_winbind.so to /lib/security, then set up a link to /lib/security/pam_winbind.so in /lib. I have no pam* files in /lib and it's working: [supcd@hjx-app-01 supcd]$ ls -l /lib/pam* ls: /lib/pam*: No such file or directory It can't hurt to make that link, but try first without it. You probably tried all of this already, but please carefully review your steps. Good luck, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Groups with Samba domain controler or domain member
--- Jim Wharton [EMAIL PROTECTED] wrote: It appears to me that there are only two groups these days... Domain Admins and Domain Users. I did remember that countless groups could be added and mapped to Unix groups. Is this still possible without downgrading to samba-2.2? Sorry, I don't know. I see all of my NT groups with getent group in Samba 2.2.7a. Anyone else know? /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: pam_winbind.so - How do I create it?
--- Scott Wrosch [EMAIL PROTECTED] wrote: Back to your problem, someone else suggested you go into your samba-X.X.X/source directory, run make nsswitch/pam_winbind.so, and then manually copy nsswitch/pam_winbind.so to /lib/security, then set up a link to /lib/security/pam_winbind.so in /lib. I have no pam* files in /lib and it's working: [supcd@hjx-app-01 supcd]$ ls -l /lib/pam* ls: /lib/pam*: No such file or directory It can't hurt to make that link, but try first without it. That's the problem. I can't even make it. I keep getting errors galore. And, from what I've been reading, the pam_winbind.so file gets copied to /lib/security .. So you might have it there. I may just try and copy it from the RPM version I have installed on my other Linux box, but I'm really confused as to why it isn't even working in the first place. I have a thought. Do you have the pam-devel package installed? rpm -q pam-devel If not, install it and try make nsswitch/pam_winbind.so again. If so, cut out the last dozen errors and post them to me and the list. Good luck, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: pam_winbind.so - How do I create it?
--- Scott Wrosch [EMAIL PROTECTED] wrote: It looks like that did the trick. Apparently the necessary package wasn't installed! Thanks for all your assistance! Who knows how long I would have been beating my head against the keyboard. Cool. Future reference: Include those errors (: Here's a good document to increase your likelihood of a quick answer: http://www.google.com/search?hl=enlr=ie=ISO-8859-1q=Eric+Raymond+%22Ask+Questions+The+Smart+Way%22btnG=Google+Search Good luck, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: OT: suggestion! (was Re: [Samba] !!ATTENTION NEWBIES!!)
--- Kurt Weiss [EMAIL PROTECTED] wrote: wow / i did newer see such a response to a theme as in this case! :-O Yeah, it actually had the opposite effect of what I was begging people to do :-P here's a suggestion: i did send (in a view cases) a short message to this 'NEWBEES' with important internet links, such as: (e.g.) http://www.samba.org/samba/ml-etiquette.html http://hr.uoregon.edu/davidrl/samba/ http://at.samba.org/samba/docs/ As did I. The message I wanted to get across was, Help yourself, this is why... This is how I help myself; here are ALL of the resources I've used! It just was misunderstood, I believe. I thought I was doing a service, but as I read it again, it looked like an angry slam, not what I hoped. Why can't we all get video email so inflections can be easier seen? (-: I actually spend more time with my email client helping newbies with greatly detailed letters than any other thing. A slam wasn't intended, and I'm sorry I was misunderstood. /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Attention newbies, an apology.. I WASN'T slamming you.
I'm sorry I gave the appearance I was slamming you. The tone was supposed to be Please, help yourself first, here's why... here's ALL of the resources I use to help myself. I've successfully been able to keep questions about Samba to this list down to a minimum by first consulting all of my sources and perhaps you can, too. As I read it again, it had the appearance of hatred and anger, and I really didn't want that. I actually spend ALOT of time answering simple questions in our LUG mailing list, in person, over the phone, and in the class we put on. Newbies are important, and I haven't forgotten where I came from. The first time I used Linux, the help command didn't help, info didn't give me info, and dir didn't even work. I haven't forgotten that. I just want you to learn how to help yourself. So if you were offended, please accept my apology, understand my point, and look at the original email again; there's good information in it how to help yourself: http://marc.theaimsgroup.com/?l=sambam=104516703506897w=2 Good luck, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: OT: suggestion! (was Re: [Samba] !!ATTENTION NEWBIES!!)
--- Robert Adkins II [EMAIL PROTECTED] wrote: I have read a few more of your responses. It appears that you believe wholeheartedly that your more advanced questions are going unanswered simply because of the volume of lower skilled questions. That was but one of the 5 points I was making. The other four: 1. Newbies, your questions will often go unanswered 2. Help yourself, here's how 3. Developers are likely to be overwhelmed by the volume of simple questions. I'd much rather have them improve Samba than answer how do I mount an NT share for the 20th time. 4. It's just disrespectful when they went to alot of work writing documents. Well, how do you know that there are enough people on the mailing list that have experienced the more advanced issues you are experiencing? Then, out of those people, how many of those do you believe will take their time to answer your questions? It is likely that the number is quite low. You really must know what questions I'd asked to say that. Please don't assume. I would like to apologize for the feather ruffling that I have done regarding this issue. I didn't have all the information behind your issue until I read a few of your posts after the flames I started fanning. Thanks, Robert! Apology accepted. Please accept my apology for being arrogant at your responses. I _really_did_ want to help, not bash. /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Winbind: login cannot find name for group ID XXXXX ONLY RedHat 8
--- David Boynton [EMAIL PROTECTED] wrote: Short version: I think it's a problem with RedHat 8's glibc and not Samba. I've submitted a report to Bugzilla as I'm not tinkering with glibc on a server! :) And I don't know enough about glibc to tinker, either. I had a hunch it was a RedHat library problem but wasn't sure. Seems like there's alot of weird things in RH8. It's still usable, just weird little things like this all over. I'm hoping 8.1 is better. Thanks Dave, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: domain users in local groups with Winbind/Samba/Redhat
--- David Boynton [EMAIL PROTECTED] wrote: Well, I got this to work once by manually editing the /etc/group file, like adding the line: localgroup:x:gid: domain+user1,domain+user2,etc I don't know if this is a safe thing to do, however. :) I don't believe you can safely manually edit this file, as you would probably also have to edit /etc/gshadow to match. Unix/Linux has a tool called gpasswd that will do this for you: gpasswd -a user group It lets you add users to a group without them existing in /etc/passwd (they don't even have to exist at all). Combine this with winbind use default domain = yes in smb.conf and you're ready to go. For example, in the domain ABC for the user john, do this to add him to a 'local' Unix group called smbusers: gpasswd -a john smbusers With winbind use default domain = yes you don't need to prefix it with your domain. Slick, huh? (: Good luck, /dev/idal On Friday 14 February 2003 03:37 am, Matthias Rutzki wrote: Hi, I am running a Samba 2.2.7a on Redhat 7.3 in a NT domain. For authentication I am using the domainusers.This is done by Winbind 2.2.7a which verifies the existens of the users on the PDC. So I dont't have to create local users (/etc/passwd) for users who want to connect to the shares in the smb.conf. I authorise them by adding valid users = domain+domainuser to the smb.conf. This works very well. Now my problem: By writing valid users = @localgroup or +localgroup I can authorise local groups (/etc/group) to connect to the shares. Now I want to add the domainusers to some local groups.Putting the domainusers in groups should save much time because otherwise I have to add each domainuser for every share seperatly. E.g. valid users = domain1+domainuser domain2+domainuser2 I have tried it with: usermod -g localgroup domain+domainuser which ends in this message: usermod: domain+domainuser not found /etc/passwd I know this is message is right because there is no domainuser in /etc/passwd. But how can I assort the domainusers? Is there a way to use groups of domainusers who are verified by winbind in the smb.conf? __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: linux newbie classes taught by Chris de Vidal
--- Brad Peters [EMAIL PROTECTED] wrote: In one of your replies to the attention newbies... series, you mentioned you teach a linux newbie class. I'm interested (seriously, or sarcasm) in checking out one of your seminars. Where do I get information? A few other JaxLUG members and I are puting it on (free) at a community college in Jacksonville, FL. If you live nearby, shoot me an email. If not, I can provide notes from the class. Check http://www.JaxLUG.org for details (not updated right now but perhaps soon). /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba permissions problem
--- juan [EMAIL PROTECTED] wrote: Here is the situation. I have setup a samba server to authenticate against Active Directory. I have created a group under my linux server and created all the accounts that need to access the share on the samba server. I gave the group the rights to the samba share, but when a user adds to the share a file or directory and I view the permissions under linux the owner of that new file, or directory is not the group anymore, its the creator. which creates a big problem because the group needs total access to any directory under the share and needs to have full access which I setup intially but when a user in the group creates a file he or she own it and other users can write to that directory. This involves a basic but obscure feature of Unix security I didn't learn about until recently: Set Group ID (sgid) on directories. New files and directories created inside it inherit the group ID, and anyone in that group will automatically share permissions. You first chmod all directories (NOT files) in your share: find /path/to/share -type d -print0 | xargs -0 chmod g+s Explanation: find = the find command, which finds files matching criteria /path/to/share = any directory where you want to apply inheritence -type d = Directories -print0 = Print with no newlines, for xargs to read | = run this command on the output xargs = run a command on each line input -0 = data comes in with no newlines chmod = change mode g+rwxs = read, write, execute (browse), and set group id Then you chgrp all files: chgrp -R /path/to/share Explanation: chgrp = change group of the files/folders -R = Recursive Finally, add members to your group: gpasswd -a user group Explanation: gpasswd = the group password command, but we're not setting a password here -a = Add Have the users log out and back in again to take effect. From then on, all files created in that directory will be in the same group. The user doesn't truly matter, as long as you have at least ---r-x--- for group read-only directories, ---rwx--- for group writeable directories, ---r- for group readable files, ---rw for group writeable files. At least those permissions. You could then safely remove other permissions to prevent a breech in security, as everyone should be in that group to have access. This is also useful with Winbind and winbind use default domain = yes in smb.conf. I can create a group: groupadd smbwrite Add some users from my NT domain into it: for USER in chris steve mike; do gpasswd -a $USER smbwrite done Set my permissions: find /share/mis -type d -print0 | xargs -0 chmod g+s And then set the group ID: chgrp -R smbwrite /share/mis Also, sgid is the 2 bit in the first number of octal permissions (e.g. chmod 2770 some_directory). Don't forget to have your users log out before trying, and good luck. /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: permission issues
--- [EMAIL PROTECTED] wrote: How can I setup the share so only the group owns it no matter what user in the group adds to the share the group maintains the permissions under shares do; force group = I forgot about that.. it works well, too (: Sgid is more flexible and works in the underlying filesystem, which is also more secure, especially if you allow local logins or have other services accessing the same files. We have NetAtalk and Samba, and this was the only way to go. Good catch, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba in Samba
--- Cyril Y. Nickonorov [EMAIL PROTECTED] wrote: I have a Samba PDC installed to authorize my windows network clients. And it is running on Solaris. I want to install a one another Samba file server and I want it to authorize windows clients by consulting the PDC. This second server must also paricipate in the domain the PDC is responsible for. How can I do this? Use security = domain and password server = hostname of the PDC in smb.conf. Add the Windows users on the *nix box without a password, or set up Winbind. Man smb.conf, get a good book (O'Reilly's Using Samba 2 is out this month!), check out the docs in /usr/share/doc or on Samba.org for details, or search this mailing list on marc.theaimsgroup.com for help. /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] !!ATTENTION NEWBIES!!
I've been reading this list for a few weeks now and I've given advice on questions that look challenging but I've deleted MANY questions like these: How do I (easy question found in the documents)? Though I don't count myself an expert, I've known enough experts to see that they _HATE_ it when you don't invest some time before asking a question. I too have been guilty of it, but I understand when I'm shot down or ignored. READ the manpages (man smb.conf, smbclient, etc.), /usr/share/doc/samba*, SEARCH the web (Google is your friend), SEARCH this mailing list (marc.theaimsgroup.com), READ the Samba website (I spend alot of time in the Documentation page), SEARCH your distro's website (e.g. RedHat.com has a GREAT docs section with Samba stuff in it), or READ one of the many fine books. I learned a TON from Teach Yourself Samba in 24 Hours but a possibly better book, Using Samba 2 from O'Reilly is out this month. PLEASE, PLEASE, PLEASE do your homework before asking, else your question will get ignored and you'll burn out the experts, whose time is better spent improving Samba than answering simple questions. /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba in Samba
--- [EMAIL PROTECTED] wrote: I also had to do a; smbpasswd -j DOMAIN -r PDC -UAdmininstrator%password snip security = domain encrypt passwords = yes Thanks, after I sent that, I remembered the first step and wondered if there was something else in the smb.conf I was forgetting (: By the way, %password isn't necessary; it'll ask you for the password. I don't like typing out passwords on the commandline.. someone just needs my .bash_history. /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] I stand by what I said.. I believe I was misunderstood (Was:!!ATTENTION NEWBIES!!)
Before you assume, I actually host Linux Newbie classes and answer some of the most basic questions in great detail on our LUG list. I believe I was misunderstood. --- Robert Adkins II [EMAIL PROTECTED] wrote: My name is ANGRY MAILING LIST GUY. Wasn't angry when I wrote it. I am here to tell you that I don't appreciate seeing questions that are easily found within the basic documentation for the somewhat to extremely complex service that you wish to install on your server. I don't appreciate when some developer works hard writing docs and then lazy people ignore it. What I really meant was !!ATTENTION LAZY PEOPLE!! Help yourself with these resources! Respect valuable mailing list/developer resources! Many good questions get ignored for the volume of lazy people's questions. I find it terribly taxing to have to deal with regular questions Again, you assume. I answer practically all newbie questions in our LUG, at our InstallFests, and at our training class (next one in 2 weeks). from what I consider newbs because my level of skill is so much higher then the rest of you. Read, don't assume. I said Though I don't count myself an expert, I know where I came from and how I got here.. lots of homework and experimentation. I know newbies can do it, too, without wasting lots of mailing list resources or developer's time. It doesn't matter that most of those questions come from people that speak English as a second or even third language, which means they might have some difficulty in understanding what I consider standard formatted sentences and manual pages. The first valid point you've made! I hadn't thought about the language barrier. Still, lazy questions from english-speaking users are common in this list. Furthermore, just because a great deal of the available online documentation is out of date, there is no reason why you plebeians shouldn't be able to infer how some the sections are configured in newer versions, even if those sections RADICALLY change how they are configured. That's why I listed the other sources.. mailing list search, Google, and a book published this month. I have had a bad day, so I am going to make sure that the rest of you all pay for me being in a bad mood. Assuming, again. While I can agree that there are many times when similar questions are posted, I have to vehemently disagree that they are useless questions. The words useless never came from my keyboard. The only bad question is the one you don't ask. I just want lazy people to be more respectful of resources. I've had good questions unanswered because of the VOLUME of laziness. There has been more then one time when I have assisted someone, in a far off land, that may have had some serious issues in understanding the way that the manuals were written. Is it their fault that the structure of their native language is different then that of mine? It is no more their fault then it is my own fault for speaking differing languages. I see your point in this case. Also, is it their fault that some, if not great deal of the available online documentation could be out of date? Books (one published this month), magazines, google, this mailing list, etc. aren't. I DID mention them. If newbs tend to ask the same questions over and over and you don't like to see what they wrote, delete it. You don't have to respond and it's not that big of a deal to take a second to read something that you have no intention of responding positively to. I already do. This is not about me... filters are great, and it takes like 5 minutes throughout the day to delete the lazy questions. It's not about me. I'm talking about wasting resources.. the developer's time, and real questions getting lost in a sea of lazy questions. You can also do what I do. Nicely answer the question and then point out a few pieces of material that could assist that newb in expanding their knowledge to a level closer to those of us who were once newbs ourselves. You may make more friends, gain respect and also flex the muscles within your own mind going over the little things that you might not have looked at in a little while. Yup, every day I'll pick a good question or three out from the sea and answer what I can, in as best detail as I can. You could probably stand to read Eric Raymond's How to ask questions the smart way http://munk.nu/www.tuxedo.org/%257Eesr/faqs/smart-questions.html What we are, unapologetically, is hostile to people who seem to be unwilling to think or do their own homework before asking questions. People like that are time sinks — they take without giving back, they waste time we could have spent on another question more interesting and another person more worthy of an answer. We call people like this losers (and for historical reasons we sometimes spell it lusers). What I really meant to tell
Re: [Samba] !!ATTENTION NEWBIES!!
--- Martin Pool [EMAIL PROTECTED] wrote: I think all Chris was asking for was a little respect on both sides: please do your homework before asking a question, and please treat nicely people who do ask. In essense, yes, I was saying those very things, and offered ways I've used to answer my own Samba questions. I WAS trying to help, not cause more yelling. It's hard to inflect in email (: If you were to subscribe to my LUG's mailing list, you'd see me taking great pains to answer newbie questions. But that's a different type of channel. In here, I've asked good questions and had to repeat them a few times to be heard. There's just too many simple questions. No doubt you developers are just burnt out from the volume, and I'd much rather you debug Samba than answer How do I join a domain? for the 15th time. /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba acl's
--- [EMAIL PROTECTED] wrote: In samba now, you can have read list or write list and say this user and/or group has write and/or this user and/or group has read only. This is a scaled down version of an acl. What if they created a folder called acl's and had one file called no access, one file called read, write, change, and full. An entry inside these files could look similar to: /data = @domain admin, john, steve /data/accounting = @domain admin, @accounting, bob if these entries were in the change file then samba would restrict him accordingly. I have been trying to get acl's to work and it has been difficult to work. I have been thinking that maybe samba could do this for us without having to count on other pieces of software. Hi David, I'm just a system engineer/admin, not a programmer either, but from what I've seen, Samba uses User Group Other permissions, which map to normal UGO Unix permissions stored in the file on the filesystem. These basic permissions are sufficient for many uses, as you can put many users in a group to access a directory or file. Unix basically uses this everywhere, as it's quite flexible. When you're using the acl patches for EXT2/3 (from acl.bestbits.at) or you use a filesystem with native ACL support like XFS, and you compile Samba --with-acl-support, you get full NT ACL support, where you'll see several groups accessing a file with different permissions. We're using this on several servers. You must remember to remount your filesystems with the acl option, and put it in your fstab. Either way, Samba relies on the file system to store these settings. This is exactly the same as in the NT world. You might have a FAT partition share where the only permissions are share-level permissions (similar to read/write lists in smb.conf). If you have an NTFS share, file permissions are stored on the file system and combine with share-level permissions. For more instructions on adding POSIX ACL support, search marc.theaimsgroup.com for similar instructions I'd given about this to other Samba users. I learned most of what I know now from Teach Yourself Samba in 24 Hours, a Sam's book, but I just found out there's a new O'Reilly Using Samba out this month which should contain more current and perhaps more thorough information. Also, check out acl.bestbits.at. Good luck, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Failed to parse ACL smbcacls
--- Francesc Guasch Ortiz [EMAIL PROTECTED] wrote: I'm trying to set up a Samba server with ACLS. Versions: - xfs in kernel-2.4.20. - samba-2.2.7a compiled with ACL support I'm trying first with smbcacls. But I can't manage to guess the syntax of the ACL command. It's done with get/setfacls; smbcacls is for setting ACLs from a Unix client on NT servers. Get those programs from the XFS site or acl.bestbits.at. Also you need to remount your partition with acl support. Man mount/mount.xfs/mount_xfs/read their website for details. You also could do well to take a look at the help documents on acl.bestbits.at, Samba.org, or my favorite, crack a book. I learned all about ACLs in Teach Yourself Samba in 24 Hours, a Sam's book, but I learned that an O'Reilly Using Samba just came out. O'Reilly's are usually outstanding and it's likely to be current, detailed, and have all the information you need. Also, search this mailing list at marc.theaimsgroup.com... I'd answered ACL questions probably 5 times in the last month, and you'll no doubt find some answers there from other people, too. Good luck, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba acl's
--- [EMAIL PROTECTED] wrote: These basic permissions are sufficient for many uses, Except mine ofcourse :) ACL support like XFS, and you compile Samba --with-acl-support, you get full NT ACL support, Before I recompile as I've SGI_XFS running on my RH servers, I'd like to make sure that the granular perms are as fine as NTs. Are yours indeed like those where 1 would have read/write/exe but not del, etc...? If so, this is what I need to do. No, it still uses Read/Write/Exec but it allows multiple groups/users to have different permissions, which is nice. To do delete inhibit and stuff like that, you need to compromise e.g. use read-only on files instead. Before recompiling, check that you have acl support turned on: mount | grep acl If you don't see your partition, man mount/mount.xfs/mount_xfs/read their website. Good luck, /dev/idal __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba/Windows XP and SSH tunnelling
Oops, dat was 'posed to go to [EMAIL PROTECTED], too (: /dev/idal --- Chris de Vidal [EMAIL PROTECTED] wrote: --- Jon Niehof [EMAIL PROTECTED] wrote: I'm using PuTTY as an SSH client and it works fine. I can connect to the samba server and port forward port 139 without any problems. Are you forwarding *just* 139? Can you provide a list of everything you're forwarding, what it's forwarding to, etc? Perhaps as a plink command line? The firewall on my workstation (inside our otherwise firewalled network) has UDP 137+8 and TCP 139 open, so you should probably forward those UDP ports, too. I don't know if PuTTY will let you forward UDP though. /dev/idal __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] preserving extended attributes during a file copy overthe network
--- Eric Chen [EMAIL PROTECTED] wrote: Hi, I have 2 linux machines, SOURCE and DEST on a network. I create some snapshots of the file structure on SOURCE and these snapshots have extended attributes. I want to copy the snapshots from SOURCE over to DEST over the network, but I don't want to lose the information on the extended attributes. Is there a way to do this using the samba protocol? Or do I have to modify the source code to allow the preservation of EA's. If anyone has any suggestions or can direct me to some helpful resources, please let me know. I could use some help on this matter. If there is another protocol that can support this file copy + preservation of EA's, please let me know. Hi, I answered a question _very_ similar to this last week... perhaps it was you and you missed my answer? Check marc.theaimsgroup.com. /dev/idal __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Fwd: Re: oplock problems
Oops, [EMAIL PROTECTED], not SALBA (: /dev/idal --- Chris de Vidal [EMAIL PROTECTED] wrote: Date: Thu, 6 Feb 2003 08:19:56 -0800 (PST) From: Chris de Vidal [EMAIL PROTECTED] Subject: Re: oplock problems To: Brian Johnson [EMAIL PROTECTED] CC: [EMAIL PROTECTED] --- Brian Johnson [EMAIL PROTECTED] wrote: I also switched the position of two autosensing 10/100 hubs on the network - but I don't think that would be the problem I had oplock issues a few months ago but it was with large, flat database files (search marc.theaimsgroup.com). I learned, in this process, that oplock break messages are almost always network related. We were seeing no messages but corruption, so we ruled out networking. But for you, start with networking. Disable autosensing if you can and go entirely half/full duplex at a certain rate. It is safe to entirely disable oplocks, but you gain so much performance with them. /dev/idal __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Redhat ACL support
--- David Gibbins [EMAIL PROTECTED] wrote: I'm trying to setup a RedHat 8 fileserver, it must work seamlessly within our 2000/NT network. After some research, I believe the first thing I need to do is install ACL support. I tried doing this once, didn't go well, had to reinstall RedHat. What files do I need and from where, to install ACL support for RedHat 8? I set up Samba+ACLs on 7.3 but it's basically the same thing. They removed ACL support from 8.0's kernel. Patch the RedHat kernel sources with a patch from acl.bestbits.at (you might need to download more current kernel sources though). Then compile the RPM: vi Makefile Change the rpm -ba command at the bottom to rpmbuild -ba. rpm -ba is no longer supported in 8.0. make dep rpm RedHat includes acl libraries and binaries on the 8.0 CD. Check that they're installed: rpm -q acl libacl If not, install them. They might need attr/libattr as well. I also installed an updated fileutils from acl.bestbits.at since 'ls -l' was broken. Install your new kernel and reboot. Try to remount with the new ACL options: mount / -oacl,remount mount | grep acl If that worked, put the acl option in /etc/fstab: LABEL=/ / ext3 defaults,acl 1 1 Reompile a Samba RPM to include ACL support. I wrote about this earlier this week. Search marc.theaimsgroup.com. Resources: Sam's Teach Yourself Samba in 24 Hours - current and useful http://acl.bestbits.at/ - LOTs of ACL documentation http://tldp.org/ - HOWTOs http://marc.theaimsgroup.com/ - Searchable Samba mailing list archives http://redhat.com/ - Documentation on building a custom kernel and RPMs. Don't recall if the kernel's make rpm is in there; I just learned that one from reading the Makefile. http://google.com/ - Search The F'ing Web (STFW) Please RTFM/STFW before asking questions (not saying you didn't, just making you aware). People certainly don't mind answering questions if you show effort (: /dev/idal __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: FreeBSD 5.0 + ACLs
--- Adam Smith [EMAIL PROTECTED] wrote: The next step (and what you're probably missing) is compiling samba --with-acl-support (or something like that.. do ./configure --help | grep -i acl). I tweaked a .spec file in a SRPM and you might have to edit your port's Makefile or something. I installed Samba from the ports with a make install. The configuration screen ? A screen? We don't have those niceties in Linux. Still, I can recompile SRPMs and install the resulting RPM on our file servers with ease; compile once, install anywhere (: I believe *BSDs use a compile-on-the-server method, which seems more time consuming. It's all about choices (: allowed me to select ACLs, but to be safe, I recompiled it and reinstalled it manually with a 'make --with-acl-support.' Good. The output from mount says: /dev/ar0s1g on /data (ufs, local, acls) Good. We also had to install acl/libacl/libacl-devel and attr/libattr/libattr-devel (e.g. binaries, libraries, and development headers+includes) packages in order to compile. I did a quick search on freebsd.org and Google but found nothing extremely helpful :/ If the ./configure script showed that ACLs were turned on, you're good. I believe there's a log that ./configure generates that you can grep.. perhaps its called configure.log? Anyway, grep -ir acl /path/to/samba/sources/after/compilation | less and look around for something that looks like the output of configure, that has something like Configuring with acl extensions... Am I supposed to be able to modify 'extended' ACLs on the UFS2 file system? We use get/setfacl in Linux.. it might be the same for you. Perhaps you should man -k ufs2 or man -k acl and see what you can find about getting and setting ACLs. The finished result would be that you'd be able to add multiple groups to a file's permissions from Windows Explorer. Works here. Something could be wrong with it. Whenever I do an 'ls -la' I get the following results: ls: ./.: Operation not supported drwxrwx--- 10 root administration 512 Jan 29 11:08 . ls: ./..: Operation not supported drwxr-xr-x 12 root wheel 512 Jan 29 16:28 .. ls: ./Accounts: Operation not supported drwxrwx--- 3 root administration 512 Jan 29 09:02 Accounts ls: ./Accounts Payable: Operation not supported drwxrwx--- 4 root administration 512 Jan 29 08:36 Accounts Payable ls: ./Finance: Operation not supported drwxrwx--- 26 root administration1536 Jan 29 08:37 Finance Every directory brings that up. It is the -l option causing the problem. A normal 'ls' on its own doesn't display these errors. This is a different problem. I had to install a specially-modified fileutils package, which included ls and a few other ACL-enabled binaries. After installing it, I noticed ls -l showed a plus sign after the permissions for files on ACL-enabled partitions. Most likely your standard ls is reading the extra ACL attributes when it says not supported. I also got the fileutils package from acl.bestbits.at. I think read about it in Teach Yourself Samba in 24 Hours, which is about the most up-to-date source of Samba information available right now (AFAIK), and contains topics like Winbind, ACLs, and Windows PDC replacement (: Good luck, /dev/idal __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: smb dealing with extended attributes
--- Eric Chen [EMAIL PROTECTED] wrote: Does anyone know if smb 3.0 supports the network file transfer of files with extended attributes and retains them? I want to do a backup from one server, SOURCE, to another server, DEST, and I want the extended attributes to be intact. I have been doing some research on protocols that I can use to do this file copy, but I have not had any luck. If anyone has any suggestions or can direct me to some helpful resources, please let me know. I could use some help on this matter. You might have to use star on either end of an SSH session. Something like: star cpvf - /some/share | ssh DEST star xpvf - /some/share but look up the star syntax. This might be faster than a typical Samba file copy. Or, dump the ACLs into a flat file. Instructions on doing this are on acl.bestbits.at. Good luck, /dev/idal __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Can't see all of the directories in a share with 2.2.7a-1 RH8...but older version/kernel can
--- Joe Gerkman [EMAIL PROTECTED] wrote: Hi Chris, Did the checks you recommended (which are some of the ones I always do when troubleshooting too, but definitely something to keep in mind). -No changes from default (including binaries/conf files)...no corrupt files/libraries from what I can tell. -Tried forced reinstall of Samba 2.2.7a ...no luck -Same directories are missing from the listing on all 2.2.7a/RH8 hosts (they're all consistent)...only the RH6.2/2.0.6-9 can sreinstallingee the full list Hate to say this, but I ended up using sharity-light just to try it and it worked, so that's what I'm using until I can figure out why this seems to only affect our RedHat 8.0/2.2.7a clients. And 7.x clients, right? I'd like to hear from you when/if you install RedHat 8.1+ or another distro. Could you send me a testparm output offlist? /dev/idal If anyone finds anything out that sounds similar, please let me knowas I'd really like to go back to using smbmount/Samba. Thanks again...and take care, -J On Fri, 2003-01-31 at 13:35, Chris de Vidal wrote: --- Joe Gerkman [EMAIL PROTECTED] wrote: On Fri, 2003-01-31 at 07:47, Chris de Vidal wrote: Update: From a RedHat 8 box with Samba 2.2.7a from a Samba.org RPM, I could see 1000 directories on a Windows 2000 Pro share. From a RedHat 7.3 box with Samba 2.2.7a from a Samba.org SRPM tweaked to include ACL support, I could see 1000 directories on a Windows 2000 Pro share. I created them with a for loop from my smbmount, not from within Windows, in case it matters. I figured it wasn't a directory/file number limitation, but wasn't entirely sure...I guess this confirms it...just as a check, were there any particularly large files/directories in there? I know that we have some directories that can get as big a 8 GB in size...just not sure if size plays into this at all either... This is what I did from the RH 8 box: for ((i=1;i=1000;i++)); do mkdir $i; done ls | wc -l 1000 At your question, I made a 2GB file in 10 directories (I couldn't create a 10GB file.. a Windows problem?): for ((i=1;i=10;i++)); do dd if=/dev/zero of=$i/2GB bs=1M count=2000; done ls | wc -l 1000 I can't explain it. Perhaps some weird/corrupt binary or library? Try rpm -Va | grep '^..5' | grep -v ' c ' | less which will show every non-config file that has been modified since being installed from its original RPM. Look at libraries and binaries in particular. Reinstall a damaged RPM with rpm -Uvh --replacepkgs --force some_package.rpm paying special attention to any .rpmsave/orig/new files created, which might move an original conf file (so diff the *.rpmorig/save/new with the existing file). Also, ensure you are seeing the exact same files missing each time: ls missing_at_12-24pm.txt later, after umounting/remounting ls missing_at_2-56pm.txt diff missing_at_12-24pm.txt missing_at_2-56pm.txt Any differences might tell me to look at intermittent network connectivity... it's yet another shot in the dark. Sorry I could not offer more specific help; these are the troubleshooting steps I go through when looking at weird problems like these. Someone shared that the permissions were possibly incorrect, but that would only seem to apply to a Samba server, not smbmount. And you're not using a umask, so the default umask is the one from the system, which is 0022, making permissions for folders and files 755. The only thing I can offer now is possibly ensuring that the username you access from the 6.2 box is the same you use on the 7.x+ boxen. If the usernames were different, perhaps permissions on Windows hide those directories from view (but obviously not from cd). Yep...same id...same password. Oh, and check the DOS permissions on those directories.. make sure they're not hidden. I don't know if smbmount obeys that, but it's worth a shot. I'll double-check that and let you know...but as most of the directories are created by a script (on the windows side), and there haven't been any changes to the script, they *should* all be the same...but again, I'll confirm that. /dev/idal Thanks again Chris... -Joe --- Chris de Vidal [EMAIL PROTECTED] wrote: To the list: We've been having some off-list conversation and I wanted to clue you in here. Our thread might be useful for posterity's (Google's?) sake. /dev/idal --- Joe Gerkman [EMAIL PROTECTED] wrote: We're using the following command (from a shell script): First (this isn't your fix but a nicety), it's easier when this is in /etc/fstab instead of with a script
[Samba] Re: FreeBSD 5.0 + ACLs
--- Adam Smith [EMAIL PROTECTED] wrote: I am playing with a test box at the moment running a Samba 2.2.7a domain on FreeBSD 5.0. I wish to enable ACLs, but I am not exactly sure what I am supposed to expect once they are enabled. I have created a UFS2 partition and enabled ACL support using tunefs. Since doing that, I have been able to connect to the Samba shares and modify ACLs, but so far the only things I have been able to accomplish are changing ownership, and modifying the o/g/u permissions. As I understand it, because UFS2 supports ACLs, am I not supposed to be able to create more thorough ACLs (much like NTFS can?) Have I chosen the correct file-system to do the job? It appears you have. We're using ACL support on Linux and ext3. We had to patch our kernel and got ACL options when we did. After booting the new kernel, we were able to add 'acl' after 'defaults' in fstab. You _might_ need the same; run mount and see what the options are next to your partition. The next step (and what you're probably missing) is compiling samba --with-acl-support (or something like that.. do ./configure --help | grep -i acl). I tweaked a .spec file in a SRPM and you might have to edit your port's Makefile or something. We also had to install acl/libacl/libacl-devel and attr/libattr/libattr-devel (e.g. binaries, libraries, and development headers+includes) packages in order to compile. In FreeBSD this probably means compiling the acl/libacl/attr/libattr tarballs, but look at acl.bestbits.at and the FreeBSD docs for more help there. WATCH your ./configure output and make sure it enables ACL support.. don't just assume! It was there we determined we needed the above packages. We used Sam's Teach Yourself Samba In 24 Hours as a guide, and it can no doubt help you, too. /dev/idal __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Can't see all of the directories in a share with 2.2.7a-1 RH8...but older version/kernel can
Update: From a RedHat 8 box with Samba 2.2.7a from a Samba.org RPM, I could see 1000 directories on a Windows 2000 Pro share. From a RedHat 7.3 box with Samba 2.2.7a from a Samba.org SRPM tweaked to include ACL support, I could see 1000 directories on a Windows 2000 Pro share. I created them with a for loop from my smbmount, not from within Windows, in case it matters. Someone shared that the permissions were possibly incorrect, but that would only seem to apply to a Samba server, not smbmount. And you're not using a umask, so the default umask is the one from the system, which is 0022, making permissions for folders and files 755. The only thing I can offer now is possibly ensuring that the username you access from the 6.2 box is the same you use on the 7.x+ boxen. If the usernames were different, perhaps permissions on Windows hide those directories from view (but obviously not from cd). Oh, and check the DOS permissions on those directories.. make sure they're not hidden. I don't know if smbmount obeys that, but it's worth a shot. /dev/idal --- Chris de Vidal [EMAIL PROTECTED] wrote: To the list: We've been having some off-list conversation and I wanted to clue you in here. Our thread might be useful for posterity's (Google's?) sake. /dev/idal --- Joe Gerkman [EMAIL PROTECTED] wrote: We're using the following command (from a shell script): First (this isn't your fix but a nicety), it's easier when this is in /etc/fstab instead of with a script. It can be done automatically at boot (RedHat recognizes smbfs types and waits til network is started) or manually with the noauto option. Then, you can just run mount /blahblah/Data If you put your password in a credentials file (see below), you can protect your password. Again, not a fix for your issue but I thought you'd like to know that. mount -f -t smbfs -o Second, I had to look up -f. man mount: -f Causes everything to be done except for the actual system call; if it's not obvious, this ``fakes'' mount-ing the file system. This option is useful in conjunction with the -v flag to determine what the mount command is trying to do. It can also be used to add entries for devices that were mounted earlier with the -n option. I have little confidence this will fix your problem, but please try it without that flag anyway. It's just a shot in the dark... username=xxx,password=xxx,uid=xxx,gid=x,fmask=770,dmask=770 //blahblah/Data /blahblah/Data Another nicety; use this option with mount or in your fstab: credentials=/some/file/chown/root.root/chmod/600 with username = someuser password = somepassword inside that file. I like to put mine in /etc/smb_passwd and I run chown 0.0/chmod 600 against it. This lets you avoid putting the password in the (world-readable) fstab. Just a suggestion. Same command we've been using for a while now (1 year)...but then again, maybe one of the options could have been deprecated Also, we installed Samba via the RPMs from samba.org...but I've also tried building from source (both SRPMs and plain source)...neither changed anything... Thanks again for your help Chris Don't thank me until I can confirm or deny it from a RH 7.3 and 8.0 box to an NT and 2000 Pro (no Server/Advanced) share (: /dev/idal On Thu, 2003-01-30 at 17:45, Chris de Vidal wrote: Whoa, really strange. Might be something you're doing, but I'll post my results to you and the list tomorrow and we can see if it's a consistent problem with RedHat 7+ and 2000. You are using smbmount or mount smbfs in fstab, correct? Also, how did you install Samba? I got an RPM from Samba.org (well, an SRPM so I could tweak the ./configure line). /dev/idal --- Joe Gerkman [EMAIL PROTECTED] wrote: Update... See 554 files on rh8.0/2.2.7a machine, 627 on the rh6.2/2.0.6-9 machine (the latter being the true number). Tried copying over the same smb.conf file (which I thought I'd done before)...no change/luck. Also tried the same version of samba on a 7.3 as well as a 7.1 box (same smb.conf file too)...no luck there either...oh, all had 2.4.x kernel, well except for the working machine (if that matters). On Thu, 2003-01-30 at 14:05, Chris de Vidal wrote: You're using smbmount, right? Sounds like you're seeing only 512 files.. do ls | wc -l. 512 is a nice round binary number and is probably what you're seeing. I don't have a direct answer, but I'm under the impression that there are many broken things in RedHat 8.0 (RedHat 7.0 also had many broken things.. cooincidence??). I wrote earlier this week about a RedHat 8-specific problem cannot find name for group ID X. Others with RedHat 8 have shared
[Samba] Re: Can't see all of the directories in a share with 2.2.7a-1 RH8...but older version/kernel can
--- Joe Gerkman [EMAIL PROTECTED] wrote: On Fri, 2003-01-31 at 07:47, Chris de Vidal wrote: Update: From a RedHat 8 box with Samba 2.2.7a from a Samba.org RPM, I could see 1000 directories on a Windows 2000 Pro share. From a RedHat 7.3 box with Samba 2.2.7a from a Samba.org SRPM tweaked to include ACL support, I could see 1000 directories on a Windows 2000 Pro share. I created them with a for loop from my smbmount, not from within Windows, in case it matters. I figured it wasn't a directory/file number limitation, but wasn't entirely sure...I guess this confirms it...just as a check, were there any particularly large files/directories in there? I know that we have some directories that can get as big a 8 GB in size...just not sure if size plays into this at all either... This is what I did from the RH 8 box: for ((i=1;i=1000;i++)); do mkdir $i; done ls | wc -l 1000 At your question, I made a 2GB file in 10 directories (I couldn't create a 10GB file.. a Windows problem?): for ((i=1;i=10;i++)); do dd if=/dev/zero of=$i/2GB bs=1M count=2000; done ls | wc -l 1000 I can't explain it. Perhaps some weird/corrupt binary or library? Try rpm -Va | grep '^..5' | grep -v ' c ' | less which will show every non-config file that has been modified since being installed from its original RPM. Look at libraries and binaries in particular. Reinstall a damaged RPM with rpm -Uvh --replacepkgs --force some_package.rpm paying special attention to any .rpmsave/orig/new files created, which might move an original conf file (so diff the *.rpmorig/save/new with the existing file). Also, ensure you are seeing the exact same files missing each time: ls missing_at_12-24pm.txt later, after umounting/remounting ls missing_at_2-56pm.txt diff missing_at_12-24pm.txt missing_at_2-56pm.txt Any differences might tell me to look at intermittent network connectivity... it's yet another shot in the dark. Sorry I could not offer more specific help; these are the troubleshooting steps I go through when looking at weird problems like these. Someone shared that the permissions were possibly incorrect, but that would only seem to apply to a Samba server, not smbmount. And you're not using a umask, so the default umask is the one from the system, which is 0022, making permissions for folders and files 755. The only thing I can offer now is possibly ensuring that the username you access from the 6.2 box is the same you use on the 7.x+ boxen. If the usernames were different, perhaps permissions on Windows hide those directories from view (but obviously not from cd). Yep...same id...same password. Oh, and check the DOS permissions on those directories.. make sure they're not hidden. I don't know if smbmount obeys that, but it's worth a shot. I'll double-check that and let you know...but as most of the directories are created by a script (on the windows side), and there haven't been any changes to the script, they *should* all be the same...but again, I'll confirm that. /dev/idal Thanks again Chris... -Joe --- Chris de Vidal [EMAIL PROTECTED] wrote: To the list: We've been having some off-list conversation and I wanted to clue you in here. Our thread might be useful for posterity's (Google's?) sake. /dev/idal --- Joe Gerkman [EMAIL PROTECTED] wrote: We're using the following command (from a shell script): First (this isn't your fix but a nicety), it's easier when this is in /etc/fstab instead of with a script. It can be done automatically at boot (RedHat recognizes smbfs types and waits til network is started) or manually with the noauto option. Then, you can just run mount /blahblah/Data If you put your password in a credentials file (see below), you can protect your password. Again, not a fix for your issue but I thought you'd like to know that. mount -f -t smbfs -o Second, I had to look up -f. man mount: -f Causes everything to be done except for the actual system call; if it's not obvious, this ``fakes'' mount-ing the file system. This option is useful in conjunction with the -v flag to determine what the mount command is trying to do. It can also be used to add entries for devices that were mounted earlier with the -n option. I have little confidence this will fix your problem, but please try it without that flag anyway. It's just a shot in the dark... username=xxx,password=xxx,uid=xxx,gid=x,fmask=770,dmask=770 //blahblah/Data /blahblah/Data Another nicety; use this option with mount or in your fstab: credentials=/some/file/chown/root.root/chmod/600 with username = someuser password = somepassword inside that file. I like to put mine in /etc/smb_passwd and I run chown 0.0/chmod 600 against
[Samba] Re: Can't see all of the directories in a share with 2.2.7a-1 RH8...but older version/kernel can
You're using smbmount, right? Sounds like you're seeing only 512 files.. do ls | wc -l. 512 is a nice round binary number and is probably what you're seeing. I don't have a direct answer, but I'm under the impression that there are many broken things in RedHat 8.0 (RedHat 7.0 also had many broken things.. cooincidence??). I wrote earlier this week about a RedHat 8-specific problem cannot find name for group ID X. Others with RedHat 8 have shared similar stories, and I'm having no issues with the same exact version of Samba on a RedHat 7.3 box. I've been using RH8 on my main workstation since introduction and I've found other weirdness. I'm not near my RH8 box at the moment but when I get back to work tomorrow I'll test an SMB mount of a Windows NT box. I could try a 2000 box if necessary. I'll do a wc -l and see what happens. I do recall having no problems with a Samba server (2000+ directories) and I can confirm that tomorrow. First, try copying the smb.conf from the 6.2 box. Smbmount seems to read a few lines from it, and there is a chance you have differences. If you have a RedHat 7.3 box handy, install the same version of Samba (I agree it doesn't sound version-specific) and try it.. it'd probably work fine. I'll try to do the same. /dev/idal --- Joe Gerkman [EMAIL PROTECTED] wrote: Hi all, Hoping someone might be able to steer me in the right direction and/or help me solve my problem. We have a number of Linux servers (RH6.2 - RH8) which connect to the same share on a Win2000 Server. We've been working kinda hard to get everything upgraded to either RH7.3 or RH8.0 since we rarely get the opportunity. 2 similar servers (one dev, one prod) access this same window share, which has a large number of directories (about 620-650), and the share itself is for a 180GB volume. Just recently we discovered that our dev server (RH6.2/2.2.14-5.0 with samba 2.0.6-9) can see all of the directories/files at the root of this share, but the prod server (RH8.0/2.4.18-19.8.0 with samba 2.2.x - 2.2.7a-1) can not, it can however see a good portion of them (about 554). There doesn't seem to be anything in common about these missing directories...have checked time, size, etc...nada in common that we can determine. We did try quite a few crazy things, like deleting a few directories to see if we saw more, but nope. And I should note that the directories are there, you just can't see them...I can 'cd' into them with no problem. Oh, and I've tried going back to the earlier version of samba (same as on the dev machine - 2.0.6-9), but no luck. Any ideas? Anyone? Please... -J -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: some doubts
I just found this smb.conf setting recently which fixed the same problem you are having now: winbind use default domain = yes Restart both Samba and Winbind. Now we can log into webmin and ssh and netatalk and anything else that uses PAM with our NT username and password (: Oh, you do have to correctly configure PAM.. look in the Samba.org documentation under winbind. /dev/idal --- Igor Debacker [EMAIL PROTECTED] wrote: i was using at nsswitch.conf passwd files winbind group files winbind shadow files winbind then i tryed... passwd compat winbind group compat winbind shadow compat winbind none of them work.. i cant login as root :\ (for those who are wondering.. i'm making modification with a rescue disk.. i boot in and mount my local hd) any other idea ? - Original Message - From: Rich Smrcina [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, January 30, 2003 3:32 PM Subject: Re: [Samba] some doubts Local accounts should work just fine. I have nsswitch.conf set up with 'compat winbind'. On Thursday 30 January 2003 01:19 pm, Igor Debacker wrote: Greetings from Brazil, 1) how can i login with the local accounts (root and others) while winbind is running ? i can only login with domain+user accounts !!! my /etc/nsswitch.conf is already configured to check files and winbind.. what else should i do ? 2) is there an way of my win2kserver users login only with their user name and not as DOMAIN+user ? Thanx in advance Igor Vieira Debacker [EMAIL PROTECTED] -- Rich Smrcina Sr. Systems Engineer Sytek Services, A Division of DSG Milwaukee, WI [EMAIL PROTECTED] [EMAIL PROTECTED] Catch the WAVV! Stay for Requirements and the Free for All! Update your S/390 skills in 4 days for a very reasonable price. WAVV 2003 in Winston-Salem, NC. April 25-29, 2003 For details see http://www.wavv.org -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: some doubts
Oh and I found it with testparm | grep winbind. Followed up in man smb.conf and learned how to use it. Try testparm | less some time and see what you'll learn! /dev/idal --- Chris de Vidal [EMAIL PROTECTED] wrote: I just found this smb.conf setting recently which fixed the same problem you are having now: winbind use default domain = yes Restart both Samba and Winbind. Now we can log into webmin and ssh and netatalk and anything else that uses PAM with our NT username and password (: Oh, you do have to correctly configure PAM.. look in the Samba.org documentation under winbind. /dev/idal --- Igor Debacker [EMAIL PROTECTED] wrote: i was using at nsswitch.conf passwd files winbind group files winbind shadow files winbind then i tryed... passwd compat winbind group compat winbind shadow compat winbind none of them work.. i cant login as root :\ (for those who are wondering.. i'm making modification with a rescue disk.. i boot in and mount my local hd) any other idea ? - Original Message - From: Rich Smrcina [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, January 30, 2003 3:32 PM Subject: Re: [Samba] some doubts Local accounts should work just fine. I have nsswitch.conf set up with 'compat winbind'. On Thursday 30 January 2003 01:19 pm, Igor Debacker wrote: Greetings from Brazil, 1) how can i login with the local accounts (root and others) while winbind is running ? i can only login with domain+user accounts !!! my /etc/nsswitch.conf is already configured to check files and winbind.. what else should i do ? 2) is there an way of my win2kserver users login only with their user name and not as DOMAIN+user ? Thanx in advance Igor Vieira Debacker [EMAIL PROTECTED] -- Rich Smrcina Sr. Systems Engineer Sytek Services, A Division of DSG Milwaukee, WI [EMAIL PROTECTED] [EMAIL PROTECTED] Catch the WAVV! Stay for Requirements and the Free for All! Update your S/390 skills in 4 days for a very reasonable price. WAVV 2003 in Winston-Salem, NC. April 25-29, 2003 For details see http://www.wavv.org -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Can't see all of the directories in a share with 2.2.7a-1 RH8...but older version/kernel can
To the list: We've been having some off-list conversation and I wanted to clue you in here. Our thread might be useful for posterity's (Google's?) sake. /dev/idal --- Joe Gerkman [EMAIL PROTECTED] wrote: We're using the following command (from a shell script): First (this isn't your fix but a nicety), it's easier when this is in /etc/fstab instead of with a script. It can be done automatically at boot (RedHat recognizes smbfs types and waits til network is started) or manually with the noauto option. Then, you can just run mount /blahblah/Data If you put your password in a credentials file (see below), you can protect your password. Again, not a fix for your issue but I thought you'd like to know that. mount -f -t smbfs -o Second, I had to look up -f. man mount: -f Causes everything to be done except for the actual system call; if it's not obvious, this ``fakes'' mount-ing the file system. This option is useful in conjunction with the -v flag to determine what the mount command is trying to do. It can also be used to add entries for devices that were mounted earlier with the -n option. I have little confidence this will fix your problem, but please try it without that flag anyway. It's just a shot in the dark... username=xxx,password=xxx,uid=xxx,gid=x,fmask=770,dmask=770 //blahblah/Data /blahblah/Data Another nicety; use this option with mount or in your fstab: credentials=/some/file/chown/root.root/chmod/600 with username = someuser password = somepassword inside that file. I like to put mine in /etc/smb_passwd and I run chown 0.0/chmod 600 against it. This lets you avoid putting the password in the (world-readable) fstab. Just a suggestion. Same command we've been using for a while now (1 year)...but then again, maybe one of the options could have been deprecated Also, we installed Samba via the RPMs from samba.org...but I've also tried building from source (both SRPMs and plain source)...neither changed anything... Thanks again for your help Chris Don't thank me until I can confirm or deny it from a RH 7.3 and 8.0 box to an NT and 2000 Pro (no Server/Advanced) share (: /dev/idal On Thu, 2003-01-30 at 17:45, Chris de Vidal wrote: Whoa, really strange. Might be something you're doing, but I'll post my results to you and the list tomorrow and we can see if it's a consistent problem with RedHat 7+ and 2000. You are using smbmount or mount smbfs in fstab, correct? Also, how did you install Samba? I got an RPM from Samba.org (well, an SRPM so I could tweak the ./configure line). /dev/idal --- Joe Gerkman [EMAIL PROTECTED] wrote: Update... See 554 files on rh8.0/2.2.7a machine, 627 on the rh6.2/2.0.6-9 machine (the latter being the true number). Tried copying over the same smb.conf file (which I thought I'd done before)...no change/luck. Also tried the same version of samba on a 7.3 as well as a 7.1 box (same smb.conf file too)...no luck there either...oh, all had 2.4.x kernel, well except for the working machine (if that matters). On Thu, 2003-01-30 at 14:05, Chris de Vidal wrote: You're using smbmount, right? Sounds like you're seeing only 512 files.. do ls | wc -l. 512 is a nice round binary number and is probably what you're seeing. I don't have a direct answer, but I'm under the impression that there are many broken things in RedHat 8.0 (RedHat 7.0 also had many broken things.. cooincidence??). I wrote earlier this week about a RedHat 8-specific problem cannot find name for group ID X. Others with RedHat 8 have shared similar stories, and I'm having no issues with the same exact version of Samba on a RedHat 7.3 box. I've been using RH8 on my main workstation since introduction and I've found other weirdness. I'm not near my RH8 box at the moment but when I get back to work tomorrow I'll test an SMB mount of a Windows NT box. I could try a 2000 box if necessary. I'll do a wc -l and see what happens. I do recall having no problems with a Samba server (2000+ directories) and I can confirm that tomorrow. First, try copying the smb.conf from the 6.2 box. Smbmount seems to read a few lines from it, and there is a chance you have differences. If you have a RedHat 7.3 box handy, install the same version of Samba (I agree it doesn't sound version-specific) and try it.. it'd probably work fine. I'll try to do the same. /dev/idal --- Joe Gerkman [EMAIL PROTECTED] wrote: Hi all, Hoping someone might be able to steer me in the right direction and/or help me solve my problem. We have a number of Linux servers (RH6.2 - RH8) which connect to the same share on a Win2000 Server. We've
[Samba] Winbind: login cannot find name for group ID XXXXX ONLYRedHat 8
My RedHat 8.0 workstation doesn't want to play nice with Winbind. The rest of our Samba servers (on RedHat 7.3) are working fine, and I am familiar with setting up Winbind. Samba: 2.2.7a (RPM from Samba.org. RedHat's RPMs do same thing.) Kernel 2.4.20 NT 4 domain I'd copied the pam and smb.conf from a working box in testing. Getent passwd and group works, BUT getent group 'Domain Users' does not (perhaps this is related??). However, getent group | grep 'Domain Users' works. getent group any other group works. [supcd@us05201637 supcd]$ testparm | grep winbind 'winbind separator = +' might cause problems with group membership. winbind uid = 1-2 winbind gid = 1-2 winbind separator = + winbind cache time = 15 winbind enum users = Yes # No did the same thing) winbind enum groups = Yes # No did the same thing) winbind use default domain = Yes [root@us05201637 root]# su - supcd id: cannot find name for group ID 10003 [supcd@us05201637 supcd]$ groups supcd id: cannot find name for group ID 10003 id: cannot find name for group ID 10001 id: cannot find name for group ID 10006 id: cannot find name for group ID 10019 id: cannot find name for group ID 10018 [supcd@us05201637 supcd]$ getent group 'Domain Users' [supcd@us05201637 supcd]$ getent group 10003 [supcd@us05201637 supcd]$ getent group | grep 10003 Domain Users:x:10003:Administrator,supml,supcd...(87 usernames snipped) [supcd@us05201637 supcd]$ getent group 'Domain Admins' Domain Admins:x:10001:Administrator,supcd... (10 usernames snipped) [supcd@us05201637 supcd]$ getent group 10001 Domain Admins:x:10001:Administrator,supcd... (10 usernames snipped) (Logging into RedHat 7.3 box in same domain; no error on login) [supcd@hjx-graphics-01 supcd]$ groups supcd supcd : Domain Users Domain Admins Ideas? I can provide more info (e.g. pam files) on request. /dev/idal __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind: login cannot find name for group ID XXXXX ONLY RedHat 8
My RedHat 8.0 workstation doesn't want to play nice with Winbind. The rest of our Samba servers (on RedHat 7.3) are working fine, and I am familiar with setting up Winbind. Samba: 2.2.7a (RPM from Samba.org. RedHat's RPMs do same thing.) Kernel 2.4.20 NT 4 domain I'd copied the pam and smb.conf from a working box in testing. Getent passwd and group works, BUT getent group 'Domain Users' does not (perhaps this is related??). However, getent group | grep 'Domain Users' works. getent group any other group works. [supcd@us05201637 supcd]$ testparm | grep winbind 'winbind separator = +' might cause problems with group membership. winbind uid = 1-2 winbind gid = 1-2 winbind separator = + winbind cache time = 15 winbind enum users = Yes # No did the same thing) winbind enum groups = Yes # No did the same thing) winbind use default domain = Yes [root@us05201637 root]# su - supcd id: cannot find name for group ID 10003 [supcd@us05201637 supcd]$ groups supcd id: cannot find name for group ID 10003 id: cannot find name for group ID 10001 id: cannot find name for group ID 10006 id: cannot find name for group ID 10019 id: cannot find name for group ID 10018 [supcd@us05201637 supcd]$ getent group 'Domain Users' [supcd@us05201637 supcd]$ getent group 10003 [supcd@us05201637 supcd]$ getent group | grep 10003 Domain Users:x:10003:Administrator,supml,supcd...(87 usernames snipped) [supcd@us05201637 supcd]$ getent group 'Domain Admins' Domain Admins:x:10001:Administrator,supcd... (10 usernames snipped) [supcd@us05201637 supcd]$ getent group 10001 Domain Admins:x:10001:Administrator,supcd... (10 usernames snipped) (Logging into RedHat 7.3 box in same domain; no error on login) [supcd@hjx-graphics-01 supcd]$ groups supcd supcd : Domain Users Domain Admins Ideas? I can provide more info (e.g. pam files) on request. /dev/idal __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Fixed: OpLocks caused the corruptions/slowness (Was: How Samba let us down)
--- Claudia Moroder [EMAIL PROTECTED] wrote: what does samba if a client locks a byte range behind the end of the file ? This could be important because it looks like many 'corruption' problems happern with foxpro files. And we are using foxpro files.. hmm. /dev/idal P.S. haven't gotten a chance to try turning oplocks on for bug testing; Management is scared of doing it. It might not happen. __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/
Re: Fixed: OpLocks caused the corruptions/slowness (Was: How Samba let us down)
You hit it _on_the_nose_ here. We wish someone had commented in the smb.conf, the manpages, the documents, ANYWHERE, about potential corruption/slowness with large database files and OpLocks. There is a chance we would have been spared grief. /dev/idal --- Jay Ts [EMAIL PROTECTED] wrote: Jeremy Allison ([EMAIL PROTECTED]) wrote: Chris de Vidal wrote: Still, wouldn't you welcome documentation advising people of potential corruption? I think we both agree that there is no guarantee that everyone's network is 100% on and the danger of corruption appears to be greater when there are large files read and written to a record at a time (namely, flat databases). Well we ship by default with the same options as Windows. But, is that a good idea? Sometimes, matching the behavior of Windows is not for the best! ;-) Certainly the extra 30% (?) performance is a nice thing, and helps Samba get good reviews when compared to Windows. But I think we can agree that a policy of matching the reliability of Windows is questionable. I think what Chris is getting at (and I wince while writing this, but I agree) is that it's better to give priority to data integrity (as you've said), and since many Samba users are now trusting Samba servers with their database files, the default either needs to be oplocks = no, or to have very obvious documentation somewhere where new Samba admins will surely see it -- and this is not easy, considering that Samba now comes bundled with all the popular Linux systems, and other Unices as well. And also considering that the issue is not easy for Samba newbies (or even oldbies) to understand. I know this is a tough issue, and I'm not sure what I'd do if I were in the driver's seat. Perhaps as a minimum, adding some documentation to the /docs directory, as Chris suggests, and also putting lines in the example smb.conf files showing how to turn off oplocks, and why. Or maybe the example smb.conf files should turn them off, with a comment explaining that the lines can be removed if the Samba server isn't serving database files, and has good network hardware, etc. I should have said this much earlier: I think if everyone is told straight out about this, then it will make life much easier for Samba administrators, help magazine testing labs _fairly_ compare Samba performance with that of Windows (they can make sure to turn oplocks on before running the test), and also make Microsoft look bad, as they should, IMO, since they created this stuff. Maybe it will pressure Microsoft into disabling oplocks by default, and level the playing field in favor of data integrity! Jay Ts author, Using Samba, 2nd ed. __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/
RE: Fixed: OpLocks caused the corruptions/slowness (Was: How Samb a let us down)
--- Green, Paul [EMAIL PROTECTED] wrote: My opinion is that the right fix is for anyone who is experiencing data corruption of any sort, whether with oplocks on, off, or sideways, to work with the Samba team to come up with a reproducible test case so that we can root cause the true source of the problem. My #1 priority as a sysadmin is, make it work. But you are right; There is implied responsibility, when using free software, to help with problems. As you said, I am getting top-quality software at a rock-bottom price. It is worth our time and effort. I just hope I can convince the powers-that-be to let me test some configurations/clients. The challenge is it doesn't appear to be a problem with Samba but the clients. Regardless, I feel the Samba documentation ought to be noted when/if we can reproduceably show it to be the client's fault, so others don't fall into the same trap. If I'd have been warned, there is a chance we wouldn't have had the grief we did. /dev/idal P.S. The Cathedral is a great book. __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/
RE: Fixed: OpLocks caused the corruptions/slowness (Was: How Samb a let us down)
--- David Brodbeck [EMAIL PROTECTED] wrote: It's rather shocking to me that SMB reacts to poorly to network problems, but I realize there's not much Samba can do about the crummy protocol design. ;) There is one thing: (Now I'm beating a dead horse on this, so I'll shut up and see what I can do to help) Make the user aware. /dev/idal __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/
[Samba] Re: How Samba let us down
--- Keith G. Murphy [EMAIL PROTECTED] wrote: I think he's referring to the phenomenon that I've seen on way too many technical mailing lists: be a complete asshole and you'll get the complete and undivided attention of multiple developers and power users, all of of whom assert, while helping, that that's not a good way to get help. :-) Best way to do it is to impugn the quality of the product, and threaten to switch to another. (By the way, the OP's subject line was a work of art along these lines. The 'us', rather than 'me', raising the prospect of a huge group of people disappointed in Samba, was particularly nice. I take my hat off.) I'm pretty sure a lot of posters have noticed this and use it to their advantage. You do have to be kind of unprincipled first... :-) Ack! I didn't mean to imply as much as it looks like I did about the OP and his motives. I was more focused on a social phenomenon that I'd noticed. The subject line *was* a work of art, but that's not quite saying the poster is a (con) artist. For the record, I do not believe he is an asshole, or unprincipled. I am an agnostic on the subject. Thanks! * I used the word us because it was everybody in my IT department, the printing departement, the DP department... some 100+ people who heavily depend on Samba. It let _us_ down. Didn't think about the implications of us vs. me. * It is always important to know the context. The very first paragraph of the subject went something like: I'm sharing my sad experience so that the Samba community can learn and grow. Never would I impugn the quality of Samba; After all, it could have been something we were doing wrong. We use Samba elsewhere and really like sticking it to Bill. Of course we don't overlook the stability, speed, cost, security, open source, flexibility, etc... * We actually were in the process of switching; No threats! (-: At that point, I was only sharing to help enlighten the community; Turning back was not an option. * I don't believe I'm an asshole, either (-: I always attempt to have this attitude: I could be completely wrong. The story had a happy ending. The NT server's new hard drive died, so we kept hobbling along on Samba. When we disabled all OpLocks, all was well. We are coming up on a week of constant stability, no corruption, and no interruptions in browsing the server's hard drive. Samba is looking gd. /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: OpLock+flat DB corruption (Was: How Samba let us down)
--- [EMAIL PROTECTED] wrote: On Thu, Oct 24, 2002 at 04:43:53AM -0700, Chris de Vidal wrote: OpLocks were indeed causing corruption; we only turned them off, made no other changes, and have no more corruption, as I reported yesterday. Wouldn't that be a priority 1, drop everything bug? Other experience was confirmed by doing a Google, by 2 Samba authors, and by the results of our one simple change. If you'd like, I can submit an official bug report. Is it completely reproducible ? Problems cuased by clients not responding to oplock breaks are notoriously dependent on network hardware and client issues (network drivers etc). Sorry for the late reply; I was out all weekend. We can't reproduce the problem because we don't have another Oce' and Opus setup ($$) to test it on, but in essence: No corruption on Netware, no oplocks. Corruption on Samba with oplocks. No corruption on Samba, no oplocks. Yes, turning off all oplocks was the only change made. 2 Samba authors and a Google search confirmed this kind of corruption. We drive the client differently than a Windows TCP stack, and remember Microsoft don't test with anything than their own stack. Problems like this come under the oplock break problems, not generic corruption. Still, it's corruption, and the user ought to be made aware. I would like (at least) to submit a documentation patch. It might have saved us grief. /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Fixed: OpLocks caused the corruptions/slowness (Was: How Samba let us down)
--- Neil Hoggarth [EMAIL PROTECTED]
wrote:
On Thu, 24 Oct 2002, Chris de Vidal wrote:
I'd be happy to let the group know. I'm not
positive
we'll reenable anything but kernel oplocks,
though.
We have work to do.
The kernel oplocks parameter affects how Unix
processes accessing the
file interact with SMB oplocks. Enabling kernel
oplocks on a share which
doesn't have SMB oplocks turned on shouldn't make
any difference, I'd
have thought.
If I understand your description correctly you don't
have Unix processes
interacting with the stored files; your Linux box is
acting purely as an
SMB file server for Windows clients? All the file
accesses come in from
the net, via Samba?
Yes.
In this case you probably want
to leave kernel
oplocks off ('cos they buy you nothing,
functionally, and there have
been suggestions that Linux kernel bugs causing
problems with them). The
interesting test is whether either of:
oplocks = yes
level2 oplocks = no
or
oplocks = yes
level2 oplocks = yes
work.
If your corruption returns *and you can show that
your network and
clients are working properly* (ie. no oplock break
messages are getting
lost or being ignored by client machines - which
probably requires
Ethernet packet captures) then it's probably Red
Alert time.
I'll keep these guidelines in mind.
Also: don't think that if you establish the
existence of a priority 1
bug then it is all over - if you're experiencing a
bug that the team
can't reproduce themselves then it doesn't mean that
there isn't a bug,
but it does mean that they're going to need a lot of
help characterizing
and finding it.
The team probably would have to install Elixir's Opus
and process large flat db files (Fox Pro, I think)
with multiple processes on multiple servers... in
other words, it probably isn't going to happen. The
corruption will remain possible with other users.
On the other hand, several people have confirmed it to
be a problem with multiple clients accessing Microsoft
Access, which is a relatively cheap test.
Anyway, for us it is working fine, so I really have
little motivation for fixing the problem other than to
give back to the contributions given. We are probably
going to run the checks as you mentioned above,
probably going to submit a bug report if we find
something, and probably going to submit a
documentation patch, but can't do much more (can't
spend much more time on it.. life goes on here).
/dev/idal
__
Do you Yahoo!?
Y! Web Hosting - Let the expert host your web site
http://webhosting.yahoo.com/
Re: Fixed: OpLocks caused the corruptions/slowness (Was: How Samba let us down)
--- [EMAIL PROTECTED] wrote: The oplock code in Samba has been *heavily* tested. The one thing we cannot fix is clients ignoring oplock break requests. If you can show a problem occurring when clients are *not* ignoring oplock break requests then it's a Samba logic bug and we'll jump on it asap. (Fog lifting) OK, you have a great point here, which you made before, but I didn't see. Neil gave some guidelines for seeing if it is the client doing so, and I'll submit a bug report if I find it to be so (if we even get a change to test it!). I have a good feeling that we won't find it to be a Samba problem. Still, wouldn't you welcome documentation advising people of potential corruption? I think we both agree that there is no guarantee that everyone's network is 100% on and the danger of corruption appears to be greater when there are large files read and written to a record at a time (namely, flat databases). /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/
[Samba] OpLock+flat DB corruption (Was: How Samba let us down)
--- [EMAIL PROTECTED] wrote: On Wed, Oct 23, 2002 at 05:25:56AM -0700, Jay Ts wrote: The corruption might be related to oplocks. I'm doing File corruption is treated as a drop everything - priority 1 bug in Samba. If this were a generic problem known with 2.2.6 we'd be issuing a patch *immediately*. OpLocks were indeed causing corruption; we only turned them off, made no other changes, and have no more corruption, as I reported yesterday. Wouldn't that be a priority 1, drop everything bug? Other experience was confirmed by doing a Google, by 2 Samba authors, and by the results of our one simple change. If you'd like, I can submit an official bug report. /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Fixed: OpLocks caused the corruptions/slowness (Was: How Samba let us down)
--- Jay Ts [EMAIL PROTECTED] wrote: * The corruption was missing records. It would interrupt the print process and the Opus analysis indicated hundreds of records were missing. It would happen in random places in print files (hundreds of megs to gigs in size), and seldomly would not happen at all. I still don't understand! Ok, the files are not printed on the Samba host, they are printed through an NT print server, correct? Through a variety of print servers to a variety of printers, from large laser printers that print to spools of paper to washing machine-sized HP LaserJet printers. One of the queues is on NT, one (or more) is on Netware. So are you saying that it's files served by Samba that are being sent to the printer, and that's where you're losing data? I think the corruption is happening in the processing of the large DB files on the new server. [ok I just re-read your original post...] You said that the Samba server is used as a print spooling area. Can you elucidate? Above. It seems you are offering a Samba file share, which is used by another system(s?) for NT's printer spool files. Nothing in NT is configured to spool to that server, but somewhere along the line, files are put on that server. There are some dangerous smb.conf parameters, and AFAIK (maybe not infinitely far ;) the Samba Team have documented that they can be misused in a way that can result in corruption. Did you check the manual page for smb.conf(5), especially for the parameters having to do with locking, to check that you weren't doing anything wrong? We scoured every reference to locking in the manpages, online documents, and in /usr/share/doc, which is why I think if there is a known caveat, it ought to appear somewhere. Just to head off another bunch of comments from the Samba Team, please understand that just because you get a message from Windows that says your database is *possibly* corrupt, it doesn't mean that your database *is* corrupt. OK? ;-) (: We *really* did see corruption, though. We might reenable kernel then regular then level2 oplocks later to see if it was just one particular type. Pretty please! I'm really curious to find out exactly what was happening. I'd be happy to let the group know. I'm not positive we'll reenable anything but kernel oplocks, though. We have work to do. /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OpLock+flat DB corruption (Was: How Samba let us down)
--- Bradley W. Langhorst [EMAIL PROTECTED] wrote: the oplock problem with access databases is well known... I don't think samba alone can fix it. (somebody prove me wrong :) Samba alone probably cannot fix it. I have since learned it can also be a problem on NT. Jeremy says, file corruption is a drop everything - priority 1 bug, so... A. If its well known, I didn't see it in the manpages, online, or offline docs. B. If its well known and unfixable, it ought to be disabled by default if preventing file corruption is really more important than performance. C. We're not using Access, but large flat databases. D. We don't have multiple users, but multiple processes on multiple servers, so E. If someone had put Access has a problem with OpLocks in the docs, it is doubtful we would have considered it at first. The problem is NOT JUST Access, but apparently any kind of large, flat database file. If preventing file corruption is a drop everything - priority 1 bug (quoting Jeremy), it should either be documented and/or disabled by default. But if performance takes priority over file corruption, at least document it. /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OpLock+flat DB corruption (Was: How Samba let us down)
--- Bradley W. Langhorst [EMAIL PROTECTED] wrote: On Thu, 2002-10-24 at 09:43, Chris de Vidal wrote: If preventing file corruption is a drop everything - priority 1 bug (quoting Jeremy), it should either be documented and/or disabled by default. But if performance takes priority over file corruption, at least document it. I agree - submit a documentation patch and maybe the crew will accept it. Good idea (: Open Source is great, isn't it?? Perhaps next week. /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
OpLock+flat DB corruption (Was: How Samba let us down)
--- [EMAIL PROTECTED] wrote: On Wed, Oct 23, 2002 at 05:25:56AM -0700, Jay Ts wrote: The corruption might be related to oplocks. I'm doing File corruption is treated as a drop everything - priority 1 bug in Samba. If this were a generic problem known with 2.2.6 we'd be issuing a patch *immediately*. OpLocks were indeed causing corruption; we only turned them off, made no other changes, and have no more corruption, as I reported yesterday. Wouldn't that be a priority 1, drop everything bug? Other experience was confirmed by doing a Google, by 2 Samba authors, and by the results of our one simple change. If you'd like, I can submit an official bug report. /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/
Re: Fixed: OpLocks caused the corruptions/slowness (Was: How Samba let us down)
--- Jay Ts [EMAIL PROTECTED] wrote: * The corruption was missing records. It would interrupt the print process and the Opus analysis indicated hundreds of records were missing. It would happen in random places in print files (hundreds of megs to gigs in size), and seldomly would not happen at all. I still don't understand! Ok, the files are not printed on the Samba host, they are printed through an NT print server, correct? Through a variety of print servers to a variety of printers, from large laser printers that print to spools of paper to washing machine-sized HP LaserJet printers. One of the queues is on NT, one (or more) is on Netware. So are you saying that it's files served by Samba that are being sent to the printer, and that's where you're losing data? I think the corruption is happening in the processing of the large DB files on the new server. [ok I just re-read your original post...] You said that the Samba server is used as a print spooling area. Can you elucidate? Above. It seems you are offering a Samba file share, which is used by another system(s?) for NT's printer spool files. Nothing in NT is configured to spool to that server, but somewhere along the line, files are put on that server. There are some dangerous smb.conf parameters, and AFAIK (maybe not infinitely far ;) the Samba Team have documented that they can be misused in a way that can result in corruption. Did you check the manual page for smb.conf(5), especially for the parameters having to do with locking, to check that you weren't doing anything wrong? We scoured every reference to locking in the manpages, online documents, and in /usr/share/doc, which is why I think if there is a known caveat, it ought to appear somewhere. Just to head off another bunch of comments from the Samba Team, please understand that just because you get a message from Windows that says your database is *possibly* corrupt, it doesn't mean that your database *is* corrupt. OK? ;-) (: We *really* did see corruption, though. We might reenable kernel then regular then level2 oplocks later to see if it was just one particular type. Pretty please! I'm really curious to find out exactly what was happening. I'd be happy to let the group know. I'm not positive we'll reenable anything but kernel oplocks, though. We have work to do. /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/
Re: [Samba] OpLock+flat DB corruption (Was: How Samba let us down)
--- Bradley W. Langhorst [EMAIL PROTECTED] wrote: the oplock problem with access databases is well known... I don't think samba alone can fix it. (somebody prove me wrong :) Samba alone probably cannot fix it. I have since learned it can also be a problem on NT. Jeremy says, file corruption is a drop everything - priority 1 bug, so... A. If its well known, I didn't see it in the manpages, online, or offline docs. B. If its well known and unfixable, it ought to be disabled by default if preventing file corruption is really more important than performance. C. We're not using Access, but large flat databases. D. We don't have multiple users, but multiple processes on multiple servers, so E. If someone had put Access has a problem with OpLocks in the docs, it is doubtful we would have considered it at first. The problem is NOT JUST Access, but apparently any kind of large, flat database file. If preventing file corruption is a drop everything - priority 1 bug (quoting Jeremy), it should either be documented and/or disabled by default. But if performance takes priority over file corruption, at least document it. /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/
[Samba] Re: How Samba let us down
The new NT server has a bad HD, so we have a repreive temporarily and perhaps we can still work this problem out and still use Samba (: --- Mathew McKernan [EMAIL PROTECTED] wrote: By the look of it, the reason why it is so slow is the fact that you may not be running a WINS Server. We had this problem with NT boxes, yes Windows Servers. We installed a Windows NT Server to be our WINS server, it increased the speed of the LAN dramatically. We now run the WINS Server on a Linux box running Samba. While this is a great way to increase speed, A. It's plenty fast on the NT, Netware, and other Samba servers. In fact, the slowness appears to be totally isolated to the new Samba server. B. The slow browsing is on the hard drive once connected to the server, not cruising network neighborhood where WINS would be most effective. C. Our primary problem is data corruption, not performance, though they could be related. The random slowness might actually be our RAID setup or perhaps even oplocks. Installing NT ought to show if we have a RAID problem. The corruption might be related to oplocks. I'm doing research. Is it safe to disable kernel, regular, and level2 oplocks if we're not doing any linux-side read/writes? We have a home drive server which serves about 1800 users with 400 logged on at one time drawing about 30MBps out of it server. This box is a Pentium 4, 512MB RAM. 400GB RAID server running Linux and Samba. What card and type of drives? My suggestion: Install a WINS Server (simple 400MHz box even) running Linux, and if you like run an internal DNS too which is syncronised to the WINS database using the wins hook option in smb.conf. Point all your devices' WINS addresses to this new WINS server. You will notice a dramatic improvement in performance. I did try WINS in testing; I made one of the Samba servers a WINS server and pointed my workstation to it. I didn't see other addresses caching in the Samba WINS database and often I would see WINS server appears to be down when using smbclient. However, no other machines were using the WINS server, and the WINS server was not local subnet browse master, so that might have stopped me. Have you seen better documents on implementing Samba WINS than what is on samba.org or in /usr/share/doc? /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Fixed: OpLocks caused the corruptions/slowness (Was: How Samba let us down)
My first post, for reference: http://marc.theaimsgroup.com/?l=sambam=103535378916869w=2 When the new NT server's hard drive died, we decided to keep hobbling along on Samba. Meanwhile, my supervisor was searching around on OpLock issues on Google and he saw other people that were having similar problems. We disabled all OpLocks (kernel, level I and II, kernel at the global level, level X at the share) early this morning, and since then things have been fine! Yesterday and the day before, the problem appeared quickly, so (knock on wood), I think we did fix it. Time will tell. Yes, disabling OpLocks was the ONLY change. See the bottom for what I think the problem was. I got so many emails on this thread, I decided to sum up the answers to some of the questions: * I doubt adding a WINS server would have fixed the problem, because the random slowness was ONLY happening on the new server AFTER connecting (and the client cached the IP in the NetBIOS cache). ALL other servers were just fine, all of the time. But I would like to add a WINS server soon, anyway. * We are not using any Samba print facilities but print queues on NT (explained in the first email, but it was buried in there). Lpr isn't even installed. * We are using RedHat 7.3 (no ACLs included) but created a custom kernel (2.4.19) with ext3 ACL support and installed all of the userland ACL tools. * Nothing but Samba on Linux is accessing the files - no NFS, no file copies, scans, etc. * The corruption was missing records. It would interrupt the print process and the Opus analysis indicated hundreds of records were missing. It would happen in random places in print files (hundreds of megs to gigs in size), and seldomly would not happen at all. I have since learned that the print preprocessing server (Elixir's Opus) works with large flat database files (glorified spreadsheets) and uses several processes spread across multiple servers,* to apply the data to laser printer templates. The Opus server ONLY accessed our server using Samba; no other Linux software had been installed, like nfs or lpr. * I think. It might be one server with many processes. Here is the Opus website: http://www.elixir.com/products/opus.asp This scenario sounds like the corruption one might experience with Access (which ALSO is a flat, glorified spreadsheet database often accessed by multiple processes/users) and OpLocks. As I mentioned above, my supervisor found other people with similar problems. I also got confirmation from a friend and technical author (he contributed to of the more notable Samba books). If it is _officially_ recognized by the developers as a caveat, it ought to be put into the docs/manpages. I apologize if it IS there but I missed it. Anyway, it appears to have been fixed. I don't yet know what kind of performance hit we will see, but so far, so good. So if *you* see similar problems, first try disabling ALL OpLocks (kernel at the global level, the other 2 at the share level). We might reenable kernel then regular then level2 oplocks later to see if it was just one particular type. Thanks to everyone who responded! /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: How Samba let us down
--- Chris de Vidal [EMAIL PROTECTED] wrote: --- tim smith [EMAIL PROTECTED] wrote: err are you asking for help, or just wasting our time? Read the first paragraph of my email, please. It said: Before you read this, I want to state (for reasons listed below) that I don't expect an answer (advice is welcomed, but please read this email carefully before answering). I'm sharing this with the community with the hope that better software results from our sad experience... I am pro-Samba and am trying to help by sharing a potential problem. Please read the email more carefully before responding next time. /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: How Samba let us down
--- Bartlomiej Solarz-Niesluchowski [EMAIL PROTECTED] wrote: At 08:13 2002-10-23, you wrote: The printers were missing some of the records sent to them to print, something that had never happened with Netware. Every time the missing records were different. Occasionally, it would work right. Oplocks (kernel, level I and II) were left to defaults (turned on). This is known bug - on my setup (600 clients/6500 users/2TB hdd space) all print jobs are printed without problems but when you look on print manager it can talk that it is printer error on hangup client machine. As I read you must wait to samba 2.2.6 (it will be in some days - currently it is samba 2.2.6 rc4) where this bug will be corrected (bug = weird work of print manager). The actual queues are on an NT server. This server merely acts as a large spool area. Are you using Samba as the spool area only or using Samba printing support? Our printouts are not fine (corrupt), and we are not using a Windows print manager but a DOS BARR machine. We look forward to using Samba again at a later version; this might indeed be a bug that gets fixed then. /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: How Samba let us down
Thank you for responding. You win a gold star for actually reading my email and not jumping to conclusions (-: --- Tristan Ball [EMAIL PROTECTED] wrote: I think the 7580 might be a mistake. The card has only 2meg of cache (read: f*ck all). The amount of RAM is not an apples-to-apples comparison. The RAM isn't SDRAM like on other hardware RAID cards but SRAM... no latency, and the controller uses a non-blocking switched fabric.* I'm too tired to remember what that means, but we saw that the 3ware cards did about as well as other RAID cards with much more RAM. I don't recall, however, looking over RAID 5 performance (regarding your next reply), which could have been our mistake. Still, the primary problem is corruption, not performance, but they could be related. * Something about that here: http://www.matrixlist.com/pipermail/pc_support/2002-July/001737.html Raid 5 writes are _slow_, with 4 physical IO's required for every 1 io from the OS or client. Thats why they try to buffer them up and write full stripes at a time, or to keep parity blocks cached in ram. That means if your clients are sending lots of small-ish random writes (I bet yours would be if they are DB developers), that 5 disk array will probably sustain no more than about 100-200 writes a sec. Only a scratch more than a single disk. You could be right here. The author in the link above indicated that it might be a problem with small RAID 5 random read/writes. Know how to see I/Os/sec on Linux, by chance? Bonnie++? I'm still learning about Linux through experience, reading, and asking questions (: The biggest problem is not performance but corruption, but they could be related. Anyway, if the problem is the card, we should see the same problem when we put NT on the server. I'll let you and the list know. You also didn't mention what the CPU utilisation looked like, particularly as a user/system/io breakdown. :-) Load averages 0.50 most of the time, free memory - caches + buffers is around 350MB out of 2GB. sysctl.conf has been tuned for a large file server setup using recommendations from Securing And Optimizing Linux 2.0 (only in hardback from OpenNA.com). I can post a copy of the file if you'd like. I'm still learning about Linux.. how would a user/system/io breakdown be done? Some flag of ps? Actually, while they can improve performance, they are an inherently less reliable option than no-oplocks. Even on pure MS networks there are special cases where they can cause trouble. (it does require other things to go wrong to trigger them tho). So.. it is safe to turn them off? I generally find level 3 debugs are the lowest level usefull for tracing, but that enabling them for all processes will massively affect performance - particularly if your logs go to that raid-5 volume :-) Seperate drive for the OS + logs. I'd heard level 3 was too slow so I didn't go that high. I'll take it up that high on a client basis using your next advice. I generally selectively enable logs using smbcontrol for particular clients, and use a level of 3-5. We couldn't determine how to set the debug level individually. Thanks! veto files= /lost+found/ This will slow performance. Our problem wasn't performance but corruption, but they could be related. I'll take this option out as it doesn't matter if the user sees those directories. Thanks for catching that. debuglevel= 2 Again, this will affect performance. It was on 1 most of the time but on 2 when I copied it to the list. Sorry you had such a rough time of it tho.. Thank you very much! There is still a chance we will use Samba again for this, and I'll take your advice with me when we do. By chance, do you use ACLs? /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: How Samba let us down
--- Bartlomiej Solarz-Niesluchowski The actual queues are on an NT server. This server merely acts as a large spool area. Are you using Samba as the spool area only or using Samba printing support? I use only samba printing support (all printers are net printers HP4000N/4050N/4100N) Yours might be different than ours. Our Samba server has no connections to these printers at all; they are just being used as hard drive storage. Our printouts are not fine (corrupt), and we are not using a Windows print manager but a DOS BARR machine. This looks like cr-LF problem - be sure that is NO conversions on unix side for your printouts. No conversion. Nothing on Linux is opening it. It is being written from Windows to the spool area like a large hard drive and being read off of the spool area by another client. We're not using any of Samba's print operations. And sometimes it works fine. Thanks for responding! /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: How Samba let us down
The new NT server has a bad HD, so we have a repreive temporarily and perhaps we can still work this problem out and still use Samba (: --- Mathew McKernan [EMAIL PROTECTED] wrote: By the look of it, the reason why it is so slow is the fact that you may not be running a WINS Server. We had this problem with NT boxes, yes Windows Servers. We installed a Windows NT Server to be our WINS server, it increased the speed of the LAN dramatically. We now run the WINS Server on a Linux box running Samba. While this is a great way to increase speed, A. It's plenty fast on the NT, Netware, and other Samba servers. In fact, the slowness appears to be totally isolated to the new Samba server. B. The slow browsing is on the hard drive once connected to the server, not cruising network neighborhood where WINS would be most effective. C. Our primary problem is data corruption, not performance, though they could be related. The random slowness might actually be our RAID setup or perhaps even oplocks. Installing NT ought to show if we have a RAID problem. The corruption might be related to oplocks. I'm doing research. Is it safe to disable kernel, regular, and level2 oplocks if we're not doing any linux-side read/writes? We have a home drive server which serves about 1800 users with 400 logged on at one time drawing about 30MBps out of it server. This box is a Pentium 4, 512MB RAM. 400GB RAID server running Linux and Samba. What card and type of drives? My suggestion: Install a WINS Server (simple 400MHz box even) running Linux, and if you like run an internal DNS too which is syncronised to the WINS database using the wins hook option in smb.conf. Point all your devices' WINS addresses to this new WINS server. You will notice a dramatic improvement in performance. I did try WINS in testing; I made one of the Samba servers a WINS server and pointed my workstation to it. I didn't see other addresses caching in the Samba WINS database and often I would see WINS server appears to be down when using smbclient. However, no other machines were using the WINS server, and the WINS server was not local subnet browse master, so that might have stopped me. Have you seen better documents on implementing Samba WINS than what is on samba.org or in /usr/share/doc? /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/
Re: write cache size antivirus
--- Michael Smirnov [EMAIL PROTECTED] wrote: When I use Samba with option write cache size = 262144 my antivirus monitoring programs(AVP Monitor) do not catch viruses on Samba network drive, but successfully catch viruses, after I delete this options and restart Samba! This _may_ help: http://marc.theaimsgroup.com/?l=sambam=103366930019214w=2 /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/
Fixed: OpLocks caused the corruptions/slowness (Was: How Samba let us down)
My first post, for reference: http://marc.theaimsgroup.com/?l=sambam=103535378916869w=2 When the new NT server's hard drive died, we decided to keep hobbling along on Samba. Meanwhile, my supervisor was searching around on OpLock issues on Google and he saw other people that were having similar problems. We disabled all OpLocks (kernel, level I and II, kernel at the global level, level X at the share) early this morning, and since then things have been fine! Yesterday and the day before, the problem appeared quickly, so (knock on wood), I think we did fix it. Time will tell. Yes, disabling OpLocks was the ONLY change. See the bottom for what I think the problem was. I got so many emails on this thread, I decided to sum up the answers to some of the questions: * I doubt adding a WINS server would have fixed the problem, because the random slowness was ONLY happening on the new server AFTER connecting (and the client cached the IP in the NetBIOS cache). ALL other servers were just fine, all of the time. But I would like to add a WINS server soon, anyway. * We are not using any Samba print facilities but print queues on NT (explained in the first email, but it was buried in there). Lpr isn't even installed. * We are using RedHat 7.3 (no ACLs included) but created a custom kernel (2.4.19) with ext3 ACL support and installed all of the userland ACL tools. * Nothing but Samba on Linux is accessing the files - no NFS, no file copies, scans, etc. * The corruption was missing records. It would interrupt the print process and the Opus analysis indicated hundreds of records were missing. It would happen in random places in print files (hundreds of megs to gigs in size), and seldomly would not happen at all. I have since learned that the print preprocessing server (Elixir's Opus) works with large flat database files (glorified spreadsheets) and uses several processes spread across multiple servers,* to apply the data to laser printer templates. The Opus server ONLY accessed our server using Samba; no other Linux software had been installed, like nfs or lpr. * I think. It might be one server with many processes. Here is the Opus website: http://www.elixir.com/products/opus.asp This scenario sounds like the corruption one might experience with Access (which ALSO is a flat, glorified spreadsheet database often accessed by multiple processes/users) and OpLocks. As I mentioned above, my supervisor found other people with similar problems. I also got confirmation from a friend and technical author (he contributed to of the more notable Samba books). If it is _officially_ recognized by the developers as a caveat, it ought to be put into the docs/manpages. I apologize if it IS there but I missed it. Anyway, it appears to have been fixed. I don't yet know what kind of performance hit we will see, but so far, so good. So if *you* see similar problems, first try disabling ALL OpLocks (kernel at the global level, the other 2 at the share level). We might reenable kernel then regular then level2 oplocks later to see if it was just one particular type. Thanks to everyone who responded! /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/
[Samba] Re: Samba Question w/ RH 7.3 and Windows
--- Scott Wrosch [EMAIL PROTECTED] wrote: A question I'm sure has been answered before, but I'm still relatively new to Samba, and having just moved, have not been able to locate any of my Samba reference materials. Anyways, I'm running a small Samba server at work using RedHat Linux 7.3. I did not set up Samba during the RedHat installation, but rather downloaded it and installed it afterwards. Anyways, the network uses a Windows 2000 Server as the PDC. And we have various groups set up in the server. What I want to do is set up a share that can be accessible only by the members of a specific group that's already created in the Active Directory setup. Can this be done? It should be possible using Winbind if your 2000 server is running in mixed mode. Follow the directions here: http://us6.samba.org/samba/docs/Samba-HOWTO-Collection.html#WINBIND I installed RedHat 7.3 and used the samba rpm downloaded from a samba FTP site. I had to add winbind to the nsswitch.conf, then I added the winbind settings to smb.conf, and then I started the winbind service. That was about it. I tested it with getent group, which showed all of our NT groups. Good. Then I could run this: chown -R 'DOMAIN\USER'.'DOMAIN\GROUP' /share/point find /share/point -type d -printf \%p\\n | xargs chmod 770 # Isn't there a better way to do this??? find /share/point -type f -printf \%p\\n | xargs chmod 660 We implemented ACLs into the kernel and Samba but despite the claims of the authors, we're not sure if they are stable (we might be having other problems, though, and are trying to track them down). ACLs allow you to add more than one NT global group to a file. Good luck, /dev/idal __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How Samba let us down
Before you read this, I want to state (for reasons listed below) that I don't expect an answer (advice is welcomed, but please read this email carefully before answering). I'm sharing this with the community with the hope that better software results from our sad experience... BACKGROUND I've been using NT for 4 years, Netware and Linux for 3 years, and Samba for almost 2. I work in the IT department of a medium-sized unit of a global advertising company. We have a Netware and NT environment with a bit of Linux. We installed a 280GB IDE Samba archive server (rare usage) and a 15GB SCSI Mac/Samba file server (medium usage). We also use Samba for more menial tasks like smbmounts and file transfers. We thought we were comfortable with Samba. We knew we were comfortable with other types of file servers. OUR SETUP Going from my tired memory: Athlon MP 1.8GHz (mem=nopentium) 2GB ECC SDRAM Tyan S2460(I think?) Antec 450W PS Lots of cooling 5 IBM DeskStar 120GB drives with 8MB caches in RAID 5 3ware 7580(I think?) 8-port hardware RAID 3ware hot-swappable drive cages Intel e1000 Gigabit NIC, full duplex, 1000MBit, autonegotiation off 3com Gigabit switch, autonegotiation off RedHat 7.3 Kernel 2.4.19 with ACL support ext3 with ACL support Samba 2.2.5 with ACL support installed from a recompiled SRPM from the samba.org FTP site. Winbind NO nfs daemon (I hear it's buggy w/ ACLs) We have a variety of clients, from DOS and OS/2 to Windows (9x-2000) and Linux. The server acts as a print spooling area (the actual queues are on an NT server) and scratch area for database programmers to manipulate their flat database files. As far as I know, these files are not commonly accessed by more than one user at a time. THE PROBLEM For the past year, our heaviest-used Netware server has been under more and more stress.. filling up, running out of licenses, slowing down, etc. Preliminary tests using Samba on a fast Linux box showed anywhere from 70% to 1000% speed improvements, depending on the task. The decision was made to switch it to Linux; the whole company is migrating away from Netware and we (as a unit, not speaking for the company) don't want to be completely trapped into Windows if we can help it. The new hardware arrived and more preliminary tests indicated all looked good. We were set to switch last Saturday night. We turned off logins to the Netware box, backed it up, restored it to the new Linux box, set permissions, then made sure the various computers in the building could log in. Yesterday, our first day, was rough. For most of the day we fought random slow browsing with no explanation. Clients would appear to lock up for several seconds. We found some misconfigurations in smb.conf but the problems reappeared. No errors were seen in any machines' logs on debug level 2. I trimmed the smb.conf to a minimal number of options and that seemed to help with the slowness. Today, however, the problem reappeared a few times with no errors in the logs that we could see. The printers were missing some of the records sent to them to print, something that had never happened with Netware. Every time the missing records were different. Occasionally, it would work right. Oplocks (kernel, level I and II) were left to defaults (turned on). THE OUTCOME Sadly, tonight we are installing a Windows NT server. Installing a brand new server is actually cheaper for us than the 8 or so hours of downtime to back up the server, install NT on it, and restore the data to it. We don't want to revert to Netware because so many clients have been reconfigured to log on only to the domain (DOS, OS/2, etc.) and that would require many more hours reversing those changes. Also, some files have been added since leaving Netware. We also decided to proceed to use NT because is more proven in this capacity. CONCLUSION To be fair, the problems could be related to some misconfiguration. I have pasted the smb.conf below. I fear it might just be an oplock problem, but it is not clear what would result if more than one user happened to try to write to a file with them disabled. Every advice we found said to leave them on to prevent corruption and to improve performance. We ran out of time to test it, and feared what failure would bring. Running this: grep -r -B5 -A5 oplock /var/log/samba/ | grep -B5 -A5 error produced only 5 of these errors oplock_break: receive_smb error (Connection reset by peer) from the same DOS machine from 2 days worth of all machines' logs running at debuglevel 1 (some at level 2). I don't know if that is a good indicator of an oplock problem. I can do other greps on request. Unfortunately, we can't test out your suggestions in production, and our off-production testing apparently can't stress it well enough. So please just take this email as input - I'm not looking for answers here, though advice is appreciated. The problem could also have been environment or hardware. We should know soon,
How Samba let us down
Before you read this, I want to state (for reasons listed below) that I don't expect an answer (advice is welcomed, but please read this email carefully before answering). I'm sharing this with the community with the hope that better software results from our sad experience... BACKGROUND I've been using NT for 4 years, Netware and Linux for 3 years, and Samba for almost 2. I work in the IT department of a medium-sized unit of a global advertising company. We have a Netware and NT environment with a bit of Linux. We installed a 280GB IDE Samba archive server (rare usage) and a 15GB SCSI Mac/Samba file server (medium usage). We also use Samba for more menial tasks like smbmounts and file transfers. We thought we were comfortable with Samba. We knew we were comfortable with other types of file servers. OUR SETUP Going from my tired memory: Athlon MP 1.8GHz (mem=nopentium) 2GB ECC SDRAM Tyan S2460(I think?) Antec 450W PS Lots of cooling 5 IBM DeskStar 120GB drives with 8MB caches in RAID 5 3ware 7580(I think?) 8-port hardware RAID 3ware hot-swappable drive cages Intel e1000 Gigabit NIC, full duplex, 1000MBit, autonegotiation off 3com Gigabit switch, autonegotiation off RedHat 7.3 Kernel 2.4.19 with ACL support ext3 with ACL support Samba 2.2.5 with ACL support installed from a recompiled SRPM from the samba.org FTP site. Winbind NO nfs daemon (I hear it's buggy w/ ACLs) We have a variety of clients, from DOS and OS/2 to Windows (9x-2000) and Linux. The server acts as a print spooling area (the actual queues are on an NT server) and scratch area for database programmers to manipulate their flat database files. As far as I know, these files are not commonly accessed by more than one user at a time. THE PROBLEM For the past year, our heaviest-used Netware server has been under more and more stress.. filling up, running out of licenses, slowing down, etc. Preliminary tests using Samba on a fast Linux box showed anywhere from 70% to 1000% speed improvements, depending on the task. The decision was made to switch it to Linux; the whole company is migrating away from Netware and we (as a unit, not speaking for the company) don't want to be completely trapped into Windows if we can help it. The new hardware arrived and more preliminary tests indicated all looked good. We were set to switch last Saturday night. We turned off logins to the Netware box, backed it up, restored it to the new Linux box, set permissions, then made sure the various computers in the building could log in. Yesterday, our first day, was rough. For most of the day we fought random slow browsing with no explanation. Clients would appear to lock up for several seconds. We found some misconfigurations in smb.conf but the problems reappeared. No errors were seen in any machines' logs on debug level 2. I trimmed the smb.conf to a minimal number of options and that seemed to help with the slowness. Today, however, the problem reappeared a few times with no errors in the logs that we could see. The printers were missing some of the records sent to them to print, something that had never happened with Netware. Every time the missing records were different. Occasionally, it would work right. Oplocks (kernel, level I and II) were left to defaults (turned on). THE OUTCOME Sadly, tonight we are installing a Windows NT server. Installing a brand new server is actually cheaper for us than the 8 or so hours of downtime to back up the server, install NT on it, and restore the data to it. We don't want to revert to Netware because so many clients have been reconfigured to log on only to the domain (DOS, OS/2, etc.) and that would require many more hours reversing those changes. Also, some files have been added since leaving Netware. We also decided to proceed to use NT because is more proven in this capacity. CONCLUSION To be fair, the problems could be related to some misconfiguration. I have pasted the smb.conf below. I fear it might just be an oplock problem, but it is not clear what would result if more than one user happened to try to write to a file with them disabled. Every advice we found said to leave them on to prevent corruption and to improve performance. We ran out of time to test it, and feared what failure would bring. Running this: grep -r -B5 -A5 oplock /var/log/samba/ | grep -B5 -A5 error produced only 5 of these errors oplock_break: receive_smb error (Connection reset by peer) from the same DOS machine from 2 days worth of all machines' logs running at debuglevel 1 (some at level 2). I don't know if that is a good indicator of an oplock problem. I can do other greps on request. Unfortunately, we can't test out your suggestions in production, and our off-production testing apparently can't stress it well enough. So please just take this email as input - I'm not looking for answers here, though advice is appreciated. The problem could also have been environment or hardware. We should know soon,
