Per Kjetil Grotnes
2002-Dec-09 08:03 UTC
[Samba] serious problem with W2K TS and 2.2.7 PDC
> Windows 2000 Terminal Server with SP3, with various pre SP4 updates > too. Various Win2K Pro, Win95 OSR2 clients.> ÆhomesÅCan we see the Global section aswell please? Do you have Security = DOMAIN which is the prefered setting for Terminal Servers? (See previous postings about problem with Security = SERVER vs. Security = DOMAIN) Some in the samba team wrote earlier that they hoped SP3 for W2K would solve this problem. SP3 has not solved this problem. Just for their information.> The log for each TS has many of these errors (for various users): > Æ2002/12/06 16:39:14, 0Å smbd/service.c:make_connection(597) ts5 > (10.2.3.15) Can't change directory to /md3/profiles/rstu (Permission > denied)This is typical for some sort of auth failure in my experience. Try running loglevel 2 and see if the authentication fails (as in the problem with security = server).> Is it likely that the %U expansion fixes broke this - some assumption > with one pid/connection == one user?The one pid/connection is an issue in relation to the authentication problem. If one of the PIDs get problem with authing it will keep this problem until you kill the PID (thus it might explain why it works after you restarted).> On another issue, we get a lot of errors regarding failed connections to > truncated service names. For example we have a service called 'apps' > It only ever drops the last character and happens fairly frequently on > different shares. This has happened for quite a while, but hasn't had > any noticeable effect on users.We also saw this on a HP-UX 10.20 machine. We didnt notice any problems either, just that the log would notify a connection to a share with one letter missing. Regards Per Kjetil Grotnes --- IT-Seksjonen, Plan- og bygningsetaten, Oslo Kommune Tlf: 22 66 26 61, Fax: 22 66 26 65
Hi, My setup: RedHat 7.3 PDC server with samba 2.2.7 rpm rebuilt with max connections patch and ldapsam and a few other minor changes, openldap 2.0.23-4. Windows 2000 Terminal Server with SP3, with various pre SP4 updates too. Various Win2K Pro, Win95 OSR2 clients. [homes] comment = Home writable = yes valid users = %S nt acl support = no oplocks = no path = /md3/profiles/%U share modes = no The log for each TS has many of these errors (for various users): [2002/12/06 16:39:14, 0] smbd/service.c:make_connection(597) ts5 (10.2.3.15) Can't change directory to /md3/profiles/rstu (Permission denied) This does NOT happen everytime that the share is accessed, only sometimes. This did not happen with 2.2.6. It is not an issue on standalone W2K pro machines that I have tested. Is it likely that the %U expansion fixes broke this - some assumption with one pid/connection == one user? I intend to undo the %U changes to 2.2.7 and see if that works. On another issue, we get a lot of errors regarding failed connections to truncated service names. For example we have a service called 'apps' and sometimes (I never notice when or how) we get errors similar to this: [2002/11/27 11:25:04, 0] smbd/service.c:make_connection(251) iceberg-ts1 (10.2.3.6) couldn't find service app It only ever drops the last character and happens fairly frequently on different shares. This has happened for quite a while, but hasn't had any noticeable effect on users. Any suggestions? I'm not subscribed to the list. Thanks, Robert Stuart Systems Administrator
(samba-technical is developer-related, so I added Reply-To: samba@lists.samba.org) In <3DF3D032.3F349CD0@qsa.qld.edu.au>, Robert.Stuart@qsa.qld.edu.au wrote:>> RedHat 7.3 PDC server with samba 2.2.7 rpm rebuilt with max connections >> patch and ldapsam and a few other minor changes, openldap 2.0.23-4. >> >> Windows 2000 Terminal Server with SP3, with various pre SP4 updates >> too. Various Win2K Pro, Win95 OSR2 clients.>> Is it likely that the %U expansion fixes broke this - some assumption >> with one pid/connection == one user?Yes. Would docs/Registry/WindowsTerminalServer.reg (in source file. I don't know where it place in the package) solve your problem? ---- Tomoki AONO (aono@cc.osaka-kyoiku.ac.jp)
Drew.Zeller@statcan.ca
2003-Jan-10 13:51 UTC
[Samba] Re: serious problem with W2K TS and 2.2.7 PDC
Robert, Tomoki, With regards to the multipleusersonconnection Registry key value listed for WTS, this indeed does not work under the Windows 2000 version of terminal server. What I did to work around all the users getting the same SMB process was create different aliases to the samba file server for each user. In my case, in my terminal server host file, I added an user id alias for the samba server for each user connecting from the terminal server. When an user connected their samba share drives using their user id alias instead of the server name, they receive a separate smb process. An alternative way of doing this, that was suggested to me from the list, is you could use the netbios aliases parameter available in the smb.conf file. I did some tests with this and it seemed to work the same way as my local aliases, however I do not know if there is a maximum value for this. For example, say I have a user with the user id smitjoh and he goes to make a connection to my samba server, called samba1, from my terminal server. Instead of going \\samba1\myshare when he connects the share, I would have created an alias to samba1 called smitjoh and the user would connect the share as \\smitjoh\myshare. The same would then be done for the user to any other share from the samba server. Hope this helps. ======== Message: 1 From: Robert Stuart <Robert.Stuart@qsa.qld.edu.au> Organization: Queensland Studies Authority To: samba@lists.samba.org Cc: samba-technical@lists.samba.org Date: Tue, 10 Dec 2002 15:29:34 +1000 Subject: [Samba] Re: serious problem with W2K TS and 2.2.7 PDC Tomoki AONO wrote:> > In <3DF3D032.3F349CD0@qsa.qld.edu.au>, > Robert.Stuart@qsa.qld.edu.au wrote: > > >> RedHat 7.3 PDC server with samba 2.2.7 rpm rebuilt with max connections > >> patch and ldapsam and a few other minor changes, openldap 2.0.23-4. > >> > >> Windows 2000 Terminal Server with SP3, with various pre SP4 updates > >> too. Various Win2K Pro, Win95 OSR2 clients. > > >> Is it likely that the %U expansion fixes broke this - some assumption > >> with one pid/connection == one user? > > Yes. Would docs/Registry/WindowsTerminalServer.reg (in > source file. I don't know where it place in the package) > solve your problem?Unfortunately not. This reg file only applies to Windows NT 4.0 Terminal Server Edition. It has no effect on Win2K. I think its really silly that it doesn't, specially as TS/Citrix tuning info specifically suggests that this get turned on for NT4. Thanks for the suggestion. Robert Stuart Systems Administrator