I have a feeling I may have lost focus on the issue in some of my previous messages... so here's my dilemma. I have several Windows (2000 and XP) clients, and several Linux (Red Hat Enterprise 3, 2.4.21 kernel) clients. I've got a couple servers, one is currently Windows 2000 Server, and one is Linux (same as above, with the snapshot Samba running). I want to be able to have users log into the Linux clients, authenticated through the Windows server, and access their home directory from the Linux server. That's the goal in a nutshell... Here's a very brief summary of the problems I've run into with all of the solutions I've tried: 1. I tried having the clients use SMB to mount their home directory, but realized that SMB doesn't support hard or symbolic links, apparently despite the "unix extensions = yes" option being set. It may be that the "unix extensions" option only applies to cifs clients, which leads us to #2. 2. I tried to apply the cifs patch to a couple of my Linux client machines, but for one reason or another, the module never wants to either get compiled, or be inserted into the kernel. The kernel gives me hundreds of errors if I try to compile it, after having downloaded the source right from Red Hat, in RPM format... even when I copy the /boot/config-2.4.21-15EL to the source directory and try to compile. 3. Having lost faith in SMB and CIFS, I moved on to NFS. However, since my authentication is going through the Windows server via winbind, each client is getting different UID's and GID's for the same user. So, I tried idmap_ad, after installing the Services for Unix 3.5 on the Windows server, but can't get the clients to pull the UID and GID we set on the server. It keeps using its own local algorithm and coming up with its own UID/GID. I've tried removing the winbindd_idmap.tdb and winbindd_cache.tdb, and setting the "idmap backend ad:ldap://servername" in the smb.conf, but to no avail. 4. We're currently considering dropping the Samba server altogether, since nothing we do seems to work, but even that's causing problems. To get it to work, we have to use NIS for authentication, and access all the home directories via NFS. This all apparently requires much configuration on the Windows server, and is causing me headaches... besides, being an anti-Microsoft guy, I feel like I'm abandoning my brethren in Linuxland. I'm very open to suggestions... I've just about exhausted all the options I can think of... so if anybody has any advice, please let me know. Shannon ____________________________ Shannon Johnson Network Support Specialist / Systems Administrator Dept. of Mechanical and Nuclear Engineering 224 Reber Building University Park, PA 16802 Phone: (814) 865-8267 ____________________________
Without knowing the roles of the servers, I can't understand the desperation of the problem. User homes on W2k3, other stuff on samba--why is this a problem? Shannon Johnson wrote:>I have a feeling I may have lost focus on the issue in some of my >previous messages... so here's my dilemma. > >I have several Windows (2000 and XP) clients, and several Linux (Red Hat >Enterprise 3, 2.4.21 kernel) clients. I've got a couple servers, one is >currently Windows 2000 Server, and one is Linux (same as above, with the >snapshot Samba running). I want to be able to have users log into the >Linux clients, authenticated through the Windows server, and access >their home directory from the Linux server. That's the goal in a >nutshell... Here's a very brief summary of the problems I've run into >with all of the solutions I've tried: > >1. I tried having the clients use SMB to mount their home directory, but >realized that SMB doesn't support hard or symbolic links, apparently >despite the "unix extensions = yes" option being set. It may be that the >"unix extensions" option only applies to cifs clients, which leads us to >#2. > >2. I tried to apply the cifs patch to a couple of my Linux client >machines, but for one reason or another, the module never wants to >either get compiled, or be inserted into the kernel. The kernel gives me >hundreds of errors if I try to compile it, after having downloaded the >source right from Red Hat, in RPM format... even when I copy the >/boot/config-2.4.21-15EL to the source directory and try to compile. > >3. Having lost faith in SMB and CIFS, I moved on to NFS. However, since >my authentication is going through the Windows server via winbind, each >client is getting different UID's and GID's for the same user. So, I >tried idmap_ad, after installing the Services for Unix 3.5 on the >Windows server, but can't get the clients to pull the UID and GID we set >on the server. It keeps using its own local algorithm and coming up with >its own UID/GID. I've tried removing the winbindd_idmap.tdb and >winbindd_cache.tdb, and setting the "idmap backend >ad:ldap://servername" in the smb.conf, but to no avail. > >4. We're currently considering dropping the Samba server altogether, >since nothing we do seems to work, but even that's causing problems. To >get it to work, we have to use NIS for authentication, and access all >the home directories via NFS. This all apparently requires much >configuration on the Windows server, and is causing me headaches... >besides, being an anti-Microsoft guy, I feel like I'm abandoning my >brethren in Linuxland. > >I'm very open to suggestions... I've just about exhausted all the >options I can think of... so if anybody has any advice, please let me >know. > >Shannon > >____________________________ > >Shannon Johnson >Network Support Specialist / Systems Administrator >Dept. of Mechanical and Nuclear Engineering >224 Reber Building >University Park, PA 16802 >Phone: (814) 865-8267 >____________________________ > > > >
The home directories are on the Samba server, not the Windows server. The Windows clients work fine, but there are all sorts of problems getting the Linux clients to communicate properly with the Linux server (go figure). Besides, even if I DID have the home directories on the Windows server, the SMB protocol doesn't support hard or symbolic links, or locking, which is required for X Windows to work properly... so the users can't log in and use a GUI. If I try to set up the NFS server on Windows, I run into username mapping problems, along with other issues. (begin rant) I've been planning and researching this project now for about 3 months... and never had any problems or issues with it, because in all the websites and books I read, in Samba 3, there's supposed to be a "unix extensions" option that magically fixes the shortcomings of the SMB protocol. Now I find out that it doesn't work in the current version, seemingly doesn't work in the snapshot version, and (possibly) the only reason it IS working for the developers is that they're mounting their test directories with CIFS, which supports those things anyway! In hindsight, maybe I should have scheduled 6 months to research this... but I figured that since a half-dozen books and websites verified the existence and purpose of the "unix extensions" option, I didn't think it necessary. I only have until the end of next week to get everything working, and I started on this exclusively on Monday... 4 days later, and I'm no closer to being done... and after this is done, I've got a LOT of other stuff that needs done before next Friday anyway. (end rant) Sorry, I just had to get that out. Now, back to my problem... I can't recompile the kernel to support CIFS as a module (don't know why... just won't work... I'll give you the IP and root's password if you'd like to have a go at it), and I can't upgrade to the 2.6 kernel because I'm using Red Hat Enterprise, which uses a modified version of the kernel. I've tried everything I can think of, and I'm completely stumped as to what to do for a solution. I'm sure most of you have had those situations where you researched everything you could think of, planned it as best as you could, but when the time came, all kinds of things went wrong that you couldn't have possibly foreseen... I'm in that situation now, except now, the boss is watching VERY closely... ____________________________ Shannon Johnson Network Support Specialist / Systems Administrator Dept. of Mechanical and Nuclear Engineering 224 Reber Building University Park, PA 16802 Phone: (814) 865-8267 ____________________________> -----Original Message----- > From: tms3 [mailto:tms3@fsklaw.net] > Sent: Thursday, May 20, 2004 3:45 PM > To: Shannon Johnson > Cc: samba@lists.samba.org > Subject: Re: [Samba] Samba 3 + Win2k = Headache > > Without knowing the roles of the servers, I can't understand the > desperation of the problem. User homes on W2k3, other stuff on > samba--why is this a problem? > > Shannon Johnson wrote: > > >I have a feeling I may have lost focus on the issue in some of my > >previous messages... so here's my dilemma. > > > >I have several Windows (2000 and XP) clients, and several Linux (RedHat> >Enterprise 3, 2.4.21 kernel) clients. I've got a couple servers, oneis> >currently Windows 2000 Server, and one is Linux (same as above, withthe> >snapshot Samba running). I want to be able to have users log into the > >Linux clients, authenticated through the Windows server, and access > >their home directory from the Linux server. That's the goal in a > >nutshell... Here's a very brief summary of the problems I've run into > >with all of the solutions I've tried: > > > >1. I tried having the clients use SMB to mount their home directory,but> >realized that SMB doesn't support hard or symbolic links, apparently > >despite the "unix extensions = yes" option being set. It may be thatthe> >"unix extensions" option only applies to cifs clients, which leads usto> >#2. > > > >2. I tried to apply the cifs patch to a couple of my Linux client > >machines, but for one reason or another, the module never wants to > >either get compiled, or be inserted into the kernel. The kernel givesme> >hundreds of errors if I try to compile it, after having downloadedthe> >source right from Red Hat, in RPM format... even when I copy the > >/boot/config-2.4.21-15EL to the source directory and try to compile. > > > >3. Having lost faith in SMB and CIFS, I moved on to NFS. However,since> >my authentication is going through the Windows server via winbind,each> >client is getting different UID's and GID's for the same user. So, I > >tried idmap_ad, after installing the Services for Unix 3.5 on the > >Windows server, but can't get the clients to pull the UID and GID weset> >on the server. It keeps using its own local algorithm and coming upwith> >its own UID/GID. I've tried removing the winbindd_idmap.tdb and > >winbindd_cache.tdb, and setting the "idmap backend > >ad:ldap://servername" in the smb.conf, but to no avail. > > > >4. We're currently considering dropping the Samba server altogether, > >since nothing we do seems to work, but even that's causing problems.To> >get it to work, we have to use NIS for authentication, and access all > >the home directories via NFS. This all apparently requires much > >configuration on the Windows server, and is causing me headaches... > >besides, being an anti-Microsoft guy, I feel like I'm abandoning my > >brethren in Linuxland. > > > >I'm very open to suggestions... I've just about exhausted all the > >options I can think of... so if anybody has any advice, please let me > >know. > > > >Shannon > > > >____________________________ > > > >Shannon Johnson > >Network Support Specialist / Systems Administrator > >Dept. of Mechanical and Nuclear Engineering > >224 Reber Building > >University Park, PA 16802 > >Phone: (814) 865-8267 > >____________________________ > > > > > > > > > >
>SNIPI can't recompile the kernel to support CIFS as a module (don't know why... just won't work... I'll give you the IP and root's password if you'd like to have a go at it), and I can't upgrade to the 2.6 kernel because I'm using Red Hat Enterprise, which uses a modified version of the kernel. I've tried everything I can think of, and I'm completely stumped as to what to do for a solution.>SNIPActually, you can upgrade RHEL 3 to 2.6.x. There's a support issue with that, since RH isn't going to want to give you phone support once you've done it. The technical issues aren't earthshaking though.
> From what I can gather, you've got > 2003 AD doing user management > RHEL for a (home) fileserver > Clients of all flavors > > Have you thoroughly investigated just using nfs and autofs to do home > directory mounting and decided you can't use it for one reason or > another? What are those reasons? You'd probably have less headache > using nfs in a unix client - unix server environment, after all,that's> what NFS is good for.Win2000 server, not 2k3... but essentially correct. NFS won't work because since we're doing authentication through winbind, all of the uid's are different on each linux client. We've tried loading the Services for Unix on the server, and assigning UID's, then using the idmap_ad as the idmap backend, but I'm actually not sure how it works, so I can't thoroughly explore it (the documentation apparently doesn't exist?). The only thing I can check is "getent passwd" which returns the UID winbind came up with on its own (through its own methods... not from AD). Also, we are sharing files in a cross-platform environment... We needed to have the same file space, using the same quota for all of the users in the department. That's why Samba seemed like such a perfect fit. Windows maps the user's home directory from the Samba server via SMB, and the Linux users do the same. That's when the symbolic and hard link problems come into play... ____________________________ Shannon Johnson Network Support Specialist / Systems Administrator Dept. of Mechanical and Nuclear Engineering 224 Reber Building University Park, PA 16802 Phone: (814) 865-8267 ____________________________> -----Original Message----- > From: Paul Gienger [mailto:pgienger@ae-solutions.com] > Sent: Thursday, May 20, 2004 4:22 PM > To: tms3 > Cc: Shannon Johnson; samba@lists.samba.org > Subject: Re: [Samba] Samba 3 + Win2k = Headache > > > >> I'm very open to suggestions... I've just about exhausted all the > >> options I can think of... so if anybody has any advice, please letme> >> know. > > > From what I can gather, you've got > 2003 AD doing user management > RHEL for a (home) fileserver > Clients of all flavors > > Have you thoroughly investigated just using nfs and autofs to do home > directory mounting and decided you can't use it for one reason or > another? What are those reasons? You'd probably have less headache > using nfs in a unix client - unix server environment, after all,that's> what NFS is good for. There may be some ldap solutions you can usefor> that. Maybe you'd have to script something to generate an autofs map > periodically from AD's LDAP, but it seems like less headache than what > you've got going on now. I've done that for Solaris boxes that don't > play nice with linux LDAP autofs trees, you can probably glean thedata> from AD if you put it in right. If I were you, I'd find a way to make > NFS work, it's mature, and designed for exactly this. Use samba for > user translation between OSs, but don't use smb until you need to > traverse OS families for filesharing. > > I would suggest you keep to RH's kernel. That's why you paid moneyfor> RHEL, to get support. If you do something like jump to another > unsupported kernel you may as well go to Fedora (or another free > distro). RH backports some current kernel fixes and out-of-branch > patches to their kernel to tune it for their purposes. You may even > have a pile of 2.6 code in your RHEL 2.4 kernel. > > >> Shannon > >> > >> ____________________________ > >> > >> Shannon Johnson > >> Network Support Specialist / Systems Administrator > >> Dept. of Mechanical and Nuclear Engineering > >> 224 Reber Building > >> University Park, PA 16802 > >> Phone: (814) 865-8267 > >> ____________________________ > >> > >> > >> > >> > > > > > > > > -- > Paul Gienger Office: 701-281-1884 > Applied Engineering Inc. Cell:701-306-6254> Information Systems Consultant Fax: 701-281-1322 > URL: www.ae-solutions.com mailto:pgienger@ae-solutions.com > > > > ----------------------------------------- > The information contained in this message is privileged and intendedonly> for the recipient names. If the reader is not a representative of the > intended recipient, any review, dissemination or copying of thismessage> or the information it contains is prohibited. If you have receivedthis> message in error, please immediately notify the sender, and delete the > original message and attachments.
Well, the ldap/AD part may be moot now... I got the cifs module inserted into the kernel, but now I can't get anything to mount with it. I issue the command: mount -t smbfs //192.168.0.2/home /home/test -o username=test It asks me for a password, I enter it, and it mounts... everything's good. However, when I try: mount -t cifs //192.168.0.2/home /home/test -o user=test (I've also tried username=test) It asks for a password, then gives me an error: mount error 22 = Invalid argument Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) In the /var/log/messages (syslog), it says: CIFS VFS: Error -32 sending data on socket to server. CIFS VFS: cifs_mount failed w/return code = -5 I've also tried enabling the debug mode: echo 1 > /proc/fs/cifs/cifsFYI It doesn't give any more information. The server (again, Samba 3.0.5svn) doesn't record anything in any logs, from what I can tell. Does anybody have any idea what's going on and how to fix it? Shannon ____________________________ Shannon Johnson Network Support Specialist / Systems Administrator Dept. of Mechanical and Nuclear Engineering 224 Reber Building University Park, PA 16802 Phone: (814) 865-8267 ____________________________> -----Original Message----- > From: tms3 [mailto:tms3@fsklaw.net] > Sent: Thursday, May 20, 2004 5:30 PM > To: Paul Gienger > Cc: Shannon Johnson; samba@lists.samba.org > Subject: Re: [Samba] Samba 3 + Win2k = Headache > > Yep. And you can populate ADS with the ldap stuff, automatically, but > only one way. From ldap to W2k. I've got an overview on this formthe> University of Michigain, but at the office. On vacation till tuesday. > > Paul Gienger wrote: > > > > > > > Shannon Johnson wrote: > > > >>> From what I can gather, you've got > >>> 2003 AD doing user management > >>> RHEL for a (home) fileserver > >>> Clients of all flavors > >>> > >>> Have you thoroughly investigated just using nfs and autofs to dohome> >>> directory mounting and decided you can't use it for one reason or > >>> another? What are those reasons? You'd probably have lessheadache> >>> using nfs in a unix client - unix server environment, after all, > >>> > >> > >> that's > >> > >> > >>> what NFS is good for. > >>> > >> > >> > >> Win2000 server, not 2k3... but essentially correct. NFS won't work > >> because since we're doing authentication through winbind, all ofthe> >> uid's are different on each linux client. We've tried loading the > >> Services for Unix on the server, and assigning UID's, then usingthe> >> idmap_ad as the idmap backend, but I'm actually not sure how itworks,> >> so I can't thoroughly explore it (the documentation apparentlydoesn't> >> exist?). The only thing I can check is "getent passwd" whichreturns> the > >> UID winbind came up with on its own (through its own methods... not > from > >> AD). > >> > >> > > For that I would suggest using a central LDAP repository for your > > idmap backend on all machines. If that's all you need to do to getit> > going with nfs, that's a not-too-tough situation to solve. Youdon't> > have to go through the (somtimes painful) samba/ldap setup, you just > > need a basic ldap server with one idmap tree in it. What are you > > using for your unix auth now? since it sounds like you've got a few > > unix machines, ldap is a good fit there too, unless you've got > > something else that's tied in to your organization that you'd haveto> > rebuild... > > > >> Also, we are sharing files in a cross-platform environment... Weneeded> >> to have the same file space, using the same quota for all of theusers> >> in the department. > > > > What is enforcing your quotas? 2K or unix machine? > > > >> That's why Samba seemed like such a perfect fit. > >> Windows maps the user's home directory from the Samba server viaSMB,> >> and the Linux users do the same. That's when the symbolic and hardlink> >> problems come into play... > >> > >> > >