David F. Severski
2007-Jun-01 15:55 UTC
[Samba] Difficulty w/Offline Files and Samba 3.0.25
Good morning,
I have a working Offline Files setup w/Samba 3.0.24 (FreeBSD 6.2 host OS)
and a Win XP SP2 client. Upon updating to Samba 3.0.25, the XP client's
offline cache would show (as viewed via the Offline Files Folder) that
synced files are write-only ('User W' in the Access column). When
offline, theses files appeared to be available via Explorer and double
clicking would launch the appropriate program, but would then generate a
file not found error. Reverting to Samba 3.0.24 and resyncing has
corrected the problem ('User R/W' in the Access column and proper access
restored when offline).
My smb.conf is attached. Apart from the 'map acl inherit' parameter,
which I added when upgrading to 3.0.25 at the suggestion of WHATSNEW.txt,
this configuration file has not been changed in several months. Any
suggestions as to what the cause of this problem could be? Are any of
the recent changes in 3.0.25a likely applicable to this problem?
Thanks for the help!
David
-------------- next part --------------
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
"testparm"
# to check that you have not many any basic syntactic errors.
#
#======================= Global Settings
====================================[global]
# Disallow the use of opportunistic locks to try to avoid delayed write errors
oplocks = yes
#oplocks = no
#level2 oplocks = no
#locking = no
#passdb backend = ldapsam:ldap://geoff.deadheaven.com
passdb backend = ldapsam:ldapi://%2Fvar%2Frun%Fopenldap%2Fldapi
#enable net rpc rights privileges
enable privileges = yes
#this sets only the smbpasswd backend file, not the tdbsam file
smb passwd file = /usr/local/private/smbpasswd
ldap ssl = no
#ldap ssl = start_tls
ldap admin dn = cn=Manager,dc=deadheaven,dc=com
ldap user suffix = ou=Accounts
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap suffix = dc=deadheaven,dc=com
ldap passwd sync = yes
#idmap backend = ldap:ldap://geoff.deadheaven.com/
idmap backend = ldap:ldapi://%2Fvar%2Frun%2Fopenldap%Fldapi
ldap idmap suffix = ou=idmap
idmap uid = 40000-50000
idmap gid = 40000-50000
#u ncomment this chunkwhen ready to turn on smbldap scripts
#ldap delete dn = Yes
#add user script = /usr/local/sbin/smbldap-useradd -m "%u"
#delete user script = /usr/local/sbin/smbldap-userdel "%u"
#add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
#add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/local/sbin/smbldap-groupdel "%g"
#add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"% g"
#delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%
u" "%g"
#set primary group script = /usr/local/sbin/smbldap-usermod -g "%g"
"%u "
# workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
workgroup = DEADHEAVEN
# server string is the equivalent of the NT Description field
server string = Geoff - The Deadheaven Domain Server
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
; hosts allow = 192.168.1. 192.168.2. 127.
hosts allow = 192.168.0. 192.168.1. 172.16.0.
# By default, load all local printers for browsing
load printers = yes
# Use CUPS printing system
printcap name = cups
printing = cups
# Set logging level to one above the default of 0
log level = 1
# Create a log for each machine that connects, max of 500 Kb
log file = /var/log/samba/log.%m
max log size = 500
# Authenticate user credentials locally
security = user
# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes
# Disable lanman and NTLMv1 authentication (NTLMv2 required)
lanman auth = no
ntlm auth = yes
# Offer server side signing of transactions
server signing = mandatory
#client signing, NTLMv2, and SPNEGO settings
client signing = mandatory
client ntlmv2 auth = yes
client use spnego = yes
client schannel = yes
# Listen only on the internal and loopback interfaces
interfaces = fxp0 ath0 lo1
#Listen only on TCP/445
disable netbios = yes
# Browser Control Options:
local master = yes
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
domain master = yes
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
preferred master = yes
# Jack the OS level up to 34 just in case there are any other PDCs on the
# network (VMWare, for instance)
os level = 34
# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
domain logons = yes
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
; logon script = %U.bat
logon script = startup.bat
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U
logon path = \\%N\profiles\%U
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS Server
wins support = yes
# When acting as a WINS server, send unknown names to DNS for resolution
dns proxy = yes
#Anti-virus scanning
#vfs object = vscan-clamav
#vscan-clamav: config-file = /usr/local/etc/samba-vscan/vscan-clamav.conf
#============================ Share Definitions
=============================[homes]
comment = Home Directories
browseable = no
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
#the next two should prohibit other users from mapping other user's home
#directories. Though a more secure solution is to fix the underlying
#unix permissions, this provides an added layer of defense. Currently
#disabled until we get time to test this out.
#valid users = DEADHEAVEN+%S
#only user = DEADHEAVEN+%S
#vfs objects = recycle
writeable = yes
map acl inherit = yes
# Un-comment the following and create the netlogon directory for Domain Logons
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/lib/netlogon
guest ok = yes
writeable = no
locking = no
;share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
[profiles]
path = /data/profiles
browseable = no
writeable = yes
guest ok = no
create mask = 0700
directory mask = 0700
nt acl support = no
share modes = no
csc policy = disable
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
#oplocks = no
profile acls = yes
map acl inherit = yes
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
use client driver = no
# Set public = yes to allow user 'guest account' to print
public = yes
guest ok = yes
writeable = no
printable = yes
[print$]
comment = Printer Drivers
path = /usr/local/samba/printers
guest ok = no
browseable = yes
read only = yes
write list = root "DEADHEAVEN\davidski"
# This one is useful for people to share files
[tmp]
comment = Temporary file space
path = /usr/local/samba/tmp
writeable = yes
guest ok = yes
create mask = 776
directory mask = 777
browsable = yes
map acl inherit = yes
# A publicly accessible directory, but read only, except for the mp3 group
[mp3]
comment = Music Share
path = /data/music
guest ok = yes
force group = +mp3
writeable = yes
browseable = yes
write list = @mp3
vfs object =
create mask = 660
directory mask = 770
map acl inherit = yes
[www]
comment = World Wide Web Directories
path = /data/www
map acl inherit = yes
read only = no
Schaefer Jr, Thomas R.
2007-Jun-01 16:18 UTC
[Samba] Difficulty w/Offline Files and Samba 3.0.25
I filed a bug report about this exact issue yesterday. Everything you
are describing aligns 100% with what I'm experiencing too. I can use
the exact same smb.conf with 3.0.24 and it works fine. The bug report
is at https://bugzilla.samba.org/show_bug.cgi?id=4673 (down for
maintenance as I type this).
Jeremy Allison requested that I generate some level 10 debug logs which
I have done, just waiting for bugzilla to come back online so I can
submit my logs.
Please keep an eye on the bug report and add anything you feel might be
pertinent.
Thanks,
Tom Schaefer
-----Original Message-----
From: samba-bounces+tom=umsl.edu@lists.samba.org
[mailto:samba-bounces+tom=umsl.edu@lists.samba.org] On Behalf Of David
F. Severski
Sent: Friday, June 01, 2007 10:51 AM
To: samba@lists.samba.org
Subject: [Samba] Difficulty w/Offline Files and Samba 3.0.25
Good morning,
I have a working Offline Files setup w/Samba 3.0.24 (FreeBSD 6.2 host
OS) and a Win XP SP2 client. Upon updating to Samba 3.0.25, the XP
client's offline cache would show (as viewed via the Offline Files
Folder) that synced files are write-only ('User W' in the Access
column). When offline, theses files appeared to be available via
Explorer and double clicking would launch the appropriate program, but
would then generate a file not found error. Reverting to Samba 3.0.24
and resyncing has corrected the problem ('User R/W' in the Access column
and proper access restored when offline).
My smb.conf is attached. Apart from the 'map acl inherit' parameter,
which I added when upgrading to 3.0.25 at the suggestion of
WHATSNEW.txt, this configuration file has not been changed in several
months. Any suggestions as to what the cause of this problem could be?
Are any of the recent changes in 3.0.25a likely applicable to this
problem?
Thanks for the help!
David
On Fri, Jun 01, 2007 at 08:50:48AM -0700, David F. Severski wrote:> Good morning, > > I have a working Offline Files setup w/Samba 3.0.24 (FreeBSD 6.2 host OS) > and a Win XP SP2 client. Upon updating to Samba 3.0.25, the XP client's > offline cache would show (as viewed via the Offline Files Folder) that > synced files are write-only ('User W' in the Access column). When > offline, theses files appeared to be available via Explorer and double > clicking would launch the appropriate program, but would then generate a > file not found error. Reverting to Samba 3.0.24 and resyncing has > corrected the problem ('User R/W' in the Access column and proper access > restored when offline). > > My smb.conf is attached. Apart from the 'map acl inherit' parameter, > which I added when upgrading to 3.0.25 at the suggestion of WHATSNEW.txt, > this configuration file has not been changed in several months. Any > suggestions as to what the cause of this problem could be? Are any of > the recent changes in 3.0.25a likely applicable to this problem?It was an off-by-one error in some code I added into 3.0.25. I've now fixed it in the codebases and it will be in any subsequent release. If you want the patch for 3.0.25a I've attached it to this email. Very, very, sorry for this bug :-(. Jeremy. -------------- next part -------------- Index: smbd/nttrans.c ==================================================================--- smbd/nttrans.c (revision 23345) +++ smbd/nttrans.c (working copy) @@ -414,7 +414,7 @@ p += 4; if (flags & EXTENDED_RESPONSE_REQUIRED) { - p += 26; + p += 25; SIVAL(p,0,FILE_GENERIC_ALL); /* * For pipes W2K3 seems to return @@ -944,7 +944,7 @@ if (flags & EXTENDED_RESPONSE_REQUIRED) { uint32 perms = 0; - p += 26; + p += 25; if (fsp->is_directory || can_write_to_file(conn, fname, &sbuf)) { perms = FILE_GENERIC_ALL; } else { @@ -1029,7 +1029,7 @@ p += 4; if (flags & EXTENDED_RESPONSE_REQUIRED) { - p += 26; + p += 25; SIVAL(p,0,FILE_GENERIC_ALL); /* * For pipes W2K3 seems to return @@ -1625,7 +1625,7 @@ if (flags & EXTENDED_RESPONSE_REQUIRED) { uint32 perms = 0; - p += 26; + p += 25; if (fsp->is_directory || can_write_to_file(conn, fname, &sbuf)) { perms = FILE_GENERIC_ALL; } else {