David F. Severski
2007-Jun-01 15:55 UTC
[Samba] Difficulty w/Offline Files and Samba 3.0.25
Good morning, I have a working Offline Files setup w/Samba 3.0.24 (FreeBSD 6.2 host OS) and a Win XP SP2 client. Upon updating to Samba 3.0.25, the XP client's offline cache would show (as viewed via the Offline Files Folder) that synced files are write-only ('User W' in the Access column). When offline, theses files appeared to be available via Explorer and double clicking would launch the appropriate program, but would then generate a file not found error. Reverting to Samba 3.0.24 and resyncing has corrected the problem ('User R/W' in the Access column and proper access restored when offline). My smb.conf is attached. Apart from the 'map acl inherit' parameter, which I added when upgrading to 3.0.25 at the suggestion of WHATSNEW.txt, this configuration file has not been changed in several months. Any suggestions as to what the cause of this problem could be? Are any of the recent changes in 3.0.25a likely applicable to this problem? Thanks for the help! David -------------- next part -------------- # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not many any basic syntactic errors. # #======================= Global Settings ====================================[global] # Disallow the use of opportunistic locks to try to avoid delayed write errors oplocks = yes #oplocks = no #level2 oplocks = no #locking = no #passdb backend = ldapsam:ldap://geoff.deadheaven.com passdb backend = ldapsam:ldapi://%2Fvar%2Frun%Fopenldap%2Fldapi #enable net rpc rights privileges enable privileges = yes #this sets only the smbpasswd backend file, not the tdbsam file smb passwd file = /usr/local/private/smbpasswd ldap ssl = no #ldap ssl = start_tls ldap admin dn = cn=Manager,dc=deadheaven,dc=com ldap user suffix = ou=Accounts ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap suffix = dc=deadheaven,dc=com ldap passwd sync = yes #idmap backend = ldap:ldap://geoff.deadheaven.com/ idmap backend = ldap:ldapi://%2Fvar%2Frun%2Fopenldap%Fldapi ldap idmap suffix = ou=idmap idmap uid = 40000-50000 idmap gid = 40000-50000 #u ncomment this chunkwhen ready to turn on smbldap scripts #ldap delete dn = Yes #add user script = /usr/local/sbin/smbldap-useradd -m "%u" #delete user script = /usr/local/sbin/smbldap-userdel "%u" #add machine script = /usr/local/sbin/smbldap-useradd -w "%u" #add group script = /usr/local/sbin/smbldap-groupadd -p "%g" #delete group script = /usr/local/sbin/smbldap-groupdel "%g" #add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "% g" #delete user from group script = /usr/local/sbin/smbldap-groupmod -x "% u" "%g" #set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u " # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 workgroup = DEADHEAVEN # server string is the equivalent of the NT Description field server string = Geoff - The Deadheaven Domain Server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. hosts allow = 192.168.0. 192.168.1. 172.16.0. # By default, load all local printers for browsing load printers = yes # Use CUPS printing system printcap name = cups printing = cups # Set logging level to one above the default of 0 log level = 1 # Create a log for each machine that connects, max of 500 Kb log file = /var/log/samba/log.%m max log size = 500 # Authenticate user credentials locally security = user # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes # Disable lanman and NTLMv1 authentication (NTLMv2 required) lanman auth = no ntlm auth = yes # Offer server side signing of transactions server signing = mandatory #client signing, NTLMv2, and SPNEGO settings client signing = mandatory client ntlmv2 auth = yes client use spnego = yes client schannel = yes # Listen only on the internal and loopback interfaces interfaces = fxp0 ath0 lo1 #Listen only on TCP/445 disable netbios = yes # Browser Control Options: local master = yes # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = yes # Jack the OS level up to 34 just in case there are any other PDCs on the # network (VMWare, for instance) os level = 34 # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat logon script = startup.bat # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below ; logon path = \\%L\Profiles\%U logon path = \\%N\profiles\%U # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server wins support = yes # When acting as a WINS server, send unknown names to DNS for resolution dns proxy = yes #Anti-virus scanning #vfs object = vscan-clamav #vscan-clamav: config-file = /usr/local/etc/samba-vscan/vscan-clamav.conf #============================ Share Definitions =============================[homes] comment = Home Directories browseable = no hide files = /desktop.ini/ntuser.ini/NTUSER.*/ #the next two should prohibit other users from mapping other user's home #directories. Though a more secure solution is to fix the underlying #unix permissions, this provides an added layer of defense. Currently #disabled until we get time to test this out. #valid users = DEADHEAVEN+%S #only user = DEADHEAVEN+%S #vfs objects = recycle writeable = yes map acl inherit = yes # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = yes writeable = no locking = no ;share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory [profiles] path = /data/profiles browseable = no writeable = yes guest ok = no create mask = 0700 directory mask = 0700 nt acl support = no share modes = no csc policy = disable hide files = /desktop.ini/ntuser.ini/NTUSER.*/ #oplocks = no profile acls = yes map acl inherit = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /var/spool/samba browseable = no use client driver = no # Set public = yes to allow user 'guest account' to print public = yes guest ok = yes writeable = no printable = yes [print$] comment = Printer Drivers path = /usr/local/samba/printers guest ok = no browseable = yes read only = yes write list = root "DEADHEAVEN\davidski" # This one is useful for people to share files [tmp] comment = Temporary file space path = /usr/local/samba/tmp writeable = yes guest ok = yes create mask = 776 directory mask = 777 browsable = yes map acl inherit = yes # A publicly accessible directory, but read only, except for the mp3 group [mp3] comment = Music Share path = /data/music guest ok = yes force group = +mp3 writeable = yes browseable = yes write list = @mp3 vfs object = create mask = 660 directory mask = 770 map acl inherit = yes [www] comment = World Wide Web Directories path = /data/www map acl inherit = yes read only = no
Schaefer Jr, Thomas R.
2007-Jun-01 16:18 UTC
[Samba] Difficulty w/Offline Files and Samba 3.0.25
I filed a bug report about this exact issue yesterday. Everything you are describing aligns 100% with what I'm experiencing too. I can use the exact same smb.conf with 3.0.24 and it works fine. The bug report is at https://bugzilla.samba.org/show_bug.cgi?id=4673 (down for maintenance as I type this). Jeremy Allison requested that I generate some level 10 debug logs which I have done, just waiting for bugzilla to come back online so I can submit my logs. Please keep an eye on the bug report and add anything you feel might be pertinent. Thanks, Tom Schaefer -----Original Message----- From: samba-bounces+tom=umsl.edu@lists.samba.org [mailto:samba-bounces+tom=umsl.edu@lists.samba.org] On Behalf Of David F. Severski Sent: Friday, June 01, 2007 10:51 AM To: samba@lists.samba.org Subject: [Samba] Difficulty w/Offline Files and Samba 3.0.25 Good morning, I have a working Offline Files setup w/Samba 3.0.24 (FreeBSD 6.2 host OS) and a Win XP SP2 client. Upon updating to Samba 3.0.25, the XP client's offline cache would show (as viewed via the Offline Files Folder) that synced files are write-only ('User W' in the Access column). When offline, theses files appeared to be available via Explorer and double clicking would launch the appropriate program, but would then generate a file not found error. Reverting to Samba 3.0.24 and resyncing has corrected the problem ('User R/W' in the Access column and proper access restored when offline). My smb.conf is attached. Apart from the 'map acl inherit' parameter, which I added when upgrading to 3.0.25 at the suggestion of WHATSNEW.txt, this configuration file has not been changed in several months. Any suggestions as to what the cause of this problem could be? Are any of the recent changes in 3.0.25a likely applicable to this problem? Thanks for the help! David
On Fri, Jun 01, 2007 at 08:50:48AM -0700, David F. Severski wrote:> Good morning, > > I have a working Offline Files setup w/Samba 3.0.24 (FreeBSD 6.2 host OS) > and a Win XP SP2 client. Upon updating to Samba 3.0.25, the XP client's > offline cache would show (as viewed via the Offline Files Folder) that > synced files are write-only ('User W' in the Access column). When > offline, theses files appeared to be available via Explorer and double > clicking would launch the appropriate program, but would then generate a > file not found error. Reverting to Samba 3.0.24 and resyncing has > corrected the problem ('User R/W' in the Access column and proper access > restored when offline). > > My smb.conf is attached. Apart from the 'map acl inherit' parameter, > which I added when upgrading to 3.0.25 at the suggestion of WHATSNEW.txt, > this configuration file has not been changed in several months. Any > suggestions as to what the cause of this problem could be? Are any of > the recent changes in 3.0.25a likely applicable to this problem?It was an off-by-one error in some code I added into 3.0.25. I've now fixed it in the codebases and it will be in any subsequent release. If you want the patch for 3.0.25a I've attached it to this email. Very, very, sorry for this bug :-(. Jeremy. -------------- next part -------------- Index: smbd/nttrans.c ==================================================================--- smbd/nttrans.c (revision 23345) +++ smbd/nttrans.c (working copy) @@ -414,7 +414,7 @@ p += 4; if (flags & EXTENDED_RESPONSE_REQUIRED) { - p += 26; + p += 25; SIVAL(p,0,FILE_GENERIC_ALL); /* * For pipes W2K3 seems to return @@ -944,7 +944,7 @@ if (flags & EXTENDED_RESPONSE_REQUIRED) { uint32 perms = 0; - p += 26; + p += 25; if (fsp->is_directory || can_write_to_file(conn, fname, &sbuf)) { perms = FILE_GENERIC_ALL; } else { @@ -1029,7 +1029,7 @@ p += 4; if (flags & EXTENDED_RESPONSE_REQUIRED) { - p += 26; + p += 25; SIVAL(p,0,FILE_GENERIC_ALL); /* * For pipes W2K3 seems to return @@ -1625,7 +1625,7 @@ if (flags & EXTENDED_RESPONSE_REQUIRED) { uint32 perms = 0; - p += 26; + p += 25; if (fsp->is_directory || can_write_to_file(conn, fname, &sbuf)) { perms = FILE_GENERIC_ALL; } else {