Thomas Werschlein
2015-Oct-30 10:25 UTC
[Samba] widelinks_warning - but unix extensions *are* off
> On 29 Oct 2015, at 23:22, Jeremy Allison <jra at samba.org> wrote: > > On Thu, Oct 29, 2015 at 05:27:49PM +0100, Thomas Werschlein wrote: >> Hi all >> >> Since we changed our installation from Samba 3.x to 4.x (currently 4.2.5 on Solaris 11.1), we repeatedly encounter the following 'widelinks_warning', originating from Windows Server 2012 R2 RDS clients: >> >> [2015/10/29 15:50:38.837702, 0] ../source3/param/loadparm.c:4306(widelinks_warning) >> Share 'data' has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share. >> [2015/10/29 15:50:38.838518, 0] ../source3/param/loadparm.c:4306(widelinks_warning) >> Share 'group' has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share. >> [2015/10/29 15:50:38.839070, 0] ../source3/param/loadparm.c:4306(widelinks_warning) >> Share 'web' has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share. >> >> The strange thing is: "unix extensions" *are* actually off. "wide links" are on, since we use them for vfs_shadow_copy2 (but not on the affected shares): >> >> # testparm -sv 2>/dev/null |egrep 'wide links|unix extensions' >> unix extensions = No >> allow insecure wide links = No >> wide links = Yes >> >> The affected shares (data, group, web) are distinct from "working" ones, by the fact that "hide unreadable" is set to "Yes" on the affected shares only. This is how the affected shares are configured: >> >> [data] >> path = /pool1/data >> read only = No >> acl map full control = No >> ea support = Yes >> nt acl support = No >> hide unreadable = Yes >> map archive = No >> map readonly = no >> store dos attributes = Yes >> vfs objects = zfsacl full_audit >> >> Unfortunately, we can't trigger the behaviour. It's all pretty fuzzy, but maybe someone out there has an idea what's going on? > > That message is coming from here: > > void widelinks_warning(int snum) > { > if (lp_allow_insecure_wide_links()) { > return; > } > > if (lp_unix_extensions() && lp_wide_links(snum)) { > DEBUG(0,("Share '%s' has wide links and unix extensions enabled. " > "These parameters are incompatible. " > "Wide links will be disabled for this share.\n", > lp_servicename(talloc_tos(), snum) )); > } > } > > so it's pretty simple. Both must be being seen to emit the message. > Can you get this reproducible ?I am aware of the code above. What I don't grasp is: what is turning on "unix extensions", under what circumstances? I can access all the affected shares from the same clients without triggering the warning (no surprise, since "unix extensions" is globally turned off). So no, I am not able to reproduce it. I increased the log level, but since this is a pretty busy production system and the warning appears every second day only, it was not feasible (at least I did not find a way yet). But thanks for your pointer!
Rowland Penny
2015-Oct-30 10:45 UTC
[Samba] widelinks_warning - but unix extensions *are* off
On 30/10/15 10:25, Thomas Werschlein wrote:> >> On 29 Oct 2015, at 23:22, Jeremy Allison <jra at samba.org> wrote: >> >> On Thu, Oct 29, 2015 at 05:27:49PM +0100, Thomas Werschlein wrote: >>> Hi all >>> >>> Since we changed our installation from Samba 3.x to 4.x (currently 4.2.5 on Solaris 11.1), we repeatedly encounter the following 'widelinks_warning', originating from Windows Server 2012 R2 RDS clients: >>> >>> [2015/10/29 15:50:38.837702, 0] ../source3/param/loadparm.c:4306(widelinks_warning) >>> Share 'data' has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share. >>> [2015/10/29 15:50:38.838518, 0] ../source3/param/loadparm.c:4306(widelinks_warning) >>> Share 'group' has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share. >>> [2015/10/29 15:50:38.839070, 0] ../source3/param/loadparm.c:4306(widelinks_warning) >>> Share 'web' has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share. >>> >>> The strange thing is: "unix extensions" *are* actually off. "wide links" are on, since we use them for vfs_shadow_copy2 (but not on the affected shares): >>> >>> # testparm -sv 2>/dev/null |egrep 'wide links|unix extensions' >>> unix extensions = No >>> allow insecure wide links = No >>> wide links = Yes >>> >>> The affected shares (data, group, web) are distinct from "working" ones, by the fact that "hide unreadable" is set to "Yes" on the affected shares only. This is how the affected shares are configured: >>> >>> [data] >>> path = /pool1/data >>> read only = No >>> acl map full control = No >>> ea support = Yes >>> nt acl support = No >>> hide unreadable = Yes >>> map archive = No >>> map readonly = no >>> store dos attributes = Yes >>> vfs objects = zfsacl full_audit >>> >>> Unfortunately, we can't trigger the behaviour. It's all pretty fuzzy, but maybe someone out there has an idea what's going on? >> That message is coming from here: >> >> void widelinks_warning(int snum) >> { >> if (lp_allow_insecure_wide_links()) { >> return; >> } >> >> if (lp_unix_extensions() && lp_wide_links(snum)) { >> DEBUG(0,("Share '%s' has wide links and unix extensions enabled. " >> "These parameters are incompatible. " >> "Wide links will be disabled for this share.\n", >> lp_servicename(talloc_tos(), snum) )); >> } >> } >> >> so it's pretty simple. Both must be being seen to emit the message. >> Can you get this reproducible ? > I am aware of the code above. What I don't grasp is: what is turning on "unix extensions", under what circumstances? I can access all the affected shares from the same clients without triggering the warning (no surprise, since "unix extensions" is globally turned off). So no, I am not able to reproduce it. > > I increased the log level, but since this is a pretty busy production system and the warning appears every second day only, it was not feasible (at least I did not find a way yet). But thanks for your pointer! > > >Hi , it might help if you posted your entire smb.conf rather than a fragment. If you read the smb.conf manpage, under 'wide links' there is this: Due to this problem, this parameter will be automatically disabled (with a message in the log file) if the unix extensions option is on. So, for whatever reason, samba seems to think that the unix extensions are on. Rowland
L.P.H. van Belle
2015-Oct-30 11:44 UTC
[Samba] widelinks_warning - but unix extensions *are* off
I suggest you try something like. Global smb.conf options: unix extensions = No allow insecure wide links = Yes Per share smb.conf options: ## and share options niet global used. wide links = yes follow symlinks = yes> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny > Verzonden: vrijdag 30 oktober 2015 11:46 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] widelinks_warning - but unix extensions *are* off > > On 30/10/15 10:25, Thomas Werschlein wrote: > > > >> On 29 Oct 2015, at 23:22, Jeremy Allison <jra at samba.org> wrote: > >> > >> On Thu, Oct 29, 2015 at 05:27:49PM +0100, Thomas Werschlein wrote: > >>> Hi all > >>> > >>> Since we changed our installation from Samba 3.x to 4.x (currently > 4.2.5 on Solaris 11.1), we repeatedly encounter the following > 'widelinks_warning', originating from Windows Server 2012 R2 RDS clients: > >>> > >>> [2015/10/29 15:50:38.837702, 0] > ../source3/param/loadparm.c:4306(widelinks_warning) > >>> Share 'data' has wide links and unix extensions enabled. These > parameters are incompatible. Wide links will be disabled for this share. > >>> [2015/10/29 15:50:38.838518, 0] > ../source3/param/loadparm.c:4306(widelinks_warning) > >>> Share 'group' has wide links and unix extensions enabled. These > parameters are incompatible. Wide links will be disabled for this share. > >>> [2015/10/29 15:50:38.839070, 0] > ../source3/param/loadparm.c:4306(widelinks_warning) > >>> Share 'web' has wide links and unix extensions enabled. These > parameters are incompatible. Wide links will be disabled for this share. > >>> > >>> The strange thing is: "unix extensions" *are* actually off. "wide > links" are on, since we use them for vfs_shadow_copy2 (but not on the > affected shares): > >>> > >>> # testparm -sv 2>/dev/null |egrep 'wide links|unix extensions' > >>> unix extensions = No > >>> allow insecure wide links = No > >>> wide links = Yes > >>> > >>> The affected shares (data, group, web) are distinct from "working" > ones, by the fact that "hide unreadable" is set to "Yes" on the affected > shares only. This is how the affected shares are configured: > >>> > >>> [data] > >>> path = /pool1/data > >>> read only = No > >>> acl map full control = No > >>> ea support = Yes > >>> nt acl support = No > >>> hide unreadable = Yes > >>> map archive = No > >>> map readonly = no > >>> store dos attributes = Yes > >>> vfs objects = zfsacl full_audit > >>> > >>> Unfortunately, we can't trigger the behaviour. It's all pretty fuzzy, > but maybe someone out there has an idea what's going on? > >> That message is coming from here: > >> > >> void widelinks_warning(int snum) > >> { > >> if (lp_allow_insecure_wide_links()) { > >> return; > >> } > >> > >> if (lp_unix_extensions() && lp_wide_links(snum)) { > >> DEBUG(0,("Share '%s' has wide links and unix extensions > enabled. " > >> "These parameters are incompatible. " > >> "Wide links will be disabled for this > share.\n", > >> lp_servicename(talloc_tos(), snum) )); > >> } > >> } > >> > >> so it's pretty simple. Both must be being seen to emit the message. > >> Can you get this reproducible ? > > I am aware of the code above. What I don't grasp is: what is turning on > "unix extensions", under what circumstances? I can access all the affected > shares from the same clients without triggering the warning (no surprise, > since "unix extensions" is globally turned off). So no, I am not able to > reproduce it. > > > > I increased the log level, but since this is a pretty busy production > system and the warning appears every second day only, it was not feasible > (at least I did not find a way yet). But thanks for your pointer! > > > > > > > > Hi , it might help if you posted your entire smb.conf rather than a > fragment. If you read the smb.conf manpage, under 'wide links' there is > this: > > Due to this problem, this parameter will be automatically disabled (with > a message in the log file) if the unix > extensions option is on. > > So, for whatever reason, samba seems to think that the unix extensions > are on. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Thomas Werschlein
2015-Nov-02 15:09 UTC
[Samba] widelinks_warning - but unix extensions *are* off
Sorry for the delay and thanks for your pointers. "allow insecure wide links" does not change the behaviour, tried that before. Which is strange, if you look at the code. On the other hand it is clearly not a static misconfiguration, otherwise I would be able to reproduce it. About half of the time, we get a PANIC about 5 to 10 minutes after these strange widelinks_warnings appear in the logfile. It just happened again: [2015/11/02 15:26:02.611300, 0] ../source3/param/loadparm.c:4306(widelinks_warning) Share 'data' has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share. [2015/11/02 15:26:02.706290, 0] ../source3/param/loadparm.c:4306(widelinks_warning) Share 'group' has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share. [2015/11/02 15:26:03.010964, 0] ../source3/param/loadparm.c:4306(widelinks_warning) Share 'web' has wide links and unix extensions enabled. These parameters are incompatible. Wide links will be disabled for this share. [2015/11/02 15:33:27.613228, 0] ../source3/lib/popt_common.c:68(popt_s3_talloc_log_fn) talloc: access after free error - first free may be at <E0>^A [2015/11/02 15:33:27.616936, 0] ../source3/lib/popt_common.c:68(popt_s3_talloc_log_fn) Bad talloc magic value - access after free [2015/11/02 15:33:27.618304, 0] ../source3/lib/util.c:788(smb_panic_s3) PANIC (pid 12270): Bad talloc magic value - access after free [2015/11/02 15:33:27.636001, 0] ../source3/lib/util.c:899(log_stack_trace) BACKTRACE: 43 stack frames: #0 /usr/local/samba-4.2.5/lib/libsmbconf.so.0'log_stack_trace+0x2b [0xfd9e18d8] #1 /usr/local/samba-4.2.5/lib/libsmbconf.so.0'smb_panic_s3+0x80 [0xfd9e173f] #2 /usr/local/samba-4.2.5/lib/libsamba-util.so.0.0.1'smb_panic+0x2a [0xfe758fc6] #3 /usr/local/samba-4.2.5/lib/private/libtalloc.so.2.1.2'talloc_abort+0x44 [0xfe6a2647] #4 /usr/local/samba-4.2.5/lib/private/libtalloc.so.2.1.2'talloc_abort_access_after_free+0x20 [0xfe6a26f0] #5 /usr/local/samba-4.2.5/lib/private/libtalloc.so.2.1.2'talloc_chunk_from_ptr+0x63 [0xfe6a277f] #6 /usr/local/samba-4.2.5/lib/private/libtalloc.so.2.1.2'_talloc_free+0x35 [0xfe6a43d1] #7 /usr/local/samba-4.2.5/lib/private/libsmbd-base-samba4.so'fsp_free+0x218 [0xfe2c1460] #8 /usr/local/samba-4.2.5/lib/private/libsmbd-base-samba4.so'file_free+0x17e [0xfe2c164f] #9 /usr/local/samba-4.2.5/lib/private/libsmbd-base-samba4.so'smbXsrv_open_close+0x668 [0xfe3a93a3] #10 /usr/local/samba-4.2.5/lib/private/libsmbd-base-samba4.so'smbXsrv_open_destructor+0x34 [0xfe3a8142] #11 /usr/local/samba-4.2.5/lib/private/libtalloc.so.2.1.2'_talloc_free_internal+0x154 [0xfe6a3352] #12 /usr/local/samba-4.2.5/lib/private/libtalloc.so.2.1.2'_talloc_free_children_internal+0x76 [0xfe6a411c] #13 /usr/local/samba-4.2.5/lib/private/libtalloc.so.2.1.2'_talloc_free_internal+0x2ae [0xfe6a34ac] #14 /usr/local/samba-4.2.5/lib/private/libtalloc.so.2.1.2'_talloc_free_children_internal+0x76 [0xfe6a411c] #15 /usr/local/samba-4.2.5/lib/private/libtalloc.so.2.1.2'_talloc_free_internal+0x2ae [0xfe6a34ac] #16 /usr/local/samba-4.2.5/lib/private/libtalloc.so.2.1.2'_talloc_free+0xe5 [0xfe6a4481] #17 /usr/local/samba-4.2.5/lib/private/libsmbd-base-samba4.so'exit_server_common+0x59d [0xfe3aae00] #18 /usr/local/samba-4.2.5/lib/private/libsmbd-base-samba4.so'0x1aaf32 [0xfe3aaf32] #19 /usr/local/samba-4.2.5/lib/private/libsmbd-shim-samba4.so'exit_server_cleanly+0x2a [0xfd6c0f51] #20 /usr/local/samba-4.2.5/lib/private/libsmbd-base-samba4.so'dup_smb2_vec4+0x0 [0xfe37860d] #21 /usr/local/samba-4.2.5/lib/private/libsmbd-base-samba4.so'smbd_smb2_request_create_done+0x81c [0xfe386826] #22 /usr/local/samba-4.2.5/lib/private/libtevent.so.0.9.25'_tevent_req_notify_callback+0x5c [0xfe62606c] #23 /usr/local/samba-4.2.5/lib/private/libsmbd-base-samba4.so'smbd_smb2_request_pending_queue+0x44 [0xfe378ea2] #24 /usr/local/samba-4.2.5/lib/private/libsmbd-base-samba4.so'smbd_smb2_request_process_create+0x7e9 [0xfe385f23] #25 /usr/local/samba-4.2.5/lib/private/libsmbd-base-samba4.so'smbd_smb2_request_dispatch+0xfc1 [0xfe37c55b] #26 /usr/local/samba-4.2.5/lib/private/libsmbd-base-samba4.so'smbd_smb2_io_handler+0x72f [0xfe37fe95] #27 /usr/local/samba-4.2.5/lib/private/libsmbd-base-samba4.so'smbd_smb2_connection_handler+0x55 [0xfe37ffa8] #28 /usr/local/samba-4.2.5/lib/libsmbconf.so.0'run_events_poll+0x483 [0xfd9fdd19] #29 /usr/local/samba-4.2.5/lib/libsmbconf.so.0's3_event_loop_once+0x18a [0xfd9fdfe5] #30 /usr/local/samba-4.2.5/lib/private/libtevent.so.0.9.25'_tevent_loop_once+0xf3 [0xfe62489f] #31 /usr/local/samba-4.2.5/lib/private/libtevent.so.0.9.25'tevent_common_loop_wait+0x26 [0xfe624b01] #32 /usr/local/samba-4.2.5/lib/private/libtevent.so.0.9.25'_tevent_loop_wait+0x1d [0xfe624bb3] #33 /usr/local/samba-4.2.5/lib/private/libsmbd-base-samba4.so'smbd_process+0xc07 [0xfe36375c] #34 /usr/local/samba-4.2.5/sbin/smbd'smbd_accept_connection+0x435 [0x805b021] #35 /usr/local/samba-4.2.5/lib/libsmbconf.so.0'run_events_poll+0x483 [0xfd9fdd19] #36 /usr/local/samba-4.2.5/lib/libsmbconf.so.0's3_event_loop_once+0x18a [0xfd9fdfe5] #37 /usr/local/samba-4.2.5/lib/private/libtevent.so.0.9.25'_tevent_loop_once+0xf3 [0xfe62489f] #38 /usr/local/samba-4.2.5/lib/private/libtevent.so.0.9.25'tevent_common_loop_wait+0x26 [0xfe624b01] #39 /usr/local/samba-4.2.5/lib/private/libtevent.so.0.9.25'_tevent_loop_wait+0x1d [0xfe624bb3] #40 /usr/local/samba-4.2.5/sbin/smbd'smbd_parent_loop+0xa5 [0x805be67] #41 /usr/local/samba-4.2.5/sbin/smbd'main+0x19e3 [0x805da17] #42 /usr/local/samba-4.2.5/sbin/smbd'_start+0x83 [0x8055ec3] [2015/11/02 15:33:27.662048, 0] ../source3/lib/dumpcore.c:318(dump_core) dumping core in /usr/local/samba-4.2.5/var/cores/smbd Regards, Thomas> On 30.10.2015, at 12:44, L.P.H. van Belle <belle at bazuin.nl> wrote: > > I suggest you try something like. > > > Global smb.conf options: > unix extensions = No > allow insecure wide links = Yes > > Per share smb.conf options: > ## and share options niet global used. > wide links = yes > follow symlinks = yes > > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny >> Verzonden: vrijdag 30 oktober 2015 11:46 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] widelinks_warning - but unix extensions *are* off >> >> On 30/10/15 10:25, Thomas Werschlein wrote: >>> >>>> On 29 Oct 2015, at 23:22, Jeremy Allison <jra at samba.org> wrote: >>>> >>>> On Thu, Oct 29, 2015 at 05:27:49PM +0100, Thomas Werschlein wrote: >>>>> Hi all >>>>> >>>>> Since we changed our installation from Samba 3.x to 4.x (currently >> 4.2.5 on Solaris 11.1), we repeatedly encounter the following >> 'widelinks_warning', originating from Windows Server 2012 R2 RDS clients: >>>>> >>>>> [2015/10/29 15:50:38.837702, 0] >> ../source3/param/loadparm.c:4306(widelinks_warning) >>>>> Share 'data' has wide links and unix extensions enabled. These >> parameters are incompatible. Wide links will be disabled for this share. >>>>> [2015/10/29 15:50:38.838518, 0] >> ../source3/param/loadparm.c:4306(widelinks_warning) >>>>> Share 'group' has wide links and unix extensions enabled. These >> parameters are incompatible. Wide links will be disabled for this share. >>>>> [2015/10/29 15:50:38.839070, 0] >> ../source3/param/loadparm.c:4306(widelinks_warning) >>>>> Share 'web' has wide links and unix extensions enabled. These >> parameters are incompatible. Wide links will be disabled for this share. >>>>> >>>>> The strange thing is: "unix extensions" *are* actually off. "wide >> links" are on, since we use them for vfs_shadow_copy2 (but not on the >> affected shares): >>>>> >>>>> # testparm -sv 2>/dev/null |egrep 'wide links|unix extensions' >>>>> unix extensions = No >>>>> allow insecure wide links = No >>>>> wide links = Yes >>>>> >>>>> The affected shares (data, group, web) are distinct from "working" >> ones, by the fact that "hide unreadable" is set to "Yes" on the affected >> shares only. This is how the affected shares are configured: >>>>> >>>>> [data] >>>>> path = /pool1/data >>>>> read only = No >>>>> acl map full control = No >>>>> ea support = Yes >>>>> nt acl support = No >>>>> hide unreadable = Yes >>>>> map archive = No >>>>> map readonly = no >>>>> store dos attributes = Yes >>>>> vfs objects = zfsacl full_audit >>>>> >>>>> Unfortunately, we can't trigger the behaviour. It's all pretty fuzzy, >> but maybe someone out there has an idea what's going on? >>>> That message is coming from here: >>>> >>>> void widelinks_warning(int snum) >>>> { >>>> if (lp_allow_insecure_wide_links()) { >>>> return; >>>> } >>>> >>>> if (lp_unix_extensions() && lp_wide_links(snum)) { >>>> DEBUG(0,("Share '%s' has wide links and unix extensions >> enabled. " >>>> "These parameters are incompatible. " >>>> "Wide links will be disabled for this >> share.\n", >>>> lp_servicename(talloc_tos(), snum) )); >>>> } >>>> } >>>> >>>> so it's pretty simple. Both must be being seen to emit the message. >>>> Can you get this reproducible ? >>> I am aware of the code above. What I don't grasp is: what is turning on >> "unix extensions", under what circumstances? I can access all the affected >> shares from the same clients without triggering the warning (no surprise, >> since "unix extensions" is globally turned off). So no, I am not able to >> reproduce it. >>> >>> I increased the log level, but since this is a pretty busy production >> system and the warning appears every second day only, it was not feasible >> (at least I did not find a way yet). But thanks for your pointer! >>> >>> >>> >> >> Hi , it might help if you posted your entire smb.conf rather than a >> fragment. If you read the smb.conf manpage, under 'wide links' there is >> this: >> >> Due to this problem, this parameter will be automatically disabled (with >> a message in the log file) if the unix >> extensions option is on. >> >> So, for whatever reason, samba seems to think that the unix extensions >> are on. >> >> Rowland