Displaying 20 results from an estimated 41 matches for "cwseys".
Did you mean:
casey
2020 Feb 17
0
fruit:resource=stream on ZFS safety?
Hi Mike and all,
I still see ._ files with fruit:resource=xattr and not with
fruit:resource=stream.
Try extracting the attached zip file using a macintosh on the samba
share. (Sounds dangerous, right?!)
With fruit:resource=xattr
# ls -al
total 537
drwxrwx---+ 2 cwseys cwseys 9 Feb 17 09:57 .
drwxrwx---+ 3 cwseys cwseys 5 Feb 17 09:57 ..
-rwxrwxr--+ 1 cwseys cwseys 20120 Feb 17 09:57 'directory listing.png'
-rwxrwxr--+ 1 cwseys cwseys 6148 Feb 17 09:57 .DS_Store
-rwxrwxr--+ 1 cwseys cwseys 61808 Feb 17 09:57 '._RF=151KB Extension'...
2018 May 07
0
cifs.ko v2.1 bug (kernel 4.15)
...rdis01:/# file /smbbackupdir/smb01/home/eleonard/utils/alien/alien
/smbbackupdir/smb01/home/eleonard/utils/alien/alien: directory
Strangely, copying to a different directory makes this non-reproducible:
root at tardis01:/# mount /smbbackupdir/smb01
root at tardis01:/# file /smbbackupdir/smb01/home/cwseys/utils/alien/Alien/
/smbbackupdir/smb01/home/cwseys/utils/alien/Alien/: directory
root at tardis01:/# file /smbbackupdir/smb01/home/cwseys/utils/alien/alien
/smbbackupdir/smb01/home/cwseys/utils/alien/alien: writable, executable,
regular file, no read permission
Using protocol v1.0 makes problem g...
2018 Sep 20
3
per share way to not follow msdfs links
...t and is per-share.
[myshare]
msdfs root = no
path = ...
Should do the trick.
Otherwise if mounting on linux you can also use the 'nodfs' mount option
(mount.cifs //host/share/... /mnt/ -o ...,nodfs) to disable DFS
resolving and automatic sub-mounting.
Chad W Seys <cwseys at physics.wisc.edu> writes:
> Hi Aurélien,
> Thanks! The mount option nodfs worked if I also used vers=1.0, but
> otherwise msdfs resolving still occurred. (Looks like cifs uses a
> higher smb version if vers=1.0 not specified.) I'll send an email to
> the CIFS kerne...
2016 Mar 01
2
samba server with two kerberos realms
Hi Rowland,
> Are you using sssd or nslcd ?
I am using sssd. I can ssh into the server using credentials from either
kerberos realm.
E.g.
ssh cwseys at PHYSICS.WISC.EDU@smb01.physics.wisc.edu
(works)
ssh seys at AD.WISC.EDU@smb01.physics.wisc.edu
(works)
PHYSICS.WISC.EDU is an MIT kerberos KDC.
AD.WISC.EDU is a active directory KDC (etc).
The reason I thought sssd would be best is because I want to use the
/etc/passwd file for user existence...
2016 Mar 02
2
samba server with two kerberos realms
...gt; I am not saying that sssd won't work for what you are trying to do, you
> are just asking this in the wrong place, try the sssd-users mailing list.
It seems to me that samba is the sticking point.
If REALM=AD.WISC.EDU I can gain access to samba shares with seys at AD.WISC.EDU,
but not cwseys at PHYSICS.WISC.EDU.
If REALM=PHYSICS.WISC.EDU, cwseys at PHYSICS.WISC.EDU can gain access, but
seys at AD.WISC.EDU can not.
I change nothing else besides REALM= in smb.conf .
My guess is that Samba is using REALM=BLAH to check only principals in the
keytab whose realm is BLAH.
So, it seems a...
2017 Sep 26
5
dfs links anywhere?
(Let's keep this on the list)
Aurélien Aptel via samba <samba at lists.samba.org> writes:
> Chad William Seys <cwseys at physics.wisc.edu> writes:
>> Somehow the destination having 'msdfsroot yes' prevents the cifs kernel
>> module from following the link.
I've taken a look at your traces and right off the bat I see things like
this:
[...] /linux-4.9.30/fs/cifs/smb1ops.c: cifs_query_s...
2017 Mar 02
0
cifs-utils release 6.7 ready for download
...the environment
to the same value before opening the credcache, to hint to the krb5
libs where they ought to look.
This new behavior is on by default, but can be disabled by having
request-key pass a '-E' flag to cifs.upcall.
Reported-by: Chad William Seys <cwseys at physics.wisc.edu>
Signed-off-by: Jeff Layton <jlayton at samba.org>
commit ec3874fdc669901f4a9e8a90a856f999cd627a3f
Author: Jeff Layton <jlayton at samba.org>
Date: Thu Feb 16 09:55:45 2017 -0500
cifs.upcall: trim even more capabilities
We really only need CAP...
2016 Mar 02
0
samba server with two kerberos realms
...what you are trying to do, you
>> are just asking this in the wrong place, try the sssd-users mailing list.
> It seems to me that samba is the sticking point.
No it isn't, you are
>
> If REALM=AD.WISC.EDU I can gain access to samba shares with seys at AD.WISC.EDU,
> but not cwseys at PHYSICS.WISC.EDU.
>
> If REALM=PHYSICS.WISC.EDU, cwseys at PHYSICS.WISC.EDU can gain access, but
> seys at AD.WISC.EDU can not.
>
> I change nothing else besides REALM= in smb.conf .
>
> My guess is that Samba is using REALM=BLAH to check only principals in the
> keytab w...
2017 Sep 13
2
dfs links anywhere?
> Which smb version are you using (mount option)? Support for DFS on smb2+
> was only added in linux 4.11.
smbstatus shows the connection as NT1.
DFS links do work like this:
serverA_msdfsrootYES => serverB_msdfsrootNO
But not like this:
serverA_msdfsrootYES => serverB_msdfsrootYES
Somehow the destination having 'msdfsroot yes' prevents the cifs kernel
module from
2017 Sep 13
2
dfs links anywhere?
Hello,
>> Can more than one server have a share with 'msdfs root = yes'? Or
>> can there be only one root? (Setting 'msdfs root = yes' on shares on
>
> yes
Thanks! It works great for all clients* except the linux kernel (v4.9)
mount, which was what led me astray.
Any idea if this works in more recent kernels? If not where do I wish
list this. :)
2017 Oct 18
0
dfs links anywhere?
Hi Chad,
Sorry for the late reply. Looking at this now.
Chad William Seys <cwseys at physics.wisc.edu> writes:
> I've attached traces and logs of these situations:
>
> msdfs root = yes, link points to share, link CAN be followed
> trace_msdfsrootyes_share.*
>
> msdfs root = yes, link points to path, link CANNOT be followed
> trace_msdfsrootyes_path.*...
2017 Oct 22
1
dfs links anywhere?
Chad William Seys <cwseys at physics.wisc.edu> writes:
> Kernel 4.13 can resolve either style of link, so I don't think we need
> to spend more time with it!
> gvfs in Debian 9 also works (as do Windows 7+ and Mac 10.12+).
Good. I actually remember fixing something similar now, ha.
If you cannot update yo...
2018 Sep 21
1
per share way to not follow msdfs links
Chad W Seys <cwseys at physics.wisc.edu> writes:
>> Yep, sounds like a bug indeed. You still have the option to edit the smb.conf
>> on the server side if you want to use smb2+.
>
> Good to keep in mind.
> I'm speculating leaving 'nodfs' out of smb2+ was purposeful. Originally
&g...
2020 Feb 14
1
fruit:resource=stream on ZFS safety?
On 2/14/20 4:54 PM, Mike Pastore wrote:
> I guess the question is: what are you streaming to? And if the answer is
> streams_xattr, the question becomes: then why not just use
> fruit:resource=xattr?
When I tried fruit:resource=xattr appledouble files ._ were created. (I
know I'm hung up on aesthetics.)
Chad.
2016 Mar 02
0
samba server with two kerberos realms
On 01/03/16 23:16, Chad William Seys wrote:
> Hi Rowland,
>
>> Are you using sssd or nslcd ?
> I am using sssd. I can ssh into the server using credentials from either
> kerberos realm.
> E.g.
> ssh cwseys at PHYSICS.WISC.EDU@smb01.physics.wisc.edu
> (works)
> ssh seys at AD.WISC.EDU@smb01.physics.wisc.edu
> (works)
>
> PHYSICS.WISC.EDU is an MIT kerberos KDC.
> AD.WISC.EDU is a active directory KDC (etc).
>
> The reason I thought sssd would be best is because I want to use th...
2018 Jun 26
1
4.5 -> 4.8 samba fails to start
Hi Rowland,
Thanks for your explanation.
We have set up Samba to authenticate users against an external MIT
Kerberos server and usernames match those in Unix password files.
The setup was almost exactly like the Ubuntu help page:
https://help.ubuntu.com/community/Samba/Kerberos#MIT_Kerberos
There are others who have also set up Samba this way:
2016 Mar 01
3
samba server with two kerberos realms
Hi Rowland,
Below is output of testparm. Samba is set up as standalone server.
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[generic]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
realm = PHYSICS.WISC.EDU
server string = %h server
server role =
2017 Feb 15
5
[cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment
Third respin of this series. Reordered for better safety for bisecting.
The environment scraping is now on by default, but can be disabled with
"-E" in environments where it's not needed.
Also, I've added a patch to make cifs.upcall drop capabilities before
doing most of its work. This may help reduce the attack surface of the
program.
Jeff Layton (4):
cifs.upcall: convert
2017 Feb 14
3
[PATCH v2 0/2] cifs.upcall: allow cifs.upcall to grab $KRB5CCNAME from initiating process
Small respin of the patches that I posted a few days ago. The main
difference is the reordering of the series to make it do the group
and grouplist manipulation first, and then the patch that makes
it grab the KRB5CCNAME from the initiating process.
I think the code is sound, my main question is whether we really
need the command-line switch for this. Should this just be the
default mode of
2017 Feb 15
5
[cifs-utils PATCH v3 0/4] cifs.upcall: allow cifs.upcall to scrape cache location initiating task's environment
Apologies for v3 series, I had some extra patches in there. This is
the one that should have been sent. Relabeled as v4 for clarity.
Third respin of this series. Reordered for better safety for bisecting.
The environment scraping is now on by default, but can be disabled with
"-E" in environments where it's not needed.
Also, I've added a patch to make cifs.upcall drop