Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Samba4 oplocks: LibreOffice and Word file locking
104 views
Skip to first unread message
steve
May 3, 2012, 5:10:04 AM5/3/12
to
Hi
Lan with S4 and built-in file server for Windows clients. nfs for Linux
clients.
We are using LibreOffice to share documents and file locking works fine.
The first guy to open the doc gets the lock and a message is displayed
on other clients (windows or Linux) that the file is open.
Fine
Some users must however use Word 2010 to edit documents. Then file
locking doesn't work: anyone can open it. Any combination of clients and
any combination of LO or Word.
I'm told to turn off client oplocks:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MRXSmb\Parameters
OplocksDisabled = 1
However, our win7 clients do not have \Parameters
At HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services I see the folders:
mrxsmb, mrxsmb10 and ,rxsmb20
opening any of them gives another folder called Enum with
Default REG_SZ (value not set)
0 REG_SZ Root\LEGACY_MRXSMB\0000
Count REG_DWORD 0x00000001 (1)
NextInstance REG_DWORD 0x00000001 (1)
Any ideas how to turn off oplocks? Or WHY.
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Lan with S4 and built-in file server for Windows clients. nfs for Linux
clients.
We are using LibreOffice to share documents and file locking works fine.
The first guy to open the doc gets the lock and a message is displayed
on other clients (windows or Linux) that the file is open.
Fine
Some users must however use Word 2010 to edit documents. Then file
locking doesn't work: anyone can open it. Any combination of clients and
any combination of LO or Word.
I'm told to turn off client oplocks:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MRXSmb\Parameters
OplocksDisabled = 1
However, our win7 clients do not have \Parameters
At HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services I see the folders:
mrxsmb, mrxsmb10 and ,rxsmb20
opening any of them gives another folder called Enum with
Default REG_SZ (value not set)
0 REG_SZ Root\LEGACY_MRXSMB\0000
Count REG_DWORD 0x00000001 (1)
NextInstance REG_DWORD 0x00000001 (1)
Any ideas how to turn off oplocks? Or WHY.
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Jeremy Allison
May 3, 2012, 1:20:01 PM5/3/12
to
On Thu, May 03, 2012 at 11:08:49AM +0200, steve wrote:
> Hi
> Lan with S4 and built-in file server for Windows clients. nfs for
> Linux clients.
>
> We are using LibreOffice to share documents and file locking works
> fine. The first guy to open the doc gets the lock and a message is
> displayed on other clients (windows or Linux) that the file is open.
>
> Fine
>
> Some users must however use Word 2010 to edit documents. Then file
> locking doesn't work: anyone can open it. Any combination of clients
> and any combination of LO or Word.
>
> I'm told to turn off client oplocks:
>
> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MRXSmb\Parameters
> OplocksDisabled = 1
>
> However, our win7 clients do not have \Parameters
>
> At HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services I see the folders:
>
> mrxsmb, mrxsmb10 and ,rxsmb20
>
> opening any of them gives another folder called Enum with
>
> Default REG_SZ (value not set)
> 0 REG_SZ Root\LEGACY_MRXSMB\0000
> Count REG_DWORD 0x00000001 (1)
> NextInstance REG_DWORD 0x00000001 (1)
>
> Any ideas how to turn off oplocks? Or WHY.
Does this work (Word 2010 sees other opens) if you run the clients
> Hi
> Lan with S4 and built-in file server for Windows clients. nfs for
> Linux clients.
>
> We are using LibreOffice to share documents and file locking works
> fine. The first guy to open the doc gets the lock and a message is
> displayed on other clients (windows or Linux) that the file is open.
>
> Fine
>
> Some users must however use Word 2010 to edit documents. Then file
> locking doesn't work: anyone can open it. Any combination of clients
> and any combination of LO or Word.
>
> I'm told to turn off client oplocks:
>
> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MRXSmb\Parameters
> OplocksDisabled = 1
>
> However, our win7 clients do not have \Parameters
>
> At HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services I see the folders:
>
> mrxsmb, mrxsmb10 and ,rxsmb20
>
> opening any of them gives another folder called Enum with
>
> Default REG_SZ (value not set)
> 0 REG_SZ Root\LEGACY_MRXSMB\0000
> Count REG_DWORD 0x00000001 (1)
> NextInstance REG_DWORD 0x00000001 (1)
>
> Any ideas how to turn off oplocks? Or WHY.
against an S3 server ? I'm guessing it will. The current recommended
setup is to use S4 as an AD-DC, but S3 joined to the domain as a
fileserver.
The S3 fileserver code will replace the S4 fileserver before
official S4 release.
Jeremy.
steve
May 3, 2012, 1:40:02 PM5/3/12
to
I can't see how to do that. We currently have a single box S4 which
serves both the Linux and Windows clients. The files are in the same
folders on the same machine. S4 serves the Win boxes (ntvfs/cifs I
think) and nfs the Linux machines.
How would I get a separate s3 fileserver to do the same job? If that can
be done then can we still keep nfs for our Linux clients? Presumably on
the same box as the s3 fileserver?
Summary
Server1: S4 AD DC
Server2: s3 and nfs fileserver joined to Server1 domain
Cheers and thanks for your time,
Steve
Jeremy Allison
May 3, 2012, 8:30:03 PM5/3/12
to
On Thu, May 03, 2012 at 07:33:53PM +0200, steve wrote:
>
> Hi
> I can't see how to do that. We currently have a single box S4 which
> serves both the Linux and Windows clients. The files are in the same
> folders on the same machine. S4 serves the Win boxes (ntvfs/cifs I
> think) and nfs the Linux machines.
>
> How would I get a separate s3 fileserver to do the same job? If that
> can be done then can we still keep nfs for our Linux clients?
> Presumably on the same box as the s3 fileserver?
>
> Summary
> Server1: S4 AD DC
> Server2: s3 and nfs fileserver joined to Server1 domain
That's exactly how to do it. You could use VM's to
>
> Hi
> I can't see how to do that. We currently have a single box S4 which
> serves both the Linux and Windows clients. The files are in the same
> folders on the same machine. S4 serves the Win boxes (ntvfs/cifs I
> think) and nfs the Linux machines.
>
> How would I get a separate s3 fileserver to do the same job? If that
> can be done then can we still keep nfs for our Linux clients?
> Presumably on the same box as the s3 fileserver?
>
> Summary
> Server1: S4 AD DC
> Server2: s3 and nfs fileserver joined to Server1 domain
create the fileserver box or the S4 AD-DC.
Jeremy.
steve
May 4, 2012, 2:50:02 AM5/4/12
to
On 04/05/12 02:26, Jeremy Allison wrote:
> On Thu, May 03, 2012 at 07:33:53PM +0200, steve wrote:
>>
>> Hi
>> I can't see how to do that. We currently have a single box S4 which
>> serves both the Linux and Windows clients. The files are in the same
>> folders on the same machine. S4 serves the Win boxes (ntvfs/cifs I
>> think) and nfs the Linux machines.
>>
>> How would I get a separate s3 fileserver to do the same job? If that
>> can be done then can we still keep nfs for our Linux clients?
>> Presumably on the same box as the s3 fileserver?
>>
>> Summary
>> Server1: S4 AD DC
>> Server2: s3 and nfs fileserver joined to Server1 domain
>
> That's exactly how to do it. You could use VM's to
> create the fileserver box or the S4 AD-DC.
>
> Jeremy.
Hi Jeremy
> On Thu, May 03, 2012 at 07:33:53PM +0200, steve wrote:
>>
>> Hi
>> I can't see how to do that. We currently have a single box S4 which
>> serves both the Linux and Windows clients. The files are in the same
>> folders on the same machine. S4 serves the Win boxes (ntvfs/cifs I
>> think) and nfs the Linux machines.
>>
>> How would I get a separate s3 fileserver to do the same job? If that
>> can be done then can we still keep nfs for our Linux clients?
>> Presumably on the same box as the s3 fileserver?
>>
>> Summary
>> Server1: S4 AD DC
>> Server2: s3 and nfs fileserver joined to Server1 domain
>
> That's exactly how to do it. You could use VM's to
> create the fileserver box or the S4 AD-DC.
>
> Jeremy.
Thanks for the confirmation. The VM is a great idea.
Just one bit of confusuion:
When I create a new user, I create his homeDirectory in a share. I
create the user on Server1. Can I at the same time, create his
homeDirectory on Server2? Afterwards, how do I tell the clients to look
at Server1 to authenticate and Server2 to get the data?
I understand, I have
Server1
[global]
[netlogon]
[sysvol]
Server2
[global]
[homes]
[everything]
[else]
How do I get the clients to distinguish between the two?
Cheers,
Steve
Daniel Müller
May 4, 2012, 3:20:02 AM5/4/12
to
I do not know exactly what you are trying to do!?
You have one Samba4 DC-ADS the master!
One samba3 the file and printserver!?
Both on a physical host!?
So you just need to let do Samba4 be the authentication and gpo part.
The samba3 host has to join as memberserver to the ads of the Samba4. Point the samba3 server to authenticate users
to the samba4.
For the samba4. Login from your admin PC with ads tools from Microsoft installed:
You have one Samba4 DC-ADS the master!
One samba3 the file and printserver!?
Both on a physical host!?
So you just need to let do Samba4 be the authentication and gpo part.
The samba3 host has to join as memberserver to the ads of the Samba4. Point the samba3 server to authenticate users
to the samba4.
For the samba4. Login from your admin PC with ads tools from Microsoft installed:
See also: http://support.microsoft.com/kb/816313/EN-US
Assign a home folder to a domain user
Note: To specify a network path for the home folder, you must first create the network share and set permissions that permit the user access. You can do this with Shared Folders in Computer Management on the server computer.
To assign a home folder to a domain user: 1.Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
2.In the console tree, click Users.
3.In the Details pane, right-click the user account, and then click Properties.
4.In the Properties dialog box, click Profile.
5.Under the Home folder, type the folder information. To do this, follow these steps:
•To assign a home folder on a network server, click Connect, and then specify a drive letter.
•In the To box, type a path. This path can be any one of the following types:
◦Network path, for example:
\\server\users\tester ##server in your turn could be the samba3 host##
◦You can substitute username for the last subfolder in the path, for example:
\\server\users\username
Define the home directories on the samba3 host.
Good Luck
Daniel
-----------------------------------------------
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mue...@tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: samba-...@lists.samba.org [mailto:samba-...@lists.samba.org] Im Auftrag von steve
Gesendet: Freitag, 4. Mai 2012 08:44
An: Jeremy Allison
Cc: sa...@lists.samba.org
Betreff: Re: [Samba] Samba4 oplocks: LibreOffice and Word file locking
Ludek Finstrle
May 4, 2012, 3:50:01 AM5/4/12
to
Hi,
Thu, May 03, 2012 at 10:16:28AM -0700, Jeremy Allison napsal(a):
Why not use Samba Frenky? Mix of S4 and S3. I'm using it successfully.
It doesn't need any virtualization on IP splitting.
And when you use S4 AD-DC + S3 FS why don't you use only different IP
in one box isn't it enough? Why virtualization?
Best regards,
Luf
Thu, May 03, 2012 at 10:16:28AM -0700, Jeremy Allison napsal(a):
It doesn't need any virtualization on IP splitting.
And when you use S4 AD-DC + S3 FS why don't you use only different IP
in one box isn't it enough? Why virtualization?
Best regards,
Luf
steve
May 4, 2012, 4:00:03 AM5/4/12
to
On 04/05/12 09:19, Daniel Müller wrote:
> I do not know exactly what you are trying to do!?
> You have one Samba4 DC-ADS the master!
> One samba3 the file and printserver!?
> Both on a physical host!?
> I do not know exactly what you are trying to do!?
> You have one Samba4 DC-ADS the master!
> One samba3 the file and printserver!?
> Both on a physical host!?
Hi Daniel and thanks for the explanation.
I want s4 on one box and s3 on another. (I can't see a way of having 2
smb.conf on the same physical box, so we separate them.)
Currently I'm administering all this using scripts from the s4 DC under
Linux:
http://linuxcostablanca.blogspot.com.es/p/s4bind.html
It works fine but the ntvfs fileserver that comes with s4 is rather
limited. I want to serve files using the s3 fileserver which supports
the Posix options I need. That will be on another box or VM.
> So you just need to let do Samba4 be the authentication and gpo part.
Yes
> The samba3 host has to join as memberserver to the ads of the Samba4.
Yep. I can do that. I already have Linux clients joined to the domain.
But simply to set the realm and so they can get a keytab using net ads
keytab create. Nothing else. It's the [global] section on the s3
fileserver's smb.conf I can't work out!
> Point the samba3 server to authenticate users
> to the samba4.
This is the bit I'm missing. Is this a line in smb.conf on the s3 box?
> For the samba4. Login from your admin PC with ads tools from Microsoft installed:
>
I have the profile and home drive mappings setup via a script.
>
> Define the home directories on the samba3 host.
Those would be everything I have at the moment in the s4 smb.conf except
the netlogion and sysvol shares? then remove those shares from the s4
smb.conf?
>
TIA for your patience,
Daniel Müller
May 4, 2012, 4:10:02 AM5/4/12
to
This could be a hint to establish it: http://www.enterprisenetworkingplanet.com/netos/article.php/3487081/Join-Samba-3-to-Your--Active-Directory-Domain.htm
-----------------------------------------------
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mue...@tropenklinik.de
Internet: www.tropenklinik.de
-----------------------------------------------
-----Ursprüngliche Nachricht-----
Von: steve [mailto:st...@steve-ss.com]
Gesendet: Freitag, 4. Mai 2012 09:59
An: mue...@tropenklinik.de
Cc: 'Jeremy Allison'; sa...@lists.samba.org
Betreff: Re: AW: [Samba] Samba4 oplocks: LibreOffice and Word file locking
steve
May 4, 2012, 4:20:02 AM5/4/12
to
On 04/05/12 09:45, Ludek Finstrle wrote:
> Hi,
>
> Thu, May 03, 2012 at 10:16:28AM -0700, Jeremy Allison napsal(a):
>> On Thu, May 03, 2012 at 11:08:49AM +0200, steve wrote:
>> Does this work (Word 2010 sees other opens) if you run the clients
>> against an S3 server ? I'm guessing it will. The current recommended
>> setup is to use S4 as an AD-DC, but S3 joined to the domain as a
>> fileserver.
>>
>> The S3 fileserver code will replace the S4 fileserver before
>> official S4 release.
>
> Why not use Samba Frenky? Mix of S4 and S3. I'm using it successfully.
> It doesn't need any virtualization on IP splitting.
>
> And when you use S4 AD-DC + S3 FS why don't you use only different IP
> in one box isn't it enough? Why virtualization?
I think I'd need two smb.conf files. One for the s4 containing netlogon
> Hi,
>
> Thu, May 03, 2012 at 10:16:28AM -0700, Jeremy Allison napsal(a):
>> On Thu, May 03, 2012 at 11:08:49AM +0200, steve wrote:
>> Does this work (Word 2010 sees other opens) if you run the clients
>> against an S3 server ? I'm guessing it will. The current recommended
>> setup is to use S4 as an AD-DC, but S3 joined to the domain as a
>> fileserver.
>>
>> The S3 fileserver code will replace the S4 fileserver before
>> official S4 release.
>
> Why not use Samba Frenky? Mix of S4 and S3. I'm using it successfully.
> It doesn't need any virtualization on IP splitting.
>
> And when you use S4 AD-DC + S3 FS why don't you use only different IP
> in one box isn't it enough? Why virtualization?
and sysvol and another for s3 to hold the shares. Can I do that on one box?
>
> Best regards,
>
> Luf
Hi Ludek
Yes, that's a good idea.
I think we're very close to a release of S4 with the integrated s3
fileserver so am trying to decide to wait for that or go ahead with
Franky or S3 and S4 on separate boxes. We use a lan of Win and Linux
oxes and need to move away from the fileserver that comes with S4. I'm
slowly fitting the pieces of all this together. Thanks for the
suggestion. I have the Franky wiki open as I write. Difficult to decide.
wait or go ahead!
Cheers,
Steve
Niels Dettenbach
May 4, 2012, 4:30:02 AM5/4/12
to
Am Freitag, 4. Mai 2012, 10:12:33 schrieb steve:
> On 04/05/12 09:45, Ludek Finstrle wrote:
> I think I'd need two smb.conf files. One for the s4 containing netlogon
> and sysvol and another for s3 to hold the shares. Can I do that on one box?
I can't see any point why it should not be possible, but im not shure if all
> On 04/05/12 09:45, Ludek Finstrle wrote:
> I think I'd need two smb.conf files. One for the s4 containing netlogon
> and sysvol and another for s3 to hold the shares. Can I do that on one box?
compiled in pathes could be changed during command line options or
configuration in your application cases. From my first view it seems you could
start different samba instances with different configuration files and working
directories etc. by passing command line options - i.e.:
--configfile
--lockdir
--cachedir
--statedir
--piddir
--smb-passwd-file *
--private-dir *
and other possible options...
(* requirement may depend from your setup)
If you compile samba byself, you may use different prefixes for your both
sambas on the same box just on compile time.
hth
best regards,
Niels.
--
---
Niels Dettenbach
Syndicat IT & Internet
http://www.syndicat.com
---
Ludek Finstrle
May 4, 2012, 5:10:02 AM5/4/12
to
Hi
Fri, May 04, 2012 at 10:23:37AM +0200, Niels Dettenbach napsal(a):
I use Franky so I'm not sure if config is enough in separate S3 and S4.
E.g for S3: smbd -D -s /etc/samba3/smb.conf
Best regards,
Luf
Fri, May 04, 2012 at 10:23:37AM +0200, Niels Dettenbach napsal(a):
> Am Freitag, 4. Mai 2012, 10:12:33 schrieb steve:
> > On 04/05/12 09:45, Ludek Finstrle wrote:
> > I think I'd need two smb.conf files. One for the s4 containing netlogon
> > and sysvol and another for s3 to hold the shares. Can I do that on one box?
>
> I can't see any point why it should not be possible, but im not shure if all
> compiled in pathes could be changed during command line options or
> configuration in your application cases. From my first view it seems you could
> start different samba instances with different configuration files and working
> directories etc. by passing command line options - i.e.:
Maybe you can also use -s for S3 or S4 (or both) and you don't need to recompile.
> > On 04/05/12 09:45, Ludek Finstrle wrote:
> > I think I'd need two smb.conf files. One for the s4 containing netlogon
> > and sysvol and another for s3 to hold the shares. Can I do that on one box?
>
> I can't see any point why it should not be possible, but im not shure if all
> compiled in pathes could be changed during command line options or
> configuration in your application cases. From my first view it seems you could
> start different samba instances with different configuration files and working
> directories etc. by passing command line options - i.e.:
I use Franky so I'm not sure if config is enough in separate S3 and S4.
E.g for S3: smbd -D -s /etc/samba3/smb.conf
Best regards,
Luf
steve
May 4, 2012, 5:20:02 AM5/4/12
to
On 04/05/12 11:09, Ludek Finstrle wrote:
> Hi
>
> Fri, May 04, 2012 at 10:23:37AM +0200, Niels Dettenbach napsal(a):
>> Am Freitag, 4. Mai 2012, 10:12:33 schrieb steve:
>>> On 04/05/12 09:45, Ludek Finstrle wrote:
>>> I think I'd need two smb.conf files. One for the s4 containing netlogon
>>> and sysvol and another for s3 to hold the shares. Can I do that on one box?
>>
>> I can't see any point why it should not be possible, but im not shure if all
>> compiled in pathes could be changed during command line options or
>> configuration in your application cases. From my first view it seems you could
>> start different samba instances with different configuration files and working
>> directories etc. by passing command line options - i.e.:
>
> Maybe you can also use -s for S3 or S4 (or both) and you don't need to recompile.
> I use Franky so I'm not sure if config is enough in separate S3 and S4.
>
> E.g for S3: smbd -D -s /etc/samba3/smb.conf
>
> Best regards,
>
> Luf
Hi
> Hi
>
> Fri, May 04, 2012 at 10:23:37AM +0200, Niels Dettenbach napsal(a):
>> Am Freitag, 4. Mai 2012, 10:12:33 schrieb steve:
>>> On 04/05/12 09:45, Ludek Finstrle wrote:
>>> I think I'd need two smb.conf files. One for the s4 containing netlogon
>>> and sysvol and another for s3 to hold the shares. Can I do that on one box?
>>
>> I can't see any point why it should not be possible, but im not shure if all
>> compiled in pathes could be changed during command line options or
>> configuration in your application cases. From my first view it seems you could
>> start different samba instances with different configuration files and working
>> directories etc. by passing command line options - i.e.:
>
> Maybe you can also use -s for S3 or S4 (or both) and you don't need to recompile.
> I use Franky so I'm not sure if config is enough in separate S3 and S4.
>
> E.g for S3: smbd -D -s /etc/samba3/smb.conf
>
> Best regards,
>
> Luf
I'm getting there:-)
One other thing:
With winbind, do I have to have my home directories where winbind tells
me? ie whatever wbinfo -i user gives?
Thanks for your patience,
Cheers,
Steve
Ludek Finstrle
May 4, 2012, 5:50:02 AM5/4/12
to
Hi
Fri, May 04, 2012 at 11:21:13AM +0200, steve napsal(a):
As I wrote some time ago I don't use winbind. I use Franky with patched pdb_ads
and it's enough for me to have nslcd (also patched with striped SID domain prefix
+ some base rid).
I have no domains trusts so this is enough for me.
Cheers,
Luf
Fri, May 04, 2012 at 11:21:13AM +0200, steve napsal(a):
> One other thing:
> With winbind, do I have to have my home directories where winbind
> tells me? ie whatever wbinfo -i user gives?
sorry I have no idea. Let's try and you'll see.
> With winbind, do I have to have my home directories where winbind
> tells me? ie whatever wbinfo -i user gives?
As I wrote some time ago I don't use winbind. I use Franky with patched pdb_ads
and it's enough for me to have nslcd (also patched with striped SID domain prefix
+ some base rid).
I have no domains trusts so this is enough for me.
Cheers,
Luf
steve
May 4, 2012, 6:30:01 AM5/4/12
to
On 05/04/2012 11:43 AM, Ludek Finstrle wrote:
> Hi
>
> Fri, May 04, 2012 at 11:21:13AM +0200, steve napsal(a):
>> One other thing:
>> With winbind, do I have to have my home directories where winbind
>> tells me? ie whatever wbinfo -i user gives?
> sorry I have no idea. Let's try and you'll see.
> As I wrote some time ago I don't use winbind. I use Franky with patched pdb_ads
> and it's enough for me to have nslcd (also patched with striped SID domain prefix
> + some base rid).
> I have no domains trusts so this is enough for me.
>
> Cheers,
>
> Luf
Hi
> Hi
>
> Fri, May 04, 2012 at 11:21:13AM +0200, steve napsal(a):
>> One other thing:
>> With winbind, do I have to have my home directories where winbind
>> tells me? ie whatever wbinfo -i user gives?
> sorry I have no idea. Let's try and you'll see.
> As I wrote some time ago I don't use winbind. I use Franky with patched pdb_ads
> and it's enough for me to have nslcd (also patched with striped SID domain prefix
> + some base rid).
> I have no domains trusts so this is enough for me.
>
> Cheers,
>
> Luf
We don't use winbind either and we also use nslcd (what a superb piece
of kit). We simply store the rfc2307 attributes in the dn of the user or
group and have setup scripts to manipulate uses and groups in this way.
All I'm looking for is an altrernative to the file sever that ships with
S4 at the moment. I think the new fileserver will become stable soon.
Just looking at the possibilites for having something now rather than
wait. Franky on the same box is attractive.
Cheers,
Steve
Andrew Bartlett
May 8, 2012, 12:30:03 AM5/8/12
to
On Fri, 2012-05-04 at 12:27 +0200, steve wrote:
> Hi
> We don't use winbind either and we also use nslcd (what a superb piece
> of kit). We simply store the rfc2307 attributes in the dn of the user or
> group and have setup scripts to manipulate uses and groups in this way.
> All I'm looking for is an altrernative to the file sever that ships with
> S4 at the moment. I think the new fileserver will become stable soon.
> Just looking at the possibilites for having something now rather than
> wait. Franky on the same box is attractive.
Steve,
> Hi
> We don't use winbind either and we also use nslcd (what a superb piece
> of kit). We simply store the rfc2307 attributes in the dn of the user or
> group and have setup scripts to manipulate uses and groups in this way.
> All I'm looking for is an altrernative to the file sever that ships with
> S4 at the moment. I think the new fileserver will become stable soon.
> Just looking at the possibilites for having something now rather than
> wait. Franky on the same box is attractive.
Attempting to run Franky at this point will give you more, not less
pain. There isn't some magic solution that we are hiding from you.
We are working to allow smbd to become the default file server in Samba
4.0, and have added the --use-s3fs option to provision to allow early
adopters to test it for us.
However, we do not recommend it at this stage, as in particular it fails
to correctly set ACLs for group policy objects. This is the last issue
we hope that is blocking us changing, but in the meantime switching to
'Franky' won't solve these issues as they are common to any use of smbd
in a Samba4 AD DC. If you do, you will instead bring up other issues
that we have spent the time since the Franky proposal was made
correcting or working around (such as not using the correct
authentication plugins, needing to manually forward the correct pipes
etc).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
steve
May 8, 2012, 2:50:02 AM5/8/12
to
On 05/08/2012 06:24 AM, Andrew Bartlett wrote:
> On Fri, 2012-05-04 at 12:27 +0200, steve wrote:
>
>> Hi
>> We don't use winbind either and we also use nslcd (what a superb piece
>> of kit). We simply store the rfc2307 attributes in the dn of the user or
>> group and have setup scripts to manipulate uses and groups in this way.
>> All I'm looking for is an altrernative to the file sever that ships with
>> S4 at the moment. I think the new fileserver will become stable soon.
>> Just looking at the possibilites for having something now rather than
>> wait. Franky on the same box is attractive.
> Steve,
>
> Attempting to run Franky at this point will give you more, not less
> pain. There isn't some magic solution that we are hiding from you.
>
> We are working to allow smbd to become the default file server in Samba
> 4.0, and have added the --use-s3fs option to provision to allow early
> adopters to test it for us.
>
> However, we do not recommend it at this stage, as in particular it fails
> to correctly set ACLs for group policy objects.
Hi Andrew
> On Fri, 2012-05-04 at 12:27 +0200, steve wrote:
>
>> Hi
>> We don't use winbind either and we also use nslcd (what a superb piece
>> of kit). We simply store the rfc2307 attributes in the dn of the user or
>> group and have setup scripts to manipulate uses and groups in this way.
>> All I'm looking for is an altrernative to the file sever that ships with
>> S4 at the moment. I think the new fileserver will become stable soon.
>> Just looking at the possibilites for having something now rather than
>> wait. Franky on the same box is attractive.
> Steve,
>
> Attempting to run Franky at this point will give you more, not less
> pain. There isn't some magic solution that we are hiding from you.
>
> We are working to allow smbd to become the default file server in Samba
> 4.0, and have added the --use-s3fs option to provision to allow early
> adopters to test it for us.
>
> However, we do not recommend it at this stage, as in particular it fails
> to correctly set ACLs for group policy objects.
Please give us the smb.conf settings for s3fs. We can't continue with
the ntvfs server as it is so at least we can give it a go.
Cheers,
Steve
Andrew Bartlett
May 8, 2012, 4:30:03 AM5/8/12
to
correct:
https://wiki.samba.org/index.php/Samba4/s3fs#Starting_s3fs
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
steve
May 8, 2012, 5:50:03 AM5/8/12
to
No go:-(
New git: Version 4.0.0alpha21-GIT-e8e5afd on Ubuntu 12.04
provision --use-s3fs --realm=polop.site --domain=CACTUS
--adminpass=Pass@w0rd --server-role=dc
get_nt_acl_no_snum: fset_nt_acl returned zero.
ProvisioningError: Your filesystem or build does not support posix ACLs,
s3fs is unworkable in this mode
So tried:
./configure.developer --with-acl-support
Still will not provision.
We are using posix acls fine:
mount
/dev/sda1 on / type ext4 (rw,errors=remount-ro,acl,user_xattr)
What have I done wrong?
Cheers,
Steve
Andrew Bartlett
May 8, 2012, 8:20:01 AM5/8/12
to
configure time. Install libacl-devel (or equivalent) and rebuild.
I added exactly this check to ensure that you quickly find and fix this
issue, rather than wasting time wondering 'why does this not work'.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
steve
May 8, 2012, 1:10:02 PM5/8/12
to
Thanks. libacl1-dev got us there: Ubuntu LTS
It's much more predictable than ntvfs but:
A share set up 0750 root:staff can be entered by anyone, staff group
member or not. A file 0660 root staff is not accessible by a staff
member. Ahhgghh!!
The same share via nfs to Linux works as expected.
Maybe this is still too early to test?
Cheers,
Steve
Andrew Bartlett
May 8, 2012, 6:20:02 PM5/8/12
to
On Tue, 2012-05-08 at 19:05 +0200, steve wrote:
> On 08/05/12 14:11, Andrew Bartlett wrote:
> > On Tue, 2012-05-08 at 11:39 +0200, steve wrote:
> >> On 05/08/2012 10:19 AM, Andrew Bartlett wrote:
> >>> On Tue, 2012-05-08 at 08:45 +0200, steve wrote:
> >>>> On 05/08/2012 06:24 AM, Andrew Bartlett wrote:
> >>>>> On Fri, 2012-05-04 at 12:27 +0200, steve wrote:
> >>>>>
>
> > This will only happen if you do not have the acl headers available at
> > configure time. Install libacl-devel (or equivalent) and rebuild.
> >
> > I added exactly this check to ensure that you quickly find and fix this
> > issue, rather than wasting time wondering 'why does this not work'.
> >
> Hi
> Thanks. libacl1-dev got us there: Ubuntu LTS
>
> It's much more predictable than ntvfs but:
>
> A share set up 0750 root:staff can be entered by anyone, staff group
> member or not. A file 0660 root staff is not accessible by a staff
> member. Ahhgghh!!
>
> The same share via nfs to Linux works as expected.
>
> Maybe this is still too early to test?
My understanding is that we honour any ACL set by the NTVFS server
> On 08/05/12 14:11, Andrew Bartlett wrote:
> > On Tue, 2012-05-08 at 11:39 +0200, steve wrote:
> >> On 05/08/2012 10:19 AM, Andrew Bartlett wrote:
> >>> On Tue, 2012-05-08 at 08:45 +0200, steve wrote:
> >>>> On 05/08/2012 06:24 AM, Andrew Bartlett wrote:
> >>>>> On Fri, 2012-05-04 at 12:27 +0200, steve wrote:
> >>>>>
>
> > This will only happen if you do not have the acl headers available at
> > configure time. Install libacl-devel (or equivalent) and rebuild.
> >
> > I added exactly this check to ensure that you quickly find and fix this
> > issue, rather than wasting time wondering 'why does this not work'.
> >
> Hi
> Thanks. libacl1-dev got us there: Ubuntu LTS
>
> It's much more predictable than ntvfs but:
>
> A share set up 0750 root:staff can be entered by anyone, staff group
> member or not. A file 0660 root staff is not accessible by a staff
> member. Ahhgghh!!
>
> The same share via nfs to Linux works as expected.
>
> Maybe this is still too early to test?
first, but that of course the NTVFS server didn't set posix ACLs to
match. If you change it via the Windows GUI, it should change both
now.
As to a share 0660 - indeed, no user/group should be able to enter that
directory, as no user/group (except the owner, by override rights) has
the right to enter it.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
steve
May 9, 2012, 3:00:01 AM5/9/12
to
I'm not sure that's correct. As I understand, a file with 0660 should
have group rw. However, under xp and win7 the same file gets 'Access is
denied' for group members. Also, a 0750 share should allow only group
members to enter. Under windows, anyone can enter, group member or not.
Does s3fs understand Linux permissions right now?
Can I control access using s3fs?
Cheers,
Steve
0 new messages