headers
Martin Koeppe | 1 Dec 2005 14:18
Picon
Picon

interoperability between samba, linux-cifs, cywgin and sfu


Hello,

[please cc me on replies]

while playing around with a Windows server (2003), a Linux server 
(2.6.11) with Samba (3.0.14a) and a Windows client (2000) with both 
Interix Services for Unix (SFU) (3.5) and Cygwin (1.5.19pre20051130) 
installed, I encountered the following problems or inconsistencies 
when using on the one hand SFU and Cygwin on Windows and Samba network 
shares, and on the other hand when using linux-cifs on Windows shares, 
where locally Cygwin or SFU are used.

Most of these problems have been already discussed, and some of them 
have been solved in between, but I'm cross-posting this summary now to 
all lists involved on that, I hope at least.

Here interoperability is meant as storing special unix file attributes 
(special files, mode bits and user/group ids) in such a way, that they 
ideally are interpreted in the same way by all Windows<->Unix 
connecting software.

(I have marked in [], which of the software mentioned in this mail's 
subject I think should be changed for better interoperability.)

1. storage of special files such as symlinks, fifos, devs  [all]
================================================================

The way that SFU stores these special files, I tried to explore at:
http://lists.samba.org/archive/linux-cifs-client/2005-May/000856.html
(Continue reading)

Permalink | Reply | 9 comments |
headers
Emmanuel Florac | 1 Dec 2005 15:05
Favicon

Acls bite again.


I'm still struggling to find a way to read the ACLs from a CIFS share
(from a windows server or a NetApp). Is there any way to achieve this ?

I'm OK to study the source code and write a patch if someone thinks it
possible to write a (even temporary and ugly) hack for that (mapping
windows ACLs to POSIX ACLs would be OK).

--

-- 
----------------------------------------
Emmanuel Florac     |   Intellique
----------------------------------------
Permalink | Reply | 2 comments |
headers
Steven French | 1 Dec 2005 17:20
Picon
Favicon

Re: Acls bite again.

It is possible, and probably not even that hard to map the two (Samba already has such code for the reverse case) - I can get you started, but I am swamped.

Jeremy Allison did a talk a few years ago on the topic of comparing POSIX to Windows ACLs (actually there is more than one flavor of Windows ACLs) and concluded it is reasonable to do such a mapping albeit with a small amount of lost information as the Windows ACLs are richer than POSIX ACLs in function - fortunately in the Linux client case this is not as much of a problem as POSIX ACLs are a subset of the Windows ACL function (Samba server has a harder job) so the only issue is that there are Windows ACLs which are hard to represent perfectly in POSIX ACLs - but if the primary guy writing and reading them are the remote clients you are probably ok.

Take a look at the tool smbcacls in the samba tree as well.


Steve French
Senior Software Engineer
Linux Technology Center - IBM Austin
phone: 512-838-2294
email: sfrench at-sign us dot ibm dot com
Emmanuel Florac <eflorac <at> intellique.com>


          Emmanuel Florac <eflorac <at> intellique.com>
          Sent by: linux-cifs-client-bounces+sfrench=us.ibm.com <at> lists.samba.org

          12/01/2005 08:05 AM

To
linux-cifs-client <at> lists.samba.org

cc

Subject
[linux-cifs-client] Acls bite again.


I'm still struggling to find a way to read the ACLs from a CIFS share
(from a windows server or a NetApp). Is there any way to achieve this ?

I'm OK to study the source code and write a patch if someone thinks it
possible to write a (even temporary and ugly) hack for that (mapping
windows ACLs to POSIX ACLs would be OK).

--
----------------------------------------
Emmanuel Florac     |   Intellique
----------------------------------------

_______________________________________________
linux-cifs-client mailing list
linux-cifs-client <at> lists.samba.org
https://lists.samba.org/mailman/listinfo/linux-cifs-client

_______________________________________________
linux-cifs-client mailing list
linux-cifs-client <at> lists.samba.org
https://lists.samba.org/mailman/listinfo/linux-cifs-client
Permalink | Reply | 1 comment |
headers
Emmanuel Florac | 1 Dec 2005 17:45
Favicon

Re: Acls bite again.

Le Thu, 1 Dec 2005 10:20:09 -0600
Steven French <sfrench <at> us.ibm.com> écrivait:

> 
> It is possible, and probably not even that hard to map the two (Samba
> already has such code for the reverse case) - I can get you started,
> but I am swamped.

I sort of understood that already  :)

> ... so the only issue is that there are Windows ACLs which are hard
> to represent perfectly in POSIX ACLs - but if the primary guy
> writing and reading them are the remote clients you are probably ok.

Excellent. The way the Samba server represents windows ACLs is "good
enough" for me. Would you by any chance know where in the samba source
tree the windows ACLS-to-POSIX ACLs mapping is done, so I can "reverse"
it as accurately as possible ?

> Take a look at the tool smbcacls in the samba tree as well.
> 

Arrrrgh. I didn't know this tool, and it would have saved me countless
headaches.

I'm trying to achieve something that sounds all simple and easy, and
would be useful to almost all and every samba users out there :
first backup a window machine _from_the_samba_server_, files and ACLs. 
Then be able to share the saved files with samba, still preserving the
ACLs. 
I think backing up the files first (using rsync or whatever), then the
ACLs in a second pass will be a fine start. However I need to get the
windows->POSIX mapping right, so that the samba server simulates
accurately the windows share the other way around (was it clear? hum..)

--

-- 
----------------------------------------
Emmanuel Florac     |   Intellique
----------------------------------------
Permalink | Reply | 0 comments |
headers
Steven French | 1 Dec 2005 17:58
Picon
Favicon

Re: [linux-cifs-client] interoperability between samba, linux-cifs, cywgin and sfu


Thanks for the useful summary.

>The CreateHardLink() Windows API function isn't apparently able to
>create hardlinks on network drives,

Windows does support hardlinks over the network of course (via CIFS).   I
expect that they handle this from the Win32 API via a flag on the rename
API call.

Steve French
Senior Software Engineer
Linux Technology Center - IBM Austin
phone: 512-838-2294
email: sfrench at-sign us dot ibm dot com
Permalink | Reply | 0 comments |
headers
Martin Koeppe | 2 Dec 2005 13:19
Picon
Picon

Re: interoperability between samba, linux-cifs, cywgin and sfu


[please cc me on replies]

On Thu, 1 Dec 2005, Martin Koeppe wrote:

> 8. CreateHardLink() Windows API  [cygwin] [ActivePerl]
> ======================================================
>
> The CreateHardLink() Windows API function isn't apparently able to create 
> hardlinks on network drives, whereas with the sfu ln utility, you can. Both 
> C:\sfu\common\ln.exe and C:\sfu\bin\ln work, where the former seems to call 
> the latter internally. As CreateHardLink() is used by cygwin (and ActivePerl, 
> too), you cannot with these.

I just verified that CreateHardLink() works correctly on network 
drives, IF you use WinXP or Win2003. I tested successfully WinXP-SP2 
and Win2003-SP0.

On Win2000-SP4 however, it does not work. :-(

Thank you, Corinna.

Martin
Permalink | Reply | 0 comments |
headers
Amadeu Andrade Barbosa Junior | 5 Dec 2005 16:14
Picon

Re: Re: Problems with cifs, samba, pam and ldap]

Hi Folks,

I am still stuck with my cifs/samba/ldap problem. Summarizing my answers
to Steven's questions:

> Does anything change if you try from a different client e.g.
>"smbclient //IP_SAMBA_SERVER/user -U user%BLA"
> or is it a similar error?  

With smbclient, things appear to work. I am able to list files at the
prompt with ls.

>Does trying:
>"mount -t cifs //IP_SAMBA_SERVER/user /tmp/user -o
>username=user,password=BLA,domain=DCC"
>(ie adding the domain name) make any difference?   

No, it doesn't.

> On the server have you verified that the account
>exists from the local systems perspective, not just from the Samba/LDAP
>perspective(e.g. you can su to the account)?

Yes, I can su to 'poxxxa' account.

Can anyone suggest something I could do to direct me towards the
solution. I am willing to try anything to get this working. I am
currently using smb with my 200 users and I get all sorts of problems
with permissions and file size reporting. That's why I am keen to move
into Cifs which someone told me could solve my problems. But I am stuck
on this permission problem.

--
|> Amadeu Jr. :: Estudante de Ciência da Computação - UFBa
                 Bolsista da Rede do DCC/UFBa - www.dcc.ufba.br
|> Mensagem :: "A desobediência é uma virtude necessária à criatividade"
Permalink | Reply | 0 comments |
headers
Steven French | 5 Dec 2005 18:24
Picon
Favicon

Re: feature request, please forward to: cifs vfs

> apologies if this has been considered before, also for not opening a
> bugzilla account.  please consider adding a mount flag "intr" as in
> nfs, also an option to time out on reads.

cifs vfs does support hard/soft mount options which are helpful for some of the same reasons as intr, but I did not add an intr because I was not certain its effect on the tcp socket write api and I was not certain that the nfs approach to timing out requests would translate perfectly to the way wait_event is used in fs/cifs/transport.c SendReceive and SendReceive2

CIFS Reads of course do time out (15 seconds IIRC) see fs/cifs/transport.c the calls to wait_event - but until very recently (cifs version 1.39a) the wait queue was not woken up often enough when only a single process was accessing the mount - so requests could sit "ready to time out" but not actually waking up. This has changed recently - to have the notify thread wake up every 15 seconds and try to wakeup timedout requests (so could a bit more than 15 seconds depending on when the requests were sent to actually time out). Unfortunately there are a few cases (readdir for example) where the request will time out but retry (as if the "hard" mount option were specified). The cifs code does honor the "soft" (do not retry as much) mount option (which is the default) but only in the reconnection path (not in the case of a tcp and smb connnection which are still up - but the requests are timed out - cifs will retry those).

Steve French
Senior Software Engineer
Linux Technology Center - IBM Austin
phone: 512-838-2294
email: sfrench at-sign us dot ibm dot com

_______________________________________________
linux-cifs-client mailing list
linux-cifs-client <at> lists.samba.org
https://lists.samba.org/mailman/listinfo/linux-cifs-client
Permalink | Reply | 0 comments |
headers
Wagner, Chris (GEAE, CBTS | 5 Dec 2005 19:20
Picon

Re: [linux-cifs-client] interoperability between samba, linux-cifs,cywgin and sfu

Martin Koeppe wrote:
> A concrete problem on cygwin is that you can create device files, but
> these device files are shown as symlinks instead of as device files
> cygwin$ mkfifo myfifo && ls -l myfifo
> prw-rw-rw-  1 martin mkpasswd 102 Nov 30 23:09 myfifo
> The fifo is made correctly and shown as such, but has a file size of
> 102 which is <>0, so not, what I would have expected.
> It would be nice if Cygwin could store these files in the same way as
> SFU. And Samba could then convert the SFU method to real device and
> fifo files on the disk. For the cifs client, work has begun to include
> the SFU way:
> http://lists.samba.org/archive/linux-cifs-client/2005-November/001073.html
> The only thing one could discuss is how to store symlinks. Cygwin's
> symlinks can be followed in Windows Explorer, whereas SFU symlinks are
> more consistent, as they are named exactly the same on the
> underlying disk, no .lnk appended.

I would only point out that Cygwin does things this way to maintain
compatability with FAT32 which doesn't support magic file types on the disk. 
So the only way to do it is as normal files with special contents or
attributes.  I do believe however that Cygwin compiled apps (samba etc) will
respect Cygwin's magic files.

--

-- 
Chris Wagner
CBTS
GE Aircraft Engines
Chris.Wagner <at> ae.ge.com
Permalink | Reply | 2 comments |
headers
Steven French | 5 Dec 2005 19:39
Picon
Favicon

Re: interoperability between samba, linux-cifs, cywgin and sfu

> I would only point out that Cygwin does things this way to maintain
> compatability with FAT32 which doesn't support magic file types on the disk.
I believe that most of the SFU "magic file types" would work much the same
on FAT32 as they do on NTFS as they rely on
1) the system attribute (which FAT32 supports)
2) a small amount of file data indicating the type and e.g.
link target or device numbers (which should also work to FAT32)

The SFU approach to mode bits on the other hand would probably not work on FAT32
as it requires ACLs and sometimes OS/2 [NTFS] EAs - but it would be worth testing
to make sure (I am trying to find some FAT formatted USB storage around here,
I probably have some FAT formatted things somewhere).  Similarly hard links
probably don't won't with FAT32 as they do with NTFS.   Ideally cygwin like CIFS
would "fall back" to the more primitive mode of storing posix information if the
optimal ways do not work (ie cygwin can take a primitive fall back approach on
FAT32 that is worse than when on NTFS - it is easy for cygwin to tell which fs
it is on).


Steve French
Senior Software Engineer
Linux Technology Center - IBM Austin
phone: 512-838-2294
email: sfrench at-sign us dot ibm dot com

_______________________________________________
linux-cifs-client mailing list
linux-cifs-client <at> lists.samba.org
https://lists.samba.org/mailman/listinfo/linux-cifs-client
Permalink | Reply | 0 comments |

Gmane