Tim Potter | 1 Jul 03:55 2002
Picon

Proposed patch for DNS and name resolution related problems in appliance branch

I've put together some patches to solve some issues related to DNS and
name resolution issues within Samba.  They will probably go in to the
appliance branch, but I am keen for them to also be applied to HEAD.

The problem is that Samba is reliant on a working DNS server and
misconfigurations of DNS servers can affect the stability and usability
of Samba services.  smbd and winbindd both try and contact a DNS server
to resolve names, especially if the name is not in WINS and the default
name resolve order is used.  Broken DNS servers can cause the client
resolver to run through the full set of timeout/retries which can take up
to two minutes to return failure.  Samba then compounds this problem by
not remembering that the last lookup failed and keeps on trying.

I have coded up two solutions to this problem.  They are based on the
idea that a Samba server should be relatively independent of services it
cannot control.  If there is a DNS server problem, Samba should behave
gracefully and return an error to any Samba clients within a reasonable
period of time.

I know Jeremy initially wasn't keen on the resolve/retry stuff going in
to HEAD but maybe in the context of optimising name resolution he will
change his mind.  (-:

Tim.

1. Shorten the timeout and retry values used by the DNS resolver library

Many client resolver libraries contain a global struct in which live
retry and timeout fields that can be changed by application programs.
In Linux this structure can be stored in resolv.h  I propose two new
(Continue reading)

Nieminen, Jooel | 1 Jul 08:10 2002

VS: Default ACL dosn't work

I've had the exact same problem.
there has been no way to set samba use the rights.
only way around was to set inheritance on acl's and
permissions.
anyway, this does not prevent samba from setting itself
the file permissions.
it forces them to be owner, domain users, and everyone!
silly I say.
seems that the acl-code in samba is not really considered
as a solution but more as addin, sadly.
so can't have real NT connectivity on file-level yet with
samba.

cheers,
 Jooel

-----Alkuperäinen viesti-----
Lähettäjä: alex [mailto:alex <at> mountainviewdata.com]
Lähetetty: 30. kesäkuuta 2002 0541
Vastaanottaja: samba-technical <at> samba.org
Aihe: Fw: Default ACL dosn't work

 Hi,

I've a problem with the default ACL,  
 I'm using samba 2.2.3a and the lastest XFS & ACL patch.
I setted a default acl at console, it worked at local site, 
 I created a new file, and it inherited the default acl.

 But when I created a file from windows 2000, the file didn't
(Continue reading)

Noel Kelly | 1 Jul 09:56 2002
Picon

RE: Default ACL dosn't work

I had the default ACLs working fine with Samba - but I was using the ACL
patches from bestbits not XFS.

I tried XFS also but had a lot of problems creating a default ACL at all!
Eventual solution was to upgrade the ACL utilities to the latest version but
after I also had some disk corruption with XFS my enthusiasm for it waned
and I am back with EXT2/3.

Did you check that Samba had picked up the ACLs in the filesystem during the
configure?  I seem to remember that Samba does not pick XFS ACLs up if you
compile --with-pam?  Can you add multiple ACLs to a directory/file but find
it is only the default ACLs which don't work?

Noel

-----Original Message-----
From: Nieminen, Jooel [mailto:Jooel.Nieminen <at> gwspikval.com]
Sent: 01 July 2002 07:11
To: samba-technical <at> samba.org
Subject: VS: Default ACL dosn't work

I've had the exact same problem.
there has been no way to set samba use the rights.
only way around was to set inheritance on acl's and
permissions.
anyway, this does not prevent samba from setting itself
the file permissions.
it forces them to be owner, domain users, and everyone!
silly I say.
seems that the acl-code in samba is not really considered
(Continue reading)

Simo Sorce | 1 Jul 10:02 2002
Picon

Re: Proposed patch for DNS and name resolution related problems in appliance branch

On Mon, 2002-07-01 at 03:55, Tim Potter wrote:

> I know Jeremy initially wasn't keen on the resolve/retry stuff going in
> to HEAD but maybe in the context of optimising name resolution he will
> change his mind.  (-:
> 

I heartedly agree.
We need some kind of DNS caching both of positive and negative results.
Samba is yet overcomplicated sometimes due to stupid NetBIOS habbits,
and adding mis-configured DNS headaches to administrator is just foul.

It would perhaps be very interesting tough to make an independent module
that can be reused by other apps too, something like an advanced
resolver.
Only one thing, be sure not to cache which are DNS servers. I hate very
much applications (like galeon or mozilla) that do not mind checcking if
resolv.conf has changed, and stop working when I move my notebook from a
network to another one, or when I connect to a different provider.

Simo.

--

-- 
Simo Sorce
----------
Una scelta di liberta': Software Libero.
A choice of freedom: Free Software.
http://www.softwarelibero.it

(Continue reading)

Toomas Soome | 1 Jul 10:37 2002
Picon

RE: Proposed patch for DNS and name resolution related problems inappliance branch


Please keep in mind that there is ns cache on some platforms already
(solaris nscd etc), so this feature should be possible to be switched
off.

toomas 

> -----Original Message-----
> From: samba-technical-admin <at> lists.samba.org 
> [mailto:samba-technical-admin <at> lists.samba.org] On Behalf Of Simo Sorce
> Sent: Monday, July 01, 2002 11:03 AM
> To: Tim Potter
> Cc: samba-technical <at> lists.samba.org
> Subject: Re: Proposed patch for DNS and name resolution 
> related problems inappliance branch
> 
> 
> On Mon, 2002-07-01 at 03:55, Tim Potter wrote:
> 
> > I know Jeremy initially wasn't keen on the resolve/retry 
> stuff going 
> > in to HEAD but maybe in the context of optimising name 
> resolution he 
> > will change his mind.  (-:
> > 
> 
> I heartedly agree.
> We need some kind of DNS caching both of positive and 
> negative results. Samba is yet overcomplicated sometimes due 
> to stupid NetBIOS habbits, and adding mis-configured DNS 
(Continue reading)

Nieminen, Jooel | 1 Jul 10:45 2002

VS: Default ACL dosn't work

I'm using bestbits ACL-patch too.
got exchausted with the xfs.

about samba picking the acl, yes it did pick it up.

there is no other problem than making the default work.
even if I manually locally make some domain group to be the
default instead of domain users samba sets it to be "domain users"
next time I create or copy a file there.
if I then try to remove the "domain users" after added domain admins
and some other groups, I get access denied.

so, should it work or is this in-desing flaw?

Jooel

-----Alkuperäinen viesti-----
Lähettäjä: Noel Kelly [mailto:nkelly <at> tarsus.co.uk]
Lähetetty: 1. heinäkuuta 2002 1056
Vastaanottaja: 'Nieminen, Jooel'; samba-technical <at> samba.org
Aihe: RE: Default ACL dosn't work

I had the default ACLs working fine with Samba - but I was using the ACL
patches from bestbits not XFS.

I tried XFS also but had a lot of problems creating a default ACL at all!
Eventual solution was to upgrade the ACL utilities to the latest version but
after I also had some disk corruption with XFS my enthusiasm for it waned
and I am back with EXT2/3.

(Continue reading)

David Lee | 1 Jul 10:52 2002
Picon
Picon

Re: smbd

On Fri, 28 Jun 2002, Lupscha, Franc (AU - Sydney) wrote:

> I am running Samba 2.2.2 on SUN SPARC Solaris 8 (feb 2002) with all the
> latest patches.
> Samba appears to be running fine except that I get the following appearing
> in the "log.smbd" file .
> 
>  " yield_connection: tdb_delete for name  failed with error Record does not
> exist. "
> 
> Is this normal or is this a bug ?

I, too have seen that.  I don't recall whether it is normal or a bug.

But I do know that the early Samba 2.2.x (including 2.2.2) and Solaris
were not the happiest of companions, and I would strongly urge you to
migrate to a later release of Samba.  (My direct experience was that
2.2.3a was much better than 2.2.2;  I have heard that even this and 2.2.4
still had occasional problems under Solaris.  Not heard anything bad about
2.2.5/Solaris.)  So I'd suggest that you investigate 2.2.5 .

Hope that helps.

--

-- 

:  David Lee                                I.T. Service          :
:  Systems Programmer                       Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham                :
(Continue reading)

Ulf Bertilsson | 1 Jul 11:42 2002
Picon

RE: (no subject)

> I may think of a special option, to do that, but I do no 
> think we should do that by default.

I have learned that samba should report the files no mater sanity.
I had simular ideas to speed up things by i.e emulating explorer web
view thing.

Turning of "web view" speeds up things dramatic on my platform.

An dummy "desktop.ini" and some generic cached fileid to show
fancy icons would be nice, but brake stuff.

Then my os allow many strange filenames, how should that be dealt with ?

--
Ulf

Simo Sorce | 1 Jul 11:52 2002
Picon

RE: (no subject)

On Mon, 2002-07-01 at 11:42, Ulf Bertilsson wrote:
> An dummy "desktop.ini" and some generic cached fileid to show
> fancy icons would be nice, but brake stuff.

I would not make that.

> 
> Then my os allow many strange filenames, how should that be dealt with ?

We check if the filename is OK (do not have invalid chracters) yet, if
so we mangle it, but this a O(n) operation.

--

-- 
Simo Sorce
----------
Una scelta di liberta': Software Libero.
A choice of freedom: Free Software.
http://www.softwarelibero.it

Max Bidlingmaier | 1 Jul 12:30 2002
Picon
Picon

Samba and Netatalk

Hi!

I've got a Problem with the interaction between Samba and Netatalk. I 
compiled Samba with the --with_netatalk option for configure. I thought it 
should create the correct files in .AppleDouble but it doesn't.

Can anybody help me with this?

greets
max bidlingmaier


Gmane