[Samba] Samba 4 DC and member server, rfc3207, winbind, printing, asynchronous I/O - Problems and Fixes

L.P.H. van Belle belle at bazuin.nl
Tue Nov 19 01:48:25 MST 2013 

Try using the sernet samba packages. 
im using debian and ubuntu and im using this version.

smbd -V   :  Version 4.1.1-SerNet-Ubuntu-7.precise 

these do contain the aio 
/usr/lib/x86_64-linux-gnu/samba/vfs/aio_fork.so
/usr/lib/x86_64-linux-gnu/samba/vfs/aio_posix.so
/usr/lib/x86_64-linux-gnu/samba/vfs/aio_pthread.so


Louis



>-----Oorspronkelijk bericht-----
>Van: busywater at gmail.com 
>[mailto:samba-bounces at lists.samba.org] Namens Kinglok, Fong
>Verzonden: dinsdag 19 november 2013 7:53
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] Samba 4 DC and member server, rfc3207, 
>winbind, printing, asynchronous I/O - Problems and Fixes
>
>Dear all,
>
>After 4 days of sleepless nights, I have manged to rebuild the 
>samba farm.  I believe the following discovery might interest 
>our samba community.
>
>------------------------------------------------
>System setting:
>I have deployed samba 4.1.0 system for my working 
>organisation.  It comprised of 2 DCs and 1 member server.
>2 DCs maintains AD for login and the member server host files 
>for user access.
>
>The installation of DCs and member server follows the samba 
>corresponding official how-tos.  For flawless file access, the 
>domain provision was done with RFC2307 in DCs. 
>------------------------------------------------
>Note:
>1.  Effective GID of AD users:  It is a must that all users 
>are added through ADUC in way that Unix attributes like UID 
>and GID are added also.  I have to repeat that the effective 
>GID of the user follow the user’s primary *AD* group.  Merely 
>changing group setting in the tab Unix Attributes will not 
>work!  (This should be added to the member server how-to!).
>
>2.  GID range suggestion:  The default group of AD user is 
>Domain User whose GID should be setup through ADUC.  I 
>recommend the GID should be more than 1000 in order not to 
>clash with the system group in unix side.
>
>3.  Printing bug report:  In order to access files in the 
>member server, it is a must for me to assign UID to 
>administrator and its group Domain Admin with another GID.  
>However, I discover, when adding print driver following the 
>Samba 4 Printing how-to, there is always an error of 
>0x0000001f error.  After digging in the log level 10, the 
>print driver upload involves access to a LDB file situated in 
>/usr/local/samba/private/sam.ldb.d.  The user should be 
>Administrator (as I login as administration in windows 
>client).  Through mapping uid and gid through rfc2307, the 
>effective uid is 6000 and its gid is 3085.  This in turn 
>create problem in access the directory and cannot edit the LDB 
>file.  This cause failure in adding print driver.  Is it a bug?
>
>In fact, there is a bug report about it:
>https://bugzilla.samba.org/show_bug.cgi?id=10089
>
>Now, there is no other bug but do a dirty fix:
>chmod 755 /usr/local/samba/private/sam.ldb.d
>
>The relevant log:
>[2013/11/19 12:00:05.530215,  2, pid=13968, effective(6000, 
>3085), real(6000, 0), class=ldb] 
>../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>  ldb: ltdb: 
>tdb(/usr/local/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATI
>ON,DC=SAMBA,DC=FOO,DC=EDU,DC=HK.ldb): tdb_open_ex: could not 
>open file 
>/usr/local/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,D
>C=SAMBA,DC=FOO,DC=EDU,DC=HK.ldb: Permission denied
>[2013/11/19 12:00:05.530236, 10, pid=13968, effective(6000, 
>3085), real(6000, 0), class=ldb] 
>../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>  ldb: ldb_asprintf/set_errstring: Unable to open tdb 
>'/usr/local/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,
>DC=SAMBA,DC=FOO,DC=EDU,DC=HK.ldb'
>[2013/11/19 12:00:05.530248,  1, pid=13968, effective(6000, 
>3085), real(6000, 0), class=ldb] 
>../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>  ldb: Unable to open tdb 
>'/usr/local/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,
>DC=SAMBA,DC=FOO,DC=EDU,DC=HK.ldb'
>[2013/11/19 12:00:05.530260,  1, pid=13968, effective(6000, 
>3085), real(6000, 0), class=ldb] 
>../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>  ldb: Failed to connect to 
>'/usr/local/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,
>DC=SAMBA,DC=FOO,DC=EDU,DC=HK.ldb' with backend 'tdb': Unable 
>to open tdb 
>'/usr/local/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,
>DC=SAMBA,DC=FOO,DC=EDU,DC=HK.ldb'
>[2013/11/19 12:00:05.530281,  0, pid=13968, effective(6000, 
>3085), real(6000, 0), class=ldb] 
>../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>  ldb: module partition initialization failed : Operations error
>
>
>4.  Asynchronous I/O - should update how-to:
>Reading “The Evolution of I/O in samba” by Mr. Jeremy Allison 
>has been enjoyable.  As an system administrator, I am tempted 
>to enable aio in my samba system.  When trying to do this, I 
>found out less information can be found how to enable aio in 
>samba 4.  Initially, I would love to enable vfs_aio_linux.  
>However, I cannot turn on the module and found out that the 
>relevant .so is not built even I have tried "apt-get install 
>libaio-dev" in my debian box.  I have no way but turn to 
>enable vfs_aio_pthread instead by the following smb.conf in 
>the member server:
>
>[global]
>   vfs objects = acl_xattr, aio_pthread
>   aio read size = 1024
>   aio write size = 1024
>
>The reading performance increases 30% in my test.  I think it 
>is worthwhile to amend it to the official how-to!  And please 
>tell how to build vfs_aio_linux in samba 4 in debian.
>
>Hope it helps.
>
>Kinglok, Fong
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list