[Samba] widelinks_warning - but unix extensions *are* off

[Thomas Werschlein]

> On 02.11.2015, at 20:25, Rowland Penny <rowlandpenny241155 at gmail.com> wrote:
> 
> On 02/11/15 17:08, Thomas Werschlein wrote:
>>> On 02.11.2015, at 16:25, Rowland Penny <rowlandpenny241155 at gmail.com> wrote:
>>> 
>>> Well he didn't write what I asked for, can you please post your entire smb.conf, please do not use testparm, please post as is (although you can sanitise any sensitive info)
>> Sorry, missed that part. Here we go.
>> Regards, Thomas
>> 
>> [global]
>>   available = yes
>>   smb2 leases = yes
>>   dbwrap_tdb_mutexes:* = yes
>> 
>>   fruit:resource = xattr
>>   kerberos method = system keytab
>> 
>>   smb ports = 445
>> 
>>   log level = 0
>>   log file =/usr/local/samba-4.2.5/var/logs_per_client/log.%m
>> 
>>   max open files = 262144
>> 
>>   realm = D.SOME.ORG.TLD
>>   workgroup = D
>>   security = ADS
>>   disable netbios = yes
>>   local master = no
>>   domain master = no
>> 
>>   host msdfs = no
>> 
>>   idmap config * : backend = tdb
>>   idmap config * : range = 1000000-1999999
>>   idmap config D : backend  = nss
>>   idmap config D : range = 1000-999999
>>   idmap negative cache time = 0
>> 
>>   netbios name = FSRV
>>   server signing = auto
>>   create mask = 0644
>>   server string =
>>   hide dot files = yes
>>   hide files = /Maildir/$RECYCLE.BIN/desktop.ini
>>   load printers = no
>>   printing = bsd
>>   printcap name = /dev/null
>>   deadtime = 15
>> 
>>   interfaces = 192.168.222.77/32
>>   bind interfaces only = yes
>> 
>>   unix extensions = no
>> 
>>   map untrusted to domain = yes
>> 
>>   username map script = /usr/local/samba-4.2.5/etc/samba/mapcomputers.sh
>> 
>>   shadow:snapdir = .zfs/snapshot
>>   shadow:sort = desc
>>   shadow:localtime = yes
>>   shadow:format = %Y%m%d%H%M
>>   wide links = yes
>> 
>>   vfs objects = full_audit
>>   full_audit:prefix = %u|%I|%m|%S
>>   full_audit:success = mkdir rename rmdir pwrite
>>   full_audit:failure = none
>>   full_audit:facility = LOCAL7
>>   full_audit:priority = NOTICE
>> 
>>   aio read size = 1
>>   aio write size =1
>> 
>> [homes]
>>   path = /pool1/home/%S
>>   read only = no
>>   browseable = no
>>   create mask = 0640
>>   directory mask = 0750
>>   ea support = yes
>>   store dos attributes = yes
>> 
>>   vfs objects = shadow_copy2 fruit streams_xattr zfsacl full_audit
>>   nt acl support = yes
>>   inherit acls = no
>> 
>> [group]
>>   read only = no
>>   path = /pool1/group
>>   hide unreadable = yes
>>   comment = Group spaces of %U
>>   create mask = 0660
>>   directory mask = 0770
>>   force create mode = 0660
>>   force directory mode = 0770
>>   ea support = yes
>>   store dos attributes = yes
>>   map archive = No
>>   map hidden = No
>>   map system = No
>>   map readonly = No
>>   vfs objects = fruit streams_xattr zfsacl
>>   acl map full control = False
>>   nt acl support = no
>>   inherit acls = no
>> 
>> [web]
>>   read only = no
>>   path = /pool1/web
>>   hide unreadable = yes
>>   comment = Web spaces
>>   create mask = 0664
>>   directory mask = 0775
>>   force create mode = 0664
>>   force directory mode = 0775
>>   ea support = yes
>>   store dos attributes = yes
>>   map archive = No
>>   map hidden = No
>>   map system = No
>>   map readonly = No
>>   vfs objects = zfsacl full_audit
>>   acl map full control = False
>>   nt acl support = no
>>   inherit acls = no
>> 
>> [data]
>>   path = /pool1/data
>>   hide unreadable = yes
>>   read only = no
>>   ea support = yes
>>   store dos attributes = yes
>>   map archive = No
>>   map hidden = No
>>   map system = No
>>   map readonly = No
>>   vfs objects = zfsacl full_audit
>>   acl map full control = False
>>   nt acl support = no
>>   inherit acls = no
>> 
>> 
> 
> 'unix extensions' is supposed to be set as a global option and if turned on, is supposed to automatically turn off 'wide links'. However 'wide links' has been set to on, but globally rather than on a share by share basis, this should turn off the warning message you are getting, but isn't. Perhaps the reason is the way you have set 'wide links', try using it on a share by share basis and see if it stops the messages. If that doesn't work, you could try adding 'allow insecure wide links' to the global section of your smb.conf
> 
> Rowland

Thanks for pointing out that 'wide links' is a per share option. We (mis-)used it as global option ever since samba 3.5.x, when the default for 'wide links' changed. Made it a share option now. I'll report back if it stopped the messages.

Best, Thomas