Chrooting samba - what is needed? / a way to run win2k with a 2.0.7 PDC (almost)

Samuel Greenfeld Gree3776 at rowan.edu
Sat Jul 15 17:03:45 GMT 2000


   For the fun of it, I tried starting our test samba PDC in a chroot() environment.   I have successfully gotten a copy of wu-ftpd running in this environment, and all the (known) dependancies of smbd and nmbd are in there.   However, I ran into a slight glitch I am having trouble tracking down.   

   Nmbd seems to have no problems.  But smbd (from 2.0.7) has a weird one.   It lets users log onto the server just fine.  Copying files with known names also works properly.  But when you try to list a directory, smbd will send the list, panic, and terminate the connection.   At the moment, no socket options are set, so the defaults are in use.  Only the copy of smbd and nmbd in the chroot'd area were running.   The same smbd and nmbd binaries have no problems when running in a non-chroot setup.


smbclient's response:
------------------
smb: \> ls
(directory listing goes here - *no* directory size total given)
Error in dskattr: code 0
smb: \> read_socket_with_timeout: timeout read. read error = Broken pipe.
Broken pipe
[command prompt outside of smbd]>

smb.machinename log (default debug level - I did some at level 9 if you really want to see those):
--------------------
[2000/07/15 11:49:55, 1] smbd/service.c:make_connection(550)
  testsys (127.0.0.1) connect to service public1 as user testuser (uid=10000, gid=1
000) (pid 24836)
[2000/07/15 11:49:55, 0] lib/fault.c:fault_report(40)
  ===============================================================
[2000/07/15 11:49:55, 0] lib/fault.c:fault_report(41)
  INTERNAL ERROR: Signal 11 in pid 24836 (2.0.7)
  Please read the file BUGS.txt in the distribution
[2000/07/15 11:49:55, 0] lib/fault.c:fault_report(43)
  ===============================================================
[2000/07/15 11:49:55, 0] lib/util.c:smb_panic(2381)
  PANIC: internal error

log.smb (tells nothing at the default setting): 
[2000/07/15 12:28:39, 1] smbd/server.c:main(641)
  smbd version 2.0.7 started.
  Copyright Andrew Tridgell 1992-1998
[2000/07/15 12:28:39, 1] smbd/files.c:file_init(216)
  file_init: Information only: requested 10000 open files, 1014 are available.

  General layout:
/jail1
/jail1/var
/jail1/var/tmp
/jail1/var/run
/jail1/var/lock
/jail1/var/lock/samba
/jail1/var/spool
/jail1/var/spool/samba
/jail1/var/spool/samba/ece201
/jail1/var/spool/samba/ece238
/jail1/var/spool/samba/ecenull
/jail1/var/spool/lpd
/jail1/var/spool/lpd/ece201
/jail1/var/spool/lpd/ece238
/jail1/var/spool/lpd/ecenull
/jail1/var/log
/jail1/var/log/samba
/jail1/bin
/jail1/etc
/jail1/etc/pam.d
/jail1/etc/codepages
/jail1/lib
/jail1/lib/security
/jail1/dev (log, null, zero)
/jail1/usr
/jail1/usr/local
/jail1/usr/lib
/jail1/usr/bin
/jail1/usr/sbin
/jail1/usr/share
/jail1/usr/share/locale
/jail1/usr/share/locale/en_US
/jail1/usr/share/locale/en_US/LC_MESSAGES
/jail1/sbin
/jail1/tmp

   Is there some temporary file or area that I am not providing used when a directory is accessed?   This system also runs quotas - could there be a problem with that? 


   In other news, while I have not gotten my work with the CVS HEAD and TNG combination together working correctly, one thing I have discovered is that one can temporarily rename a samba MACHINE.SID file YOURDOM.SID, start up TNG instead of 2.0.7, and add any Windows 2000 boxes you have onto your network.  You can then rename YOURDOM.SID back to MACHINE.SID, startup 2.0.7, and the windows 2k machines will continue to respect samba as their domain controller (including profile support, although note it will merrily pull up NT4 profiles and their different start menus as well).   So if you only have to add win2k boxes to your system on rare occasion, this might be an alternative for you.

   Do this at your own risk, however: I have not fully tested this yet.  I'm probably also oversimplifying the process a bit.   Pardon me if this has been mentioned before.

   Sincerely,
   Samuel Greenfeld
   Electrical/Computer Engineering, Rowan University



More information about the samba-ntdom mailing list