[Samba] CIFS proxy
abartlet at samba.org
Wed Aug 3 04:44:28 MDT 2011
On Tue, 2011-07-26 at 19:34 -0300, Maximiliano Bertacchini wrote:
> On 22/07/11 20:40, Andrew Bartlett wrote:
> > On Fri, 2011-07-22 at 12:30 -0300, Maximiliano Bertacchini wrote:
> >> Hi. We managed to get samba 4 cifs proxy working with s4u2proxy auth in
> >> an AD environment. The problem is it won't let clients neither write
> >> files larger than 16441 bytes nor read files larger than 65536 bytes.
> >> For example, writing a 16641 byte file works ok, but writing a 16642
> >> byte (or larger) file fails:
> > My guess is that we are failing to clamp the maximum packet size when
> > doing SMB signing. It seems Microsoft only signs the first 16641 (or
> > so) bytes of the packet, and not the 'extra large' packets that Samba
> > can support.
> > If SMB signing is disabled (or perhaps enabled on both ends?) then this
> > should work, and confirm my theory.
> > Andrew Bartlett
> You're right. Turning off signing at the windows 2003 server did the
> trick. It looks like it is now possible to write "large" files
> correctly. Though I'm still not sure whether turning off smb signing is
> secure enough. But we are still unable to read files larger than 64k
> with smbclient.
Is this even with smb signing turned off?
> We're also getting a "cli_list_new: unable to parse name from info level
> 260" when connecting with smbclient to the samba4 cifs proxy and doing
> ls on a directory with hundreds of files. ls is ok in smaller directories.
Yeah, it sounds very much like the same thing. Can you file a bug on
bugzilla.samba.org? I'll be honest, the CIFS proxy code does not get a
lot of maintenance these days, but is still important to us, because it
allows things like what you are doing.
I do hope to at least get some time to properly investigate this, but
filing a bug will keep trace of it for longer. In any case, see what
more you can find out, as doing so will keep reminding me about your
I'm sorry I can't be more help right now,
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical