[Samba] CIFS proxy

Andrew Bartlett abartlet at samba.org
Wed Aug 3 04:44:28 MDT 2011 

On Tue, 2011-07-26 at 19:34 -0300, Maximiliano Bertacchini wrote:
> On 22/07/11 20:40, Andrew Bartlett wrote:
> > On Fri, 2011-07-22 at 12:30 -0300, Maximiliano Bertacchini wrote:
> >> Hi. We managed to get samba 4 cifs proxy working with s4u2proxy auth in
> >> an AD environment. The problem is it won't let clients neither write
> >> files larger than 16441 bytes nor read files larger than 65536 bytes.
> >> For example, writing a 16641 byte file works ok, but writing a 16642
> >> byte (or larger) file fails:
> > My guess is that we are failing to clamp the maximum packet size when
> > doing SMB signing.  It seems Microsoft only signs the first 16641 (or
> > so) bytes of the packet, and not the 'extra large' packets that Samba
> > can support.
> >
> > If SMB signing is disabled (or perhaps enabled on both ends?) then this
> > should work, and confirm my theory.
> >
> > Andrew Bartlett
> >
> You're right. Turning off signing at the windows 2003 server did the 
> trick. It looks like it is now possible to write "large" files 
> correctly. Though I'm still not sure whether turning off smb signing is 
> secure enough. But we are still unable to read files larger than 64k 
> with smbclient.

Is this even with smb signing turned off?

> We're also getting a "cli_list_new: unable to parse name from info level 
> 260" when connecting with smbclient to the samba4 cifs proxy and doing 
> ls on a directory with hundreds of files. ls is ok in smaller directories.

Yeah, it sounds very much like the same thing.  Can you file a bug on
bugzilla.samba.org?  I'll be honest, the CIFS proxy code does not get a
lot of maintenance these days, but is still important to us, because it
allows things like what you are doing.  

I do hope to at least get some time to properly investigate this, but
filing a bug will keep trace of it for longer.  In any case, see what
more you can find out, as doing so will keep reminding me about your
issue.

I'm sorry I can't be more help right now,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list