SMB proxy server using ntvfs cifs

Andrew Bartlett abartlet at
Thu Jan 28 08:54:39 UTC 2016

On Wed, 2016-01-27 at 15:11 +0000, Chris Miller wrote:
> Thanks Rowland,
> Sorry, the smbd, nmbd etc starts were just to demonstrate that the
> server worked in the non ntvfs mode and served content. After that
> step, and changing the smb.conf to include the 'server services =
> +smb - s3fs' lines,  it is run with ‘samba’ or 'samba -i’ only. 
> Would you mind clarifying the following please:
> Is it not possible to act as a cifs proxy (using
> source4/ntvfs/cifs/vfs_cifs.c) as a domain member?  

Yes, it can work as a domain member.  You may need to override the code
that stops it starting up, but that's not hard. 

> If not, is it possible in another configuration (AC DC or standalone
> etc) to use vfs_cifs?
> Can you only access vfs_cifs without  +smb -s3fs and ‘samba’
> The functionality in the ntvfs module cifs to proxy is the main
> driver and I don’t think its currently possible elsewhere...

Have a good look over the configurations generated by 'make test', in
the code under selftest/

> Many Thanks
> 0, Chris Miller wrote:
> > Hi,
> > > I am trying to get an ntvfs with cifs proxy server running with
> > > several failed attempts for a few days now and have hit some
> > > stumbling blocks. Preferably, I need to set up as a domain member
> > > as I wish to put an NTVFS module before the CIFS proxy to
> > > marshall file access as a proxy server (much like some of the vfs
> > > modules do at the endpoint).
> > > I can successfully join the domain by running winbind, nmbd and
> > > smdb and also get a basic share served to me :)
> > > If I start samba in ntvfs mode instead of smbd with the following
> > > lines in the smb.conf , I can’t list the shares any more and get
> > > blocked access. I get the following line below in the logs:
> > > [global]
> >   …
> > # these lines are toggled for samba with ntvfs or smb mode
> > > server services = +smb -s3fs +winbind
> > dcerpc endpoint servers = +winreg +srvsvc
> I don't think this going to work, you are starting winbind, nmbd, and
> smbd deamons and have added lines to smb.conf that belong in an AD DC
> smb.conf. Also ntvfs is, or rather was designed to be used only with
> the 
> samba deamon, was because it is now depreciated and could be removed
> at 
> any time.

Particularly if we have an active user of the cifs proxy, I would be
opposed to removing it.  We have stopped building it by default (mostly
so we don't have to rush security patches to folks who are just not
using the code), but this is still meant to work, and is working in our
test environment.

Andrew Bartlett

Andrew Bartlett             
Authentication Developer, Samba Team
Samba Developer, Catalyst IT

More information about the samba-technical mailing list