SMB proxy server using ntvfs cifs

Chris Miller chris at
Thu Jan 28 11:34:37 UTC 2016

Thanks for this, vfs_cifs is really useful, perhaps removal when there is an alternative in the other modules...

On 28/01/2016, 08:54, "Andrew Bartlett" <abartlet at> wrote:

>On Wed, 2016-01-27 at 15:11 +0000, Chris Miller wrote:
>> Thanks Rowland,
>> Sorry, the smbd, nmbd etc starts were just to demonstrate that the
>> server worked in the non ntvfs mode and served content. After that
>> step, and changing the smb.conf to include the 'server services =
>> +smb - s3fs' lines,  it is run with ‘samba’ or 'samba -i’ only. 
>> Would you mind clarifying the following please:
>> Is it not possible to act as a cifs proxy (using
>> source4/ntvfs/cifs/vfs_cifs.c) as a domain member?  
>Yes, it can work as a domain member.  You may need to override the code
>that stops it starting up, but that's not hard. 
>> If not, is it possible in another configuration (AC DC or standalone
>> etc) to use vfs_cifs?
>> Can you only access vfs_cifs without  +smb -s3fs and ‘samba’
>> The functionality in the ntvfs module cifs to proxy is the main
>> driver and I don’t think its currently possible elsewhere...
>Have a good look over the configurations generated by 'make test', in
>the code under selftest/
>> Many Thanks
>> 0, Chris Miller wrote:
>> > Hi,
>> > > I am trying to get an ntvfs with cifs proxy server running with
>> > > several failed attempts for a few days now and have hit some
>> > > stumbling blocks. Preferably, I need to set up as a domain member
>> > > as I wish to put an NTVFS module before the CIFS proxy to
>> > > marshall file access as a proxy server (much like some of the vfs
>> > > modules do at the endpoint).
>> > > I can successfully join the domain by running winbind, nmbd and
>> > > smdb and also get a basic share served to me :)
>> > > If I start samba in ntvfs mode instead of smbd with the following
>> > > lines in the smb.conf , I can’t list the shares any more and get
>> > > blocked access. I get the following line below in the logs:
>> > > [global]
>> >   …
>> > # these lines are toggled for samba with ntvfs or smb mode
>> > > server services = +smb -s3fs +winbind
>> > dcerpc endpoint servers = +winreg +srvsvc
>> I don't think this going to work, you are starting winbind, nmbd, and
>> smbd deamons and have added lines to smb.conf that belong in an AD DC
>> smb.conf. Also ntvfs is, or rather was designed to be used only with
>> the 
>> samba deamon, was because it is now depreciated and could be removed
>> at 
>> any time.
>Particularly if we have an active user of the cifs proxy, I would be
>opposed to removing it.  We have stopped building it by default (mostly
>so we don't have to rush security patches to folks who are just not
>using the code), but this is still meant to work, and is working in our
>test environment.
>Andrew Bartlett
>Andrew Bartlett             
>Authentication Developer, Samba Team
>Samba Developer, Catalyst IT

More information about the samba-technical mailing list