[Samba] : Win XP Client does not remove directories
Björn Mayer
bjoern.mayer at siempelkamp.com
Wed May 3 07:12:54 GMT 2006
Hi,
its me again. I have to post an addition to my problem described below.
Yesterday my error occured again on the same client, who had this
problem last time. I took the chance to do some network sniffing and
compared the traffic from the sometimes bad working client to a good
working client.
The interesting fact about this is now, that windows sends two different
types of delete requests ("Delete Directory Request (0x01)" and
"SET_FILE_INFO")
First of all here are the relevant captured packets from a well working
connection:
Info:
1. I tried to remove the folder "! Mitarbeiter-Pool\CA\C_493__" on the
share, which was an empty folder. Later on I also put a file into this
directory and did the same again from the not working PC.
2. The Samba-Server has the IP 172.20.6.252
--------------------------------------------------------------------------
No. Time Source Destination Protocol
Info
71 4.583519 172.20.6.223 172.20.6.252 SMB
Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path: \!
Mitarbeiter-Pool\CA\C_493__
Frame 71 (194 bytes on wire, 194 bytes captured)
Ethernet II, Src: 3com_47:11:02 (00:50:04:47:11:02), Dst: Dell_3d:d9:bc
(00:13:72:3d:d9:bc)
Internet Protocol, Src: 172.20.6.223 (172.20.6.223), Dst: 172.20.6.252
(172.20.6.252)
Transmission Control Protocol, Src Port: 1036 (1036), Dst Port:
microsoft-ds (445), Seq: 4040, Ack: 7618, Len: 140
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 72
SMB Command: Trans2 (0x32)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
Flags2: 0xc807
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2
Process ID: 2020
User ID: 103
Multiplex ID: 64643
Trans2 Request (0x32)
Word Count (WCT): 15
Total Parameter Count: 68
Total Data Count: 0
Max Parameter Count: 2
Max Data Count: 40
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 68
Parameter Offset: 68
Data Count: 0
Data Offset: 0
Setup Count: 1
Reserved: 00
Subcommand: QUERY_PATH_INFO (0x0005)
Byte Count (BCC): 71
Padding: 000000
QUERY_PATH_INFO Parameters
Level of Interest: Query File Basic Info (1004)
Reserved: 00000000
File Name: \! Mitarbeiter-Pool\CA\C_493__
############################################################################
No. Time Source Destination Protocol
Info
72 4.583845 172.20.6.252 172.20.6.223 SMB
Trans2 Response, QUERY_PATH_INFO
Frame 72 (158 bytes on wire, 158 bytes captured)
Ethernet II, Src: Dell_3d:d9:bc (00:13:72:3d:d9:bc), Dst: 3com_47:11:02
(00:50:04:47:11:02)
Internet Protocol, Src: 172.20.6.252 (172.20.6.252), Dst: 172.20.6.223
(172.20.6.223)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
1036 (1036), Seq: 7618, Ack: 4180, Len: 104
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 71
Time from request: 0.000326000 seconds
SMB Command: Trans2 (0x32)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x88
Flags2: 0xc841
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2
Process ID: 2020
User ID: 103
Multiplex ID: 64643
Trans2 Response (0x32)
Subcommand: QUERY_PATH_INFO (0x0005)
Word Count (WCT): 10
Total Parameter Count: 2
Total Data Count: 40
Reserved: 0000
Parameter Count: 2
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 40
Data Offset: 60
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 45
Padding: 00
QUERY_PATH_INFO Parameters
EA Error offset: 0
Padding: 0000
QUERY_PATH_INFO Data
Created: May 2, 2006 15:12:34.000000000
Last Access: May 2, 2006 15:13:17.000000000
Last Write: May 2, 2006 15:12:34.000000000
Change: May 2, 2006 15:12:34.000000000
File Attributes: 0x00000010
Unknown Data: 00000000
############################################################################
No. Time Source Destination Protocol
Info
73 4.584342 172.20.6.223 172.20.6.252 SMB
Delete Directory Request, Directory: \! Mitarbeiter-Pool\CA\C_493__
Frame 73 (156 bytes on wire, 156 bytes captured)
Ethernet II, Src: 3com_47:11:02 (00:50:04:47:11:02), Dst: Dell_3d:d9:bc
(00:13:72:3d:d9:bc)
Internet Protocol, Src: 172.20.6.223 (172.20.6.223), Dst: 172.20.6.252
(172.20.6.252)
Transmission Control Protocol, Src Port: 1036 (1036), Dst Port:
microsoft-ds (445), Seq: 4180, Ack: 7722, Len: 102
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 74
SMB Command: Delete Directory (0x01)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
Flags2: 0xc807
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2
Process ID: 65279
User ID: 103
Multiplex ID: 64707
Delete Directory Request (0x01)
Word Count (WCT): 0
Byte Count (BCC): 63
Buffer Format: ASCII (4)
Directory: \! Mitarbeiter-Pool\CA\C_493__
############################################################################
No. Time Source Destination Protocol
Info
74 4.584586 172.20.6.252 172.20.6.223 SMB
Delete Directory Response
Frame 74 (93 bytes on wire, 93 bytes captured)
Ethernet II, Src: Dell_3d:d9:bc (00:13:72:3d:d9:bc), Dst: 3com_47:11:02
(00:50:04:47:11:02)
Internet Protocol, Src: 172.20.6.252 (172.20.6.252), Dst: 172.20.6.223
(172.20.6.223)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
1036 (1036), Seq: 7722, Ack: 4282, Len: 39
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 73
Time from request: 0.000244000 seconds
SMB Command: Delete Directory (0x01)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x88
Flags2: 0xc801
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2
Process ID: 65279
User ID: 103
Multiplex ID: 64707
Delete Directory Response (0x01)
Word Count (WCT): 0
Byte Count (BCC): 0
############################################################################
No. Time Source Destination Protocol
Info
75 4.585639 172.20.6.252 172.20.6.223 SMB
NT Trans Response, <unknown>
Frame 75 (129 bytes on wire, 129 bytes captured)
Ethernet II, Src: Dell_3d:d9:bc (00:13:72:3d:d9:bc), Dst: 3com_47:11:02
(00:50:04:47:11:02)
Internet Protocol, Src: 172.20.6.252 (172.20.6.252), Dst: 172.20.6.223
(172.20.6.223)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
1036 (1036), Seq: 7761, Ack: 4282, Len: 75
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
SMB Command: NT Trans (0xa0)
NT Status: STATUS_NOTIFY_ENUM_DIR (0x0000010c)
Flags: 0x88
Flags2: 0xc801
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2
Process ID: 2020
User ID: 103
Multiplex ID: 61573
NT Trans Response (0xa0)
Function: <unknown function - could not find matching request>
Word Count (WCT): 18
Reserved: 000000
Total Parameter Count: 0
Total Data Count: 0
Parameter Count: 0
Parameter Offset: 0
Parameter Displacement: 0
Data Count: 0
Data Offset: 0
Data Displacement: 0
Setup Count: 0
Byte Count (BCC): 0
############################################################################
No. Time Source Destination Protocol
Info
77 4.597247 172.20.6.223 172.20.6.252 SMB
NT Trans Request, NT NOTIFY, FID: 0x222e
Frame 77 (142 bytes on wire, 142 bytes captured)
Ethernet II, Src: 3com_47:11:02 (00:50:04:47:11:02), Dst: Dell_3d:d9:bc
(00:13:72:3d:d9:bc)
Internet Protocol, Src: 172.20.6.223 (172.20.6.223), Dst: 172.20.6.252
(172.20.6.252)
Transmission Control Protocol, Src Port: 1036 (1036), Dst Port:
microsoft-ds (445), Seq: 4282, Ack: 7836, Len: 88
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
SMB Command: NT Trans (0xa0)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
Flags2: 0xc807
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2
Process ID: 2020
User ID: 103
Multiplex ID: 64773
NT Trans Request (0xa0)
Word Count (WCT): 23
Max Setup Count: 0
Reserved: 0000
Total Parameter Count: 0
Total Data Count: 0
Max Parameter Count: 32
Max Data Count: 0
Parameter Count: 0
Parameter Offset: 84
Data Count: 0
Data Offset: 0
Setup Count: 4
Function: NT NOTIFY (4)
NT NOTIFY Setup
Completion Filter: 0x00000003
FID: 0x222e
Watch Tree: Subdirectories also (1)
Reserved: 00
Byte Count (BCC): 3
Padding: 000000
--------------------------------------------------------------------------
The second ethereal-export shows the behaviour of the windows, which is
not able to delete directories. This means the following requests do not
cause a directory-remove-action in Samba :
--------------------------------------------------------------------------
No. Time Source Destination Protocol
Info
174 0.976613 172.20.6.213 172.20.6.252 SMB
NT Create AndX Request, Path: \! Mitarbeiter-Pool\CA\C_493__
Frame 174 (204 bytes on wire, 204 bytes captured)
Ethernet II, Src: Micro-St_40:c3:c2 (00:0c:76:40:c3:c2), Dst:
172.20.6.252 (00:13:72:3d:d9:bc)
Internet Protocol, Src: 172.20.6.213 (172.20.6.213), Dst: 172.20.6.252
(172.20.6.252)
Transmission Control Protocol, Src Port: 1031 (1031), Dst Port:
microsoft-ds (445), Seq: 6668, Ack: 25164, Len: 150
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 175
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
Flags2: 0xc807
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2
Process ID: 1424
User ID: 103
Multiplex ID: 22853
NT Create AndX Request (0xa2)
Word Count (WCT): 24
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 57054
Reserved: 00
File Name Len: 60
Create Flags: 0x00000010
Root FID: 0x00000000
Access Mask: 0x00110080
Allocation Size: 0
File Attributes: 0x00000000
Share Access: 0x00000007
Disposition: Open (if file exists open it, else fail) (1)
Create Options: 0x00204001
Impersonation: Impersonation (2)
Security Flags: 0x00
Byte Count (BCC): 63
File Name: \! Mitarbeiter-Pool\CA\C_493__
############################################################################
No. Time Source Destination Protocol
Info
175 0.976964 172.20.6.252 172.20.6.213 SMB
NT Create AndX Response, FID: 0x36c5
Frame 175 (161 bytes on wire, 161 bytes captured)
Ethernet II, Src: 172.20.6.252 (00:13:72:3d:d9:bc), Dst:
Micro-St_40:c3:c2 (00:0c:76:40:c3:c2)
Internet Protocol, Src: 172.20.6.252 (172.20.6.252), Dst: 172.20.6.213
(172.20.6.213)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
1031 (1031), Seq: 25164, Ack: 6818, Len: 107
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 174
Time from request: 0.000351000 seconds
SMB Command: NT Create AndX (0xa2)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x88
Flags2: 0xc801
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2
Process ID: 1424
User ID: 103
Multiplex ID: 22853
NT Create AndX Response (0xa2)
Word Count (WCT): 34
AndXCommand: No further commands (0xff)
Reserved: 00
AndXOffset: 0
Oplock level: No oplock granted (0)
FID: 0x36c5
Create action: The file existed and was opened (1)
Created: May 2, 2006 15:13:28.000000000
Last Access: May 2, 2006 15:16:22.000000000
Last Write: May 2, 2006 15:13:28.000000000
Change: May 2, 2006 15:13:28.000000000
File Attributes: 0x00000010
Allocation Size: 0
End Of File: 0
File Type: Disk file or directory (0)
IPC State: 0x0007
Is Directory: This is a DIRECTORY (1)
Byte Count (BCC): 0
############################################################################
No. Time Source Destination Protocol
Info
176 0.977041 172.20.6.213 172.20.6.252 SMB
Trans2 Request, SET_FILE_INFO, FID: 0x36c5
Frame 176 (135 bytes on wire, 135 bytes captured)
Ethernet II, Src: Micro-St_40:c3:c2 (00:0c:76:40:c3:c2), Dst:
172.20.6.252 (00:13:72:3d:d9:bc)
Internet Protocol, Src: 172.20.6.213 (172.20.6.213), Dst: 172.20.6.252
(172.20.6.252)
Transmission Control Protocol, Src Port: 1031 (1031), Dst Port:
microsoft-ds (445), Seq: 6818, Ack: 25271, Len: 81
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 177
SMB Command: Trans2 (0x32)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
Flags2: 0xc807
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2
Process ID: 1424
User ID: 103
Multiplex ID: 22917
Trans2 Request (0x32)
Word Count (WCT): 15
Total Parameter Count: 6
Total Data Count: 1
Max Parameter Count: 2
Max Data Count: 0
Max Setup Count: 0
Reserved: 00
Flags: 0x0000
Timeout: Return immediately (0)
Reserved: 0000
Parameter Count: 6
Parameter Offset: 68
Data Count: 1
Data Offset: 76
Setup Count: 1
Reserved: 00
Subcommand: SET_FILE_INFO (0x0008)
Byte Count (BCC): 12
Padding: 000000
SET_FILE_INFO Parameters
FID: 0x36c5
Level of Interest: Set Disposition Information (1013)
Reserved: 0000
Padding: 0000
SET_FILE_INFO Data
.... ...1 = Delete on close: DELETE this file when closed
############################################################################
No. Time Source Destination Protocol
Info
177 0.977400 172.20.6.252 172.20.6.213 SMB
Trans2 Response, SET_FILE_INFO
Frame 177 (116 bytes on wire, 116 bytes captured)
Ethernet II, Src: 172.20.6.252 (00:13:72:3d:d9:bc), Dst:
Micro-St_40:c3:c2 (00:0c:76:40:c3:c2)
Internet Protocol, Src: 172.20.6.252 (172.20.6.252), Dst: 172.20.6.213
(172.20.6.213)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
1031 (1031), Seq: 25271, Ack: 6899, Len: 62
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 176
Time from request: 0.000359000 seconds
SMB Command: Trans2 (0x32)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x88
Flags2: 0xc841
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2
Process ID: 1424
User ID: 103
Multiplex ID: 22917
Trans2 Response (0x32)
Subcommand: SET_FILE_INFO (0x0008)
Word Count (WCT): 10
Total Parameter Count: 2
Total Data Count: 0
Reserved: 0000
Parameter Count: 2
Parameter Offset: 56
Parameter Displacement: 0
Data Count: 0
Data Offset: 0
Data Displacement: 0
Setup Count: 0
Reserved: 00
Byte Count (BCC): 3
Padding: 00
SET_FILE_INFO Parameters
EA Error offset: 0
############################################################################
No. Time Source Destination Protocol
Info
178 0.977469 172.20.6.213 172.20.6.252 SMB
Close Request, FID: 0x36c5
Frame 178 (99 bytes on wire, 99 bytes captured)
Ethernet II, Src: Micro-St_40:c3:c2 (00:0c:76:40:c3:c2), Dst:
172.20.6.252 (00:13:72:3d:d9:bc)
Internet Protocol, Src: 172.20.6.213 (172.20.6.213), Dst: 172.20.6.252
(172.20.6.252)
Transmission Control Protocol, Src Port: 1031 (1031), Dst Port:
microsoft-ds (445), Seq: 6899, Ack: 25333, Len: 45
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response in: 179
SMB Command: Close (0x04)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x18
Flags2: 0xc807
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2
Process ID: 65279
User ID: 103
Multiplex ID: 22981
Close Request (0x04)
Word Count (WCT): 3
FID: 0x36c5
Last Write: No time specified (0xffffffff)
Byte Count (BCC): 0
############################################################################
No. Time Source Destination Protocol
Info
179 0.977836 172.20.6.252 172.20.6.213 SMB
Close Response
Frame 179 (93 bytes on wire, 93 bytes captured)
Ethernet II, Src: 172.20.6.252 (00:13:72:3d:d9:bc), Dst:
Micro-St_40:c3:c2 (00:0c:76:40:c3:c2)
Internet Protocol, Src: 172.20.6.252 (172.20.6.252), Dst: 172.20.6.213
(172.20.6.213)
Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port:
1031 (1031), Seq: 25333, Ack: 6944, Len: 39
NetBIOS Session Service
SMB (Server Message Block Protocol)
SMB Header
Server Component: SMB
Response to: 178
Time from request: 0.000367000 seconds
SMB Command: Close (0x04)
NT Status: STATUS_SUCCESS (0x00000000)
Flags: 0x88
Flags2: 0xc801
Process ID High: 0
Signature: 0000000000000000
Reserved: 0000
Tree ID: 2
Process ID: 65279
User ID: 103
Multiplex ID: 22981
Close Response (0x04)
Word Count (WCT): 0
Byte Count (BCC): 0
--------------------------------------------------------------------------
As i already said, I also put a file into the directory and "sniffed"
again on the bad working client. The difference there was, that the file
in the directory was removed first, also with the
"SET_FILE_INFO"-request. For the file this was successful, but again not
for the directory.
Here is the short-summary of Ethereal:
---------------------------------------------------------------------
No. Time Source Destination Protocol
Info
115 2.124587 172.20.6.213 172.20.6.252 SMB
NT Create AndX Request, Path: \! Mitarbeiter-Pool\CA\C_493__\password.bin
116 2.125090 172.20.6.252 172.20.6.213 SMB
NT Create AndX Response, FID: 0x3346
117 2.125127 172.20.6.213 172.20.6.252 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x3346, Query File Internal Info
118 2.125524 172.20.6.252 172.20.6.213 SMB
Trans2 Response, QUERY_FILE_INFO
119 2.125570 172.20.6.213 172.20.6.252 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x3346, Query File Basic Info
120 2.125959 172.20.6.252 172.20.6.213 SMB
Trans2 Response, QUERY_FILE_INFO
121 2.125994 172.20.6.213 172.20.6.252 SMB
Trans2 Request, QUERY_FILE_INFO, FID: 0x3346, Query File Standard Info
122 2.126392 172.20.6.252 172.20.6.213 SMB
Trans2 Response, QUERY_FILE_INFO
123 2.126497 172.20.6.213 172.20.6.252 SMB
Trans2 Request, SET_FILE_INFO, FID: 0x3346
124 2.126826 172.20.6.252 172.20.6.213 SMB
Trans2 Response, SET_FILE_INFO
125 2.126908 172.20.6.213 172.20.6.252 SMB
Close Request, FID: 0x3346
126 2.127686 172.20.6.252 172.20.6.213 SMB
NT Trans Response, <unknown>
127 2.127699 172.20.6.252 172.20.6.213 SMB
Close Response
128 2.127712 172.20.6.213 172.20.6.252 TCP
1368 > microsoft-ds [ACK] Seq=5090 Ack=9627 Win=64072 Len=0
129 2.127795 172.20.6.213 172.20.6.252 SMB
NT Trans Request, NT NOTIFY, FID: 0x3318
130 2.127970 172.20.6.213 172.20.6.252 SMB
NT Create AndX Request, Path: \! Mitarbeiter-Pool\CA\C_493__
131 2.128568 172.20.6.252 172.20.6.213 SMB
NT Create AndX Response, FID: 0x3347
132 2.128745 172.20.6.213 172.20.6.252 SMB
Trans2 Request, SET_FILE_INFO, FID: 0x3347
133 2.129425 172.20.6.252 172.20.6.213 SMB
Trans2 Response, SET_FILE_INFO
134 2.129488 172.20.6.213 172.20.6.252 SMB
Close Request, FID: 0x3347
135 2.129857 172.20.6.252 172.20.6.213 SMB
Close Response
---------------------------------------------------------------------
For everybody, who is interested, just write me and I will send you the
complete Ethereal files.
I would really appreciate to hear some reactions. (including comments,
like windows behaves just crazy :D )
Is this maybe already fixed in newer releases of Samba, that Samba now
reacts on the SET_FILE_INFO-Request for directories correctly? (my
version is 3.0.20b-3.4-SUSE)
Thanks in advance, Björn
P.S: Sorry for my english ;)
--------------------------------------------------------------------------
Björn Mayer schrieb:
> Hello mailinglist,
>
> I have a strange problem, which occurs sometimes on some WinXP clients.
> It is not 100% reproducable for me, but it returns regular.
>
> The problem is, that somehow a user can't delete a directory. All files
> in the directory will be removed successfully, but the directory itself
> not.
> Deleting with the Explorer or over the cmd-console returns in the same
> result.
> First the command seemed to be successful, but after one refresh all
> "deleted" folders are back again, because they aren't physically removed
> from the linux-box.
>
> I don't know, if it is an Samba or Windows Problem, because if i went to
> another XP machine and do exactly the same (including connecting with
> the same user and passwd) the folder will be removed successfully.
>
> Often one (sometimes more than one) restart on the "infected" PC will
> fix it there, too.
>
> All Win-Machines are XP with Service Pack 2.
>
> As i already said, i don't know whom to blame for that. On the one hand
> it seems to be a specific Windows-problem, because other machines does
> not show the same behaviour at the same time under nearly the same
> conditions.
> On the other hand nobody ever mentioned that with our old Win Server
> 2003 Fileserver, who is nowadays replaced by Samba.
>
> Any Ideas?
>
> My Linux-Box is a Suse Enterprise Server 9 with Samba Version
> 3.0.20b-3.4-SUSE.
>
> The following logfiles extracts show the log.smbd grep(ed) for the
> string "C_493____".
> What i have done there, is first the try to delete the folder "!
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms" on the share with the
> WinXP Explorer and then refreshed the Explorer's view.
>
> The first extract shows the successful operation with a well working
> client.
> ------------------------------------------------------------------------------------
>
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = -1) level=1004
> call=5 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = -1) level=1004
> call=5 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = -1) level=1005
> call=5 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = -1) level=1004
> call=5 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = -1) level=1004
> call=5 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = -1) level=1004
> call=5 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = -1) level=1005
> call=5 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = -1) level=1004
> call=5 total_data=0
> call_trans2qfilepathinfo ! Mitarbeiter-Pool/CA/C_493____/00_Gesamt
> (fnum = -1) level=1004 call=5 total_data=0
> creating new dirptr 256 for path !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt, expect_close = 1
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = -1) level=1004
> call=5 total_data=0
> creating new dirptr 256 for path !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms, expect_close = 1
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = -1) level=1004
> call=5 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = -1) level=1004
> call=5 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = -1) level=1005
> call=5 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = -1) level=1004
> call=5 total_data=0
> call_trans2qfilepathinfo ! Mitarbeiter-Pool/CA/C_493____ (fnum = -1)
> level=1004 call=5 total_data=0
> creating new dirptr 256 for path ! Mitarbeiter-Pool/CA/C_493____,
> expect_close = 1
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = -1) level=1004
> call=5 total_data=0
> creating new dirptr 256 for path !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms, expect_close = 1
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = -1) level=1004
> call=5 total_data=0
> rmdir ! Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms
> kernel_check_notify: kernel change notify on !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt fd[0]=30 (signals_received=1)
> kernel change notify on ! Mitarbeiter-Pool/CA/C_493____/00_Gesamt
> (ntflags=0x3 flags=0x1e) fd=30
> call_nt_transact_notify_change: notify change called on directory name
> = ! Mitarbeiter-Pool/CA/C_493____/00_Gesamt
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = -1) level=1004
> call=5 total_data=0
> creating new dirptr 256 for path !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV, expect_close = 1
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = -1) level=1004
> call=5 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = -1) level=1006
> call=5 total_data=0
> kernel change notify on !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (ntflags=0x17 flags=0x3e)
> fd=29
> call_nt_transact_notify_change: notify change called on directory name
> = ! Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV
> rmdir_internals: couldn't remove directory !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms : Datei oder Verzeichnis
> nicht gefunden
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = -1) level=1004
> call=5 total_data=0
> creating new dirptr 256 for path !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV, expect_close = 1
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = -1) level=1004
> call=5 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = -1) level=1004
> call=5 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = -1) level=1005
> call=5 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = -1) level=1004
> call=5 total_data=0
> call_trans2qfilepathinfo ! Mitarbeiter-Pool/CA/C_493____ (fnum = -1)
> level=1004 call=5 total_data=0
> creating new dirptr 256 for path ! Mitarbeiter-Pool/CA/C_493____,
> expect_close = 1
> call_trans2qfilepathinfo ! Mitarbeiter-Pool/CA/C_493____/00_Gesamt
> (fnum = -1) level=1004 call=5 total_data=0
> creating new dirptr 256 for path !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt, expect_close = 1
> creating new dirptr 256 for path !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt, expect_close = 1
> call_trans2qfilepathinfo ! Mitarbeiter-Pool/CA/C_493____ (fnum = 8572)
> level=1006 call=7 total_data=0
> creating new dirptr 256 for path ! Mitarbeiter-Pool/CA/C_493____,
> expect_close = 1
> unix_mode(! Mitarbeiter-Pool/CA/C_493____/00_Gesamt) returning 0766
> call_trans2qfilepathinfo ! Mitarbeiter-Pool/CA/C_493____/00_Gesamt
> (fnum = 8574) level=1004 call=7 total_data=0
> call_trans2qfilepathinfo ! Mitarbeiter-Pool/CA/C_493____/00_Gesamt
> (fnum = 8574) level=1005 call=7 total_data=0
> call_trans2qfilepathinfo ! Mitarbeiter-Pool/CA/C_493____/00_Gesamt
> (fnum = 8574) level=1004 call=7 total_data=0
> creating new dirptr 256 for path !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt, expect_close = 1
> unix_mode(! Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms) returning
> 0766
> ------------------------------------------------------------------------------------
>
>
>
> The second extract is the try from a "infected" machine.
> ------------------------------------------------------------------------------------
>
> unix_mode(! Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms) returning 0766
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = 8631) level=1004
> call=7 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = 8631) level=1005
> call=7 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = 8631) level=1004
> call=7 total_data=0
> unix_mode(! Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms) returning
> 0766
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = 8633) level=1004
> call=7 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = 8633) level=1005
> call=7 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = 8633) level=1004
> call=7 total_data=0
> unix_mode(! Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms) returning
> 0766
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = 8635) level=1004
> call=7 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = 8635) level=1005
> call=7 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = 8635) level=1004
> call=7 total_data=0
> unix_mode(! Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms) returning
> 0766
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = 8637) level=1004
> call=7 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = 8637) level=1005
> call=7 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = 8637) level=1004
> call=7 total_data=0
> creating new dirptr 256 for path !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt, expect_close = 1
> creating new dirptr 256 for path !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms, expect_close = 1
> unix_mode(! Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms) returning
> 0766
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = 8642) level=1004
> call=7 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = 8642) level=1005
> call=7 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum = 8642) level=1004
> call=7 total_data=0
> call_trans2qfilepathinfo ! Mitarbeiter-Pool/CA/C_493____ (fnum = 8645)
> level=1006 call=7 total_data=0
> creating new dirptr 256 for path ! Mitarbeiter-Pool/CA/C_493____,
> expect_close = 1
> creating new dirptr 256 for path !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms, expect_close = 1
> call_trans2setfilepathinfo(8) !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/Alarms (fnum 8647)
> info_level=1013 totdata=1
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = 8648) level=1006
> call=7 total_data=0
> creating new dirptr 256 for path !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV, expect_close = 1
> kernel change notify on !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (ntflags=0x17 flags=0x3e)
> fd=34
> call_nt_transact_notify_change: notify change called on directory name
> = ! Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV
> unix_mode(! Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV) returning
> 0766
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = 8651) level=1004
> call=7 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = 8651) level=1005
> call=7 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = 8651) level=1004
> call=7 total_data=0
> creating new dirptr 256 for path !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt, expect_close = 1
> unix_mode(! Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV) returning
> 0766
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = 8655) level=1004
> call=7 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = 8655) level=1005
> call=7 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = 8655) level=1004
> call=7 total_data=0
> creating new dirptr 256 for path !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt, expect_close = 1
> unix_mode(! Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV) returning
> 0766
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = 8659) level=1004
> call=7 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = 8659) level=1005
> call=7 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = 8659) level=1004
> call=7 total_data=0
> creating new dirptr 256 for path !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV, expect_close = 1
> unix_mode(! Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV) returning
> 0766
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = 8662) level=1004
> call=7 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = 8662) level=1005
> call=7 total_data=0
> call_trans2qfilepathinfo !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt/SP_CSV (fnum = 8662) level=1004
> call=7 total_data=0
> creating new dirptr 256 for path ! Mitarbeiter-Pool/CA/C_493____,
> expect_close = 1
> creating new dirptr 256 for path !
> Mitarbeiter-Pool/CA/C_493____/00_Gesamt, expect_close = 1
> ------------------------------------------------------------------------------------
>
>
> Thanks for every hint, Björn
More information about the samba
mailing list