[Samba] Freebsd + Samba + Ldap + Acls -> No locking file

Dragon vwdragon at poczta.fm
Mon Aug 13 02:48:03 GMT 2007


Hello..

File server freebsd 6.2-STABLE + samba-3.0.25a + ldap + acls

Problem:

I've a situation where file locking does not seem to be functioning as expected, in that
more than one user can open and write to a file without any
notifications being displayed about the file already being opened by
another user.

I have two Windows XP clients accessing the same shared file, user1 has
the file open. User2 then opens the
same file, receiving no warnings about the file being open by another
user. File is modified by user1 and saved and remains open. File then
modified by user2 and saved. File closed and opened by user1 who
sees only modifications made by user2.

user1 (WinXP) open test2.ods

smbstatus:
Locked files:
Pid          Uid        DenyMode   Access      R/W        Oplock SharePath   Name   Time
--------------------------------------------------------------------------------------------------
14758        10004      DENY_WRITE 0x2019f     RDWR   EXCLUSIVE+BATCH /work/samba/bazafirm   test2.ods   Wed Aug  1 17:50:15
14758        10004      DENY_NONE  0x100001    RDONLY     NONE
/work/samba/bazafirm   .   Wed Aug  1 17:49:47

user2 (WinXP) open file:
smbstatus:
Locked files:
Pid          Uid        DenyMode   Access      R/W        Oplock SharePath   Name   Time
--------------------------------------------------------------------------------------------------
14787        10002      DENY_WRITE 0x2019f     RDWR   EXCLUSIVE+BATCH /work/samba/bazafirm   test2.ods   Wed Aug  1 17:55:38
14787        10002      DENY_NONE  0x100001    RDONLY     NONE /work/samba/bazafirm   .   Wed Aug  1 17:55:12


But when I use option "force user = root" tha file lock works OK!!!


smb.conf

[global]
   dos charset = cp852
   unix charset = iso8859-2
   display charset = iso8859-2
   workgroup = COSTAM.LOCAL
   netbios name = DRAGON
   server string = COSTAM LDAP PDC [on FreeBSD :: Samba server %v]
   interfaces = 192.168.50.254/24
   bind interfaces only = Yes
   security = USER
   encrypt passwords = Yes
   update encrypted = No
   client schannel = Auto
   server schannel = Auto
   allow trusted domains = Yes
   map to guest = Never
   null passwords = Yes
   obey pam restrictions = No
   password server = *
   smb passwd file = /usr/local/etc/samba/smbpasswd
   private dir = /usr/local/etc/samba
   passdb backend = ldapsam:ldap://127.0.0.1/
   algorithmic rid base = 1000
   guest account = nobody
   enable privileges = Yes
   pam password change = No
   passwd chat = *new*password* %n\n *new*password* %n\n *changed*
   passwd chat debug = No
   passwd chat timeout = 2
   check password script =
   password level = 0
   username level = 0
   unix password sync = No
   restrict anonymous = 0
   lanman auth = Yes
   ntlm auth = Yes
   client NTLMv2 auth = No
   client lanman auth = Yes
   client plaintext auth = Yes
   use kerberos keytab = No
   log level = 2
   syslog = 0
   syslog only = No
   log file = /var/log/samba/log.%m
   max log size = 100000
   debug timestamp = Yes
   debug prefix timestamp = No
   debug hires timestamp = No
   debug pid = No
   debug uid = No
   enable core files = Yes
   smb ports = 445 139
   large readwrite = Yes
   max protocol = NT1
   min protocol = CORE
   read bmpx = No
   read raw = Yes
   write raw = Yes
   disable netbios = No
   reset on zero vc = No
   acl compatibility = auto
   defer sharing violations = Yes
   nt pipe support = Yes
   nt status support = Yes
   announce version = 4.9
   announce as = NT
   max mux = 50
   max xmit = 16644
   name resolve order = wins bcast dns host
   max ttl = 259200
   max wins ttl = 518400
   min wins ttl = 21600
   time server = Yes
   unix extensions = Yes
   use spnego = Yes
   client signing = auto
   server signing = No
   client use spnego = Yes
   enable asu support = No
   deadtime = 0
   getwd cache = Yes
   keepalive = 300
   lpq cache time = 30
   max smbd processes = 0
   paranoid server security = Yes
   max disk size = 0
   max open files = 500
   open files database hash size = 10007
   socket options = SO_KEEPALIVE SO_BROADCAST TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 IPTOS_LOWDELAY
   use mmap = Yes
   hostname lookups = No
   name cache timeout = 660
   load printers = No
   printcap cache time = 750
   disable spoolss = No
   show add printer wizard = Yes
   mangling method = hash2
   mangle prefix = 1
   max stat cache size = 1024
   stat cache = Yes
   machine password timeout = 604800
   add user script = /usr/local/sbin/smbldap-useradd -m "%u"
   delete user script = /usr/local/sbin/smbldap-userdel "%u"
   add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
   delete group script = /usr/local/sbin/smbldap-groupdel "%g"
   add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
   delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
   set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
   add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
   logon script = logon.bat
   logon drive = H:
   logon home = \\%N\%U
   domain logons = Yes
   os level = 255
   lm announce = Auto
   lm interval = 60
   preferred master = Yes
   local master = Yes
   domain master = Yes
   browse list = Yes
   enhanced browsing = Yes
   dns proxy = No
   wins proxy = Yes
   wins support = Yes
   kernel oplocks = Yes
   lock spin time = 200
   oplock break wait time = 0
   ldap admin dn = cn=root,dc=dasko,dc=pl
   ldap delete dn = Yes
   ldap group suffix = ou=Groups
   ldap idmap suffix = ou=Idmap
   ldap machine suffix = ou=Computers
   ldap passwd sync = Yes
   ldap replication sleep = 1000
   ldap suffix = dc=dasko,dc=pl
   ldap ssl = no
   ldap timeout = 15
   ldap page size = 1024
   ldap user suffix = ou=Users
   lock directory = /var/db/samba
   pid directory = /var/run
   utmp = No
   socket address = 0.0.0.0
   afs token lifetime = 604800
   time offset = 0
   NIS homedir = No
   usershare allow guests = No
   usershare max shares = 0
   usershare owner only = Yes
   usershare path = /var/db/samba/usershares
   host msdfs = Yes
   passdb expand explicit = No
   idmap cache time = 900
   idmap negative cache time = 120
   template homedir = /home/%D/%U
   template shell = /bin/false
   winbind separator = \
   winbind cache time = 300
   winbind enum users = No
   winbind enum groups = No
   winbind use default domain = No
   winbind trusted domains only = No
   winbind nested groups = Yes
   winbind nss info = template
   winbind refresh tickets = No
   winbind offline logon = No
   winbind normalize names = No
   admin users = Administrator
   read only = Yes
   acl check permissions = Yes
   acl group control = No
   acl map full control = Yes
   create mask = 0744
   force create mode = 00
   security mask = 0777
   force security mode = 00
   directory mask = 0755
   force directory mode = 00
   directory security mask = 0777
   force directory security mode = 00
   force unknown acl user = No
   inherit permissions = No
   inherit acls = No
   inherit owner = No
   guest only = No
   guest ok = No
   only user = No
   hosts allow = 127.0.0.1, 192.168.50.
   hosts deny = 0.0.0.0/0
   allocation roundup size = 1048576
   aio read size = 0
   aio write size = 0
   ea support = No
   nt acl support = Yes
   profile acls = No
   map acl inherit = No
   afs share = No
   block size = 1024
   change notify = Yes
   kernel change notify = Yes
   max connections = 0
   min print space = 0
   strict allocate = No
   strict sync = No
   sync always = No
   use sendfile = No
   write cache size = 0
   max reported print jobs = 0
   max print jobs = 1000
   printable = No
   printing = bsd
   print command = lpr -r -P'%p' %s
   lpq command = lpq -P'%p'
   lprm command = lprm -P'%p' %j
   use client driver = No
   default devmode = Yes
   force printername = No
   printjob username = %U
   default case = lower
   case sensitive = Auto
   preserve case = Yes
   short preserve case = Yes
   mangling char = ~
   hide dot files = Yes
   hide special files = No
   hide unreadable = No
   hide unwriteable files = No
   delete veto files = No
   hide files = /desktop.ini/ntuser.ini/NTUSER.*/
   map archive = Yes
   map hidden = No
   map system = No
   map readonly = yes
   mangled names = Yes
   store dos attributes = No
   dmapi support = No
   browseable = Yes
   blocking locks = Yes
   csc policy = manual
   fake oplocks = No
   locking = Yes
   oplocks = Yes
   level2 oplocks = Yes
   oplock contention limit = 2
   posix locking = Yes
   strict locking = Auto
   share modes = Yes
   dfree cache time = 0
   preexec close = No
   root preexec close = No
   available = Yes
   fstype = NTFS
   set directory = No
   wide links = Yes
   follow symlinks = Yes
   delete readonly = No
   dos filemode = No
   dos filetimes = Yes
   dos filetime resolution = No
   fake directory create times = No
   msdfs root = No

----------------------------------------------------------------------
Miarka sie przebrala! Sejm do Mongolii!


>>>http://link.interia.pl/f1b3c



More information about the samba mailing list